david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ui: ensure VNC websockets server checks the ACL if requested

Browse Source 
If the x509verify option is requested, the VNC websockets server
was failing to validate that the websockets client provided an
x509 certificate matching the ACL rules.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This commit is contained in:
Daniel P. Berrange 2015-03-17 13:43:00 +00:00 committed by Gerd Hoffmann
parent 7b45a00d05
commit 4a48aaa9f5
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ui/vnc-ws.c
View File

@ -45,6 +45,16 @@ static int vncws_start_tls_handshake(struct VncState *vs)
return -1;
}
if (vs->vd->tls.x509verify) {
if (vnc_tls_validate_certificate(vs) < 0) {
VNC_DEBUG("Client verification failed\n");
vnc_client_error(vs);
return -1;
} else {
VNC_DEBUG("Client verification passed\n");
}
}
VNC_DEBUG("Handshake done, switching to TLS data mode\n");
qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs);