This allows us to simplify things by getting rid of some old compatibility code. People should really be using current versions of GnuTLS anyway to stay secure.tags/v1.4.90
@@ -12,7 +12,7 @@ Build Requirements (All Systems) | |||
-- FLTK 1.3.3 or later | |||
-- If building TLS support: | |||
* GnuTLS | |||
* GnuTLS 3.x | |||
* See "Building TLS Support" below. | |||
-- If building native language support (NLS): |
@@ -236,30 +236,6 @@ if(ENABLE_GNUTLS) | |||
include_directories(${GNUTLS_INCLUDE_DIR}) | |||
add_definitions("-DHAVE_GNUTLS") | |||
add_definitions(${GNUTLS_DEFINITIONS}) | |||
# Detect old version of GnuTLS | |||
set(CMAKE_REQUIRED_FLAGS -I${GNUTLS_INCLUDE_DIR}) | |||
set(CMAKE_EXTRA_INCLUDE_FILES gnutls/gnutls.h) | |||
set(CMAKE_REQUIRED_LIBRARIES ${GNUTLS_LIBRARIES}) | |||
if(WIN32) | |||
set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} ws2_32 user32) | |||
endif() | |||
if(ZLIB_FOUND) | |||
# When we build against the static version of GnuTLS, we also use the | |||
# included version of Zlib, but it isn't built yet, so we have to use the | |||
# system's version (if available) to perform this test. | |||
set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES};-lz) | |||
endif() | |||
check_function_exists(gnutls_transport_set_errno HAVE_GNUTLS_SET_ERRNO) | |||
check_function_exists(gnutls_transport_set_global_errno HAVE_GNUTLS_SET_GLOBAL_ERRNO) | |||
check_function_exists(gnutls_x509_crt_print HAVE_GNUTLS_X509_CRT_PRINT) | |||
check_type_size(gnutls_x509_crt_t GNUTLS_X509_CRT_T) | |||
check_type_size(gnutls_datum_t GNUTLS_DATUM_T) | |||
check_type_size(gnutls_pk_algorithm_t GNUTLS_PK_ALGORITHM_T) | |||
check_type_size(gnutls_sign_algorithm_t GNUTLS_SIGN_ALGORITHM_T) | |||
set(CMAKE_REQUIRED_FLAGS) | |||
set(CMAKE_EXTRA_INCLUDE_FILES) | |||
set(CMAKE_REQUIRED_LIBRARIES) | |||
endif() | |||
endif() | |||
@@ -2,8 +2,7 @@ include_directories(${CMAKE_SOURCE_DIR}/common) | |||
add_library(os STATIC | |||
w32tiger.c | |||
os.cxx | |||
tls.cxx) | |||
os.cxx) | |||
if(UNIX) | |||
libtool_create_control_file(os) |
@@ -1,198 +0,0 @@ | |||
/* Copyright (C) 2011 TightVNC Team. All Rights Reserved. | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
#ifdef HAVE_CONFIG_H | |||
#include <config.h> | |||
#endif | |||
#include <os/tls.h> | |||
#include <iomanip> | |||
#include <stdio.h> | |||
#include <stdlib.h> | |||
#include <string.h> | |||
#include <sstream> | |||
#include <sys/types.h> | |||
#include <time.h> | |||
using namespace std; | |||
#if defined(HAVE_GNUTLS) && !defined(WIN32) | |||
#include <gnutls/gnutls.h> | |||
#include <gnutls/x509.h> | |||
#ifndef HAVE_GNUTLS_X509_CRT_PRINT | |||
/* Ancient GNUTLS... */ | |||
#if !defined(GNUTLS_VERSION_NUMBER) && !defined(LIBGNUTLS_VERSION_NUMBER) | |||
#define GNUTLS_DIG_SHA1 GNUTLS_DIG_SHA | |||
#endif | |||
#define UNKNOWN_SUBJECT(err) \ | |||
do { \ | |||
ss << "unknown subject (" << gnutls_strerror(err) << "), "; \ | |||
} while (0) | |||
#define UNKNOWN_ISSUER(err) \ | |||
do { \ | |||
ss << "unknown issuer (" << gnutls_strerror(err) << "), "; \ | |||
} while (0) | |||
static void | |||
hexprint(ostringstream &ss, const char *data, size_t len) | |||
{ | |||
size_t j; | |||
char tmp[3]; | |||
if (len == 0) | |||
ss << "00"; | |||
else { | |||
for (j = 0; j < len; j++) { | |||
snprintf(tmp, sizeof(tmp), "%.2x", (unsigned char) data[j]); | |||
ss << tmp; | |||
} | |||
} | |||
} | |||
/* Implementation based on gnutls_x509_crt_print from GNUTLS */ | |||
int | |||
gnutls_x509_crt_print(gnutls_x509_crt_t cert, | |||
gnutls_certificate_print_formats_t format, | |||
gnutls_datum_t * out) | |||
{ | |||
ostringstream ss; | |||
int err; | |||
char *dn; | |||
size_t dn_size = 0; | |||
/* Subject */ | |||
err = gnutls_x509_crt_get_dn(cert, NULL, &dn_size); | |||
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) | |||
UNKNOWN_SUBJECT(err); | |||
else { | |||
dn = (char *)malloc(dn_size); | |||
if (dn == NULL) { | |||
UNKNOWN_SUBJECT(GNUTLS_E_MEMORY_ERROR); | |||
} else { | |||
err = gnutls_x509_crt_get_dn(cert, dn, &dn_size); | |||
if (err < 0) { | |||
UNKNOWN_SUBJECT(err); | |||
} else | |||
ss << "subject `" << dn << "', "; | |||
free(dn); | |||
} | |||
} | |||
/* Issuer */ | |||
dn = NULL; | |||
dn_size = 0; | |||
err = gnutls_x509_crt_get_issuer_dn(cert, NULL, &dn_size); | |||
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) | |||
UNKNOWN_ISSUER(err); | |||
else { | |||
dn = (char *)malloc(dn_size); | |||
if (dn == NULL) { | |||
UNKNOWN_ISSUER(GNUTLS_E_MEMORY_ERROR); | |||
} else { | |||
err = gnutls_x509_crt_get_issuer_dn(cert, dn, &dn_size); | |||
if (err < 0) | |||
UNKNOWN_ISSUER(err); | |||
else | |||
ss << "issuer `" << dn << "', "; | |||
free(dn); | |||
} | |||
} | |||
/* Key algorithm and size */ | |||
unsigned int bits; | |||
const char *name; | |||
name = gnutls_pk_algorithm_get_name( (gnutls_pk_algorithm_t) | |||
gnutls_x509_crt_get_pk_algorithm(cert, &bits)); | |||
if (name == NULL) | |||
name = "Unknown"; | |||
ss << name << " key " << bits << " bits, "; | |||
/* Signature algorithm */ | |||
err = gnutls_x509_crt_get_signature_algorithm(cert); | |||
if (err < 0) { | |||
ss << "unknown signature algorithm (" << gnutls_strerror(err) | |||
<< "), "; | |||
} else { | |||
const char *name; | |||
name = gnutls_sign_algorithm_get_name((gnutls_sign_algorithm_t)err); | |||
if (name == NULL) | |||
name = "Unknown"; | |||
ss << "signed using " << name; | |||
if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2) | |||
ss << " (broken!)"; | |||
ss << ", "; | |||
} | |||
/* Validity */ | |||
time_t tim; | |||
char s[42]; | |||
size_t max = sizeof(s); | |||
struct tm t; | |||
tim = gnutls_x509_crt_get_activation_time(cert); | |||
if (gmtime_r(&tim, &t) == NULL) | |||
ss << "unknown activation (" << (unsigned long) tim << ")"; | |||
else if (strftime(s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) | |||
ss << "failed activation (" << (unsigned long) tim << ")"; | |||
else | |||
ss << "activated `" << s << "'"; | |||
ss << ", "; | |||
tim = gnutls_x509_crt_get_expiration_time(cert); | |||
if (gmtime_r(&tim, &t) == NULL) | |||
ss << "unknown expiry (" << (unsigned long) tim << ")"; | |||
else if (strftime(s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) | |||
ss << "failed expiry (" << (unsigned long) tim << ")"; | |||
else | |||
ss << "expires `" << s << "'"; | |||
ss << ", "; | |||
/* Fingerprint */ | |||
char buffer[20]; | |||
size_t size = sizeof(buffer); | |||
err = gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA1, buffer, &size); | |||
if (err < 0) | |||
ss << "unknown fingerprint (" << gnutls_strerror(err) << ")"; | |||
else { | |||
ss << "SHA-1 fingerprint `"; | |||
hexprint(ss, buffer, size); | |||
ss << "'"; | |||
} | |||
out->data = (unsigned char *) strdup(ss.str().c_str()); | |||
if (out->data == NULL) | |||
return GNUTLS_E_MEMORY_ERROR; | |||
out->size = strlen((char *)out->data); | |||
return 0; | |||
} | |||
#endif /* HAVE_GNUTLS_X509_CRT_PRINT */ | |||
#endif /* HAVE_GNUTLS */ | |||
@@ -1,59 +0,0 @@ | |||
/* Copyright (C) 2011 TightVNC Team. All Rights Reserved. | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
#ifndef OS_TLS_H | |||
#define OS_TLS_H | |||
#ifdef HAVE_CONFIG_H | |||
#include <config.h> | |||
#endif | |||
#if defined(HAVE_GNUTLS) | |||
#include <gnutls/gnutls.h> | |||
#ifndef HAVE_GNUTLS_DATUM_T | |||
typedef gnutls_datum gnutls_datum_t; | |||
#endif | |||
#ifndef HAVE_GNUTLS_X509_CRT_T | |||
typedef gnutls_x509_crt gnutls_x509_crt_t; | |||
#endif | |||
#ifndef HAVE_GNUTLS_PK_ALGORITHM_T | |||
typedef gnutls_pk_algorithm gnutls_pk_algorithm_t; | |||
#endif | |||
#ifndef HAVE_GNUTLS_SIGN_ALGORITHM_T | |||
typedef gnutls_sign_algorithm gnutls_sign_algorithm_t; | |||
#endif | |||
#ifndef HAVE_GNUTLS_X509_CRT_PRINT | |||
typedef enum { | |||
GNUTLS_CRT_PRINT_ONELINE = 1 | |||
} gnutls_certificate_print_formats_t; | |||
/* | |||
* Prints certificate in human-readable form. | |||
*/ | |||
int | |||
gnutls_x509_crt_print(gnutls_x509_crt_t cert, | |||
gnutls_certificate_print_formats_t format, | |||
gnutls_datum_t * out); | |||
#endif /* HAVE_GNUTLS_X509_CRT_PRINT */ | |||
#endif /* HAVE_GNUTLS */ | |||
#endif /* OS_TLS_H */ | |||
@@ -1,46 +0,0 @@ | |||
/* Copyright (C) 2012 Pierre Ossman for Cendio AB | |||
* | |||
* This is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; either version 2 of the License, or | |||
* (at your option) any later version. | |||
* | |||
* This software is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this software; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |||
* USA. | |||
*/ | |||
#ifndef __RDR_TLSERRNO_H__ | |||
#define __RDR_TLSERRNO_H__ | |||
#ifdef HAVE_CONFIG_H | |||
#include <config.h> | |||
#endif | |||
#ifdef HAVE_GNUTLS | |||
#include <errno.h> | |||
namespace rdr { | |||
static inline void gnutls_errno_helper(gnutls_session session, int _errno) | |||
{ | |||
#if defined(HAVE_GNUTLS_SET_ERRNO) | |||
gnutls_transport_set_errno(session, _errno); | |||
#elif defined(HAVE_GNUTLS_SET_GLOBAL_ERRNO) | |||
gnutls_transport_set_global_errno(_errno); | |||
#else | |||
errno = _errno; | |||
#endif | |||
} | |||
}; | |||
#endif | |||
#endif |
@@ -25,7 +25,6 @@ | |||
#include <rdr/Exception.h> | |||
#include <rdr/TLSException.h> | |||
#include <rdr/TLSInStream.h> | |||
#include <rdr/TLSErrno.h> | |||
