It was removed in 256d8e2 because the purpose was unclear. It turns
out that the automatically generated self signed certificates will
have Key Encipherment and Data Encipherment set as key usage, but
the required ones are Digital Signature and Key Encipherment. A
proper certificate generally doesn't have this issue, but connecting
to stand alone machines without a proper certificate is common.
Unfortunately the %COMPAT flag is the only thing that makes GnuTLS
tolerate this bug, but that flag also allows a lot of other protocol
violations.
Use a consistent style of returning a new STREAM object from functions
that output data, rather than requiring an existing structure to be
passed in. This generally makes the memory management more straight
forward and allows us to do more proper bounds checking of everything.
This also adds some new STREAM macros to make it easier to manage
them without poking around in the internal structure.
We don't know when the caller might be done with a stream, so we
can end up with code overwriting things in a stream that is in use
elsewhere.
Solve the issue by returning a new stream each time and leave it
up to the callers to free it.
- Break out code from tcp.c into utils.c for handling
of adding certificate exceptions
- Add clarifications why a certificate is untrusted
- Add simplified certificate view with fingerprints for
review.
Verify the certificate from the peer against the system’s default
trusted CAs. If certificate fails the verification a fallback to
use the certificate cache is used.
The certificate cache is used to give the user the option to add
exceptions for invalid certificates. For example; self-signed
certificates etc.
If tcp_connect is called with the same server name, don't look up the
address again. This avoids connecting to other servers when using a
round-robin RDS farm name, as recommended by Microsoft.
This introduces a backwards-incompatible change. If rdesktop was
reconnecting because the user was moving between networks and the
server is no longer reachable on the same address, the user must
re-start rdesktop to reach their server.
If tcp_connect is called with the same server name, don't look up the
address again. This avoids connecting to other servers when using a
round-robin RDS farm name, as recommended by Microsoft.
This introduces a backwards-incompatible change. If rdesktop was
reconnecting because the user was moving between networks and the
server is no longer reachable on the same address, the user must
re-start rdesktop to reach their server.
This adds support for resizing the RDP session dynamically based on
the window size. Some complicated logic has been added to avoid
sending excessive amounts of resize requests to the RDP server.
When supported, this resize mechanism should use the RDPEDISP way of
signalling the server to initiate a Deactivate/Activate sequence, but
rdesktop will fall back on Disconnect/Reconnect if RDPEDISP is not
supported by the server.
ui_select has been refactored and most functionality has been broken
out into three new functions, simplifying ui_select into a loop.
Signed-off-by: Henrik Andersson <hean01@cendio.com>
Signed-off-by: Karl Mikaelsson <derfian@cendio.se>
Signed-off-by: Thomas Nilefalk <thoni56@cendio.se>
This commit will add a logging system to solve the problem that
one actually need to recompile rdesktop from source to enable
different debug logging.
- Same logging api for all kind of logging and messages to
end user.
- Adding -v for verbose output when running rdesktop.
- All messages are logged into a subject and with a type, eg:
logger(Keyboard, Notice, "Autos-electing %s based on locale.", locale);
- Debug logging is enabled trough a environment variable RDEKSTOP_DEBUG,
which specifies subjects of interest, comma separated. There is a special
subject named All which includes all subject for debug loggin. There is also
a simple logic opeartor '!' = NOT which can be used in combination like:
RDESKTOP_DEBUG=All,!Graphics,!Sound
Which would give debug log output for All subject except Graphics and Sound.
OpenSSL < 0.9.9 does not support this option, see upstream
commit 566dda07ba16f9d3b9774fd5c8d526d7cc93f179 for reference.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1734 423420c4-83ab-492f-b58f-81f9feb106b5
which corrupts the stream and prevents a SSL reconnect to work.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1720 423420c4-83ab-492f-b58f-81f9feb106b5
which introduces some problems.
Added some graceful handling of peer SSL shutdown for better error
reporting.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1675 423420c4-83ab-492f-b58f-81f9feb106b5