mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added certificate_get_fingerprint function to read out old one.

Browse Source
This commit is contained in:
Armin Novak 2015-06-10 23:33:58 +02:00 committed by Armin Novak
parent 2204df97f8
commit acc96388a5
4 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/freerdp/crypto/certificate.h
View File

@ -59,6 +59,8 @@ FREERDP_API BOOL certificate_data_replace(rdpCertificateStore* certificate_store
FREERDP_API void certificate_store_free(rdpCertificateStore* certificate_store);
FREERDP_API int certificate_data_match(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data);
FREERDP_API BOOL certificate_data_print(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data);
FREERDP_API BOOL certificate_get_fingerprint(rdpCertificateStore* certificate_store,
rdpCertificateData* certificate_data, char** fingerprint);
#ifdef __cplusplus
}

2
libfreerdp/core/settings.c
View File

@ -28,6 +28,8 @@
#include <unistd.h>
#endif
#include <ctype.h>
#include <winpr/crt.h>
#include <winpr/file.h>
#include <winpr/path.h>

20
libfreerdp/crypto/certificate.c
View File

@ -194,7 +194,8 @@ static int certificate_data_match_legacy(rdpCertificateStore* certificate_store,
}
int certificate_data_match(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data)
static int certificate_data_match_raw(rdpCertificateStore* certificate_store,
rdpCertificateData* certificate_data, char** fprint)
{
BOOL found = FALSE;
FILE* fp;
@ -257,6 +258,8 @@ int certificate_data_match(rdpCertificateStore* certificate_store, rdpCertificat
{
found = TRUE;
match = strcmp(fingerprint, certificate_data->fingerprint);
if ((match == 0) && fprint)
*fprint = _strdup(fingerprint);
break;
}
}
@ -272,6 +275,21 @@ int certificate_data_match(rdpCertificateStore* certificate_store, rdpCertificat
return match;
}
BOOL certificate_get_fingerprint(rdpCertificateStore* certificate_store,
rdpCertificateData* certificate_data, char** fingerprint)
{
int rc = certificate_data_match_raw(certificate_store, certificate_data, fingerprint);
if (rc == 0)
return TRUE;
return FALSE;
}
int certificate_data_match(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data)
{
return certificate_data_match_raw(certificate_store, certificate_data, NULL);
}
BOOL certificate_data_replace(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data)
{
FILE* fp;

10
libfreerdp/crypto/tls.c
View File

@ -1172,15 +1172,23 @@ int tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int por
}
else if (match == -1)
{
char* old_fingerprint = NULL;
/* entry was found in known_hosts file, but fingerprint does not match. ask user to use it */
tls_print_certificate_error(hostname, port, fingerprint,
tls->certificate_store->file);
if (!certificate_get_fingerprint(tls->certificate_store, certificate_data, &old_fingerprint))
WLog_WARN(TAG, "Failed to get certificate entry for %s:hu", hostname, port);
if (instance->VerifyChangedCertificate)
{
accept_certificate = instance->VerifyChangedCertificate(instance, subject, issuer, fingerprint, "");
accept_certificate = instance->VerifyChangedCertificate(instance, subject, issuer,
fingerprint, old_fingerprint);
}
free(old_fingerprint);
if (!accept_certificate)
{
/* user did not accept, abort and do not change known_hosts file */