jh163888/xrdp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Check certificate/privkey readability not existence

Browse Source 
to fail RDP security negotiation if certificate/privkey is not readable
This commit is contained in:
Koichiro IWAO 2017-03-08 22:42:41 +09:00 committed by metalefty
parent 65c1fe87d7
commit 4f7969b562
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libxrdp/xrdp_iso.c
View File

@ -78,12 +78,12 @@ xrdp_iso_negotiate_security(struct xrdp_iso *self)
case PROTOCOL_SSL: case PROTOCOL_SSL:
if (self->requestedProtocol & PROTOCOL_SSL) if (self->requestedProtocol & PROTOCOL_SSL)
{ {
if (!g_file_readable(client_info->certificate) ||
if(!g_file_exist(client_info->certificate) || !g_file_readable(client_info->key_file))
!g_file_exist(client_info->key_file))
{ {
/* certificate file doesn't exist */ /* certificate or privkey is not readable */
LLOGLN(0, ("xrdp_iso_negotiate_security: TLS certificate not found on server")); log_message(LOG_LEVEL_DEBUG, "No readable certificates or "
"private keys, cannot accept TLS connections");
self->failureCode = SSL_CERT_NOT_ON_SERVER; self->failureCode = SSL_CERT_NOT_ON_SERVER;
rv = 1; /* error */ rv = 1; /* error */
} }
@ -102,8 +102,8 @@ xrdp_iso_negotiate_security(struct xrdp_iso *self)
case PROTOCOL_HYBRID_EX: case PROTOCOL_HYBRID_EX:
default: default:
if ((self->requestedProtocol & PROTOCOL_SSL) && if ((self->requestedProtocol & PROTOCOL_SSL) &&
g_file_exist(client_info->certificate) && g_file_readable(client_info->certificate) &&
g_file_exist(client_info->key_file)) g_file_readable(client_info->key_file))
{ {
/* that's a patch since we don't support CredSSP for now */ /* that's a patch since we don't support CredSSP for now */
self->selectedProtocol = PROTOCOL_SSL; self->selectedProtocol = PROTOCOL_SSL;