diff options
author | Pierre Ossman <ossman@cendio.se> | 2017-09-01 11:15:31 +0200 |
---|---|---|
committer | Pierre Ossman <ossman@cendio.se> | 2017-09-01 11:15:31 +0200 |
commit | e43e5e30517498ec070b568a7d91edb942779d63 (patch) | |
tree | 046f2ab90b19eabd0488f2b831f52a0815065206 /common/rfb | |
parent | daf3d88aa1b554c5d6d41116c51517d30cb7c4b7 (diff) | |
download | tigervnc-e43e5e30517498ec070b568a7d91edb942779d63.tar.gz tigervnc-e43e5e30517498ec070b568a7d91edb942779d63.zip |
Add better error message for insecure certificate algorithms
Diffstat (limited to 'common/rfb')
-rw-r--r-- | common/rfb/CSecurityTLS.cxx | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx index 8a053e3d..58423fbf 100644 --- a/common/rfb/CSecurityTLS.cxx +++ b/common/rfb/CSecurityTLS.cxx @@ -332,6 +332,9 @@ void CSecurityTLS::checkSession() if (status & GNUTLS_CERT_SIGNER_NOT_CA) vlog.debug("server cert signer not CA"); + if (status & GNUTLS_CERT_INSECURE_ALGORITHM) + throw AuthFailureException("The server certificate uses an insecure algorithm"); + if ((status & (~allowed_errors)) != 0) { /* No other errors are allowed */ vlog.debug("GNUTLS status of certificate verification: %u", status); |