mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12,736 Commits 6 Branches 74 Tags 84 MiB
5e0fef582a
Commit Graph

334 Commits

Author SHA1 Message Date
Armin Novak
d27cd1b19e Fixed unit tests, use uniqe file names 2018-12-04 08:45:41 +01:00
Armin Novak
f3e1ffb121 Fix #4764: Second try, use X509_STORE_CTX_set_purpose 2018-11-28 12:08:42 +01:00
Armin Novak
77744200a8 Fix #4768: Set SSL verify purpose to ANY 
Should actually be SSL server but since we allowed broken
purpose up until now keep that for the 2.0 series.
 2018-11-26 11:58:29 +01:00
akallabeth
effa8b8562 Fix #5049: Libressl declares OPENSSL_VERSION_NUMBER too high 
Need to check specifically for LIBRESSL_VERSION_NUMBER as they
set the version higher than OpenSSL 1.1 but without API support.
 2018-11-22 19:10:05 +01:00
Armin Novak
649f49fa61 Fix #5049: LibreSSL does not have SSL_CTX_set_security_level 2018-11-22 09:23:46 +01:00
Martin Fleisz
947aa80033
Merge pull request #5016 from akallabeth/windows_server_build_fix 
Windows server build fix
 2018-11-21 16:02:47 +01:00
Christian Gall
fffe4f077a * remove obsolete SSLv23_client_method in tls_connect() 
* set min TLS Version
 2018-11-18 14:09:37 +00:00
Armin Novak
a2cd934184 Fixed windows build warnings. 2018-11-15 09:01:53 +01:00
Martin Fleisz
097ac0ee13
Merge pull request #4997 from akallabeth/use_bio_free_all 
Replaced BIO_free with BIO_free_all
 2018-11-12 13:55:36 +01:00
Armin Novak
5f4843191b Replaced BIO_free with BIO_free_all 
There is no point in using BIO_free with a custom recursion
to free up stacked BIOs if there is already BIO_free_all.
Using it consistently avoids memory leaks due to stacked BIOs
not being recursively freed.
 2018-11-08 12:09:49 +01:00
Bernhard Miklautz
1222e7060b new [crypto/tls]: add support to set tls security level 
The newly introduced option /tls-seclevel can be used to set the tls
security level on systems with openssl >= 1.1.0 or libressl.
As default level 1 is used as higher levels might prohibit connections
to older systems.
 2018-11-08 11:13:15 +01:00
Bernhard Miklautz
649404dd29 fix [libfreerdp/crypto]: memory leak in Test_x509_cert_info 2018-11-05 13:46:05 +01:00
Armin Novak
bdff1c96fd Fixed use after free and leak. 2018-09-20 11:08:12 +02:00
Armin Novak
817f8e0d47 Fixed an issue introduced with #4822 
The string prepared is not NULL terminated and the sources are of fixed sizes.
Use memcpy instead of print fucntions in this specific case.
 2018-09-03 08:48:33 +02:00
Armin Novak
5bc3993e3f Fixed buffer size and function name 2018-08-27 14:34:42 +02:00
Armin Novak
62c1696d4c Removed use of unchecked sprintf 2018-08-27 14:34:42 +02:00
Armin Novak
114abad767 Removed use of strcpy. 2018-08-27 14:34:09 +02:00
akallabeth
9e3b48e0fb
Merge pull request #4829 from informatimago/smartcard-logon-rdp--x509-certificate-info-extraction 
Smartcard Logon: restructured x509 certificate info extraction; added extracting the UPN.
 2018-08-27 14:33:09 +02:00
Pascal J. Bourguignon
63d00f6f81 Corrected the compatibility function names: crypto_cert_subject_alt_name and crypto_cert_subject_alt_name_free. 2018-08-27 13:51:30 +02:00
Pascal J. Bourguignon
53692ffc57 Compute certificate_path from __FILE__ to adapt to changing compilation and test environments. 2018-08-24 16:04:29 +02:00
Pascal J. Bourguignon
79d2294a23 Put back deprecated function names crypto_cert_get_alt_names and crypto_cert_alt_names_free for FREERDP_API compatibility. 2018-08-24 15:20:03 +02:00
Pascal J. Bourguignon
98b8602663 Use C comment syntax instead of C++; added static declaration for local functions. 2018-08-24 15:05:50 +02:00
Pascal J. Bourguignon
469f9bf488 Smartcard Logon: restructured x509 certificate info extraction; added extracting the UPN. 2018-08-24 14:03:04 +02:00
Armin Novak
dab842cfb5 Fixed missing type casts. 2018-08-24 13:40:36 +02:00
Ondrej Holy
0b7d0c2002 crypto/tls: Prevent usage of freed pointer found by coverity 
pass_freed_arg: Passing freed pointer "pemCert" as an argument to "WLog_PrintMessage".
 2018-08-22 14:34:02 +02:00
Armin Novak
026ff00e7d Fixed #4806 broken bounds check. 2018-08-21 09:08:33 +02:00
Armin Novak
3d6c41746d Expose redirection flag for certificate. 2018-07-18 16:06:20 +02:00
Armin Novak
7ebc899516 Fixed PEM certificate reading. 2018-07-10 15:21:53 +02:00
Armin Novak
c9cebf6ed6 Remember accepted PEM cert to avoid unnecessary user input. 2018-07-10 11:27:58 +02:00
Armin Novak
9de99f15d4 Added comment support for known_hosts format. 2018-05-14 12:08:35 +02:00
Armin Novak
5765e9a422 Fixed #4476: broken casts/variable sizes for custom BIO calls. 2018-05-03 12:30:40 +02:00
Martin Fleisz
296b19e172
Merge pull request #4596 from p-pautov/rdg_ssl_fixes 
RDG related fixes for better compatibility with mstsc
 2018-05-03 10:23:12 +02:00
akallabeth
2215071b23
Merge pull request #4576 from ccpp/bugfix-rdg-poll 
Fix polling in RDG
 2018-05-02 17:59:10 +02:00
Kyle Evans
f8c391876f Pull in the LibreSSL compatibility patches from FreeBSD 2018-05-01 08:43:36 -05:00
Pavel Pautov
c60388954b Remove some unused functions. 2018-04-25 18:36:16 -07:00
Pavel Pautov
32505fda13 Apply "authentication level" RDP property only to non-RDG connections (as mstsc does). 2018-04-25 18:12:23 -07:00
Pavel Pautov
3a8d721bb9 Don't use CertificateName setting for RDG connections. 2018-04-25 18:12:23 -07:00
Christian Plattner
8956898364 Revert useless part of the bugfix 
This reverts commit 589d2ec62a.

https://github.com/FreeRDP/FreeRDP/pull/4576#pullrequestreview-113378805
 2018-04-24 16:20:42 +02:00
Christian Plattner
589d2ec62a Fix timeout for polling (partly fixes #3602) 2018-04-18 10:38:42 +02:00
Martin Fleisz
b8599b08f2
Merge pull request #4364 from akallabeth/gateway_refactor 
Gateway refactor
 2018-02-13 13:48:45 +01:00
Armin Novak
0fc19e5590 Functions static where appropriate. 2018-01-19 10:59:10 +01:00
Armin Novak
dc3d536398 Changed length arguments and return to size_t 2018-01-17 08:14:06 +01:00
Martin Fleisz
80a49f46dc
Merge pull request #4320 from ondrejholy/coverity-fixes 
Coverity Scan fixes
 2017-12-20 14:17:20 +01:00
Ondrej Holy
9f5d0d4c4d crypto: Improve PER OID calculations 
"(oid[0] << 4) & (oid[1] & 0x0F)" statement is always 0. It is not
problem currently because the only OID which is written by this
function should have 0 there. The function to read/write are pretty
limited anyway and can't work properly with all kind of OIDs. Maybe
it would be better to hardcode the OID there without decoding
and encoding. But those functions are already there so let's improve
them a bit according the spec and warn about limited set of
supported OIDs.

See:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb540809
 2017-12-19 14:42:06 +01:00
Armin Novak
7305828122 Fix #4239: Various memory leaks 
* Fixed all tests, now can be run with -DWITH_ADDRESS_SANITIZER=ON compiled.
* Enabled address sanitizer for nightly builds.
 2017-12-12 11:40:48 +01:00
Armin Novak
12a9b9a0b4 Fix #3890: Point to OpenSSL doc for private CA 2017-11-21 11:47:33 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode. 
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
 2017-11-17 12:43:06 +01:00
Armin Novak
4eb5b8e349 Replaced atoi 2017-11-15 15:52:16 +01:00
Armin Novak
c301f2d56a Fixed certificate check return. 2017-07-28 08:35:41 +02:00
Valery Kartel
9bf9ff9e8a Fix build with LibreSSL 2017-07-26 17:12:14 +03:00