mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
19,376 Commits 6 Branches 74 Tags 84 MiB
8fd724b7b6
Commit Graph

273 Commits

Author SHA1 Message Date
akallabeth
5aff241096
Merge pull request #10554 from akallabeth/tidy-silence 
Tidy silence
 2024-09-04 10:35:22 +02:00
akallabeth
3e933203e2 [crypto,tls] fix bad-function-cast 
do silence the compiler warning and add a comment why we do that.
 2024-09-04 09:41:53 +02:00
akallabeth
c5f346488f
[crypto,tls] revert const argument 
with some build options this needs to be writeable.
 2024-09-04 09:03:21 +02:00
akallabeth
190929c018
[warnings] fix function pointer casts 2024-08-30 15:40:01 +02:00
akallabeth
36c3184a0f
[warnings] fix clang-tidy issues in libfreerdp 2024-08-29 15:34:22 +02:00
akallabeth
1d33095500
[warnings] fix cert-err33-c 
Fix unused return values, cast to void if on purpose
 2024-08-29 10:19:27 +02:00
Armin Novak
03449da9e9
[warnings] fix uninitialized variables 2024-08-28 10:46:40 +02:00
akallabeth
22fb6aad31
[crypto,tls] fix AcceptedKey checks 
* Add freerdp_certificate_get_pem_ex to extract PEM for cert only
* Compare only certificate without certificate chain
* Store only certificate PEM without chain for later comparison
 2024-08-13 07:40:07 +02:00
akallabeth
1de8f5a7aa
[core,gateway] pass rdpContext 
* pass rdpContext to freerdp_tls_new
* check freerdp_shall_disconnect_context in http_response_recv
 2024-06-27 08:42:08 +02:00
akallabeth
53d8e0f203
[crypto,tls] fix missing return 2024-05-25 09:17:06 +02:00
akallabeth
ef86df9a26
[crypto,tls] log BIO_do_handshake errors 
add proper logging to make details of failures auditable
 2024-05-23 14:48:39 +02:00
David Fort
aebe9742e0 [client,win32] Child session fixes 
It seems like WaitFor[Single|Multiple]Object calls aren't reliable on pipes, especially
on the pipe opened for childSession access. The object can be marked as signaled even if
no data is available, making the connection laggy and unresponsive (nearly unusable in some
cases).
This patch works around that by using ReadFileEx() with overlapped instead of simple
ReadFile() and use asynchronous reads.
 2024-03-01 09:46:53 +01:00
amazingfate
e21afefb86 fix build with openssl < 1.1.1 2024-02-23 12:45:36 +01:00
akallabeth
0ba995655d [clang-tidy] cppcoreguidelines-init-variables 2024-02-15 11:49:16 +01:00
Armin Novak
198774c035 [compat,libressl] fix compilation issues 2023-12-19 20:44:39 +01:00
Armin Novak
6e6559c41a [settings] fix type mismatch warnings 2023-11-24 14:54:56 +01:00
akallabeth
cd4d77af86 [settings] add deprecation warnings 
direct struct access to rdpSettings now produces warnings if not
explicitly deactiaved by defining FREERDP_SETTINGS_INTERNAL_USE
 2023-11-24 14:54:56 +01:00
akallabeth
1163cc4d5c [core] add internal settings.h include 2023-11-24 14:54:56 +01:00
Armin Novak
32c65dbdfc [crypto,tls] only print fingerprint in log 
printing the whole PEM to log is too verbose, just use the fingerprint
instead.
 2023-10-25 13:15:35 +02:00
akallabeth
d44f9528a1 [ssl] use proper names for TLS_*_method 
only use deprecated SSLv23_*method on old versions of SSL
 2023-10-10 19:35:27 +02:00
akallabeth
b9fdd88bd7 [crypto,tls] reset tls context before setting 
clean up old tls context before setting a new one
 2023-09-21 10:00:19 +02:00
akallabeth
9a460d38fc [crypto,tls] free tls bindings before set 
Free possibly allocated bindings before setting new ones
 2023-09-21 10:00:19 +02:00
akallabeth
d275e083ec [crypto,tls] free existing public key 
before updating the public key free possible existing data.
 2023-09-21 10:00:19 +02:00
Armin Novak
0afa2e88b5 [crypto,cert] imrove logged warnings for certificates 2023-07-31 08:32:43 +02:00
Armin Novak
64f4fe397c [crypto,tls] fixed sign warnings 2023-07-27 21:05:43 +02:00
Marc-André Moreau
4d4dcd4511 Fix usage of explicit server name when different from connection host 2023-06-13 09:20:17 -04:00
akallabeth
516668d02b [fclose] ensure no invalid pointers are passed. 
fclose has undefined behaviour for NULL pointers, so check for these.
 2023-04-28 07:39:35 +02:00
Armin Novak
ae8f0106bd [core,redirect] extract and check redirection cert 
* extract the certificate from the redirection PDU
* if there is a certificate provided accept it if it matches the
  redirection target certificate without further user checks
 2023-02-28 15:49:58 +01:00
David Fort
b8814e723a fix some warning with the use of new crypto functions 2023-02-28 07:59:40 +01:00
akallabeth
895ae8b137 [core] use rdpPrivateKey and rdpCertificate 2023-02-16 10:06:17 +01:00
Armin Novak
a7dac52a42 [license] updated copyright headers 2023-02-12 20:17:11 +01:00
akallabeth
7cd597015a [crypot,tls] use new crypto/cert API 2023-02-12 20:17:11 +01:00
Armin Novak
dd0d130f48 [crypto] make tls.h a private header 
no need to uselessly export symbols that are not usable outside the
project
 2023-01-14 08:50:26 +01:00
Rozhuk Ivan
a111b78530 [core] Rename TLS functions 
Rename tls_ to freerdp_tls_ to avoid namespace conflicts with libtls
and probaly other tls crypto libs.
 2023-01-14 08:50:26 +01:00
Armin Novak
8b9b2db44b [winpr] use winpr_fopen 2023-01-12 22:54:25 +01:00
akallabeth
82ba9ede9c [freerdp] use FREERDP_/UWAC_/RDTK_ prefix for conditional headers 2023-01-10 17:38:00 +01:00
David Fort
07d9baad6d crypto: export getSslMethod utility function 2022-12-23 08:42:45 +01:00
David Fort
b283daafd7 tls: cleanup and add some methods to do handshakes asynchronously 
This patch does a few cleanups to allow creating TLS and DTLS contexts.
It also introduces tls_accept_ex and tls_connect_ex that can start the SSL handshake,
and it can be finished by calling tls_handshake
 2022-12-19 10:46:06 +01:00
Bernhard Miklautz
e530999156 new [tls/server]: disable client side renegotiation 2022-12-15 11:06:19 +01:00
akarl10
3a10bcd36a [ntlm]: use rfc5929 binding hash algorithm 
rfc5929 mandates some specific hashes for the binding algorithm
 2022-11-21 13:27:08 +01:00
akallabeth
1849632c43
Fixed format strings to match arguments (#8254) 
* Fixed format strings to match arguments

