2011-07-06 07:18:00 +04:00
|
|
|
/**
|
2012-02-21 09:56:55 +04:00
|
|
|
* FreeRDP: A Remote Desktop Protocol Implementation
|
2011-07-06 07:18:00 +04:00
|
|
|
* Cryptographic Abstraction Layer
|
|
|
|
*
|
2012-02-21 09:56:55 +04:00
|
|
|
* Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
2011-07-06 07:18:00 +04:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
2011-08-29 00:46:36 +04:00
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
2011-07-06 07:18:00 +04:00
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2012-08-15 01:09:01 +04:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
|
|
|
#endif
|
|
|
|
|
2012-11-22 04:22:41 +04:00
|
|
|
#include <winpr/crt.h>
|
2016-02-24 22:39:49 +03:00
|
|
|
#include <winpr/crypto.h>
|
2012-11-22 04:22:41 +04:00
|
|
|
|
2014-09-12 16:36:29 +04:00
|
|
|
#include <freerdp/log.h>
|
2012-02-17 09:58:30 +04:00
|
|
|
#include <freerdp/crypto/crypto.h>
|
2011-07-06 07:18:00 +04:00
|
|
|
|
2014-09-12 16:36:29 +04:00
|
|
|
#define TAG FREERDP_TAG("crypto")
|
|
|
|
|
2012-10-09 11:26:39 +04:00
|
|
|
CryptoCert crypto_cert_read(BYTE* data, UINT32 length)
|
2011-07-06 07:18:00 +04:00
|
|
|
{
|
2012-10-09 07:21:26 +04:00
|
|
|
CryptoCert cert = malloc(sizeof(*cert));
|
2018-08-24 15:03:04 +03:00
|
|
|
|
2014-03-26 02:13:08 +04:00
|
|
|
if (!cert)
|
|
|
|
return NULL;
|
|
|
|
|
2011-07-06 07:18:00 +04:00
|
|
|
/* this will move the data pointer but we don't care, we don't use it again */
|
2018-08-24 15:03:04 +03:00
|
|
|
cert->px509 = d2i_X509(NULL, (D2I_X509_CONST BYTE**) &data, length);
|
2011-07-06 07:18:00 +04:00
|
|
|
return cert;
|
|
|
|
}
|
|
|
|
|
|
|
|
void crypto_cert_free(CryptoCert cert)
|
|
|
|
{
|
2012-02-11 00:35:22 +04:00
|
|
|
if (cert == NULL)
|
|
|
|
return;
|
2012-09-24 12:40:32 +04:00
|
|
|
|
2011-07-06 07:18:00 +04:00
|
|
|
X509_free(cert->px509);
|
2012-10-09 07:21:26 +04:00
|
|
|
free(cert);
|
2011-07-06 07:18:00 +04:00
|
|
|
}
|
|
|
|
|
2012-10-09 10:38:39 +04:00
|
|
|
BOOL crypto_cert_get_public_key(CryptoCert cert, BYTE** PublicKey, DWORD* PublicKeyLength)
|
2011-07-07 19:27:24 +04:00
|
|
|
{
|
2012-09-24 12:40:32 +04:00
|
|
|
BYTE* ptr;
|
2011-07-07 19:27:24 +04:00
|
|
|
int length;
|
2012-10-09 10:38:39 +04:00
|
|
|
BOOL status = TRUE;
|
2011-07-07 19:27:24 +04:00
|
|
|
EVP_PKEY* pkey = NULL;
|
|
|
|
pkey = X509_get_pubkey(cert->px509);
|
2018-08-24 15:03:04 +03:00
|
|
|
|
2011-07-07 19:27:24 +04:00
|
|
|
if (!pkey)
|
|
|
|
{
|
2014-09-12 16:36:29 +04:00
|
|
|
WLog_ERR(TAG, "X509_get_pubkey() failed");
|
2012-10-09 10:31:28 +04:00
|
|
|
status = FALSE;
|
2011-07-07 19:27:24 +04:00
|
|
|
goto exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
length = i2d_PublicKey(pkey, NULL);
|
2018-08-24 15:03:04 +03:00
|
|
|
|
2011-07-07 19:27:24 +04:00
|
|
|
if (length < 1)
|
|
|
|
{
|
2014-09-12 16:36:29 +04:00
|
|
|
WLog_ERR(TAG, "i2d_PublicKey() failed");
|
2012-10-09 10:31:28 +04:00
|
|
|
status = FALSE;
|
2011-07-07 19:27:24 +04:00
|
|
|
goto exit;
|
|
|
|
}
|
|
|
|
|
2012-09-24 12:40:32 +04:00
|
|
|
*PublicKeyLength = (DWORD) length;
|
|
|
|
*PublicKey = (BYTE*) malloc(length);
|
2018-08-24 15:03:04 +03:00
|
|
|
ptr = (BYTE*)(*PublicKey);
|
|
|
|
|
2015-06-16 16:42:07 +03:00
|
|
|
if (!ptr)
|
|
|
|
{
|
|
|
|
status = FALSE;
|
|
|
|
goto exit;
|
|
|
|
}
|
2012-09-24 12:40:32 +04:00
|
|
|
|
|
|
|
i2d_PublicKey(pkey, &ptr);
|
2011-07-07 19:27:24 +04:00
|
|
|
exit:
|
2018-08-24 15:03:04 +03:00
|
|
|
|
2011-07-07 19:27:24 +04:00
|
|
|
if (pkey)
|
|
|
|
EVP_PKEY_free(pkey);
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
static int crypto_rsa_common(const BYTE* input, int length, UINT32 key_length, const BYTE* modulus,
|
|
|
|
const BYTE* exponent, int exponent_size, BYTE* output)
|
2011-07-13 18:21:12 +04:00
|
|
|
{
|
2011-09-27 09:30:58 +04:00
|
|
|
BN_CTX* ctx;
|
2014-03-26 02:13:08 +04:00
|
|
|
int output_length = -1;
|
2012-10-09 11:01:37 +04:00
|
|
|
BYTE* input_reverse;
|
|
|
|
BYTE* modulus_reverse;
|
|
|
|
BYTE* exponent_reverse;
|
2018-08-24 15:03:04 +03:00
|
|
|
BIGNUM* mod, *exp, *x, *y;
|
2012-10-09 11:01:37 +04:00
|
|
|
input_reverse = (BYTE*) malloc(2 * key_length + exponent_size);
|
2018-08-24 15:03:04 +03:00
|
|
|
|
2014-03-26 02:13:08 +04:00
|
|
|
if (!input_reverse)
|
|
|
|
return -1;
|
2016-11-21 19:28:54 +03:00
|
|
|
|
2012-01-19 07:40:29 +04:00
|
|
|
modulus_reverse = input_reverse + key_length;
|
|
|
|
exponent_reverse = modulus_reverse + key_length;
|
2011-07-15 09:11:09 +04:00
|
|
|
memcpy(modulus_reverse, modulus, key_length);
|
|
|
|
crypto_reverse(modulus_reverse, key_length);
|
2012-01-19 07:40:29 +04:00
|
|
|
memcpy(exponent_reverse, exponent, exponent_size);
|
|
|
|
crypto_reverse(exponent_reverse, exponent_size);
|
2011-07-15 09:11:09 +04:00
|
|
|
memcpy(input_reverse, input, length);
|
|
|
|
crypto_reverse(input_reverse, length);
|
|
|
|
|
2016-11-21 19:28:54 +03:00
|
|
|
if (!(ctx = BN_CTX_new()))
|
|
|
|
goto fail_bn_ctx;
|
|
|
|
|
|
|
|
if (!(mod = BN_new()))
|
|
|
|
goto fail_bn_mod;
|
|
|
|
|
|
|
|
if (!(exp = BN_new()))
|
|
|
|
goto fail_bn_exp;
|
2011-07-13 18:21:12 +04:00
|
|
|
|
2016-11-21 19:28:54 +03:00
|
|
|
if (!(x = BN_new()))
|
|
|
|
goto fail_bn_x;
|
2011-07-15 09:11:09 +04:00
|
|
|
|
2016-11-21 19:28:54 +03:00
|
|
|
if (!(y = BN_new()))
|
|
|
|
goto fail_bn_y;
|
|
|
|
|
|
|
|
BN_bin2bn(modulus_reverse, key_length, mod);
|
|
|
|
BN_bin2bn(exponent_reverse, exponent_size, exp);
|
|
|
|
BN_bin2bn(input_reverse, length, x);
|
|
|
|
BN_mod_exp(y, x, exp, mod, ctx);
|
|
|
|
output_length = BN_bn2bin(y, output);
|
2011-07-15 09:11:09 +04:00
|
|
|
crypto_reverse(output, output_length);
|
|
|
|
|
|
|
|
if (output_length < (int) key_length)
|
|
|
|
memset(output + output_length, 0, key_length - output_length);
|
2011-07-13 18:21:12 +04:00
|
|
|
|
2016-11-21 19:28:54 +03:00
|
|
|
BN_free(y);
|
|
|
|
fail_bn_y:
|
|
|
|
BN_clear_free(x);
|
|
|
|
fail_bn_x:
|
|
|
|
BN_free(exp);
|
|
|
|
fail_bn_exp:
|
|
|
|
BN_free(mod);
|
|
|
|
fail_bn_mod:
|
2011-07-13 18:21:12 +04:00
|
|
|
BN_CTX_free(ctx);
|
2016-11-21 19:28:54 +03:00
|
|
|
fail_bn_ctx:
|
2012-10-09 07:21:26 +04:00
|
|
|
free(input_reverse);
|
2013-08-08 02:28:31 +04:00
|
|
|
return output_length;
|
2011-07-15 09:11:09 +04:00
|
|
|
}
|
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
static int crypto_rsa_public(const BYTE* input, int length, UINT32 key_length, const BYTE* modulus,
|
|
|
|
const BYTE* exponent, BYTE* output)
|
2012-01-19 07:40:29 +04:00
|
|
|
{
|
2013-08-08 02:28:31 +04:00
|
|
|
return crypto_rsa_common(input, length, key_length, modulus, exponent, EXPONENT_MAX_SIZE, output);
|
2012-01-19 07:40:29 +04:00
|
|
|
}
|
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
static int crypto_rsa_private(const BYTE* input, int length, UINT32 key_length, const BYTE* modulus,
|
|
|
|
const BYTE* private_exponent, BYTE* output)
|
2012-01-19 07:40:29 +04:00
|
|
|
{
|
2013-08-08 02:28:31 +04:00
|
|
|
return crypto_rsa_common(input, length, key_length, modulus, private_exponent, key_length, output);
|
2012-01-19 07:40:29 +04:00
|
|
|
}
|
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
int crypto_rsa_public_encrypt(const BYTE* input, int length, UINT32 key_length, const BYTE* modulus,
|
|
|
|
const BYTE* exponent, BYTE* output)
|
2012-01-19 07:40:29 +04:00
|
|
|
{
|
2013-08-08 02:28:31 +04:00
|
|
|
return crypto_rsa_public(input, length, key_length, modulus, exponent, output);
|
2012-01-19 07:40:29 +04:00
|
|
|
}
|
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
int crypto_rsa_public_decrypt(const BYTE* input, int length, UINT32 key_length, const BYTE* modulus,
|
|
|
|
const BYTE* exponent, BYTE* output)
|
2012-01-19 07:40:29 +04:00
|
|
|
{
|
2013-08-08 02:28:31 +04:00
|
|
|
return crypto_rsa_public(input, length, key_length, modulus, exponent, output);
|
2012-01-19 07:40:29 +04:00
|
|
|
}
|
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
int crypto_rsa_private_encrypt(const BYTE* input, int length, UINT32 key_length,
|
|
|
|
const BYTE* modulus, const BYTE* private_exponent, BYTE* output)
|
2012-01-19 07:40:29 +04:00
|
|
|
{
|
2013-08-08 02:28:31 +04:00
|
|
|
return crypto_rsa_private(input, length, key_length, modulus, private_exponent, output);
|
2012-01-19 07:40:29 +04:00
|
|
|
}
|
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
int crypto_rsa_private_decrypt(const BYTE* input, int length, UINT32 key_length,
|
|
|
|
const BYTE* modulus, const BYTE* private_exponent, BYTE* output)
|
2012-01-19 07:40:29 +04:00
|
|
|
{
|
2013-08-08 02:28:31 +04:00
|
|
|
return crypto_rsa_private(input, length, key_length, modulus, private_exponent, output);
|
2012-01-19 07:40:29 +04:00
|
|
|
}
|
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
int crypto_rsa_decrypt(const BYTE* input, int length, UINT32 key_length, const BYTE* modulus,
|
|
|
|
const BYTE* private_exponent, BYTE* output)
|
2012-01-19 07:40:29 +04:00
|
|
|
{
|
2013-08-08 02:28:31 +04:00
|
|
|
return crypto_rsa_common(input, length, key_length, modulus, private_exponent, key_length, output);
|
2012-01-19 07:40:29 +04:00
|
|
|
}
|
|
|
|
|
2012-10-09 11:01:37 +04:00
|
|
|
void crypto_reverse(BYTE* data, int length)
|
2011-07-15 09:11:09 +04:00
|
|
|
{
|
|
|
|
int i, j;
|
2012-10-09 11:01:37 +04:00
|
|
|
BYTE temp;
|
2011-07-15 09:11:09 +04:00
|
|
|
|
|
|
|
for (i = 0, j = length - 1; i < j; i++, j--)
|
|
|
|
{
|
|
|
|
temp = data[i];
|
|
|
|
data[i] = data[j];
|
|
|
|
data[j] = temp;
|
|
|
|
}
|
2011-07-13 18:21:12 +04:00
|
|
|
}
|
|
|
|
|
2011-08-30 20:20:36 +04:00
|
|
|
char* crypto_cert_fingerprint(X509* xcert)
|
2011-08-26 07:10:49 +04:00
|
|
|
{
|
2018-08-24 11:39:48 +03:00
|
|
|
size_t i = 0;
|
2011-09-27 09:30:58 +04:00
|
|
|
char* p;
|
2011-08-30 20:20:36 +04:00
|
|
|
char* fp_buffer;
|
2012-10-09 11:26:39 +04:00
|
|
|
UINT32 fp_len;
|
2012-10-09 11:01:37 +04:00
|
|
|
BYTE fp[EVP_MAX_MD_SIZE];
|
2011-08-30 20:20:36 +04:00
|
|
|
X509_digest(xcert, EVP_sha1(), fp, &fp_len);
|
2018-08-27 11:52:22 +03:00
|
|
|
fp_buffer = (char*) calloc(fp_len + 1, 3);
|
2018-08-24 15:03:04 +03:00
|
|
|
|
2014-03-26 02:13:08 +04:00
|
|
|
if (!fp_buffer)
|
|
|
|
return NULL;
|
2012-11-22 04:22:41 +04:00
|
|
|
|
2011-08-30 20:20:36 +04:00
|
|
|
p = fp_buffer;
|
2018-08-24 15:03:04 +03:00
|
|
|
|
2018-08-24 11:39:48 +03:00
|
|
|
for (i = 0; i < (fp_len - 1); i++)
|
2011-08-29 00:46:36 +04:00
|
|
|
{
|
2018-08-27 11:52:22 +03:00
|
|
|
sprintf_s(p, (fp_len - i) * 3, "%02"PRIx8":", fp[i]);
|
2012-07-22 20:52:55 +04:00
|
|
|
p = &fp_buffer[(i + 1) * 3];
|
2011-08-29 00:46:36 +04:00
|
|
|
}
|
2011-08-30 20:20:36 +04:00
|
|
|
|
2018-08-27 11:52:22 +03:00
|
|
|
sprintf_s(p, (fp_len - i) * 3, "%02"PRIx8"", fp[i]);
|
2011-08-30 20:20:36 +04:00
|
|
|
return fp_buffer;
|
2011-08-29 00:46:36 +04:00
|
|
|
}
|
|
|
|
|
2019-10-04 16:52:46 +03:00
|
|
|
static char* crypto_print_name(X509_NAME* name)
|
2011-10-18 19:02:05 +04:00
|
|
|
{
|
|
|
|
char* buffer = NULL;
|
|
|
|
BIO* outBIO = BIO_new(BIO_s_mem());
|
2015-06-11 12:16:45 +03:00
|
|
|
|
2012-02-04 11:21:39 +04:00
|
|
|
if (X509_NAME_print_ex(outBIO, name, 0, XN_FLAG_ONELINE) > 0)
|
2011-10-18 19:02:05 +04:00
|
|
|
{
|
|
|
|
unsigned long size = BIO_number_written(outBIO);
|
2015-06-16 16:42:07 +03:00
|
|
|
buffer = calloc(1, size + 1);
|
2018-08-24 15:03:04 +03:00
|
|
|
|
2015-06-16 16:42:07 +03:00
|
|
|
if (!buffer)
|
|
|
|
return NULL;
|
2018-08-24 15:03:04 +03:00
|
|
|
|
2011-10-18 19:02:05 +04:00
|
|
|
BIO_read(outBIO, buffer, size);
|
|
|
|
}
|
|
|
|
|
2018-11-08 14:09:49 +03:00
|
|
|
BIO_free_all(outBIO);
|
2011-10-18 19:02:05 +04:00
|
|
|
return buffer;
|
|
|
|
}
|
|
|
|
|
|
|
|
char* crypto_cert_subject(X509* xcert)
|
|
|
|
{
|
|
|
|
return crypto_print_name(X509_get_subject_name(xcert));
|
|
|
|
}
|
|
|
|
|
2012-02-08 07:16:57 +04:00
|
|
|
char* crypto_cert_subject_common_name(X509* xcert, int* length)
|
2012-02-04 11:21:39 +04:00
|
|
|
{
|
|
|
|
int index;
|
2015-12-14 16:01:12 +03:00
|
|
|
BYTE* common_name_raw;
|
|
|
|
char* common_name;
|
2012-02-04 11:21:39 +04:00
|
|
|
X509_NAME* subject_name;
|
|
|
|
X509_NAME_ENTRY* entry;
|
|
|
|
ASN1_STRING* entry_data;
|
|
|
|
subject_name = X509_get_subject_name(xcert);
|
2012-02-08 07:16:57 +04:00
|
|
|
|
|
|
|
if (subject_name == NULL)
|
|
|
|
return NULL;
|
|
|
|
|
2012-02-04 11:21:39 +04:00
|
|
|
index = X509_NAME_get_index_by_NID(subject_name, NID_commonName, -1);
|
|
|
|
|
2012-02-08 07:16:57 +04:00
|
|
|
if (index < 0)
|
|
|
|
return NULL;
|
|
|
|
|
2012-02-04 11:21:39 +04:00
|
|
|
entry = X509_NAME_get_entry(subject_name, index);
|
2012-02-08 07:16:57 +04:00
|
|
|
|
|
|
|
if (entry == NULL)
|
|
|
|
return NULL;
|
|
|
|
|
2012-02-04 11:21:39 +04:00
|
|
|
entry_data = X509_NAME_ENTRY_get_data(entry);
|
|
|
|
|
2012-02-08 07:16:57 +04:00
|
|
|
if (entry_data == NULL)
|
|
|
|
return NULL;
|
|
|
|
|
2015-12-14 16:01:12 +03:00
|
|
|
*length = ASN1_STRING_to_UTF8(&common_name_raw, entry_data);
|
2012-02-08 07:16:57 +04:00
|
|
|
|
|
|
|
if (*length < 0)
|
|
|
|
return NULL;
|
2012-02-04 11:21:39 +04:00
|
|
|
|
2015-12-17 18:43:49 +03:00
|
|
|
common_name = _strdup((char*)common_name_raw);
|
2015-12-14 16:01:12 +03:00
|
|
|
OPENSSL_free(common_name_raw);
|
2012-02-04 11:21:39 +04:00
|
|
|
return (char*) common_name;
|
|
|
|
}
|
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
|
|
|
|
/* GENERAL_NAME type labels */
|
|
|
|
|
|
|
|
static const char* general_name_type_labels[] = { "OTHERNAME",
|
|
|
|
"EMAIL ",
|
|
|
|
"DNS ",
|
|
|
|
"X400 ",
|
|
|
|
"DIRNAME ",
|
|
|
|
"EDIPARTY ",
|
|
|
|
"URI ",
|
|
|
|
"IPADD ",
|
|
|
|
"RID "
|
|
|
|
};
|
|
|
|
|
|
|
|
static const char* general_name_type_label(int general_name_type)
|
|
|
|
{
|
|
|
|
if ((0 <= general_name_type)
|
2019-02-07 16:18:02 +03:00
|
|
|
&& ((size_t)general_name_type < ARRAYSIZE(general_name_type_labels)))
|
2018-08-24 15:03:04 +03:00
|
|
|
{
|
|
|
|
return general_name_type_labels[general_name_type];
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
static char buffer[80];
|
|
|
|
sprintf(buffer, "Unknown general name type (%d)", general_name_type);
|
|
|
|
return buffer;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
|
|
map_subject_alt_name(x509, general_name_type, mapper, data)
|
|
|
|
|
|
|
|
Call the function mapper with subjectAltNames found in the x509
|
|
|
|
certificate and data. if generate_name_type is GEN_ALL, the the
|
|
|
|
mapper is called for all the names, else it's called only for names
|
|
|
|
of the given type.
|
|
|
|
|
|
|
|
|
|
|
|
We implement two extractors:
|
|
|
|
|
|
|
|
- a string extractor that can be used to get the subjectAltNames of
|
|
|
|
the following types: GEN_URI, GEN_DNS, GEN_EMAIL
|
|
|
|
|
|
|
|
- a ASN1_OBJECT filter/extractor that can be used to get the
|
|
|
|
subjectAltNames of OTHERNAME type.
|
|
|
|
|
|
|
|
Note: usually, it's a string, but some type of otherNames can be
|
|
|
|
associated with different classes of objects. eg. a KPN may be a
|
|
|
|
sequence of realm and principal name, instead of a single string
|
|
|
|
object.
|
|
|
|
|
|
|
|
Not implemented yet: extractors for the types: GEN_X400, GEN_DIRNAME,
|
|
|
|
GEN_EDIPARTY, GEN_RID, GEN_IPADD (the later can contain nul-bytes).
|
|
|
|
|
|
|
|
|
|
|
|
mapper(name, data, index, count)
|
|
|
|
|
|
|
|
The mapper is passed:
|
|
|
|
- the GENERAL_NAME selected,
|
|
|
|
- the data,
|
|
|
|
- the index of the general name in the subjectAltNames,
|
|
|
|
- the total number of names in the subjectAltNames.
|
|
|
|
|
|
|
|
The last parameter let's the mapper allocate arrays to collect objects.
|
|
|
|
Note: if names are filtered, not all the indices from 0 to count-1 are
|
|
|
|
passed to mapper, only the indices selected.
|
|
|
|
|
|
|
|
When the mapper returns 0, map_subject_alt_name stops the iteration immediately.
