ui: ensure VNC websockets server checks the ACL if requested
If the x509verify option is requested, the VNC websockets server was failing to validate that the websockets client provided an x509 certificate matching the ACL rules. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This commit is contained in:
parent
7b45a00d05
commit
4a48aaa9f5
10
ui/vnc-ws.c
10
ui/vnc-ws.c
@ -45,6 +45,16 @@ static int vncws_start_tls_handshake(struct VncState *vs)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (vs->vd->tls.x509verify) {
|
||||||
|
if (vnc_tls_validate_certificate(vs) < 0) {
|
||||||
|
VNC_DEBUG("Client verification failed\n");
|
||||||
|
vnc_client_error(vs);
|
||||||
|
return -1;
|
||||||
|
} else {
|
||||||
|
VNC_DEBUG("Client verification passed\n");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
VNC_DEBUG("Handshake done, switching to TLS data mode\n");
|
VNC_DEBUG("Handshake done, switching to TLS data mode\n");
|
||||||
qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs);
|
qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user