aboutsummaryrefslogtreecommitdiffstats
path: root/common/rfb/SSecurityTLS.cxx
Commit message (Collapse)AuthorAgeFilesLines
* Use StringParameters directlyPierre Ossman2023-02-041-7/+1
| | | | | We don't need to make extra copies of the string in most cases, so let's simplify the code and access the string directly when we can.
* Fix priority string when using newer GnuTLSJan Grulich2021-07-161-1/+3
| | | | | The call of gnutls_set_default_priority_append() expects a normal priority string, which means it must not start with ':'.
* Merge branch 'utilize-system-wide-crypto' of https://github.com/grulja/tigervncPierre Ossman2021-07-141-14/+52
|\
| * Utilize system-wide crypto policiesJan Grulich2021-07-141-14/+52
| |
* | Use RFC7919-2048 group in GnuTLS for FIPS compliance.JASON SIKES2021-06-121-4/+32
| |
* | Don't wait for TLS close responsePierre Ossman2021-06-111-1/+3
| | | | | | | | | | Our current architecture doesn't support waiting for a response here, so don't even try or we'll just get an error.
* | Handle GnuTLS shutdown on dead sessionPierre Ossman2021-06-111-4/+5
|/ | | | | The session might have died, or failed to initialise properly, so be prepared for gnutls_bye() to be unable to do its job.
* Log TLS handshake resultPierre Ossman2018-10-091-1/+2
| | | | | Makes it easier to debug TLS issues, and to see the effect of altering the priority string.
* Restore original streams when terminating TLSPierre Ossman2018-09-211-1/+11
| | | | | | In theory we could return to communicate without TLS after a shutdown. It also makes sure the connection object isn't left completely without streams.
* Delete TLS streams before deleting the sessionPierre Ossman2018-09-211-16/+19
| | | | | | The streams depend on the session and can crash the program if they are removed in the wrong order. Do a general cleanup of the life time management of the streams.
* Strongly bind security objects to connection objectPierre Ossman2018-09-211-4/+4
| | | | | There is already an implicit connection between them, so let's make it explicit. This allows easy lookup outside of the processMsg() function.
* avoid putting more includes in headers than necessaryBrian P. Hinz2017-11-151-0/+1
|
* Move gnutls functions into SSecurityTLSBrian P. Hinz2017-11-141-3/+10
|
* Proper global init/deinit of GnuTLSPierre Ossman2016-08-231-15/+5
| | | | | | These are reference counted so it is important to retain symmetry between the calls. Failure to do so will result in bad memory access and crashes.
* Add parameter to override GnuTLS priorityPierre Ossman2015-01-291-5/+17
|
* Raise GnuTLS requirements to 3.xPierre Ossman2015-01-291-8/+15
| | | | | | This allows us to simplify things by getting rid of some old compatibility code. People should really be using current versions of GnuTLS anyway to stay secure.
* Remove verbose TLS loggingPierre Ossman2014-10-281-13/+0
| | | | | We don't even log this much for RFB protocol stuff, and it makes it very annoying to run with full debugging on.
* Correct naming convention for some parametersPierre Ossman2014-09-171-2/+2
|
* Refactor the TLS code so that the push/pull functions are aware of theirPierre Ossman2012-07-031-8/+9
| | | | | | | containing stream object. This is in preparation for supporting GnuTLS 3.x. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4921 3789f03b-4d11-0410-bbf8-ca57d06f2519
* Fix unsafe usage of the logging functions.Pierre Ossman2012-04-261-1/+1
| | | | git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4905 3789f03b-4d11-0410-bbf8-ca57d06f2519
* [Bugfix] Register GNUTLS debug routines only when we actually need them.Adam Tkac2011-02-181-7/+6
| | | | git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4295 3789f03b-4d11-0410-bbf8-ca57d06f2519
* [Bugfix] Check return codes from gnutls library every time.Adam Tkac2010-08-111-1/+3
| | | | git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4120 3789f03b-4d11-0410-bbf8-ca57d06f2519
* [Development] Rename SSecurityTLSBase source/class to SSecurityTLS.Adam Tkac2010-07-211-0/+224
| | | | git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4108 3789f03b-4d11-0410-bbf8-ca57d06f2519
* [Cleanup] Merge SSecurityTLS and SSecurityX509 classes into SSecurityTLSBase ↵Adam Tkac2010-07-211-83/+0
| | | | | | class. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4107 3789f03b-4d11-0410-bbf8-ca57d06f2519
* [Bugfix] Compile VeNCrypt extension only when gnutls is enabled and available.Adam Tkac2010-04-281-2/+3
| | | | git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4049 3789f03b-4d11-0410-bbf8-ca57d06f2519
* [Development] Implement VeNCrypt security type on server side. Currently onlyAdam Tkac2010-04-231-0/+82
TLSNone and TLSVnc VeNCrypt subtypes are implemented. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4045 3789f03b-4d11-0410-bbf8-ca57d06f2519