Comment 16 for bug 673925

Ok, I reviewed 1.0 and it looks much better. I'm ok with the fallback to something in ~/.freerdp/cacert/ and that directory is created with safe permissions. The certificate verification is fine except for lack of server hostname checking (see below).

A few comments:
* I find it interesting that X509_* functions were used rather than SSL_* (see man X509_verify_cert), but that is not a problem in and of itself
* might be nice to use X509_STORE_CTX_get_error() on X509_verify_cert() error
* x509_verify_cert() and tls_verify_certificate() do not verify the server's hostname. I filed a separate bug #925657 for this.

ACK for main inclusion once bug #925657 is fixed.