extern/KasmVNC
1
0
Fork 0
mirror of https://github.com/kasmtech/KasmVNC.git synced 2024-11-22 16:13:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add a parameter for separate SSL key

Browse Source
This commit is contained in:
Lauri Kasanen 2021-01-15 13:07:53 +02:00
parent 481b063eb7
commit 83c83f43ef
4 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
common/network/TcpSocket.cxx
View File

@ -423,7 +423,7 @@ extern settings_t settings;
WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr, WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr,
socklen_t listenaddrlen, socklen_t listenaddrlen,
bool sslonly, const char *cert, bool sslonly, const char *cert, const char *certkey,
const char *basicauth, const char *basicauth,
const char *httpdir) const char *httpdir)
{ {
@ -496,7 +496,7 @@ WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr,
settings.basicauth = basicauth; settings.basicauth = basicauth;
settings.cert = cert; settings.cert = cert;
settings.key = ""; settings.key = certkey;
settings.ssl_only = sslonly; settings.ssl_only = sslonly;
settings.verbose = vlog.getLevel() >= vlog.LEVEL_DEBUG; settings.verbose = vlog.getLevel() >= vlog.LEVEL_DEBUG;
settings.httpdir = NULL; settings.httpdir = NULL;
@ -673,7 +673,7 @@ void network::createTcpListeners(std::list<SocketListener*> *listeners,
void network::createWebsocketListeners(std::list<SocketListener*> *listeners, void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
const struct addrinfo *ai, const struct addrinfo *ai,
bool sslonly, const char *cert, bool sslonly, const char *cert, const char *certkey,
const char *basicauth, const char *basicauth,
const char *httpdir) const char *httpdir)
{ {
@ -701,7 +701,7 @@ void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
try { try {
new_listeners.push_back(new WebsocketListener(current->ai_addr, new_listeners.push_back(new WebsocketListener(current->ai_addr,
current->ai_addrlen, current->ai_addrlen,
sslonly, cert, basicauth, sslonly, cert, certkey, basicauth,
httpdir)); httpdir));
} catch (SocketException& e) { } catch (SocketException& e) {
// Ignore this if it is due to lack of address family support on // Ignore this if it is due to lack of address family support on
@ -729,6 +729,7 @@ void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
const char *addr, const char *addr,
bool sslonly, bool sslonly,
const char *cert, const char *cert,
const char *certkey,
const char *basicauth, const char *basicauth,
const char *httpdir) const char *httpdir)
{ {
@ -757,7 +758,7 @@ void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
ai[1].ai_addrlen = sizeof(sa[1].u.sin6); ai[1].ai_addrlen = sizeof(sa[1].u.sin6);
ai[1].ai_next = NULL; ai[1].ai_next = NULL;
createWebsocketListeners(listeners, ai, sslonly, cert, basicauth, httpdir); createWebsocketListeners(listeners, ai, sslonly, cert, certkey, basicauth, httpdir);
} else { } else {
struct addrinfo *ai, hints; struct addrinfo *ai, hints;
char service[16]; char service[16];
@ -780,7 +781,7 @@ void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
gai_strerror(result)); gai_strerror(result));
try { try {
createWebsocketListeners(listeners, ai, sslonly, cert, basicauth, httpdir); createWebsocketListeners(listeners, ai, sslonly, cert, certkey, basicauth, httpdir);
} catch(...) { } catch(...) {
freeaddrinfo(ai); freeaddrinfo(ai);
throw; throw;

5
common/network/TcpSocket.h
View File

@ -90,7 +90,8 @@ namespace network {
class WebsocketListener : public SocketListener { class WebsocketListener : public SocketListener {
public: public:
WebsocketListener(const struct sockaddr *listenaddr, socklen_t listenaddrlen, WebsocketListener(const struct sockaddr *listenaddr, socklen_t listenaddrlen,
bool sslonly, const char *cert, const char *basicauth, bool sslonly, const char *cert, const char *certkey,
const char *basicauth,
const char *httpdir); const char *httpdir);
virtual int getMyPort(); virtual int getMyPort();
@ -110,6 +111,7 @@ namespace network {
const char *addr, const char *addr,
bool sslonly, bool sslonly,
const char *cert, const char *cert,
const char *certkey,
const char *basicauth, const char *basicauth,
const char *httpdir); const char *httpdir);
void createTcpListeners(std::list<SocketListener*> *listeners, void createTcpListeners(std::list<SocketListener*> *listeners,
@ -121,6 +123,7 @@ namespace network {
const struct addrinfo *ai, const struct addrinfo *ai,
bool sslonly, bool sslonly,
const char *cert, const char *cert,
const char *certkey,
const char *basicauth, const char *basicauth,
const char *httpdir); const char *httpdir);

6
unix/xserver/hw/vnc/Xvnc.man
View File

@ -315,6 +315,12 @@ Listen for websocket connections on this port, default 6800.
SSL pem cert to use for websocket connections, default empty/not used. SSL pem cert to use for websocket connections, default empty/not used.
. .
.TP .TP
.B \-key \fIpath\fP
SSL pem key to use for websocket connections, default empty/not used.
Only use this if you have the cert and key in separate files. If they
are in the same file, use \fB-cert\fP.
.
.TP
.B \-sslOnly .B \-sslOnly
Require SSL for websocket connections. Default off, non-SSL allowed. Require SSL for websocket connections. Default off, non-SSL allowed.
. .

3
unix/xserver/hw/vnc/vncExtInit.cc
View File

@ -87,6 +87,7 @@ rfb::BoolParameter noWebsocket("noWebsocket",
false); false);
rfb::IntParameter websocketPort("websocketPort", "websocket port to listen for", 6800); rfb::IntParameter websocketPort("websocketPort", "websocket port to listen for", 6800);
rfb::StringParameter cert("cert", "SSL pem cert to use for websocket connections", ""); rfb::StringParameter cert("cert", "SSL pem cert to use for websocket connections", "");
rfb::StringParameter certkey("key", "SSL pem key to use for websocket connections (if separate)", "");
rfb::BoolParameter sslonly("sslOnly", "Require SSL for websockets", false); rfb::BoolParameter sslonly("sslOnly", "Require SSL for websockets", false);
rfb::StringParameter basicauth("BasicAuth", "user:pass for HTTP basic auth for websockets", ""); rfb::StringParameter basicauth("BasicAuth", "user:pass for HTTP basic auth for websockets", "");
rfb::StringParameter interface("interface", rfb::StringParameter interface("interface",
@ -224,7 +225,7 @@ void vncExtensionInit(void)
if (!noWebsocket) if (!noWebsocket)
network::createWebsocketListeners(&listeners, websocketPort, network::createWebsocketListeners(&listeners, websocketPort,
localhostOnly ? "local" : addr, localhostOnly ? "local" : addr,
sslonly, cert, basicauth, httpDir); sslonly, cert, certkey, basicauth, httpDir);
else if (localhostOnly) else if (localhostOnly)
network::createLocalTcpListeners(&listeners, port); network::createLocalTcpListeners(&listeners, port);
else else