Commit Graph

259 Commits

Author SHA1 Message Date
Armin Novak
5765e9a422 Fixed #4476: broken casts/variable sizes for custom BIO calls. 2018-05-03 12:30:40 +02:00
Martin Fleisz
296b19e172
Merge pull request #4596 from p-pautov/rdg_ssl_fixes
RDG related fixes for better compatibility with mstsc
2018-05-03 10:23:12 +02:00
akallabeth
2215071b23
Merge pull request #4576 from ccpp/bugfix-rdg-poll
Fix polling in RDG
2018-05-02 17:59:10 +02:00
Kyle Evans
f8c391876f Pull in the LibreSSL compatibility patches from FreeBSD 2018-05-01 08:43:36 -05:00
Pavel Pautov
c60388954b Remove some unused functions. 2018-04-25 18:36:16 -07:00
Pavel Pautov
32505fda13 Apply "authentication level" RDP property only to non-RDG connections (as mstsc does). 2018-04-25 18:12:23 -07:00
Pavel Pautov
3a8d721bb9 Don't use CertificateName setting for RDG connections. 2018-04-25 18:12:23 -07:00
Christian Plattner
8956898364 Revert useless part of the bugfix
This reverts commit 589d2ec62a.

https://github.com/FreeRDP/FreeRDP/pull/4576#pullrequestreview-113378805
2018-04-24 16:20:42 +02:00
Christian Plattner
589d2ec62a Fix timeout for polling (partly fixes #3602) 2018-04-18 10:38:42 +02:00
Armin Novak
0fc19e5590 Functions static where appropriate. 2018-01-19 10:59:10 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode.
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
2017-11-17 12:43:06 +01:00
Armin Novak
4eb5b8e349 Replaced atoi 2017-11-15 15:52:16 +01:00
Aric Belsito
70ab61c8e6
Support LibreSSL
Broken by the addition of OpenSSL 1.1.0 support.
2017-03-19 13:58:24 -07:00
Norbert Federa
f71b6b46e8 fix string format specifiers
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
2016-12-16 13:48:43 +01:00
Norbert Federa
c6e6b44143 countless WLog/printf format specifier fixes 2016-11-25 17:06:25 +01:00
Norbert Federa
53bd98883e winpr/crypt api changes and memory leak fixes
- winpr_HMAC_New() now just returnes the opaque WINPR_HMAC_CTX* pointer
  which has to be passed to winpr_HMAC_Init() for (re)initialization
  and since winpr_HMAC_Final() no more frees the context you always have to
  use the new function winpr_HMAC_Free() once winpr_HMAC_New() has succeded

- winpr_Digest_New() now just returns the opaque WINPR_DIGEST_CTX* pointer
  which has to be passed to winpr_Digest_Init() for (re)initialization
  and since winpr_Digest_Final() no more frees the context you always have to
  use the new function winpr_Digest_Free() once winpr_Digest_New() has succeded
2016-11-24 18:27:29 +01:00
Norbert Federa
7befab856c Support for OpenSSL 1.1.0 2016-11-24 17:50:09 +01:00
Martin Fleisz
e8fbdf503d crypto: Remove unneeded update (+) flag from file open mode 2016-10-17 14:49:26 +02:00
Armin Novak
c6ae62f700 Fixed memory leak in certificate check. 2016-10-10 13:34:57 +02:00
Armin Novak
f5fff7658a Made some functions static. 2016-10-06 13:43:12 +02:00
Marc-André Moreau
1ffbd774e9 freerdp: fix sending of TLS alert on NLA failure, add better handling of server-side NLA in shadow server 2016-07-21 17:53:20 -04:00
Armin Novak
53445768ed Added command line option /cert-tofu 2016-03-31 12:16:55 +02:00
Hardening
2a3e9996b3 Merge pull request #2710 from akallabeth/cert_temp_accept_v2
Extended certificate callbacks.
2016-02-15 13:52:47 +01:00
Armin Novak
f4568295e9 Fixed API for old openssl versions < 1.0.0 2016-02-05 11:52:07 +01:00
Armin Novak
cbf2892ccc Implemented temporary certificate accept.
Certificates can now be accepted temporarily.
The callbacks for certificate validation have been
modified to extend the information presented to the user.
2016-02-05 02:04:57 +01:00
Armin Novak
3b0f5b5b48 Removed obsolete APPLE preprocessor switch. 2016-02-04 12:55:11 +01:00
Christian Plattner
c0226d686c Enable support for SNI on client side 2016-02-04 08:34:51 +01:00
davewheel
d5b8585a39 Allow to specify the raw content of crypto materials
Sometime it's possible that your server application doesn't have access to files
(when running in a very restricted environment for example). This patch allows
to ship the private key and certificate as a string.

Sponsored by: Wheel Systems (http://www.wheelsystems.com)
2016-01-21 11:27:06 +01:00
Bernhard Miklautz
aa80f63b4a tls: enable tls 1+
Currently TLS version 1.0 is used implicitly by using the TLSv1_method.
To be able to also use TLS 1.1 and later use SSLv23_client_method
instead. To make sure SSLv2 or SSLv3 isn't used disable them.
2016-01-12 17:43:14 +01:00
Armin Novak
75ae38dff2 Silenced VerifyX509Certificate logging.
Now only writing log entries if something was an actual
error, otherwise stay silent.
2015-10-16 11:04:42 +02:00
Marc-André Moreau
9c35b73fb6 libfreerdp-core: fix gateway connectivity on Windows 2015-09-17 14:32:40 -04:00
Marc-André Moreau
c0a887da17 libfreerdp-crypto: add locking of operations dealing with SSL* 2015-09-15 19:59:41 -04:00
Marc-André Moreau
3f2915eb78 libfreerdp-core: alternative RDG BIO fix 2015-09-15 13:03:11 -04:00
Marc-André Moreau
12ce635b34 libfreerdp-core: fix code style 2015-09-15 10:37:57 -04:00
Denis Vincent
6d55635ed0 libfreerdp-core: Gateway RDP8 BIO correction. Fixes connection losses. 2015-09-15 09:03:39 -04:00
Bernhard Miklautz
2e87d0ee52 Fix leaks in certificate and identity handling 2015-06-23 15:40:37 +02:00
David FORT
7c3f8f33ab Fixes for malloc / calloc + other fixes
This patch contains:

* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
Armin Novak
7fc1c65165 Added subject and issuer to saved data.
When a certificate has changed, display not only the
fingerprint but also subject and issuer of old certificate.
2015-06-11 11:21:23 +02:00
Armin Novak
90d836193c Fixed formatting. 2015-06-11 09:58:58 +02:00
Armin Novak
acc96388a5 Added certificate_get_fingerprint function to read out old one. 2015-06-11 09:14:15 +02:00
Armin Novak
2204df97f8 Added port to certificate warnings. 2015-06-10 10:59:40 +02:00
Armin Novak
6da4a5aaf0 Using '<host> <port> <fp>' format for known hosts. 2015-06-09 15:33:13 +02:00
Norbert Federa
1eff1a345e free can handle NULL perfectly fine 2015-05-11 09:07:39 +02:00
Marc-André Moreau
ad6723835b Merge pull request #2505 from bmiklautz/tls_shutdown
rename and update tls_disconnect
2015-03-31 09:26:30 -04:00
Norbert Federa
1ba681fecc crypto: support MSFT iOS clients with faulty SNI
Microsoft iOS Remote Desktop Clients eventually send NULL-terminated
hostnames in SNI which is not allowed in the OpenSSL implementation.

Since we're not using SNI this commit adds an OpenSSL TLS extension
debug callback which modifies the SSL context in a way preventing it
from parsing this extension
2015-03-30 13:48:51 +02:00
Bernhard Miklautz
90968e07e1 rename and update tls_disconnect
tls_disconnect shut down the ssl stream but didn't inform
the BIO(s) about this therefore could happen that a second shut down
was initiated (e.g. in bio_rdp_tls_free) causing rather long delays.

