Commit Graph

226 Commits

Author SHA1 Message Date
Vic Lee
2e11eac79a Merge pull request #2675 from akallabeth/path_make_path
Added PathMakePath function.
2015-06-18 02:43:47 +00:00
Armin Novak
b43c9f9060 Renamed file to known_hosts2. 2015-06-12 09:30:01 +02:00
Armin Novak
9dd9c35cee Updated tests. 2015-06-11 11:34:36 +02:00
Armin Novak
3dda4eb0cf Added NULL pointer checks, fixed warnings. 2015-06-11 11:34:22 +02:00
Armin Novak
7fc1c65165 Added subject and issuer to saved data.
When a certificate has changed, display not only the
fingerprint but also subject and issuer of old certificate.
2015-06-11 11:21:23 +02:00
Armin Novak
7786cf1376 Fixed fingerprint comparison, return value was inverted. 2015-06-11 09:59:04 +02:00
Armin Novak
90d836193c Fixed formatting. 2015-06-11 09:58:58 +02:00
Armin Novak
3d27055539 Added test for fingerprint read. 2015-06-11 09:24:55 +02:00
Armin Novak
b983d8e595 Fixed data replace. 2015-06-11 09:24:53 +02:00
Armin Novak
acc96388a5 Added certificate_get_fingerprint function to read out old one. 2015-06-11 09:14:15 +02:00
Armin Novak
2204df97f8 Added port to certificate warnings. 2015-06-10 10:59:40 +02:00
Armin Novak
ef0b9abf15 Using binary mode for fopen. 2015-06-10 10:47:59 +02:00
Armin Novak
ebad760aff Opening correct file. 2015-06-10 10:40:01 +02:00
Armin Novak
f4843e8ab3 Opening file on use now. 2015-06-10 10:34:02 +02:00
Armin Novak
05755b73ad Working unit test for known_hosts functions. 2015-06-10 09:15:38 +02:00
Armin Novak
98fc5b6e93 Fixed bugs found due to test. 2015-06-10 09:15:28 +02:00
Armin Novak
991fc39a62 Added unit test. 2015-06-09 18:03:32 +02:00
Armin Novak
6192230737 Added legacy known_hosts support.
If no entry for the <host> <port> combination
was found in the v2 file and there is a legacy file
check if a matching <host> entry can be found.
In case there is a matching entry and the <fingerprint>
also matches, create a new entry in the v2 file using the
current port.
2015-06-09 16:12:41 +02:00
Armin Novak
6da4a5aaf0 Using '<host> <port> <fp>' format for known hosts. 2015-06-09 15:33:13 +02:00
Armin Novak
7403cdc60c Added PathMakePath function. 2015-06-09 13:16:28 +02:00
Norbert Federa
1eff1a345e free can handle NULL perfectly fine 2015-05-11 09:07:39 +02:00
Norbert Federa
f9f59cd29b Fix unchecked CreateDirectory calls 2015-05-07 13:28:13 +02:00
David FORT
c03bf75896 Take in account @nfedera's comments 2015-04-07 21:06:53 +02:00
David FORT
8685a8e0a2 Fixed missing return value 2015-04-01 14:24:37 +02:00
David FORT
9bb4d64608 Correctly handle HMAC_Init_ex() for older versions of OpenSSL 2015-04-01 14:12:08 +02:00
David FORT
0eb399a717 Treat return values for security.c
This patch make functions in security.c return values when they should instead of
beeing void. And it also fix the callers of these functions.
2015-04-01 11:11:37 +02:00
Marc-André Moreau
ad6723835b Merge pull request #2505 from bmiklautz/tls_shutdown
rename and update tls_disconnect
2015-03-31 09:26:30 -04:00
Norbert Federa
1ba681fecc crypto: support MSFT iOS clients with faulty SNI
Microsoft iOS Remote Desktop Clients eventually send NULL-terminated
hostnames in SNI which is not allowed in the OpenSSL implementation.

Since we're not using SNI this commit adds an OpenSSL TLS extension
debug callback which modifies the SSL context in a way preventing it
from parsing this extension
2015-03-30 13:48:51 +02:00
Bernhard Miklautz
90968e07e1 rename and update tls_disconnect
tls_disconnect shut down the ssl stream but didn't inform
the BIO(s) about this therefore could happen that a second shut down
was initiated (e.g. in bio_rdp_tls_free) causing rather long delays.

After removing the shut down from tls_disconnect the only thing the
function does is to prepare/send an alert therefore it was renamed to
tls_send_alert.
2015-03-30 11:56:09 +02:00
Vic Lee
5f375d0a6f tls: revert checking SSL_ERROR_SYSCALL which may cause deadlock. 2015-03-25 16:07:39 +08:00
Martin Fleisz
5fa777b11c Merge pull request #2482 from llyzs/llyzs
tls: fix error handling of no error code.
2015-03-23 16:06:12 +01:00
Vic Lee
2137ccc3db tls: retry for all SSL_ERROR_SYSCALL errors. 2015-03-20 10:03:30 +08:00
Marc-André Moreau
dc913d9f2c libfreerdp-core: fix some RDG valgrind issues 2015-03-17 16:09:17 -04:00
Jason Plum
6ce5991e74 libfreerdp: crypto: add certificate chain validation! 2015-03-13 13:50:54 -04:00
Marc-André Moreau
5ab34dfa3e Merge pull request #2456 from zhangzl2013/fix-realloc
Fix incorrect usage of realloc
2015-03-12 07:33:27 -04:00
Bernhard Miklautz
6072165fd7 crypto: use PEM as certificate store file format
Currently the certificate format expected in FreeRDPs certificate store
is DER (ASN1). On most linux/unix systems the system certificate store
default format is PEM. Which is also the more common format used by CAs
to distribute their certificates.

Changing the default format to PEM allows the usage of system
certificates or published CA certificates without the need to convert them.

This fixes a part of issue #2446.
2015-03-11 12:06:52 +01:00
Zhang Zhaolong
4205dac57f crypto: fix incorrect usage of realloc.
Signed-off-by: Zhang Zhaolong <zhangzl2013@126.com>
2015-03-11 12:37:35 +08:00
Jason Plum
30f28d4ac9 Fix case sensitive hostname comparison in tls
To do this I've swapped _strnicmp with memcmp. Seemless, but does lock it to the restrictions of that function.

Signed-off-by: Jason Plum <jplum@archlinuxarm.org>
2015-03-10 16:48:35 -04:00
Marc-André Moreau
44d06888bb libfreerdp-core: fix BIO leaks 2015-02-18 15:36:57 -05:00
Marc-André Moreau
e241330daf libfreerdp-core: rewrite tls_write_all to use front BIO only 2015-02-13 16:02:37 -05:00
Marc-André Moreau
b7a619ff8a libfreerdp-core: move some rdpTcp operations under BIO layer 2015-02-13 14:26:02 -05:00
Marc-André Moreau
fa06c4d401 libfreerdp-core: improve reconnection 2015-02-06 14:21:26 -05:00
Marc-André Moreau
82d58086db xfreerdp: partial reconnect fixes 2015-02-05 17:01:56 -05:00
Marc-André Moreau
81e190eccb libfreerdp-crypto: fix tls_write_all ringbuffer usage 2015-01-14 13:25:54 -05:00
Marc-André Moreau
98cd697cad libfreerdp-utils: add ringbuffer debug output 2015-01-14 13:15:57 -05:00
Bernhard Miklautz
f338e1f6c3 crypto: revert pull request #2130
The fix in #2130 eliminates the problem when connecting over a gateway
but introduces other problems server side and client side (client/server
can't detect anymore when a TCP connection was closed).
2014-11-26 19:46:32 +01:00
Marc-André Moreau
ddedc574f3 freerdp: remove tcp, uds utils 2014-11-12 14:06:34 -05:00
Marc-André Moreau
2de73e0243 Merge pull request #2130 from eosrei/2056/ts-gateway-connect-fail
Removing TS Gateway breaking BIO_clear_flags() call
2014-10-25 11:52:29 -04:00
Marc-André Moreau
ce7302a999 wfreerdp: cleanup clipboard 2014-10-22 22:32:55 -04:00
Brad
0746d8c14c Do not BIO_clear_flags() when the SSL error is not valid to fix #2056 2014-10-08 00:00:36 -07:00