Ok, I reviewed 1.0 and it looks much better. I'm ok with the fallback to
something in ~/.freerdp/cacert/ and that directory is created with safe
permissions. The certificate verification is fine except for lack of
server hostname checking (see below).
A few comments:
* I find it interesting that X509_* functions were used rather than SSL_* (see
man X509_verify_cert), but that is not a problem in and of itself
* might be nice to use X509_STORE_CTX_get_error() on X509_verify_cert() error
* x509_verify_cert() and tls_verify_certificate() do not verify the server's
hostname. I filed a separate bug #925657 for this.
ACK for main inclusion once bug #925657 is fixed.
** Changed in: freerdp (Ubuntu Precise)
Status: Confirmed => In Progress
** Changed in: freerdp (Ubuntu Precise)
Assignee: Jamie Strandboge (jdstrand) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/673925
Title:
[MIR] freerdp
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freerdp/+bug/673925/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