After removing the shut down from tls_disconnect the only thing the
function does is to prepare/send an alert therefore it was renamed to
tls_send_alert.
2015-03-30 11:56:09 +02:00
Vic Lee
5f375d0a6f tls: revert checking SSL_ERROR_SYSCALL which may cause deadlock. 2015-03-25 16:07:39 +08:00
Martin Fleisz
5fa777b11c Merge pull request #2482 from llyzs/llyzs
tls: fix error handling of no error code.
2015-03-23 16:06:12 +01:00
Vic Lee
2137ccc3db tls: retry for all SSL_ERROR_SYSCALL errors. 2015-03-20 10:03:30 +08:00
Marc-André Moreau
dc913d9f2c libfreerdp-core: fix some RDG valgrind issues 2015-03-17 16:09:17 -04:00
Jason Plum
6ce5991e74 libfreerdp: crypto: add certificate chain validation! 2015-03-13 13:50:54 -04:00
Zhang Zhaolong
4205dac57f crypto: fix incorrect usage of realloc.
Signed-off-by: Zhang Zhaolong <zhangzl2013@126.com>
2015-03-11 12:37:35 +08:00
Jason Plum
30f28d4ac9 Fix case sensitive hostname comparison in tls
To do this I've swapped _strnicmp with memcmp. Seemless, but does lock it to the restrictions of that function.

Signed-off-by: Jason Plum <jplum@archlinuxarm.org>
2015-03-10 16:48:35 -04:00
Marc-André Moreau
44d06888bb libfreerdp-core: fix BIO leaks 2015-02-18 15:36:57 -05:00
Marc-André Moreau
e241330daf libfreerdp-core: rewrite tls_write_all to use front BIO only 2015-02-13 16:02:37 -05:00
Marc-André Moreau
b7a619ff8a libfreerdp-core: move some rdpTcp operations under BIO layer 2015-02-13 14:26:02 -05:00
Marc-André Moreau
fa06c4d401 libfreerdp-core: improve reconnection 2015-02-06 14:21:26 -05:00
Marc-André Moreau
82d58086db xfreerdp: partial reconnect fixes 2015-02-05 17:01:56 -05:00
Marc-André Moreau
81e190eccb libfreerdp-crypto: fix tls_write_all ringbuffer usage 2015-01-14 13:25:54 -05:00
Marc-André Moreau
98cd697cad libfreerdp-utils: add ringbuffer debug output 2015-01-14 13:15:57 -05:00
Bernhard Miklautz
f338e1f6c3 crypto: revert pull request #2130
The fix in #2130 eliminates the problem when connecting over a gateway
but introduces other problems server side and client side (client/server
can't detect anymore when a TCP connection was closed).
2014-11-26 19:46:32 +01:00
Marc-André Moreau
ddedc574f3 freerdp: remove tcp, uds utils 2014-11-12 14:06:34 -05:00
Brad
0746d8c14c Do not BIO_clear_flags() when the SSL error is not valid to fix #2056 2014-10-08 00:00:36 -07:00
Armin Novak
2f519d7f16 Replaced logging in libfreerdp with wlog defines. 2014-09-15 08:48:46 +02:00
Marc-André Moreau
e4a4aa4d3a Merge branch 'master' of github.com:awakecoding/FreeRDP into shadow
Conflicts:
	channels/encomsp/client/encomsp_main.c
	libfreerdp/core/tcp.c
	libfreerdp/crypto/certificate.c
	server/Windows/CMakeLists.txt
	server/X11/xf_cursor.c
	server/X11/xf_input.c
	server/X11/xf_interface.c
	server/X11/xf_monitors.c
	server/X11/xf_peer.c
2014-08-11 19:22:33 -04:00
Armin Novak
f4c133eaf8 Replaced custom logging mechanism with WLog wrapper. 2014-08-07 16:51:24 +02:00
Marc-André Moreau
3895c930a3 Merge branch 'master' of github.com:awakecoding/FreeRDP into shadow 2014-08-05 09:56:12 -04:00
Norbert Federa
cdcdec99bc OpenSSL thread safety
freerdp/winpr had the following issues:
* The non reentrant SSL_library_init() was called concurrently (crash)
* Missing code/api to set the eventually required OpenSSL static and dynamic locking callbacks
* Missing code/api to free the application-global or thread-local OpenSSL data and tables

This commit creates two new winpr functions:

BOOL winpr_InitializeSSL(DWORD flags):

Use the flag WINPR_SSL_INIT_ALREADY_INITIALIZED if you want to tell winpr that
your application has already initialized OpenSSL.
If required use the flag WINPR_SSL_INIT_ENABLE_LOCKING to tell winpr that it
should set the OpenSSL static and dynamic locking callbacks.
Otherwise just call it with the flag WINPR_SSL_INIT_DEFAULT.

The recommended way is that your application calls this function once before
any threads are created. However, in order to support lazy OpenSSL library
initialization winpr_InitializeSSL() can also safely be called multiple times
and concurrently because it uses the new InitOnceExecuteOnce() function to
guarantee that the initialization is only performed successfully once during
the life time of the calling process.

BOOL winpr_CleanupSSL(DWORD flags):

If you create a thread that uses SSL you should call this function before the
thread returns using the flag WINPR_SSL_CLEANUP_THREAD in order to clean up
the thread-local OpenSSL data and tables.
Call the function with the flag WINPR_SSL_CLEANUP_GLOBAL before terminating
your application.

Note: This commit only replaced the current occurences of the
SSL_load_error_strings(); SSL_library_init(); pairs in the freerdp source
with winpr_InitializeSSL(). None of the server or client applications has been
changed according to the recommended usage described above (TBDL).
2014-07-28 21:55:57 +02:00
Marc-André Moreau
d8b858811f shadow: initial windows server-side connectivity 2014-07-17 21:15:22 -04:00
Daniel Bungert
625f7c3c22 Add arguments for managing tls ciphers & netmon
This adds 2 arguments:
    /tls-ciphers                List of permitted openssl ciphers - see ciphers(1)
    /tls-ciphers-netmon         Use tls ciphers that netmon can parse

With KB2919355, client/server negotiate the use of
TLS cipher TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
which works fine except that netmon can't parse it.
By adding commandline /tls-ciphers-netmon, we restrict
the available ciphers to a list that netmon can
deal with.  Also adds /tls-ciphers, which
accepts a string arg, for further customization.
2014-07-17 06:59:06 -06:00
Vic Lee
8df60ecbe4 tls: fix some error handling. 2014-07-15 11:36:35 +08:00
Hardening
3fce288c66 Fix unclean SSL disconnection
This patch prevent an infinite loop when the remote peer disconnect
the socket without cleanly closing the SSL connection.
2014-07-10 23:35:11 +02:00
Hardening
542811291c Use poll() instead of select() when available
select() has the major drawback that it cannot handle file descriptor
that are bigger than 1024. This patch makes use of poll() instead of
select() when poll() support is available.
2014-07-03 15:26:49 +02:00
Hardening
462a26c8c3 Don't leak cert in case of failure 2014-06-03 15:19:00 +02:00
Hardening
a607b4553d Fix certificate leak
There were a leak when doing TLS in server mode
2014-06-03 14:59:58 +02:00
Hardening
4f1b77408a Fix NLA authentication for server-side
This patch make copies of the server public key so that the NLA
authentication can be performed server-side.
2014-06-03 11:04:35 +02:00
Marc-André Moreau
04968b18c4 libfreerdp-core: replace all OpenSSL built-in BIOs by new full duplex BIOs 2014-06-01 21:37:20 -04:00
Marc-André Moreau
b1416af362 libfreerdp-core: add locks to disable full duplex BIOs (currently unsafe) 2014-05-30 14:53:10 -04:00
Marc-André Moreau
d2ad5f698b libfreerdp-core: fix VerifyX509Certificate to make distinction between gateway and direct connection 2014-05-30 14:36:18 -04:00
Benoît LeBlanc
f57c694a3b tls_prepare: suppressed a warning on Mac 2014-05-28 21:33:30 -04:00
Hardening
dd6d829550 Allow transport_write calls to be non-blocking
This big patch allows to have non-blocking writes. To achieve
this, it slightly changes the way transport is handled. The misc transport
layers are handled with OpenSSL BIOs. In the chain we insert a
bufferedBIO that will bufferize write calls that couldn't be honored.

