From daeec1f98d69516fe52276608a750de3b3146d4e Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Wed, 25 Jun 2025 09:26:41 +0200
Subject: [PATCH 1/2] [crypto,tls] pring big warning for /cert:ignore

---
 libfreerdp/crypto/tls.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index 4bfd9f044..bd09e2262 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -1686,8 +1686,14 @@ int tls_verify_certificate(rdpTls* tls, const rdpCertificate* cert, const char*
 		}
 	}
 	/* ignore certificate verification if user explicitly required it (discouraged) */
-	else if (tls->context->settings->IgnoreCertificate)
+	else if (freerdp_settings_get_bool(tls->context->settings, FreeRDP_IgnoreCertificate))
+	{
+		WLog_WARN(TAG, "[DANGER] Certificate not checked, /cert:ignore in use.");
+		WLog_WARN(TAG, "[DANGER] This prevents MITM attacks from being detected!");
+		WLog_WARN(TAG,
+		          "[DANGER] Avoid using this unless in a secure LAN (=no internet) environment");
 		verification_status = 1; /* success! */
+	}
 	else if (!tls->isGatewayTransport && (tls->context->settings->AuthenticationLevel == 0))
 		verification_status = 1; /* success! */
 	else

From efd89c035481088c5b352222fbeb0bfc69ac75fe Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Wed, 25 Jun 2025 09:36:54 +0200
Subject: [PATCH 2/2] [channels,drdynvc] IWTSVirtualChannelCallback log trace

---
 channels/drdynvc/client/drdynvc_main.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/channels/drdynvc/client/drdynvc_main.c b/channels/drdynvc/client/drdynvc_main.c
index ed137b541..65dc5fd4f 100644
--- a/channels/drdynvc/client/drdynvc_main.c
+++ b/channels/drdynvc/client/drdynvc_main.c
@@ -433,12 +433,9 @@ static void check_open_close_receive(DVCMAN_CHANNEL* channel)
 	const UINT32 id = channel->channel_id;
 
 	WINPR_ASSERT(cb);
-	if (cb->OnOpen || cb->OnClose)
-	{
-		if (!cb->OnOpen || !cb->OnClose)
-			WLog_WARN(TAG, "{%s:%" PRIu32 "} OnOpen=%p, OnClose=%p", name, id, cb->OnOpen,
-			          cb->OnClose);
-	}
+	if (!cb->OnOpen || !cb->OnClose || !cb->OnDataReceived)
+		WLog_VRB(TAG, "{%s:%" PRIu32 "} OnOpen=%p, OnClose=%p, OnDataReceived=%p", name, id,
+		         cb->OnOpen, cb->OnClose, cb->OnDataReceived);
 }
 
 static UINT dvcman_call_on_receive(DVCMAN_CHANNEL* channel, wStream* data)