X509 Certificate fix from Daniel Drown
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@556 423420c4-83ab-492f-b58f-81f9feb106b5
This commit is contained in:
parent
15d76e893d
commit
1adaed9046
32
secure.c
32
secure.c
@ -625,8 +625,38 @@ sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size,
|
||||
}
|
||||
else
|
||||
{
|
||||
uint32 certcount;
|
||||
|
||||
DEBUG_RDP5(("We're going for the RDP5-style encryption\n"));
|
||||
in_uint8s(s, 4); /* Number of certificates */
|
||||
in_uint32_le(s, certcount); /* Number of certificates */
|
||||
|
||||
if(certcount < 2)
|
||||
{
|
||||
error("Server didn't send enough X509 certificates\n");
|
||||
return False;
|
||||
}
|
||||
|
||||
for(; certcount > 2; certcount--)
|
||||
{ /* ignore all the certificates between the root and the signing CA */
|
||||
uint32 ignorelen;
|
||||
X509 *ignorecert;
|
||||
|
||||
DEBUG_RDP5(("Ignored certs left: %d\n", certcount));
|
||||
|
||||
in_uint32_le(s, ignorelen);
|
||||
DEBUG_RDP5(("Ignored Certificate length is %d\n", ignorelen));
|
||||
ignorecert = d2i_X509(NULL, &(s->p), ignorelen);
|
||||
|
||||
if(ignorecert == NULL)
|
||||
{ /* XXX: error out? */
|
||||
DEBUG_RDP5(("got a bad cert: this will probably screw up the rest of the communication\n"));
|
||||
}
|
||||
|
||||
#ifdef WITH_DEBUG_RDP5
|
||||
DEBUG_RDP5(("cert #%d (ignored):\n",certcount));
|
||||
X509_print_fp(stdout, ignorecert);
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Do da funky X.509 stuffy
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user