Merge pull request #546 from trou/mymaster

fix issues 530 and 531

libfreerdp-core/transport.c

@@ -92,8 +92,11 @@ boolean transport_connect_tls(rdpTransport* transport)
 	transport->layer = TRANSPORT_LAYER_TLS;
 	transport->tls->sockfd = transport->tcp->sockfd;
 
-	if (tls_connect(transport->tls) != true)
+	if (tls_connect(transport->tls) != true) {
+		tls_free(transport->tls);
+		transport->tls = NULL;
 		return false;
+	}
 
 	return true;
 }
@@ -109,8 +112,11 @@ boolean transport_connect_nla(rdpTransport* transport)
 	transport->layer = TRANSPORT_LAYER_TLS;
 	transport->tls->sockfd = transport->tcp->sockfd;
 
-	if (tls_connect(transport->tls) != true)
+	if (tls_connect(transport->tls) != true) {
+		tls_free(transport->tls);
+		transport->tls = NULL;
 		return false;
+	}
 
 	/* Network Level Authentication */
 

libfreerdp-crypto/tls.c

@@ -53,6 +53,7 @@ static void tls_free_certificate(CryptoCert cert)
 	xfree(cert);
 }
 
+
 boolean tls_connect(rdpTls* tls)
 {
 	CryptoCert cert;
@@ -80,15 +81,12 @@ boolean tls_connect(rdpTls* tls)
 
 	if (tls->ssl == NULL)
 	{
-		SSL_CTX_free(tls->ctx);
 		printf("SSL_new failed\n");
 		return false;
 	}
 
 	if (SSL_set_fd(tls->ssl, tls->sockfd) < 1)
 	{
-		SSL_free(tls->ssl);
-		SSL_CTX_free(tls->ctx);
 		printf("SSL_set_fd failed\n");
 		return false;
 	}
@@ -99,8 +97,6 @@ boolean tls_connect(rdpTls* tls)
 	{
 		if (tls_print_error("SSL_connect", tls->ssl, connection_status))
 		{
-			SSL_free(tls->ssl);
-			SSL_CTX_free(tls->ctx);
 			return false;
 		}
 	}
@@ -119,8 +115,12 @@ boolean tls_connect(rdpTls* tls)
 		return false;
 	}
 
-	if (!tls_verify_certificate(tls, cert, tls->settings->hostname))
+	if (!tls_verify_certificate(tls, cert, tls->settings->hostname)) {
+		printf("tls_connect: certificate not trusted, aborting.\n");
 		tls_disconnect(tls);
+		tls_free_certificate(cert);
+		return false;
+	}
 
 	tls_free_certificate(cert);