I am working on adding support for smart card authentication for libfreerdp and running into an issue I think is related to OpenSSL. I wrote a sample application that uses only Windows sockets to perform the CREDSSP authentication using a selected certificate from a smart card, which is successful. After adapting the code in my sample to libfreerdp and attempting to connect using a selected smart card certificate I am getting an alert error following the first packet of the credssp auth handshake.
What seems to be occurring is that when an openssl connection is used the data in the first authentication packet does not include certain information, such as the SPN. In my sample, which is not using OpenSSL, I assume that the windows API assumes control and sets up the TLS connection. Is it possible that there are some additional tweaks that need to be done on either the openssl connection or with in the win32 api to help it understand the openssl connection better? Thus far I am at a loss as to why the output data from the first call to InitializeSecurityContext fails to include the SPN information; which is supplied as a parameter to the call. I don't see where any association is being established where by InitializeSecurityContext knows anything about the underling ssl connection. I did see the libfreerdp code that some magic needed to be performed to establish the rpc bindings for NTLM authentication. Reading the documentation for CREDSSP, it is not clear is something similar would be supported. It does not appear that CREDSSP supports the buffer type for RPC bindings. As a test I converted my sample application to use OpenSSL instead of winsock and I get the same error. If anyone has any ideas/suggestions I would love to hear them. Thanks Nik Twerdochlib Software Developer BOMGAR | The Box That's Revolutionizing Remote Support(tm) One of the Fastest-Growing Technology Companies in America | Technology Fast 500(tm) What is Bomgar? Find out in 154 seconds<http://www.bomgar.com/overview>. ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Freerdp-devel mailing list Freerdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freerdp-devel
