Restore original streams when terminating TLS

In theory we could return to communicate without TLS after a
shutdown. It also makes sure the connection object isn't left
completely without streams.

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 7ca01d5795d933a42c0238251438f4185e0a6c61..e1a31f78313ab98c135c6073af009a61d691bba2 100644 (file)
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -69,7 +69,7 @@ static LogWriter vlog("TLS");
 
 CSecurityTLS::CSecurityTLS(CConnection* cc, bool _anon)
   : CSecurity(cc), session(NULL), anon_cred(NULL), cert_cred(NULL),
-    anon(_anon), tlsis(NULL), tlsos(NULL)
+    anon(_anon), tlsis(NULL), tlsos(NULL), rawis(NULL), rawos(NULL)
 {
   cafile = X509CA.getData();
   crlfile = X509CRL.getData();
@@ -116,6 +116,12 @@ void CSecurityTLS::shutdown(bool needbye)
     cert_cred = 0;
   }
 
+  if (rawis && rawos) {
+    cc->setStreams(rawis, rawos);
+    rawis = NULL;
+    rawos = NULL;
+  }
+
   if (tlsis) {
     delete tlsis;
     tlsis = NULL;
@@ -174,6 +180,9 @@ bool CSecurityTLS::processMsg()
     // for GnuTLS
     tlsis = new rdr::TLSInStream(is, session);
     tlsos = new rdr::TLSOutStream(os, session);
+
+    rawis = is;
+    rawos = os;
   }
 
   int err;

diff --git a/common/rfb/CSecurityTLS.h b/common/rfb/CSecurityTLS.h
index 0d5f8997e4379ff29b4d586e3195879f77d0774e..4932c078d688b416ac119cb29b436f921f050ccf 100644 (file)
--- a/common/rfb/CSecurityTLS.h
+++ b/common/rfb/CSecurityTLS.h
@@ -72,6 +72,9 @@ namespace rfb {
 
     rdr::InStream* tlsis;
     rdr::OutStream* tlsos;
+
+    rdr::InStream* rawis;
+    rdr::OutStream* rawos;
   };
 }
 

diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index bf77b9b2352c5d6f40fdd17b7e205537953529b5..49532f52913577911fdb05bd78509c5891778709 100644 (file)
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -51,7 +51,8 @@ static LogWriter vlog("TLS");
 
 SSecurityTLS::SSecurityTLS(SConnection* sc, bool _anon)
   : SSecurity(sc), session(NULL), dh_params(NULL), anon_cred(NULL),
-    cert_cred(NULL), anon(_anon), tlsis(NULL), tlsos(NULL)
+    cert_cred(NULL), anon(_anon), tlsis(NULL), tlsos(NULL),
+    rawis(NULL), rawos(NULL)
 {
   certfile = X509_CertFile.getData();
   keyfile = X509_KeyFile.getData();
@@ -84,6 +85,12 @@ void SSecurityTLS::shutdown()
     cert_cred = 0;
   }
 
+  if (rawis && rawos) {
+    sc->setStreams(rawis, rawos);
+    rawis = NULL;
+    rawos = NULL;
+  }
+
   if (tlsis) {
     delete tlsis;
     tlsis = NULL;
@@ -139,6 +146,9 @@ bool SSecurityTLS::processMsg()
     // for GnuTLS
     tlsis = new rdr::TLSInStream(is, session);
     tlsos = new rdr::TLSOutStream(os, session);
+
+    rawis = is;
+    rawos = os;
   }
 
   int err;

diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h
index 6d32e3ba2adc3df8de41f22ea0e7cdb1ee1bdf9b..6f711824b3d379276dfe9078d9a1199072205bf4 100644 (file)
--- a/common/rfb/SSecurityTLS.h
+++ b/common/rfb/SSecurityTLS.h
@@ -65,6 +65,9 @@ namespace rfb {
 
     rdr::InStream* tlsis;
     rdr::OutStream* tlsos;
+
+    rdr::InStream* rawis;
+    rdr::OutStream* rawos;
   };
 
 }