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define GEN_ALL (-1)
|
|
|
|
|
|
|
|
typedef int (*general_name_mapper_pr)(GENERAL_NAME* name, void* data, int index, int count);
|
|
|
|
|
|
|
|
static void map_subject_alt_name(X509* x509, int general_name_type, general_name_mapper_pr mapper,
|
|
|
|
void* data)
|
2013-09-02 18:14:22 +04:00
|
|
|
{
|
|
|
|
int i;
|
2018-08-24 15:03:04 +03:00
|
|
|
int num;
|
|
|
|
STACK_OF(GENERAL_NAME) *gens;
|
|
|
|
gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
|
2013-09-02 18:14:22 +04:00
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
if (!gens)
|
|
|
|
{
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
num = sk_GENERAL_NAME_num(gens);
|
2013-09-02 18:14:22 +04:00
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
for (i = 0; (i < num); i++)
|
2013-09-02 18:14:22 +04:00
|
|
|
{
|
2018-08-24 15:03:04 +03:00
|
|
|
GENERAL_NAME* name = sk_GENERAL_NAME_value(gens, i);
|
|
|
|
|
|
|
|
if (name)
|
2013-09-02 18:14:22 +04:00
|
|
|
{
|
2018-08-24 15:03:04 +03:00
|
|
|
if ((general_name_type == GEN_ALL) || (general_name_type == name->type))
|
|
|
|
{
|
|
|
|
if (!mapper(name, data, i, num))
|
|
|
|
{
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2013-09-02 18:14:22 +04:00
|
|
|
}
|
2018-08-24 15:03:04 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
extract_string -- string extractor
|
|
|
|
|
|
|
|
- the strings array is allocated lazily, when we first have to store a
|
|
|
|
string.
|
|
|
|
|
|
|
|
- allocated contains the size of the strings array, or -1 if
|
|
|
|
allocation failed.
|
|
|
|
|
|
|
|
- count contains the actual count of strings in the strings array.
|
|
|
|
|
|
|
|
- maximum limits the number of strings we can store in the strings
|
|
|
|
array: beyond, the extractor returns 0 to short-cut the search.
|
|
|
|
|
|
|
|
extract_string stores in the string list OPENSSL strings,
|
|
|
|
that must be freed with OPENSSL_free.
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
typedef struct string_list
|
|
|
|
{
|
|
|
|
char** strings;
|
|
|
|
int allocated;
|
|
|
|
int count;
|
|
|
|
int maximum;
|
|
|
|
} string_list;
|
|
|
|
|
|
|
|
static void string_list_initialize(string_list* list)
|
|
|
|
{
|
|
|
|
list->strings = 0;
|
|
|
|
list->allocated = 0;
|
|
|
|
list->count = 0;
|
|
|
|
list->maximum = INT_MAX;
|
|
|
|
}
|
2013-09-02 18:14:22 +04:00
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
static void string_list_allocate(string_list* list, int allocate_count)
|
|
|
|
{
|
|
|
|
if (!list->strings && list->allocated == 0)
|
|
|
|
{
|
2019-11-05 16:55:33 +03:00
|
|
|
list->strings = calloc((size_t)allocate_count, sizeof(char*));
|
2018-08-24 15:03:04 +03:00
|
|
|
list->allocated = list->strings ? allocate_count : -1;
|
|
|
|
list->count = 0;
|
2013-09-02 18:14:22 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
static void string_list_free(string_list* list)
|
2012-02-04 11:21:39 +04:00
|
|
|
{
|
2018-08-24 16:05:50 +03:00
|
|
|
/* Note: we don't free the contents of the strings array: this */
|
|
|
|
/* is handled by the caller, either by returning this */
|
|
|
|
/* content, or freeing it itself. */
|
2018-08-24 15:03:04 +03:00
|
|
|
free(list->strings);
|
|
|
|
}
|
|
|
|
|
2018-08-24 16:05:50 +03:00
|
|
|
static int extract_string(GENERAL_NAME* name, void* data, int index, int count)
|
2018-08-24 15:03:04 +03:00
|
|
|
{
|
|
|
|
string_list* list = data;
|
|
|
|
unsigned char* cstring = 0;
|
|
|
|
ASN1_STRING* str;
|
2012-02-04 11:21:39 +04:00
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
switch (name->type)
|
|
|
|
{
|
|
|
|
case GEN_URI:
|
|
|
|
str = name->d.uniformResourceIdentifier;
|
|
|
|
break;
|
2012-02-04 11:21:39 +04:00
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
case GEN_DNS:
|
|
|
|
str = name->d.dNSName;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case GEN_EMAIL:
|
|
|
|
str = name->d.rfc822Name;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return 1;
|
|
|
|
}
|
2012-02-04 11:21:39 +04:00
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
if ((ASN1_STRING_to_UTF8(&cstring, str)) < 0)
|
2013-08-30 16:19:50 +04:00
|
|
|
{
|
2018-08-24 15:03:04 +03:00
|
|
|
WLog_ERR(TAG, "ASN1_STRING_to_UTF8() failed for %s: %s",
|
|
|
|
general_name_type_label(name->type),
|
|
|
|
ERR_error_string(ERR_get_error(), NULL));
|
|
|
|
return 1;
|
|
|
|
}
|
2015-06-16 16:42:07 +03:00
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
string_list_allocate(list, count);
|
|
|
|
|
|
|
|
if (list->allocated <= 0)
|
|
|
|
{
|
|
|
|
OPENSSL_free(cstring);
|
|
|
|
return 0;
|
2013-08-30 16:19:50 +04:00
|
|
|
}
|
2012-02-04 11:21:39 +04:00
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
list->strings[list->count] = (char*)cstring;
|
|
|
|
list->count ++ ;
|
|
|
|
|
|
|
|
if (list->count >= list->maximum)
|
2012-02-04 11:21:39 +04:00
|
|
|
{
|
2018-08-24 15:03:04 +03:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
extract_othername_object -- object extractor.
|
|
|
|
|
|
|
|
- the objects array is allocated lazily, when we first have to store a
|
|
|
|
string.
|
|
|
|
|
|
|
|
- allocated contains the size of the objects array, or -1 if
|
|
|
|
allocation failed.
|
2012-02-04 11:21:39 +04:00
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
- count contains the actual count of objects in the objects array.
|
|
|
|
|
|
|
|
- maximum limits the number of objects we can store in the objects
|
|
|
|
array: beyond, the extractor returns 0 to short-cut the search.
|
|
|
|
|
|
|
|
extract_othername_objects stores in the objects array ASN1_TYPE *
|
|
|
|
pointers directly obtained from the GENERAL_NAME.
