Added hostname and port to callback function for SSL certification verification.

diff --git a/include/freerdp/crypto/tls.h b/include/freerdp/crypto/tls.h
index 09ff7a3..4c1be79 100644 (file)
--- a/include/freerdp/crypto/tls.h
+++ b/include/freerdp/crypto/tls.h
@@ -64,7 +64,7 @@ FREERDP_API int tls_wait_read(rdpTls* tls);
 FREERDP_API int tls_wait_write(rdpTls* tls);
 
 FREERDP_API BOOL tls_match_hostname(char *pattern, int pattern_length, char *hostname);
-FREERDP_API BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname);
+FREERDP_API BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int port);
 FREERDP_API void tls_print_certificate_error(char* hostname, char* fingerprint, char* hosts_file);
 FREERDP_API void tls_print_certificate_name_mismatch_error(char* hostname, char* common_name, char** alt_names, int alt_names_count);
 

diff --git a/include/freerdp/freerdp.h b/include/freerdp/freerdp.h
index 28064c2..1f769af 100644 (file)
--- a/include/freerdp/freerdp.h
+++ b/include/freerdp/freerdp.h
@@ -61,7 +61,7 @@ typedef void (*pPostDisconnect)(freerdp* instance);
 typedef BOOL (*pAuthenticate)(freerdp* instance, char** username, char** password, char** domain);
 typedef BOOL (*pVerifyCertificate)(freerdp* instance, char* subject, char* issuer, char* fingerprint);
 typedef BOOL (*pVerifyChangedCertificate)(freerdp* instance, char* subject, char* issuer, char* new_fingerprint, char* old_fingerprint);
-typedef int (*pVerifyX509Certificate)(freerdp* instance, BYTE* data, int length, DWORD flags);
+typedef int (*pVerifyX509Certificate)(freerdp* instance, BYTE* data, int length, const char* hostname, int port, DWORD flags);
 
 typedef int (*pLogonErrorInfo)(freerdp* instance, UINT32 data, UINT32 type);
 

diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index b7cda06..06e5d53 100644 (file)
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -111,6 +111,7 @@ BOOL tls_connect(rdpTls* tls)
        long options = 0;
        int connection_status;
        char *hostname;
+       int port;
 
        tls->ctx = SSL_CTX_new(TLSv1_client_method());
 
@@ -214,11 +215,17 @@ BOOL tls_connect(rdpTls* tls)
        }
 
        if (tls->settings->GatewayEnabled)
+       {
                hostname = tls->settings->GatewayHostname;
+               port = tls->settings->GatewayPort;
+       }
        else
+       {
                hostname = tls->settings->ServerHostname;
+               port = tls->settings->ServerPort;
+       }
 
-       if (!tls_verify_certificate(tls, cert, hostname))
+       if (!tls_verify_certificate(tls, cert, hostname, port))
        {
                fprintf(stderr, "tls_connect: certificate not trusted, aborting.\n");
                tls_disconnect(tls);
@@ -568,7 +575,7 @@ BOOL tls_match_hostname(char *pattern, int pattern_length, char *hostname)
        return FALSE;
 }
 
-BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname)
+BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int port)
 {
        int match;
        int index;
@@ -626,7 +633,7 @@ BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname)
 
                if (instance->VerifyX509Certificate)
                {
-                       status = instance->VerifyX509Certificate(instance, pemCert, length, 0);
+                       status = instance->VerifyX509Certificate(instance, pemCert, length, hostname, port, 0);
                }
 
                free(pemCert);