Add workaround for Vino's VeNCrypt implementation

author Pierre Ossman <ossman@cendio.se>

Tue, 29 Dec 2015 14:02:11 +0000 (15:02 +0100)

committer Pierre Ossman <ossman@cendio.se>

Tue, 29 Dec 2015 14:02:11 +0000 (15:02 +0100)
author Pierre Ossman <ossman@cendio.se>
Tue, 29 Dec 2015 14:02:11 +0000 (15:02 +0100)
committer Pierre Ossman <ossman@cendio.se>
Tue, 29 Dec 2015 14:02:11 +0000 (15:02 +0100)
diff --git a/common/rfb/Security.cxx b/common/rfb/Security.cxx

index e623ab5456c8c6b7f5e028863d0ffcaf5bba0e7b..0666041cb861252f6d9abceef31d4a38aa781c08 100644 (file)
--- a/common/rfb/Security.cxx
+++ b/common/rfb/Security.cxx
@@ -74,7 +74,18 @@ const std::list<rdr::U8> Security::GetEnabledSecTypes(void)
    list<rdr::U8> result;
    list<U32>::iterator i;
  
-  result.push_back(secTypeVeNCrypt);
+  /* Partial workaround for Vino's stupid behaviour. It doesn't allow
+   * the basic authentication types as part of the VeNCrypt handshake,
+   * making it impossible for a client to do opportunistic encryption.
+   * At least make it possible to connect when encryption is explicitly
+   * disabled. */
+  for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++) {
+    if (*i >= 0x100) {
+      result.push_back(secTypeVeNCrypt);
+      break;
+    }
+  }
+
    for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
      if (*i < 0x100)
        result.push_back(*i);
author	Pierre Ossman <ossman@cendio.se>
	Tue, 29 Dec 2015 14:02:11 +0000 (15:02 +0100)
committer	Pierre Ossman <ossman@cendio.se>
	Tue, 29 Dec 2015 14:02:11 +0000 (15:02 +0100)