summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrunge <runge>2008-05-12 01:04:40 +0000
committerrunge <runge>2008-05-12 01:04:40 +0000
commitd538e4e28148c967d00310f3eca1a648916b771e (patch)
treef51d18743903c98200b24f82d5e19e1cbde34a53
parentfa53197938187817f93d3b86ee6dd696bce1e834 (diff)
downloadlibvncserver-d538e4e28148c967d00310f3eca1a648916b771e.zip
libvncserver-d538e4e28148c967d00310f3eca1a648916b771e.tar.gz
x11vnc: SSL fixes. Increase cert lifetimes to 2 years. Print ssl err msg.
-rw-r--r--x11vnc/README14
-rw-r--r--x11vnc/help.c4
-rw-r--r--x11vnc/selection.c2
-rw-r--r--x11vnc/sslhelper.c19
-rw-r--r--x11vnc/ssltools.h13
-rw-r--r--x11vnc/x11vnc.16
-rw-r--r--x11vnc/x11vnc_defs.c2
7 files changed, 41 insertions, 19 deletions
diff --git a/x11vnc/README b/x11vnc/README
index 7756f0b..54929f8 100644
--- a/x11vnc/README
+++ b/x11vnc/README
@@ -1,5 +1,5 @@
-x11vnc README file Date: Wed May 7 20:58:51 EDT 2008
+x11vnc README file Date: Sat May 10 12:54:59 EDT 2008
The following information is taken from these URLs:
@@ -10341,8 +10341,8 @@ blah,blah...
brief, run something like "x11vnc -sslGenCert server self:apache" then
copy the resulting self:apache.crt file to conf/ssl.crt/server.crt and
extract the private key part from self:apache.pem and paste it into
- conf/ssl.key/server.key). Setting the env var REQ_ARGS='-days 730'
- before running x11vnc will bump up the expiration date (2 years in
+ conf/ssl.key/server.key). Setting the env var REQ_ARGS='-days 1095'
+ before running x11vnc will bump up the expiration date (3 years in
this case).
Or you can use the standard methods described in the [27]Apache
@@ -12039,7 +12039,7 @@ x11vnc: a VNC server for real X displays
Here are all of x11vnc command line options:
% x11vnc -opts (see below for -help long descriptions)
-x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-05-07
+x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-05-10
x11vnc options:
-display disp -auth file -N
@@ -12158,7 +12158,7 @@ libvncserver-tight-extension options:
% x11vnc -help
-x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-05-07
+x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-05-10
(type "x11vnc -opts" to just list the options.)
@@ -13709,8 +13709,8 @@ e
If you set the env. var REQ_ARGS='...' it will be
passed to openssl req(1). A common use would be
- REQ_ARGS='-days 730' to bump up the expiration date
- (2 years in this case).
+ REQ_ARGS='-days 1095' to bump up the expiration date
+ (3 years in this case).
-sslEncKey [pem] Utility to encrypt an existing PEM file with a
passphrase you supply when prompted. For that key to be
diff --git a/x11vnc/help.c b/x11vnc/help.c
index e135d16..ba744ee 100644
--- a/x11vnc/help.c
+++ b/x11vnc/help.c
@@ -1575,8 +1575,8 @@ void print_help(int mode) {
"\n"
" If you set the env. var REQ_ARGS='...' it will be\n"
" passed to openssl req(1). A common use would be\n"
-" REQ_ARGS='-days 730' to bump up the expiration date\n"
-" (2 years in this case).\n"
+" REQ_ARGS='-days 1095' to bump up the expiration date\n"
+" (3 years in this case).\n"
"\n"
"-sslEncKey [pem] Utility to encrypt an existing PEM file with a\n"
" passphrase you supply when prompted. For that key to be\n"
diff --git a/x11vnc/selection.c b/x11vnc/selection.c
index 373253b..ea56a5a 100644
--- a/x11vnc/selection.c
+++ b/x11vnc/selection.c
@@ -133,8 +133,6 @@ void selection_request(XEvent *ev, char *type) {
targets[0] = (Atom) xa_targets;
targets[1] = (Atom) XA_STRING;
- data = (unsigned char *)str;
-
ret = XChangeProperty(ev->xselectionrequest.display,
ev->xselectionrequest.requestor,
ev->xselectionrequest.property,
diff --git a/x11vnc/sslhelper.c b/x11vnc/sslhelper.c
index a7466b2..2739e5c 100644
--- a/x11vnc/sslhelper.c
