From a71235be74969ebfa36b3db9062bea99078c3428 Mon Sep 17 00:00:00 2001 From: akallabeth Date: Thu, 21 Oct 2021 09:07:52 +0200 Subject: [PATCH] Cert update fix (#7382) * Fixed certificate thumbprint default format * Fixed VerifyChangedCertificateEx call arguments --- libfreerdp/crypto/crypto.c | 2 +- libfreerdp/crypto/tls.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libfreerdp/crypto/crypto.c b/libfreerdp/crypto/crypto.c index 2dca1a74e..602dbfcea 100644 --- a/libfreerdp/crypto/crypto.c +++ b/libfreerdp/crypto/crypto.c @@ -276,7 +276,7 @@ BYTE* crypto_cert_hash(X509* xcert, const char* hash, UINT32* length) char* crypto_cert_fingerprint_by_hash(X509* xcert, const char* hash) { - return crypto_cert_fingerprint_by_hash_ex(xcert, hash, 0); + return crypto_cert_fingerprint_by_hash_ex(xcert, hash, TRUE); } char* crypto_cert_fingerprint_by_hash_ex(X509* xcert, const char* hash, BOOL separator) diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c index b9a3cdde4..3c7cbf834 100644 --- a/libfreerdp/crypto/tls.c +++ b/libfreerdp/crypto/tls.c @@ -1519,7 +1519,7 @@ int tls_verify_certificate(rdpTls* tls, CryptoCert cert, const char* hostname, U fp = crypto_cert_fingerprint(cert->px509); } accept_certificate = instance->VerifyChangedCertificateEx( - instance, hostname, port, common_name, subject, issuer, pem, old_subject, + instance, hostname, port, common_name, subject, issuer, fp, old_subject, old_issuer, old_fp, cflags); if (fpIsAllocated) free(fp);