You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
41 lines
1.5 KiB
41 lines
1.5 KiB
6 years ago
|
From a6ef11572ffdfde69c901c8c4903c911f0e27d76 Mon Sep 17 00:00:00 2001
|
||
|
|
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||
|
|
Date: Wed, 31 Jan 2018 11:09:38 +0000
|
||
|
|
Subject: [PATCH] Don't short-circuit request for TLS credentials
|
||
|
|
MIME-Version: 1.0
|
||
|
|
Content-Type: text/plain; charset=UTF-8
|
||
|
|
Content-Transfer-Encoding: 8bit
|
||
|
|
|
||
|
|
Although newer GNUTLS has a default system trust fallback for CA
|
||
|
|
certificates, we must still request certificates from the client app. If
|
||
|
|
we do not, then the VNC client will never be given the opportunity to
|
||
|
|
provide custom certs to override the system trust database.
|
||
|
|
|
||
|
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||
|
|
(cherry picked from commit df656c79467c2595b4a2cd35283c7f5d52adf336)
|
||
|
|
---
|
||
|
|
src/vncconnection.c | 8 --------
|
||
|
|
1 file changed, 8 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/src/vncconnection.c b/src/vncconnection.c
|
||
|
|
index 1ddf38d..e5496ef 100644
|
||
|
|
--- a/src/vncconnection.c
|
||
|
|
+++ b/src/vncconnection.c
|
||
|
|
@@ -3528,16 +3528,8 @@ static gboolean vnc_connection_has_credentials(gpointer data)
|
||
|
|
return FALSE;
|
||
|
|
if (priv->want_cred_password && !priv->cred_password)
|
||
|
|
return FALSE;
|
||
|
|
- /*
|
||
|
|
- * For x509 we require a minimum of the CA cert
|
||
|
|
- * if using GNUTLS < 3.0. With newer GNUTLS we'll
|
||
|
|
- * fallback to the system trust, so don't need to
|
||
|
|
- * explicitly check for a CA cert.
|
||
|
|
- */
|
||
|
|
-#if GNUTLS_VERSION_NUMBER < 0x030000
|
||
|
|
if (priv->want_cred_x509 && !priv->cred_x509_cacert)
|
||
|
|
return FALSE;
|
||
|
|
-#endif
|
||
|
|
return TRUE;
|
||
|
|
}
|
||
|
|
|