From 58a0abcb587201880a2b7d3d171b4e8bcde09bd1 Mon Sep 17 00:00:00 2001 From: Lukasz Czechowski Date: Tue, 21 May 2024 15:58:30 +0200 Subject: [PATCH] vnc: Allow to disable Transport Layer Security Some VNC clients, i.e. noVNC, do not support TLS encryption. Add new argument "--disable-transport-layer-security" to explicitly disable activation of TLS. This will allow to extend VNC clients compatibility. Signed-off-by: Lukasz Czechowski --- frontend/main.c | 2 + include/libweston/backend-vnc.h | 1 + libweston/backend-vnc/vnc.c | 72 +++++++++++++++++++-------------- 3 files changed, 44 insertions(+), 31 deletions(-) diff --git a/frontend/main.c b/frontend/main.c index 3148dff0..3f02d1dd 100644 --- a/frontend/main.c +++ b/frontend/main.c @@ -792,6 +792,7 @@ usage(int error_code) " --port=PORT\t\tThe port to listen on\n" " --vnc-tls-cert=FILE\tThe file containing the certificate for TLS encryption\n" " --vnc-tls-key=FILE\tThe file containing the private key for TLS encryption\n" + " --disable-transport-layer-security\t\tDisable Transport Layer Security (not recommended)\n" "\n"); #endif @@ -3873,6 +3874,7 @@ load_vnc_backend(struct weston_compositor *c, { WESTON_OPTION_INTEGER, "port", 0, &config.port }, { WESTON_OPTION_STRING, "vnc-tls-cert", 0, &config.server_cert }, { WESTON_OPTION_STRING, "vnc-tls-key", 0, &config.server_key }, + { WESTON_OPTION_BOOLEAN, "disable-transport-layer-security", 0, &config.disable_tls }, }; parse_options(vnc_options, ARRAY_LENGTH(vnc_options), argc, argv); diff --git a/include/libweston/backend-vnc.h b/include/libweston/backend-vnc.h index 13f61dde..9e94949f 100644 --- a/include/libweston/backend-vnc.h +++ b/include/libweston/backend-vnc.h @@ -65,6 +65,7 @@ struct weston_vnc_backend_config { int refresh_rate; char *server_cert; char *server_key; + bool disable_tls; }; #ifdef __cplusplus diff --git a/libweston/backend-vnc/vnc.c b/libweston/backend-vnc/vnc.c index f4c08bcb..8d036e57 100644 --- a/libweston/backend-vnc/vnc.c +++ b/libweston/backend-vnc/vnc.c @@ -1226,40 +1226,50 @@ vnc_backend_create(struct weston_compositor *compositor, nvnc_set_userdata(backend->server, backend, NULL); nvnc_set_name(backend->server, "Weston VNC backend"); - if (!nvnc_has_auth()) { - weston_log("Neat VNC built without TLS support\n"); - goto err_output; - } - if (!config->server_cert && !config->server_key) { - weston_log("The VNC backend requires a key and a certificate for TLS security" - " (--vnc-tls-cert/--vnc-tls-key)\n"); - goto err_output; - } - if (!config->server_cert) { - weston_log("Missing TLS certificate (--vnc-tls-cert)\n"); - goto err_output; - } - if (!config->server_key) { - weston_log("Missing TLS key (--vnc-tls-key)\n"); - goto err_output; - } + if (!config->disable_tls) { + if (!nvnc_has_auth()) { + weston_log("Neat VNC built without TLS support\n"); + goto err_output; + } + if (!config->server_cert && !config->server_key) { + weston_log( + "The VNC backend requires a key and a " + "certificate for TLS security" + " (--vnc-tls-cert/--vnc-tls-key)\n"); + goto err_output; + } + if (!config->server_cert) { + weston_log( + "Missing TLS certificate (--vnc-tls-cert)\n"); + goto err_output; + } + if (!config->server_key) { + weston_log("Missing TLS key (--vnc-tls-key)\n"); + goto err_output; + } - ret = nvnc_set_tls_creds(backend->server, config->server_key, - config->server_cert); - if (ret) { - weston_log("Failed set TLS credentials\n"); - goto err_output; - } + ret = nvnc_set_tls_creds(backend->server, config->server_key, + config->server_cert); + if (ret) { + weston_log("Failed set TLS credentials\n"); + goto err_output; + } - ret = nvnc_enable_auth(backend->server, NVNC_AUTH_REQUIRE_AUTH | - NVNC_AUTH_REQUIRE_ENCRYPTION, vnc_handle_auth, - NULL); - if (ret) { - weston_log("Failed to enable TLS support\n"); - goto err_output; - } + ret = nvnc_enable_auth( + backend->server, + NVNC_AUTH_REQUIRE_AUTH | NVNC_AUTH_REQUIRE_ENCRYPTION, + vnc_handle_auth, NULL); + if (ret) { + weston_log("Failed to enable TLS support\n"); + goto err_output; + } - weston_log("TLS support activated\n"); + weston_log("TLS support activated\n"); + } else { + weston_log( + "warning: VNC enabled without Transport Layer " + "Security!\n"); + } ret = weston_plugin_api_register(compositor, WESTON_VNC_OUTPUT_API_NAME, &api, sizeof(api));