mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accept both TLSv1 and SSLv3 as a server.

Browse Source 
This fixes SSL connections from Microsoft RDC for Mac OS X to FreeRDP server.
This commit is contained in:
Pawel Jakub Dawidek 2012-02-23 00:38:52 +01:00
parent 3a8dd077c8
commit 59bd213cf0
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libfreerdp-crypto/tls.c
View File

@ -128,7 +128,7 @@ boolean tls_accept(rdpTls* tls, const char* cert_file, const char* privatekey_fi
{ {
int connection_status; int connection_status;
tls->ctx = SSL_CTX_new(TLSv1_server_method()); tls->ctx = SSL_CTX_new(SSLv23_server_method());
if (tls->ctx == NULL) if (tls->ctx == NULL)
{ {
@ -136,6 +136,12 @@ boolean tls_accept(rdpTls* tls, const char* cert_file, const char* privatekey_fi
return false; return false;
} }
/*
* We only want SSLv3 and TLSv1, so disable SSLv2.
* SSLv3 is used by, eg. Microsoft RDC for Mac OS X.
*/
SSL_CTX_set_options(tls->ctx, SSL_OP_NO_SSLv2);
if (SSL_CTX_use_RSAPrivateKey_file(tls->ctx, privatekey_file, SSL_FILETYPE_PEM) <= 0) if (SSL_CTX_use_RSAPrivateKey_file(tls->ctx, privatekey_file, SSL_FILETYPE_PEM) <= 0)
{ {
printf("SSL_CTX_use_RSAPrivateKey_file failed\n"); printf("SSL_CTX_use_RSAPrivateKey_file failed\n");