morgan/FreeRDP
1
0
Fork 0
mirror of https://github.com/morgan9e/FreeRDP synced 2026-04-15 00:44:19 +09:00
Code Issues Packages Projects Releases Wiki Activity

[crypto,tls] pring big warning for /cert:ignore

Browse Source
This commit is contained in:
Armin Novak
2025-06-25 09:26:41 +02:00
parent 03903d3b2b
commit daeec1f98d
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libfreerdp/crypto/tls.c
View File

@@ -1686,8 +1686,14 @@ int tls_verify_certificate(rdpTls* tls, const rdpCertificate* cert, const char*
}
}
/* ignore certificate verification if user explicitly required it (discouraged) */
else if (tls->context->settings->IgnoreCertificate)
else if (freerdp_settings_get_bool(tls->context->settings, FreeRDP_IgnoreCertificate))
{
WLog_WARN(TAG, "[DANGER] Certificate not checked, /cert:ignore in use.");
WLog_WARN(TAG, "[DANGER] This prevents MITM attacks from being detected!");
WLog_WARN(TAG,
"[DANGER] Avoid using this unless in a secure LAN (=no internet) environment");
verification_status = 1; /* success! */
}
else if (!tls->isGatewayTransport && (tls->context->settings->AuthenticationLevel == 0))
verification_status = 1; /* success! */
else