For an access with Tls security the BIO chain would look like this:
  FreeRdp Code ===> SSL bio ===> buffered BIO ===> socket BIO

The buffered BIO will store bytes that couldn't be send because of
blocking write calls.

This patch also rework TSG so that it would look like this in the
case of SSL security with TSG:
                                         (TSG in)
                              > SSL BIO => buffered BIO ==> socket BIO
                             /
FreeRdp => SSL BIO => TSG BIO
                             \
                              > SSL BIO => buffered BIO ==> socket BIO
                                        (TSG out)

So from the FreeRDP point of view sending something is only BIO_writing
on the frontBio (last BIO on the left).
2014-05-21 17:42:31 +02:00
Hardening
729c24cedb Adds some support for valgrind helpers
This patch adds an option to compile freerdp in a valgrind compliant way.
The purpose is to ease memchecking when connecting with TLS. We mark bytes
retrieved from SSL_read() as plainly defined to prevent the undefined contamination.
With the patch and the option activated you get a single warning at connection
during the handshake, and nothing after.
2014-05-12 18:01:29 +02:00
Vic Lee
02595df976 tls: WSAGetLastError should be used on Windows to check system socket error. 2014-04-29 23:05:30 +08:00
Vic Lee
c8848fe4c8 tls: do not kill the connection for non-fatal openssl error codes. 2014-04-29 21:48:11 +08:00
Benoit LeBlanc
6f99f252d9 Fix windows compilation 2014-04-04 10:08:44 -04:00
Marc-André Moreau
feea87b42f libfreerdp-crypto: make distinction between TLS connection error and user cancellation 2014-04-01 16:23:27 -04:00
Marc-André Moreau
14b75d1b27 libfreerdp-core: fix build warnings and windows broken build 2014-03-25 15:19:52 -04:00
Benoît LeBlanc
3e1dfc6311 updated context error messages. utility macros for getting error code CLASS/TYPE 2014-03-21 13:45:43 -04:00
Benoît LeBlanc
d1b9565f51 Added context-specific error management.
Added error codes to replace connectErrorCode.
2014-03-20 18:19:54 -04:00
Benoît LeBlanc
557c082458 Merge branch 'master' of git://github.com/awakecoding/FreeRDP 2014-03-05 16:35:22 -05:00
Marc-André Moreau
951368a1ce Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-02-27 13:58:29 -05:00
Christian Hofstaedtler
5a74bd7bdb Fix assertion abort when no CN is present in certificate
Triggered by Windows Server 2012 Admin-Mode with MS-recommended AD CA
Certificate setup, which would cause the CN to be absent, and a single
subjectAltName to be present.
2014-02-14 15:25:48 +01:00
Marc-André Moreau
cdcd290c44 wfreerdp: fix most build warnings 2014-02-10 22:12:13 -05:00
Benoît LeBlanc
44e7d2f36c error handling in rpc and transport functions 2013-12-20 17:56:59 -05:00
Marc-André Moreau
51ad85e0ee libfreerdp-core: send Access Denied TLS alert when server-side NLA fails 2013-12-18 19:44:18 -05:00
Marc-André Moreau
9d745cc038 Merge branch 'master' of github.com:mrthebunny/FreeRDP 2013-12-11 12:22:33 -05:00
Marc-André Moreau
62199fc46a Merge branch 'master' of github.com:FreeRDP/FreeRDP 2013-12-10 11:54:03 -05:00
Benoît LeBlanc
8c1f836ac8 - SSL verification callback: send correct hostname and port
- Gateway Authentication callback.
- Handling “use same credentials”
2013-12-06 22:15:45 -05:00
Bernhard Miklautz
6763e059c3 tls: handle the case if endpoint has disconnected 2013-12-04 15:36:25 +01:00
