Koichiro IWAO
04187945a8
move base64 functions to base64.c
7 years ago
Koichiro IWAO
d57e02626d
add base64_decode function
7 years ago
Koichiro IWAO
aa4b90d250
Change log level DEBUG -> WARNING
...
since unavailability of ssl protocols defined in config file
may weaken security and it is important for users.
7 years ago
Koichiro IWAO
455c341efc
Reword log messages in ssl_get_protocols_from_string()
7 years ago
Jay Sorg
8d63c32899
move openssl calls to common/libssl.c, check for defines
8 years ago
Jay Sorg
2c96908ea5
common: if SSL_shutdown fails, only call one more time
8 years ago
Jay Sorg
75fd3fcf89
common: ssl_tls_write / read return 0 on socket close
8 years ago
Pavel Roskin
6ed4c969f4
Eliminate APP_CC and DEFAULT_CC
8 years ago
Pavel Roskin
b2d3dcf169
Include config_ac.h from all source files
8 years ago
Koichiro IWAO
e94ab10e14
TLS: new method to specify SSL/TLS version
...
SSL/TLS protocols only listed in ssl_protocols should be used.
The name "ssl_protocols" comes from nginx.
Resolves #428 .
8 years ago
Jay Sorg
657f6f3756
common: use select for SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE tls errors
8 years ago
Pavel Roskin
dc1e341f5a
Constify input arguments of ssl_mod_exp() and ssl_gen_key_xrdp1()
8 years ago
Pavel Roskin
6a3f0a75bd
Remove support for OpenSSL older than 0.9.8
...
It's hard to find an older version of OpenSSL even on long term support
distros.
8 years ago
Idan Freiberg
19375dda7a
Merge pull request #426 from metalefty/log-tls-version-and-cipher
...
TLS: log TLS version and cipher
8 years ago
Koichiro IWAO
c89c1318f8
obey coding standard, no logic change
8 years ago
Pavel Roskin
6664aac00f
Use "void" for empty argument list in declarations
...
In C, an empty argument list in a declaration means that the function
can accept any arguments. Use "void" instead, it means "no arguments".
C++ treats void and empty list as "no arguments".
8 years ago
Koichiro IWAO
40e8194122
TLS: log TLS version and cipher
8 years ago
Pavel Roskin
4324084d58
Use static inline functions for OpenSSL 1.0 backport
...
Conditional preprocessor directives spread throughout the code set a bad
example.
The new backport code is located in one place. The compiler checks
argument types. The backport code has no access to the caller variables.
The main code has all advantages of the new, more compact API.
8 years ago
Dominik George
e5cf45d1ac
Add backwards compatibility to OpenSSL < 1.1.0.
8 years ago
Dominik George
1b5fb8f1c8
Fix ssl_calls for OpenSSL 1.1.0, closes #458 .
8 years ago
Jay Sorg
8f747e37ca
always set SSL_OP_NO_SSLv2 in TLS options
8 years ago
Alex Illsley
47124df4ed
new options for xrdp.ini disableSSlv3=yes and tls_ciphers=HIGH and code to implement
8 years ago
Pavel Roskin
5829323ad8
Use g_new or g_new0 when C++ compiler would complain about implicit cast
9 years ago
Pavel Roskin
aeeb3d2c2e
Fix warnings detected by -Wwrite-strings
9 years ago
Jay Sorg
f100036cd9
common: minor fix for older openssl keygen
9 years ago
Jay Sorg
0d192aee62
common: fix for key generated smaller than asked for
9 years ago
Jay Sorg
fd793bd213
rename g_tcp_can_recv to g_sck_can_recv
9 years ago
Koichiro IWAO
cd6ab20e94
common: shut up some messages in ssl_tls_print_error
...
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE are not fatal error but just
indicate SSL_read, SSL_write, SSL_accept functions to repeat.
10 years ago
Koichiro IWAO
2a2b8bcd59
common: fix #248 TLS on FreeBSD
...
According to document[1][2][3], retry when SSL_get_error returns
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
[1] https://www.openssl.org/docs/ssl/SSL_read.html
[2] https://www.openssl.org/docs/ssl/SSL_write.html
[3] https://www.openssl.org/docs/ssl/SSL_accept.html
10 years ago
speidy
86005c5bcc
ssl_calls: fix to read certificate chains
10 years ago
Jay Sorg
d9d746ce5c
common: avoid possible SSL_shutdown crash
10 years ago
Jay Sorg
cc0406dddf
common: move tls calls to ssl_calls
10 years ago
Jay Sorg
09de814ff0
common: allow RSA keys bigger than 512 bit
11 years ago
Jay Sorg
25ad4d8a36
common: add more fips ssl calls
11 years ago
Jay Sorg
2921400083
common: check for nil in fips cleanup
11 years ago
Jay Sorg
926cd095fc
common: added des3 calls for fips
11 years ago
Laxmikant Rashinkar
1123323fda
o moved from GNU General Public License to Apache License, Version 2.0
...
o applied new coding standards to all .c files
o moved some files around
12 years ago
Jay Sorg
0da32da2d8
add ssl init to common
14 years ago
Jay Sorg
bb7898419f
update copyright year
14 years ago
jsorg71
6c5f82fd04
update copyright year
16 years ago
jsorg71
2363bd373b
comment change
17 years ago
jsorg71
2cd8307610
added support for if OLD_RSA_GEN1 is defined and changed unsigned char to tui8
17 years ago
jsorg71
38b789e81f
update copyright year
17 years ago
jsorg71
ef18f927df
removed built in keygen funtion, wasn't working anyway
17 years ago
jsorg71
a7fe699174
added rsa_builtin_keygen1 for older openssl libraries
18 years ago
jsorg71
2a107df996
added undef and error message
18 years ago
jsorg71
76a8cf1689
check for old openssl library for key gen
18 years ago
jsorg71
6ecbf36e7e
added keygen function
18 years ago
jsorg71
02cd95ebef
copyright year update
18 years ago
jsorg71
00d8b7106f
commit patch 1589325, slightly modified - code cleanup
18 years ago