Pierre Ossman
df94870c91
Remove unused variables and functions
2019-04-12 14:37:24 +02:00
Pierre Ossman
836e008853
Fix fast path stream array
...
There are 16 possible codes, not 15.
(even if we currently don't know what to do with the last code)
2019-04-12 14:37:24 +02:00
Pierre Ossman
a4bdfcfe76
Don't check certificate purpose on older GnuTLS
...
The feature was added in 3.6.0, so avoid compilation errors if
building with an older GnuTLS.
2019-03-01 11:17:40 +01:00
Alexander Zakharov
49caf6e7c3
Merge pull request #313 from markusbeth/fix_format_strings
...
fix "Too few arguments to formatting function"
2019-02-08 09:27:58 +03:00
Markus Beth
e7fb28f28e
fix "Too few arguments to formatting function"
2019-02-07 23:52:24 +01:00
Markus Beth
b02996136b
Fix memory leak
...
Variables of type mpz_t must be cleared with mpz_clear().
2019-02-05 22:48:48 +01:00
Markus Beth
caae8af53c
Fix memory leaks on certificate handling
...
Call rdssl_cert_free() for all certificates created with
rdssl_cert_read().
2019-02-05 22:48:32 +01:00
Markus Beth
35d8c932ab
Fix memory leaks on certificate handling
...
Certificates initialized with gnutls_x509_crt_init() must be freed with
gnutls_x509_crt_deinit().
Memory allocated with malloc() should be freed with free() not
gnutls_free().
2019-02-05 22:34:10 +01:00
Markus Beth
116e125139
Fix memory leaks
...
The return values of XGetAtomName() have to be freed with XFree().
2019-02-05 22:34:10 +01:00
Alexander Zakharov
85f99edd65
Update copyrights
2019-02-01 11:21:32 +03:00
Alexander Zakharov
d4fe8e8421
Merge pull request #309 from markusbeth/fix_heap_overflow
...
fix heap overflow in libtasn_read_cert_pk_parameters
2019-02-01 10:46:13 +03:00
Markus Beth
30b9571586
fix heap overflow in libtasn_read_cert_pk_parameters
...
use correct size to memcpy() the exponent data in
libtasn_read_cert_pk_parameters
2019-02-01 08:30:19 +01:00
Alexander Zakharov
ff875768ed
Merge pull request #307 from derfian/drive-redirection-offsets
...
Fix device redirection offsets
2019-01-31 13:20:04 +03:00
Karl Mikaelsson
5351182410
Fix problems with transferring large files
...
The entire device redirection framework is documented to use 64-bit
offsets rather than 32-bit offsets. This should fix any problems
transfering large files with rdesktop.
Co-Authored-By: gpatel-fr <44170243+gpatel-fr@users.noreply.github.com>
2019-01-31 10:51:19 +01:00
Henrik Andersson
8ea0b446ef
Add report of activation/expiration dates
2019-01-31 10:40:12 +01:00
Henrik Andersson
fcf3e923ba
Merge pull request #298 from rdesktop/GnuTLS
...
Replace OpenSSL with GnuTLS Nettle, libtasn1
2019-01-30 17:34:07 +01:00
Henrik Andersson
9acb0ccaa3
Dont use status bits not available in v3.2.0
2019-01-30 17:16:14 +01:00
Henrik Andersson
e021920813
This commit have multiple fixes:
...
- Break out code from tcp.c into utils.c for handling
of adding certificate exceptions
- Add clarifications why a certificate is untrusted
- Add simplified certificate view with fingerprints for
review.
2019-01-30 16:12:15 +01:00
Karl Mikaelsson
aa5935cb11
Merge pull request #305 from wallix/master
...
Fix checking the length of remaining data in stream for very compact orders.
2019-01-30 11:07:13 +01:00
Pierre Ossman
17363d9e4d
Get a private copy of the redirect cookie
...
We accidentally just changed the pointer rather than copying the
cookie in to our freshly allocated buffer. This caused problems
after 74b2129e
as we started freeing the stream buffers on
disconnect.
2019-01-30 11:00:23 +01:00
Karl Mikaelsson
28b3c6b621
Explain the +7 constant while processing secondary drawing orders
2019-01-30 10:49:27 +01:00
Karl Mikaelsson
4e6787c889
Add types and stream infrastructure for 64-bit integers
...
In preparation for reading 64-bit file offsets.
