mirrors
/
FreeRDP
mirror of https://github.com/FreeRDP/FreeRDP
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[core,server] warn if cert not RDP security compatible

This commit is contained in:
Armin Novak 2023-03-25 14:36:27 +01:00 committed by akallabeth
parent cdf1047bef
commit 50ce5b834d
4 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/freerdp/crypto/certificate.h
View File

@ -78,6 +78,8 @@ extern "C"
FREERDP_API BOOL freerdp_certificate_verify(const rdpCertificate* cert,
const char* certificate_store_path);
FREERDP_API BOOL freerdp_certificate_is_rdp_security_compatible(const rdpCertificate* cert);
#ifdef __cplusplus
}
#endif

7
libfreerdp/core/peer.c
View File

@ -256,13 +256,8 @@ static BOOL freerdp_peer_initialize(freerdp_peer* client)
return FALSE;
}
if (!freerdp_certificate_is_rsa(cert))
if (!freerdp_certificate_is_rdp_security_compatible(cert))
{
if (freerdp_settings_get_bool(settings, FreeRDP_RdpSecurity))
WLog_WARN(TAG, "certificate is not of RSA type, deactivating RDP security for good.");
else
WLog_INFO(TAG, "certificate is not of RSA type, RDP security not supported.");
if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, FALSE))
return FALSE;
if (!freerdp_settings_set_bool(settings, FreeRDP_UseRdpSecurityLayer, FALSE))

11
libfreerdp/crypto/certificate.c
View File

@ -1525,3 +1525,14 @@ BOOL freerdp_certificate_is_rsa(const rdpCertificate* cert)
WINPR_ASSERT(cert->x509);
return is_rsa_key(cert->x509);
}
BOOL freerdp_certificate_is_rdp_security_compatible(const rdpCertificate* cert)
{
const rdpCertInfo* info = freerdp_certificate_get_info(cert);
if (!freerdp_certificate_is_rsa(cert) || !info || (info->ModulusLength != 2048 / 8))
{
WLog_INFO(TAG, "certificate is not RSA 2048, RDP security not supported.");
return FALSE;
}
return TRUE;
}

12
server/shadow/shadow_server.c
View File

@ -463,10 +463,10 @@ static DWORD WINAPI shadow_server_thread(LPVOID arg)
while (running)
{
HANDLE events[32];
HANDLE events[MAXIMUM_WAIT_OBJECTS] = { 0 };
DWORD nCount = 0;
events[nCount++] = server->StopEvent;
nCount += listener->GetEventHandles(listener, &events[nCount], 32 - nCount);
nCount += listener->GetEventHandles(listener, &events[nCount], ARRAYSIZE(events) - nCount);
if (nCount <= 1)
{
@ -834,9 +834,17 @@ static BOOL shadow_server_init_certificate(rdpShadowServer* server)
rdpCertificate* cert = freerdp_certificate_new_from_file(server->CertificateFile);
if (!cert)
goto out_fail;
if (!freerdp_settings_set_pointer_len(settings, FreeRDP_RdpServerCertificate, cert, 1))
goto out_fail;
if (!freerdp_certificate_is_rdp_security_compatible(cert))
{
if (!freerdp_settings_set_bool(settings, FreeRDP_UseRdpSecurityLayer, FALSE))
goto out_fail;
if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, FALSE))
goto out_fail;
}
ret = TRUE;
out_fail:
free(filepath);