x11vnc: tweaks to ssl_xfer; -ssltimeout option.

classes/ssl/ssl_vncviewer

@@ -220,6 +220,7 @@ if [ "X$use_ssh" = "X1" ]; then
 	echo ""
 	echo "Running ssh:"
 	echo "$ssh -f -p $ssh_port -L ${use}:${vnc_host}:${port} $ssh_host \"$ssh_cmd\""
+	echo ""
 	$ssh -f -p $ssh_port -L ${use}:${vnc_host}:${port} $ssh_host "$ssh_cmd"
 	if [ "$?" != "0" ]; then
 		echo ""
@@ -236,6 +237,7 @@ if [ "X$use_ssh" = "X1" ]; then
 	echo ""
 	echo "Running viewer:"
 	echo $VNCVIEWERCMD "$@" localhost:$N
+	echo ""
 	$VNCVIEWERCMD "$@" localhost:$N
 
 	exit $?
@@ -420,11 +422,12 @@ foreground = yes
 pid =
 client = yes
 debug = 6
+$STUNNEL_EXTRA_OPTS
 $verify
 $cert
 
 [vnc_stunnel]
-accept = $use
+accept = localhost:$use
 $connect
 END
 
@@ -436,7 +439,8 @@ echo ""
 sleep 1
 
 echo ""
-echo "Running: $STUNNEL $tmp"
+echo "Running: stunnel"
+echo "$STUNNEL $tmp"
 $STUNNEL "$tmp" < /dev/tty > /dev/tty &
 pid=$!
 echo ""
@@ -452,6 +456,7 @@ rm -f "$tmp"
 echo ""
 echo "Running viewer:"
 echo $VNCVIEWERCMD "$@" localhost:$N
+echo ""
 $VNCVIEWERCMD "$@" localhost:$N
 
 kill $pid

x11vnc/help.c

@@ -759,6 +759,13 @@ void print_help(int mode) {
 "                       Also in the x11vnc source a SSL enabled Java VNC Viewer\n"
 "                       applet is provided in the classes/ssl directory.\n"
 "\n"
+"-ssltimeout n          Set SSL read timeout to n seconds.  In some situations\n"
+"                       (i.e. an iconified viewer in Windows) the viewer stops\n"
+"                       talking and the connection is dropped after the default\n"
+"                       timeout (25s for about the first minute, 43200s later).\n"
+"                       Set to zero to poll forever.  Set to a negative value\n"
+"                       to use the builtin setting.\n"
+"\n"
 "-ssldir [dir]          Use [dir] as an alternate ssl certificate and key\n"
 "                       management toplevel directory.  The default is\n"
 "                       ~/.vnc/certs\n"
@@ -3048,6 +3055,7 @@ void print_help(int mode) {
 "                       input_skip:n    set -input_skip to n.\n"
 "                       allinput        enable  use of -allinput mode.\n"
 "                       noallinput      disable use of -allinput mode.\n"
+"                       ssltimeout:n    set -ssltimeout to n.\n"
 "                       speeds:str      set -speeds to str.\n"
 "                       wmdt:str        set -wmdt to str.\n"
 "                       debug_pointer   enable  -debug_pointer, same as \"dp\"\n"
@@ -3177,9 +3185,9 @@ void print_help(int mode) {
 "                       nowf wirecopyrect wcr nowirecopyrect nowcr scr_area\n"
 "                       scr_skip scr_inc scr_keys scr_term scr_keyrepeat\n"
 "                       scr_parms scrollcopyrect scr noscrollcopyrect noscr\n"
-"                       fixscreen noxrecord xrecord reset_record pointer_mode\n"
-"                       pm input_skip allinput noallinput input grabkbd\n"
-"                       nograbkbd grabptr nograbptr client_input speeds wmdt\n"
+"                       fixscreen noxrecord xrecord reset_record pointer_mode pm\n"
+"                       input_skip allinput noallinput input grabkbd nograbkbd\n"
+"                       grabptr nograbptr client_input ssltimeout speeds wmdt\n"
 "                       debug_pointer dp nodebug_pointer nodp debug_keyboard\n"
 "                       dk nodebug_keyboard nodk deferupdate defer wait_ui\n"
 "                       wait_bog nowait_bog slow_fb wait readtimeout nap nonap\n"

x11vnc/options.c

@@ -29,6 +29,7 @@ char *ssl_certs_dir = NULL;
 int https_port_num = -1;
 char *ssl_verify = NULL;
 int ssl_initialized = 0;
+int ssl_timeout_secs = -1;
 int usepw = USEPW;
 char *blackout_str = NULL;	/* -blackout */
 int blackout_ptr = 0;

x11vnc/options.h

@@ -29,6 +29,7 @@ extern char *ssl_certs_dir;
 extern int https_port_num;
 extern char *ssl_verify;
 extern int ssl_initialized;
+extern int ssl_timeout_secs;
 extern int usepw;
 extern char *blackout_str;
 extern int blackout_ptr;

x11vnc/remote.c

@@ -3136,6 +3136,19 @@ char *process_remote_cmd(char *cmd, int stringonly) {
 		p += strlen("client_input:");
 		set_client_input(p);
 
+	} else if (strstr(p, "ssltimeout") == p) {
+		int is;
+		COLON_CHECK("ssltimeout:")
+		if (query) {
+			snprintf(buf, bufn, "ans=%s%s%d", p, co,
+			    ssl_timeout_secs);
+			goto qry;
+		}
+		p += strlen("ssltimeout:");
+		is = atoi(p);
+		rfbLog("remote_cmd: setting ssltimeout: %d\n", is);
+		ssl_timeout_secs = is;
+
 	} else if (strstr(p, "speeds") == p) {
 		COLON_CHECK("speeds:")
 		if (query) {

x11vnc/sslhelper.c

@@ -1932,20 +1932,21 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
 	int  cptr, sptr, c_rd, c_wr, s_rd, s_wr;
 	fd_set rd, wr;
 	struct timeval tv;
-	int ssock, cnt = 0;
+	int ssock, cnt = 0, ndata = 0;
 
 	/*
 	 * we want to switch to a longer timeout for long term VNC
-	 * connections (in case the network is not working for short
-	 * periods), but we also want the timeout shorter at the beginning
+	 * connections (in case the network is not working for periods of
+	 * time), but we also want the timeout shorter at the beginning
 	 * in case the client went away.
 	 */
 	time_t start;
 	int tv_https_early = 60;
 	int tv_https_later = 20;
 	int tv_vnc_early = 25;
-	int tv_vnc_later = 300;
-	int tv_cutover = 120;
+	int tv_vnc_later = 43200;	/* was 300, stunnel: 43200 */
+	int tv_cutover = 70;
+	int tv_closing = 60;
 	int tv_use;
 
 	if (dbxfer) {
@@ -2002,7 +2003,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
 	sptr = 0;
 
 	while (1) {
-		int c_to_s, s_to_c;
+		int c_to_s, s_to_c, closing;
 
 		if ( s_wr && (c_rd || cptr > 0) ) {
 			/* 
@@ -2070,6 +2071,8 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
 		}
 
 		if (tv_cutover && time(NULL) > start + tv_cutover) {
+			rfbLog("SSL: ssl_xfer[%d]: tv_cutover: %d\n", getpid(),
+			    tv_cutover);
 			tv_cutover = 0;
 			if (is_https) {
 				tv_use = tv_https_later;
@@ -2077,12 +2080,26 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
 				tv_use = tv_vnc_later;
 			}
 		}
+		if (ssl_timeout_secs > 0) {
+			tv_use = ssl_timeout_secs;
+		}
+
+		if ( (s_rd && c_rd) || cptr || sptr) {
+			closing = 0;
+		} else {
+			closing = 1;
+			tv_use = tv_closing;
+		}
 		tv.tv_sec  = tv_use;
 		tv.tv_usec = 0;
 
 		/*  do the select, repeat if interrupted */
 		do {
-			nfd = select(fdmax+1, &rd, &wr, NULL, &tv);
+			if (ssl_timeout_secs == 0) {
+				nfd = select(fdmax+1, &rd, &wr, NULL, NULL);
+			} else {
+				nfd = select(fdmax+1, &rd, &wr, NULL, &tv);
+			}
 		} while (nfd < 0 && errno == EINTR);
 
 		if (db > 1) fprintf(stderr, "nfd: %d\n", nfd);
@@ -2095,8 +2112,17 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
 		}
 
 		if (nfd == 0) {
-			rfbLog("SSL: ssl_xfer[%d]: connection timedout.\n",
-			    getpid());
+			if (!closing && tv_cutover && ndata > 25000) {
+				static int cn = 0;
+				/* probably ok, early windows iconify */
+				if (cn++ < 2) {
+					rfbLog("SSL: ssl_xfer[%d]: early time"
+					    "out: %d\n", getpid(), ndata);
+				}
+				continue;
+			}
+			rfbLog("SSL: ssl_xfer[%d]: connection timedout. %d\n",
+			    getpid(), ndata);
 			/* connection finished */
 			return;
 		}
@@ -2132,6 +2158,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
 					shutdown(csock, SHUT_WR);
 					c_wr = 0;
 				}
+				ndata += n;
 			}
 		}
 
@@ -2154,6 +2181,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
 						SSL_shutdown(ssl);
 						s_wr = 0;
 					}
+					ndata += n;
 
 				} else if (err == SSL_ERROR_WANT_WRITE
 					|| err == SSL_ERROR_WANT_READ
@@ -2203,6 +2231,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
 				/* good */
 
 				cptr += n;
+				ndata += n;
 			}
 		}
 
@@ -2220,6 +2249,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
 					/* good */
 
 					sptr += n;
+					ndata += n;
 
 				} else if (err == SSL_ERROR_WANT_WRITE
 					|| err == SSL_ERROR_WANT_READ

x11vnc/tkx11vnc

@@ -303,6 +303,7 @@ Permissions
 	=F stunnel_pem:
 	=F ssldir:
 	=F sslverify:
+	ssltimeout:
 	https:
 	=GAL LOFF
 	=GAL Misc-Perms::

x11vnc/tkx11vnc.h

@@ -314,6 +314,7 @@ char gui_code[] = "";
 "	=F stunnel_pem:\n"
 "	=F ssldir:\n"
 "	=F sslverify:\n"
+"	ssltimeout:\n"
 "	https:\n"
 "	=GAL LOFF\n"
 "	=GAL Misc-Perms::\n"

x11vnc/x11vnc.1

@@ -1,8 +1,8 @@
 .\" This file was automatically generated from x11vnc -help output.
-.TH X11VNC "1" "July 2006" "x11vnc " "User Commands"
+.TH X11VNC "1" "August 2006" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.8.3, lastmod: 2006-07-30
+         version: 0.8.3, lastmod: 2006-08-02
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...
@@ -889,6 +889,15 @@ script that starts up stunnel and then vncviewer.
 Also in the x11vnc source a SSL enabled Java VNC Viewer
 applet is provided in the classes/ssl directory.
 .PP
+\fB-ssltimeout\fR \fIn\fR
+.IP
+Set SSL read timeout to n seconds.  In some situations
+(i.e. an iconified viewer in Windows) the viewer stops
+talking and the connection is dropped after the default
+timeout (25s for about the first minute, 43200s later).
+Set to zero to poll forever.  Set to a negative value
+to use the builtin setting.
+.PP
 \fB-ssldir\fR \fI[dir]\fR
 .IP
 Use [dir] as an alternate ssl certificate and key
@@ -3669,6 +3678,8 @@ allinput        enable  use of \fB-allinput\fR mode.
 .IP
 noallinput      disable use of \fB-allinput\fR mode.
 .IP
+ssltimeout:n    set \fB-ssltimeout\fR to n.
+.IP
 speeds:str      set \fB-speeds\fR to str.
 .IP
 wmdt:str        set \fB-wmdt\fR to str.
@@ -3876,9 +3887,9 @@ nodragging wireframe_mode wireframe wf nowireframe
 nowf wirecopyrect wcr nowirecopyrect nowcr scr_area
 scr_skip scr_inc scr_keys scr_term scr_keyrepeat
 scr_parms scrollcopyrect scr noscrollcopyrect noscr
-fixscreen noxrecord xrecord reset_record pointer_mode
-pm input_skip allinput noallinput input grabkbd
-nograbkbd grabptr nograbptr client_input speeds wmdt
+fixscreen noxrecord xrecord reset_record pointer_mode pm
+input_skip allinput noallinput input grabkbd nograbkbd
+grabptr nograbptr client_input ssltimeout speeds wmdt
 debug_pointer dp nodebug_pointer nodp debug_keyboard
 dk nodebug_keyboard nodk deferupdate defer wait_ui
 wait_bog nowait_bog slow_fb wait readtimeout nap nonap

x11vnc/x11vnc.c

@@ -1059,6 +1059,10 @@ static void print_settings(int try_http, int bg, char *gui_str) {
 	    : "null");
 	fprintf(stderr, " unixpw:     %d\n", unixpw);
 	fprintf(stderr, " unixpw_lst: %s\n", unixpw_list ? unixpw_list:"null");
+	fprintf(stderr, " ssl:        %s\n", openssl_pem ? openssl_pem:"null");
+	fprintf(stderr, " ssldir:     %s\n", ssl_certs_dir ? ssl_certs_dir:"null");
+	fprintf(stderr, " ssltimeout  %d\n", ssl_timeout_secs);
+	fprintf(stderr, " sslverify:  %s\n", ssl_verify ? ssl_verify:"null");
 	fprintf(stderr, " stunnel:    %d\n", use_stunnel);
 	fprintf(stderr, " accept:     %s\n", accept_cmd ? accept_cmd
 	    : "null");
@@ -1674,6 +1678,9 @@ int main(int argc, char* argv[]) {
 					i++;
 				}
 			}
+		} else if (!strcmp(arg, "-ssltimeout")) {
+			CHECK_ARGC
+			ssl_timeout_secs = atoi(argv[++i]);
 		} else if (!strcmp(arg, "-ssldir")) {
 			CHECK_ARGC
 			ssl_certs_dir = strdup(argv[++i]);

x11vnc/x11vnc_defs.c

@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
 int xdamage_base_event_type = 0;
 
 /*               date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.8.3 lastmod: 2006-07-30";
+char lastmod[] = "0.8.3 lastmod: 2006-08-02";
 
 /* X display info */