Comment 12 for bug 673925

Guys, please, stop assessing 0.8.2! We're working hard on getting FreeRDP 1.0 ready for inclusion in Precise, with all the changes you have required. The 0.8.x development branch is deprecated and no longer maintained. We are now in FreeRDP 1.0 beta5, and we should be able to make the stable release this month. We had proper certificate checking for a while now, but it won't magically appear in 0.8.x, you need to be taking a look at 1.x.

Now once you see that 1.0 does fit your security requirements, we can work on making sure we have the stable release ready for your deadlines, instead of wasting time deciding if it can be included or not. In 1.0 the method you need to take a look at is tls_verify_certificate in libfreerdp-core/tls.c: https://github.com/FreeRDP/FreeRDP/blob/master/libfreerdp-core/tls.c

When connecting, the user is prompted for accepting/denying a certificate if it cannot be validated by OpenSSL. It works just like SSH, once you accept the certificate it gets added to ~/.freerdp/known_hosts.