vnc: Allow to disable Transport Layer Security
Some VNC clients, i.e. noVNC, do not support TLS encryption. Add new argument "--disable-transport-layer-security" to explicitly disable activation of TLS. This will allow to extend VNC clients compatibility. Signed-off-by: Lukasz Czechowski <lukasz.czechowski@thaumatec.com>
This commit is contained in:
parent
89f3a8a71e
commit
58a0abcb58
|
@ -792,6 +792,7 @@ usage(int error_code)
|
|||
" --port=PORT\t\tThe port to listen on\n"
|
||||
" --vnc-tls-cert=FILE\tThe file containing the certificate for TLS encryption\n"
|
||||
" --vnc-tls-key=FILE\tThe file containing the private key for TLS encryption\n"
|
||||
" --disable-transport-layer-security\t\tDisable Transport Layer Security (not recommended)\n"
|
||||
"\n");
|
||||
#endif
|
||||
|
||||
|
@ -3873,6 +3874,7 @@ load_vnc_backend(struct weston_compositor *c,
|
|||
{ WESTON_OPTION_INTEGER, "port", 0, &config.port },
|
||||
{ WESTON_OPTION_STRING, "vnc-tls-cert", 0, &config.server_cert },
|
||||
{ WESTON_OPTION_STRING, "vnc-tls-key", 0, &config.server_key },
|
||||
{ WESTON_OPTION_BOOLEAN, "disable-transport-layer-security", 0, &config.disable_tls },
|
||||
};
|
||||
|
||||
parse_options(vnc_options, ARRAY_LENGTH(vnc_options), argc, argv);
|
||||
|
|
|
@ -65,6 +65,7 @@ struct weston_vnc_backend_config {
|
|||
int refresh_rate;
|
||||
char *server_cert;
|
||||
char *server_key;
|
||||
bool disable_tls;
|
||||
};
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
@ -1226,40 +1226,50 @@ vnc_backend_create(struct weston_compositor *compositor,
|
|||
nvnc_set_userdata(backend->server, backend, NULL);
|
||||
nvnc_set_name(backend->server, "Weston VNC backend");
|
||||
|
||||
if (!nvnc_has_auth()) {
|
||||
weston_log("Neat VNC built without TLS support\n");
|
||||
goto err_output;
|
||||
}
|
||||
if (!config->server_cert && !config->server_key) {
|
||||
weston_log("The VNC backend requires a key and a certificate for TLS security"
|
||||
" (--vnc-tls-cert/--vnc-tls-key)\n");
|
||||
goto err_output;
|
||||
}
|
||||
if (!config->server_cert) {
|
||||
weston_log("Missing TLS certificate (--vnc-tls-cert)\n");
|
||||
goto err_output;
|
||||
}
|
||||
if (!config->server_key) {
|
||||
weston_log("Missing TLS key (--vnc-tls-key)\n");
|
||||
goto err_output;
|
||||
}
|
||||
if (!config->disable_tls) {
|
||||
if (!nvnc_has_auth()) {
|
||||
weston_log("Neat VNC built without TLS support\n");
|
||||
goto err_output;
|
||||
}
|
||||
if (!config->server_cert && !config->server_key) {
|
||||
weston_log(
|
||||
"The VNC backend requires a key and a "
|
||||
"certificate for TLS security"
|
||||
" (--vnc-tls-cert/--vnc-tls-key)\n");
|
||||
goto err_output;
|
||||
}
|
||||
if (!config->server_cert) {
|
||||
weston_log(
|
||||
"Missing TLS certificate (--vnc-tls-cert)\n");
|
||||
goto err_output;
|
||||
}
|
||||
if (!config->server_key) {
|
||||
weston_log("Missing TLS key (--vnc-tls-key)\n");
|
||||
goto err_output;
|
||||
}
|
||||
|
||||
ret = nvnc_set_tls_creds(backend->server, config->server_key,
|
||||
config->server_cert);
|
||||
if (ret) {
|
||||
weston_log("Failed set TLS credentials\n");
|
||||
goto err_output;
|
||||
}
|
||||
ret = nvnc_set_tls_creds(backend->server, config->server_key,
|
||||
config->server_cert);
|
||||
if (ret) {
|
||||
weston_log("Failed set TLS credentials\n");
|
||||
goto err_output;
|
||||
}
|
||||
|
||||
ret = nvnc_enable_auth(backend->server, NVNC_AUTH_REQUIRE_AUTH |
|
||||
NVNC_AUTH_REQUIRE_ENCRYPTION, vnc_handle_auth,
|
||||
NULL);
|
||||
if (ret) {
|
||||
weston_log("Failed to enable TLS support\n");
|
||||
goto err_output;
|
||||
}
|
||||
ret = nvnc_enable_auth(
|
||||
backend->server,
|
||||
NVNC_AUTH_REQUIRE_AUTH | NVNC_AUTH_REQUIRE_ENCRYPTION,
|
||||
vnc_handle_auth, NULL);
|
||||
if (ret) {
|
||||
weston_log("Failed to enable TLS support\n");
|
||||
goto err_output;
|
||||
}
|
||||
|
||||
weston_log("TLS support activated\n");
|
||||
weston_log("TLS support activated\n");
|
||||
} else {
|
||||
weston_log(
|
||||
"warning: VNC enabled without Transport Layer "
|
||||
"Security!\n");
|
||||
}
|
||||
|
||||
ret = weston_plugin_api_register(compositor, WESTON_VNC_OUTPUT_API_NAME,
|
||||
&api, sizeof(api));
|
||||
|
|
Loading…
Reference in New Issue