mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Extract whole certificate chain to PEM format.

Browse Source
This commit is contained in:
Armin Novak 2019-07-17 14:00:29 +02:00
parent 1b4371ed22
commit 36c820a9d9
2 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
libfreerdp/crypto/crypto.c
View File

@ -754,13 +754,27 @@ char* crypto_cert_issuer(X509* xcert)
return crypto_print_name(X509_get_issuer_name(xcert)); return crypto_print_name(X509_get_issuer_name(xcert));
} }
static int verify_cb (int ok, X509_STORE_CTX *csc)
{
if (ok != 1)
{
int err = X509_STORE_CTX_get_error(csc);
int derr = X509_STORE_CTX_get_error_depth(csc);
X509* where = X509_STORE_CTX_get_current_cert(csc);
const char* what = X509_verify_cert_error_string(err);
WLog_WARN(TAG, "Certificate verification failure '%s (%d)' at stack position %d", what, err, derr);
WLog_WARN(TAG, "%s", crypto_cert_subject(where));
}
return ok;
}
BOOL x509_verify_certificate(CryptoCert cert, const char* certificate_store_path) BOOL x509_verify_certificate(CryptoCert cert, const char* certificate_store_path)
{ {
X509_STORE_CTX* csc; X509_STORE_CTX* csc;
BOOL status = FALSE; BOOL status = FALSE;
X509_STORE* cert_ctx = NULL; X509_STORE* cert_ctx = NULL;
X509_LOOKUP* lookup = NULL; X509_LOOKUP* lookup = NULL;
X509* xcert = cert->px509;
cert_ctx = X509_STORE_new(); cert_ctx = X509_STORE_new();
if (cert_ctx == NULL) if (cert_ctx == NULL)
@ -773,6 +787,7 @@ BOOL x509_verify_certificate(CryptoCert cert, const char* certificate_store_path
| OPENSSL_INIT_ADD_ALL_DIGESTS \ | OPENSSL_INIT_ADD_ALL_DIGESTS \
| OPENSSL_INIT_LOAD_CONFIG, NULL); | OPENSSL_INIT_LOAD_CONFIG, NULL);
#endif #endif
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
if (lookup == NULL) if (lookup == NULL)
@ -797,10 +812,11 @@ BOOL x509_verify_certificate(CryptoCert cert, const char* certificate_store_path
X509_STORE_set_flags(cert_ctx, 0); X509_STORE_set_flags(cert_ctx, 0);
if (!X509_STORE_CTX_init(csc, cert_ctx, xcert, cert->px509chain)) if (!X509_STORE_CTX_init(csc, cert_ctx, cert->px509, cert->px509chain))
goto end; goto end;
X509_STORE_CTX_set_purpose(csc, X509_PURPOSE_SSL_SERVER); X509_STORE_CTX_set_purpose(csc, X509_PURPOSE_SSL_SERVER);
X509_STORE_CTX_set_verify_cb(csc, verify_cb);
if (X509_verify_cert(csc) == 1) if (X509_verify_cert(csc) == 1)
status = TRUE; status = TRUE;

17
libfreerdp/crypto/tls.c
View File

@ -1226,7 +1226,7 @@ static BOOL accept_cert(rdpTls* tls, const BYTE* pem, UINT32 length)
static BOOL tls_extract_pem(CryptoCert cert, BYTE** PublicKey, DWORD* PublicKeyLength) static BOOL tls_extract_pem(CryptoCert cert, BYTE** PublicKey, DWORD* PublicKeyLength)
{ {
BIO* bio; BIO* bio;
int status; int status, count, x;
size_t offset; size_t offset;
size_t length = 0; size_t length = 0;
BOOL rc = FALSE; BOOL rc = FALSE;
@ -1256,6 +1256,21 @@ static BOOL tls_extract_pem(CryptoCert cert, BYTE** PublicKey, DWORD* PublicKeyL
goto fail; goto fail;
} }
if (cert->px509chain)
{
count = sk_BIO_num(cert->px509chain);
for (x=0; x<count; x++)
{
X509* c = sk_BIO_value(cert->px509chain, x);
status = PEM_write_bio_X509(bio, c);
if (status < 0)
{
WLog_ERR(TAG, "PEM_write_bio_X509 failure: %d", status);
goto fail;
}
}
}
offset = 0; offset = 0;
length = 2048; length = 2048;
pemCert = (BYTE*) malloc(length + 1); pemCert = (BYTE*) malloc(length + 1);