Oh, as for the IP address-- it depends on if you want to support an IP address in your certificate's Common Name or Subject Alternative Name . If you do you also want to verify it and do a reverse lookup on the IP to make sure that everything is ok. Ie, lookup the IP for rdp.foo.com, then lookup that IP to make sure that you get back rdp.foo.com. Error out if they don't match. If they do match, proceed to check that the IP address listed in the Common Name or Subject Alternative Name matches what you just verified in your reverse lookup. Supporting IP addresses means that you could be mitm via DNS attacks (ie, the DNS server resolves the attacker's IP back to rdp.foo.com and the attacker presents a verifiable certificate for his IP, and since everything matches, it is accepted).
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/925657 Title: [precise] freerdp does not check the server's hostname when verifying ssl certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freerdp/+bug/925657/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
