mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #421 from pjd/fixes

Browse Source 
Remove tls->cert field, make tls_get_certificate() static and free certificate after use.
This commit is contained in:
Marc-André Moreau 2012-02-12 10:10:39 -08:00
commit f4c77a755d
2 changed files with 35 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
libfreerdp-core/tls.c
View File

@ -22,8 +22,37 @@
#include "tls.h" #include "tls.h"
static CryptoCert tls_get_certificate(rdpTls* tls)
{
CryptoCert cert;
X509* server_cert;
server_cert = SSL_get_peer_certificate(tls->ssl);
if (!server_cert)
{
printf("ssl_verify: failed to get the server SSL certificate\n");
cert = NULL;
}
else
{
cert = xmalloc(sizeof(*cert));
cert->px509 = server_cert;
}
return cert;
}
static void tls_free_certificate(CryptoCert cert)
{
X509_free(cert->px509);
xfree(cert);
}
boolean tls_connect(rdpTls* tls) boolean tls_connect(rdpTls* tls)
{ {
CryptoCert cert;
int connection_status; int connection_status;
tls->ctx = SSL_CTX_new(TLSv1_client_method()); tls->ctx = SSL_CTX_new(TLSv1_client_method());
@ -73,23 +102,25 @@ boolean tls_connect(rdpTls* tls)
} }
} }
tls->cert = tls_get_certificate(tls); cert = tls_get_certificate(tls);
if (tls->cert == NULL) if (cert == NULL)
{ {
printf("tls_connect: tls_get_certificate failed to return the server certificate.\n"); printf("tls_connect: tls_get_certificate failed to return the server certificate.\n");
return false; return false;
} }
if (!crypto_cert_get_public_key(tls->cert, &tls->public_key)) if (!crypto_cert_get_public_key(cert, &tls->public_key))
{ {
printf("tls_connect: crypto_cert_get_public_key failed to return the server public key.\n"); printf("tls_connect: crypto_cert_get_public_key failed to return the server public key.\n");
return false; return false;
} }
if (!tls_verify_certificate(tls, tls->cert, tls->settings->hostname)) if (!tls_verify_certificate(tls, cert, tls->settings->hostname))
tls_disconnect(tls); tls_disconnect(tls);
tls_free_certificate(cert);
return true; return true;
} }
@ -230,27 +261,6 @@ boolean tls_print_error(char* func, SSL* connection, int value)
} }
} }
CryptoCert tls_get_certificate(rdpTls* tls)
{
CryptoCert cert;
X509* server_cert;
server_cert = SSL_get_peer_certificate(tls->ssl);
if (!server_cert)
{
printf("ssl_verify: failed to get the server SSL certificate\n");
cert = NULL;
}
else
{
cert = xmalloc(sizeof(*cert));
cert->px509 = server_cert;
}
return cert;
}
boolean tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname) boolean tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname)
{ {
int match; int match;

2
libfreerdp-core/tls.h
View File

@ -36,7 +36,6 @@ struct rdp_tls
SSL* ssl; SSL* ssl;
int sockfd; int sockfd;
SSL_CTX* ctx; SSL_CTX* ctx;
CryptoCert cert;
rdpBlob public_key; rdpBlob public_key;
rdpSettings* settings; rdpSettings* settings;
rdpCertificateStore* certificate_store; rdpCertificateStore* certificate_store;
@ -49,7 +48,6 @@ boolean tls_disconnect(rdpTls* tls);
int tls_read(rdpTls* tls, uint8* data, int length); int tls_read(rdpTls* tls, uint8* data, int length);
int tls_write(rdpTls* tls, uint8* data, int length); int tls_write(rdpTls* tls, uint8* data, int length);
CryptoCert tls_get_certificate(rdpTls* tls);
boolean tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname); boolean tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname);
void tls_print_certificate_error(char* hostname, char* fingerprint); void tls_print_certificate_error(char* hostname, char* fingerprint);
void tls_print_certificate_name_mismatch_error(char* hostname, char* common_name, char** alt_names, int alt_names_count); void tls_print_certificate_name_mismatch_error(char* hostname, char* common_name, char** alt_names, int alt_names_count);