mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
15,074 Commits 6 Branches 74 Tags 84 MiB
7dfdd248ee
Commit Graph

210 Commits

Author SHA1 Message Date
akallabeth
534d30beb3
No deprecated (#7107) 
* Removed cmake options disabling compiler warnings

* Added deprecation compile options

* Fixed android client use of deprecated symbols

* Removed obsolete callback
 2021-06-22 14:39:10 +02:00
Armin Novak
d36d94766e Replaced assert with WINPR_ASSERT 2021-06-14 09:37:07 +02:00
akallabeth
8e43f90590 Fixed #7045: allow NULL isser and subjects in certificates 2021-05-28 09:25:33 +02:00
Theo Buehler
9914dbc770 Fix build for upcoming LibreSSL version 
SSL will become opaque in LibreSSL 3.4.x, hence the code reaching inside
it will result in build breakage. This was done at the time for lack of
BIO_up_ref() support, which has been available since LibreSSL 2.7.0, so
adjust the relevant #ifdefs accordingly.
 2021-05-25 10:06:32 +02:00
Armin Novak
2b19576fc7 Fixed compiler warnings, function arguments and const parameter 2021-05-18 13:37:34 +02:00
akallabeth
b494a193db Refactored certificate API: 
* Proper encapsulation
* known_hosts2 backend extended (storing PEM)
* New backend storing each host certificate in a file
 2021-05-11 08:00:18 +02:00
Armin Novak
76d10561bb Set BIO data NULL on cleanup 
Recursive BIO free could double free, if the BIO data is not set
NULL when removed.
 2020-07-23 10:48:39 +02:00
akallabeth
7890833af8 Replaced strtok with strtok_s 2020-05-18 11:39:22 +02:00
akallabeth
b094d52d0b Fixed #6099: Add a flag for legacy hash entries 
If a legacy entry is found in certificate hash store print
additional information to the user informing about the change
with FreeRDP 2.0
 2020-04-22 18:14:39 +02:00
Linus Heckemann
89e4e24c31 tls: support non-RSA keys 2020-04-10 17:57:34 +02:00
Armin Novak
5b9b7f331b Fixed memory leak in tls_get_channel_bindings 2020-03-06 11:37:35 +01:00
Armin Novak
9c999b7135 Added raw function wrapping X509_digest 2020-03-06 11:37:35 +01:00
Armin Novak
2be6e4117f Let ssl backend handle hash checks. 2020-03-06 11:37:35 +01:00
Armin Novak
00fa84b514 Check cert against CertificateAcceptedFingerprints 
CertificateAcceptedFingerprints may contain a list of certificate
hashes and the corresponding fingerprint.
If one of the hashes matches consider the certificate accepted.
 2020-03-06 11:37:35 +01:00
Armin Novak
ac4bb3c103 End connection before user callbacks if aborted. 
If somewhere in freerdp_connect freerdp_abort_connect was called
the user callbacks Authenticate, GatewayAuthenticate and
Verify[Changed|X509]Certificate[Ex] must not be called.
 2020-02-19 16:44:42 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak
f01e042211 Code cleanups (strlen, casts, size_t, ...) 2019-10-29 11:58:43 +01:00
Armin Novak
2778cbce8c Fixed type of sk_* macro. 2019-08-22 10:40:25 +02:00
Armin Novak
36c820a9d9 Extract whole certificate chain to PEM format. 2019-07-17 14:42:32 +02:00
Armin Novak
0c17c3871b Pass on cert validation failure, set freerdp error in all use cases. 2019-07-15 15:51:46 +02:00
Armin Novak
1da57d0b7e Fixed sign-compare warnings 2019-04-05 09:13:24 +02:00
Armin Novak
4ad0770a7e Silenced function pointer cast warnings for BIO_callback_ctrl 2019-02-21 13:53:51 +01:00
David Fort
05d9d89796
Merge pull request #5149 from akallabeth/cert_deny 
New option to disable user certificate dialog
 2019-01-25 16:59:33 +01:00
Armin Novak
0c83efa753 Fix #5170: Disable custom TLS alert for libressl > 2.8.3 2019-01-07 14:20:16 +01:00
Simon Legner
ff375d238b
fix(crypto/tls): typo 2019-01-02 08:18:07 +01:00
Armin Novak
b60045af27 New option to disable user certificate dialog 
The new option +cert-deny aborts a connection automatically if
the certificate can not be validated by OpenSSL or via known hosts.
 2018-12-14 10:17:52 +01:00
Armin Novak
6906efa354 Fixed return value for already accepted certificate. 2018-12-14 09:52:25 +01:00
Armin Novak
d2ac7acdd9 Fixed certificate accept 
certificate_data_replace can only replace an existing entry,
use certificate_data_print for new ones.
 2018-12-10 12:03:55 +01:00
Armin Novak
d05217454f Fix #5115: Cast PEM data from BYTE* to char* to silence warnings. 2018-12-07 12:36:18 +01:00
Armin Novak
0aaf14bed7 Fixe accidental removal of certificate_data_replace 2018-12-06 09:39:50 +01:00
Armin Novak
b27470405c Duplicate PEM when accepted. 2018-12-04 09:35:24 +01:00
Armin Novak
e04c319d21 Added new default certificate callbacks with extended information. 
The extended information provided by VerifyCertificateEx and
VerifyChangedCertificateEx is now exploited by the new functions
client_cli_verify_certificate_ex and client_cli_verify_changed_certificate_ex.

