Commit Graph

30 Commits

Author SHA1 Message Date
Armin Novak
a8823fdf95 Cleaned up certificate verification code. 2018-12-04 09:35:24 +01:00
Armin Novak
dd3276d664 Prefer VerifyX509Certificate and fixed const arguments
If VerifyX509Certificate is set use it also when doing internal
certificate management. Added flags to ensure it is possible to
find out which type of connection is being made.
2018-12-04 09:35:24 +01:00
Armin Novak
c9cebf6ed6 Remember accepted PEM cert to avoid unnecessary user input. 2018-07-10 11:27:58 +02:00
davewheel
d5b8585a39 Allow to specify the raw content of crypto materials
Sometime it's possible that your server application doesn't have access to files
(when running in a very restricted environment for example). This patch allows
to ship the private key and certificate as a string.

Sponsored by: Wheel Systems (http://www.wheelsystems.com)
2016-01-21 11:27:06 +01:00
Armin Novak
2204df97f8 Added port to certificate warnings. 2015-06-10 10:59:40 +02:00
Bernhard Miklautz
90968e07e1 rename and update tls_disconnect
tls_disconnect shut down the ssl stream but didn't inform
the BIO(s) about this therefore could happen that a second shut down
was initiated (e.g. in bio_rdp_tls_free) causing rather long delays.

After removing the shut down from tls_disconnect the only thing the
function does is to prepare/send an alert therefore it was renamed to
tls_send_alert.
2015-03-30 11:56:09 +02:00
Marc-André Moreau
44d06888bb libfreerdp-core: fix BIO leaks 2015-02-18 15:36:57 -05:00
Armin Novak
e6fa0911a3 Fixed missing extern C 2014-12-01 13:12:51 +01:00
Hardening
0ce300125b Drop unused field 2014-06-03 11:04:12 +02:00
Marc-André Moreau
d2ad5f698b libfreerdp-core: fix VerifyX509Certificate to make distinction between gateway and direct connection 2014-05-30 14:36:18 -04:00
Hardening
dd6d829550 Allow transport_write calls to be non-blocking
This big patch allows to have non-blocking writes. To achieve
this, it slightly changes the way transport is handled. The misc transport
layers are handled with OpenSSL BIOs. In the chain we insert a
bufferedBIO that will bufferize write calls that couldn't be honored.

For an access with Tls security the BIO chain would look like this:
  FreeRdp Code ===> SSL bio ===> buffered BIO ===> socket BIO

The buffered BIO will store bytes that couldn't be send because of
blocking write calls.

This patch also rework TSG so that it would look like this in the
case of SSL security with TSG:
                                         (TSG in)
                              > SSL BIO => buffered BIO ==> socket BIO
                             /
FreeRdp => SSL BIO => TSG BIO
                             \
                              > SSL BIO => buffered BIO ==> socket BIO
                                        (TSG out)

So from the FreeRDP point of view sending something is only BIO_writing
on the frontBio (last BIO on the left).
2014-05-21 17:42:31 +02:00
Marc-André Moreau
42a88b93dd libfreerdp-crypto: fix tls_verify_certificate declaration 2014-04-01 21:17:44 -04:00
Marc-André Moreau
feea87b42f libfreerdp-crypto: make distinction between TLS connection error and user cancellation 2014-04-01 16:23:27 -04:00
Marc-André Moreau
51ad85e0ee libfreerdp-core: send Access Denied TLS alert when server-side NLA fails 2013-12-18 19:44:18 -05:00
Benoît LeBlanc
8c1f836ac8 - SSL verification callback: send correct hostname and port
- Gateway Authentication callback.
- Handling “use same credentials”
2013-12-06 22:15:45 -05:00
Benoît LeBlanc
56c517170f Added hostname and port to callback function for SSL certification verification. 2013-11-25 14:30:43 -05:00
Marc-André Moreau
1fc2d780f7 libfreerdp-core: fix memory leaks reported by valgrind 2013-10-31 23:35:24 -04:00
Marc-André Moreau
08eadc2ee3 libfreerdp-core: start implement TSG OpenSSL BIO 2013-10-11 06:12:50 -04:00
Chris
13466349bc 1) Add support for Wildcard Certificates
2) For Gateway connections compare against gateway host name instead of target host
2013-06-17 21:19:01 +02:00
Bernhard Miklautz
9e59fc905d client: print detected path to known_host file
Use detected path instead of hard coded for error messages
2013-05-21 15:48:27 +02:00
Marc-André Moreau
8c8a82c31f libfreerdp-utils: purge old STREAM utils 2013-03-21 16:45:25 -04:00
Marc-André Moreau
1d893ed268 libwinpr-sspi: add support for NTLMv2 Channel Binding Token (CBT) 2013-01-09 00:20:08 -05:00
Vic Lee
ed5ad30d4f libfreerdp-core/transport: select sockfd instead of sleep when blocking. 2012-12-21 16:24:26 +08:00
Marc-André Moreau
1bf8a45519 freerdp: change uint8, sint8, uint16, sint16 to BYTE, INT8, UINT16, INT16 2012-10-09 03:01:37 -04:00
Marc-André Moreau
1ed644786c freerdp: change boolean type to BOOL type 2012-10-09 02:38:39 -04:00
Marc-André Moreau
6dcc8e73ee libfreerdp-utils: get rid of rdpBlob 2012-09-24 04:40:32 -04:00
Marc-André Moreau
33d0d59306 wfreerdp-server: fix server-side TLS on Windows 2012-06-12 23:09:30 -04:00
Marc-André Moreau
88b8380b4c libfreerdp-core: simplify HTTPS sending 2012-04-18 02:28:05 -04:00
Marc-Andr Moreau
60aac7aea3 wfreerdp: fix windows compilation 2012-02-20 21:56:55 -08:00
Marc-André Moreau
b8882a8ad2 libfreerdp-crypto: taking crypto code out of libfreerdp-core 2012-02-17 00:58:30 -05:00