2020-09-25 13:26:30 +02:00
|
|
|
Index: tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java
|
2016-01-12 13:44:44 +01:00
|
|
|
===================================================================
|
2020-09-25 13:26:30 +02:00
|
|
|
--- tigervnc-1.10.1.orig/java/com/tigervnc/rfb/CSecurityTLS.java
|
|
|
|
|
+++ tigervnc-1.10.1/java/com/tigervnc/rfb/CSecurityTLS.java
|
2018-08-02 11:24:03 +02:00
|
|
|
@@ -66,6 +66,9 @@ public class CSecurityTLS extends CSecur
|
2017-05-31 13:59:52 +02:00
|
|
|
public static StringParameter X509CRL
|
|
|
|
|
= new StringParameter("X509CRL",
|
2015-07-15 16:13:40 +02:00
|
|
|
"X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer);
|
|
|
|
|
+ public static StringParameter x509autoaccept
|
|
|
|
|
+ = new StringParameter("x509autoaccept",
|
|
|
|
|
+ "X509 Certificate SHA-1 fingerprint", "", Configuration.ConfigurationObject.ConfViewer);
|
2018-08-02 11:24:03 +02:00
|
|
|
public static UserMsgBox msg;
|
2015-07-15 16:13:40 +02:00
|
|
|
|
|
|
|
|
private void initGlobal()
|
2018-08-02 11:24:03 +02:00
|
|
|
@@ -85,6 +88,7 @@ public class CSecurityTLS extends CSecur
|
2015-07-15 16:13:40 +02:00
|
|
|
setDefaults();
|
2017-05-31 13:59:52 +02:00
|
|
|
cafile = X509CA.getData();
|
|
|
|
|
crlfile = X509CRL.getData();
|
2015-07-15 16:13:40 +02:00
|
|
|
+ certautoaccept = x509autoaccept.getData();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static String getDefaultCA() {
|
2020-09-25 13:26:30 +02:00
|
|
|
@@ -278,6 +282,7 @@ public class CSecurityTLS extends CSecur
|
|
|
|
|
"do you want to continue?"))
|
|
|
|
|
throw new AuthFailureException("server certificate has expired");
|
|
|
|
|
}
|
|
|
|
|
+ String thumbprint = getThumbprint(cert);
|
|
|
|
|
File vncDir = new File(FileUtils.getVncHomeDir());
|
|
|
|
|
if (!vncDir.exists())
|
|
|
|
|
throw new AuthFailureException("Could not obtain VNC home directory "+
|
|
|
|
|
@@ -332,6 +337,9 @@ public class CSecurityTLS extends CSecur
|
|
|
|
|
store_pubkey(dbPath, client.getServerName().toLowerCase(), pk);
|
2017-07-20 14:12:06 +02:00
|
|
|
} catch (java.lang.Exception e) {
|
|
|
|
|
if (e.getCause() instanceof CertPathBuilderException) {
|
2016-01-12 13:44:44 +01:00
|
|
|
+ if (certautoaccept != null && thumbprint.equalsIgnoreCase(certautoaccept)) {
|
|
|
|
|
+ return;
|
2015-07-15 16:13:40 +02:00
|
|
|
+ }
|
2020-09-25 13:26:30 +02:00
|
|
|
vlog.debug("Server host not previously known");
|
|
|
|
|
vlog.debug(info);
|
|
|
|
|
String text =
|
|
|
|
|
@@ -519,7 +527,7 @@ public class CSecurityTLS extends CSecur
|
2015-07-15 16:13:40 +02:00
|
|
|
private SSLEngineManager manager;
|
|
|
|
|
private boolean anon;
|
|
|
|
|
|
|
|
|
|
- private String cafile, crlfile;
|
|
|
|
|
+ private String cafile, crlfile, certautoaccept;
|
|
|
|
|
private FdInStream is;
|
|
|
|
|
private FdOutStream os;
|
|
|
|
|
|
2020-09-25 13:26:30 +02:00
|
|
|
Index: tigervnc-1.10.1/java/com/tigervnc/vncviewer/VncViewer.java
|
2016-01-12 13:44:44 +01:00
|
|
|
===================================================================
|
2020-09-25 13:26:30 +02:00
|
|
|
--- tigervnc-1.10.1.orig/java/com/tigervnc/vncviewer/VncViewer.java
|
|
|
|
|
+++ tigervnc-1.10.1/java/com/tigervnc/vncviewer/VncViewer.java
|
2018-08-02 11:24:03 +02:00
|
|
|
@@ -393,6 +393,8 @@ public class VncViewer extends javax.swi
|
2017-05-31 13:59:52 +02:00
|
|
|
// Called right after zero-arg constructor in applet mode
|
2015-07-15 16:13:40 +02:00
|
|
|
setLookAndFeel();
|
|
|
|
|
setBackground(Color.white);
|
|
|
|
|
+
|
|
|
|
|
+ SecurityClient.setDefaults();
|
2017-05-31 13:59:52 +02:00
|
|
|
applet = this;
|
|
|
|
|
vncServerName.put(loadAppletParameters(applet).toCharArray()).flip();
|
|
|
|
|
if (embed.getValue()) {
|
