certificate verification (not tested)
This commit is contained in:
parent
2cd7b267e7
commit
66d1ceff03
@ -10,6 +10,7 @@ typedef struct rdp_certdata rdpCertdata;
|
||||
#include <freerdp/api.h>
|
||||
#include <freerdp/freerdp.h>
|
||||
#include <freerdp/utils/memory.h>
|
||||
|
||||
struct rdp_certdata
|
||||
{
|
||||
char* thumbprint;
|
||||
@ -24,11 +25,17 @@ struct rdp_certstore
|
||||
int match;
|
||||
struct rdp_certdata* certdata;
|
||||
};
|
||||
|
||||
void certstore_create(rdpCertstore* certstore);
|
||||
void certstore_open(rdpCertstore* certstore);
|
||||
void certstore_load(rdpCertstore* certstore);
|
||||
void certstore_close(rdpcertstore* certstore);
|
||||
char* get_local_certloc();
|
||||
rdpCertdata* certdata_new(char* host_name,char* fingerprint);
|
||||
void certdata_free(rdpCertdata* certdata);
|
||||
void certstore_init(rdpCertstore* certstore);
|
||||
rdpCertstore* certstore_new(rdpCertdata* certdata);
|
||||
void cerstore_free(rdpCertsore* certstore);
|
||||
void certstore_free(rdpCertsore* certstore);
|
||||
int match_certdata(rdpCertdata* certdata);
|
||||
void print_certdata(rdpCertstore* certstore);
|
||||
#endif /* __CERTSTORE_UTILS_H */
|
||||
|
@ -8,7 +8,7 @@
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
@ -28,9 +28,9 @@
|
||||
|
||||
/**
|
||||
* TSRequest ::= SEQUENCE {
|
||||
* version [0] INTEGER,
|
||||
* version [0] INTEGER,
|
||||
* negoTokens [1] NegoData OPTIONAL,
|
||||
* authInfo [2] OCTET STRING OPTIONAL,
|
||||
* authInfo [2] OCTET STRING OPTIONAL,
|
||||
* pubKeyAuth [3] OCTET STRING OPTIONAL
|
||||
* }
|
||||
*
|
||||
@ -41,29 +41,29 @@
|
||||
* }
|
||||
*
|
||||
* TSCredentials ::= SEQUENCE {
|
||||
* credType [0] INTEGER,
|
||||
* credType [0] INTEGER,
|
||||
* credentials [1] OCTET STRING
|
||||
* }
|
||||
*
|
||||
* TSPasswordCreds ::= SEQUENCE {
|
||||
* domainName [0] OCTET STRING,
|
||||
* userName [1] OCTET STRING,
|
||||
* password [2] OCTET STRING
|
||||
* domainName [0] OCTET STRING,
|
||||
* userName [1] OCTET STRING,
|
||||
* password [2] OCTET STRING
|
||||
* }
|
||||
*
|
||||
* TSSmartCardCreds ::= SEQUENCE {
|
||||
* pin [0] OCTET STRING,
|
||||
* cspData [1] TSCspDataDetail,
|
||||
* userHint [2] OCTET STRING OPTIONAL,
|
||||
* pin [0] OCTET STRING,
|
||||
* cspData [1] TSCspDataDetail,
|
||||
* userHint [2] OCTET STRING OPTIONAL,
|
||||
* domainHint [3] OCTET STRING OPTIONAL
|
||||
* }
|
||||
*
|
||||
* TSCspDataDetail ::= SEQUENCE {
|
||||
* keySpec [0] INTEGER,
|
||||
* cardName [1] OCTET STRING OPTIONAL,
|
||||
* readerName [2] OCTET STRING OPTIONAL,
|
||||
* keySpec [0] INTEGER,
|
||||
* cardName [1] OCTET STRING OPTIONAL,
|
||||
* readerName [2] OCTET STRING OPTIONAL,
|
||||
* containerName [3] OCTET STRING OPTIONAL,
|
||||
* cspName [4] OCTET STRING OPTIONAL
|
||||
* cspName [4] OCTET STRING OPTIONAL
|
||||
* }
|
||||
*
|
||||
*/
|
||||
@ -100,6 +100,43 @@ void credssp_ntlmssp_init(rdpCredssp* credssp)
|
||||
ntlmssp->ntlm_v2 = 0;
|
||||
}
|
||||
|
||||
int tls_verify_certificate(CryptoCert cert,char* hostname)
|
||||
{
|
||||
boolean ret;
|
||||
ret=x509_verify_cert(cert);
|
||||
if(!ret)
|
||||
{
|
||||
Certdata* certdata;
|
||||
certdata=crypto_get_certdata(cert->px509,hostname);
|
||||
Certstore* certstore=certstore_new(certdata);
|
||||
if(match_certdata(certstore)==0)
|
||||
return 0;
|
||||
if(certstore->match==1)
|
||||
{
|
||||
crypto_cert_printinfo(cert->x509);
|
||||
char answer;
|
||||
while(1)
|
||||
{
|
||||
printf("Do you trust the above certificate? (Y/N)");
|
||||
answer=fgetc(stdin);
|
||||
if(answer=='y' || answer =='Y')
|
||||
{
|
||||
print_certdata(certstore);break;
|
||||
}
|
||||
else if(answer=='n' || answer=='N')
|
||||
{
|
||||
/*disconnect*/break;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
else if(certstore->match==-1)
|
||||
{
|
||||
cert_print_error();/*disconnect*/
|
||||
}
|
||||
certstore_free(certstore);
|
||||
}
|
||||
}
|
||||
/**
|
||||
* Get TLS public key.
|
||||
* @param credssp
|
||||
@ -109,7 +146,7 @@ int credssp_get_public_key(rdpCredssp* credssp)
|
||||
{
|
||||
int ret;
|
||||
CryptoCert cert;
|
||||
|
||||
|
||||
cert = tls_get_certificate(credssp->transport->tls);
|
||||
|
||||
if (cert == NULL)
|
||||
@ -117,7 +154,7 @@ int credssp_get_public_key(rdpCredssp* credssp)
|
||||
printf("credssp_get_public_key: tls_get_certificate failed to return the server certificate.\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
tls_verify_certificate(cert,credssp->transport->settings->hostname);
|
||||
ret = crypto_cert_get_public_key(cert, &credssp->public_key);
|
||||
crypto_cert_free(cert);
|
||||
|
||||
|
@ -8,7 +8,7 @@
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
@ -189,33 +189,86 @@ void crypto_nonce(uint8* nonce, int size)
|
||||
{
|
||||
RAND_bytes((void*) nonce, size);
|
||||
}
|
||||
|
||||
char* crypto_cert_fingerprint(X509 *xcert)
|
||||
{
|
||||
unsigned char fp[EVP_MAX_MD_SIZE];
|
||||
int i;
|
||||
unsigned int fp_len;
|
||||
X509_digest(xcert,EVP_sha1(),fp,&fp_len);
|
||||
char *fp_buf=xzalloc(3*fp_len);
|
||||
char *p = fp_buf;
|
||||
for (i = 0; i < fp_len - 1; i++)
|
||||
{
|
||||
sprintf(p, "%02x:", fp[i]);
|
||||
p = (char*) &fp_buf[i * 3];
|
||||
}
|
||||
sprintf(p, "%02x", fp[i]);
|
||||
return fp_buf;
|
||||
unsigned char fp[EVP_MAX_MD_SIZE];
|
||||
int i;
|
||||
unsigned int fp_len;
|
||||
X509_digest(xcert,EVP_sha1(),fp,&fp_len);
|
||||
char *fp_buf=xzalloc(3*fp_len);
|
||||
char *p = fp_buf;
|
||||
for (i = 0; i < fp_len - 1; i++)
|
||||
{
|
||||
sprintf(p, "%02x:", fp[i]);
|
||||
p = (char*) &fp_buf[i * 3];
|
||||
}
|
||||
sprintf(p, "%02x", fp[i]);
|
||||
return fp_buf;
|
||||
}
|
||||
|
||||
boolean x509_verify_cert(CryptoCert cert)
|
||||
{
|
||||
X509 *xcert=cert->px509;
|
||||
char *cert_loc;
|
||||
int ret=0;
|
||||
X509_STORE *cert_ctx=NULL;
|
||||
X509_LOOKUP *lookup=NULL;
|
||||
X509_STORE_CTX *csc;
|
||||
cert_ctx=X509_STORE_new();
|
||||
if (cert_ctx == NULL)
|
||||
goto end;
|
||||
OpenSSL_add_all_algorithms();
|
||||
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
|
||||
if (lookup == NULL)
|
||||
goto end;
|
||||
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
|
||||
if (lookup == NULL)
|
||||
goto end;
|
||||
X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
|
||||
cert_loc=get_local_certloc();
|
||||
if(cert_loc!=NULL)
|
||||
{
|
||||
X509_LOOKUP_add_dir(lookup,cert_loc,X509_FILETYPE_ASN1);
|
||||
xfree(cert_loc);
|
||||
}
|
||||
csc = X509_STORE_CTX_new();
|
||||
if (csc == NULL)
|
||||
goto end;
|
||||
X509_STORE_set_flags(cert_ctx, 0);
|
||||
if(!X509_STORE_CTX_init(csc,cert_ctx,xcert,0))
|
||||
goto end;
|
||||
int i=X509_verify_cert(csc);
|
||||
X509_STORE_CTX_free(csc);
|
||||
X509_STORE_free(cert_ctx);
|
||||
ret=0;
|
||||
end:
|
||||
ret = (i > 0);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
rdpCertdata* crypto_get_certdata(X509 *xcert,char* hostname)
|
||||
{
|
||||
rdpCertdata* certdata;
|
||||
char *fp;
|
||||
fp=crypto_cert_fingerprint(xcert);
|
||||
certdata=certdata_new(hostname,fp);
|
||||
xfree(fp);
|
||||
return certdata;
|
||||
}
|
||||
|
||||
void crypto_cert_printinfo(X509 *xcert)
|
||||
{
|
||||
char *subject;
|
||||
char *issuer;
|
||||
char *fp;
|
||||
subject=X509_NAME_oneline(X509_get_subject_name(xcert),NULL,0);
|
||||
issuer=X509_NAME_oneline(X509_get_issuer_name(xcert),NULL,0);
|
||||
fp=crypto_cert_fingerprint(xcert);
|
||||
printf("Cerificate details:\n");
|
||||
printf("\tSubject : %s\n",subject);
|
||||
printf("\tIssuer : %s\n",issuer);
|
||||
printf("\tCert Thumbprint (sha1) : %s\n",fp);
|
||||
xfree(fp);
|
||||
char *subject;
|
||||
char *issuer;
|
||||
char *fp;
|
||||
subject=X509_NAME_oneline(X509_get_subject_name(xcert),NULL,0);
|
||||
issuer=X509_NAME_oneline(X509_get_issuer_name(xcert),NULL,0);
|
||||
fp=crypto_cert_fingerprint(xcert);
|
||||
printf("Cerificate details:\n");
|
||||
printf("\tSubject : %s\n",subject);
|
||||
printf("\tIssuer : %s\n",issuer);
|
||||
printf("\tThumbprint (sha1) : %s\n",fp);
|
||||
printf("The above x509 certificate couldn't be verified.Possibly because you do not have the CA cetificate in your certstore or certificate has expired.\nPlease look at the docs on how to create local certstore for private CA.\n");
|
||||
xfree(fp);
|
||||
}
|
||||
|
@ -46,6 +46,7 @@
|
||||
#include <freerdp/freerdp.h>
|
||||
#include <freerdp/utils/blob.h>
|
||||
#include <freerdp/utils/memory.h>
|
||||
#include <freerdp/utils/certstore.h>
|
||||
|
||||
struct crypto_sha1_struct
|
||||
{
|
||||
@ -87,6 +88,7 @@ CryptoCert crypto_cert_read(uint8* data, uint32 length);
|
||||
char* cypto_cert_fingerprint(X509* xcert);
|
||||
void crypto_cert_printinfo(X509* xcert);
|
||||
void crypto_cert_free(CryptoCert cert);
|
||||
boolean x509_verify_cert(CryptoCert cert);
|
||||
boolean crypto_cert_verify(CryptoCert server_cert, CryptoCert cacert);
