aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--common/rfb/CSecurityTLS.cxx27
-rw-r--r--common/rfb/SSecurityTLS.cxx15
2 files changed, 20 insertions, 22 deletions
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index eff215ab..6eeb6a84 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -333,11 +333,12 @@ void CSecurityTLS::checkSession()
if (fatal_status != 0) {
std::string error;
- if (gnutls_certificate_verification_status_print(fatal_status,
- GNUTLS_CRT_X509,
- &status_str,
- 0) < 0)
- throw Exception("Failed to get certificate error description");
+ err = gnutls_certificate_verification_status_print(fatal_status,
+ GNUTLS_CRT_X509,
+ &status_str,
+ 0);
+ if (err != GNUTLS_E_SUCCESS)
+ throw rdr::TLSException("Failed to get certificate error description", err);
error = (const char*)status_str.data;
@@ -346,11 +347,12 @@ void CSecurityTLS::checkSession()
throw Exception("Invalid server certificate: %s", error.c_str());
}
- if (gnutls_certificate_verification_status_print(status,
- GNUTLS_CRT_X509,
- &status_str,
- 0) < 0)
- throw Exception("Failed to get certificate error description");
+ err = gnutls_certificate_verification_status_print(status,
+ GNUTLS_CRT_X509,
+ &status_str,
+ 0);
+ if (err != GNUTLS_E_SUCCESS)
+ throw rdr::TLSException("Failed to get certificate error description", err);
vlog.info("Server certificate errors: %s", status_str.data);
@@ -367,8 +369,9 @@ void CSecurityTLS::checkSession()
gnutls_x509_crt_t crt;
gnutls_x509_crt_init(&crt);
- if (gnutls_x509_crt_import(crt, &cert_list[0], GNUTLS_X509_FMT_DER) < 0)
- throw Exception("decoding of certificate failed");
+ err = gnutls_x509_crt_import(crt, &cert_list[0], GNUTLS_X509_FMT_DER);
+ if (err != GNUTLS_E_SUCCESS)
+ throw rdr::TLSException("Failed to decode server certificate", err);
if (gnutls_x509_crt_check_hostname(crt, client->getServerName()) == 0) {
vlog.info("Server certificate doesn't match given server name");
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index 67dced6c..465126eb 100644
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -299,16 +299,11 @@ void SSecurityTLS::setParams()
gnutls_certificate_set_dh_params(cert_cred, dh_params);
#endif
- switch (gnutls_certificate_set_x509_key_file(cert_cred, X509_CertFile, X509_KeyFile, GNUTLS_X509_FMT_PEM)) {
- case GNUTLS_E_SUCCESS:
- break;
- case GNUTLS_E_CERTIFICATE_KEY_MISMATCH:
- throw Exception("Private key does not match certificate");
- case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:
- throw Exception("Unsupported certificate type");
- default:
- throw Exception("Error loading X509 certificate or key");
- }
+ ret = gnutls_certificate_set_x509_key_file(cert_cred, X509_CertFile,
+ X509_KeyFile,
+ GNUTLS_X509_FMT_PEM);
+ if (ret != GNUTLS_E_SUCCESS)
+ throw rdr::TLSException("Failed to load certificate and key", ret);
ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred);
if (ret != GNUTLS_E_SUCCESS)