client: print detected path to known_host file
Use detected path instead of hard coded for error messages
This commit is contained in:
parent
ab7d1746d8
commit
9e59fc905d
@ -62,7 +62,7 @@ FREERDP_API int tls_wait_read(rdpTls* tls);
|
|||||||
FREERDP_API int tls_wait_write(rdpTls* tls);
|
FREERDP_API int tls_wait_write(rdpTls* tls);
|
||||||
|
|
||||||
FREERDP_API BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname);
|
FREERDP_API BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname);
|
||||||
FREERDP_API void tls_print_certificate_error(char* hostname, char* fingerprint);
|
FREERDP_API void tls_print_certificate_error(char* hostname, char* fingerprint, char* hosts_file);
|
||||||
FREERDP_API void tls_print_certificate_name_mismatch_error(char* hostname, char* common_name, char** alt_names, int alt_names_count);
|
FREERDP_API void tls_print_certificate_name_mismatch_error(char* hostname, char* common_name, char** alt_names, int alt_names_count);
|
||||||
|
|
||||||
FREERDP_API BOOL tls_print_error(char* func, SSL* connection, int value);
|
FREERDP_API BOOL tls_print_error(char* func, SSL* connection, int value);
|
||||||
|
@ -603,7 +603,7 @@ BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname)
|
|||||||
else if (match == -1)
|
else if (match == -1)
|
||||||
{
|
{
|
||||||
/* entry was found in known_hosts file, but fingerprint does not match. ask user to use it */
|
/* entry was found in known_hosts file, but fingerprint does not match. ask user to use it */
|
||||||
tls_print_certificate_error(hostname, fingerprint);
|
tls_print_certificate_error(hostname, fingerprint, tls->certificate_store->file);
|
||||||
|
|
||||||
if (instance->VerifyChangedCertificate)
|
if (instance->VerifyChangedCertificate)
|
||||||
accept_certificate = instance->VerifyChangedCertificate(instance, subject, issuer, fingerprint, "");
|
accept_certificate = instance->VerifyChangedCertificate(instance, subject, issuer, fingerprint, "");
|
||||||
@ -644,7 +644,7 @@ BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname)
|
|||||||
return verification_status;
|
return verification_status;
|
||||||
}
|
}
|
||||||
|
|
||||||
void tls_print_certificate_error(char* hostname, char* fingerprint)
|
void tls_print_certificate_error(char* hostname, char* fingerprint, char *hosts_file)
|
||||||
{
|
{
|
||||||
fprintf(stderr, "The host key for %s has changed\n", hostname);
|
fprintf(stderr, "The host key for %s has changed\n", hostname);
|
||||||
fprintf(stderr, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n");
|
fprintf(stderr, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n");
|
||||||
@ -655,7 +655,7 @@ void tls_print_certificate_error(char* hostname, char* fingerprint)
|
|||||||
fprintf(stderr, "It is also possible that a host key has just been changed.\n");
|
fprintf(stderr, "It is also possible that a host key has just been changed.\n");
|
||||||
fprintf(stderr, "The fingerprint for the host key sent by the remote host is\n%s\n", fingerprint);
|
fprintf(stderr, "The fingerprint for the host key sent by the remote host is\n%s\n", fingerprint);
|
||||||
fprintf(stderr, "Please contact your system administrator.\n");
|
fprintf(stderr, "Please contact your system administrator.\n");
|
||||||
fprintf(stderr, "Add correct host key in ~/.freerdp/known_hosts to get rid of this message.\n");
|
fprintf(stderr, "Add correct host key in %s to get rid of this message.\n", hosts_file);
|
||||||
fprintf(stderr, "Host key for %s has changed and you have requested strict checking.\n", hostname);
|
fprintf(stderr, "Host key for %s has changed and you have requested strict checking.\n", hostname);
|
||||||
fprintf(stderr, "Host key verification failed.\n");
|
fprintf(stderr, "Host key verification failed.\n");
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user