瀏覽代碼

Generated code does not include fingerprints of TLS certificates signed by a trusted authority.

Source commit: da6723cea45d70c2c47ac3ac0a3e5ad71fa0b8db
Martin Prikryl 7 年之前
父節點
當前提交
18d888f666

+ 9 - 4
source/core/FtpFileSystem.cpp

@@ -367,6 +367,7 @@ void __fastcall TFTPFileSystem::Open()
   FTransferActiveImmediately = (Data->FtpTransferActiveImmediately == asOn);
 
   FSessionInfo.LoginTime = Now();
+  FSessionInfo.CertificateVerifiedManually = false;
 
   UnicodeString HostName = Data->HostNameExpanded;
   UnicodeString UserName = Data->UserNameExpanded;
@@ -3948,6 +3949,7 @@ bool __fastcall TFTPFileSystem::HandleAsynchRequestVerifyCertificate(
         {
           // certificate is trusted, but for not purposes of info dialog
           VerificationResult = true;
+          FSessionInfo.CertificateVerifiedManually = true;
         }
       }
 
@@ -4007,10 +4009,13 @@ bool __fastcall TFTPFileSystem::HandleAsynchRequestVerifyCertificate(
 
       if (RequestResult == 0)
       {
-        bool Confirmed = FTerminal->ConfirmCertificate(FSessionInfo, Data.VerificationResult, CertificateStorageKey, true);
-        // FZ's VerifyCertDlg.cpp returns 2 for "cached", what we do nto distinguish here,
-        // however FZAPI takes all non-zero values equally.
-        RequestResult = Confirmed ? 1 : 0;
+        if (FTerminal->ConfirmCertificate(FSessionInfo, Data.VerificationResult, CertificateStorageKey, true))
+        {
+          // FZ's VerifyCertDlg.cpp returns 2 for "cached", what we do nto distinguish here,
+          // however FZAPI takes all non-zero values equally.
+          RequestResult = 1;
+          FSessionInfo.CertificateVerifiedManually = true;
+        }
       }
     }
 

+ 11 - 2
source/core/S3FileSystem.cpp

@@ -83,6 +83,7 @@ void __fastcall TS3FileSystem::Open()
   TSessionData * Data = FTerminal->SessionData;
 
   FSessionInfo.LoginTime = Now();
+  FSessionInfo.CertificateVerifiedManually = false;
 
   FLibS3Protocol = (Data->Ftps != ftpsNone) ? S3ProtocolHTTPS : S3ProtocolHTTP;
 
@@ -215,7 +216,11 @@ bool TS3FileSystem::VerifyCertificate(TNeonCertificateData Data)
     Result =
       FTerminal->VerifyCertificate(HttpsCertificateStorageKey, SiteKey, Data.Fingerprint, Data.Subject, Data.Failures);
 
-    if (!Result)
+    if (Result)
+    {
+      FSessionInfo.CertificateVerifiedManually = true;
+    }
+    else
     {
       UnicodeString Message;
       Result = NeonWindowsValidateCertificateWithMessage(Data, Message);
@@ -226,7 +231,11 @@ bool TS3FileSystem::VerifyCertificate(TNeonCertificateData Data)
 
     if (!Result)
     {
-      Result = FTerminal->ConfirmCertificate(FSessionInfo, Data.Failures, HttpsCertificateStorageKey, true);
+      if (FTerminal->ConfirmCertificate(FSessionInfo, Data.Failures, HttpsCertificateStorageKey, true))
+      {
+        Result = true;
+        FSessionInfo.CertificateVerifiedManually = true;
+      }
     }
 
     if (Result)

+ 1 - 0
source/core/SessionInfo.cpp

@@ -661,6 +661,7 @@ __fastcall TCwdSessionAction::TCwdSessionAction(TActionLog * Log, const UnicodeS
 TSessionInfo::TSessionInfo()
 {
   LoginTime = Now();
+  CertificateVerifiedManually = false;
 }
 //---------------------------------------------------------------------------
 TFileSystemInfo::TFileSystemInfo()

+ 1 - 0
source/core/SessionInfo.h

@@ -28,6 +28,7 @@ struct TSessionInfo
 
   UnicodeString CertificateFingerprint;
   UnicodeString Certificate;
+  bool CertificateVerifiedManually;
 };
 //---------------------------------------------------------------------------
 enum TFSCapability { fcUserGroupListing, fcModeChanging, fcGroupChanging,

+ 1 - 1
source/core/Terminal.cpp

@@ -4773,7 +4773,7 @@ void __fastcall TTerminal::FillSessionDataForCode(TSessionData * Data)
   {
     Data->HostKey = SessionInfo.HostKeyFingerprintSHA256;
   }
-  else if (!SessionInfo.CertificateFingerprint.IsEmpty())
+  else if (SessionInfo.CertificateVerifiedManually && DebugAlwaysTrue(!SessionInfo.CertificateFingerprint.IsEmpty()))
   {
     Data->HostKey = SessionInfo.CertificateFingerprint;
   }

+ 11 - 2
source/core/WebDAVFileSystem.cpp

@@ -190,6 +190,7 @@ void __fastcall TWebDAVFileSystem::Open()
   TSessionData * Data = FTerminal->SessionData;
 
   FSessionInfo.LoginTime = Now();
+  FSessionInfo.CertificateVerifiedManually = false;
 
   UnicodeString HostName = Data->HostNameExpanded;
   size_t Port = Data->PortNumber;
@@ -1736,7 +1737,11 @@ bool TWebDAVFileSystem::VerifyCertificate(TNeonCertificateData Data, bool Aux)
     Result =
       FTerminal->VerifyCertificate(HttpsCertificateStorageKey, SiteKey, Data.Fingerprint, Data.Subject, Data.Failures);
 
-    if (!Result)
+    if (Result)
+    {
+      FSessionInfo.CertificateVerifiedManually = true;
+    }
+    else
     {
       UnicodeString Message;
       Result = NeonWindowsValidateCertificateWithMessage(Data, Message);
@@ -1747,7 +1752,11 @@ bool TWebDAVFileSystem::VerifyCertificate(TNeonCertificateData Data, bool Aux)
 
     if (!Result)
     {
-      Result = FTerminal->ConfirmCertificate(FSessionInfo, Data.Failures, HttpsCertificateStorageKey, !Aux);
+      if (FTerminal->ConfirmCertificate(FSessionInfo, Data.Failures, HttpsCertificateStorageKey, !Aux))
+      {
+        Result = true;
+        FSessionInfo.CertificateVerifiedManually = true;
+      }
     }
 
     if (Result && !Aux)