+++ b/x11vnc/sslhelper.c
@@ -2130,8 +2130,16 @@ if (db > 1) fprintf(stderr, "ssl_init: 4\n");
return 0;
} else if (rc < 0) {
+ unsigned long err;
+ int cnt = 0;
- rfbLog("SSL: ssl_helper[%d]: SSL_accept() *FATAL: %d\n", getpid(), rc);
+ rfbLog("SSL: ssl_helper[%d]: SSL_accept() *FATAL: %d SSL FAILED\n", getpid(), rc);
+ while ((err = ERR_get_error()) != 0) {
+ rfbLog("SSL: %s\n", ERR_error_string(err, NULL));
+ if (cnt++ > 100) {
+ break;
+ }
+ }
return 0;
} else if (dnow() > start + 3.0) {
@@ -2174,9 +2182,18 @@ if (db > 1) fprintf(stderr, "ssl_init: 4\n");
}
} else {
rfbLog("SSL: ssl_helper[%d]: accepted client %s x509 cert is:\n", getpid(), name);
+#if LIBVNCSERVER_HAVE_X509_PRINT_EX_FP
X509_print_ex_fp(stderr, x, 0, XN_FLAG_MULTILINE);
+#endif
if (cr != NULL) {
+#if LIBVNCSERVER_HAVE_X509_PRINT_EX_FP
X509_print_ex_fp(cr, x, 0, XN_FLAG_MULTILINE);
+#else
+ rfbLog("** not compiled with libssl X509_print_ex_fp() function **\n");
+ if (users_list && strstr(users_list, "sslpeer=")) {
+ rfbLog("** -users sslpeer= will not work! **\n");
+ }
+#endif
fclose(cr);
}
}
diff --git a/x11vnc/ssltools.h b/x11vnc/ssltools.h
index c056e97..c261af9 100644
--- a/x11vnc/ssltools.h
+++ b/x11vnc/ssltools.h
@@ -76,7 +76,7 @@ char genCA[] =
"name_opt = ca_default # Subject Name options\n"
"cert_opt = ca_default # Certificate field options\n"
"\n"
-"default_days = 365 # how long to certify for\n"
+"default_days = 730 # how long to certify for\n"
"default_crl_days= 30 # how long before next CRL\n"
"default_md = md5 # which md to use.\n"
"preserve = no # keep passed DN ordering\n"
@@ -333,6 +333,13 @@ char genCert[] =
" echo \"Creating new x11vnc certificate and key for name: $type $name0\"\n"
" echo \"\"\n"
"\n"
+" req_args=$REQ_ARGS\n"
+" if echo \"$req_args\" | grep 'days' > /dev/null; then\n"
+" :\n"
+" else\n"
+" req_args=\"$req_args -days 730\"\n"
+" fi\n"
+"\n"
" cnf=\"$DIR/tmp/cnf.$$\"\n"
" trap \"rm -f \\\"$cnf\\\"\" 0 1 2 15\n"
"\n"
@@ -343,7 +350,7 @@ char genCert[] =
" direrror \"$DIR/CA/self.cnf.$type\"\n"
" fi\n"
" cat \"$DIR/CA/self.cnf.$type\" | sed -e \"s/%NAME/$name0/\" > \"$cnf\" || exit 1\n"
-" \"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 -x509 $REQ_ARGS \\\n"
+" \"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 -x509 $req_args \\\n"
" -keyout \"$DIR/$dest.key\" \\\n"
" -out \"$DIR/$dest.crt\"\n"
" else\n"
@@ -351,7 +358,7 @@ char genCert[] =
" direrror \"$DIR/CA/ssl.cnf.$type\"\n"
" fi\n"
" cat \"$DIR/CA/ssl.cnf.$type\" | sed -e \"s/%NAME/$name0/\" > \"$cnf\" || exit 1\n"
-" \"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 $REQ_ARGS \\\n"
+" \"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 $req_args \\\n"
" -keyout \"$DIR/$dest.key\" \\\n"
" -out \"$DIR/$dest.req\"\n"
" fi\n"
diff --git a/x11vnc/x11vnc.1 b/x11vnc/x11vnc.1
index 0b571cb..71f679e 100644
--- a/x11vnc/x11vnc.1
+++ b/x11vnc/x11vnc.1
@@ -2,7 +2,7 @@
.TH X11VNC "1" "May 2008" "x11vnc " "User Commands"
.SH NAME
x11vnc - allow VNC connections to real X11 displays
- version: 0.9.4, lastmod: 2008-05-07
+ version: 0.9.4, lastmod: 2008-05-10
.SH SYNOPSIS
.B x11vnc
[OPTION]...
@@ -1787,8 +1787,8 @@ If you set the env. var REQ_ARGS='...' it will be
passed to openssl
.IR req (1).
A common use would be
-REQ_ARGS='-days 730' to bump up the expiration date
-(2 years in this case).
+REQ_ARGS='-days 1095' to bump up the expiration date
+(3 years in this case).
.PP
\fB-sslEncKey\fR \fI[pem]\fR
.IP
diff --git a/x11vnc/x11vnc_defs.c b/x11vnc/x11vnc_defs.c
index 0bd42d9..fd8798b 100644
--- a/x11vnc/x11vnc_defs.c
+++ b/x11vnc/x11vnc_defs.c
@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.9.4 lastmod: 2008-05-07";
+char lastmod[] = "0.9.4 lastmod: 2008-05-10";
/* X display info */
OpenPOWER on IntegriCloud