Reviewed and replaced all %d specifiers to match proper type

* Added proxy dynamic channel command type to log messages.
 2022-09-29 14:55:27 +02:00
DVeron-RC
de16558344
Fix memory leak in tls.c (#8135) 
There was an issue in the reference count managment of the private
key and the X509 certificate.
 2022-08-18 15:51:30 +02:00
Martin Fleisz
693985b733 crypto: Fix compilation with OpenSSL versions older than 1.1.1 2022-08-17 14:20:14 +02:00
David Fort
942273e9cb
tls: add an option to dump tls secrets for wireshark decoding (#8120) 
This new option /tls-secret-file:<file> allows to dump TLS secrets in a file with
the SSLKEYLOGFILE format. So this way you can setup the TLS dissector of wireshark
(Pre-Master-Secret log filename) and see the traffic in clear in wireshark.
It also add some more PFS ciphers to remove for netmon captures.
 2022-08-16 10:40:32 +02:00
David Véron
a3712521a8 TLS version control 
* added settings for minimal and maximal TLS versions supported
* refactorisation of the force TLSv1.2 setting
 2022-07-07 07:13:11 +00:00
akallabeth
51f4c374c4 Clear OpenSSL error queue before BIO_read/BIO_write 2022-07-02 16:32:50 +02:00
fifthdegree
85f7cb8916 clear openssl error queue after nla_client_begin 2022-07-02 16:32:50 +02:00
akallabeth
0563dae8b3 Cleanup tls_prepare 2022-06-23 09:18:37 +02:00
Siva Gudivada
7ce4d8b196 add a new flag to enforce tls1.2 2022-06-23 09:18:37 +02:00
akallabeth
962c5c3ef0 Fixed dead store warnings 2022-04-28 12:37:19 +02:00