x11vnc: SSL fixes. Increase cert lifetimes to 2 years. Print ssl err msg.

pull/1/head
runge 16 years ago
parent fa53197938
commit d538e4e281

@ -1,5 +1,5 @@
x11vnc README file Date: Wed May 7 20:58:51 EDT 2008
x11vnc README file Date: Sat May 10 12:54:59 EDT 2008
The following information is taken from these URLs:
@ -10341,8 +10341,8 @@ blah,blah...
brief, run something like "x11vnc -sslGenCert server self:apache" then
copy the resulting self:apache.crt file to conf/ssl.crt/server.crt and
extract the private key part from self:apache.pem and paste it into
conf/ssl.key/server.key). Setting the env var REQ_ARGS='-days 730'
before running x11vnc will bump up the expiration date (2 years in
conf/ssl.key/server.key). Setting the env var REQ_ARGS='-days 1095'
before running x11vnc will bump up the expiration date (3 years in
this case).
Or you can use the standard methods described in the [27]Apache
@ -12039,7 +12039,7 @@ x11vnc: a VNC server for real X displays
Here are all of x11vnc command line options:
% x11vnc -opts (see below for -help long descriptions)
x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-05-07
x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-05-10
x11vnc options:
-display disp -auth file -N
@ -12158,7 +12158,7 @@ libvncserver-tight-extension options:
% x11vnc -help
x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-05-07
x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-05-10
(type "x11vnc -opts" to just list the options.)
@ -13709,8 +13709,8 @@ e
If you set the env. var REQ_ARGS='...' it will be
passed to openssl req(1). A common use would be
REQ_ARGS='-days 730' to bump up the expiration date
(2 years in this case).
REQ_ARGS='-days 1095' to bump up the expiration date
(3 years in this case).
-sslEncKey [pem] Utility to encrypt an existing PEM file with a
passphrase you supply when prompted. For that key to be

@ -1575,8 +1575,8 @@ void print_help(int mode) {
"\n"
" If you set the env. var REQ_ARGS='...' it will be\n"
" passed to openssl req(1). A common use would be\n"
" REQ_ARGS='-days 730' to bump up the expiration date\n"
" (2 years in this case).\n"
" REQ_ARGS='-days 1095' to bump up the expiration date\n"
" (3 years in this case).\n"
"\n"
"-sslEncKey [pem] Utility to encrypt an existing PEM file with a\n"
" passphrase you supply when prompted. For that key to be\n"

@ -133,8 +133,6 @@ void selection_request(XEvent *ev, char *type) {
targets[0] = (Atom) xa_targets;
targets[1] = (Atom) XA_STRING;
data = (unsigned char *)str;
ret = XChangeProperty(ev->xselectionrequest.display,
ev->xselectionrequest.requestor,
ev->xselectionrequest.property,

@ -2130,8 +2130,16 @@ if (db > 1) fprintf(stderr, "ssl_init: 4\n");
return 0;
} else if (rc < 0) {
unsigned long err;
int cnt = 0;
rfbLog("SSL: ssl_helper[%d]: SSL_accept() *FATAL: %d\n", getpid(), rc);
rfbLog("SSL: ssl_helper[%d]: SSL_accept() *FATAL: %d SSL FAILED\n", getpid(), rc);
while ((err = ERR_get_error()) != 0) {
rfbLog("SSL: %s\n", ERR_error_string(err, NULL));
if (cnt++ > 100) {
break;
}
}
return 0;
} else if (dnow() > start + 3.0) {
@ -2174,9 +2182,18 @@ if (db > 1) fprintf(stderr, "ssl_init: 4\n");
}
} else {
rfbLog("SSL: ssl_helper[%d]: accepted client %s x509 cert is:\n", getpid(), name);
#if LIBVNCSERVER_HAVE_X509_PRINT_EX_FP
X509_print_ex_fp(stderr, x, 0, XN_FLAG_MULTILINE);
#endif
if (cr != NULL) {
#if LIBVNCSERVER_HAVE_X509_PRINT_EX_FP
X509_print_ex_fp(cr, x, 0, XN_FLAG_MULTILINE);
#else
rfbLog("** not compiled with libssl X509_print_ex_fp() function **\n");
if (users_list && strstr(users_list, "sslpeer=")) {
rfbLog("** -users sslpeer= will not work! **\n");
}
#endif
fclose(cr);
}
}

@ -76,7 +76,7 @@ char genCA[] =
"name_opt = ca_default # Subject Name options\n"
"cert_opt = ca_default # Certificate field options\n"
"\n"
"default_days = 365 # how long to certify for\n"
"default_days = 730 # how long to certify for\n"
"default_crl_days= 30 # how long before next CRL\n"
"default_md = md5 # which md to use.\n"
"preserve = no # keep passed DN ordering\n"
@ -333,6 +333,13 @@ char genCert[] =
" echo \"Creating new x11vnc certificate and key for name: $type $name0\"\n"
" echo \"\"\n"
"\n"
" req_args=$REQ_ARGS\n"
" if echo \"$req_args\" | grep 'days' > /dev/null; then\n"
" :\n"
" else\n"
" req_args=\"$req_args -days 730\"\n"
" fi\n"
"\n"
" cnf=\"$DIR/tmp/cnf.$$\"\n"
" trap \"rm -f \\\"$cnf\\\"\" 0 1 2 15\n"
"\n"
@ -343,7 +350,7 @@ char genCert[] =
" direrror \"$DIR/CA/self.cnf.$type\"\n"
" fi\n"
" cat \"$DIR/CA/self.cnf.$type\" | sed -e \"s/%NAME/$name0/\" > \"$cnf\" || exit 1\n"
" \"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 -x509 $REQ_ARGS \\\n"
" \"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 -x509 $req_args \\\n"
" -keyout \"$DIR/$dest.key\" \\\n"
" -out \"$DIR/$dest.crt\"\n"
" else\n"
@ -351,7 +358,7 @@ char genCert[] =
" direrror \"$DIR/CA/ssl.cnf.$type\"\n"
" fi\n"
" cat \"$DIR/CA/ssl.cnf.$type\" | sed -e \"s/%NAME/$name0/\" > \"$cnf\" || exit 1\n"
" \"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 $REQ_ARGS \\\n"
" \"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 $req_args \\\n"
" -keyout \"$DIR/$dest.key\" \\\n"
" -out \"$DIR/$dest.req\"\n"
" fi\n"

@ -2,7 +2,7 @@
.TH X11VNC "1" "May 2008" "x11vnc " "User Commands"
.SH NAME
x11vnc - allow VNC connections to real X11 displays
version: 0.9.4, lastmod: 2008-05-07
version: 0.9.4, lastmod: 2008-05-10
.SH SYNOPSIS
.B x11vnc
[OPTION]...
@ -1787,8 +1787,8 @@ If you set the env. var REQ_ARGS='...' it will be
passed to openssl
.IR req (1).
A common use would be
REQ_ARGS='-days 730' to bump up the expiration date
(2 years in this case).
REQ_ARGS='-days 1095' to bump up the expiration date
(3 years in this case).
.PP
\fB-sslEncKey\fR \fI[pem]\fR
.IP

@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.9.4 lastmod: 2008-05-07";
char lastmod[] = "0.9.4 lastmod: 2008-05-10";
/* X display info */

Loading…
Cancel
Save