From d2ac7acdd9c40c38ae1c274baa7c585d65de624a Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Mon, 10 Dec 2018 12:03:55 +0100
Subject: [PATCH] Fixed certificate accept

certificate_data_replace can only replace an existing entry,
use certificate_data_print for new ones.
---
 libfreerdp/crypto/tls.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index d4689cb66..1c7b66f89 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -1528,9 +1528,15 @@ int tls_verify_certificate(rdpTls* tls, CryptoCert cert, const char* hostname,
 			switch (accept_certificate)
 			{
 				case 1:
+
 					/* user accepted certificate, add entry in known_hosts file */
-					verification_status = certificate_data_replace(tls->certificate_store,
-					                      certificate_data);
+					if (match < 0)
+						verification_status = certificate_data_replace(tls->certificate_store,
+						                      certificate_data);
+					else
+						verification_status = certificate_data_print(tls->certificate_store,
+						                      certificate_data);
+
 					break;
 
 				case 2: