aboutsummaryrefslogtreecommitdiffstats
path: root/common/rfb
diff options
context:
space:
mode:
authorPierre Ossman <ossman@cendio.se>2015-01-29 13:31:06 +0100
committerPierre Ossman <ossman@cendio.se>2015-01-29 13:31:06 +0100
commit27eb55e1975c4f558f6a53d573091e76064cc8e7 (patch)
tree55cfd339723a5b5a0ac5689d22be8bf6a94a0a80 /common/rfb
parent88c24edd8f7a793561104be50b6ecf2c85b42956 (diff)
downloadtigervnc-27eb55e1975c4f558f6a53d573091e76064cc8e7.tar.gz
tigervnc-27eb55e1975c4f558f6a53d573091e76064cc8e7.zip
Add parameter to override GnuTLS priority
Diffstat (limited to 'common/rfb')
-rw-r--r--common/rfb/CSecurityTLS.cxx37
-rw-r--r--common/rfb/SSecurityTLS.cxx22
-rw-r--r--common/rfb/Security.cxx6
-rw-r--r--common/rfb/Security.h4
4 files changed, 48 insertions, 21 deletions
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 9b29213e..3dcededb 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -201,20 +201,32 @@ bool CSecurityTLS::processMsg(CConnection* cc)
void CSecurityTLS::setParam()
{
- static const char kx_anon_priority[] = "NORMAL:+ANON-ECDH:+ANON-DH";
- static const char kx_priority[] = "NORMAL";
+ static const char kx_anon_priority[] = ":+ANON-ECDH:+ANON-DH";
int ret;
+ char *prio;
const char *err;
- if (anon) {
- ret = gnutls_priority_set_direct(session, kx_anon_priority, &err);
- if (ret != GNUTLS_E_SUCCESS) {
- if (ret == GNUTLS_E_INVALID_REQUEST)
- vlog.error("GnuTLS priority syntax error at: %s", err);
- throw AuthFailureException("gnutls_set_priority_direct failed");
- }
+ prio = (char*)malloc(strlen(Security::GnuTLSPriority) +
+ strlen(kx_anon_priority) + 1);
+ if (prio == NULL)
+ throw AuthFailureException("Not enough memory for GnuTLS priority string");
+
+ strcpy(prio, Security::GnuTLSPriority);
+ if (anon)
+ strcat(prio, kx_anon_priority);
+
+ ret = gnutls_priority_set_direct(session, prio, &err);
+
+ free(prio);
+ if (ret != GNUTLS_E_SUCCESS) {
+ if (ret == GNUTLS_E_INVALID_REQUEST)
+ vlog.error("GnuTLS priority syntax error at: %s", err);
+ throw AuthFailureException("gnutls_set_priority_direct failed");
+ }
+
+ if (anon) {
if (gnutls_anon_allocate_client_credentials(&anon_cred) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_anon_allocate_client_credentials failed");
@@ -223,13 +235,6 @@ void CSecurityTLS::setParam()
vlog.debug("Anonymous session has been set");
} else {
- ret = gnutls_priority_set_direct(session, kx_priority, &err);
- if (ret != GNUTLS_E_SUCCESS) {
- if (ret == GNUTLS_E_INVALID_REQUEST)
- vlog.error("GnuTLS priority syntax error at: %s", err);
- throw AuthFailureException("gnutls_set_priority_direct failed");
- }
-
if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_certificate_allocate_credentials failed");
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index 88145e8b..0f52d34b 100644
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -27,6 +27,8 @@
#error "This source should not be compiled without HAVE_GNUTLS defined"
#endif
+#include <stdlib.h>
+
#include <rfb/SSecurityTLS.h>
#include <rfb/SConnection.h>
#include <rfb/LogWriter.h>
@@ -166,15 +168,25 @@ bool SSecurityTLS::processMsg(SConnection *sc)
void SSecurityTLS::setParams(gnutls_session_t session)
{
- static const char kx_anon_priority[] = "NORMAL:+ANON-ECDH:+ANON-DH";
- static const char kx_priority[] = "NORMAL";
+ static const char kx_anon_priority[] = ":+ANON-ECDH:+ANON-DH";
int ret;
+ char *prio;
const char *err;
- ret = gnutls_priority_set_direct(session,
- anon ? kx_anon_priority : kx_priority,
- &err);
+ prio = (char*)malloc(strlen(Security::GnuTLSPriority) +
+ strlen(kx_anon_priority) + 1);
+ if (prio == NULL)
+ throw AuthFailureException("Not enough memory for GnuTLS priority string");
+
+ strcpy(prio, Security::GnuTLSPriority);
+ if (anon)
+ strcat(prio, kx_anon_priority);
+
+ ret = gnutls_priority_set_direct(session, prio, &err);
+
+ free(prio);
+
if (ret != GNUTLS_E_SUCCESS) {
if (ret == GNUTLS_E_INVALID_REQUEST)
vlog.error("GnuTLS priority syntax error at: %s", err);
diff --git a/common/rfb/Security.cxx b/common/rfb/Security.cxx
index 62ea50e6..e623ab54 100644
--- a/common/rfb/Security.cxx
+++ b/common/rfb/Security.cxx
@@ -49,6 +49,12 @@ using namespace std;
static LogWriter vlog("Security");
+#ifdef HAVE_GNUTLS
+StringParameter Security::GnuTLSPriority("GnuTLSPriority",
+ "GnuTLS priority string that controls the TLS session’s handshake algorithms",
+ "NORMAL");
+#endif
+
Security::Security()
{
}
diff --git a/common/rfb/Security.h b/common/rfb/Security.h
index 85bc325a..c1bc9224 100644
--- a/common/rfb/Security.h
+++ b/common/rfb/Security.h
@@ -93,6 +93,10 @@ namespace rfb {
/* Output char* is stored in static array */
char *ToString(void);
+#ifdef HAVE_GNUTLS
+ static StringParameter GnuTLSPriority;
+#endif
+
private:
std::list<rdr::U32> enabledSecTypes;
};