|
||||
boolean crypto_cert_get_public_key(CryptoCert cert, rdpBlob* public_key);
|
||||
|
||||
|
@ -8,7 +8,7 @@
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
@ -240,48 +240,63 @@ rdpTls* tls_new()
|
||||
tls->connect = tls_connect;
|
||||
tls->accept = tls_accept;
|
||||
tls->disconnect = tls_disconnect;
|
||||
|
||||
|
||||
SSL_load_error_strings();
|
||||
SSL_library_init();
|
||||
}
|
||||
|
||||
return tls;
|
||||
}
|
||||
boolean tls_verify_cert(CryptoCert cert)
|
||||
|
||||
int tls_verify_certificate(CryptoCert cert,char* hostname)
|
||||
{
|
||||
X509 *xcert=cert->px509;
|
||||
char *cert_loc;
|
||||
int ret=0;
|
||||
X509_STORE *cert_ctx=NULL;
|
||||
X509_LOOKUP *lookup=NULL;
|
||||
X509_STORE_CTX *csc;
|
||||
cert_ctx=X509_STORE_new();
|
||||
if (cert_ctx == NULL)
|
||||
goto end;
|
||||
OpenSSL_add_all_algorithms();
|
||||
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
|
||||
if (lookup == NULL)
|
||||
goto end;
|
||||
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
|
||||
if (lookup == NULL)
|
||||
goto end;
|
||||
X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
|
||||
cert_loc=get_local_certloc();
|
||||
X509_LOOKUP_add_dir(lookup,cert_loc,X509_FILETYPE_ASN1);
|
||||
xfree(cert_loc);
|
||||
csc = X509_STORE_CTX_new();
|
||||
if (csc == NULL)
|
||||
goto end;
|
||||
X509_STORE_set_flags(cert_ctx, 0);
|
||||
if(!X509_STORE_CTX_init(csc,cert_ctx,xcert,0))
|
||||
goto end;
|
||||
int i=X509_verify_cert(csc);
|
||||
X509_STORE_CTX_free(csc);
|
||||
X509_STORE_free(cert_ctx);
|
||||
ret=0;
|
||||
end:
|
||||
ret = (i > 0);
|
||||
return(ret);
|
||||
boolean ret;
|
||||
ret=x509_verify_cert(cert);
|
||||
if(!ret)
|
||||
{
|
||||
Certdata* certdata;
|
||||
certdata=crypto_get_certdata(cert->px509,hostname);
|
||||
Certstore* certstore=certstore_new(certdata);
|
||||
if(match_certdata(certstore)==0)
|
||||
return 0;
|
||||
if(certstore->match==1)
|
||||
{
|
||||
crypto_cert_printinfo(cert->x509);
|
||||
char answer;
|
||||
while(1)
|
||||
{
|
||||
printf("Do you trust the above certificate? (Y/N)");
|
||||
answer=fgetc(stdin);
|
||||
if(answer=='y' || answer =='Y')
|
||||
{
|
||||
print_certdata(certstore);break;
|
||||
}
|
||||
else if(answer=='n' || answer=='N')
|
||||
{
|
||||
/*disconnect*/break;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
else if(certstore->match==-1)
|
||||
{
|
||||
tls_print_cert_error();/*disconnect*/
|
||||
}
|
||||
certstore_free(certstore);
|
||||
}
|
||||
}
|
||||
|
||||
void tls_print_cert_error()
|
||||
{
|
||||
printf("#####################################\n");
|
||||
printf("##############WARNING################\n");
|
||||
printf("#####################################\n");
|
||||
printf("The thumbprint of certificate recieved\n");
|
||||
printf("did not match the stored thumbprint.You\n");
|
||||
printf("might be a victim of MAN in the MIDDLE\n");
|
||||
printf("ATTACK.It is also possible that server's\n");
|
||||
printf("certificate have been changed.In that case\n");
|
||||
printf("contact your server administrator\n");
|
||||
}
|
||||
|
||||
void tls_free(rdpTls* tls)
|
||||
|
@ -41,6 +41,7 @@ struct rdp_tls
|
||||
TlsConnect connect;
|
||||
TlsAccept accept;
|
||||
TlsDisconnect disconnect;
|
||||
struct rdp_settings* settings;
|
||||
};
|
||||
|
||||
boolean tls_connect(rdpTls* tls);
|
||||
@ -49,8 +50,9 @@ boolean tls_disconnect(rdpTls* tls);
|
||||
int tls_read(rdpTls* tls, uint8* data, int length);
|
||||
int tls_write(rdpTls* tls, uint8* data, int length);
|
||||
CryptoCert tls_get_certificate(rdpTls* tls);
|
||||
int tls_verify_certificate(CryptoCert cert,char* hostname);
|
||||
void tls_print_cert_error();
|
||||
boolean tls_print_error(char* func, SSL* connection, int value);
|
||||
boolean tls_verify_cert(CryptoCert cert);
|
||||
rdpTls* tls_new();
|
||||
void tls_free(rdpTls* tls);
|
||||
|
||||
|
@ -1,185 +0,0 @@
|
||||
/**
|
||||
* FreeRDP: A Remote Desktop Protocol Client
|
||||
* certstore Utils
|
||||
*
|
||||
* Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <freerdp/utils/certstore.h>
|
||||
|
||||
#ifdef _WIN32
|
||||
#include <windows.h>
|
||||
#endif
|
||||
|
||||
static char cert_dir[] = "freerdp";
|
||||
static char cert_loc[] = "cacert";
|
||||
static char certstore_file[] = "known_hosts";
|
||||
|
||||
void certstore_create(rdpCertstore* certstore)
|
||||
{
|
||||
certstore->fp = fopen((char*)certstore->file, "w+");
|
||||
|
||||
if (certstore->fp == NULL)
|
||||
{
|
||||
printf("certstore_create: error opening [%s] for writing\n", certstore->file);
|
||||
return;
|
||||
}
|
||||
fflush(certstore->fp);
|
||||
}
|
||||
|
||||
void certstore_load(rdpCertstore* certstore)
|
||||
{
|
||||
certstore->fp = fopen((char*)certstore->file, "r+");
|
||||
}
|
||||
|
||||
void certstore_open(rdpCertstore* certstore)
|
||||
{
|
||||
struct stat stat_info;
|
||||
|
||||
if (stat((char*)certstore->file, &stat_info) != 0)
|
||||
certstore_create(certstore);
|
||||
else
|
||||
certstore_load(certstore);
|
||||
}
|
||||
|
||||
void certstore_close(rdpcertstore* certstore)
|
||||
{
|
||||
if (certstore->fp != NULL)
|
||||
fclose(certstore->fp);
|
||||
}
|
||||
|
||||
char* get_local_certloc()
|
||||
{
|
||||
char *home_path;
|
||||
char *cert_loc;
|
||||
home_path=getenv("HOME");
|
||||
cert_loc=(char*)xmalloc(strlen(home_path)+strlen("/.")+strlen(cert_dir)+strlen("/")+strlen(cert_loc)+1);
|
||||
sprintf(cert_loc,"%s/.%s/%s",home_path,cert_dir,cert_loc);
|
||||
return cert_loc;
|
||||
}
|
||||
|
||||
void certstore_init(rdpCertstore* certstore)
|
||||
{
|
||||
int length;
|
||||
char* home_path;
|
||||
struct stat stat_info;
|
||||
|
||||
certstore->match=1;
|
||||
home_path = getenv("HOME");
|
||||
|
||||
if (home_path == NULL)
|
||||
{
|
||||
printf("could not get home path\n");
|
||||
certstore->available = False;
|
||||
return;
|
||||
}
|
||||
|
||||
certstore->home = (char*) xstrdup(home_path);
