Change the SSL context option to specific onse instead of using all
which introduces some problems. Added some graceful handling of peer SSL shutdown for better error reporting. git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1675 423420c4-83ab-492f-b58f-81f9feb106b5
This commit is contained in:
parent
9b242744da
commit
6d437f8116
22
tcp.c
22
tcp.c
@ -3,6 +3,7 @@
|
|||||||
Protocol services - TCP layer
|
Protocol services - TCP layer
|
||||||
Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
|
Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
|
||||||
Copyright 2005-2011 Peter Astrand <astrand@cendio.se> for Cendio AB
|
Copyright 2005-2011 Peter Astrand <astrand@cendio.se> for Cendio AB
|
||||||
|
Copyright 2012 Henrik Andersson <hean01@cendio.se> for Cendio AB
|
||||||
|
|
||||||
This program is free software: you can redistribute it and/or modify
|
This program is free software: you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
@ -216,6 +217,12 @@ tcp_recv(STREAM s, uint32 length)
|
|||||||
|
|
||||||
if (ssl_err == SSL_ERROR_SSL)
|
if (ssl_err == SSL_ERROR_SSL)
|
||||||
{
|
{
|
||||||
|
if (SSL_get_shutdown(g_ssl) & SSL_RECEIVED_SHUTDOWN)
|
||||||
|
{
|
||||||
|
error("Remote peer initiated ssl shutdown.\n");
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
ERR_print_errors_fp(stdout);
|
ERR_print_errors_fp(stdout);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -265,6 +272,7 @@ RD_BOOL
|
|||||||
tcp_tls_connect(void)
|
tcp_tls_connect(void)
|
||||||
{
|
{
|
||||||
int err;
|
int err;
|
||||||
|
long options;
|
||||||
|
|
||||||
SSL_load_error_strings();
|
SSL_load_error_strings();
|
||||||
SSL_library_init();
|
SSL_library_init();
|
||||||
@ -276,7 +284,11 @@ tcp_tls_connect(void)
|
|||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
SSL_CTX_set_options(g_ssl_ctx, SSL_OP_ALL);
|
options = 0;
|
||||||
|
options |= SSL_OP_NO_COMPRESSION;
|
||||||
|
options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
|
||||||
|
|
||||||
|
SSL_CTX_set_options(g_ssl_ctx, options);
|
||||||
|
|
||||||
g_ssl = SSL_new(g_ssl_ctx);
|
g_ssl = SSL_new(g_ssl_ctx);
|
||||||
if (g_ssl == NULL)
|
if (g_ssl == NULL)
|
||||||
@ -350,9 +362,10 @@ tcp_tls_get_server_pubkey(STREAM s)
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
s->data = s->p = xmalloc(s->size + 1);
|
s->data = s->p = xmalloc(s->size);
|
||||||
i2d_PublicKey(pkey, &s->p);
|
i2d_PublicKey(pkey, &s->p);
|
||||||
s->end = s->p;
|
s->p = s->data;
|
||||||
|
s->end = s->p + s->size;
|
||||||
|
|
||||||
out:
|
out:
|
||||||
if (cert)
|
if (cert)
|
||||||
@ -474,10 +487,9 @@ tcp_connect(char *server)
|
|||||||
void
|
void
|
||||||
tcp_disconnect(void)
|
tcp_disconnect(void)
|
||||||
{
|
{
|
||||||
int err;
|
|
||||||
if (g_ssl)
|
if (g_ssl)
|
||||||
{
|
{
|
||||||
err = SSL_shutdown(g_ssl);
|
(void) SSL_shutdown(g_ssl);
|
||||||
SSL_free(g_ssl);
|
SSL_free(g_ssl);
|
||||||
g_ssl = NULL;
|
g_ssl = NULL;
|
||||||
SSL_CTX_free(g_ssl_ctx);
|
SSL_CTX_free(g_ssl_ctx);
|
||||||
|
Loading…
Reference in New Issue
Block a user