Armin Novak
09111c9270
libfreerdp: Fixed warnings, added assertions
2021-06-18 11:32:16 +02:00
Armin Novak
5fb59a23a9
Fixed lots of compilation warnings and type mismatches
2021-06-16 15:21:56 +02:00
Armin Novak
d36d94766e
Replaced assert with WINPR_ASSERT
2021-06-14 09:37:07 +02:00
akallabeth
6b36c6d417
Replace fopen and path functions with wrappers ( #7043 )
...
Functions like fopen, PathFileExists, PathMakePath need to call
the wide character versions on windows for utf-8 support.
2021-05-31 11:42:03 +02:00
akallabeth
8e43f90590
Fixed #7045 : allow NULL isser and subjects in certificates
2021-05-28 09:25:33 +02:00
Theo Buehler
9914dbc770
Fix build for upcoming LibreSSL version
...
SSL will become opaque in LibreSSL 3.4.x, hence the code reaching inside
it will result in build breakage. This was done at the time for lack of
BIO_up_ref() support, which has been available since LibreSSL 2.7.0, so
adjust the relevant #ifdefs accordingly.
2021-05-25 10:06:32 +02:00
Armin Novak
2b19576fc7
Fixed compiler warnings, function arguments and const parameter
2021-05-18 13:37:34 +02:00
akallabeth
d4ebf8546f
Cleaned up crypto API
2021-05-11 08:00:18 +02:00
akallabeth
b494a193db
Refactored certificate API:
...
* Proper encapsulation
* known_hosts2 backend extended (storing PEM)
* New backend storing each host certificate in a file
2021-05-11 08:00:18 +02:00
akallabeth
c3171b90cb
Removed unit tests for legacy known_hosts file
2021-05-11 08:00:18 +02:00
akallabeth
384f997aa7
Removed support for obsolete known_hosts file.
2021-05-11 08:00:18 +02:00
akallabeth
9e466abe6f
Fixed #6989 : Use X509_STORE_set_default_paths
2021-05-03 13:37:26 +02:00
akallabeth
187946e965
Removed duplicated escape
2021-04-27 11:48:39 +02:00
akallabeth
e2fd9db0b5
Added const to function arguments
2021-02-17 11:29:56 +01:00
akallabeth
70881d3957
Fixed #6442 : Use cmake to provide source directory for test pem
2020-08-25 09:48:29 +02:00
Armin Novak
57b405ca26
Fixed compilation warnings.
2020-08-10 12:14:11 +02:00
Armin Novak
76d10561bb
Set BIO data NULL on cleanup
...
Recursive BIO free could double free, if the BIO data is not set
NULL when removed.
2020-07-23 10:48:39 +02:00
akallabeth
02c5ec66e5
Fixed possible integer overflow in crypto_rsa_common
...
Thanks @anticomputer for pointing this out
2020-06-22 12:09:36 +02:00
akallabeth
d936402878
Fixed GHSL-2020-102 heap overflow
2020-05-20 15:10:07 +02:00
akallabeth
6a2785e359
Abort on first possible certificate validation error
...
Only retry certificate validation if the purpose was wrong.
2020-05-20 14:48:15 +02:00
akallabeth
7890833af8
Replaced strtok with strtok_s
2020-05-18 11:39:22 +02:00
akallabeth
5cfc3e8593
Fixed #6148 : multiple ceritificate purposes
...
OpenSSL certificate verification can only check a single purpose.
Run the checks with all allowed purposes and accept any.
2020-05-12 15:36:48 +02:00
akallabeth
095d24934c
Fixed #6122 : Allow SSL server and client purpose
2020-04-25 08:06:00 +02:00
akallabeth
b094d52d0b
Fixed #6099 : Add a flag for legacy hash entries
...
If a legacy entry is found in certificate hash store print
additional information to the user informing about the change
with FreeRDP 2.0
2020-04-22 18:14:39 +02:00
Linus Heckemann
89e4e24c31
tls: support non-RSA keys
2020-04-10 17:57:34 +02:00
Armin Novak
5b9b7f331b
Fixed memory leak in tls_get_channel_bindings
2020-03-06 11:37:35 +01:00
Armin Novak
9c999b7135
Added raw function wrapping X509_digest
2020-03-06 11:37:35 +01:00
Armin Novak
2be6e4117f
Let ssl backend handle hash checks.
2020-03-06 11:37:35 +01:00
Armin Novak
00fa84b514
Check cert against CertificateAcceptedFingerprints
...
CertificateAcceptedFingerprints may contain a list of certificate
hashes and the corresponding fingerprint.
If one of the hashes matches consider the certificate accepted.
2020-03-06 11:37:35 +01:00
Armin Novak
ac4bb3c103
End connection before user callbacks if aborted.
...
If somewhere in freerdp_connect freerdp_abort_connect was called
the user callbacks Authenticate, GatewayAuthenticate and
Verify[Changed|X509]Certificate[Ex] must not be called.
2020-02-19 16:44:42 +01:00
Armin Novak
7c243da6e1
Remove symbols exported by accident.
2019-12-02 10:57:31 +01:00
Armin Novak
72ca88f49c
Reformatted to new style
2019-11-07 10:53:54 +01:00
Armin Novak
d7877186d6
Fixed strnlen issues.
2019-11-05 14:55:33 +01:00
Armin Novak
993b79f1bd
Removed strcpy use.
2019-10-29 11:58:43 +01:00
Armin Novak
f01e042211
Code cleanups (strlen, casts, size_t, ...)
2019-10-29 11:58:43 +01:00
asapelkin
82eadad4a4
Fix some static analizer warnings
2019-10-22 15:39:54 +02:00
Armin Novak
2f2ca9d93b
Fixed leak in verify_cb.
2019-10-04 16:19:23 +02:00
Armin Novak
2778cbce8c
Fixed type of sk_* macro.
2019-08-22 10:40:25 +02:00
Armin Novak
36c820a9d9
Extract whole certificate chain to PEM format.
2019-07-17 14:42:32 +02:00
Armin Novak
0c17c3871b
Pass on cert validation failure, set freerdp error in all use cases.
2019-07-15 15:51:46 +02:00
Armin Novak
ca4a1d19a5
Silenced some unused parameter warnings.
2019-05-08 12:21:31 +02:00
Armin Novak
29c920c568
Fixed review remarks.
2019-04-05 09:14:35 +02:00
Armin Novak
1da57d0b7e
Fixed sign-compare warnings
2019-04-05 09:13:24 +02:00
cerg2010cerg2010
7abc86ffae
Close file handle correctly. ( #5310 )
2019-03-18 14:57:00 +01:00
Armin Novak
4ad0770a7e
Silenced function pointer cast warnings for BIO_callback_ctrl
2019-02-21 13:53:51 +01:00
David Fort
05d9d89796
Merge pull request #5149 from akallabeth/cert_deny
...
New option to disable user certificate dialog
2019-01-25 16:59:33 +01:00
Armin Novak
0c83efa753
Fix #5170 : Disable custom TLS alert for libressl > 2.8.3
2019-01-07 14:20:16 +01:00
Simon Legner
ff375d238b
fix(crypto/tls): typo
2019-01-02 08:18:07 +01:00
Armin Novak
b60045af27
New option to disable user certificate dialog
...
The new option +cert-deny aborts a connection automatically if
the certificate can not be validated by OpenSSL or via known hosts.
2018-12-14 10:17:52 +01:00
Armin Novak
6906efa354
Fixed return value for already accepted certificate.
2018-12-14 09:52:25 +01:00