Move gnutls functions into SSecurityTLS

diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index b9460223404dbec47da4c4691d14edd0e92f3315..92ff4b801123017872d7adad1c4e6f497f1d4aba 100644 (file)
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -207,9 +207,16 @@ void SSecurityTLS::setParams(gnutls_session_t session)
 
     gnutls_certificate_set_dh_params(cert_cred, dh_params);
 
-    if (gnutls_certificate_set_x509_key_file(cert_cred, certfile, keyfile,
-        GNUTLS_X509_FMT_PEM) != GNUTLS_E_SUCCESS)
-      throw AuthFailureException("load of key failed");
+    switch (gnutls_certificate_set_x509_key_file(cert_cred, certfile, keyfile, GNUTLS_X509_FMT_PEM)) {
+    case GNUTLS_E_SUCCESS:
+      break;
+    case GNUTLS_E_CERTIFICATE_KEY_MISMATCH:
+      throw AuthFailureException("Private key does not match certificate");
+    case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:
+      throw AuthFailureException("Unsupported certificate type");
+    default:
+      throw AuthFailureException("Error loading X509 certificate or key");
+    }
 
     if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred)
         != GNUTLS_E_SUCCESS)

diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h
index 30242a2413a7806d08674b7b72fac8c429ab96ce..dafc997c4630af0f54669426fe24ca32f0bf1fb4 100644 (file)
--- a/common/rfb/SSecurityTLS.h
+++ b/common/rfb/SSecurityTLS.h
@@ -35,6 +35,7 @@
 #include <rdr/InStream.h>
 #include <rdr/OutStream.h>
 #include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
 
 namespace rfb {
 

diff --git a/win/vncconfig/Authentication.h b/win/vncconfig/Authentication.h
index 2967444af27edad267ff734521162200dfb02674..82971148bf51e23a409cc98755acac7affdf3908 100644 (file)
--- a/win/vncconfig/Authentication.h
+++ b/win/vncconfig/Authentication.h
@@ -21,13 +21,6 @@
 #include <windows.h>
 #include <commctrl.h>
 
-#ifdef HAVE_GNUTLS
-#include <assert.h>
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
-#define CHECK(x) assert((x)>=0)
-#endif
-
 #include <vncconfig/PasswordDialog.h>
 #include <rfb_win32/Registry.h>
 #include <rfb_win32/SecurityPage.h>
@@ -98,32 +91,8 @@ namespace rfb {
 
 #ifdef HAVE_GNUTLS
         if (isItemChecked(IDC_ENC_X509)) {
-          gnutls_certificate_credentials_t xcred;
-          CHECK(gnutls_global_init());
-          CHECK(gnutls_certificate_allocate_credentials(&xcred));
-          int ret = gnutls_certificate_set_x509_key_file (xcred,
-                                                          regKey.getString("X509Cert"),
-                                                          regKey.getString("X509Key"),
-                                                          GNUTLS_X509_FMT_PEM);
-          if (ret >= 0) {
-            SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Cert"));
-            SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Key"));
-          } else {
-            if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) {
-              MsgBox(0, _T("Private key does not match certificate.\n")
-                        _T("X.509 security types will not be enabled!"),
-                        MB_ICONWARNING | MB_OK);
-            } else if (ret == GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE) {
-              MsgBox(0, _T("Unsupported certificate type.\n")
-                        _T("X.509 security types will not be enabled!"),
-                        MB_ICONWARNING | MB_OK);
-            } else {
-              MsgBox(0, _T("Unknown error while importing X.509 certificate or private key.\n")
-                        _T("X.509 security types will not be enabled!"),
-                        MB_ICONWARNING | MB_OK);
-            }
-          }
-          gnutls_global_deinit();
+          SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Cert"));
+          SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Key"));
         }
 #endif