aboutsummaryrefslogtreecommitdiffstats
path: root/common/rfb
diff options
context:
space:
mode:
authorPierre Ossman <ossman@cendio.se>2024-08-07 09:49:22 +0200
committerPierre Ossman <ossman@cendio.se>2024-08-07 11:02:17 +0200
commitb4363357f5dbba6ced0faa32e47c19047698e8bd (patch)
treede2633c23472d67ef5cf61569494481f9a158d9b /common/rfb
parent948be98f5210673a809fb8cc1b3b264b0efc1244 (diff)
downloadtigervnc-b4363357f5dbba6ced0faa32e47c19047698e8bd.tar.gz
tigervnc-b4363357f5dbba6ced0faa32e47c19047698e8bd.zip
Correctly handle cancelled authentication
We should not be throwing up error messages, or asking to reconnect, if the user has actively cancelled the authentication attempt.
Diffstat (limited to 'common/rfb')
-rw-r--r--common/rfb/CSecurityTLS.cxx20
1 files changed, 10 insertions, 10 deletions
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 8d8b58fd..f9775215 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -444,7 +444,7 @@ void CSecurityTLS::checkSession()
if (!msg->showMsgBox(UserMsgBox::M_YESNO,
"Unknown certificate issuer",
text.c_str()))
- throw AuthFailureException("Unknown certificate issuer");
+ throw AuthCancelledException();
status &= ~(GNUTLS_CERT_INVALID |
GNUTLS_CERT_SIGNER_NOT_FOUND |
@@ -465,7 +465,7 @@ void CSecurityTLS::checkSession()
if (!msg->showMsgBox(UserMsgBox::M_YESNO,
"Certificate is not yet valid",
text.c_str()))
- throw AuthFailureException("Certificate is not yet valid");
+ throw AuthCancelledException();
status &= ~GNUTLS_CERT_NOT_ACTIVATED;
}
@@ -484,7 +484,7 @@ void CSecurityTLS::checkSession()
if (!msg->showMsgBox(UserMsgBox::M_YESNO,
"Expired certificate",
text.c_str()))
- throw AuthFailureException("Expired certificate");
+ throw AuthCancelledException();
status &= ~GNUTLS_CERT_EXPIRED;
}
@@ -503,7 +503,7 @@ void CSecurityTLS::checkSession()
if (!msg->showMsgBox(UserMsgBox::M_YESNO,
"Insecure certificate algorithm",
text.c_str()))
- throw AuthFailureException("Insecure certificate algorithm");
+ throw AuthCancelledException();
status &= ~GNUTLS_CERT_INSECURE_ALGORITHM;
}
@@ -528,7 +528,7 @@ void CSecurityTLS::checkSession()
if (!msg->showMsgBox(UserMsgBox::M_YESNO,
"Certificate hostname mismatch",
text.c_str()))
- throw AuthFailureException("Certificate hostname mismatch");
+ throw AuthCancelledException();
}
} else if (err == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) {
std::string text;
@@ -554,7 +554,7 @@ void CSecurityTLS::checkSession()
if (!msg->showMsgBox(UserMsgBox::M_YESNO,
"Unexpected server certificate",
text.c_str()))
- throw AuthFailureException("Unexpected server certificate");
+ throw AuthCancelledException();
status &= ~(GNUTLS_CERT_INVALID |
GNUTLS_CERT_SIGNER_NOT_FOUND |
@@ -577,7 +577,7 @@ void CSecurityTLS::checkSession()
if (!msg->showMsgBox(UserMsgBox::M_YESNO,
"Unexpected server certificate",
text.c_str()))
- throw AuthFailureException("Unexpected server certificate");
+ throw AuthCancelledException();
status &= ~GNUTLS_CERT_NOT_ACTIVATED;
}
@@ -598,7 +598,7 @@ void CSecurityTLS::checkSession()
if (!msg->showMsgBox(UserMsgBox::M_YESNO,
"Unexpected server certificate",
text.c_str()))
- throw AuthFailureException("Unexpected server certificate");
+ throw AuthCancelledException();
status &= ~GNUTLS_CERT_EXPIRED;
}
@@ -619,7 +619,7 @@ void CSecurityTLS::checkSession()
if (!msg->showMsgBox(UserMsgBox::M_YESNO,
"Unexpected server certificate",
text.c_str()))
- throw AuthFailureException("Unexpected server certificate");
+ throw AuthCancelledException();
status &= ~GNUTLS_CERT_INSECURE_ALGORITHM;
}
@@ -646,7 +646,7 @@ void CSecurityTLS::checkSession()
if (!msg->showMsgBox(UserMsgBox::M_YESNO,
"Unexpected server certificate",
text.c_str()))
- throw AuthFailureException("Unexpected server certificate");
+ throw AuthCancelledException();
}
}