github/FreeRDP
7
0
Fork 0
mirror of https://github.com/FreeRDP/FreeRDP.git synced 2025-06-03 00:00:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

[crypto,cert] extend certificate store API

Browse Source 
Use the certificate PEM without trustchain in the local trust store, but
keep the full PEM with chain for the user facing callbacks.
This commit is contained in:
akallabeth 2024-08-13 15:54:03 +02:00
parent 22fb6aad31
commit dac0ae4976
No known key found for this signature in database
GPG Key ID: A49454A3FC909FD5
3 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/freerdp/crypto/certificate_data.h
View File

@ -60,6 +60,8 @@ extern "C"
FREERDP_API UINT16 freerdp_certificate_data_get_port(const rdpCertificateData* cert);
FREERDP_API const char* freerdp_certificate_data_get_pem(const rdpCertificateData* cert);
FREERDP_API const char* freerdp_certificate_data_get_pem_ex(const rdpCertificateData* cert,
BOOL withFullChain);
FREERDP_API const char* freerdp_certificate_data_get_subject(const rdpCertificateData* cert);
FREERDP_API const char* freerdp_certificate_data_get_issuer(const rdpCertificateData* cert);
FREERDP_API const char*

16
libfreerdp/crypto/certificate_data.c
View File

@ -48,6 +48,7 @@ struct rdp_certificate_data
char* cached_issuer;
char* cached_fingerprint;
char* cached_pem;
char* cached_pem_chain;
};
/* ensure our hostnames (and therefore filenames) always use the same capitalization.
@ -83,10 +84,15 @@ static BOOL freerdp_certificate_data_load_cache(rdpCertificateData* data)
data->cached_subject = calloc(1, 1);
size_t pemlen = 0;
data->cached_pem = freerdp_certificate_get_pem(data->cert, &pemlen);
data->cached_pem = freerdp_certificate_get_pem_ex(data->cert, &pemlen, FALSE);
if (!data->cached_pem)
goto fail;
size_t pemchainlen = 0;
data->cached_pem_chain = freerdp_certificate_get_pem_ex(data->cert, &pemchainlen, TRUE);
if (!data->cached_pem_chain)
goto fail;
data->cached_fingerprint = freerdp_certificate_get_fingerprint(data->cert);
if (!data->cached_fingerprint)
goto fail;
@ -179,6 +185,7 @@ void freerdp_certificate_data_free(rdpCertificateData* data)
free(data->cached_issuer);
free(data->cached_fingerprint);
free(data->cached_pem);
free(data->cached_pem_chain);
free(data);
}
@ -198,9 +205,16 @@ UINT16 freerdp_certificate_data_get_port(const rdpCertificateData* cert)
}
const char* freerdp_certificate_data_get_pem(const rdpCertificateData* cert)
{
return freerdp_certificate_data_get_pem_ex(cert, TRUE);
}
const char* freerdp_certificate_data_get_pem_ex(const rdpCertificateData* cert, BOOL withFullChain)
{
if (!cert)
return NULL;
if (withFullChain)
return cert->cached_pem_chain;
return cert->cached_pem;
}

2
libfreerdp/crypto/certificate_store.c
View File

@ -116,7 +116,7 @@ BOOL freerdp_certificate_store_save_data(rdpCertificateStore* store, const rdpCe
if (!fp)
goto fail;
fprintf(fp, "%s", freerdp_certificate_data_get_pem(data));
fprintf(fp, "%s", freerdp_certificate_data_get_pem_ex(data, FALSE));
rc = TRUE;
fail: