mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
16,724 Commits 6 Branches 74 Tags 84 MiB
ee6de6d293
Commit Graph

95 Commits

Author SHA1 Message Date
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message 
prefer the log formatter to provide that information.
 2023-01-25 16:26:39 +01:00
Armin Novak
7b95014157 [winpr,crypto] Split crypto header renamed 
* Renamed custom winpr crypto function header
* Added compatiblity header
 2022-11-23 09:39:56 +01:00
akallabeth
13a58bd346 [crypto] Added sha3 define guards 
sha3 is only supported with OpenSSL 1.1.1a or later
 2022-11-22 12:09:39 +01:00
akarl10
3a10bcd36a [ntlm]: use rfc5929 binding hash algorithm 
rfc5929 mandates some specific hashes for the binding algorithm
 2022-11-21 13:27:08 +01:00
fifthdegree
cbd310df52 Check smartcard certificates for correct EKU 
To be used for login, smartcard certificates must have the Microsoft
Smart Card Logon EKU
 2022-10-24 22:22:00 +02:00
akallabeth
51f4c374c4 Clear OpenSSL error queue before BIO_read/BIO_write 2022-07-02 16:32:50 +02:00
Armin Novak
4d03d7c0bf Freerdp remove #ifdef HAVE_CONFIG_H 2022-03-03 11:26:48 +01:00
Armin Novak
b2ad47a809 Reorganized FreeRDP headers 2022-03-03 11:26:48 +01:00
David Fort
cb351a099d Enable smartcard NLA logon 2022-02-24 08:52:25 +01:00
Armin Novak
10e40147fb Fixed various const warnings 2022-02-01 10:25:37 +00:00
akallabeth
a71235be74
Cert update fix (#7382) 
* Fixed certificate thumbprint default format

* Fixed VerifyChangedCertificateEx call arguments
 2021-10-21 09:07:52 +02:00
Armin Novak
13f54fc0dd Improved fingerprint hash comparison 
* Allow new hash format 11bbccdd along already supported 11:22:aa:BB
 2021-08-26 09:38:12 +02:00
Armin Novak
5fb59a23a9 Fixed lots of compilation warnings and type mismatches 2021-06-16 15:21:56 +02:00
akallabeth
8e43f90590 Fixed #7045: allow NULL isser and subjects in certificates 2021-05-28 09:25:33 +02:00
akallabeth
d4ebf8546f Cleaned up crypto API 2021-05-11 08:00:18 +02:00
akallabeth
b494a193db Refactored certificate API: 
* Proper encapsulation
* known_hosts2 backend extended (storing PEM)
* New backend storing each host certificate in a file
 2021-05-11 08:00:18 +02:00
akallabeth
9e466abe6f Fixed #6989: Use X509_STORE_set_default_paths 2021-05-03 13:37:26 +02:00
Armin Novak
57b405ca26 Fixed compilation warnings. 2020-08-10 12:14:11 +02:00
akallabeth
02c5ec66e5 Fixed possible integer overflow in crypto_rsa_common 
Thanks @anticomputer for pointing this out
 2020-06-22 12:09:36 +02:00
akallabeth
d936402878 Fixed GHSL-2020-102 heap overflow 2020-05-20 15:10:07 +02:00
akallabeth
6a2785e359 Abort on first possible certificate validation error 
Only retry certificate validation if the purpose was wrong.
 2020-05-20 14:48:15 +02:00
akallabeth
5cfc3e8593 Fixed #6148: multiple ceritificate purposes 
OpenSSL certificate verification can only check a single purpose.
Run the checks with all allowed purposes and accept any.
 2020-05-12 15:36:48 +02:00
akallabeth
095d24934c Fixed #6122: Allow SSL server and client purpose 2020-04-25 08:06:00 +02:00
Armin Novak
9c999b7135 Added raw function wrapping X509_digest 2020-03-06 11:37:35 +01:00
Armin Novak
2be6e4117f Let ssl backend handle hash checks. 2020-03-06 11:37:35 +01:00
Armin Novak
7c243da6e1 Remove symbols exported by accident. 2019-12-02 10:57:31 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak
d7877186d6 Fixed strnlen issues. 2019-11-05 14:55:33 +01:00
Armin Novak
f01e042211 Code cleanups (strlen, casts, size_t, ...) 2019-10-29 11:58:43 +01:00
Armin Novak
2f2ca9d93b Fixed leak in verify_cb. 2019-10-04 16:19:23 +02:00
Armin Novak
36c820a9d9 Extract whole certificate chain to PEM format. 2019-07-17 14:42:32 +02:00
Armin Novak
1da57d0b7e Fixed sign-compare warnings 2019-04-05 09:13:24 +02:00
Armin Novak
dd3276d664 Prefer VerifyX509Certificate and fixed const arguments 
If VerifyX509Certificate is set use it also when doing internal
certificate management. Added flags to ensure it is possible to
find out which type of connection is being made.
 2018-12-04 09:35:24 +01:00
Armin Novak
f3e1ffb121 Fix #4764: Second try, use X509_STORE_CTX_set_purpose 2018-11-28 12:08:42 +01:00
Armin Novak
77744200a8 Fix #4768: Set SSL verify purpose to ANY 
Should actually be SSL server but since we allowed broken
purpose up until now keep that for the 2.0 series.
 2018-11-26 11:58:29 +01:00
Armin Novak
a2cd934184 Fixed windows build warnings. 2018-11-15 09:01:53 +01:00
Armin Novak
5f4843191b Replaced BIO_free with BIO_free_all 
There is no point in using BIO_free with a custom recursion
to free up stacked BIOs if there is already BIO_free_all.
Using it consistently avoids memory leaks due to stacked BIOs
not being recursively freed.
 2018-11-08 12:09:49 +01:00
Armin Novak
bdff1c96fd Fixed use after free and leak. 2018-09-20 11:08:12 +02:00
Armin Novak
5bc3993e3f Fixed buffer size and function name 2018-08-27 14:34:42 +02:00
Armin Novak
62c1696d4c Removed use of unchecked sprintf 2018-08-27 14:34:42 +02:00
Pascal J. Bourguignon
63d00f6f81 Corrected the compatibility function names: crypto_cert_subject_alt_name and crypto_cert_subject_alt_name_free. 2018-08-27 13:51:30 +02:00
Pascal J. Bourguignon
79d2294a23 Put back deprecated function names crypto_cert_get_alt_names and crypto_cert_alt_names_free for FREERDP_API compatibility. 2018-08-24 15:20:03 +02:00
Pascal J. Bourguignon
98b8602663 Use C comment syntax instead of C++; added static declaration for local functions. 2018-08-24 15:05:50 +02:00
Pascal J. Bourguignon
469f9bf488 Smartcard Logon: restructured x509 certificate info extraction; added extracting the UPN. 2018-08-24 14:03:04 +02:00
Armin Novak
12a9b9a0b4 Fix #3890: Point to OpenSSL doc for private CA 2017-11-21 11:47:33 +01:00
Valery Kartel
9bf9ff9e8a Fix build with LibreSSL 2017-07-26 17:12:14 +03:00
Armin Novak
0490aeb018 Fixed clang malloc integer overflow warnings. 2017-07-20 09:29:48 +02:00
Armin Novak
4be62f7047 Fixed OpenSSL 1.1 no legacy compile issues. 2017-04-06 11:25:25 +02:00
Norbert Federa
f71b6b46e8 fix string format specifiers 
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
 2016-12-16 13:48:43 +01:00
Norbert Federa
7befab856c Support for OpenSSL 1.1.0 2016-11-24 17:50:09 +01:00