aboutsummaryrefslogtreecommitdiffstats
path: root/common/rfb
diff options
context:
space:
mode:
authorPierre Ossman <ossman@cendio.se>2017-09-01 11:15:31 +0200
committerPierre Ossman <ossman@cendio.se>2017-09-01 11:15:31 +0200
commite43e5e30517498ec070b568a7d91edb942779d63 (patch)
tree046f2ab90b19eabd0488f2b831f52a0815065206 /common/rfb
parentdaf3d88aa1b554c5d6d41116c51517d30cb7c4b7 (diff)
downloadtigervnc-e43e5e30517498ec070b568a7d91edb942779d63.tar.gz
tigervnc-e43e5e30517498ec070b568a7d91edb942779d63.zip
Add better error message for insecure certificate algorithms
Diffstat (limited to 'common/rfb')
-rw-r--r--common/rfb/CSecurityTLS.cxx3
1 files changed, 3 insertions, 0 deletions
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 8a053e3d..58423fbf 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -332,6 +332,9 @@ void CSecurityTLS::checkSession()
if (status & GNUTLS_CERT_SIGNER_NOT_CA)
vlog.debug("server cert signer not CA");
+ if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
+ throw AuthFailureException("The server certificate uses an insecure algorithm");
+
if ((status & (~allowed_errors)) != 0) {
/* No other errors are allowed */
vlog.debug("GNUTLS status of certificate verification: %u", status);