From b4363357f5dbba6ced0faa32e47c19047698e8bd Mon Sep 17 00:00:00 2001 From: Pierre Ossman Date: Wed, 7 Aug 2024 09:49:22 +0200 Subject: Correctly handle cancelled authentication We should not be throwing up error messages, or asking to reconnect, if the user has actively cancelled the authentication attempt. --- common/rfb/CSecurityTLS.cxx | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'common/rfb') diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx index 8d8b58fd..f9775215 100644 --- a/common/rfb/CSecurityTLS.cxx +++ b/common/rfb/CSecurityTLS.cxx @@ -444,7 +444,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Unknown certificate issuer", text.c_str())) - throw AuthFailureException("Unknown certificate issuer"); + throw AuthCancelledException(); status &= ~(GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND | @@ -465,7 +465,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Certificate is not yet valid", text.c_str())) - throw AuthFailureException("Certificate is not yet valid"); + throw AuthCancelledException(); status &= ~GNUTLS_CERT_NOT_ACTIVATED; } @@ -484,7 +484,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Expired certificate", text.c_str())) - throw AuthFailureException("Expired certificate"); + throw AuthCancelledException(); status &= ~GNUTLS_CERT_EXPIRED; } @@ -503,7 +503,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Insecure certificate algorithm", text.c_str())) - throw AuthFailureException("Insecure certificate algorithm"); + throw AuthCancelledException(); status &= ~GNUTLS_CERT_INSECURE_ALGORITHM; } @@ -528,7 +528,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Certificate hostname mismatch", text.c_str())) - throw AuthFailureException("Certificate hostname mismatch"); + throw AuthCancelledException(); } } else if (err == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) { std::string text; @@ -554,7 +554,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Unexpected server certificate", text.c_str())) - throw AuthFailureException("Unexpected server certificate"); + throw AuthCancelledException(); status &= ~(GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND | @@ -577,7 +577,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Unexpected server certificate", text.c_str())) - throw AuthFailureException("Unexpected server certificate"); + throw AuthCancelledException(); status &= ~GNUTLS_CERT_NOT_ACTIVATED; } @@ -598,7 +598,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Unexpected server certificate", text.c_str())) - throw AuthFailureException("Unexpected server certificate"); + throw AuthCancelledException(); status &= ~GNUTLS_CERT_EXPIRED; } @@ -619,7 +619,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Unexpected server certificate", text.c_str())) - throw AuthFailureException("Unexpected server certificate"); + throw AuthCancelledException(); status &= ~GNUTLS_CERT_INSECURE_ALGORITHM; } @@ -646,7 +646,7 @@ void CSecurityTLS::checkSession() if (!msg->showMsgBox(UserMsgBox::M_YESNO, "Unexpected server certificate", text.c_str())) - throw AuthFailureException("Unexpected server certificate"); + throw AuthCancelledException(); } } -- cgit v1.2.3