mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
15,382 Commits 6 Branches 74 Tags 84 MiB
e5ce4b49e7
Commit Graph

404 Commits

Author SHA1 Message Date
akallabeth
a71235be74
Cert update fix (#7382) 
* Fixed certificate thumbprint default format

* Fixed VerifyChangedCertificateEx call arguments
 2021-10-21 09:07:52 +02:00
Armin Novak
103ff6a758 Fixed certificate store double free. 2021-10-06 09:49:07 +02:00
akallabeth
1c84690c2f
Fixes from tests (#7308) 
* Fixed memory leak in tls_verify_certificate

* Fixed missing NULL checks

* Fixed missing checks for FreeRDP_DeactivateClientDecoding

* Added WINPR_ASSERT for client common new/free

* Added /disable-output switch to deactivate client decoding

Allows low resource remote connections that do not require visual
feedback. (e.g. load testing/...)
 2021-09-21 09:56:56 +02:00
akallabeth
75e6f443b5 Fixed possible leak in tls_prepare 
If the function fails, the 'underlying' BIO was leaking as
tls_free did not clean it up if 'tls->bio' was not successfully
allocated.
 2021-09-20 10:59:59 +02:00
Armin Novak
976c3c2ab9 Refactored proxy and proxy-modules: 
* Split out proxy headers and moved to public API to allow external
  modules to be built.
* Split proxy into proxy library and proxy binary. The library
  can be used by other applications and provides a simple API
* Improved channel passthrough, now all channels including dynamic
  channels work.
* Extended module API to hook more events, improved module samples
* Cleaned up proxy code, removed global static variables used,
  added WINPR_ASSERT
 2021-09-09 08:53:20 +02:00
Armin Novak
68f24477f6 Fixed compilation warnings on mac 2021-08-26 15:08:28 +02:00
Armin Novak
13f54fc0dd Improved fingerprint hash comparison 
* Allow new hash format 11bbccdd along already supported 11:22:aa:BB
 2021-08-26 09:38:12 +02:00
Armin Novak
5afa592244 Fixed cast-qual warnings 2021-08-24 11:10:51 +02:00
Armin Novak
f515bd4560 Fixed shadowing and type errors 2021-08-24 10:45:57 +02:00
Armin Novak
610396e197 Fixed compilation warnings 
Try to get the number of warnings down
 2021-08-02 10:28:06 +02:00
Armin Novak
4b7aa61abd Fixed tls_write_all, abort if blocked 
If data to be read is blocking the socket abort.
 2021-07-29 15:09:53 +02:00
akallabeth
534d30beb3
No deprecated (#7107) 
* Removed cmake options disabling compiler warnings

* Added deprecation compile options

* Fixed android client use of deprecated symbols

* Removed obsolete callback
 2021-06-22 14:39:10 +02:00
Armin Novak
09111c9270 libfreerdp: Fixed warnings, added assertions 2021-06-18 11:32:16 +02:00
Armin Novak
5fb59a23a9 Fixed lots of compilation warnings and type mismatches 2021-06-16 15:21:56 +02:00
Armin Novak
d36d94766e Replaced assert with WINPR_ASSERT 2021-06-14 09:37:07 +02:00
akallabeth
6b36c6d417
Replace fopen and path functions with wrappers (#7043) 
Functions like fopen, PathFileExists, PathMakePath need to call
the wide character versions on windows for utf-8 support.
 2021-05-31 11:42:03 +02:00
akallabeth
8e43f90590 Fixed #7045: allow NULL isser and subjects in certificates 2021-05-28 09:25:33 +02:00
Theo Buehler
9914dbc770 Fix build for upcoming LibreSSL version 
SSL will become opaque in LibreSSL 3.4.x, hence the code reaching inside
it will result in build breakage. This was done at the time for lack of
BIO_up_ref() support, which has been available since LibreSSL 2.7.0, so
adjust the relevant #ifdefs accordingly.
 2021-05-25 10:06:32 +02:00
Armin Novak
2b19576fc7 Fixed compiler warnings, function arguments and const parameter 2021-05-18 13:37:34 +02:00
akallabeth
d4ebf8546f Cleaned up crypto API 2021-05-11 08:00:18 +02:00
akallabeth
b494a193db Refactored certificate API: 
* Proper encapsulation
* known_hosts2 backend extended (storing PEM)
* New backend storing each host certificate in a file
 2021-05-11 08:00:18 +02:00
akallabeth
c3171b90cb Removed unit tests for legacy known_hosts file 2021-05-11 08:00:18 +02:00
akallabeth
384f997aa7 Removed support for obsolete known_hosts file. 2021-05-11 08:00:18 +02:00
akallabeth
9e466abe6f Fixed #6989: Use X509_STORE_set_default_paths 2021-05-03 13:37:26 +02:00
akallabeth
187946e965 Removed duplicated escape 2021-04-27 11:48:39 +02:00
akallabeth
e2fd9db0b5 Added const to function arguments 2021-02-17 11:29:56 +01:00
akallabeth
70881d3957 Fixed #6442: Use cmake to provide source directory for test pem 2020-08-25 09:48:29 +02:00
Armin Novak
57b405ca26 Fixed compilation warnings. 2020-08-10 12:14:11 +02:00
Armin Novak
76d10561bb Set BIO data NULL on cleanup 
Recursive BIO free could double free, if the BIO data is not set
NULL when removed.
 2020-07-23 10:48:39 +02:00
akallabeth
02c5ec66e5 Fixed possible integer overflow in crypto_rsa_common 
Thanks @anticomputer for pointing this out
 2020-06-22 12:09:36 +02:00
akallabeth
d936402878 Fixed GHSL-2020-102 heap overflow 2020-05-20 15:10:07 +02:00
akallabeth
6a2785e359 Abort on first possible certificate validation error 
Only retry certificate validation if the purpose was wrong.
 2020-05-20 14:48:15 +02:00
akallabeth
7890833af8 Replaced strtok with strtok_s 2020-05-18 11:39:22 +02:00
akallabeth
5cfc3e8593 Fixed #6148: multiple ceritificate purposes 
OpenSSL certificate verification can only check a single purpose.
Run the checks with all allowed purposes and accept any.
 2020-05-12 15:36:48 +02:00
akallabeth
095d24934c Fixed #6122: Allow SSL server and client purpose 2020-04-25 08:06:00 +02:00
akallabeth
b094d52d0b Fixed #6099: Add a flag for legacy hash entries 
If a legacy entry is found in certificate hash store print
additional information to the user informing about the change
with FreeRDP 2.0
 2020-04-22 18:14:39 +02:00
Linus Heckemann
89e4e24c31 tls: support non-RSA keys 2020-04-10 17:57:34 +02:00
Armin Novak
5b9b7f331b Fixed memory leak in tls_get_channel_bindings 2020-03-06 11:37:35 +01:00
Armin Novak
9c999b7135 Added raw function wrapping X509_digest 2020-03-06 11:37:35 +01:00
Armin Novak
2be6e4117f Let ssl backend handle hash checks. 2020-03-06 11:37:35 +01:00
Armin Novak
00fa84b514 Check cert against CertificateAcceptedFingerprints 
CertificateAcceptedFingerprints may contain a list of certificate
hashes and the corresponding fingerprint.
If one of the hashes matches consider the certificate accepted.
 2020-03-06 11:37:35 +01:00
Armin Novak
ac4bb3c103 End connection before user callbacks if aborted. 
If somewhere in freerdp_connect freerdp_abort_connect was called
the user callbacks Authenticate, GatewayAuthenticate and
Verify[Changed|X509]Certificate[Ex] must not be called.
 2020-02-19 16:44:42 +01:00
Armin Novak
7c243da6e1 Remove symbols exported by accident. 2019-12-02 10:57:31 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak
d7877186d6 Fixed strnlen issues. 2019-11-05 14:55:33 +01:00
Armin Novak
993b79f1bd Removed strcpy use. 2019-10-29 11:58:43 +01:00
Armin Novak
f01e042211 Code cleanups (strlen, casts, size_t, ...) 2019-10-29 11:58:43 +01:00
asapelkin
82eadad4a4 Fix some static analizer warnings 2019-10-22 15:39:54 +02:00
Armin Novak
2f2ca9d93b Fixed leak in verify_cb. 2019-10-04 16:19:23 +02:00
Armin Novak
2778cbce8c Fixed type of sk_* macro. 2019-08-22 10:40:25 +02:00