diff options
author | Pierre Ossman <ossman@cendio.se> | 2021-07-14 14:24:08 +0200 |
---|---|---|
committer | Pierre Ossman <ossman@cendio.se> | 2021-07-14 14:24:08 +0200 |
commit | dfc9421dcf0fc97ad99638df501b95cb162e95b2 (patch) | |
tree | 0444f02b1f07c7e156bb7281695df0f6774e9fb1 /common/rfb/SSecurityTLS.cxx | |
parent | bbc7a5733bef985d562c4f9f7ff404b950ab75f0 (diff) | |
parent | 9b96266830c2e565d1f3cadb322ebbc93ac94fa4 (diff) | |
download | tigervnc-dfc9421dcf0fc97ad99638df501b95cb162e95b2.tar.gz tigervnc-dfc9421dcf0fc97ad99638df501b95cb162e95b2.zip |
Merge branch 'utilize-system-wide-crypto' of https://github.com/grulja/tigervnc
Diffstat (limited to 'common/rfb/SSecurityTLS.cxx')
-rw-r--r-- | common/rfb/SSecurityTLS.cxx | 66 |
1 files changed, 52 insertions, 14 deletions
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx index 4abc158f..6216ffd9 100644 --- a/common/rfb/SSecurityTLS.cxx +++ b/common/rfb/SSecurityTLS.cxx @@ -201,26 +201,64 @@ void SSecurityTLS::setParams(gnutls_session_t session) static const char kx_anon_priority[] = ":+ANON-ECDH:+ANON-DH"; int ret; - char *prio; - const char *err; - prio = (char*)malloc(strlen(Security::GnuTLSPriority) + - strlen(kx_anon_priority) + 1); - if (prio == NULL) - throw AuthFailureException("Not enough memory for GnuTLS priority string"); + // Custom priority string specified? + if (strcmp(Security::GnuTLSPriority, "") != 0) { + char *prio; + const char *err; - strcpy(prio, Security::GnuTLSPriority); - if (anon) + prio = (char*)malloc(strlen(Security::GnuTLSPriority) + + strlen(kx_anon_priority) + 1); + if (prio == NULL) + throw AuthFailureException("Not enough memory for GnuTLS priority string"); + + strcpy(prio, Security::GnuTLSPriority); + if (anon) + strcat(prio, kx_anon_priority); + + ret = gnutls_priority_set_direct(session, prio, &err); + + free(prio); + + if (ret != GNUTLS_E_SUCCESS) { + if (ret == GNUTLS_E_INVALID_REQUEST) + vlog.error("GnuTLS priority syntax error at: %s", err); + throw AuthFailureException("gnutls_set_priority_direct failed"); + } + } else if (anon) { + const char *err; + +#if GNUTLS_VERSION_NUMBER >= 0x030603 + ret = gnutls_set_default_priority_append(session, kx_anon_priority, &err, 0); + if (ret != GNUTLS_E_SUCCESS) { + if (ret == GNUTLS_E_INVALID_REQUEST) + vlog.error("GnuTLS priority syntax error at: %s", err); + throw AuthFailureException("gnutls_set_default_priority_append failed"); + } +#else + // We don't know what the system default priority is, so we guess + // it's what upstream GnuTLS has + static const char gnutls_default_priority[] = "NORMAL"; + char *prio; + + prio = (char*)malloc(strlen(gnutls_default_priority) + + strlen(kx_anon_priority) + 1); + if (prio == NULL) + throw AuthFailureException("Not enough memory for GnuTLS priority string"); + + strcpy(prio, gnutls_default_priority); strcat(prio, kx_anon_priority); - ret = gnutls_priority_set_direct(session, prio, &err); + ret = gnutls_priority_set_direct(session, prio, &err); - free(prio); + free(prio); - if (ret != GNUTLS_E_SUCCESS) { - if (ret == GNUTLS_E_INVALID_REQUEST) - vlog.error("GnuTLS priority syntax error at: %s", err); - throw AuthFailureException("gnutls_set_priority_direct failed"); + if (ret != GNUTLS_E_SUCCESS) { + if (ret == GNUTLS_E_INVALID_REQUEST) + vlog.error("GnuTLS priority syntax error at: %s", err); + throw AuthFailureException("gnutls_set_priority_direct failed"); + } +#endif } #if defined (SSECURITYTLS__USE_DEPRECATED_DH) |