X509 Certificate fix from Daniel Drown
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@556 423420c4-83ab-492f-b58f-81f9feb106b5
This commit is contained in:
parent
15d76e893d
commit
1adaed9046
32
secure.c
32
secure.c
@ -625,8 +625,38 @@ sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
uint32 certcount;
|
||||||
|
|
||||||
DEBUG_RDP5(("We're going for the RDP5-style encryption\n"));
|
DEBUG_RDP5(("We're going for the RDP5-style encryption\n"));
|
||||||
in_uint8s(s, 4); /* Number of certificates */
|
in_uint32_le(s, certcount); /* Number of certificates */
|
||||||
|
|
||||||
|
if(certcount < 2)
|
||||||
|
{
|
||||||
|
error("Server didn't send enough X509 certificates\n");
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
|
for(; certcount > 2; certcount--)
|
||||||
|
{ /* ignore all the certificates between the root and the signing CA */
|
||||||
|
uint32 ignorelen;
|
||||||
|
X509 *ignorecert;
|
||||||
|
|
||||||
|
DEBUG_RDP5(("Ignored certs left: %d\n", certcount));
|
||||||
|
|
||||||
|
in_uint32_le(s, ignorelen);
|
||||||
|
DEBUG_RDP5(("Ignored Certificate length is %d\n", ignorelen));
|
||||||
|
ignorecert = d2i_X509(NULL, &(s->p), ignorelen);
|
||||||
|
|
||||||
|
if(ignorecert == NULL)
|
||||||
|
{ /* XXX: error out? */
|
||||||
|
DEBUG_RDP5(("got a bad cert: this will probably screw up the rest of the communication\n"));
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef WITH_DEBUG_RDP5
|
||||||
|
DEBUG_RDP5(("cert #%d (ignored):\n",certcount));
|
||||||
|
X509_print_fp(stdout, ignorecert);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
/* Do da funky X.509 stuffy
|
/* Do da funky X.509 stuffy
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user