tigervnc

Revīziju grafs

Autors	SHA1	Ziņojums	Datums
Pierre Ossman	83eee75c26	Log TLS handshake result Makes it easier to debug TLS issues, and to see the effect of altering the priority string.	pirms 5 gadiem
Pierre Ossman	06c1199c0a	Restore original streams when terminating TLS In theory we could return to communicate without TLS after a shutdown. It also makes sure the connection object isn't left completely without streams.	pirms 5 gadiem
Pierre Ossman	1b7463478e	Delete TLS streams before deleting the session The streams depend on the session and can crash the program if they are removed in the wrong order. Do a general cleanup of the life time management of the streams.	pirms 5 gadiem
Pierre Ossman	ad2b3c4aa3	Strongly bind security objects to connection object There is already an implicit connection between them, so let's make it explicit. This allows easy lookup outside of the processMsg() function.	pirms 5 gadiem
Pierre Ossman	50aaed49b6	Initialise CSecurityTLS::cert_cred properly If we leave it at something random we'll get an invalid delete if the handshake fails.	pirms 5 gadiem
Pierre Ossman	c04f756bd2	Use system certificate trust store Makes it possible to use certificates from all popular CAs with TigerVNC.	pirms 5 gadiem
Pierre Ossman	19225507cc	Make exception classes have clearer messages Include the type of exception in the string generated by each subclass. Also simplify the constructs to what is needed.	pirms 6 gadiem
Pierre Ossman	894f2c5197	Include server name in TLS handshake for SNI In case the server is a front-end to multiple systems and needs to know which system we're after.	pirms 6 gadiem
Pierre Ossman	e43e5e3051	Add better error message for insecure certificate algorithms	pirms 6 gadiem
Pierre Ossman	8aa4bc5320	Proper global init/deinit of GnuTLS These are reference counted so it is important to retain symmetry between the calls. Failure to do so will result in bad memory access and crashes.	pirms 7 gadiem
Pierre Ossman	27eb55e197	Add parameter to override GnuTLS priority	pirms 9 gadiem
Pierre Ossman	88c24edd8f	Raise GnuTLS requirements to 3.x This allows us to simplify things by getting rid of some old compatibility code. People should really be using current versions of GnuTLS anyway to stay secure.	pirms 9 gadiem
Pierre Ossman	800a35ccdd	Remove verbose TLS logging We don't even log this much for RFB protocol stuff, and it makes it very annoying to run with full debugging on.	pirms 9 gadiem
Pierre Ossman	3d2a84b9ea	Correct naming convention for some parameters	pirms 9 gadiem
Pierre Ossman	5ad4d06006	Remove a lot of platform compatibilty stuff It's either not used, or no longer relevant.	pirms 10 gadiem
Pierre Ossman	fe48cd4d24	Refactor the TLS code so that the push/pull functions are aware of their containing stream object. This is in preparation for supporting GnuTLS 3.x. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4921 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 12 gadiem
Pierre Ossman	ad8609a2ed	Fix unsafe usage of the logging functions. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4905 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 12 gadiem
Adam Tkac	ce6c8b097f	[Security] vncviewer can send password without proper validation of X.509 certs (CVE-2011-1775). Reference: http://www.mail-archive.com/tigervnc-devel@lists.sourceforge.net/msg01342.html git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4401 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
Adam Tkac	348269d30b	[Bugfix] Register GNUTLS debug routines only when we actually need them. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4295 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
Adam Tkac	b486423692	[Bugfix] Improve compatibility with ancient GNUTLS implementations even more. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4278 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
Adam Tkac	68481c19eb	[Development] os: add gnutls_x509_crt_print() implementation, older systems don't have it and improve backward compatibility of TLS code. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4277 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
Adam Tkac	e32573a56b	[Bugfix] client: improve server certificate verification code. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4276 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
Adam Tkac	44cdb1352a	[Bugfix] Call gnutls_bye only when handshake is completed. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4275 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
DRC	32020bf720	Oops. Checked in some debugging code. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4272 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
DRC	b7ab54f0df	Oops. Need to wait until after gnutls.h is included before checking the value of GNUTLS_VERSION_NUMBER git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4266 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
DRC	ff1e1ff941	Attempt to restore compatibility with older GnuTLS versions git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4264 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
Adam Tkac	f16a421570	[Bugfix] Print empty string by default when paths for X.509 certs don't exist. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4256 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
Adam Tkac	437b0c2fc3	[Bugfix] Append ".pem" suffix to saved certificates. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4254 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
Adam Tkac	af0817220e	[Development] Rename function "gethomedir" to "getvnchomedir" and rewrite it in platform-intependent manner. Thanks to Guillaume Destuynder. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4252 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
Adam Tkac	179d2b14ec	[Bugfix] CSecurityTLS.cxx: include os/print.h to get correct snprintf definition. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4240 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
Adam Tkac	c4674db3bd	[Bugfix] Don't include unistd.h and don't call access() on Windows. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4239 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
Adam Tkac	5d4c6acf92	[Bugfix] Use free() instead of gnutls_free() on Windows. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4238 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
Adam Tkac	27b2f773be	[Development] client: Add dialog window to accept/save invalid X509 certificates. (Guillaume Destuynder) git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4198 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
Adam Tkac	6948ead152	[Bugfix] Check return codes from gnutls library every time. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4120 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 13 gadiem
Adam Tkac	3c5be39e92	[Development] Rename CSecurityTLSBase class to CSecurityTLS. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4110 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 14 gadiem
Adam Tkac	0e61c34932	[Development] Merge CSecurityTLS and CSecurityX509 classes into CSecurityTLSBase class. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4109 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 14 gadiem
Adam Tkac	4395823664	[Bugfix] Add "#error" directives to client-side TLS sources to avoid wrong usage. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4104 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 14 gadiem
Adam Tkac	b10489b039	[Development] Implement VeNCrypt type support on client side. Currently only TLSNone and TLSVnc VeNCrypt subtypes are implemented. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4046 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 14 gadiem
Adam Tkac	dfe19cfff8	[Development] Implement VeNCrypt security type on server side. Currently only TLSNone and TLSVnc VeNCrypt subtypes are implemented. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4045 3789f03b-4d11-0410-bbf8-ca57d06f2519	pirms 14 gadiem

39 Revīzijas (83eee75c263bc725b53a0d1de957292d2fbd367e)