aboutsummaryrefslogtreecommitdiffstats
path: root/common/rfb/SSecurityTLS.cxx
diff options
context:
space:
mode:
authorPierre Ossman <ossman@cendio.se>2021-07-14 14:24:08 +0200
committerPierre Ossman <ossman@cendio.se>2021-07-14 14:24:08 +0200
commitdfc9421dcf0fc97ad99638df501b95cb162e95b2 (patch)
tree0444f02b1f07c7e156bb7281695df0f6774e9fb1 /common/rfb/SSecurityTLS.cxx
parentbbc7a5733bef985d562c4f9f7ff404b950ab75f0 (diff)
parent9b96266830c2e565d1f3cadb322ebbc93ac94fa4 (diff)
downloadtigervnc-dfc9421dcf0fc97ad99638df501b95cb162e95b2.tar.gz
tigervnc-dfc9421dcf0fc97ad99638df501b95cb162e95b2.zip
Merge branch 'utilize-system-wide-crypto' of https://github.com/grulja/tigervnc
Diffstat (limited to 'common/rfb/SSecurityTLS.cxx')
-rw-r--r--common/rfb/SSecurityTLS.cxx66
1 files changed, 52 insertions, 14 deletions
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index 4abc158f..6216ffd9 100644
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -201,26 +201,64 @@ void SSecurityTLS::setParams(gnutls_session_t session)
static const char kx_anon_priority[] = ":+ANON-ECDH:+ANON-DH";
int ret;
- char *prio;
- const char *err;
- prio = (char*)malloc(strlen(Security::GnuTLSPriority) +
- strlen(kx_anon_priority) + 1);
- if (prio == NULL)
- throw AuthFailureException("Not enough memory for GnuTLS priority string");
+ // Custom priority string specified?
+ if (strcmp(Security::GnuTLSPriority, "") != 0) {
+ char *prio;
+ const char *err;
- strcpy(prio, Security::GnuTLSPriority);
- if (anon)
+ prio = (char*)malloc(strlen(Security::GnuTLSPriority) +
+ strlen(kx_anon_priority) + 1);
+ if (prio == NULL)
+ throw AuthFailureException("Not enough memory for GnuTLS priority string");
+
+ strcpy(prio, Security::GnuTLSPriority);
+ if (anon)
+ strcat(prio, kx_anon_priority);
+
+ ret = gnutls_priority_set_direct(session, prio, &err);
+
+ free(prio);
+
+ if (ret != GNUTLS_E_SUCCESS) {
+ if (ret == GNUTLS_E_INVALID_REQUEST)
+ vlog.error("GnuTLS priority syntax error at: %s", err);
+ throw AuthFailureException("gnutls_set_priority_direct failed");
+ }
+ } else if (anon) {
+ const char *err;
+
+#if GNUTLS_VERSION_NUMBER >= 0x030603
+ ret = gnutls_set_default_priority_append(session, kx_anon_priority, &err, 0);
+ if (ret != GNUTLS_E_SUCCESS) {
+ if (ret == GNUTLS_E_INVALID_REQUEST)
+ vlog.error("GnuTLS priority syntax error at: %s", err);
+ throw AuthFailureException("gnutls_set_default_priority_append failed");
+ }
+#else
+ // We don't know what the system default priority is, so we guess
+ // it's what upstream GnuTLS has
+ static const char gnutls_default_priority[] = "NORMAL";
+ char *prio;
+
+ prio = (char*)malloc(strlen(gnutls_default_priority) +
+ strlen(kx_anon_priority) + 1);
+ if (prio == NULL)
+ throw AuthFailureException("Not enough memory for GnuTLS priority string");
+
+ strcpy(prio, gnutls_default_priority);
strcat(prio, kx_anon_priority);
- ret = gnutls_priority_set_direct(session, prio, &err);
+ ret = gnutls_priority_set_direct(session, prio, &err);
- free(prio);
+ free(prio);
- if (ret != GNUTLS_E_SUCCESS) {
- if (ret == GNUTLS_E_INVALID_REQUEST)
- vlog.error("GnuTLS priority syntax error at: %s", err);
- throw AuthFailureException("gnutls_set_priority_direct failed");
+ if (ret != GNUTLS_E_SUCCESS) {
+ if (ret == GNUTLS_E_INVALID_REQUEST)
+ vlog.error("GnuTLS priority syntax error at: %s", err);
+ throw AuthFailureException("gnutls_set_priority_direct failed");
+ }
+#endif
}
#if defined (SSECURITYTLS__USE_DEPRECATED_DH)