|
|
|
|
*/
|
|
|
|
|
|
|
|
typedef struct object_list
|
|
|
|
{
|
|
|
|
ASN1_OBJECT* type_id;
|
|
|
|
char** strings;
|
|
|
|
int allocated;
|
|
|
|
int count;
|
|
|
|
int maximum;
|
|
|
|
} object_list;
|
|
|
|
|
|
|
|
static void object_list_initialize(object_list* list)
|
|
|
|
{
|
|
|
|
list->type_id = 0;
|
|
|
|
list->strings = 0;
|
|
|
|
list->allocated = 0;
|
|
|
|
list->count = 0;
|
|
|
|
list->maximum = INT_MAX;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void object_list_allocate(object_list* list, int allocate_count)
|
|
|
|
{
|
|
|
|
if (!list->strings && list->allocated == 0)
|
|
|
|
{
|
|
|
|
list->strings = calloc(allocate_count, sizeof(list->strings[0]));
|
|
|
|
list->allocated = list->strings ? allocate_count : -1;
|
|
|
|
list->count = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static char* object_string(ASN1_TYPE* object)
|
|
|
|
{
|
|
|
|
char* result;
|
|
|
|
unsigned char* utf8String;
|
|
|
|
int length;
|
2018-08-24 16:05:50 +03:00
|
|
|
/* TODO: check that object.type is a string type. */
|
2018-08-24 15:03:04 +03:00
|
|
|
length = ASN1_STRING_to_UTF8(& utf8String, object->value.asn1_string);
|
|
|
|
|
|
|
|
if (length < 0)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2018-11-14 16:59:58 +03:00
|
|
|
result = (char*)_strdup((char*)utf8String);
|
2018-08-24 15:03:04 +03:00
|
|
|
OPENSSL_free(utf8String);
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void object_list_free(object_list* list)
|
|
|
|
{
|
|
|
|
free(list->strings);
|
|
|
|
}
|
|
|
|
|
2018-08-24 16:05:50 +03:00
|
|
|
static int extract_othername_object_as_string(GENERAL_NAME* name, void* data, int index, int count)
|
2018-08-24 15:03:04 +03:00
|
|
|
{
|
|
|
|
object_list* list = data;
|
|
|
|
|
|
|
|
if (name->type != GEN_OTHERNAME)
|
|
|
|
{
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (0 != OBJ_cmp(name->d.otherName->type_id, list->type_id))
|
|
|
|
{
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
object_list_allocate(list, count);
|
|
|
|
|
|
|
|
if (list->allocated <= 0)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
list->strings[list->count] = object_string(name->d.otherName->value);
|
|
|
|
|
|
|
|
if (list->strings[list->count])
|
|
|
|
{
|
|
|
|
list->count ++ ;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (list->count >= list->maximum)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
crypto_cert_get_email returns a dynamically allocated copy of the
|
|
|
|
first email found in the subjectAltNames (use free to free it).
|
|
|
|
*/
|
|
|
|
|
|
|
|
char* crypto_cert_get_email(X509* x509)
|
|
|
|
{
|
|
|
|
char* result = 0;
|
|
|
|
string_list list;
|
|
|
|
string_list_initialize(&list);
|
|
|
|
list.maximum = 1;
|
|
|
|
map_subject_alt_name(x509, GEN_EMAIL, extract_string, &list);
|
|
|
|
|
|
|
|
if (list.count == 0)
|
|
|
|
{
|
|
|
|
string_list_free(&list);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2018-11-14 16:59:58 +03:00
|
|
|
result = _strdup(list.strings[0]);
|
2018-08-24 15:03:04 +03:00
|
|
|
OPENSSL_free(list.strings[0]);
|
|
|
|
string_list_free(&list);
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
crypto_cert_get_upn returns a dynamically allocated copy of the
|
|
|
|
first UPN otherNames in the subjectAltNames (use free to free it).
|
|
|
|
Note: if this first UPN otherName is not a string, then 0 is returned,
|
|
|
|
instead of searching for another UPN that would be a string.
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
char* crypto_cert_get_upn(X509* x509)
|
|
|
|
{
|
|
|
|
char* result = 0;
|
|
|
|
object_list list;
|
|
|
|
object_list_initialize(&list);
|
|
|
|
list.type_id = OBJ_nid2obj(NID_ms_upn);
|
|
|
|
list.maximum = 1;
|
|
|
|
map_subject_alt_name(x509, GEN_OTHERNAME, extract_othername_object_as_string, &list);
|
|
|
|
|
|
|
|
if (list.count == 0)
|
|
|
|
{
|
|
|
|
object_list_free(&list);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
result = list.strings[0];
|
|
|
|
object_list_free(&list);
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2018-08-27 14:51:30 +03:00
|
|
|
|
|
|
|
/* Deprecated name.*/
|
2018-09-20 12:04:20 +03:00
|
|
|
void crypto_cert_subject_alt_name_free(int count, int* lengths, char** alt_names)
|
2018-08-24 16:20:03 +03:00
|
|
|
{
|
|
|
|
