mirrors
/
weston
mirror of https://gitlab.freedesktop.org/wayland/weston.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

vnc: Allow to disable Transport Layer Security 

Some VNC clients, i.e. noVNC, do not support TLS encryption.
Add new argument "--disable-transport-layer-security" to
explicitly disable activation of TLS.
This will allow to extend VNC clients compatibility.

Signed-off-by: Lukasz Czechowski <lukasz.czechowski@thaumatec.com>
This commit is contained in:
Lukasz Czechowski 2024-05-21 15:58:30 +02:00 committed by Marius Vlad
parent 89f3a8a71e
commit 58a0abcb58
3 changed files with 44 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
frontend/main.c
View File

@ -792,6 +792,7 @@ usage(int error_code)
" --port=PORT\t\tThe port to listen on\n"
" --vnc-tls-cert=FILE\tThe file containing the certificate for TLS encryption\n"
" --vnc-tls-key=FILE\tThe file containing the private key for TLS encryption\n"
" --disable-transport-layer-security\t\tDisable Transport Layer Security (not recommended)\n"
"\n");
#endif
@ -3873,6 +3874,7 @@ load_vnc_backend(struct weston_compositor *c,
{ WESTON_OPTION_INTEGER, "port", 0, &config.port },
{ WESTON_OPTION_STRING, "vnc-tls-cert", 0, &config.server_cert },
{ WESTON_OPTION_STRING, "vnc-tls-key", 0, &config.server_key },
{ WESTON_OPTION_BOOLEAN, "disable-transport-layer-security", 0, &config.disable_tls },
};
parse_options(vnc_options, ARRAY_LENGTH(vnc_options), argc, argv);

1
include/libweston/backend-vnc.h
View File

@ -65,6 +65,7 @@ struct weston_vnc_backend_config {
int refresh_rate;
char *server_cert;
char *server_key;
bool disable_tls;
};
#ifdef __cplusplus

72
libweston/backend-vnc/vnc.c
View File

@ -1226,40 +1226,50 @@ vnc_backend_create(struct weston_compositor *compositor,
nvnc_set_userdata(backend->server, backend, NULL);
nvnc_set_name(backend->server, "Weston VNC backend");
if (!nvnc_has_auth()) {
weston_log("Neat VNC built without TLS support\n");
goto err_output;
}
if (!config->server_cert && !config->server_key) {
weston_log("The VNC backend requires a key and a certificate for TLS security"
" (--vnc-tls-cert/--vnc-tls-key)\n");
goto err_output;
}
if (!config->server_cert) {
weston_log("Missing TLS certificate (--vnc-tls-cert)\n");
goto err_output;
}
if (!config->server_key) {
weston_log("Missing TLS key (--vnc-tls-key)\n");
goto err_output;
}
if (!config->disable_tls) {
if (!nvnc_has_auth()) {
weston_log("Neat VNC built without TLS support\n");
goto err_output;
}
if (!config->server_cert && !config->server_key) {
weston_log(
"The VNC backend requires a key and a "
"certificate for TLS security"
" (--vnc-tls-cert/--vnc-tls-key)\n");
goto err_output;
}
if (!config->server_cert) {
weston_log(
"Missing TLS certificate (--vnc-tls-cert)\n");
goto err_output;
}
if (!config->server_key) {
weston_log("Missing TLS key (--vnc-tls-key)\n");
goto err_output;
}
ret = nvnc_set_tls_creds(backend->server, config->server_key,
config->server_cert);
if (ret) {
weston_log("Failed set TLS credentials\n");
goto err_output;
}
ret = nvnc_set_tls_creds(backend->server, config->server_key,
config->server_cert);
if (ret) {
weston_log("Failed set TLS credentials\n");
goto err_output;
}
ret = nvnc_enable_auth(backend->server, NVNC_AUTH_REQUIRE_AUTH |
NVNC_AUTH_REQUIRE_ENCRYPTION, vnc_handle_auth,
NULL);
if (ret) {
weston_log("Failed to enable TLS support\n");
goto err_output;
}
ret = nvnc_enable_auth(
backend->server,
NVNC_AUTH_REQUIRE_AUTH | NVNC_AUTH_REQUIRE_ENCRYPTION,
vnc_handle_auth, NULL);
if (ret) {
weston_log("Failed to enable TLS support\n");
goto err_output;
}
weston_log("TLS support activated\n");
weston_log("TLS support activated\n");
} else {
weston_log(
"warning: VNC enabled without Transport Layer "
"Security!\n");
}
ret = weston_plugin_api_register(compositor, WESTON_VNC_OUTPUT_API_NAME,
&api, sizeof(api));