You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40 lines
1.5 KiB
40 lines
1.5 KiB
From a6ef11572ffdfde69c901c8c4903c911f0e27d76 Mon Sep 17 00:00:00 2001 |
|
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com> |
|
Date: Wed, 31 Jan 2018 11:09:38 +0000 |
|
Subject: [PATCH] Don't short-circuit request for TLS credentials |
|
MIME-Version: 1.0 |
|
Content-Type: text/plain; charset=UTF-8 |
|
Content-Transfer-Encoding: 8bit |
|
|
|
Although newer GNUTLS has a default system trust fallback for CA |
|
certificates, we must still request certificates from the client app. If |
|
we do not, then the VNC client will never be given the opportunity to |
|
provide custom certs to override the system trust database. |
|
|
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> |
|
(cherry picked from commit df656c79467c2595b4a2cd35283c7f5d52adf336) |
|
--- |
|
src/vncconnection.c | 8 -------- |
|
1 file changed, 8 deletions(-) |
|
|
|
diff --git a/src/vncconnection.c b/src/vncconnection.c |
|
index 1ddf38d..e5496ef 100644 |
|
--- a/src/vncconnection.c |
|
+++ b/src/vncconnection.c |
|
@@ -3528,16 +3528,8 @@ static gboolean vnc_connection_has_credentials(gpointer data) |
|
return FALSE; |
|
if (priv->want_cred_password && !priv->cred_password) |
|
return FALSE; |
|
- /* |
|
- * For x509 we require a minimum of the CA cert |
|
- * if using GNUTLS < 3.0. With newer GNUTLS we'll |
|
- * fallback to the system trust, so don't need to |
|
- * explicitly check for a CA cert. |
|
- */ |
|
-#if GNUTLS_VERSION_NUMBER < 0x030000 |
|
if (priv->want_cred_x509 && !priv->cred_x509_cacert) |
|
return FALSE; |
|
-#endif |
|
return TRUE; |
|
} |
|
|
|
|