From aa2d32b4f5e00d179a73adf5788f3dc3819c95bb Mon Sep 17 00:00:00 2001
From: Neil Johnson <najohnsn@us.ibm.com>
Date: Thu, 19 Sep 2024 15:11:20 -0400
Subject: [PATCH] improve SESSION_SSL=NEVER messages

Signed-off-by: Neil Johnson <najohnsn@us.ibm.com>
---
 tnz/tnz.py | 15 +++++++++++++--
 tnz/zti.py | 10 ++++++++--
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/tnz/tnz.py b/tnz/tnz.py
index 8301ff9..c9ec756 100644
--- a/tnz/tnz.py
+++ b/tnz/tnz.py
@@ -98,6 +98,7 @@ def __init__(self, name=None):
         self.__secure = False
         self.__cert_verified = False
         self.__start_tls_hostname = None
+        self.__start_tls_completed = False
         self.__host_verified = False
         self._event = None
         self.__loop = None
@@ -2144,8 +2145,11 @@ def _process(self, data):
                     self.send_do(25, buffer=True)
 
             elif data[2] == 46:  # START_TLS
-                ssl_never = os.environ.get("SESSION_SSL") == "NEVER"
-                if ssl_never or not hasattr(self.__loop, "start_tls"):
+                if os.environ.get("SESSION_SSL") == "NEVER":
+                    self.__log_info("START_TLS SESSION_SSL=NEVER.")
+                    self.send_wont(data[2], buffer=True)
+
+                elif not hasattr(self.__loop, "start_tls"):
                     self._log_warn("START_TLS unsupported.")
                     self._log_warn("Python >= 3.7 required")
                     self.send_wont(data[2], buffer=True)
@@ -4503,6 +4507,7 @@ async def __start_tls(self, context):
 
         else:
             self._transport = transport
+            self.__start_tls_completed = True
             self.__secure = True
             if context.verify_mode == ssl.CERT_REQUIRED:
                 self.__cert_verified = True
@@ -4765,6 +4770,12 @@ def secure(self):
         """
         return self.__secure
 
+    @property
+    def start_tls_completed(self):
+        """Bool indicating if start_tls completed.
+        """
+        return self.__start_tls_completed
+
     @property
     def tn3270(self):
         """Bool indicating if NOT NVT mode.
diff --git a/tnz/zti.py b/tnz/zti.py
index 1169670..b6d45b9 100644
--- a/tnz/zti.py
+++ b/tnz/zti.py
@@ -780,13 +780,19 @@ def do_session(self, arg):
             elif tns.cert_verified:
                 verify = "cert"
 
+            session_ssl = int(not tns.start_tls_completed)
             if verify:
+                if not session_ssl:
+                    print(f" SESSION_SSL=0")
+
                 print(f" SESSION_SSL_VERIFY={verify}")
             else:
-                print(f" SESSION_SSL=1")
+                if session_ssl:
+                    print(f" SESSION_SSL=1")
+
                 print(f" SESSION_SSL_VERIFY=none")
         else:
-            print(f" SESSION_SSL=0")
+            print(f" SESSION_SSL=NEVER")
 
         print(f" SESSION_TN_ENHANCED={tns.tn3270e:d}")
         print(f" SESSION_DEVICE_TYPE={tns.terminal_type}")