|
|
@ -18,6 +18,7 @@
|
|
|
|
* rdp layer
|
|
|
|
* rdp layer
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
#include "libxrdp.h"
|
|
|
|
#include "libxrdp.h"
|
|
|
|
#include "log.h"
|
|
|
|
#include "log.h"
|
|
|
|
|
|
|
|
|
|
|
@ -44,6 +45,8 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
|
|
|
|
char *item = (char *)NULL;
|
|
|
|
char *item = (char *)NULL;
|
|
|
|
char *value = (char *)NULL;
|
|
|
|
char *value = (char *)NULL;
|
|
|
|
char cfg_file[256];
|
|
|
|
char cfg_file[256];
|
|
|
|
|
|
|
|
char *tmp = (char *)NULL;
|
|
|
|
|
|
|
|
int tmp_length = 0;
|
|
|
|
|
|
|
|
|
|
|
|
/* initialize (zero out) local variables: */
|
|
|
|
/* initialize (zero out) local variables: */
|
|
|
|
g_memset(cfg_file, 0, sizeof(char) * 256);
|
|
|
|
g_memset(cfg_file, 0, sizeof(char) * 256);
|
|
|
@ -160,9 +163,37 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
|
|
|
|
client_info->use_fast_path = 0;
|
|
|
|
client_info->use_fast_path = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (g_strcasecmp(item, "disableSSLv3") == 0)
|
|
|
|
else if (g_strcasecmp(item, "ssl_protocols") == 0)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
client_info->disableSSLv3 = g_text2bool(value);
|
|
|
|
/* put leading/trailing space to properly detect "TLSv1" without regex */
|
|
|
|
|
|
|
|
tmp_length = g_strlen(value) + 3;
|
|
|
|
|
|
|
|
tmp = g_new(char, tmp_length);
|
|
|
|
|
|
|
|
g_snprintf(tmp, tmp_length, "%s%s%s", " ", value, " ");
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* disable all protocols first, enable later */
|
|
|
|
|
|
|
|
client_info->ssl_protocols =
|
|
|
|
|
|
|
|
SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (g_pos(tmp, " TLSv1.2 ") >= 0)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
log_message(LOG_LEVEL_DEBUG, "TLSv1.2 enabled");
|
|
|
|
|
|
|
|
client_info->ssl_protocols &= ~SSL_OP_NO_TLSv1_2;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if (g_pos(tmp, " TLSv1.1 ") >= 0)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
log_message(LOG_LEVEL_DEBUG, "TLSv1.1 enabled");
|
|
|
|
|
|
|
|
client_info->ssl_protocols &= ~SSL_OP_NO_TLSv1_1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if (g_pos(tmp, " TLSv1 ") >= 0)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
log_message(LOG_LEVEL_DEBUG, "TLSv1 enabled");
|
|
|
|
|
|
|
|
client_info->ssl_protocols &= ~SSL_OP_NO_TLSv1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if (g_pos(tmp, " SSLv3 ") >= 0)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
log_message(LOG_LEVEL_DEBUG, "SSLv3 enabled");
|
|
|
|
|
|
|
|
client_info->ssl_protocols &= ~SSL_OP_NO_SSLv3;
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (g_strcasecmp(item, "tls_ciphers") == 0)
|
|
|
|
else if (g_strcasecmp(item, "tls_ciphers") == 0)
|
|
|
|
{
|
|
|
|
{
|
|
|
|