|
||||
printf("home path: %s\n", certstore->home);
|
||||
|
||||
certstore->path = (char*) xmalloc(strlen(certstore->home) + strlen("/.") + strlen(cert_dir) + 1);
|
||||
sprintf(certstore->path, "%s/.%s", certstore->home, cert_dir);
|
||||
printf("certstore path: %s\n", certstore->path);
|
||||
|
||||
if (stat(certstore->path, &stat_info) != 0)
|
||||
{
|
||||
#ifndef _WIN32
|
||||
mkdir(certstore->path, S_IRUSR | S_IWUSR | S_IXUSR);
|
||||
#else
|
||||
CreateDirectory(certstore->path, 0);
|
||||
#endif
|
||||
printf("creating directory %s\n", certstore->path);
|
||||
}
|
||||
|
||||
length = strlen(certstore->path);
|
||||
certstore->file = (char*) xmalloc(strlen(certstore->path) + strlen("/") + strlen(certstore_file) + 1);
|
||||
sprintf(certstore->file, "%s/%s", certstore->path, certstore_file);
|
||||
printf("certstore file: %s\n", certstore->file);
|
||||
|
||||
certstore_open(certstore);
|
||||
}
|
||||
|
||||
rdpCertstore* certstore_new(rdpCertdata* certdata)
|
||||
{
|
||||
rdpCertstore* certstore = (rdpCertstore*) xzalloc(sizeof(rdpCertstore));
|
||||
|
||||
if (certstore != NULL)
|
||||
{
|
||||
certstore->certdata = certdata;
|
||||
certstore_init(certstore);
|
||||
}
|
||||
|
||||
return certstore;
|
||||
}
|
||||
|
||||
void cerstore_free(rdpCertsore* certstore)
|
||||
{
|
||||
if (certstore != NULL)
|
||||
{
|
||||
certstore_close(certstore);
|
||||
xfree(certstore->path);
|
||||
xfree(certstore->file);
|
||||
xfree(certstore->home);
|
||||
xfree(certstore);
|
||||
}
|
||||
}
|
||||
|
||||
int match_certdata(rdpCertdata* certdata)
|
||||
{
|
||||
char *host;
|
||||
char *p;
|
||||
char *thumb_print;
|
||||
int length;
|
||||
unsigned char c;
|
||||
FILE* cfp;
|
||||
rdpCertstore* certstore=certstore_new(certdata);
|
||||
cfp=certstore->fp;
|
||||
length=strlen(certdata->thumbprint);
|
||||
for(;;)
|
||||
{
|
||||
if((int)fread(host,sizeof(char),strlen(certdata->hostname),cfp) < strlen(certdata->hostname))
|
||||
break;
|
||||
if((!strcmp(host,certdata->hostname)) && ((c=fgetc(cfp))==' ' || c=='\t') )
|
||||
{
|
||||
ungetc(c,cfp);
|
||||
while((c=fgetc(cfp))==' ' || c=='\t');
|
||||
if(c==EOF)
|
||||
break;
|
||||
ungetc(c,cfp);
|
||||
thumb_print=xzalloc(length+1);
|
||||
p=thumb_print;
|
||||
while((p-thumb_print < length) && (*p=fgetc(cfp))!=EOF && *p!='\n' && *p==certdata->thumbprint+p-thumb_print)
|
||||
p++;
|
||||
if(p-thumb_print==length)
|
||||
certdata->match=0;
|
||||
else
|
||||
certdata->match=-1;
|
||||
break;
|
||||
}
|
||||
else
|
||||
while(c!='\n'||c!=EOF)
|
||||
c=fgetc(cfp);
|
||||
if(c==EOF)
|
||||
break;
|
||||
else
|
||||
ungetc(c,cfp);
|
||||
}
|
||||
return certdata->match;
|
||||
}
|
||||
void print_certdata(rdpCertstore* certstore)
|
||||
{
|
||||
lseek(certstore->fp,0,SEEK_END);
|
||||
fprintf(certstore->fp,"%s %s\n",certstore->certdata->hostname,certstore->certdata->thumbprint);
|
||||
}
|
Loading…
Reference in New Issue
Block a user