On Mon, Mar 16, 2015 at 01:35:02PM +0000, Daniel P. Berrange wrote: > On Mon, Mar 16, 2015 at 01:17:16PM +0000, Alex Bennée wrote: > > > > Daniel P. Berrange <berra...@redhat.com> writes: > > > > > The way the websockets TLS code was integrated into the VNC server > > > made it insecure and essentially useless. The only time that the > > > websockets TLS support could be used is if the primary VNC server > > <snip> > > > > > > With this patch applied a number of things change > > > > > > - TLS is not activated for websockets unless the 'tls' flag is > > > actually given. > > > - Non-TLS websockets connections are dropped if TLS is active > > > - The client certificate is validated after handshake completes > > > if the 'x509verify' flag is given > > > - Separate VNC auth scheme is tracked for websockets server, > > > since it makes no sense to try to use VeNCrypt over a TLS > > > enabled websockets connection. > > > - The separate "VncDisplayTLS ws_tls" field is dropped, since > > > the auth setup ensures we can never have multiple TLS sessions. > > > > I wonder if the mechanical changes to the tls field could be separated > > from the logic changes to the handling of authentication and certificate > > checking? > > They are rather intertwined, because the need for this duplicated > TLS field was a result of the way auth was mishandled. So cleaning > up one implies cleaning up the other & vica-verca.
I've actually realized I can split it, if I do the auth scheme clean up first. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|