Add a parameter for separate SSL key

common/network/TcpSocket.cxx

@@ -423,7 +423,7 @@ extern settings_t settings;
 
 WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr,
                          socklen_t listenaddrlen,
-                         bool sslonly, const char *cert,
+                         bool sslonly, const char *cert, const char *certkey,
                          const char *basicauth,
                          const char *httpdir)
 {
@@ -496,7 +496,7 @@ WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr,
 
   settings.basicauth = basicauth;
   settings.cert = cert;
-  settings.key = "";
+  settings.key = certkey;
   settings.ssl_only = sslonly;
   settings.verbose = vlog.getLevel() >= vlog.LEVEL_DEBUG;
   settings.httpdir = NULL;
@@ -673,7 +673,7 @@ void network::createTcpListeners(std::list<SocketListener*> *listeners,
 
 void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
                                  const struct addrinfo *ai,
-                                 bool sslonly, const char *cert,
+                                 bool sslonly, const char *cert, const char *certkey,
                                  const char *basicauth,
                                  const char *httpdir)
 {
@@ -701,7 +701,7 @@ void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
     try {
       new_listeners.push_back(new WebsocketListener(current->ai_addr,
                                               current->ai_addrlen,
-                                              sslonly, cert, basicauth,
+                                              sslonly, cert, certkey, basicauth,
                                               httpdir));
     } catch (SocketException& e) {
       // Ignore this if it is due to lack of address family support on
@@ -729,6 +729,7 @@ void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
                                  const char *addr,
                                  bool sslonly,
                                  const char *cert,
+                                 const char *certkey,
                                  const char *basicauth,
                                  const char *httpdir)
 {
@@ -757,7 +758,7 @@ void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
     ai[1].ai_addrlen = sizeof(sa[1].u.sin6);
     ai[1].ai_next = NULL;
 
-    createWebsocketListeners(listeners, ai, sslonly, cert, basicauth, httpdir);
+    createWebsocketListeners(listeners, ai, sslonly, cert, certkey, basicauth, httpdir);
   } else {
     struct addrinfo *ai, hints;
     char service[16];
@@ -780,7 +781,7 @@ void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
                            gai_strerror(result));
 
     try {
-      createWebsocketListeners(listeners, ai, sslonly, cert, basicauth, httpdir);
+      createWebsocketListeners(listeners, ai, sslonly, cert, certkey, basicauth, httpdir);
     } catch(...) {
       freeaddrinfo(ai);
       throw;

common/network/TcpSocket.h

@@ -90,7 +90,8 @@ namespace network {
   class WebsocketListener : public SocketListener {
   public:
     WebsocketListener(const struct sockaddr *listenaddr, socklen_t listenaddrlen,
-                      bool sslonly, const char *cert, const char *basicauth,
+                      bool sslonly, const char *cert, const char *certkey,
+                      const char *basicauth,
                       const char *httpdir);
 
     virtual int getMyPort();
@@ -110,6 +111,7 @@ namespace network {
                           const char *addr,
                           bool sslonly,
                           const char *cert,
+                          const char *certkey,
                           const char *basicauth,
                           const char *httpdir);
   void createTcpListeners(std::list<SocketListener*> *listeners,
@@ -121,6 +123,7 @@ namespace network {
                           const struct addrinfo *ai,
                           bool sslonly,
                           const char *cert,
+                          const char *certkey,
                           const char *basicauth,
                           const char *httpdir);
 

unix/xserver/hw/vnc/Xvnc.man

@@ -315,6 +315,12 @@ Listen for websocket connections on this port, default 6800.
 SSL pem cert to use for websocket connections, default empty/not used.
 .
 .TP
+.B \-key \fIpath\fP
+SSL pem key to use for websocket connections, default empty/not used.
+Only use this if you have the cert and key in separate files. If they
+are in the same file, use \fB-cert\fP.
+.
+.TP
 .B \-sslOnly
 Require SSL for websocket connections. Default off, non-SSL allowed.
 .

unix/xserver/hw/vnc/vncExtInit.cc

@@ -87,6 +87,7 @@ rfb::BoolParameter noWebsocket("noWebsocket",
                                  false);
 rfb::IntParameter websocketPort("websocketPort", "websocket port to listen for", 6800);
 rfb::StringParameter cert("cert", "SSL pem cert to use for websocket connections", "");
+rfb::StringParameter certkey("key", "SSL pem key to use for websocket connections (if separate)", "");
 rfb::BoolParameter sslonly("sslOnly", "Require SSL for websockets", false);
 rfb::StringParameter basicauth("BasicAuth", "user:pass for HTTP basic auth for websockets", "");
 rfb::StringParameter interface("interface",
@@ -224,7 +225,7 @@ void vncExtensionInit(void)
           if (!noWebsocket)
             network::createWebsocketListeners(&listeners, websocketPort,
                                               localhostOnly ? "local" : addr,
-                                              sslonly, cert, basicauth, httpDir);
+                                              sslonly, cert, certkey, basicauth, httpDir);
           else if (localhostOnly)
             network::createLocalTcpListeners(&listeners, port);
           else