Ok, I have just added some improvements. Now I get something like this
the first time I connect to one of my servers with a self-signed
certificate:
connected to 192.168.1.175:3389
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: CERTIFICATE NAME MISMATCH! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The hostname used for this connection (192.168.1.175)
does not match the name given in the certificate:
ANGRYBIRDS.awakecoding.com
A valid certificate for the wrong name should NOT be trusted!
Certificate details:
Subject: CN = ANGRYBIRDS.awakecoding.com
Issuer: CN = ANGRYBIRDS.awakecoding.com
Thumbprint: 1a:e6:2b:74:78:e3:1f:eb:83:cb:28:8a:3b:c7:98:76:bd:b8:c2
The above X.509 certificate could not be verified, possibly because you do not
have the CA certificate in your certificate store, or the certificate has
expired. Please look at the documentation on how to create local certificate
store for a private CA.
Do you trust the above certificate? (Y/N)
In this case, the hostname does not match, and the certificate cannot be
validated. I modified the code such that if the certificate is validated
by x509_verify_cert it still won't get accepted if the hostname does not
match either Common Name or one of the Subject Alternate Names. Is that
what should be done?
Please take a look and tell me what would still be lacking after these
improvements.
Regards,
- Marc-Andre
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/925657
Title:
[precise] freerdp does not check the server's hostname when verifying
ssl certificates
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freerdp/+bug/925657/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
