Fixed a FreeRDP server problem which prevented RDP security from being negotiated.

diff --git a/libfreerdp/core/nego.c b/libfreerdp/core/nego.c
index c250b4b..716a2b7 100644 (file)
--- a/libfreerdp/core/nego.c
+++ b/libfreerdp/core/nego.c
@@ -890,21 +890,7 @@ BOOL nego_send_negotiation_response(rdpNego* nego)
        bm = Stream_GetPosition(s);
        Stream_Seek(s, length);
 
-       if (nego->selected_protocol > PROTOCOL_RDP)
-       {
-               flags = EXTENDED_CLIENT_DATA_SUPPORTED;
-
-               if (settings->SupportGraphicsPipeline)
-                       flags |= DYNVC_GFX_PROTOCOL_SUPPORTED;
-
-               /* RDP_NEG_DATA must be present for TLS and NLA */
-               Stream_Write_UINT8(s, TYPE_RDP_NEG_RSP);
-               Stream_Write_UINT8(s, flags); /* flags */
-               Stream_Write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */
-               Stream_Write_UINT32(s, nego->selected_protocol); /* selectedProtocol */
-               length += 8;
-       }
-       else if (!settings->RdpSecurity)
+       if ((nego->selected_protocol == PROTOCOL_RDP) && !settings->RdpSecurity)
        {
                flags = 0;
 
@@ -912,14 +898,28 @@ BOOL nego_send_negotiation_response(rdpNego* nego)
                Stream_Write_UINT8(s, flags); /* flags */
                Stream_Write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */
                /*
-                * TODO: Check for other possibilities,
-                *       like SSL_NOT_ALLOWED_BY_SERVER.
-                */
+               * TODO: Check for other possibilities,
+               *       like SSL_NOT_ALLOWED_BY_SERVER.
+               */
                fprintf(stderr, "%s: client supports only Standard RDP Security\n", __FUNCTION__);
                Stream_Write_UINT32(s, SSL_REQUIRED_BY_SERVER);
                length += 8;
                status = FALSE;
        }
+       else
+       {
+               flags = EXTENDED_CLIENT_DATA_SUPPORTED;
+
+               if (settings->SupportGraphicsPipeline)
+                       flags |= DYNVC_GFX_PROTOCOL_SUPPORTED;
+
+               /* RDP_NEG_DATA must be present for TLS, NLA, and RDP */
+               Stream_Write_UINT8(s, TYPE_RDP_NEG_RSP);
+               Stream_Write_UINT8(s, flags); /* flags */
+               Stream_Write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */
+               Stream_Write_UINT32(s, nego->selected_protocol); /* selectedProtocol */
+               length += 8;
+       }
 
        em = Stream_GetPosition(s);
        Stream_SetPosition(s, bm);
@@ -951,13 +951,22 @@ BOOL nego_send_negotiation_response(rdpNego* nego)
 
                        if (!settings->LocalConnection)
                        {
-                               settings->DisableEncryption = TRUE;
+                               settings->DisableEncryption = FALSE;
                                settings->EncryptionMethods = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_56BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
                                settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
                        }
 
-                       if (settings->DisableEncryption && !settings->RdpServerRsaKey && !settings->RdpKeyFile)
+                       if (settings->DisableEncryption)
+                       {
+                               fprintf(stderr, "Encryption is disabled.\n");
+                               return FALSE;
+                       }
+
+                       if (!settings->RdpServerRsaKey && !settings->RdpKeyFile)
+                       {
+                               fprintf(stderr, "Missing server certificate\n");
                                return FALSE;
+                       }
                }
                else if (settings->SelectedProtocol == PROTOCOL_TLS)
                {