Message ID | 1426599780-3264-9-git-send-email-berrange@redhat.com |
---|---|
State | New |
Headers | show |
diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c index 5f9fcc4..85dbb7e 100644 --- a/ui/vnc-ws.c +++ b/ui/vnc-ws.c @@ -45,6 +45,16 @@ static int vncws_start_tls_handshake(struct VncState *vs) return -1; } + if (vs->vd->tls.x509verify) { + if (vnc_tls_validate_certificate(vs) < 0) { + VNC_DEBUG("Client verification failed\n"); + vnc_client_error(vs); + return -1; + } else { + VNC_DEBUG("Client verification passed\n"); + } + } + VNC_DEBUG("Handshake done, switching to TLS data mode\n"); qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs);
If the x509verify option is requested, the VNC websockets server was failing to validate that the websockets client provided an x509 certificate matching the ACL rules. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- ui/vnc-ws.c | 10 ++++++++++ 1 file changed, 10 insertions(+)