vnc: Allow to disable Transport Layer Security

Some VNC clients, i.e. noVNC, do not support TLS encryption.
Add new argument "--disable-transport-layer-security" to
explicitly disable activation of TLS.
This will allow to extend VNC clients compatibility.

Signed-off-by: Lukasz Czechowski <lukasz.czechowski@thaumatec.com>

frontend/main.c

@@ -792,6 +792,7 @@ usage(int error_code)
 		"  --port=PORT\t\tThe port to listen on\n"
 		"  --vnc-tls-cert=FILE\tThe file containing the certificate for TLS encryption\n"
 		"  --vnc-tls-key=FILE\tThe file containing the private key for TLS encryption\n"
+		"  --disable-transport-layer-security\t\tDisable Transport Layer Security (not recommended)\n"
 		"\n");
 #endif
 
@@ -3873,6 +3874,7 @@ load_vnc_backend(struct weston_compositor *c,
 		{ WESTON_OPTION_INTEGER, "port", 0, &config.port },
 		{ WESTON_OPTION_STRING,  "vnc-tls-cert", 0, &config.server_cert },
 		{ WESTON_OPTION_STRING,  "vnc-tls-key", 0, &config.server_key },
+		{ WESTON_OPTION_BOOLEAN, "disable-transport-layer-security", 0, &config.disable_tls },
 	};
 
 	parse_options(vnc_options, ARRAY_LENGTH(vnc_options), argc, argv);

include/libweston/backend-vnc.h

@@ -65,6 +65,7 @@ struct weston_vnc_backend_config {
 	int refresh_rate;
 	char *server_cert;
 	char *server_key;
+	bool disable_tls;
 };
 
 #ifdef  __cplusplus

libweston/backend-vnc/vnc.c

@@ -1226,17 +1226,21 @@ vnc_backend_create(struct weston_compositor *compositor,
 	nvnc_set_userdata(backend->server, backend, NULL);
 	nvnc_set_name(backend->server, "Weston VNC backend");
 
+	if (!config->disable_tls) {
 		if (!nvnc_has_auth()) {
 			weston_log("Neat VNC built without TLS support\n");
 			goto err_output;
 		}
 		if (!config->server_cert && !config->server_key) {
-		weston_log("The VNC backend requires a key and a certificate for TLS security"
+			weston_log(
+				"The VNC backend requires a key and a "
+				"certificate for TLS security"
 				" (--vnc-tls-cert/--vnc-tls-key)\n");
 			goto err_output;
 		}
 		if (!config->server_cert) {
-		weston_log("Missing TLS certificate (--vnc-tls-cert)\n");
+			weston_log(
+				"Missing TLS certificate (--vnc-tls-cert)\n");
 			goto err_output;
 		}
 		if (!config->server_key) {
@@ -1251,15 +1255,21 @@ vnc_backend_create(struct weston_compositor *compositor,
 			goto err_output;
 		}
 
-	ret = nvnc_enable_auth(backend->server, NVNC_AUTH_REQUIRE_AUTH |
+		ret = nvnc_enable_auth(
-			       NVNC_AUTH_REQUIRE_ENCRYPTION, vnc_handle_auth,
+			backend->server,
-			       NULL);
+			NVNC_AUTH_REQUIRE_AUTH | NVNC_AUTH_REQUIRE_ENCRYPTION,
+			vnc_handle_auth, NULL);
 		if (ret) {
 			weston_log("Failed to enable TLS support\n");
 			goto err_output;
 		}
 
 		weston_log("TLS support activated\n");
+	} else {
+		weston_log(
+			"warning: VNC enabled without Transport Layer "
+			"Security!\n");
+	}
 
 	ret = weston_plugin_api_register(compositor, WESTON_VNC_OUTPUT_API_NAME,
 					 &api, sizeof(api));