mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
19,602 Commits 6 Branches 74 Tags 84 MiB
8cd12a87fd
Commit Graph

574 Commits

Author SHA1 Message Date
Armin Novak
3d8cb485f4 [warnings] Fixed strict-prototypes warnings 2023-03-06 10:04:59 +01:00
Armin Novak
e496771034 [warnings] fixed unused-variable warnings 2023-03-06 10:04:59 +01:00
Armin Novak
ae8f0106bd [core,redirect] extract and check redirection cert 
* extract the certificate from the redirection PDU
* if there is a certificate provided accept it if it matches the
  redirection target certificate without further user checks
 2023-02-28 15:49:58 +01:00
David Fort
b8814e723a fix some warning with the use of new crypto functions 2023-02-28 07:59:40 +01:00
akallabeth
392340d5fd Fix #8702: Disable sha3 and shake hashes for libressl 2023-02-22 11:47:37 +01:00
akallabeth
66245e7a00 [crypto,cert] remove rsa check 
the rsa keys to be checked are on the deprecation list for most SSL
libraries so the function might fail unexpectedly
 2023-02-16 10:06:17 +01:00
akallabeth
8b95030f5e [cryto,cert] clean up code 2023-02-16 10:06:17 +01:00
akallabeth
a2b23a83ab [crypto,cert] only extract server certificate 2023-02-16 10:06:17 +01:00
akallabeth
895ae8b137 [core] use rdpPrivateKey and rdpCertificate 2023-02-16 10:06:17 +01:00
Martin Fleisz
5f9db5a89c core: Fix pointer corruption with d2i_X509 
The `d2i_X509` function manipulates the passed pointer on success. This
resulted in a corrupted `rdpCertBlob` struct, crashing later on free.
 2023-02-14 09:44:10 +01:00
Armin Novak
a7dac52a42 [license] updated copyright headers 2023-02-12 20:17:11 +01:00
Armin Novak
b77be1ad61 [emu,scard] use RSA struct instead of rdpCertInfo 
rdpCertInfo has the RSA key in RDP specific format. Prefer direct
extraction from certificate or key
 2023-02-12 20:17:11 +01:00
Armin Novak
91370e4437 [crypto,cert] use malloc for der certificate 2023-02-12 20:17:11 +01:00
akallabeth
c306ad4c51 [crypto,cert] add RSA key check 2023-02-12 20:17:11 +01:00
akallabeth
081e187db8 [crypto] add function to determine if RSA is in use 2023-02-12 20:17:11 +01:00
akallabeth
00baf58a71 [crypto,x509] simplify retrieval of default signature digest 2023-02-12 20:17:11 +01:00
akallabeth
e43b4bc091 [crypto,common] remove unused function 2023-02-12 20:17:11 +01:00
akallabeth
55b0af1993 [cryto,x509] cleaned up header 2023-02-12 20:17:11 +01:00
akallabeth
1aa8c97a67 [crypto,key] use EVP_PKEY_up_ref 
The function is available since OpenSSL 1.1.0 instead of 3.0 for
EVP_PKEY_dup
 2023-02-12 20:17:11 +01:00
akallabeth
1397f4c605 [crypto] added evp_pkey private getter 2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a [crypto] rename rdpRsaKey to rdpPrivateKey 2023-02-12 20:17:11 +01:00
akallabeth
1d3c6518fa [crypto] added PEM file read/write helpers 2023-02-12 20:17:11 +01:00
akallabeth
d1ddf7a6c7 [crypto,test] update to new cert/crypto API 2023-02-12 20:17:11 +01:00
akallabeth
7cd597015a [crypot,tls] use new crypto/cert API 2023-02-12 20:17:11 +01:00
akallabeth
9b51df8b10 [core,crypto] refactor certificate management 
* Properly split certificate_store, certificate_data, certificate and
  private key functions to files
* Prefix all functions with freerdp_ to have a unique name
* Update certificate store to use one file per host instead of
  known_hosts2
* Merge CryptoCert and rdpCertificate
 2023-02-12 20:17:11 +01:00
akallabeth
00f2679eda [core,security] refactor functions to check lengths 2023-02-03 11:09:59 +01:00
akallabeth
7c1007b1b6 [core,crypto] removed rsa functions from public API 
should only be used internally
 2023-02-03 11:09:59 +01:00
akallabeth
a3152871ab [core,crypto] refactor rsa functions 
* public encrypt/decrypt take rdpCertInfo data as argument
* private encrypt/decrypt take rdpRsaKey as argument
* Add missing length arguments
 2023-02-03 11:09:59 +01:00
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message 
prefer the log formatter to provide that information.
 2023-01-25 16:26:39 +01:00
Armin Novak
e0a14edfbb [core,crypto] log more parsing failures 2023-01-24 10:16:55 +01:00
Armin Novak
dd0d130f48 [crypto] make tls.h a private header 
no need to uselessly export symbols that are not usable outside the
project
 2023-01-14 08:50:26 +01:00
Rozhuk Ivan
a111b78530 [core] Rename TLS functions 
Rename tls_ to freerdp_tls_ to avoid namespace conflicts with libtls
and probaly other tls crypto libs.
 2023-01-14 08:50:26 +01:00
Armin Novak
8b9b2db44b [winpr] use winpr_fopen 2023-01-12 22:54:25 +01:00
akallabeth
82ba9ede9c [freerdp] use FREERDP_/UWAC_/RDTK_ prefix for conditional headers 2023-01-10 17:38:00 +01:00
David Fort
07d9baad6d crypto: export getSslMethod utility function 2022-12-23 08:42:45 +01:00
David Fort
b283daafd7 tls: cleanup and add some methods to do handshakes asynchronously 
This patch does a few cleanups to allow creating TLS and DTLS contexts.
It also introduces tls_accept_ex and tls_connect_ex that can start the SSL handshake,
and it can be finished by calling tls_handshake
 2022-12-19 10:46:06 +01:00
Bernhard Miklautz
e530999156 new [tls/server]: disable client side renegotiation 2022-12-15 11:06:19 +01:00
akallabeth
37ab25e19d Fixed all Wdocumentation warnings 2022-12-12 14:24:55 +01:00
akallabeth
5799fb2018 Replace ConvertFromUnicode and ConvertToUnicode 
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
  ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
  ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
 2022-11-28 10:42:36 +01:00
Armin Novak
7b95014157 [winpr,crypto] Split crypto header renamed 
* Renamed custom winpr crypto function header
* Added compatiblity header
 2022-11-23 09:39:56 +01:00
akallabeth
13a58bd346 [crypto] Added sha3 define guards 
sha3 is only supported with OpenSSL 1.1.1a or later
 2022-11-22 12:09:39 +01:00
akarl10
3a10bcd36a [ntlm]: use rfc5929 binding hash algorithm 
rfc5929 mandates some specific hashes for the binding algorithm
 2022-11-21 13:27:08 +01:00
fifthdegree
cbd310df52 Check smartcard certificates for correct EKU 
To be used for login, smartcard certificates must have the Microsoft
Smart Card Logon EKU
 2022-10-24 22:22:00 +02:00
akallabeth
1849632c43
Fixed format strings to match arguments (#8254) 
* Fixed format strings to match arguments

