From 4f1b77408a32690667c4b889b14cef2bd67c2d66 Mon Sep 17 00:00:00 2001
From: Hardening <rdp.effort@gmail.com>
Date: Tue, 3 Jun 2014 11:04:35 +0200
Subject: [PATCH] Fix NLA authentication for server-side

This patch make copies of the server public key so that the NLA
authentication can be performed server-side.
---
 libfreerdp/crypto/tls.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index a02f7adac..e0c245a2b 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -624,9 +624,6 @@ int tls_do_handshake(rdpTls* tls, BOOL clientMode)
 	}
 	while (TRUE);
 
-	if (!clientMode)
-		return 1;
-
 	cert = tls_get_certificate(tls, clientMode);
 	if (!cert)
 	{
@@ -648,6 +645,12 @@ int tls_do_handshake(rdpTls* tls, BOOL clientMode)
 		return -1;
 	}
 
+	if (!clientMode)
+	{
+		/* NLA needs public keys so let's just copy the keys from the server and return now */
+		return 1;
+	}
+
 	verify_status = tls_verify_certificate(tls, cert, tls->hostname, tls->port);
 
 	if (verify_status < 1)