diff --git a/libxrdp/xrdp_iso.c b/libxrdp/xrdp_iso.c index fa7a3f1a..b89e1616 100644 --- a/libxrdp/xrdp_iso.c +++ b/libxrdp/xrdp_iso.c @@ -20,6 +20,7 @@ */ #include "libxrdp.h" +#include "log.h" #define LOG_LEVEL 1 #define LLOG(_level, _args) \ @@ -97,7 +98,9 @@ xrdp_iso_negotiate_security(struct xrdp_iso *self) case PROTOCOL_HYBRID: case PROTOCOL_HYBRID_EX: default: - if (self->requestedProtocol & PROTOCOL_SSL) + if ((self->requestedProtocol & PROTOCOL_SSL) && + g_file_exist(client_info->certificate) && + g_file_exist(client_info->key_file)) { /* that's a patch since we don't support CredSSP for now */ self->selectedProtocol = PROTOCOL_SSL; @@ -109,8 +112,8 @@ xrdp_iso_negotiate_security(struct xrdp_iso *self) break; } - LLOGLN(10, ("xrdp_iso_negotiate_security: server security layer %d , client security layer %d", - self->selectedProtocol, self->requestedProtocol)); + log_message(LOG_LEVEL_DEBUG, "Security layer: requested %d, selected %d", + self->requestedProtocol, self->selectedProtocol); return rv; } diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c index 6aff5830..dd6e6d38 100644 --- a/libxrdp/xrdp_rdp.c +++ b/libxrdp/xrdp_rdp.c @@ -182,10 +182,15 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info) { client_info->security_layer = PROTOCOL_SSL | PROTOCOL_HYBRID; } + else if (g_strcasecmp(value, "negotiate") == 0) + { + client_info->security_layer = PROTOCOL_SSL | PROTOCOL_HYBRID | PROTOCOL_HYBRID_EX; + } else { - log_message(LOG_LEVEL_ALWAYS,"Warning: Your configured security layer is " - "undefined, xrdp will negotiate client compatible"); + log_message(LOG_LEVEL_ERROR, "security_layer=%s is not " + "recognized, will use security_layer=negotiate", + value); client_info->security_layer = PROTOCOL_SSL | PROTOCOL_HYBRID | PROTOCOL_HYBRID_EX; } }