diff options
| author | Pierre Ossman <ossman@cendio.se> | 2017-09-08 15:28:39 +0200 |
|---|---|---|
| committer | Pierre Ossman <ossman@cendio.se> | 2017-09-08 15:28:39 +0200 |
| commit | 894f2c519717e23ee1dfa110a7d9226d49c6d2fa (patch) | |
| tree | a24b8f00f71f8093f36fda6cac02aa005edfd2af /common/rfb/CSecurityTLS.cxx | |
| parent | 82e753d4e1928342c82cc7b82e854aa2666d1145 (diff) | |
| download | tigervnc-894f2c519717e23ee1dfa110a7d9226d49c6d2fa.tar.gz tigervnc-894f2c519717e23ee1dfa110a7d9226d49c6d2fa.zip | |
Include server name in TLS handshake for SNI
In case the server is a front-end to multiple systems and needs to
know which system we're after.
Diffstat (limited to 'common/rfb/CSecurityTLS.cxx')
| -rw-r--r-- | common/rfb/CSecurityTLS.cxx | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx index 8a053e3d..d60f62be 100644 --- a/common/rfb/CSecurityTLS.cxx +++ b/common/rfb/CSecurityTLS.cxx @@ -254,6 +254,11 @@ void CSecurityTLS::setParam() if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred) != GNUTLS_E_SUCCESS) throw AuthFailureException("gnutls_credentials_set failed"); + if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, + client->getServerName(), + strlen(client->getServerName())) != GNUTLS_E_SUCCESS) + vlog.error("Failed to configure the server name for TLS handshake"); + vlog.debug("X509 session has been set"); } } |