inital commit including tls cert verification

libfreerdp-core/credssp.c

@@ -641,3 +641,33 @@ void credssp_free(rdpCredssp* credssp)
 		xfree(credssp);
 	}
 }
+char* crypto_cert_fingerprint(X509 *xcert)
+{
+    unsigned char fp[EVP_MAX_MD_SIZE];
+    int i;
+    unsigned int fp_len;
+    X509_digest(xcert,EVP_sha1(),fp,&fp_len);
+    char *fp_buf=xzalloc(3*fp_len);
+    char *p = fp_buf;
+    for (i = 0; i < fp_len - 1; i++)
+    {
+        sprintf(p, "%02x:", fp[i]);
+        p = (char*) &fp_buf[i * 3];
+    }
+        sprintf(p, "%02x", fp[i]);
+    return fp_buf;
+}
+void crypto_cert_printinfo(X509 *xcert)
+{
+    char *subject;
+    char *issuer;
+    char *fp;
+    subject=X509_NAME_oneline(X509_get_subject_name(xcert),NULL,0);
+    issuer=X509_NAME_oneline(X509_get_issuer_name(xcert),NULL,0);
+    fp=crypto_cert_fingerprint(xcert);
+    printf("Cerificate details:\n");
+    printf("\tSubject : %s\n",subject);
+    printf("\tIssuer : %s\n",issuer);
+    printf("\tCert Thumbprint (sha1) : %s\n",fp);
+    xfree(fp);
+}

libfreerdp-core/crypto.c

@@ -189,3 +189,33 @@ void crypto_nonce(uint8* nonce, int size)
 {
 	RAND_bytes((void*) nonce, size);
 }
+char* crypto_cert_fingerprint(X509 *xcert)
+{
+    unsigned char fp[EVP_MAX_MD_SIZE];
+    int i;
+    unsigned int fp_len;
+    X509_digest(xcert,EVP_sha1(),fp,&fp_len);
+    char *fp_buf=xzalloc(3*fp_len);
+    char *p = fp_buf;
+    for (i = 0; i < fp_len - 1; i++)
+    {
+        sprintf(p, "%02x:", fp[i]);
+        p = (char*) &fp_buf[i * 3];
+    }
+        sprintf(p, "%02x", fp[i]);
+    return fp_buf;
+}
+void crypto_cert_printinfo(X509 *xcert)
+{
+    char *subject;
+    char *issuer;
+    char *fp;
+    subject=X509_NAME_oneline(X509_get_subject_name(xcert),NULL,0);
+    issuer=X509_NAME_oneline(X509_get_issuer_name(xcert),NULL,0);
+    fp=crypto_cert_fingerprint(xcert);
+    printf("Cerificate details:\n");
+    printf("\tSubject : %s\n",subject);
+    printf("\tIssuer : %s\n",issuer);
+    printf("\tCert Thumbprint (sha1) : %s\n",fp);
+    xfree(fp);
+}

libfreerdp-core/crypto.h

@@ -41,6 +41,7 @@
 
 #define EXPONENT_MAX_SIZE			4
 #define MODULUS_MAX_SIZE			64
+#define CA_LOCAL_PATH   ".freerdp/cacert"
 
 #include <freerdp/freerdp.h>
 #include <freerdp/utils/blob.h>
@@ -83,6 +84,8 @@ void crypto_rc4_free(CryptoRc4 rc4);
 
 typedef struct crypto_cert_struct* CryptoCert;
 CryptoCert crypto_cert_read(uint8* data, uint32 length);
+char* cypto_cert_fingerprint(X509* xcert);
+void crypto_cert_printinfo(X509* xcert);
 void crypto_cert_free(CryptoCert cert);
 boolean crypto_cert_verify(CryptoCert server_cert, CryptoCert cacert);
 boolean crypto_cert_get_public_key(CryptoCert cert, rdpBlob* public_key);

libfreerdp-core/tls.c

@@ -246,6 +246,41 @@ rdpTls* tls_new()
 
 	return tls;
 }
+boolean tls_verify_cert(CryptoCert cert)
+{
+    X509 *xcert=cert->px509;
+    char dir_path[1024]="";
+    int ret=0;
+    X509_STORE *cert_ctx=NULL;
+    X509_LOOKUP *lookup=NULL;
+    X509_STORE_CTX *csc;
+    cert_ctx=X509_STORE_new();
+    if (cert_ctx == NULL)
+        goto end;
+    OpenSSL_add_all_algorithms();
+    lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
+    if (lookup == NULL)
+        goto end;
+    lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
+    if (lookup == NULL)
+        goto end;
+    X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+    X509_LOOKUP_add_dir(lookup,"/home/whoami/project/install",X509_FILETYPE_ASN1);
+    csc = X509_STORE_CTX_new();
+    if (csc == NULL)
+        goto end;
+    X509_STORE_set_flags(cert_ctx, 0);
+    if(!X509_STORE_CTX_init(csc,cert_ctx,xcert,0))
+        goto end;
+    int i=X509_verify_cert(csc);
+    int cert_error=X509_STORE_CTX_get_error(cert_ctx);
+    X509_STORE_CTX_free(csc);
+    X509_STORE_free(cert_ctx);
+    ret=0;
+    end:
+    ret = (i > 0);
+    return(ret);
+}
 
 void tls_free(rdpTls* tls)
 {

libfreerdp-core/tls.h

@@ -50,7 +50,7 @@ int tls_read(rdpTls* tls, uint8* data, int length);
 int tls_write(rdpTls* tls, uint8* data, int length);
 CryptoCert tls_get_certificate(rdpTls* tls);
 boolean tls_print_error(char* func, SSL* connection, int value);
-
+boolean tls_verify_cert(CryptoCert cert);
 rdpTls* tls_new();
 void tls_free(rdpTls* tls);