From 26e49f28606eb29256fe17356e0b1fe455962f9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Rigo?= <devel-freerdp@syscall.eu>
Date: Tue, 10 Apr 2012 22:24:08 +0200
Subject: [PATCH] fix issue #530 "NLA password asked after certificate refusal"
 close connection when the certificate is not trusted

---
 libfreerdp-crypto/tls.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libfreerdp-crypto/tls.c b/libfreerdp-crypto/tls.c
index 5b5b65853..39ad75769 100644
--- a/libfreerdp-crypto/tls.c
+++ b/libfreerdp-crypto/tls.c
@@ -115,8 +115,12 @@ boolean tls_connect(rdpTls* tls)
 		return false;
 	}
 
-	if (!tls_verify_certificate(tls, cert, tls->settings->hostname))
+	if (!tls_verify_certificate(tls, cert, tls->settings->hostname)) {
+		printf("tls_connect: certificate not trusted, aborting.\n");
 		tls_disconnect(tls);
+		tls_free_certificate(cert);
+		return false;
+	}
 
 	tls_free_certificate(cert);