vnc: Allow to disable Transport Layer Security

Some VNC clients, i.e. noVNC, do not support TLS encryption. Add new argument "--disable-transport-layer-security" to explicitly disable activation of TLS. This will allow to extend VNC clients compatibility. Signed-off-by: Lukasz Czechowski <lukasz.czechowski@thaumatec.com>
2024-05-21 15:58:30 +02:00 · 2024-05-21 15:58:30 +02:00 · 58a0abcb58
parent 89f3a8a71e
commit 58a0abcb58
3 changed files with 44 additions and 31 deletions
--- a/frontend/main.c
+++ b/frontend/main.c
@ -792,6 +792,7 @@ usage(int error_code)
 		"  --port=PORT\t\tThe port to listen on\n"
 		"  --vnc-tls-cert=FILE\tThe file containing the certificate for TLS encryption\n"
 		"  --vnc-tls-key=FILE\tThe file containing the private key for TLS encryption\n"
 		"  --disable-transport-layer-security\t\tDisable Transport Layer Security (not recommended)\n"
 		"\n");
 #endif
@ -3873,6 +3874,7 @@ load_vnc_backend(struct weston_compositor *c,
 		{ WESTON_OPTION_INTEGER, "port", 0, &config.port },
 		{ WESTON_OPTION_STRING,  "vnc-tls-cert", 0, &config.server_cert },
 		{ WESTON_OPTION_STRING,  "vnc-tls-key", 0, &config.server_key },
 		{ WESTON_OPTION_BOOLEAN, "disable-transport-layer-security", 0, &config.disable_tls },
 	};
 	parse_options(vnc_options, ARRAY_LENGTH(vnc_options), argc, argv);
--- a/include/libweston/backend-vnc.h
+++ b/include/libweston/backend-vnc.h
@ -65,6 +65,7 @@ struct weston_vnc_backend_config {
 	int refresh_rate;
 	char *server_cert;
 	char *server_key;
 	bool disable_tls;
 };
 #ifdef  __cplusplus
--- a/libweston/backend-vnc/vnc.c
+++ b/libweston/backend-vnc/vnc.c
@ -1226,40 +1226,50 @@ vnc_backend_create(struct weston_compositor *compositor,
 	nvnc_set_userdata(backend->server, backend, NULL);
 	nvnc_set_name(backend->server, "Weston VNC backend");
-	if (!nvnc_has_auth()) {
+	if (!config->disable_tls) {
-		weston_log("Neat VNC built without TLS support\n");
+		if (!nvnc_has_auth()) {
-		goto err_output;
+			weston_log("Neat VNC built without TLS support\n");
-	}
+			goto err_output;
-	if (!config->server_cert && !config->server_key) {
+		}
-		weston_log("The VNC backend requires a key and a certificate for TLS security"
+		if (!config->server_cert && !config->server_key) {
-			   " (--vnc-tls-cert/--vnc-tls-key)\n");
+			weston_log(
-		goto err_output;
+				"The VNC backend requires a key and a "
-	}
+				"certificate for TLS security"
-	if (!config->server_cert) {
+				" (--vnc-tls-cert/--vnc-tls-key)\n");
-		weston_log("Missing TLS certificate (--vnc-tls-cert)\n");
+			goto err_output;
-		goto err_output;
+		}
-	}
+		if (!config->server_cert) {
-	if (!config->server_key) {
+			weston_log(
-		weston_log("Missing TLS key (--vnc-tls-key)\n");
+				"Missing TLS certificate (--vnc-tls-cert)\n");
-		goto err_output;
+			goto err_output;
-	}
+		}
 		if (!config->server_key) {
 			weston_log("Missing TLS key (--vnc-tls-key)\n");
 			goto err_output;
 		}
-	ret = nvnc_set_tls_creds(backend->server, config->server_key,
+		ret = nvnc_set_tls_creds(backend->server, config->server_key,
-				 config->server_cert);
+					 config->server_cert);
-	if (ret) {
+		if (ret) {
-		weston_log("Failed set TLS credentials\n");
+			weston_log("Failed set TLS credentials\n");
-		goto err_output;
+			goto err_output;
-	}
+		}
-	ret = nvnc_enable_auth(backend->server, NVNC_AUTH_REQUIRE_AUTH |
+		ret = nvnc_enable_auth(
-			       NVNC_AUTH_REQUIRE_ENCRYPTION, vnc_handle_auth,
+			backend->server,
-			       NULL);
+			NVNC_AUTH_REQUIRE_AUTH | NVNC_AUTH_REQUIRE_ENCRYPTION,
-	if (ret) {
+			vnc_handle_auth, NULL);
-		weston_log("Failed to enable TLS support\n");
+		if (ret) {
-		goto err_output;
+			weston_log("Failed to enable TLS support\n");
-	}
+			goto err_output;
 		}
-	weston_log("TLS support activated\n");
+		weston_log("TLS support activated\n");
 	} else {
 		weston_log(
 			"warning: VNC enabled without Transport Layer "
 			"Security!\n");
 	}
 	ret = weston_plugin_api_register(compositor, WESTON_VNC_OUTPUT_API_NAME,
 					 &api, sizeof(api));