Fail to launch apps when rdp certificate is renewed

[freechelmi]

How to reproduce :

• Install and run winapps during 3 months
• at some point the RDP certificate will be renewed by Windows
• after that , when launching a winapps app , you won't get any feedback because freerdp wants you to confirm you accept the new cert .

We need some way either for freerdp to always accept new cert or detect it and import it on the linux side

flatpak run --command=xfreerdp com.freerdp.FreeRDP /d: /u:Docker /p:Docker /scale:100 +auto-reconnect +clipboard +home-drive /audio-mode:1 -wallpaper +dynamic-resolution +span '/wm-class:Microsoft Word' '/app:program:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE,icon:/home/michel/.local/share/winapps/apps/word-o365/icon.svg,name:Microsoft Word' /v:127.0.0.1
[13:50:44:787] [2:00000003] [WARN][com.freerdp.crypto] - [verify_cb]: Certificate verification failure 'self-signed certificate (18)' at stack position 0
[13:50:44:787] [2:00000003] [WARN][com.freerdp.crypto] - [verify_cb]: CN = DOCKERW-J03S567
[13:50:44:788] [2:00000003] [ERROR][com.freerdp.crypto] - [tls_print_certificate_error]: New host key for 127.0.0.1:3389
[13:50:44:788] [2:00000003] [ERROR][com.freerdp.crypto] - [tls_print_certificate_error]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[13:50:44:788] [2:00000003] [ERROR][com.freerdp.crypto] - [tls_print_certificate_error]: @    WARNING: NEW HOST IDENTIFICATION!     @
[13:50:44:788] [2:00000003] [ERROR][com.freerdp.crypto] - [tls_print_certificate_error]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[13:50:44:788] [2:00000003] [ERROR][com.freerdp.crypto] - [tls_print_certificate_error]: The fingerprint for the host key sent by the remote host is 15:71:75:c8:42:18:21:bd:55:f5:a5:63:a3:e4:7d:83:0e:bd:61:85:5e:46:36:f6:b7:85:1b:e7:11:b2:c2:95
[13:50:44:788] [2:00000003] [ERROR][com.freerdp.crypto] - [tls_print_certificate_error]: Please contact your system administrator.
[13:50:44:788] [2:00000003] [ERROR][com.freerdp.crypto] - [tls_print_certificate_error]: Add correct host key in /home/michel/.var/app/com.freerdp.FreeRDP/config/freerdp/server/127.0.0.1_3389.pem to get rid of this message.
!!!Certificate for 127.0.0.1:3389 (RDP-Server) has changed!!!

New Certificate details:
	Common Name: DOCKERW-J03S567
	Subject:     CN = DOCKERW-J03S567
	Issuer:      CN = DOCKERW-J03S567
	Valid from:  Jan 15 05:18:53 2025 GMT
	Valid to:    Jul 17 05:18:53 2025 GMT
	Thumbprint:  15:71:75:c8:42:18:21:bd:55:f5:a5:63:a3:e4:7d:83:0e:bd:61:85:5e:46:36:f6:b7:85:1b:e7:11:b2:c2:95

Old Certificate details:
	Subject:     CN = DOCKERW-J03S567
	Issuer:      CN = DOCKERW-J03S567
	Valid from:  Aug 15 15:18:37 2024 GMT
	Valid to:    Feb 14 15:18:37 2025 GMT
	Thumbprint:  4e:d4:b3:89:e9:70:90:bb:dc:01:c5:09:05:eb:c3:8e:2c:34:c9:5e:44:fa:d0:53:29:f0:a6:54:8c:2a:1d:e8

The above X.509 certificate does not match the certificate used for previous connections.
This may indicate that the certificate has been tampered with.
Please contact the administrator of the RDP server and clarify.
Do you trust the above certificate? (Y/T/N) Y

[KernelGhost]

Does this remain an issue if /cert:ignore is used?

[freechelmi]

Thanks , works for full windows but not for apps , I'll dig why and commit a fix