Reviewed and replaced all %d specifiers to match proper type

* Added proxy dynamic channel command type to log messages.
 2022-09-29 14:55:27 +02:00
Armin Novak
21ccb75812 Replaced magic numbers with definitions 2022-09-20 15:52:14 +02:00
DVeron-RC
de16558344
Fix memory leak in tls.c (#8135) 
There was an issue in the reference count managment of the private
key and the X509 certificate.
 2022-08-18 15:51:30 +02:00
Martin Fleisz
693985b733 crypto: Fix compilation with OpenSSL versions older than 1.1.1 2022-08-17 14:20:14 +02:00
David Fort
942273e9cb
tls: add an option to dump tls secrets for wireshark decoding (#8120) 
This new option /tls-secret-file:<file> allows to dump TLS secrets in a file with
the SSLKEYLOGFILE format. So this way you can setup the TLS dissector of wireshark
(Pre-Master-Secret log filename) and see the traffic in clear in wireshark.
It also add some more PFS ciphers to remove for netmon captures.
 2022-08-16 10:40:32 +02:00
David Véron
a3712521a8 TLS version control 
* added settings for minimal and maximal TLS versions supported
* refactorisation of the force TLSv1.2 setting
 2022-07-07 07:13:11 +00:00
akallabeth
51f4c374c4 Clear OpenSSL error queue before BIO_read/BIO_write 2022-07-02 16:32:50 +02:00
fifthdegree
85f7cb8916 clear openssl error queue after nla_client_begin 2022-07-02 16:32:50 +02:00
Adrian Perez de Castro
81e8e28062 Fix building with LibreSSL 2.7.0 or newer 
With LibreSSL 2.7.0 (or newer versions) some more structs have made
opaque, which requires a few changes:

- BIO_meth_new() and related functions are now defined by LibreSSL, the
  versions from opensslcompat.{h,c} does not need to be used anymore.
- HMAC_CTX is now opaque, HMAC_CTX_new(), EVP_MD_CTX_new, and related
  functions should be used instead in winpr's hash.c.
 2022-06-27 12:42:06 +02:00
akallabeth
0563dae8b3 Cleanup tls_prepare 2022-06-23 09:18:37 +02:00
Siva Gudivada
7ce4d8b196 add a new flag to enforce tls1.2 2022-06-23 09:18:37 +02:00
akallabeth
3d9c972d5c
Replace direct rdpSettings access with getter/setter (#7867) 
* Replace direct rdpSettings access with getter/setter

* Fixed xf_gdi_update_screen const warning
 2022-05-02 10:55:44 +02:00
akallabeth
962c5c3ef0 Fixed dead store warnings 2022-04-28 12:37:19 +02:00
akallabeth
1dcc5a180a Fixed warnings 2022-04-28 11:24:51 +02:00
akallabeth
cc3e28f2f1 Fixed -Wdocumentation errors 2022-04-28 11:24:51 +02:00
akallabeth
73cdcdfe09
Logging and parser fixes (#7796) 
* Fixed remdesk settings pointer

* Fixed sign warnings in display_write_monitor_layout_pdu

* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context

* Added and updates settings

* info assert/dynamic timezone

* mcs assert/log/flags

* Fixed and added assertions for wStream

* Unified stream length checks

* Added new function to check for lenght and log
* Replace all usages with this new function

* Cleaned up PER, added parser logging

* Cleaned up BER, added parser logging

* log messages

* Modified Stream_CheckAndLogRequiredLengthEx

* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list

* Improved Stream_CheckAndLogRequiredLength

* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected

* Fixed public API input checks
 2022-04-19 14:29:17 +02:00
akallabeth
d3ae821477 Improved logging, compiler warning fixes 
* Improved logging in TPKT, TPDU, MCS, PER
* Proper use of rdpSettings functions
* Fixed missing return values
* Refactored rdp_server_transition_to_state
 2022-03-28 15:52:32 +02:00
akallabeth
14568872a9
Instance cleanup (#7738) 
* Cleaned up freerdp::autodetect

* Deprecate freerdp::input

* Deprecated freerdp::update

* Deprecated freerdp::settings

* Deprecated freerdp::autodetect

* Removed rdpTransport::settings

* Deprecated freerdp_per::update|settings|autodetect

* Fixed mac client and server compilation

* Fixed windows compilation

* Added deprecation warnings

* Fixed initialization of structs.

* Fixed android build

* Fixed freerdp_client_context_new const correctness

* Fixed checks for android implementation

Replaced checks with assertions where appropriate

* Fixed checks for windows client

Replaced checks with assertions where appropriate

* Fixed proxy client pointer dereference
 2022-03-23 13:18:35 +01:00
akallabeth
fa3cf9417f
Fixed #7696: Abort freerdp_connect if manually canceled (#7700) 
If freerdp_abort_connect is called, set FREERDP_ERROR_CONNECT_CANCELLED
This way freerdp_reconnect can distinguish between network issues and
user interaction and abort a retry attempt.
 2022-03-07 13:47:43 +01:00
akallabeth
3d38d2636c Decreased logging verbosity for INFO level 2022-03-04 09:34:02 +01:00
Armin Novak
4d03d7c0bf Freerdp remove #ifdef HAVE_CONFIG_H 2022-03-03 11:26:48 +01:00
Armin Novak
b2ad47a809 Reorganized FreeRDP headers 2022-03-03 11:26:48 +01:00
David Fort
0435b5a65d Implement smartcard logon 2022-02-24 08:52:25 +01:00
David Fort
cb351a099d Enable smartcard NLA logon 2022-02-24 08:52:25 +01:00
David Fort
d545ab66e1 tscredential: generate automatically the file from a parser 2022-02-24 08:52:25 +01:00
akallabeth
8cc6582044
Unify struct definitions (#7633) 
* Unified enum/struct definitions, fixed include issues

* Fixed mac compilation issues

* Added missing include

* Fixed windows server build warnings

* Fixed VS2010 build issue

* Removed unnecessary library linking

* Fixed ThreadPool WinXP compatibility

* Fixed pr review remarks
 2022-02-14 14:59:22 +01:00
Armin Novak
10e40147fb Fixed various const warnings 2022-02-01 10:25:37 +00:00
akallabeth
a71235be74
Cert update fix (#7382) 
* Fixed certificate thumbprint default format

* Fixed VerifyChangedCertificateEx call arguments
 2021-10-21 09:07:52 +02:00
Armin Novak
103ff6a758 Fixed certificate store double free. 2021-10-06 09:49:07 +02:00
akallabeth
1c84690c2f
Fixes from tests (#7308) 
* Fixed memory leak in tls_verify_certificate

* Fixed missing NULL checks

* Fixed missing checks for FreeRDP_DeactivateClientDecoding

* Added WINPR_ASSERT for client common new/free

* Added /disable-output switch to deactivate client decoding

Allows low resource remote connections that do not require visual
feedback. (e.g. load testing/...)
 2021-09-21 09:56:56 +02:00
akallabeth
75e6f443b5 Fixed possible leak in tls_prepare 
If the function fails, the 'underlying' BIO was leaking as
tls_free did not clean it up if 'tls->bio' was not successfully
allocated.
 2021-09-20 10:59:59 +02:00
Armin Novak
976c3c2ab9 Refactored proxy and proxy-modules: 
* Split out proxy headers and moved to public API to allow external
  modules to be built.
* Split proxy into proxy library and proxy binary. The library
  can be used by other applications and provides a simple API
* Improved channel passthrough, now all channels including dynamic
  channels work.
* Extended module API to hook more events, improved module samples
* Cleaned up proxy code, removed global static variables used,
  added WINPR_ASSERT
 2021-09-09 08:53:20 +02:00
Armin Novak
68f24477f6 Fixed compilation warnings on mac 2021-08-26 15:08:28 +02:00
Armin Novak
13f54fc0dd Improved fingerprint hash comparison 
* Allow new hash format 11bbccdd along already supported 11:22:aa:BB
 2021-08-26 09:38:12 +02:00
Armin Novak
5afa592244 Fixed cast-qual warnings 2021-08-24 11:10:51 +02:00
Armin Novak
f515bd4560 Fixed shadowing and type errors 2021-08-24 10:45:57 +02:00
Armin Novak
610396e197 Fixed compilation warnings 
Try to get the number of warnings down
 2021-08-02 10:28:06 +02:00
Armin Novak
4b7aa61abd Fixed tls_write_all, abort if blocked 
If data to be read is blocking the socket abort.
 2021-07-29 15:09:53 +02:00
akallabeth
534d30beb3
No deprecated (#7107) 
* Removed cmake options disabling compiler warnings

* Added deprecation compile options

* Fixed android client use of deprecated symbols

* Removed obsolete callback
 2021-06-22 14:39:10 +02:00
Armin Novak
09111c9270 libfreerdp: Fixed warnings, added assertions 2021-06-18 11:32:16 +02:00
Armin Novak
5fb59a23a9 Fixed lots of compilation warnings and type mismatches 2021-06-16 15:21:56 +02:00
Armin Novak
d36d94766e Replaced assert with WINPR_ASSERT 2021-06-14 09:37:07 +02:00
akallabeth
6b36c6d417
Replace fopen and path functions with wrappers (#7043) 
Functions like fopen, PathFileExists, PathMakePath need to call
the wide character versions on windows for utf-8 support.
 2021-05-31 11:42:03 +02:00
akallabeth
8e43f90590 Fixed #7045: allow NULL isser and subjects in certificates 2021-05-28 09:25:33 +02:00
Theo Buehler
9914dbc770 Fix build for upcoming LibreSSL version 
SSL will become opaque in LibreSSL 3.4.x, hence the code reaching inside
it will result in build breakage. This was done at the time for lack of
BIO_up_ref() support, which has been available since LibreSSL 2.7.0, so
adjust the relevant #ifdefs accordingly.
 2021-05-25 10:06:32 +02:00
Armin Novak
2b19576fc7 Fixed compiler warnings, function arguments and const parameter 2021-05-18 13:37:34 +02:00
akallabeth
d4ebf8546f Cleaned up crypto API 2021-05-11 08:00:18 +02:00
akallabeth
b494a193db Refactored certificate API: 
* Proper encapsulation
* known_hosts2 backend extended (storing PEM)
* New backend storing each host certificate in a file
 2021-05-11 08:00:18 +02:00
akallabeth
c3171b90cb Removed unit tests for legacy known_hosts file 2021-05-11 08:00:18 +02:00
akallabeth
384f997aa7 Removed support for obsolete known_hosts file. 2021-05-11 08:00:18 +02:00
akallabeth
9e466abe6f Fixed #6989: Use X509_STORE_set_default_paths 2021-05-03 13:37:26 +02:00
akallabeth
187946e965 Removed duplicated escape 2021-04-27 11:48:39 +02:00
akallabeth
e2fd9db0b5 Added const to function arguments 2021-02-17 11:29:56 +01:00
akallabeth
70881d3957 Fixed #6442: Use cmake to provide source directory for test pem 2020-08-25 09:48:29 +02:00
Armin Novak
57b405ca26 Fixed compilation warnings. 2020-08-10 12:14:11 +02:00
Armin Novak
76d10561bb Set BIO data NULL on cleanup 
Recursive BIO free could double free, if the BIO data is not set
NULL when removed.
 2020-07-23 10:48:39 +02:00
akallabeth
02c5ec66e5 Fixed possible integer overflow in crypto_rsa_common 
Thanks @anticomputer for pointing this out
 2020-06-22 12:09:36 +02:00
akallabeth
d936402878 Fixed GHSL-2020-102 heap overflow 2020-05-20 15:10:07 +02:00
akallabeth
6a2785e359 Abort on first possible certificate validation error 
Only retry certificate validation if the purpose was wrong.
 2020-05-20 14:48:15 +02:00
akallabeth
7890833af8 Replaced strtok with strtok_s 2020-05-18 11:39:22 +02:00
akallabeth
5cfc3e8593 Fixed #6148: multiple ceritificate purposes 
OpenSSL certificate verification can only check a single purpose.
Run the checks with all allowed purposes and accept any.
 2020-05-12 15:36:48 +02:00
akallabeth
095d24934c Fixed #6122: Allow SSL server and client purpose 2020-04-25 08:06:00 +02:00
akallabeth
b094d52d0b Fixed #6099: Add a flag for legacy hash entries 
If a legacy entry is found in certificate hash store print
additional information to the user informing about the change
with FreeRDP 2.0
 2020-04-22 18:14:39 +02:00
Linus Heckemann
89e4e24c31 tls: support non-RSA keys 2020-04-10 17:57:34 +02:00
Armin Novak
5b9b7f331b Fixed memory leak in tls_get_channel_bindings 2020-03-06 11:37:35 +01:00
Armin Novak
9c999b7135 Added raw function wrapping X509_digest 2020-03-06 11:37:35 +01:00
Armin Novak
2be6e4117f Let ssl backend handle hash checks. 2020-03-06 11:37:35 +01:00
Armin Novak
00fa84b514 Check cert against CertificateAcceptedFingerprints 
CertificateAcceptedFingerprints may contain a list of certificate
hashes and the corresponding fingerprint.
If one of the hashes matches consider the certificate accepted.
 2020-03-06 11:37:35 +01:00
Armin Novak
ac4bb3c103 End connection before user callbacks if aborted. 
If somewhere in freerdp_connect freerdp_abort_connect was called
the user callbacks Authenticate, GatewayAuthenticate and
Verify[Changed|X509]Certificate[Ex] must not be called.
 2020-02-19 16:44:42 +01:00
Armin Novak
7c243da6e1 Remove symbols exported by accident. 2019-12-02 10:57:31 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak
d7877186d6 Fixed strnlen issues. 2019-11-05 14:55:33 +01:00
Armin Novak
993b79f1bd Removed strcpy use. 2019-10-29 11:58:43 +01:00
Armin Novak
f01e042211 Code cleanups (strlen, casts, size_t, ...) 2019-10-29 11:58:43 +01:00
asapelkin
82eadad4a4 Fix some static analizer warnings 2019-10-22 15:39:54 +02:00
Armin Novak
2f2ca9d93b Fixed leak in verify_cb. 2019-10-04 16:19:23 +02:00
Armin Novak
2778cbce8c Fixed type of sk_* macro. 2019-08-22 10:40:25 +02:00
Armin Novak
36c820a9d9 Extract whole certificate chain to PEM format. 2019-07-17 14:42:32 +02:00
Armin Novak
0c17c3871b Pass on cert validation failure, set freerdp error in all use cases. 2019-07-15 15:51:46 +02:00
Armin Novak
ca4a1d19a5 Silenced some unused parameter warnings. 2019-05-08 12:21:31 +02:00
Armin Novak
29c920c568 Fixed review remarks. 2019-04-05 09:14:35 +02:00
Armin Novak
1da57d0b7e Fixed sign-compare warnings 2019-04-05 09:13:24 +02:00
cerg2010cerg2010
7abc86ffae Close file handle correctly. (#5310) 2019-03-18 14:57:00 +01:00
Armin Novak
4ad0770a7e Silenced function pointer cast warnings for BIO_callback_ctrl 2019-02-21 13:53:51 +01:00
David Fort
05d9d89796
Merge pull request #5149 from akallabeth/cert_deny 
New option to disable user certificate dialog
 2019-01-25 16:59:33 +01:00
Armin Novak
0c83efa753 Fix #5170: Disable custom TLS alert for libressl > 2.8.3 2019-01-07 14:20:16 +01:00
Simon Legner
ff375d238b
fix(crypto/tls): typo 2019-01-02 08:18:07 +01:00
Armin Novak
b60045af27 New option to disable user certificate dialog 
The new option +cert-deny aborts a connection automatically if
the certificate can not be validated by OpenSSL or via known hosts.
 2018-12-14 10:17:52 +01:00
Armin Novak
6906efa354 Fixed return value for already accepted certificate. 2018-12-14 09:52:25 +01:00
Armin Novak
d2ac7acdd9 Fixed certificate accept 
certificate_data_replace can only replace an existing entry,
use certificate_data_print for new ones.
 2018-12-10 12:03:55 +01:00
Armin Novak
d05217454f Fix #5115: Cast PEM data from BYTE* to char* to silence warnings. 2018-12-07 12:36:18 +01:00
Armin Novak
0aaf14bed7 Fixe accidental removal of certificate_data_replace 2018-12-06 09:39:50 +01:00
Armin Novak
b27470405c Duplicate PEM when accepted. 2018-12-04 09:35:24 +01:00
Armin Novak
e04c319d21 Added new default certificate callbacks with extended information. 
The extended information provided by VerifyCertificateEx and
VerifyChangedCertificateEx is now exploited by the new functions
client_cli_verify_certificate_ex and client_cli_verify_changed_certificate_ex.