2019-01-29 16:41:39 +01:00
Henrik Andersson
b9a50db894
Print full cert for review
2019-01-29 10:38:14 +01:00
Henrik Andersson
f8581c40b0
Remove unused code block and add generic error logging
2019-01-29 10:38:14 +01:00
Henrik Andersson
eacecac99c
Set base requirement of GnuTLS to >= 3.2.0
2019-01-29 10:38:14 +01:00
Henrik Andersson
bc3a5789e4
Cleanup unused leftovers from commit 3191c341b9
2019-01-29 10:38:14 +01:00
Henrik Andersson
78a9dcff68
Refactor of public key cert check
...
Reafctored public key check from libtasn_read_cert_pk_parameters()
into its own function libtasn_cert_pk_oid(). The make use of it
instead of gnutls_x509_crt_get_pk_oid().
2019-01-29 10:38:14 +01:00
Henrik Andersson
e33b9b7ea6
Fix build for clang
2019-01-29 10:38:14 +01:00
Henrik Andersson
6577cc57e9
Do not use DN as key for certificate cache as it is insecure
2019-01-29 10:38:14 +01:00
Henrik Andersson
3ab19d543c
Revert "Added implementation of a gnutls pubkey store (tdb)"
...
This reverts commit f493395fc7e36e504c27cab8ad973042c55f0767.
2019-01-29 10:38:14 +01:00
Henrik Andersson
95fac5e1f6
Revert "Use base64 encode/decode routines from nettle instead of gnutls"
...
This reverts commit 252bc346e2379475f8547d4a458743bed067448d.
2019-01-29 10:38:14 +01:00
Henrik Andersson
18287bdacf
Add certificate verification against system trust store
...
Verify the certificate from the peer against the system’s default
trusted CAs. If certificate fails the verification a fallback to
use the certificate cache is used.
The certificate cache is used to give the user the option to add
exceptions for invalid certificates. For example; self-signed
certificates etc.
2019-01-29 10:38:14 +01:00
Henrik Andersson
2a955dbf84
Never silently add a certificate to cache
...
A user always needs to approve to add an exception for
a invalid certificate.
2019-01-29 10:38:14 +01:00
Henrik Andersson
d931ad5fab
Bump ubuntu up from 14.04 to 16.04
2019-01-29 10:38:14 +01:00
Henrik Andersson
a61bb39dec
Fix compiling warnings
2019-01-29 10:38:14 +01:00
Henrik Andersson
4bae3de6cd
Add requirement of GnuTLS version 3.0
...
This is required for gnutls_store_pubkey/gnutls_verify_pubkey
api used in pubkey cache verification.
2019-01-29 10:38:14 +01:00
Henrik Andersson
307ca2eb03
Use base64 encode/decode routines from nettle instead of gnutls
...
This relaxes the version requirement for gnutls
2019-01-29 10:38:14 +01:00
Henrik Andersson
4781868e33
Added implementation of a gnutls pubkey store (tdb)
...
This fixes the problem with the default gnutls implementaion
that keys could not be updated eg. overwritten.
2019-01-29 10:38:14 +01:00
Henrik Andersson
11ca5446d9
Make certificate mismatch handling use util_dialog_choice()
2019-01-29 10:38:14 +01:00
Henrik Andersson
9c47a9fe66
Add util_dialog_choice() for display prompt and handle response
2019-01-29 10:38:13 +01:00
Alexander Zakharov
d7d55cf3f7
PoC: Check server's certificate
2019-01-29 10:38:13 +01:00
Alexander Zakharov
78afb19536
Fix Travis CI OSX build
2019-01-29 10:38:13 +01:00
Alexander Zakharov
23e22e3834
Temporary fix for gnutls_handshake() failure
2019-01-29 10:38:13 +01:00
Alexander Zakharov
90fd660803
Parse X.509 certificate, get RSA public key, RSA encrypt
...
Also add support older (< 3.5.0) GnuTLS versions
2019-01-29 10:38:13 +01:00
Alexander Zakharov
166d1bc14d
Replace OpenSSL with GnuTLS for all network communications
2019-01-29 10:38:13 +01:00
Alexander Zakharov
00d9e0c4c8
Replace HMAC_MD5, SHA1, RC4, MD5 with Nettle's counterparts
2019-01-29 10:38:13 +01:00
Alexander Zakharov
673b267e66
Add ASN.1 parsing routines
2019-01-29 10:38:13 +01:00
Henrik Andersson
bc727e7ef1
One should be able to provide empty password via -p
2019-01-29 10:28:14 +01:00
Karl Mikaelsson
e92916eaae
Merge pull request #306 from rdesktop/uglym8-ewmh-fullscreen
...
Change the way we do fullscreen
2019-01-28 16:21:21 +01:00
XiaopengZHOU
6249a5fec3
Fix checking the length of remaining data in stream for very compact orders.
2019-01-28 12:11:03 +01:00