From cab73385bafb146676a7f14e0404bfeb4f9cd1ea Mon Sep 17 00:00:00 2001 From: "Brian P. Hinz" Date: Tue, 14 Nov 2017 20:57:07 -0500 Subject: [PATCH] Move gnutls functions into SSecurityTLS --- common/rfb/SSecurityTLS.cxx | 13 ++++++++++--- common/rfb/SSecurityTLS.h | 1 + win/vncconfig/Authentication.h | 35 ++-------------------------------- 3 files changed, 13 insertions(+), 36 deletions(-) diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx index b9460223..92ff4b80 100644 --- a/common/rfb/SSecurityTLS.cxx +++ b/common/rfb/SSecurityTLS.cxx @@ -207,9 +207,16 @@ void SSecurityTLS::setParams(gnutls_session_t session) gnutls_certificate_set_dh_params(cert_cred, dh_params); - if (gnutls_certificate_set_x509_key_file(cert_cred, certfile, keyfile, - GNUTLS_X509_FMT_PEM) != GNUTLS_E_SUCCESS) - throw AuthFailureException("load of key failed"); + switch (gnutls_certificate_set_x509_key_file(cert_cred, certfile, keyfile, GNUTLS_X509_FMT_PEM)) { + case GNUTLS_E_SUCCESS: + break; + case GNUTLS_E_CERTIFICATE_KEY_MISMATCH: + throw AuthFailureException("Private key does not match certificate"); + case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE: + throw AuthFailureException("Unsupported certificate type"); + default: + throw AuthFailureException("Error loading X509 certificate or key"); + } if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred) != GNUTLS_E_SUCCESS) diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h index 30242a24..dafc997c 100644 --- a/common/rfb/SSecurityTLS.h +++ b/common/rfb/SSecurityTLS.h @@ -35,6 +35,7 @@ #include #include #include +#include namespace rfb { diff --git a/win/vncconfig/Authentication.h b/win/vncconfig/Authentication.h index 2967444a..82971148 100644 --- a/win/vncconfig/Authentication.h +++ b/win/vncconfig/Authentication.h @@ -21,13 +21,6 @@ #include #include -#ifdef HAVE_GNUTLS -#include -#include -#include -#define CHECK(x) assert((x)>=0) -#endif - #include #include #include @@ -98,32 +91,8 @@ namespace rfb { #ifdef HAVE_GNUTLS if (isItemChecked(IDC_ENC_X509)) { - gnutls_certificate_credentials_t xcred; - CHECK(gnutls_global_init()); - CHECK(gnutls_certificate_allocate_credentials(&xcred)); - int ret = gnutls_certificate_set_x509_key_file (xcred, - regKey.getString("X509Cert"), - regKey.getString("X509Key"), - GNUTLS_X509_FMT_PEM); - if (ret >= 0) { - SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Cert")); - SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Key")); - } else { - if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) { - MsgBox(0, _T("Private key does not match certificate.\n") - _T("X.509 security types will not be enabled!"), - MB_ICONWARNING | MB_OK); - } else if (ret == GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE) { - MsgBox(0, _T("Unsupported certificate type.\n") - _T("X.509 security types will not be enabled!"), - MB_ICONWARNING | MB_OK); - } else { - MsgBox(0, _T("Unknown error while importing X.509 certificate or private key.\n") - _T("X.509 security types will not be enabled!"), - MB_ICONWARNING | MB_OK); - } - } - gnutls_global_deinit(); + SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Cert")); + SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Key")); } #endif -- 2.39.5