FREERDP_API int tls_wait_write(rdpTls* tls);
FREERDP_API BOOL tls_match_hostname(char *pattern, int pattern_length, char *hostname);
-FREERDP_API BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname);
+FREERDP_API BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int port);
FREERDP_API void tls_print_certificate_error(char* hostname, char* fingerprint, char* hosts_file);
FREERDP_API void tls_print_certificate_name_mismatch_error(char* hostname, char* common_name, char** alt_names, int alt_names_count);
typedef BOOL (*pAuthenticate)(freerdp* instance, char** username, char** password, char** domain);
typedef BOOL (*pVerifyCertificate)(freerdp* instance, char* subject, char* issuer, char* fingerprint);
typedef BOOL (*pVerifyChangedCertificate)(freerdp* instance, char* subject, char* issuer, char* new_fingerprint, char* old_fingerprint);
-typedef int (*pVerifyX509Certificate)(freerdp* instance, BYTE* data, int length, DWORD flags);
+typedef int (*pVerifyX509Certificate)(freerdp* instance, BYTE* data, int length, const char* hostname, int port, DWORD flags);
typedef int (*pLogonErrorInfo)(freerdp* instance, UINT32 data, UINT32 type);
long options = 0;
int connection_status;
char *hostname;
+ int port;
tls->ctx = SSL_CTX_new(TLSv1_client_method());
}
if (tls->settings->GatewayEnabled)
+ {
hostname = tls->settings->GatewayHostname;
+ port = tls->settings->GatewayPort;
+ }
else
+ {
hostname = tls->settings->ServerHostname;
+ port = tls->settings->ServerPort;
+ }
- if (!tls_verify_certificate(tls, cert, hostname))
+ if (!tls_verify_certificate(tls, cert, hostname, port))
{
fprintf(stderr, "tls_connect: certificate not trusted, aborting.\n");
tls_disconnect(tls);
return FALSE;
}
-BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname)
+BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int port)
{
int match;
int index;
if (instance->VerifyX509Certificate)
{
- status = instance->VerifyX509Certificate(instance, pemCert, length, 0);
+ status = instance->VerifyX509Certificate(instance, pemCert, length, hostname, port, 0);
}
free(pemCert);