Halaman utama Jelajahi Bantuan
Daftar Masuk
FangSoftSoft
/
qemu
cermin dari https://github.com/utmapp/qemu.git
2
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

ui: ensure VNC websockets server checks the ACL if requested

If the x509verify option is requested, the VNC websockets server
was failing to validate that the websockets client provided an
x509 certificate matching the ACL rules.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Daniel P. Berrange 10 tahun lalu
induk
7b45a00d05
melakukan
4a48aaa9f5
1 mengubah file dengan 10 tambahan dan 0 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 10 0
      ui/vnc-ws.c

+ 10 - 0
ui/vnc-ws.c
Tampilan Berkas 

@@ -45,6 +45,16 @@ static int vncws_start_tls_handshake(struct VncState *vs)
 
         return -1;
 
     }
 
 
+    if (vs->vd->tls.x509verify) {
 
+        if (vnc_tls_validate_certificate(vs) < 0) {
 
+            VNC_DEBUG("Client verification failed\n");
 
+            vnc_client_error(vs);
 
+            return -1;
 
+        } else {
 
+            VNC_DEBUG("Client verification passed\n");
 
+        }
 
+    }
 
+
 
     VNC_DEBUG("Handshake done, switching to TLS data mode\n");
 
     qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs);