Commit Graph

54 Commits

Author SHA1 Message Date
Koichiro IWAO
aa4b90d250 Change log level DEBUG -> WARNING
since unavailability of ssl protocols defined in config file
may weaken security and it is important for users.
2017-07-06 13:14:27 +09:00
Koichiro IWAO
455c341efc Reword log messages in ssl_get_protocols_from_string() 2017-07-06 13:14:27 +09:00
Jay Sorg
8d63c32899 move openssl calls to common/libssl.c, check for defines 2017-06-22 11:47:48 +09:00
Jay Sorg
2c96908ea5 common: if SSL_shutdown fails, only call one more time 2017-05-10 14:56:20 -07:00
Jay Sorg
75fd3fcf89 common: ssl_tls_write / read return 0 on socket close 2017-05-10 14:56:20 -07:00
Pavel Roskin
6ed4c969f4 Eliminate APP_CC and DEFAULT_CC 2017-03-14 00:21:48 -07:00
Pavel Roskin
b2d3dcf169 Include config_ac.h from all source files 2017-03-04 00:52:34 -08:00
Koichiro IWAO
e94ab10e14 TLS: new method to specify SSL/TLS version
SSL/TLS protocols only listed in ssl_protocols should be used.
The name "ssl_protocols" comes from nginx.

Resolves #428.
2017-02-27 14:17:25 +09:00
Jay Sorg
657f6f3756 common: use select for SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE tls errors 2017-02-25 20:52:27 -08:00
Pavel Roskin
dc1e341f5a Constify input arguments of ssl_mod_exp() and ssl_gen_key_xrdp1() 2017-02-02 21:39:10 -08:00
Pavel Roskin
6a3f0a75bd Remove support for OpenSSL older than 0.9.8
It's hard to find an older version of OpenSSL even on long term support
distros.
2017-02-02 21:39:10 -08:00
Idan Freiberg
19375dda7a Merge pull request #426 from metalefty/log-tls-version-and-cipher
TLS: log TLS version and cipher
2017-01-16 07:26:51 +02:00
Koichiro IWAO
c89c1318f8 obey coding standard, no logic change 2017-01-12 09:28:22 +09:00
Pavel Roskin
6664aac00f Use "void" for empty argument list in declarations
In C, an empty argument list in a declaration means that the function
can accept any arguments. Use "void" instead, it means "no arguments".

C++ treats void and empty list as "no arguments".
2017-01-05 17:27:20 -08:00
Koichiro IWAO
40e8194122 TLS: log TLS version and cipher 2016-11-22 10:50:30 +09:00
Pavel Roskin
4324084d58 Use static inline functions for OpenSSL 1.0 backport
Conditional preprocessor directives spread throughout the code set a bad
example.

The new backport code is located in one place. The compiler checks
argument types. The backport code has no access to the caller variables.
The main code has all advantages of the new, more compact API.
2016-11-01 11:09:15 -07:00
Dominik George
e5cf45d1ac
Add backwards compatibility to OpenSSL < 1.1.0. 2016-10-27 22:40:48 +02:00
Dominik George
1b5fb8f1c8
Fix ssl_calls for OpenSSL 1.1.0, closes #458. 2016-10-27 21:56:22 +02:00
Jay Sorg
8f747e37ca always set SSL_OP_NO_SSLv2 in TLS options 2016-08-25 11:38:03 -07:00
Alex Illsley
47124df4ed new options for xrdp.ini disableSSlv3=yes and tls_ciphers=HIGH and code to implement 2016-08-25 11:20:47 -07:00
Pavel Roskin
5829323ad8 Use g_new or g_new0 when C++ compiler would complain about implicit cast 2016-07-08 04:29:49 +00:00
Pavel Roskin
aeeb3d2c2e Fix warnings detected by -Wwrite-strings 2016-07-08 04:29:42 +00:00
Jay Sorg
f100036cd9 common: minor fix for older openssl keygen 2016-02-22 11:48:54 -08:00
Jay Sorg
0d192aee62 common: fix for key generated smaller than asked for 2016-02-22 11:38:03 -08:00
Jay Sorg
fd793bd213 rename g_tcp_can_recv to g_sck_can_recv 2015-10-07 22:17:12 -07:00
Koichiro IWAO
cd6ab20e94 common: shut up some messages in ssl_tls_print_error
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE are not fatal error but just
indicate SSL_read, SSL_write, SSL_accept functions to repeat.
2015-06-12 13:03:07 +09:00
Koichiro IWAO
2a2b8bcd59 common: fix #248 TLS on FreeBSD
According to document[1][2][3], retry when SSL_get_error returns
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.

[1] https://www.openssl.org/docs/ssl/SSL_read.html
[2] https://www.openssl.org/docs/ssl/SSL_write.html
[3] https://www.openssl.org/docs/ssl/SSL_accept.html
2015-06-11 21:45:57 +09:00
speidy
86005c5bcc ssl_calls: fix to read certificate chains 2014-12-10 00:04:38 +02:00
Jay Sorg
d9d746ce5c common: avoid possible SSL_shutdown crash 2014-12-02 10:52:03 -08:00
Jay Sorg
cc0406dddf common: move tls calls to ssl_calls 2014-11-25 18:55:37 -08:00
Jay Sorg
09de814ff0 common: allow RSA keys bigger than 512 bit 2014-06-05 17:52:02 -07:00
Jay Sorg
25ad4d8a36 common: add more fips ssl calls 2014-02-23 20:40:13 -08:00
Jay Sorg
2921400083 common: check for nil in fips cleanup 2014-02-23 12:27:41 -08:00
Jay Sorg
926cd095fc common: added des3 calls for fips 2014-02-20 23:15:24 -08:00
Laxmikant Rashinkar
1123323fda o moved from GNU General Public License to Apache License, Version 2.0
o applied new coding standards to all .c files
o moved some files around
2012-09-19 20:51:34 -07:00
Jay Sorg
0da32da2d8 add ssl init to common 2011-05-28 23:56:10 -07:00
Jay Sorg
bb7898419f update copyright year 2010-10-19 20:00:38 -07:00
jsorg71
6c5f82fd04 update copyright year 2009-02-02 08:01:44 +00:00
jsorg71
2363bd373b comment change 2008-04-15 05:36:35 +00:00
jsorg71
2cd8307610 added support for if OLD_RSA_GEN1 is defined and changed unsigned char to tui8 2008-04-15 02:27:31 +00:00
jsorg71
38b789e81f update copyright year 2008-01-30 07:30:10 +00:00
jsorg71
ef18f927df removed built in keygen funtion, wasn't working anyway 2007-09-21 21:37:54 +00:00
jsorg71
a7fe699174 added rsa_builtin_keygen1 for older openssl libraries 2007-07-18 05:37:10 +00:00
jsorg71
2a107df996 added undef and error message 2007-07-03 04:25:18 +00:00
jsorg71
76a8cf1689 check for old openssl library for key gen 2007-07-03 01:14:59 +00:00
jsorg71
6ecbf36e7e added keygen function 2007-06-16 04:51:19 +00:00
jsorg71
02cd95ebef copyright year update 2007-01-12 05:01:58 +00:00
jsorg71
00d8b7106f commit patch 1589325, slightly modified - code cleanup 2006-11-04 22:05:06 +00:00
jsorg71
70449c9471 need to include stdlib.h before opensll headers 2006-05-31 17:46:24 +00:00
jsorg71
b65409683b copyright year updates 2006-03-21 02:05:38 +00:00