7f1e1e370e
Fix priority string when using newer GnuTLS
The call of gnutls_set_default_priority_append() expects a normal priority
string, which means it must not start with ':'.
2 years ago
9b96266830
Utilize system-wide crypto policies
2 years ago
fb61fe8fdc
Use RFC7919-2048 group in GnuTLS for FIPS compliance.
3 years ago
e779322f05
Don't wait for TLS close response
Our current architecture doesn't support waiting for a response here, so
don't even try or we'll just get an error.
3 years ago
14d21d7b44
Handle GnuTLS shutdown on dead session
The session might have died, or failed to initialise properly, so be
prepared for gnutls_bye() to be unable to do its job.
3 years ago
83eee75c26
Log TLS handshake result
Makes it easier to debug TLS issues, and to see the effect of
altering the priority string.
5 years ago
06c1199c0a
Restore original streams when terminating TLS
In theory we could return to communicate without TLS after a
shutdown. It also makes sure the connection object isn't left
completely without streams.
5 years ago
1b7463478e
Delete TLS streams before deleting the session
The streams depend on the session and can crash the program if they
are removed in the wrong order. Do a general cleanup of the life time
management of the streams.
5 years ago
ad2b3c4aa3
Strongly bind security objects to connection object
There is already an implicit connection between them, so let's make
it explicit. This allows easy lookup outside of the processMsg() function.
5 years ago
4b9b89730d
avoid putting more includes in headers than necessary
6 years ago
cab73385ba
Move gnutls functions into SSecurityTLS
6 years ago
8aa4bc5320
Proper global init/deinit of GnuTLS
These are reference counted so it is important to retain symmetry
between the calls. Failure to do so will result in bad memory access
and crashes.
7 years ago
27eb55e197
Add parameter to override GnuTLS priority
9 years ago
88c24edd8f
Raise GnuTLS requirements to 3.x
This allows us to simplify things by getting rid of some old
compatibility code. People should really be using current versions
of GnuTLS anyway to stay secure.
9 years ago
800a35ccdd
Remove verbose TLS logging
We don't even log this much for RFB protocol stuff, and it makes
it very annoying to run with full debugging on.
9 years ago
3d2a84b9ea
Correct naming convention for some parameters
9 years ago
fe48cd4d24
Refactor the TLS code so that the push/pull functions are aware of their
containing stream object. This is in preparation for supporting GnuTLS 3.x.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4921 3789f03b-4d11-0410-bbf8-ca57d06f2519
12 years ago
ad8609a2ed
Fix unsafe usage of the logging functions.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4905 3789f03b-4d11-0410-bbf8-ca57d06f2519
12 years ago
348269d30b
[Bugfix] Register GNUTLS debug routines only when we actually need them.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4295 3789f03b-4d11-0410-bbf8-ca57d06f2519
13 years ago
6948ead152
[Bugfix] Check return codes from gnutls library every time.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4120 3789f03b-4d11-0410-bbf8-ca57d06f2519
14 years ago
21b61a5c03
[Development] Rename SSecurityTLSBase source/class to SSecurityTLS.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4108 3789f03b-4d11-0410-bbf8-ca57d06f2519
14 years ago
f39671def2
[Cleanup] Merge SSecurityTLS and SSecurityX509 classes into SSecurityTLSBase class.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4107 3789f03b-4d11-0410-bbf8-ca57d06f2519
14 years ago
df7997021e
[Bugfix] Compile VeNCrypt extension only when gnutls is enabled and available.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4049 3789f03b-4d11-0410-bbf8-ca57d06f2519
14 years ago
dfe19cfff8
[Development] Implement VeNCrypt security type on server side. Currently only
TLSNone and TLSVnc VeNCrypt subtypes are implemented.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4045 3789f03b-4d11-0410-bbf8-ca57d06f2519
14 years ago
Jan Grulich
JASON SIKES
Pierre Ossman
Brian P. Hinz
Adam Tkac