The old callbacks now print out deprecation warnings to inform the
user and developer about this deprecation.
 2018-12-04 09:35:24 +01:00
Armin Novak
a8823fdf95 Cleaned up certificate verification code. 2018-12-04 09:35:24 +01:00
Armin Novak
7ab07ab980 Added certificate callbacks with source indications. 2018-12-04 09:35:24 +01:00
Armin Novak
dd3276d664 Prefer VerifyX509Certificate and fixed const arguments 
If VerifyX509Certificate is set use it also when doing internal
certificate management. Added flags to ensure it is possible to
find out which type of connection is being made.
 2018-12-04 09:35:24 +01:00
akallabeth
effa8b8562 Fix #5049: Libressl declares OPENSSL_VERSION_NUMBER too high 
Need to check specifically for LIBRESSL_VERSION_NUMBER as they
set the version higher than OpenSSL 1.1 but without API support.
 2018-11-22 19:10:05 +01:00
Armin Novak
649f49fa61 Fix #5049: LibreSSL does not have SSL_CTX_set_security_level 2018-11-22 09:23:46 +01:00
Christian Gall
fffe4f077a * remove obsolete SSLv23_client_method in tls_connect() 
* set min TLS Version
 2018-11-18 14:09:37 +00:00
Martin Fleisz
097ac0ee13
Merge pull request #4997 from akallabeth/use_bio_free_all 
Replaced BIO_free with BIO_free_all
 2018-11-12 13:55:36 +01:00
Armin Novak
5f4843191b Replaced BIO_free with BIO_free_all 
There is no point in using BIO_free with a custom recursion
to free up stacked BIOs if there is already BIO_free_all.
Using it consistently avoids memory leaks due to stacked BIOs
not being recursively freed.
 2018-11-08 12:09:49 +01:00
Bernhard Miklautz
1222e7060b new [crypto/tls]: add support to set tls security level 
The newly introduced option /tls-seclevel can be used to set the tls
security level on systems with openssl >= 1.1.0 or libressl.
As default level 1 is used as higher levels might prohibit connections
to older systems.
 2018-11-08 11:13:15 +01:00
Armin Novak
817f8e0d47 Fixed an issue introduced with #4822 
The string prepared is not NULL terminated and the sources are of fixed sizes.
Use memcpy instead of print fucntions in this specific case.
 2018-09-03 08:48:33 +02:00
Armin Novak
114abad767 Removed use of strcpy. 2018-08-27 14:34:09 +02:00
akallabeth
9e3b48e0fb
Merge pull request #4829 from informatimago/smartcard-logon-rdp--x509-certificate-info-extraction 
Smartcard Logon: restructured x509 certificate info extraction; added extracting the UPN.
 2018-08-27 14:33:09 +02:00
Pascal J. Bourguignon
469f9bf488 Smartcard Logon: restructured x509 certificate info extraction; added extracting the UPN. 2018-08-24 14:03:04 +02:00
Armin Novak
dab842cfb5 Fixed missing type casts. 2018-08-24 13:40:36 +02:00
Ondrej Holy
0b7d0c2002 crypto/tls: Prevent usage of freed pointer found by coverity 
pass_freed_arg: Passing freed pointer "pemCert" as an argument to "WLog_PrintMessage".
 2018-08-22 14:34:02 +02:00
Armin Novak
026ff00e7d Fixed #4806 broken bounds check. 2018-08-21 09:08:33 +02:00
Armin Novak
3d6c41746d Expose redirection flag for certificate. 2018-07-18 16:06:20 +02:00
Armin Novak
7ebc899516 Fixed PEM certificate reading. 2018-07-10 15:21:53 +02:00