mirrors
/
FreeRDP
mirror of https://github.com/FreeRDP/FreeRDP
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,257 Commits 6 Branches 74 Tags 84 MiB
Commit Graph

370 Commits

Author SHA1 Message Date
akallabeth 095d24934c Fixed #6122: Allow SSL server and client purpose 2020-04-25 08:06:00 +02:00
akallabeth b094d52d0b Fixed #6099: Add a flag for legacy hash entries 
If a legacy entry is found in certificate hash store print
additional information to the user informing about the change
with FreeRDP 2.0
 2020-04-22 18:14:39 +02:00
Linus Heckemann 89e4e24c31 tls: support non-RSA keys 2020-04-10 17:57:34 +02:00
Armin Novak 5b9b7f331b Fixed memory leak in tls_get_channel_bindings 2020-03-06 11:37:35 +01:00
Armin Novak 9c999b7135 Added raw function wrapping X509_digest 2020-03-06 11:37:35 +01:00
Armin Novak 2be6e4117f Let ssl backend handle hash checks. 2020-03-06 11:37:35 +01:00
Armin Novak 00fa84b514 Check cert against CertificateAcceptedFingerprints 
CertificateAcceptedFingerprints may contain a list of certificate
hashes and the corresponding fingerprint.
If one of the hashes matches consider the certificate accepted.
 2020-03-06 11:37:35 +01:00
Armin Novak ac4bb3c103 End connection before user callbacks if aborted. 
If somewhere in freerdp_connect freerdp_abort_connect was called
the user callbacks Authenticate, GatewayAuthenticate and
Verify[Changed|X509]Certificate[Ex] must not be called.
 2020-02-19 16:44:42 +01:00
Armin Novak 7c243da6e1 Remove symbols exported by accident. 2019-12-02 10:57:31 +01:00
Armin Novak 72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak d7877186d6 Fixed strnlen issues. 2019-11-05 14:55:33 +01:00
Armin Novak 993b79f1bd Removed strcpy use. 2019-10-29 11:58:43 +01:00
Armin Novak f01e042211 Code cleanups (strlen, casts, size_t, ...) 2019-10-29 11:58:43 +01:00
asapelkin 82eadad4a4 Fix some static analizer warnings 2019-10-22 15:39:54 +02:00
Armin Novak 2f2ca9d93b Fixed leak in verify_cb. 2019-10-04 16:19:23 +02:00
Armin Novak 2778cbce8c Fixed type of sk_* macro. 2019-08-22 10:40:25 +02:00
Armin Novak 36c820a9d9 Extract whole certificate chain to PEM format. 2019-07-17 14:42:32 +02:00
Armin Novak 0c17c3871b Pass on cert validation failure, set freerdp error in all use cases. 2019-07-15 15:51:46 +02:00
Armin Novak ca4a1d19a5 Silenced some unused parameter warnings. 2019-05-08 12:21:31 +02:00
Armin Novak 29c920c568 Fixed review remarks. 2019-04-05 09:14:35 +02:00
Armin Novak 1da57d0b7e Fixed sign-compare warnings 2019-04-05 09:13:24 +02:00
cerg2010cerg2010 7abc86ffae Close file handle correctly. (#5310) 2019-03-18 14:57:00 +01:00
Armin Novak 4ad0770a7e Silenced function pointer cast warnings for BIO_callback_ctrl 2019-02-21 13:53:51 +01:00
David Fort 05d9d89796
Merge pull request #5149 from akallabeth/cert_deny 
New option to disable user certificate dialog
 2019-01-25 16:59:33 +01:00
Armin Novak 0c83efa753 Fix #5170: Disable custom TLS alert for libressl > 2.8.3 2019-01-07 14:20:16 +01:00
Simon Legner ff375d238b
fix(crypto/tls): typo 2019-01-02 08:18:07 +01:00
Armin Novak b60045af27 New option to disable user certificate dialog 
The new option +cert-deny aborts a connection automatically if
the certificate can not be validated by OpenSSL or via known hosts.
 2018-12-14 10:17:52 +01:00
Armin Novak 6906efa354 Fixed return value for already accepted certificate. 2018-12-14 09:52:25 +01:00
Armin Novak d2ac7acdd9 Fixed certificate accept 
certificate_data_replace can only replace an existing entry,
use certificate_data_print for new ones.
 2018-12-10 12:03:55 +01:00
Armin Novak d05217454f Fix #5115: Cast PEM data from BYTE* to char* to silence warnings. 2018-12-07 12:36:18 +01:00
Armin Novak 0aaf14bed7 Fixe accidental removal of certificate_data_replace 2018-12-06 09:39:50 +01:00
Armin Novak b27470405c Duplicate PEM when accepted. 2018-12-04 09:35:24 +01:00
Armin Novak e04c319d21 Added new default certificate callbacks with extended information. 
The extended information provided by VerifyCertificateEx and
VerifyChangedCertificateEx is now exploited by the new functions
client_cli_verify_certificate_ex and client_cli_verify_changed_certificate_ex.

The old callbacks now print out deprecation warnings to inform the
user and developer about this deprecation.
 2018-12-04 09:35:24 +01:00
Armin Novak a8823fdf95 Cleaned up certificate verification code. 2018-12-04 09:35:24 +01:00
Armin Novak 7ab07ab980 Added certificate callbacks with source indications. 2018-12-04 09:35:24 +01:00
Armin Novak dd3276d664 Prefer VerifyX509Certificate and fixed const arguments 
If VerifyX509Certificate is set use it also when doing internal
certificate management. Added flags to ensure it is possible to
find out which type of connection is being made.
 2018-12-04 09:35:24 +01:00
Armin Novak d27cd1b19e Fixed unit tests, use uniqe file names 2018-12-04 08:45:41 +01:00
Armin Novak f3e1ffb121 Fix #4764: Second try, use X509_STORE_CTX_set_purpose 2018-11-28 12:08:42 +01:00
Armin Novak 77744200a8 Fix #4768: Set SSL verify purpose to ANY 
Should actually be SSL server but since we allowed broken
purpose up until now keep that for the 2.0 series.
 2018-11-26 11:58:29 +01:00
akallabeth effa8b8562 Fix #5049: Libressl declares OPENSSL_VERSION_NUMBER too high 
Need to check specifically for LIBRESSL_VERSION_NUMBER as they
set the version higher than OpenSSL 1.1 but without API support.
 2018-11-22 19:10:05 +01:00
Armin Novak 649f49fa61 Fix #5049: LibreSSL does not have SSL_CTX_set_security_level 2018-11-22 09:23:46 +01:00
Martin Fleisz 947aa80033
Merge pull request #5016 from akallabeth/windows_server_build_fix 
Windows server build fix
 2018-11-21 16:02:47 +01:00
Christian Gall fffe4f077a * remove obsolete SSLv23_client_method in tls_connect() 
* set min TLS Version
 2018-11-18 14:09:37 +00:00
Armin Novak a2cd934184 Fixed windows build warnings. 2018-11-15 09:01:53 +01:00
Martin Fleisz 097ac0ee13
Merge pull request #4997 from akallabeth/use_bio_free_all 
Replaced BIO_free with BIO_free_all
 2018-11-12 13:55:36 +01:00
Armin Novak 5f4843191b Replaced BIO_free with BIO_free_all 
There is no point in using BIO_free with a custom recursion
to free up stacked BIOs if there is already BIO_free_all.
Using it consistently avoids memory leaks due to stacked BIOs
not being recursively freed.
 2018-11-08 12:09:49 +01:00
Bernhard Miklautz 1222e7060b new [crypto/tls]: add support to set tls security level 
The newly introduced option /tls-seclevel can be used to set the tls
security level on systems with openssl >= 1.1.0 or libressl.
As default level 1 is used as higher levels might prohibit connections
to older systems.
 2018-11-08 11:13:15 +01:00
Bernhard Miklautz 649404dd29 fix [libfreerdp/crypto]: memory leak in Test_x509_cert_info 2018-11-05 13:46:05 +01:00
Armin Novak bdff1c96fd Fixed use after free and leak. 2018-09-20 11:08:12 +02:00
Armin Novak 817f8e0d47 Fixed an issue introduced with #4822 
The string prepared is not NULL terminated and the sources are of fixed sizes.
Use memcpy instead of print fucntions in this specific case.
 2018-09-03 08:48:33 +02:00