diff options
author | Pierre Ossman <ossman@cendio.se> | 2024-08-07 09:49:22 +0200 |
---|---|---|
committer | Pierre Ossman <ossman@cendio.se> | 2024-08-07 11:02:17 +0200 |
commit | b4363357f5dbba6ced0faa32e47c19047698e8bd (patch) | |
tree | de2633c23472d67ef5cf61569494481f9a158d9b /common/rfb | |
parent | 948be98f5210673a809fb8cc1b3b264b0efc1244 (diff) | |
download | tigervnc-b4363357f5dbba6ced0faa32e47c19047698e8bd.tar.gz tigervnc-b4363357f5dbba6ced0faa32e47c19047698e8bd.zip |
Correctly handle cancelled authentication
We should not be throwing up error messages, or asking to reconnect, if
the user has actively cancelled the authentication attempt.
Diffstat (limited to 'common/rfb')
-rw-r--r-- | common/rfb/CSecurityTLS.cxx | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx index 8d8b58fd..f9775215 100644 --- a/common/rfb/CSecurityTLS.cxx +++ b/common/rfb/CSecurityTLS.cxx @@ -444,7 +444,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Unknown certificate issuer", text.c_str())) - throw AuthFailureException("Unknown certificate issuer"); + throw AuthCancelledException(); status &= ~(GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND | @@ -465,7 +465,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Certificate is not yet valid", text.c_str())) - throw AuthFailureException("Certificate is not yet valid"); + throw AuthCancelledException(); status &= ~GNUTLS_CERT_NOT_ACTIVATED; } @@ -484,7 +484,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Expired certificate", text.c_str())) - throw AuthFailureException("Expired certificate"); + throw AuthCancelledException(); status &= ~GNUTLS_CERT_EXPIRED; } @@ -503,7 +503,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Insecure certificate algorithm", text.c_str())) - throw AuthFailureException("Insecure certificate algorithm"); + throw AuthCancelledException(); status &= ~GNUTLS_CERT_INSECURE_ALGORITHM; } @@ -528,7 +528,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Certificate hostname mismatch", text.c_str())) - throw AuthFailureException("Certificate hostname mismatch"); + throw AuthCancelledException(); } } else if (err == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) { std::string text; @@ -554,7 +554,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Unexpected server certificate", text.c_str())) - throw AuthFailureException("Unexpected server certificate"); + throw AuthCancelledException(); status &= ~(GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND | @@ -577,7 +577,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Unexpected server certificate", text.c_str())) - throw AuthFailureException("Unexpected server certificate"); + throw AuthCancelledException(); status &= ~GNUTLS_CERT_NOT_ACTIVATED; } @@ -598,7 +598,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Unexpected server certificate", text.c_str())) - throw AuthFailureException("Unexpected server certificate"); + throw AuthCancelledException(); status &= ~GNUTLS_CERT_EXPIRED; } @@ -619,7 +619,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Unexpected server certificate", text.c_str())) - throw AuthFailureException("Unexpected server certificate"); + throw AuthCancelledException(); status &= ~GNUTLS_CERT_INSECURE_ALGORITHM; } @@ -646,7 +646,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Unexpected server certificate", text.c_str())) - throw AuthFailureException("Unexpected server certificate"); + throw AuthCancelledException(); } } |