#include <errno.h> | |||
#ifdef HAVE_GNUTLS | |||
@@ -33,14 +32,14 @@ using namespace rdr; | |||
enum { DEFAULT_BUF_SIZE = 16384 }; | |||
ssize_t TLSInStream::pull(gnutls_transport_ptr str, void* data, size_t size) | |||
ssize_t TLSInStream::pull(gnutls_transport_ptr_t str, void* data, size_t size) | |||
{ | |||
TLSInStream* self= (TLSInStream*) str; | |||
InStream *in = self->in; | |||
try { | |||
if (!in->check(1, 1, false)) { | |||
gnutls_errno_helper(self->session, EAGAIN); | |||
gnutls_transport_set_errno(self->session, EAGAIN); | |||
return -1; | |||
} | |||
@@ -50,17 +49,17 @@ ssize_t TLSInStream::pull(gnutls_transport_ptr str, void* data, size_t size) | |||
in->readBytes(data, size); | |||
} catch (Exception& e) { | |||
gnutls_errno_helper(self->session, EINVAL); | |||
gnutls_transport_set_errno(self->session, EINVAL); | |||
return -1; | |||
} | |||
return size; | |||
} | |||
TLSInStream::TLSInStream(InStream* _in, gnutls_session _session) | |||
TLSInStream::TLSInStream(InStream* _in, gnutls_session_t _session) | |||
: session(_session), in(_in), bufSize(DEFAULT_BUF_SIZE), offset(0) | |||
{ | |||
gnutls_transport_ptr recv, send; | |||
gnutls_transport_ptr_t recv, send; | |||
ptr = end = start = new U8[bufSize]; | |||
@@ -33,7 +33,7 @@ namespace rdr { | |||
class TLSInStream : public InStream { | |||
public: | |||
TLSInStream(InStream* in, gnutls_session session); | |||
TLSInStream(InStream* in, gnutls_session_t session); | |||
virtual ~TLSInStream(); | |||
int pos(); | |||
@@ -41,9 +41,9 @@ namespace rdr { | |||
private: | |||
int overrun(int itemSize, int nItems, bool wait); | |||
int readTLS(U8* buf, int len, bool wait); | |||
static ssize_t pull(gnutls_transport_ptr str, void* data, size_t size); | |||
static ssize_t pull(gnutls_transport_ptr_t str, void* data, size_t size); | |||
gnutls_session session; | |||
gnutls_session_t session; | |||
InStream* in; | |||
int bufSize; | |||
int offset; |
@@ -25,7 +25,6 @@ | |||
#include <rdr/Exception.h> | |||
#include <rdr/TLSException.h> | |||
#include <rdr/TLSOutStream.h> | |||
#include <rdr/TLSErrno.h> | |||
#include <errno.h> | |||
#ifdef HAVE_GNUTLS | |||
@@ -33,7 +32,7 @@ using namespace rdr; | |||
enum { DEFAULT_BUF_SIZE = 16384 }; | |||
ssize_t TLSOutStream::push(gnutls_transport_ptr str, const void* data, | |||
ssize_t TLSOutStream::push(gnutls_transport_ptr_t str, const void* data, | |||
size_t size) | |||
{ | |||
TLSOutStream* self= (TLSOutStream*) str; | |||
@@ -43,17 +42,17 @@ ssize_t TLSOutStream::push(gnutls_transport_ptr str, const void* data, | |||
out->writeBytes(data, size); | |||
out->flush(); | |||
} catch (Exception& e) { | |||
gnutls_errno_helper(self->session, EINVAL); | |||
gnutls_transport_set_errno(self->session, EINVAL); | |||
return -1; | |||
} | |||
return size; | |||
} | |||
TLSOutStream::TLSOutStream(OutStream* _out, gnutls_session _session) | |||
TLSOutStream::TLSOutStream(OutStream* _out, gnutls_session_t _session) | |||
: session(_session), out(_out), bufSize(DEFAULT_BUF_SIZE), offset(0) | |||
{ | |||
gnutls_transport_ptr recv, send; | |||
