mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added hostname and port to callback function for SSL certification verification.

Browse Source
This commit is contained in:
Benoît LeBlanc 2013-11-25 14:30:43 -05:00
parent fce1880cae
commit 56c517170f
3 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/freerdp/crypto/tls.h
View File

@ -64,7 +64,7 @@ FREERDP_API int tls_wait_read(rdpTls* tls);
FREERDP_API int tls_wait_write(rdpTls* tls);
FREERDP_API BOOL tls_match_hostname(char *pattern, int pattern_length, char *hostname);
FREERDP_API BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname);
FREERDP_API BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int port);
FREERDP_API void tls_print_certificate_error(char* hostname, char* fingerprint, char* hosts_file);
FREERDP_API void tls_print_certificate_name_mismatch_error(char* hostname, char* common_name, char** alt_names, int alt_names_count);

2
include/freerdp/freerdp.h
View File

@ -61,7 +61,7 @@ typedef void (*pPostDisconnect)(freerdp* instance);
typedef BOOL (*pAuthenticate)(freerdp* instance, char** username, char** password, char** domain);
typedef BOOL (*pVerifyCertificate)(freerdp* instance, char* subject, char* issuer, char* fingerprint);
typedef BOOL (*pVerifyChangedCertificate)(freerdp* instance, char* subject, char* issuer, char* new_fingerprint, char* old_fingerprint);
typedef int (*pVerifyX509Certificate)(freerdp* instance, BYTE* data, int length, DWORD flags);
typedef int (*pVerifyX509Certificate)(freerdp* instance, BYTE* data, int length, const char* hostname, int port, DWORD flags);
typedef int (*pLogonErrorInfo)(freerdp* instance, UINT32 data, UINT32 type);

13
libfreerdp/crypto/tls.c
View File

@ -111,6 +111,7 @@ BOOL tls_connect(rdpTls* tls)
long options = 0;
int connection_status;
char *hostname;
int port;
tls->ctx = SSL_CTX_new(TLSv1_client_method());
@ -214,11 +215,17 @@ BOOL tls_connect(rdpTls* tls)
}
if (tls->settings->GatewayEnabled)
{
hostname = tls->settings->GatewayHostname;
port = tls->settings->GatewayPort;
}
else
{
hostname = tls->settings->ServerHostname;
port = tls->settings->ServerPort;
}
if (!tls_verify_certificate(tls, cert, hostname))
if (!tls_verify_certificate(tls, cert, hostname, port))
{
fprintf(stderr, "tls_connect: certificate not trusted, aborting.\n");
tls_disconnect(tls);
@ -568,7 +575,7 @@ BOOL tls_match_hostname(char *pattern, int pattern_length, char *hostname)
return FALSE;
}
BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname)
BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int port)
{
int match;
int index;
@ -626,7 +633,7 @@ BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname)
if (instance->VerifyX509Certificate)
{
status = instance->VerifyX509Certificate(instance, pemCert, length, 0);
status = instance->VerifyX509Certificate(instance, pemCert, length, hostname, port, 0);
}
free(pemCert);