Benoît LeBlanc
6a60f79e07 Merge branch 'master' of git://github.com/awakecoding/FreeRDP
# By Bernhard Miklautz (10) and others
# Via Marc-André Moreau (10) and Martin Fleisz (1)
* 'master' of git://github.com/awakecoding/FreeRDP: (32 commits)
  libfreerdp-crypto: add robustness checks for VerifyX509Certificate
  mfreerdp: fix possible crash on gdi termination
  channels/cliprdr: add callback for data request response
  channels/cliprdr: fix conflict with CLIPRDR_HEADER
  fix a gdi leak bug.
  channels/cliprdr: implement more of the callback interface
  channels/cliprdr: start implementing clean callback interface
  channels/rdpsnd: initial attempt at adding GSM610 support
  winpr-thread: fixed bugs in _CreateProcessExA
  ffmpeg-2 -- CodecID
  ffmpeg-2 -- dsp_mask
  ffmpeg-2 -- AVCODEC_MAX_AUDIO_FRAME_SIZE
  check return value.
  reformat coding styles.
  fix name length to copy.
  fix memory realloc size error.
  libfreerdp-crypto: don't report SSL_ERROR_SYSCALL with errno value 0 as error
  channels/rdpsnd: add wlog debug output
  android toolchain: support for ndk r9b
  android toolchain: fixed cmake syntax warning
  ...
2013-11-25 14:40:01 -05:00
Benoît LeBlanc
56c517170f Added hostname and port to callback function for SSL certification verification. 2013-11-25 14:30:43 -05:00
Marc-André Moreau
4987f2b0e1 libfreerdp-crypto: add robustness checks for VerifyX509Certificate 2013-11-25 12:08:58 -05:00
Marc-André Moreau
690a6b624d libfreerdp-crypto: don't report SSL_ERROR_SYSCALL with errno value 0 as error 2013-11-20 15:21:29 -05:00
Marc-André Moreau
b0369cf284 libfreerdp-core: add external certificate management, pass X509 PEM certificate through client callback 2013-11-18 13:54:33 -05:00
Armin Novak
6f43252c9a Fixed argument check in <tls_disconnect> 2013-11-14 10:09:40 +01:00
Marc-André Moreau
1fc2d780f7 libfreerdp-core: fix memory leaks reported by valgrind 2013-10-31 23:35:24 -04:00
Marc-André Moreau
8c4b1361d1 libfreerdp-core: merge with TSG TLS update 2013-10-28 20:20:18 -04:00
Dan Bungert
66ecabb647 Final cleanups - merge ready. 2013-10-28 16:59:02 -06:00
Dan Bungert
f02daaa2d5 More cleanups - remove LWD and all references. 2013-10-28 15:46:28 -06:00
Dan Bungert
cefcac3414 more debug 2013-10-25 15:29:46 -06:00
Dan Bungert
f13c8a0be7 Logging 2013-10-25 10:43:21 -06:00
Marc-André Moreau
b5dd670e73 libfreerdp-core: extend OpenSSL TSG BIO 2013-10-24 12:56:43 -06:00
Marc-André Moreau
bd6760bd13 libfreerdp-core: start implement TSG OpenSSL BIO 2013-10-24 12:56:43 -06:00
Benoît LeBlanc
5bfca61261 setting pointers to NULL after freeing memory to avoid crashes.
gitignore: only top-level "external" folder is ignored.
2013-10-22 17:05:41 -04:00
Benoît LeBlanc
801c1fe1d6 - Fixed crash in tls_read (unchecked null pointer)
- also check for empty string on username and password to launch authentication callback
2013-10-18 16:23:29 -04:00
Marc-André Moreau
3fe3cdf876 libfreerdp-core: extend OpenSSL TSG BIO 2013-10-11 15:27:22 -04:00
Marc-André Moreau
08eadc2ee3 libfreerdp-core: start implement TSG OpenSSL BIO 2013-10-11 06:12:50 -04:00
Marc-André Moreau
c058095251 libfreerdp-core: cleanup TS Gateway code 2013-10-11 05:07:33 -04:00
Armin Novak
ddab90ece4 Fixed alt_names free, now using cleanup function to wrap details. 2013-09-05 12:14:35 +02:00
Armin Novak
e5c138a5b9 Fixed various memory leaks, allocation size issues and API misuse
