diff options
author | Pierre Ossman <ossman@cendio.se> | 2015-01-29 13:31:06 +0100 |
---|---|---|
committer | Pierre Ossman <ossman@cendio.se> | 2015-01-29 13:31:06 +0100 |
commit | 27eb55e1975c4f558f6a53d573091e76064cc8e7 (patch) | |
tree | 55cfd339723a5b5a0ac5689d22be8bf6a94a0a80 /common/rfb/SSecurityTLS.cxx | |
parent | 88c24edd8f7a793561104be50b6ecf2c85b42956 (diff) | |
download | tigervnc-27eb55e1975c4f558f6a53d573091e76064cc8e7.tar.gz tigervnc-27eb55e1975c4f558f6a53d573091e76064cc8e7.zip |
Add parameter to override GnuTLS priority
Diffstat (limited to 'common/rfb/SSecurityTLS.cxx')
-rw-r--r-- | common/rfb/SSecurityTLS.cxx | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx index 88145e8b..0f52d34b 100644 --- a/common/rfb/SSecurityTLS.cxx +++ b/common/rfb/SSecurityTLS.cxx @@ -27,6 +27,8 @@ #error "This source should not be compiled without HAVE_GNUTLS defined" #endif +#include <stdlib.h> + #include <rfb/SSecurityTLS.h> #include <rfb/SConnection.h> #include <rfb/LogWriter.h> @@ -166,15 +168,25 @@ bool SSecurityTLS::processMsg(SConnection *sc) void SSecurityTLS::setParams(gnutls_session_t session) { - static const char kx_anon_priority[] = "NORMAL:+ANON-ECDH:+ANON-DH"; - static const char kx_priority[] = "NORMAL"; + static const char kx_anon_priority[] = ":+ANON-ECDH:+ANON-DH"; int ret; + char *prio; const char *err; - ret = gnutls_priority_set_direct(session, - anon ? kx_anon_priority : kx_priority, - &err); + prio = (char*)malloc(strlen(Security::GnuTLSPriority) + + strlen(kx_anon_priority) + 1); + if (prio == NULL) + throw AuthFailureException("Not enough memory for GnuTLS priority string"); + + strcpy(prio, Security::GnuTLSPriority); + if (anon) + strcat(prio, kx_anon_priority); + + ret = gnutls_priority_set_direct(session, prio, &err); + + free(prio); + if (ret != GNUTLS_E_SUCCESS) { if (ret == GNUTLS_E_INVALID_REQUEST) vlog.error("GnuTLS priority syntax error at: %s", err); |