x11vnc: SSL fixes. Increase cert lifetimes to 2 years. Print ssl err msg.

pull/1/head
runge 16 years ago
parent fa53197938
commit d538e4e281

@ -1,5 +1,5 @@
x11vnc README file Date: Wed May 7 20:58:51 EDT 2008 x11vnc README file Date: Sat May 10 12:54:59 EDT 2008
The following information is taken from these URLs: The following information is taken from these URLs:
@ -10341,8 +10341,8 @@ blah,blah...
brief, run something like "x11vnc -sslGenCert server self:apache" then brief, run something like "x11vnc -sslGenCert server self:apache" then
copy the resulting self:apache.crt file to conf/ssl.crt/server.crt and copy the resulting self:apache.crt file to conf/ssl.crt/server.crt and
extract the private key part from self:apache.pem and paste it into extract the private key part from self:apache.pem and paste it into
conf/ssl.key/server.key). Setting the env var REQ_ARGS='-days 730' conf/ssl.key/server.key). Setting the env var REQ_ARGS='-days 1095'
before running x11vnc will bump up the expiration date (2 years in before running x11vnc will bump up the expiration date (3 years in
this case). this case).
Or you can use the standard methods described in the [27]Apache Or you can use the standard methods described in the [27]Apache
@ -12039,7 +12039,7 @@ x11vnc: a VNC server for real X displays
Here are all of x11vnc command line options: Here are all of x11vnc command line options:
% x11vnc -opts (see below for -help long descriptions) % x11vnc -opts (see below for -help long descriptions)
x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-05-07 x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-05-10
x11vnc options: x11vnc options:
-display disp -auth file -N -display disp -auth file -N
@ -12158,7 +12158,7 @@ libvncserver-tight-extension options:
% x11vnc -help % x11vnc -help
x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-05-07 x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-05-10
(type "x11vnc -opts" to just list the options.) (type "x11vnc -opts" to just list the options.)
@ -13709,8 +13709,8 @@ e
If you set the env. var REQ_ARGS='...' it will be If you set the env. var REQ_ARGS='...' it will be
passed to openssl req(1). A common use would be passed to openssl req(1). A common use would be
REQ_ARGS='-days 730' to bump up the expiration date REQ_ARGS='-days 1095' to bump up the expiration date
(2 years in this case). (3 years in this case).
-sslEncKey [pem] Utility to encrypt an existing PEM file with a -sslEncKey [pem] Utility to encrypt an existing PEM file with a
passphrase you supply when prompted. For that key to be passphrase you supply when prompted. For that key to be

@ -1575,8 +1575,8 @@ void print_help(int mode) {
"\n" "\n"
" If you set the env. var REQ_ARGS='...' it will be\n" " If you set the env. var REQ_ARGS='...' it will be\n"
" passed to openssl req(1). A common use would be\n" " passed to openssl req(1). A common use would be\n"
" REQ_ARGS='-days 730' to bump up the expiration date\n" " REQ_ARGS='-days 1095' to bump up the expiration date\n"
" (2 years in this case).\n" " (3 years in this case).\n"
"\n" "\n"
"-sslEncKey [pem] Utility to encrypt an existing PEM file with a\n" "-sslEncKey [pem] Utility to encrypt an existing PEM file with a\n"
" passphrase you supply when prompted. For that key to be\n" " passphrase you supply when prompted. For that key to be\n"

@ -133,8 +133,6 @@ void selection_request(XEvent *ev, char *type) {
targets[0] = (Atom) xa_targets; targets[0] = (Atom) xa_targets;
targets[1] = (Atom) XA_STRING; targets[1] = (Atom) XA_STRING;
data = (unsigned char *)str;
ret = XChangeProperty(ev->xselectionrequest.display, ret = XChangeProperty(ev->xselectionrequest.display,
ev->xselectionrequest.requestor, ev->xselectionrequest.requestor,
ev->xselectionrequest.property, ev->xselectionrequest.property,

@ -2130,8 +2130,16 @@ if (db > 1) fprintf(stderr, "ssl_init: 4\n");
return 0; return 0;
} else if (rc < 0) { } else if (rc < 0) {
unsigned long err;
int cnt = 0;
rfbLog("SSL: ssl_helper[%d]: SSL_accept() *FATAL: %d\n", getpid(), rc); rfbLog("SSL: ssl_helper[%d]: SSL_accept() *FATAL: %d SSL FAILED\n", getpid(), rc);
while ((err = ERR_get_error()) != 0) {
rfbLog("SSL: %s\n", ERR_error_string(err, NULL));
if (cnt++ > 100) {
break;
}
}
return 0; return 0;
} else if (dnow() > start + 3.0) { } else if (dnow() > start + 3.0) {
@ -2174,9 +2182,18 @@ if (db > 1) fprintf(stderr, "ssl_init: 4\n");
} }
} else { } else {
rfbLog("SSL: ssl_helper[%d]: accepted client %s x509 cert is:\n", getpid(), name); rfbLog("SSL: ssl_helper[%d]: accepted client %s x509 cert is:\n", getpid(), name);
#if LIBVNCSERVER_HAVE_X509_PRINT_EX_FP
X509_print_ex_fp(stderr, x, 0, XN_FLAG_MULTILINE); X509_print_ex_fp(stderr, x, 0, XN_FLAG_MULTILINE);
#endif
if (cr != NULL) { if (cr != NULL) {
#if LIBVNCSERVER_HAVE_X509_PRINT_EX_FP
X509_print_ex_fp(cr, x, 0, XN_FLAG_MULTILINE); X509_print_ex_fp(cr, x, 0, XN_FLAG_MULTILINE);
#else
rfbLog("** not compiled with libssl X509_print_ex_fp() function **\n");
if (users_list && strstr(users_list, "sslpeer=")) {
rfbLog("** -users sslpeer= will not work! **\n");
}
#endif
fclose(cr); fclose(cr);
} }
} }

@ -76,7 +76,7 @@ char genCA[] =
"name_opt = ca_default # Subject Name options\n" "name_opt = ca_default # Subject Name options\n"
"cert_opt = ca_default # Certificate field options\n" "cert_opt = ca_default # Certificate field options\n"
"\n" "\n"
"default_days = 365 # how long to certify for\n" "default_days = 730 # how long to certify for\n"
"default_crl_days= 30 # how long before next CRL\n" "default_crl_days= 30 # how long before next CRL\n"
"default_md = md5 # which md to use.\n" "default_md = md5 # which md to use.\n"
"preserve = no # keep passed DN ordering\n" "preserve = no # keep passed DN ordering\n"
@ -333,6 +333,13 @@ char genCert[] =
" echo \"Creating new x11vnc certificate and key for name: $type $name0\"\n" " echo \"Creating new x11vnc certificate and key for name: $type $name0\"\n"
" echo \"\"\n" " echo \"\"\n"
"\n" "\n"
" req_args=$REQ_ARGS\n"
" if echo \"$req_args\" | grep 'days' > /dev/null; then\n"
" :\n"
" else\n"
" req_args=\"$req_args -days 730\"\n"
" fi\n"
"\n"
" cnf=\"$DIR/tmp/cnf.$$\"\n" " cnf=\"$DIR/tmp/cnf.$$\"\n"
" trap \"rm -f \\\"$cnf\\\"\" 0 1 2 15\n" " trap \"rm -f \\\"$cnf\\\"\" 0 1 2 15\n"
"\n" "\n"
@ -343,7 +350,7 @@ char genCert[] =
" direrror \"$DIR/CA/self.cnf.$type\"\n" " direrror \"$DIR/CA/self.cnf.$type\"\n"
" fi\n" " fi\n"
" cat \"$DIR/CA/self.cnf.$type\" | sed -e \"s/%NAME/$name0/\" > \"$cnf\" || exit 1\n" " cat \"$DIR/CA/self.cnf.$type\" | sed -e \"s/%NAME/$name0/\" > \"$cnf\" || exit 1\n"
" \"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 -x509 $REQ_ARGS \\\n" " \"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 -x509 $req_args \\\n"
" -keyout \"$DIR/$dest.key\" \\\n" " -keyout \"$DIR/$dest.key\" \\\n"
" -out \"$DIR/$dest.crt\"\n" " -out \"$DIR/$dest.crt\"\n"
" else\n" " else\n"
@ -351,7 +358,7 @@ char genCert[] =
" direrror \"$DIR/CA/ssl.cnf.$type\"\n" " direrror \"$DIR/CA/ssl.cnf.$type\"\n"
" fi\n" " fi\n"
" cat \"$DIR/CA/ssl.cnf.$type\" | sed -e \"s/%NAME/$name0/\" > \"$cnf\" || exit 1\n" " cat \"$DIR/CA/ssl.cnf.$type\" | sed -e \"s/%NAME/$name0/\" > \"$cnf\" || exit 1\n"
" \"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 $REQ_ARGS \\\n" " \"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 $req_args \\\n"
" -keyout \"$DIR/$dest.key\" \\\n" " -keyout \"$DIR/$dest.key\" \\\n"
" -out \"$DIR/$dest.req\"\n" " -out \"$DIR/$dest.req\"\n"
" fi\n" " fi\n"

@ -2,7 +2,7 @@
.TH X11VNC "1" "May 2008" "x11vnc " "User Commands" .TH X11VNC "1" "May 2008" "x11vnc " "User Commands"
.SH NAME .SH NAME
x11vnc - allow VNC connections to real X11 displays x11vnc - allow VNC connections to real X11 displays
version: 0.9.4, lastmod: 2008-05-07 version: 0.9.4, lastmod: 2008-05-10
.SH SYNOPSIS .SH SYNOPSIS
.B x11vnc .B x11vnc
[OPTION]... [OPTION]...
@ -1787,8 +1787,8 @@ If you set the env. var REQ_ARGS='...' it will be
passed to openssl passed to openssl
.IR req (1). .IR req (1).
A common use would be A common use would be
REQ_ARGS='-days 730' to bump up the expiration date REQ_ARGS='-days 1095' to bump up the expiration date
(2 years in this case). (3 years in this case).
.PP .PP
\fB-sslEncKey\fR \fI[pem]\fR \fB-sslEncKey\fR \fI[pem]\fR
.IP .IP

@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0; int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */ /* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.9.4 lastmod: 2008-05-07"; char lastmod[] = "0.9.4 lastmod: 2008-05-10";
/* X display info */ /* X display info */

Loading…
Cancel
Save