warnings shown by clang as well as some compiler warnings.
2013-09-05 12:14:34 +02:00
Armin Novak
1e2455fa4a Fixed various memory leaks and compiler warnings. 2013-09-05 12:14:33 +02:00
Armin Novak
e9be3e9500 Fixed coverity issue 1047607 2013-09-05 12:14:32 +02:00
Armin Novak
c7abfb8fa1 Fixed coverity issue 1047608 2013-09-05 12:14:32 +02:00
Marc-André Moreau
5f4f3af98a Merge branch 'master' of github.com:FreeRDP/FreeRDP 2013-07-04 20:33:00 -04:00
Marc-André Moreau
bc631c93a8 freerdp: separate GatewayUsageMethod from GatewayEnabled 2013-07-03 15:07:12 -04:00
Bernhard Miklautz
87e9a24b1e tls: updated certificate mismatch message
Added information to the message if the name found is an CN or an
alternative name. Also print a message if no CN was not found instead
of (null).
2013-07-01 19:21:57 +02:00
Chris
44f6f16953 Fixed a possible buffer overflow issue 2013-06-17 21:49:29 +02:00
Chris
cd548da226 Using the more efficient code for comparing host names 2013-06-17 21:26:35 +02:00
Chris
13466349bc 1) Add support for Wildcard Certificates
2) For Gateway connections compare against gateway host name instead of target host
2013-06-17 21:19:01 +02:00
Marc-André Moreau
2bd6808432 freerdp: merge with master 2013-06-05 10:31:01 -04:00
Marc-André Moreau
2a08093e60 libfreerdp-crypto: fix openssl null pointer dereferencing in tls_accept 2013-05-30 19:44:58 -04:00
Bernhard Miklautz
9e59fc905d client: print detected path to known_host file
Use detected path instead of hard coded for error messages
2013-05-21 15:48:27 +02:00
Marc-André Moreau
3c2687b7d6 libfreerdp-crypto: handle EAGAIN with TLS 2013-05-15 20:19:26 -04:00
Marc-André Moreau
fae24b1ef9 xfreerdp-server: auto-generate self-signed certificate 2013-04-23 18:17:01 -04:00
Hardening
7701c9d934 Replace printf(...) by fprintf(stderr, ...) 2013-03-28 23:06:34 +01:00
Marc-André Moreau
8c8a82c31f libfreerdp-utils: purge old STREAM utils 2013-03-21 16:45:25 -04:00
Marc-André Moreau
edc2b1de9e xfreerdp-server: fix encoding 2013-02-17 11:03:35 -05:00
Marc-André Moreau
4269ac5c14 xfreerdp: improve asynchronicity 2013-02-09 17:13:53 -05:00
Marc-André Moreau
e1d0fad519 libfreerdp-core: fix memory leaks 2013-01-25 17:52:37 -05:00
Marc-André Moreau
0fbf846671 libwinpr-sspi: NTLM extended protection cleanup 2013-01-10 11:19:57 -05:00
Marc-André Moreau
1d893ed268 libwinpr-sspi: add support for NTLMv2 Channel Binding Token (CBT) 2013-01-09 00:20:08 -05:00
Vic Lee
ed5ad30d4f libfreerdp-core/transport: select sockfd instead of sleep when blocking. 2012-12-21 16:24:26 +08:00
Marc-André Moreau
387a152299 libfreerdp-core: TSG reassembly refactoring 2012-12-12 15:55:42 -05:00
Marc-André Moreau
12f0afd1e0 libfreerdp-core: fix TSG socket blocking mode 2012-11-27 18:34:00 -05:00
Marc-André Moreau
f6748dba3f wfreerdp: update client 2012-11-22 09:06:45 -05:00
Marc-André Moreau
8a32de3801 libfreerdp: purged source tree from deprecated memory utils 2012-11-21 21:22:06 -05:00
Marc-André Moreau
b2c3ca8cc4 libfreerdp-utils: replace all calls to deprecated function xzalloc 2012-11-21 19:22:41 -05:00
Marc-André Moreau
83473d11d1 channels: patch memory leaks, load addins from list 2012-11-19 13:26:56 -05:00
Marc-André Moreau
8544716104 libfreerdp-core: rdpSettings refactoring (part 3) 2012-11-07 18:23:33 -05:00
Marc-André Moreau
6427c9dd90 libfreerdp-core: rdpSettings refactoring (part 2) 2012-11-07 15:13:14 -05:00