gnutls_transport_ptr_t recv, send; | |||
ptr = start = new U8[bufSize]; | |||
end = start + bufSize; |
@@ -32,7 +32,7 @@ namespace rdr { | |||
class TLSOutStream : public OutStream { | |||
public: | |||
TLSOutStream(OutStream* out, gnutls_session session); | |||
TLSOutStream(OutStream* out, gnutls_session_t session); | |||
virtual ~TLSOutStream(); | |||
void flush(); | |||
@@ -43,9 +43,9 @@ namespace rdr { | |||
private: | |||
int writeTLS(const U8* data, int length); | |||
static ssize_t push(gnutls_transport_ptr str, const void* data, size_t size); | |||
static ssize_t push(gnutls_transport_ptr_t str, const void* data, size_t size); | |||
gnutls_session session; | |||
gnutls_session_t session; | |||
OutStream* out; | |||
int bufSize; | |||
U8* start; |
@@ -42,7 +42,6 @@ | |||
#include <rdr/TLSInStream.h> | |||
#include <rdr/TLSOutStream.h> | |||
#include <os/os.h> | |||
#include <os/tls.h> | |||
#include <gnutls/x509.h> | |||
@@ -202,13 +201,19 @@ bool CSecurityTLS::processMsg(CConnection* cc) | |||
void CSecurityTLS::setParam() | |||
{ | |||
static const int kx_anon_priority[] = { GNUTLS_KX_ANON_DH, 0 }; | |||
static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, | |||
GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 }; | |||
static const char kx_anon_priority[] = "NORMAL:+ANON-ECDH:+ANON-DH"; | |||
static const char kx_priority[] = "NORMAL"; | |||
int ret; | |||
const char *err; | |||
if (anon) { | |||
if (gnutls_kx_set_priority(session, kx_anon_priority) != GNUTLS_E_SUCCESS) | |||
throw AuthFailureException("gnutls_kx_set_priority failed"); | |||
ret = gnutls_priority_set_direct(session, kx_anon_priority, &err); | |||
if (ret != GNUTLS_E_SUCCESS) { | |||
if (ret == GNUTLS_E_INVALID_REQUEST) | |||
vlog.error("GnuTLS priority syntax error at: %s", err); | |||
throw AuthFailureException("gnutls_set_priority_direct failed"); | |||
} | |||
if (gnutls_anon_allocate_client_credentials(&anon_cred) != GNUTLS_E_SUCCESS) | |||
throw AuthFailureException("gnutls_anon_allocate_client_credentials failed"); | |||
@@ -218,8 +223,12 @@ void CSecurityTLS::setParam() | |||
vlog.debug("Anonymous session has been set"); | |||
} else { | |||
if (gnutls_kx_set_priority(session, kx_priority) != GNUTLS_E_SUCCESS) | |||
throw AuthFailureException("gnutls_kx_set_priority failed"); | |||
ret = gnutls_priority_set_direct(session, kx_priority, &err); | |||
if (ret != GNUTLS_E_SUCCESS) { | |||
if (ret == GNUTLS_E_INVALID_REQUEST) | |||
vlog.error("GnuTLS priority syntax error at: %s", err); | |||
throw AuthFailureException("gnutls_set_priority_direct failed"); | |||
} | |||
if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS) | |||
throw AuthFailureException("gnutls_certificate_allocate_credentials failed"); | |||
@@ -259,10 +268,10 @@ void CSecurityTLS::checkSession() | |||
GNUTLS_CERT_SIGNER_NOT_FOUND | | |||
GNUTLS_CERT_SIGNER_NOT_CA; | |||
unsigned int status; | |||
const gnutls_datum *cert_list; | |||
const gnutls_datum_t *cert_list; | |||
unsigned int cert_list_size = 0; | |||
int err; | |||
gnutls_datum info; | |||
gnutls_datum_t info; | |||
if (anon) | |||
return; | |||
@@ -298,7 +307,7 @@ void CSecurityTLS::checkSession() | |||
throw AuthFailureException("empty certificate chain"); | |||
/* Process only server's certificate, not issuer's certificate */ | |||
gnutls_x509_crt crt; | |||
gnutls_x509_crt_t crt; | |||
gnutls_x509_crt_init(&crt); | |||
if (gnutls_x509_crt_import(crt, &cert_list[0], GNUTLS_X509_FMT_DER) < 0) |
@@ -64,9 +64,9 @@ namespace rfb { | |||
private: | |||
static void initGlobal(); | |||
gnutls_session session; | |||
gnutls_anon_client_credentials anon_cred; | |||
gnutls_certificate_credentials cert_cred; | |||
gnutls_session_t session; | |||
gnutls_anon_client_credentials_t anon_cred; | |||
gnutls_certificate_credentials_t cert_cred; | |||
bool anon; | |||
char *cafile, *crlfile; |
@@ -164,15 +164,22 @@ bool SSecurityTLS::processMsg(SConnection *sc) | |||
return true; | |||
} | |||
void SSecurityTLS::setParams(gnutls_session session) | |||
void SSecurityTLS::setParams(gnutls_session_t session) | |||
{ | |||
static const int kx_anon_priority[] = { GNUTLS_KX_ANON_DH, 0 }; | |||
static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, | |||
GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 }; | |||
if (gnutls_kx_set_priority(session, anon ? kx_anon_priority : kx_priority) | |||
!= GNUTLS_E_SUCCESS) | |||
throw AuthFailureException("gnutls_kx_set_priority failed"); | |||
static const char kx_anon_priority[] = "NORMAL:+ANON-ECDH:+ANON-DH"; | |||
static const char kx_priority[] = "NORMAL"; | |||
int ret; | |||
const char *err; | |||
ret = gnutls_priority_set_direct(session, | |||
anon ? kx_anon_priority : kx_priority, | |||
&err); | |||
if (ret != GNUTLS_E_SUCCESS) { | |||
if (ret == GNUTLS_E_INVALID_REQUEST) | |||
vlog.error("GnuTLS priority syntax error at: %s", err); | |||
throw AuthFailureException("gnutls_set_priority_direct failed"); | |||
} | |||
if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS) | |||
throw AuthFailureException("gnutls_dh_params_init failed"); |
@@ -51,15 +51,15 @@ namespace rfb { | |||
protected: | |||
void shutdown(); | |||
void setParams(gnutls_session session); | |||
void setParams(gnutls_session_t session); | |||
private: | |||
static void initGlobal(); | |||
gnutls_session session; | |||
gnutls_dh_params dh_params; | |||
gnutls_anon_server_credentials anon_cred; | |||
gnutls_certificate_credentials cert_cred; | |||
gnutls_session_t session; | |||
gnutls_dh_params_t dh_params; | |||
gnutls_anon_server_credentials_t anon_cred; | |||
gnutls_certificate_credentials_t cert_cred; | |||
char *keyfile, *certfile; | |||
int type; |
@@ -4,13 +4,6 @@ | |||
#cmakedefine HAVE_INET_ATON | |||
#cmakedefine HAVE_INET_PTON | |||
#cmakedefine HAVE_GETADDRINFO | |||
#cmakedefine HAVE_GNUTLS_SET_GLOBAL_ERRNO | |||
#cmakedefine HAVE_GNUTLS_SET_ERRNO | |||
#cmakedefine HAVE_GNUTLS_X509_CRT_PRINT | |||
#cmakedefine HAVE_GNUTLS_X509_CRT_T | |||
#cmakedefine HAVE_GNUTLS_DATUM_T | |||
#cmakedefine HAVE_GNUTLS_PK_ALGORITHM_T | |||
#cmakedefine HAVE_GNUTLS_SIGN_ALGORITHM_T | |||
#cmakedefine HAVE_ACTIVE_DESKTOP_H | |||
#cmakedefine HAVE_ACTIVE_DESKTOP_L | |||
#cmakedefine ENABLE_NLS 1 |