make it possible to use regular (non EC) EDH ciphers. To make this
possible a Diffie-Hellman parameter must be passed to the openssl
library. There are a few options possible as described in the manuals at
[1] and [2]. Simplest approach is to generate a DH parameter using
openssl dhparam -C <lenght> and include the code into the application.
The lenght used for this commit is 2236 bits long, which is the longest
possible without risking backward incompatibilities with old systems as
stated in [1]. Newer systems should use ECDH anyway, so it makes sense
to keep this method as compatible with older system as possible.
Paramters longer than 2048 should still be secure enough at the time of
writing.
[1] https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
[2] https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_tmp_dh_callback(3)
Pull request #650 is not valid to avoid run session twice.
It certainly stops running session twice but causes #1016.
In FreeBSD, sesman process will run like this. The intermediate
sesman is needed to detect session termination correctly.
xrdp-sesman (daemon)
|
+- xrdp-sesman (FreeBSD specific intermediate sesman)
|
+- xrdp-sesman (bsd sesion leader & each session)
|
+- Xorg
+- startwm.sh
+- xrdp-chansrv
To stop runninng session twice correctly, just exit before the
intermediate sesman executes Xorg, WM and chansrv.
In most cases, checking fd > 0 is not valid. open(2) returns -1 on
error, 0 on stdin, 1 on stdout, 2 on stderr, >2 . The border should be
between -1 and 0. Additionally, between 2 and 3.
Pointed out by: #919
The log is always logged when clients are disconnecting even though
nothing unusual is happening. This scares users too much. Actually,
some users created a issue on GitHub with the following log. It will
lose focus from the real error.
> [ERROR] Listening socket is in wrong state, terminating listener
because if xrdp is running 'fork=yes' mode, the log message
'shutting down log subsystem...' is logged everytime when the child
process is exitting. In other words, everytime when clients are
disconnecting. This is a little bit too vebose.
classify constants into these 5 types
* constants for xrdp
* constants come from ITU-T Recommendations
* constants come from Remote Desktop Protocol
* constants come from other MS products
* unclassified yet