The old callbacks now print out deprecation warnings to inform the
user and developer about this deprecation.
 2018-12-04 09:35:24 +01:00
Armin Novak
a8823fdf95 Cleaned up certificate verification code. 2018-12-04 09:35:24 +01:00
Armin Novak
7ab07ab980 Added certificate callbacks with source indications. 2018-12-04 09:35:24 +01:00
Armin Novak
dd3276d664 Prefer VerifyX509Certificate and fixed const arguments 
If VerifyX509Certificate is set use it also when doing internal
certificate management. Added flags to ensure it is possible to
find out which type of connection is being made.
 2018-12-04 09:35:24 +01:00
Armin Novak
d27cd1b19e Fixed unit tests, use uniqe file names 2018-12-04 08:45:41 +01:00
Armin Novak
f3e1ffb121 Fix #4764: Second try, use X509_STORE_CTX_set_purpose 2018-11-28 12:08:42 +01:00
Armin Novak
77744200a8 Fix #4768: Set SSL verify purpose to ANY 
Should actually be SSL server but since we allowed broken
purpose up until now keep that for the 2.0 series.
 2018-11-26 11:58:29 +01:00
akallabeth
effa8b8562 Fix #5049: Libressl declares OPENSSL_VERSION_NUMBER too high 
Need to check specifically for LIBRESSL_VERSION_NUMBER as they
set the version higher than OpenSSL 1.1 but without API support.
 2018-11-22 19:10:05 +01:00
Armin Novak
649f49fa61 Fix #5049: LibreSSL does not have SSL_CTX_set_security_level 2018-11-22 09:23:46 +01:00
Martin Fleisz
947aa80033
Merge pull request #5016 from akallabeth/windows_server_build_fix 
Windows server build fix
 2018-11-21 16:02:47 +01:00
Christian Gall
fffe4f077a * remove obsolete SSLv23_client_method in tls_connect() 
* set min TLS Version
 2018-11-18 14:09:37 +00:00
Armin Novak
a2cd934184 Fixed windows build warnings. 2018-11-15 09:01:53 +01:00
Martin Fleisz
097ac0ee13
Merge pull request #4997 from akallabeth/use_bio_free_all 
Replaced BIO_free with BIO_free_all
 2018-11-12 13:55:36 +01:00
Armin Novak
5f4843191b Replaced BIO_free with BIO_free_all 
There is no point in using BIO_free with a custom recursion
to free up stacked BIOs if there is already BIO_free_all.
Using it consistently avoids memory leaks due to stacked BIOs
not being recursively freed.
 2018-11-08 12:09:49 +01:00