Created attachment 1231772 [details] cert verify screen Description of problem: 1. vinagre rdp Certificate Verification screen "New fingerprint CN=HOSTNAME" . It used to be a hash. 2. "Cancel" and "Connect" will only refresh this screen. vinagre is stuck at this point. Version-Release number of selected component (if applicable): vinagre-3.22.0-1.fc25.x86_64 freerdp-libs-2.0.0-12.20160909git1855e36.fc25.x86_64 How reproducible: Steps to Reproduce: 1. using vinagre to connect to a win7 2. 3. Actual results: Expected results: Additional info:
Chiming in here as I'm experiencing the same issue - here's the console output when running Vinagre and hitting the 'Connect' button a couple times trying to confirm the certificate: [snuxoll@mbsi-lapnuxoll ~]$ vinagre ** (vinagre:27120): WARNING **: Failed to initialize mDNS browser: Failed to create avahi client: Daemon not running [10:38:54:441] [27120:27120] [ERROR][com.freerdp.crypto] - certificate not trusted, aborting. [10:38:54:441] [27120:27120] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_CONNECT_CANCELLED [0x2000B] [10:38:54:441] [27120:27120] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure [10:38:58:371] [27120:27120] [ERROR][com.freerdp.crypto] - certificate not trusted, aborting. [10:38:58:371] [27120:27120] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_CONNECT_CANCELLED [0x2000B] [10:38:58:371] [27120:27120] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure [10:38:59:384] [27120:27120] [ERROR][com.freerdp.crypto] - certificate not trusted, aborting. [10:38:59:384] [27120:27120] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_CONNECT_CANCELLED [0x2000B] [10:38:59:384] [27120:27120] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure [10:39:00:097] [27120:27120] [ERROR][com.freerdp.crypto] - certificate not trusted, aborting. [10:39:00:097] [27120:27120] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_CONNECT_CANCELLED [0x2000B] [10:39:00:097] [27120:27120] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure [10:39:00:794] [27120:27120] [ERROR][com.freerdp.crypto] - certificate not trusted, aborting. [10:39:00:794] [27120:27120] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_CONNECT_CANCELLED [0x2000B] [10:39:00:794] [27120:27120] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure
Upon some further investigation it looks like Fedora 25 is now using FreeRDP 2, which has changed from a BOOL to a DWORD for the return type of the pVerifyCertificate callback [1]. I'm attaching a patch that defines HAVE_FREERDP_2_0 and switches the return type of frdp_certificate_verify correctly based on whether 1.x or 2.x is being used, I'm also going to submit the issue upstream along with the proposed patch if it hasn't already been done. [1]: https://github.com/FreeRDP/FreeRDP/blob/128ce8a5a4b062269179a93a8da8bcac24dba5c8/include/freerdp/freerdp.h#L84
Created attachment 1237307 [details] Proposed patch
Actually, upstream has a better patch available on the GNOME Bugzilla already [1] that handles some additional API changes in FreeRDP 2.x (don't I feel silly for spending 2 hours on this now?). The patch was missing a header include and still had the wrong return type (int instead of DWORD) - so I'm attaching a 'fixed' copy as well as the results of a koji scratch build [2]. [1]: https://bugzilla.gnome.org/show_bug.cgi?id=774473 [2]: https://koji.fedoraproject.org/koji/taskinfo?taskID=17164264
Created attachment 1237316 [details] 0001-FreeRDP-1.2-certificate-callback-support.patch
Priority needs to be very high. A cert change blocks vinagre from functioning, so all rdp operation is impossible. Blocker.
*** Bug 1408557 has been marked as a duplicate of this bug. ***
Hi Stefan, FreeRDP had no releases for more than 2 years and there is absolutely no guarantee of any stability towards API/ABI. So the best that it can happen is that in a given moment in time all components relying on FreeRDP work fine. Just by saying that it makes me shiver. I've been trying to push on a new release along with a lot of other people to no avail so far. Having said that, for fixing some of the intermediate issues I've created a compat-freerdp12 package that contains the last FreeRDP release from 2014 in library form only, and I've rebuilt Vinagre in rawhide/f26 with that. I'm making a scratch build on Fedora 25, it would be great if you could test that.
Please test this build: https://koji.fedoraproject.org/koji/taskinfo?taskID=18246371 You would also need this update (contains compat-freerdp12): https://bodhi.fedoraproject.org/updates/FEDORA-2017-7191d8e808
So, the freedrp compat package with the above build fixes the endless connection loop, but Vinagre is still very broken. I get the following spam (note, the last message repeats when the dialog box tries to roll out... it is never shown and the window never closes or exits full screen when disconnecting): (vinagre:21608): Gtk-WARNING **: Theme parsing error: <data>:2:28: The style property GtkButton:default-border is deprecated and shouldn't be used anymore. It will be removed in a future version (vinagre:21608): Gtk-WARNING **: Theme parsing error: <data>:3:36: The style property GtkButton:default-outside-border is deprecated and shouldn't be used anymore. It will be removed in a future version (vinagre:21608): Gtk-WARNING **: Theme parsing error: <data>:4:25: The style property GtkButton:inner-border is deprecated and shouldn't be used anymore. It will be removed in a future version (vinagre:21608): Gtk-WARNING **: Theme parsing error: <data>:5:30: The style property GtkWidget:focus-line-width is deprecated and shouldn't be used anymore. It will be removed in a future version (vinagre:21608): Gtk-WARNING **: Theme parsing error: <data>:6:27: The style property GtkWidget:focus-padding is deprecated and shouldn't be used anymore. It will be removed in a future version (vinagre:21608): Gtk-WARNING **: Drawing a gadget with negative dimensions. Did you forget to allocate a size? (node box owner ViewAutoDrawer) ----------------------------------------------------------------------- I also get the following error when disconnecting: [18:34:46:622] [21672:21672] [ERROR][com.freerdp.legacy] - ERRINFO_LOGOFF_BY_USER (0x0000000C): The disconnection was initiated by the user logging off his or her session on the server. [18:34:46:622] [21672:21672] [ERROR][com.freerdp.legacy] - DisconnectProviderUltimatum: reason: 3 ** (vinagre:21672): WARNING **: Failed to check FreeRDP file descriptor
This message is a reminder that Fedora 25 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 25. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '25'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 25 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
in Fedora-27 issue is solved.
Fedora 25 changed to end-of-life (EOL) status on 2017-12-12. Fedora 25 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.