crypto_cert_dns_names_free(count, lengths, alt_names);
|
|
|
|
}
|
2018-08-24 15:03:04 +03:00
|
|
|
|
|
|
|
void crypto_cert_dns_names_free(int count, int* lengths,
|
|
|
|
char** dns_names)
|
|
|
|
{
|
|
|
|
free(lengths);
|
|
|
|
|
|
|
|
if (dns_names)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < count; i++)
|
2012-02-04 11:21:39 +04:00
|
|
|
{
|
2018-08-24 15:03:04 +03:00
|
|
|
if (dns_names[i])
|
|
|
|
{
|
|
|
|
OPENSSL_free(dns_names[i]);
|
|
|
|
}
|
2012-02-04 11:21:39 +04:00
|
|
|
}
|
2018-08-24 15:03:04 +03:00
|
|
|
|
|
|
|
free(dns_names);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-08-27 14:51:30 +03:00
|
|
|
/* Deprecated name.*/
|
|
|
|
char** crypto_cert_subject_alt_name(X509* xcert, int* count, int** lengths)
|
2018-08-24 16:20:03 +03:00
|
|
|
{
|
2018-08-27 14:51:30 +03:00
|
|
|
return crypto_cert_get_dns_names(xcert, count, lengths);
|
2018-08-24 16:20:03 +03:00
|
|
|
}
|
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
char** crypto_cert_get_dns_names(X509* x509, int* count, int** lengths)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
char** result = 0;
|
|
|
|
string_list list;
|
|
|
|
string_list_initialize(&list);
|
|
|
|
map_subject_alt_name(x509, GEN_DNS, extract_string, &list);
|
|
|
|
(*count) = list.count;
|
|
|
|
|
|
|
|
if (list.count == 0)
|
|
|
|
{
|
|
|
|
string_list_free(&list);
|
2018-09-20 12:04:20 +03:00
|
|
|
return NULL;
|
2012-02-04 11:21:39 +04:00
|
|
|
}
|
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
/* lengths are not useful, since we converted the
|
|
|
|
strings to utf-8, there cannot be nul-bytes in them. */
|
|
|
|
result = calloc(list.count, sizeof(*result));
|
|
|
|
(*lengths) = calloc(list.count, sizeof(**lengths));
|
|
|
|
|
|
|
|
if (!result || !(*lengths))
|
2012-05-09 19:40:13 +04:00
|
|
|
{
|
2018-09-20 12:04:20 +03:00
|
|
|
string_list_free(&list);
|
2018-08-24 15:03:04 +03:00
|
|
|
free(result);
|
|
|
|
free(*lengths);
|
|
|
|
(*lengths) = 0;
|
|
|
|
(*count) = 0;
|
2018-09-20 12:04:20 +03:00
|
|
|
return NULL;
|
2012-05-09 19:40:13 +04:00
|
|
|
}
|
2015-06-16 16:42:07 +03:00
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
for (i = 0; i < list.count; i ++)
|
|
|
|
{
|
|
|
|
result[i] = list.strings[i];
|
2019-11-05 16:55:33 +03:00
|
|
|
(*lengths)[i] = strlen(result[i]);
|
2018-08-24 15:03:04 +03:00
|
|
|
}
|
2012-02-08 07:16:57 +04:00
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
string_list_free(&list);
|
|
|
|
return result;
|
2012-02-04 11:21:39 +04:00
|
|
|
}
|
|
|
|
|
2018-08-24 15:03:04 +03:00
|
|
|
|
2011-10-18 19:02:05 +04:00
|
|
|
char* crypto_cert_issuer(X509* xcert)
|
|
|
|
{
|
|
|
|
return crypto_print_name(X509_get_issuer_name(xcert));
|
|
|
|
}
|
|
|
|
|
2019-07-17 15:00:29 +03:00
|
|
|
static int verify_cb (int ok, X509_STORE_CTX *csc)
|
|
|
|
{
|
|
|
|
if (ok != 1)
|
|
|
|
{
|
|
|
|
int err = X509_STORE_CTX_get_error(csc);
|
|
|
|
int derr = X509_STORE_CTX_get_error_depth(csc);
|
|
|
|
X509* where = X509_STORE_CTX_get_current_cert(csc);
|
|
|
|
const char* what = X509_verify_cert_error_string(err);
|
2019-10-04 16:52:46 +03:00
|
|
|
char* name = crypto_cert_subject(where);
|
2019-07-17 15:00:29 +03:00
|
|
|
|
|
|
|
WLog_WARN(TAG, "Certificate verification failure '%s (%d)' at stack position %d", what, err, derr);
|
2019-10-04 16:52:46 +03:00
|
|
|
WLog_WARN(TAG, "%s", name);
|
|
|
|
|
|
|
|
free(name);
|
2019-07-17 15:00:29 +03:00
|
|
|
}
|
|
|
|
return ok;
|
|
|
|
}
|
|
|
|
|
2018-11-30 11:55:10 +03:00
|
|
|
BOOL x509_verify_certificate(CryptoCert cert, const char* certificate_store_path)
|
2011-08-29 00:46:36 +04:00
|
|
|
{
|
2011-08-30 20:20:36 +04:00
|
|
|
X509_STORE_CTX* csc;
|
2012-10-09 10:38:39 +04:00
|
|
|
BOOL status = FALSE;
|
2011-08-30 20:20:36 +04:00
|
|
|
X509_STORE* cert_ctx = NULL;
|
|
|
|
X509_LOOKUP* lookup = NULL;
|
|
|
|
cert_ctx = X509_STORE_new();
|
|
|
|
|
2011-08-29 00:46:36 +04:00
|
|
|
if (cert_ctx == NULL)
|
|
|
|
goto end;
|
2011-08-30 20:20:36 +04:00
|
|
|
|
2017-07-26 17:12:14 +03:00
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
2011-08-29 00:46:36 +04:00
|
|
|
OpenSSL_add_all_algorithms();
|
2017-04-06 11:37:28 +03:00
|
|
|
#else
|
|
|
|
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
|
2018-08-24 15:03:04 +03:00
|
|
|
| OPENSSL_INIT_ADD_ALL_DIGESTS \
|
|
|
|
| OPENSSL_INIT_LOAD_CONFIG, NULL);
|
2017-04-06 11:37:28 +03:00
|
|
|
#endif
|
2019-07-17 15:00:29 +03:00
|
|
|
|
2011-08-30 20:20:36 +04:00
|
|
|
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
|
|
|
|
|
2011-08-29 00:46:36 +04:00
|
|
|
if (lookup == NULL)
|
|
|
|
goto end;
|
2011-08-30 20:20:36 +04:00
|
|
|
|
|
|
|
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
|
|
|
|
|
2011-08-29 00:46:36 +04:00
|
|
|
if (lookup == NULL)
|
|
|
|
goto end;
|
2011-08-30 20:20:36 +04:00
|
|
|
|
|
|
|
X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
|
|
|
|
|
2012-02-03 02:36:07 +04:00
|
|
|
if (certificate_store_path != NULL)
|
2011-08-29 02:19:25 +04:00
|
|
|
{
|
2015-03-11 14:06:52 +03:00
|
|
|
X509_LOOKUP_add_dir(lookup, certificate_store_path, X509_FILETYPE_PEM);
|
2011-08-29 02:19:25 +04:00
|
|
|
}
|
2011-08-30 20:20:36 +04:00
|
|
|
|
2011-08-29 00:46:36 +04:00
|
|
|
csc = X509_STORE_CTX_new();
|
2011-08-30 20:20:36 +04:00
|
|
|
|
2011-08-29 00:46:36 +04:00
|
|
|
if (csc == NULL)
|
|
|
|
goto end;
|
2011-08-30 20:20:36 +04:00
|
|
|
|
2011-08-29 00:46:36 +04:00
|
|
|
X509_STORE_set_flags(cert_ctx, 0);
|
2011-08-30 20:20:36 +04:00
|
|
|
|
2019-07-17 15:00:29 +03:00
|
|
|
if (!X509_STORE_CTX_init(csc, cert_ctx, cert->px509, cert->px509chain))
|
2011-08-29 00:46:36 +04:00
|
|
|
goto end;
|
2011-08-30 20:20:36 +04:00
|
|
|
|
2018-11-28 11:32:28 +03:00
|
|
|
X509_STORE_CTX_set_purpose(csc, X509_PURPOSE_SSL_SERVER);
|
2019-07-17 15:00:29 +03:00
|
|
|
X509_STORE_CTX_set_verify_cb(csc, verify_cb);
|
2018-11-26 10:12:51 +03:00
|
|
|
|
2011-08-30 20:20:36 +04:00
|
|
|
if (X509_verify_cert(csc) == 1)
|
2012-10-09 10:31:28 +04:00
|
|
|
status = TRUE;
|
2011-08-30 20:20:36 +04:00
|
|
|
|
2011-08-29 00:46:36 +04:00
|
|
|
X509_STORE_CTX_free(csc);
|
|
|
|
X509_STORE_free(cert_ctx);
|
2011-08-30 20:20:36 +04:00
|
|
|
end:
|
|
|
|
return status;
|
2011-08-26 07:10:49 +04:00
|
|
|
}
|
2011-08-29 00:46:36 +04:00
|
|
|
|
2018-11-30 11:55:10 +03:00
|
|
|
rdpCertificateData* crypto_get_certificate_data(X509* xcert, const char* hostname, UINT16 port)
|
2011-08-29 00:46:36 +04:00
|
|
|
{
|
2015-06-11 12:16:45 +03:00
|
|
|
char* issuer;
|
|
|
|
char* subject;
|
2011-08-30 20:20:36 +04:00
|
|
|
char* fp;
|
2012-02-03 02:36:07 +04:00
|
|
|
rdpCertificateData* certdata;
|
2011-08-30 20:20:36 +04:00
|
|
|
fp = crypto_cert_fingerprint(xcert);
|
2018-08-24 15:03:04 +03:00
|
|
|
|
2014-03-26 02:13:08 +04:00
|
|
|
if (!fp)
|
|
|
|
return NULL;
|
|
|
|
|
2015-06-11 12:16:45 +03:00
|
|
|
issuer = crypto_cert_issuer(xcert);
|
|
|
|
subject = crypto_cert_subject(xcert);
|
|
|
|
certdata = certificate_data_new(hostname, port, issuer, subject, fp);
|
|
|
|
free(subject);
|
|
|
|
free(issuer);
|
2012-10-09 07:21:26 +04:00
|
|
|
free(fp);
|
2011-08-29 00:46:36 +04:00
|
|
|
return certdata;
|
|
|
|
}
|
|
|
|
|
2011-09-27 06:58:49 +04:00
|
|
|
void crypto_cert_print_info(X509* xcert)
|
2011-08-26 07:10:49 +04:00
|
|
|
{
|
2011-08-30 20:20:36 +04:00
|
|
|
char* fp;
|
|
|
|
char* issuer;
|
|
|
|
char* subject;
|
2011-10-18 19:02:05 +04:00
|
|
|
subject = crypto_cert_subject(xcert);
|
|
|
|
issuer = crypto_cert_issuer(xcert);
|
2011-08-30 20:20:36 +04:00
|
|
|
fp = crypto_cert_fingerprint(xcert);
|
2018-08-24 15:03:04 +03:00
|
|
|
|
2014-03-26 02:13:08 +04:00
|
|
|
if (!fp)
|
|
|
|
{
|
2014-09-12 16:36:29 +04:00
|
|
|
WLog_ERR(TAG, "error computing fingerprint");
|
2014-03-26 02:13:08 +04:00
|
|
|
goto out_free_issuer;
|
|
|
|
}
|
2011-08-30 20:20:36 +04:00
|
|
|
|
2014-09-12 16:36:29 +04:00
|
|
|
WLog_INFO(TAG, "Certificate details:");
|
|
|
|
WLog_INFO(TAG, "\tSubject: %s", subject);
|
|
|
|
WLog_INFO(TAG, "\tIssuer: %s", issuer);
|
|
|
|
WLog_INFO(TAG, "\tThumbprint: %s", fp);
|
2018-08-24 15:03:04 +03:00
|
|
|
WLog_INFO(TAG,
|
|
|
|
"The above X.509 certificate could not be verified, possibly because you do not have "
|
|
|
|
"the CA certificate in your certificate store, or the certificate has expired. "
|
|
|
|
"Please look at the OpenSSL documentation on how to add a private CA to the store.");
|
2012-10-09 07:21:26 +04:00
|
|
|
free(fp);
|
2014-03-26 02:13:08 +04:00
|
|
|
out_free_issuer:
|
|
|
|
free(issuer);
|
|
|
|
free(subject);
|
2011-08-26 07:10:49 +04:00
|
|
|
}
|