Expose redirection flag for certificate.

author Armin Novak <armin.novak@thincast.com>

Mon, 16 Jul 2018 15:08:26 +0000 (17:08 +0200)

committer Armin Novak <armin.novak@thincast.com>

Wed, 18 Jul 2018 14:06:20 +0000 (16:06 +0200)
author Armin Novak <armin.novak@thincast.com>
Mon, 16 Jul 2018 15:08:26 +0000 (17:08 +0200)
committer Armin Novak <armin.novak@thincast.com>
Wed, 18 Jul 2018 14:06:20 +0000 (16:06 +0200)
diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c

index 62e6b08..c7c174b 100644 (file)
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -1109,6 +1109,16 @@ BOOL tls_match_hostname(char* pattern, int pattern_length, char* hostname)
         return FALSE;
  }
  
+static BOOL is_redirected(rdpTls* tls)
+{
+       rdpSettings* settings = tls->settings;
+
+       if (LB_NOREDIRECT & settings->RedirectionFlags)
+               return FALSE;
+
+       return settings->RedirectionFlags != 0;
+}
+
  static BOOL is_accepted(rdpTls* tls, const BYTE* pem, size_t length)
  {
         rdpSettings* settings = tls->settings;
@@ -1120,7 +1130,7 @@ static BOOL is_accepted(rdpTls* tls, const BYTE* pem, size_t length)
                 AccpetedKey = settings->GatewayAcceptedCert;
                 AcceptedKeyLength = settings->GatewayAcceptedCertLength;
         }
-       else if (settings->RedirectionFlags != 0)
+       else if (is_redirected(tls))
         {
                 AccpetedKey = settings->RedirectionAcceptedCert;
                 AcceptedKeyLength = settings->RedirectionAcceptedCertLength;
@@ -1146,7 +1156,7 @@ static BOOL is_accepted(rdpTls* tls, const BYTE* pem, size_t length)
                 settings->GatewayAcceptedCert = NULL;
                 settings->GatewayAcceptedCertLength = 0;
         }
-       else if (settings->RedirectionFlags != 0)
+       else if (is_redirected(tls))
         {
                 free(settings->RedirectionAcceptedCert);
                 settings->RedirectionAcceptedCert = NULL;
@@ -1171,7 +1181,7 @@ static BOOL accept_cert(rdpTls* tls, const BYTE* pem, size_t length)
                 settings->GatewayAcceptedCert = pem;
                 settings->GatewayAcceptedCertLength = length;
         }
-       else if (settings->RedirectionFlags != 0)
+       else if (is_redirected(tls))
         {
                 settings->RedirectionAcceptedCert = pem;
                 settings->RedirectionAcceptedCertLength = length;
@@ -1312,7 +1322,7 @@ int tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname,
  
                 if (instance->VerifyX509Certificate)
                         status = instance->VerifyX509Certificate(instance, pemCert, length, hostname,
-                                port, tls->isGatewayTransport);
+                                port, tls->isGatewayTransport | is_redirected(tls) ? 2 : 0);
                 else
                         WLog_ERR(TAG, "No VerifyX509Certificate callback registered!");
author	Armin Novak <armin.novak@thincast.com>
	Mon, 16 Jul 2018 15:08:26 +0000 (17:08 +0200)
committer	Armin Novak <armin.novak@thincast.com>
	Wed, 18 Jul 2018 14:06:20 +0000 (16:06 +0200)