Add better error message for insecure certificate algorithms

author Pierre Ossman <ossman@cendio.se>

Fri, 1 Sep 2017 09:15:31 +0000 (11:15 +0200)

committer Pierre Ossman <ossman@cendio.se>

Fri, 1 Sep 2017 09:15:31 +0000 (11:15 +0200)
author Pierre Ossman <ossman@cendio.se>
Fri, 1 Sep 2017 09:15:31 +0000 (11:15 +0200)
committer Pierre Ossman <ossman@cendio.se>
Fri, 1 Sep 2017 09:15:31 +0000 (11:15 +0200)
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx

index 8a053e3db7fb7b98e9785baed5d3a60a14793b62..58423fbf2759aacd9ce0f45fb55c37a692f2e0df 100644 (file)
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -332,6 +332,9 @@ void CSecurityTLS::checkSession()
    if (status & GNUTLS_CERT_SIGNER_NOT_CA)
      vlog.debug("server cert signer not CA");
  
+  if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
+    throw AuthFailureException("The server certificate uses an insecure algorithm");
+
    if ((status & (~allowed_errors)) != 0) {
      /* No other errors are allowed */
      vlog.debug("GNUTLS status of certificate verification: %u", status);
author	Pierre Ossman <ossman@cendio.se>
	Fri, 1 Sep 2017 09:15:31 +0000 (11:15 +0200)
committer	Pierre Ossman <ossman@cendio.se>
	Fri, 1 Sep 2017 09:15:31 +0000 (11:15 +0200)