morgan/FreeRDP
1
0
Fork 0
mirror of https://github.com/morgan9e/FreeRDP synced 2026-04-15 00:44:19 +09:00
Code Issues Packages Projects Releases Wiki Activity

libfreerdp-core: fix VerifyX509Certificate to make distinction between gateway and direct connection

Browse Source
This commit is contained in:
Marc-André Moreau
2014-05-30 14:36:18 -04:00
parent 709df9aecc
commit d2ad5f698b
3 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/freerdp/crypto/tls.h
View File

@@ -81,6 +81,7 @@ struct rdp_tls
int port;
int alertLevel;
int alertDescription;
BOOL isGatewayTransport;
};
FREERDP_API int tls_connect(rdpTls* tls, BIO *underlying);

6
libfreerdp/core/transport.c
View File

@@ -268,6 +268,8 @@ BOOL transport_connect_tls(rdpTransport* transport)
if (targetTls->port == 0)
targetTls->port = 3389;
targetTls->isGatewayTransport = FALSE;
tls_status = tls_connect(targetTls, targetBio);
if (tls_status < 1)
@@ -404,6 +406,8 @@ BOOL transport_tsg_connect(rdpTransport* transport, const char* hostname, UINT16
transport->TlsIn->hostname = transport->TlsOut->hostname = settings->GatewayHostname;
transport->TlsIn->port = transport->TlsOut->port = settings->GatewayPort;
transport->TlsIn->isGatewayTransport = TRUE;
tls_status = tls_connect(transport->TlsIn, transport->TcpIn->bufferedBio);
if (tls_status < 1)
@@ -422,6 +426,8 @@ BOOL transport_tsg_connect(rdpTransport* transport, const char* hostname, UINT16
return FALSE;
}
transport->TlsOut->isGatewayTransport = TRUE;
tls_status = tls_connect(transport->TlsOut, transport->TcpOut->bufferedBio);
if (tls_status < 1)

7
libfreerdp/crypto/tls.c
View File

@@ -591,7 +591,7 @@ int tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int por
if (instance->VerifyX509Certificate)
{
status = instance->VerifyX509Certificate(instance, pemCert, length, hostname, port, 0);
status = instance->VerifyX509Certificate(instance, pemCert, length, hostname, port, tls->isGatewayTransport);
}
fprintf(stderr, "%s: (length = %d) status: %d\n%s\n", __FUNCTION__, length, status, pemCert);
@@ -798,7 +798,8 @@ rdpTls* tls_new(rdpSettings* settings)
{
rdpTls* tls;
tls = (rdpTls *)calloc(1, sizeof(rdpTls));
tls = (rdpTls*) calloc(1, sizeof(rdpTls));
if (!tls)
return NULL;
@@ -807,11 +808,13 @@ rdpTls* tls_new(rdpSettings* settings)
tls->settings = settings;
tls->certificate_store = certificate_store_new(settings);
if (!tls->certificate_store)
goto out_free;
tls->alertLevel = TLS_ALERT_LEVEL_WARNING;
tls->alertDescription = TLS_ALERT_DESCRIPTION_CLOSE_NOTIFY;
return tls;
out_free: