forked from pool/tigervnc
Accepting request 688637 from X11:XOrg
OBS-URL: https://build.opensuse.org/request/show/688637 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tigervnc?expand=0&rev=58
This commit is contained in:
commit
a0c774c66d
@ -1,3 +1,31 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Mar 26 08:22:53 UTC 2019 - Yifan Jiang <yfjiang@suse.com>
|
||||||
|
|
||||||
|
- Update with-vnc-key.sh to use only hostname for CN.
|
||||||
|
|
||||||
|
The gnutls introduces gnutls_x509_crt_check_hostname2 in
|
||||||
|
gnutls/lib/x509/hostname-verify.c#L159 to check if the given
|
||||||
|
certificate's subject matches the given hostname.
|
||||||
|
|
||||||
|
The function is used by the recent version of libvncclient which
|
||||||
|
will fail to verify the certification if there is a mismatching
|
||||||
|
between the connected hostname and the cert issuer's common name.
|
||||||
|
|
||||||
|
https://github.com/LibVNC/libvncserver/commit/cc69ee9
|
||||||
|
|
||||||
|
So the previous way to generate the vnc server's cert brings a
|
||||||
|
complicated CN, making the client using libvncclient
|
||||||
|
(e.g. vinagre, remmina) hard to adapt the hostname check. It is
|
||||||
|
better to populate the hostname as the common name without extra
|
||||||
|
strings.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 21 09:16:51 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||||
|
|
||||||
|
- Change Requires(post): firewall-macros to BuildRequires: the
|
||||||
|
macros are expanded at build time and not needed at all at
|
||||||
|
runtime.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Feb 7 12:34:03 UTC 2019 - Stephan Kulow <coolo@suse.com>
|
Thu Feb 7 12:34:03 UTC 2019 - Stephan Kulow <coolo@suse.com>
|
||||||
|
|
||||||
|
@ -153,7 +153,7 @@ Requires(post): /usr/sbin/groupadd
|
|||||||
Requires(post): /bin/awk
|
Requires(post): /bin/awk
|
||||||
Requires(post): systemd
|
Requires(post): systemd
|
||||||
%if %{use_firewalld}
|
%if %{use_firewalld}
|
||||||
Requires(post): firewall-macros
|
BuildRequires: firewall-macros
|
||||||
%endif
|
%endif
|
||||||
# Needed to generate certificates
|
# Needed to generate certificates
|
||||||
Requires: windowmanager
|
Requires: windowmanager
|
||||||
|
@ -25,7 +25,7 @@ fi
|
|||||||
# If the cert file doesn't exist, generate it.
|
# If the cert file doesn't exist, generate it.
|
||||||
if ! test -e $TLSCERT ; then
|
if ! test -e $TLSCERT ; then
|
||||||
# Keeping it short, because hostname could be long and max CN is 64 characters
|
# Keeping it short, because hostname could be long and max CN is 64 characters
|
||||||
CN="VNC service on `hostname`"
|
CN="`hostname`"
|
||||||
CN=${CN:0:64}
|
CN=${CN:0:64}
|
||||||
openssl req -new -x509 -extensions usr_cert -key $TLSKEY -out $TLSCERT -days 7305 -subj "/CN=$CN/"
|
openssl req -new -x509 -extensions usr_cert -key $TLSKEY -out $TLSCERT -days 7305 -subj "/CN=$CN/"
|
||||||
chown vnc:vnc $TLSCERT
|
chown vnc:vnc $TLSCERT
|
||||||
|
Loading…
Reference in New Issue
Block a user