Armin Novak
198774c035
[compat,libressl] fix compilation issues
2023-12-19 20:44:39 +01:00
Armin Novak
6e6559c41a
[settings] fix type mismatch warnings
2023-11-24 14:54:56 +01:00
akallabeth
cd4d77af86
[settings] add deprecation warnings
...
direct struct access to rdpSettings now produces warnings if not
explicitly deactiaved by defining FREERDP_SETTINGS_INTERNAL_USE
2023-11-24 14:54:56 +01:00
akallabeth
1163cc4d5c
[core] add internal settings.h include
2023-11-24 14:54:56 +01:00
Armin Novak
32c65dbdfc
[crypto,tls] only print fingerprint in log
...
printing the whole PEM to log is too verbose, just use the fingerprint
instead.
2023-10-25 13:15:35 +02:00
akallabeth
d44f9528a1
[ssl] use proper names for TLS_*_method
...
only use deprecated SSLv23_*method on old versions of SSL
2023-10-10 19:35:27 +02:00
akallabeth
b9fdd88bd7
[crypto,tls] reset tls context before setting
...
clean up old tls context before setting a new one
2023-09-21 10:00:19 +02:00
akallabeth
9a460d38fc
[crypto,tls] free tls bindings before set
...
Free possibly allocated bindings before setting new ones
2023-09-21 10:00:19 +02:00
akallabeth
d275e083ec
[crypto,tls] free existing public key
...
before updating the public key free possible existing data.
2023-09-21 10:00:19 +02:00
Armin Novak
0afa2e88b5
[crypto,cert] imrove logged warnings for certificates
2023-07-31 08:32:43 +02:00
Armin Novak
64f4fe397c
[crypto,tls] fixed sign warnings
2023-07-27 21:05:43 +02:00
Marc-André Moreau
4d4dcd4511
Fix usage of explicit server name when different from connection host
2023-06-13 09:20:17 -04:00
akallabeth
516668d02b
[fclose] ensure no invalid pointers are passed.
...
fclose has undefined behaviour for NULL pointers, so check for these.
2023-04-28 07:39:35 +02:00
Armin Novak
ae8f0106bd
[core,redirect] extract and check redirection cert
...
* extract the certificate from the redirection PDU
* if there is a certificate provided accept it if it matches the
redirection target certificate without further user checks
2023-02-28 15:49:58 +01:00
David Fort
b8814e723a
fix some warning with the use of new crypto functions
2023-02-28 07:59:40 +01:00
akallabeth
895ae8b137
[core] use rdpPrivateKey and rdpCertificate
2023-02-16 10:06:17 +01:00
Armin Novak
a7dac52a42
[license] updated copyright headers
2023-02-12 20:17:11 +01:00
akallabeth
7cd597015a
[crypot,tls] use new crypto/cert API
2023-02-12 20:17:11 +01:00
Armin Novak
dd0d130f48
[crypto] make tls.h a private header
...
no need to uselessly export symbols that are not usable outside the
project
2023-01-14 08:50:26 +01:00
Rozhuk Ivan
a111b78530
[core] Rename TLS functions
...
Rename tls_ to freerdp_tls_ to avoid namespace conflicts with libtls
and probaly other tls crypto libs.
2023-01-14 08:50:26 +01:00
Armin Novak
8b9b2db44b
[winpr] use winpr_fopen
2023-01-12 22:54:25 +01:00
akallabeth
82ba9ede9c
[freerdp] use FREERDP_/UWAC_/RDTK_ prefix for conditional headers
2023-01-10 17:38:00 +01:00
David Fort
07d9baad6d
crypto: export getSslMethod utility function
2022-12-23 08:42:45 +01:00
David Fort
b283daafd7
tls: cleanup and add some methods to do handshakes asynchronously
...
This patch does a few cleanups to allow creating TLS and DTLS contexts.
It also introduces tls_accept_ex and tls_connect_ex that can start the SSL handshake,
and it can be finished by calling tls_handshake
2022-12-19 10:46:06 +01:00
Bernhard Miklautz
e530999156
new [tls/server]: disable client side renegotiation
2022-12-15 11:06:19 +01:00
akarl10
3a10bcd36a
[ntlm]: use rfc5929 binding hash algorithm
...
rfc5929 mandates some specific hashes for the binding algorithm
2022-11-21 13:27:08 +01:00
akallabeth
1849632c43
Fixed format strings to match arguments ( #8254 )
...
* Fixed format strings to match arguments
Reviewed and replaced all %d specifiers to match proper type
* Added proxy dynamic channel command type to log messages.
2022-09-29 14:55:27 +02:00
DVeron-RC
de16558344
Fix memory leak in tls.c ( #8135 )
...
There was an issue in the reference count managment of the private
key and the X509 certificate.
2022-08-18 15:51:30 +02:00
Martin Fleisz
693985b733
crypto: Fix compilation with OpenSSL versions older than 1.1.1
2022-08-17 14:20:14 +02:00
David Fort
942273e9cb
tls: add an option to dump tls secrets for wireshark decoding ( #8120 )
...
This new option /tls-secret-file:<file> allows to dump TLS secrets in a file with
the SSLKEYLOGFILE format. So this way you can setup the TLS dissector of wireshark
(Pre-Master-Secret log filename) and see the traffic in clear in wireshark.
It also add some more PFS ciphers to remove for netmon captures.
2022-08-16 10:40:32 +02:00
David Véron
a3712521a8
TLS version control
...
* added settings for minimal and maximal TLS versions supported
* refactorisation of the force TLSv1.2 setting
2022-07-07 07:13:11 +00:00
akallabeth
51f4c374c4
Clear OpenSSL error queue before BIO_read/BIO_write
2022-07-02 16:32:50 +02:00
fifthdegree
85f7cb8916
clear openssl error queue after nla_client_begin
2022-07-02 16:32:50 +02:00
akallabeth
0563dae8b3
Cleanup tls_prepare
2022-06-23 09:18:37 +02:00
Siva Gudivada
7ce4d8b196
add a new flag to enforce tls1.2
2022-06-23 09:18:37 +02:00
akallabeth
962c5c3ef0
Fixed dead store warnings
2022-04-28 12:37:19 +02:00
akallabeth
73cdcdfe09
Logging and parser fixes ( #7796 )
...
* Fixed remdesk settings pointer
* Fixed sign warnings in display_write_monitor_layout_pdu
* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context
* Added and updates settings
* info assert/dynamic timezone
* mcs assert/log/flags
* Fixed and added assertions for wStream
* Unified stream length checks
* Added new function to check for lenght and log
* Replace all usages with this new function
* Cleaned up PER, added parser logging
* Cleaned up BER, added parser logging
* log messages
* Modified Stream_CheckAndLogRequiredLengthEx
* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list
* Improved Stream_CheckAndLogRequiredLength
* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected
* Fixed public API input checks
2022-04-19 14:29:17 +02:00
akallabeth
14568872a9
Instance cleanup ( #7738 )
...
* Cleaned up freerdp::autodetect
* Deprecate freerdp::input
* Deprecated freerdp::update
* Deprecated freerdp::settings
* Deprecated freerdp::autodetect
* Removed rdpTransport::settings
* Deprecated freerdp_per::update|settings|autodetect
* Fixed mac client and server compilation
* Fixed windows compilation
* Added deprecation warnings
* Fixed initialization of structs.
* Fixed android build
* Fixed freerdp_client_context_new const correctness
* Fixed checks for android implementation
Replaced checks with assertions where appropriate
* Fixed checks for windows client
Replaced checks with assertions where appropriate
* Fixed proxy client pointer dereference
2022-03-23 13:18:35 +01:00
akallabeth
fa3cf9417f
Fixed #7696 : Abort freerdp_connect if manually canceled ( #7700 )
...
If freerdp_abort_connect is called, set FREERDP_ERROR_CONNECT_CANCELLED
This way freerdp_reconnect can distinguish between network issues and
user interaction and abort a retry attempt.
2022-03-07 13:47:43 +01:00
Armin Novak
4d03d7c0bf
Freerdp remove #ifdef HAVE_CONFIG_H
2022-03-03 11:26:48 +01:00
Armin Novak
b2ad47a809
Reorganized FreeRDP headers
2022-03-03 11:26:48 +01:00
akallabeth
8cc6582044
Unify struct definitions ( #7633 )
...
* Unified enum/struct definitions, fixed include issues
* Fixed mac compilation issues
* Added missing include
* Fixed windows server build warnings
* Fixed VS2010 build issue
* Removed unnecessary library linking
* Fixed ThreadPool WinXP compatibility
* Fixed pr review remarks
2022-02-14 14:59:22 +01:00
akallabeth
a71235be74
Cert update fix ( #7382 )
...
* Fixed certificate thumbprint default format
* Fixed VerifyChangedCertificateEx call arguments
2021-10-21 09:07:52 +02:00
akallabeth
1c84690c2f
Fixes from tests ( #7308 )
...
* Fixed memory leak in tls_verify_certificate
* Fixed missing NULL checks
* Fixed missing checks for FreeRDP_DeactivateClientDecoding
* Added WINPR_ASSERT for client common new/free
* Added /disable-output switch to deactivate client decoding
Allows low resource remote connections that do not require visual
feedback. (e.g. load testing/...)
2021-09-21 09:56:56 +02:00
akallabeth
75e6f443b5
Fixed possible leak in tls_prepare
...
If the function fails, the 'underlying' BIO was leaking as
tls_free did not clean it up if 'tls->bio' was not successfully
allocated.
2021-09-20 10:59:59 +02:00
Armin Novak
976c3c2ab9
Refactored proxy and proxy-modules:
...
* Split out proxy headers and moved to public API to allow external
modules to be built.
* Split proxy into proxy library and proxy binary. The library
can be used by other applications and provides a simple API
* Improved channel passthrough, now all channels including dynamic
channels work.
* Extended module API to hook more events, improved module samples
* Cleaned up proxy code, removed global static variables used,
added WINPR_ASSERT
2021-09-09 08:53:20 +02:00
Armin Novak
13f54fc0dd
Improved fingerprint hash comparison
...
* Allow new hash format 11bbccdd along already supported 11:22:aa:BB
2021-08-26 09:38:12 +02:00
Armin Novak
f515bd4560
Fixed shadowing and type errors
2021-08-24 10:45:57 +02:00
Armin Novak
4b7aa61abd
Fixed tls_write_all, abort if blocked
...
If data to be read is blocking the socket abort.
2021-07-29 15:09:53 +02:00
akallabeth
534d30beb3
No deprecated ( #7107 )
...
* Removed cmake options disabling compiler warnings
* Added deprecation compile options
* Fixed android client use of deprecated symbols
* Removed obsolete callback
2021-06-22 14:39:10 +02:00