6f92e82598
WinStd: Update
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2022-02-03 13:03:59 +01:00
5e7f55880a
Update Copyright and build year
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2022-01-07 11:21:33 +01:00
b55ddd7d86
Update Copyright and build year
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2021-11-22 15:31:23 +01:00
b96ebfbce4
Switch to SPDX license notice
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2021-11-22 15:20:57 +01:00
8c2225992e
TLS: Revise Schannel flags
...
- SCH_USE_STRONG_CRYPTO is now declared in the Windows SDK included with
Visual Studio 2019. No need to enter this flag numerically any more.
- m_sc_ctx.initialize() and m_sc_ctx.process() should use same flags.
They are actually. Rather than copy&paste them, declare them in a
single place.
- Add ISC_REQ_USE_SUPPLIED_CREDS flag. Use the client certificate we
supply or none at all.
- Add ISC_REQ_MANUAL_CRED_VALIDATION flag. We validate the server
certificate.
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:59 +01:00
8d42db2f56
TLS: Use protocol version enabled on the system by default
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:58 +01:00
4dad574377
Rename StdAfx.h to PCH.h
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:58 +01:00
6e97a04bfe
credentials_tls: Keep thumbprint rather than client certificate
...
By storing the client certificate the certificate became detached from
its private key stored in user certificate store. This rendered client
certificates useless for client TLS authentication.
Now, the client certificate thumbprint is stored instead. The client
certificate is looked up in the user certificate store as required.
This breaks profile XML and BLOB backward compatibility. Since the
client certificate support was broken, nobody probably used those in
the settings before.
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:57 +01:00
5195b79eed
method_ttls: Reintroduce
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:56 +01:00
d400901c52
Rename peer_tls to peer_tls_base
...
peer_tls is actually not a complete EAP-TLS implementation.
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:38 +01:00
1d558c939e
Rename method_tls_tunnel to method_tls and move upstream
...
CRL checking was also moved upstream as method_tls triggers it.
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:37 +01:00
5c0299197b
method_defrag: Move upstream to make reusable
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:09:43 +01:00
c31e019cef
eap::metod thorough redesign:
...
- Support for method stacking introduced
- EAP-TLS method has been discontinued
- ownTLS has been discontinued
2016-10-31 16:58:53 +01:00
af56825d39
Code clean-up
2016-10-28 13:50:30 +02:00
654c965851
Support for various peer action request extended
2016-10-27 10:00:18 +02:00
e7e1a6735d
pEapOutput Prefast specifier for process_request_packet() methods changed
2016-10-24 14:55:31 +02:00
a1f9a7bab9
ppResult >> pResult
2016-10-24 13:33:01 +02:00
c53ed21d55
Code clean-up
2016-10-03 14:54:02 +02:00
ff4e8c6885
ID 7. Commented out parts of the code from security audit partially resolved
2016-10-03 14:54:02 +02:00
f0af016efe
ID 4. Possibility of method_tls class initialization list optimization from security audit fixed
2016-10-03 14:54:01 +02:00
559ffc5ead
ID 3. C style pointer casting from security audit fixed
2016-10-03 14:53:50 +02:00
28408fcea7
ID 2. Missing functionality from security audit report partially fixed
2016-10-03 14:52:57 +02:00
a1455078e9
Explicit server certificate check introduced
2016-10-03 14:51:45 +02:00
b6adb2a850
Common members from config_method_with_cred moved to parent config_method
2016-09-29 11:23:22 +02:00
79cc1af86f
Clean-up and XML handling enhancement:
...
- XML helper functions always return objects by winstd::com_obj or winstd::bstr reference now to ensure proper release by caller
- get_element_value()/put_element_value() can optionally return reference to the XML object if required
- WinStd macros to simplify dplhandle<> and handle<> inherited classes reused by non-copyable classes
2016-09-23 14:43:31 +02:00
c765954c0f
"Last Authentication Failed" flag extended to support finer feedback, why last authentication failed
2016-09-06 14:10:02 +02:00
b255aa6505
EapPeerMethodResult's fIsSuccess and dwFailureReasonCode management revised to guarantee configuration gets saved
2016-09-06 09:57:34 +02:00
d83f5422d7
MSCHAPv2 almost finished...
2016-09-05 16:44:18 +02:00
c33c8b551b
Clean-up
2016-09-04 17:57:04 +02:00
bd7f3f4a38
Still trying to make Schannel resume sessions
2016-09-02 14:05:03 +02:00
621669828b
Schannel and ownTLS MSK derivation unified
2016-09-02 14:03:34 +02:00
00aee5bb78
ownTLS updated
2016-09-02 11:38:28 +02:00
198b9a576e
Maximum packet size parameter is now optional
2016-09-02 10:19:39 +02:00
566785192a
Requirement that eap::method processes EAP packets only dropped, work with non-EAP methods simplified
2016-09-02 09:50:21 +02:00
1c5f0b5c81
Graceful Schannel context shutdown added, but session resumption still does not work :(
2016-09-01 15:42:57 +02:00
56e2448f71
Clearing session resumption for ownTLS added.
...
(Have yet to learn how do you do this for Schannel. Better yet: How do you make Schannel resume a session in the first place.)
2016-09-01 14:59:03 +02:00
1e60d21860
On session reconnect skip inner re-authentication now
2016-09-01 12:49:20 +02:00
844b185887
EAP packet classes organized in hierarchy now
2016-09-01 10:25:33 +02:00
171e924dcf
Estimated flag to enable TLS 1.3 once available added
2016-08-31 18:40:28 +02:00
281c3ee083
Schannel tweaked to support TLS 1.2 now
...
(closes #16 )
2016-08-31 18:13:24 +02:00
cafd786e19
Own TLS updated to keep it alive (now that the fuss around outer/inner methods settled)
2016-08-29 20:40:37 +02:00
a7c8052ee2
eap::method revised to support nesting, so the PAP method was made a stand-alone method
2016-08-29 20:05:58 +02:00
79499d7afd
i and i disambiguation
2016-08-29 13:50:36 +02:00
9daa5b52a4
Incorrect letter case referencing EapHost service fixed
2016-08-27 06:58:57 +02:00
6077063599
The credentials are marked "invalid" at transition from handshake to application data phase only to prevent initial handshake problems from popping-up credential prompt when credentials have nothing to do with the connection failure.
2016-08-25 13:08:11 +02:00
2857b2edd2
First application data message is now appended piggyback to the last client handshake message
...
(Hopefully resolving issue with Radiator)
2016-08-25 13:00:47 +02:00
6760287f0d
Duplicate log record of EAP-TLS handshake removed
2016-08-25 12:58:56 +02:00
7973a8d59b
Handshake log events are a bit more specific now
2016-08-25 12:57:47 +02:00
d1c24efcf0
config_method_with_cred renamed to config_connection to describe it better
2016-08-24 11:39:37 +02:00
38e1443276
Logging of handshake progress introduced
2016-08-24 11:04:04 +02:00
