pxcloud/spice-common
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice-common synced 2025-12-28 08:01:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1450bb4ddb
spice-common/common
History
Christophe Fergeau fa640286f4 ssl: Don't try hostname check if cert subject check fails 
Currently, SSL verification of the peer certificate checks if
the certificate's subject CN or one of its subjectAltName match
the hostname. If this succeeds, then the verification succeeds.
Otherwise openssl_verify() checks the cert subject if this was set,
which means it checks the certificate's subject (not just its CN) matches
exactly the cert subject string that is set in SpiceSession.

Given that the cert subject is something the user specifies in addition
to the hostname, the cert subject check should have priority over the
hostname check, that is, when we have a cert subject set, the
success/failure of the cert subject cert should determine the
success/failure of openssl_verify(), and the hostname check
should only be carried out when no cert subject was set.

This fixes rhbz#871034
2013-10-11 10:21:54 +02:00
..
backtrace.c Use a log handler to modify abort() behaviour 2012-03-20 15:30:23 +01:00
backtrace.h common/backtrace: for mingw32 no pipe/wait_pid, just disable 2012-03-20 15:25:55 +01:00
bitops.h Remove INLINE usage 2013-10-04 12:45:00 +02:00
canvas_base.c canvas: use precomputed revers_bits 2013-09-12 13:49:25 +02:00
canvas_base.h Add support for A8 images to the LZ routines 2012-08-24 13:37:51 -04:00
canvas_utils.c Remove INLINE usage 2013-10-04 12:45:00 +02:00
canvas_utils.h Use SPICE_{BEGIN,END}_DECLS 2012-03-20 15:30:23 +01:00
client_demarshallers.h build-sys: make it a seperately buildable spice-common library 2012-03-22 20:21:05 +01:00
client_marshallers.h add stream report messages 2013-04-22 11:34:20 -04:00
draw.h Add support for A8 images to the LZ routines 2012-08-24 13:37:51 -04:00
gdi_canvas.c Fix invalid macro usage 2012-06-30 02:50:56 +02:00
gdi_canvas.h Remove need for SPICE_CANVAS_INTERNAL 2012-03-20 15:30:24 +01:00
gl_canvas.c gl: cope with positive stride in put_image() 2013-09-30 02:18:37 +02:00
gl_canvas.h build-sys: make it a seperately buildable spice-common library 2012-03-22 20:21:05 +01:00
gl_utils.h Use SPICE_{BEGIN,END}_DECLS 2012-03-20 15:30:23 +01:00
glc.c gl: use glCopyPixels() 2013-09-30 02:18:37 +02:00
glc.h Use SPICE_{BEGIN,END}_DECLS 2012-03-20 15:30:23 +01:00
lines.c Remove INLINE usage 2013-10-04 12:45:00 +02:00
lines.h build-sys: make it a seperately buildable spice-common library 2012-03-22 20:21:05 +01:00
log.c allow log.c to compile under MSVC++ 2012-04-18 16:54:33 +03:00
log.h common/log.h: add spice_info 2012-07-05 19:22:31 +03:00
lz_common.h Add compile-time check for lz arrays 2013-04-10 09:53:51 +02:00
lz_compress_tmpl.c Address a compilation warning due to missing typecast 2013-02-07 19:49:18 +01:00
lz_config.h common: use INLINE instead of inline 2012-03-20 15:25:53 +01:00
lz_decompress_tmpl.c Add support for A8 images to the LZ routines 2012-08-24 13:37:51 -04:00
lz.c Remove INLINE usage 2013-10-04 12:45:00 +02:00
lz.h Add printf format annotations to all '...' functions 2012-03-20 15:30:24 +01:00
macros.h Fix min gcc version for __attribute__(format) 2013-08-20 10:38:07 +02:00
Makefile.am Add compile-time check for lz arrays 2013-04-10 09:53:51 +02:00
marshaller.c fix void* arithmetic 2012-03-20 15:30:24 +01:00
marshaller.h Use SPICE_{BEGIN,END}_DECLS 2012-03-20 15:30:23 +01:00
mem.c Use a log handler to modify abort() behaviour 2012-03-20 15:30:23 +01:00
mem.h Use SPICE_{BEGIN,END}_DECLS 2012-03-20 15:30:23 +01:00
messages.h add SPICE_MSG_PLAYBACK_LATENCY 2013-04-22 11:34:49 -04:00
mutex.h Use SPICE_{BEGIN,END}_DECLS 2012-03-20 15:30:23 +01:00
ogl_ctx.c Use a log handler to modify abort() behaviour 2012-03-20 15:30:23 +01:00
ogl_ctx.h Use SPICE_{BEGIN,END}_DECLS 2012-03-20 15:30:23 +01:00
pixman_utils.c Remove INLINE usage 2013-10-04 12:45:00 +02:00
pixman_utils.h Use SPICE_{BEGIN,END}_DECLS 2012-03-20 15:30:23 +01:00
quic_config.h Use SPICE_{BEGIN,END}_DECLS 2012-03-20 15:30:23 +01:00
quic_family_tmpl.c quic: precompute golomb codes 2013-09-12 13:49:25 +02:00
quic_rgb_tmpl.c quic: compile with constant bpp 2013-09-12 13:49:25 +02:00
quic_tmpl.c Remove INLINE usage 2013-10-04 12:45:00 +02:00
quic.c Remove INLINE usage 2013-10-04 12:45:00 +02:00
quic.h Add printf format annotations to all '...' functions 2012-03-20 15:30:24 +01:00
rect.h Remove INLINE usage 2013-10-04 12:45:00 +02:00
region.c region.c: fix region_bounds_intersects 2013-04-02 08:45:42 -04:00
region.h region: add region_extents 2012-05-02 14:47:27 +03:00
ring.h Use SPICE_{BEGIN,END}_DECLS 2012-03-20 15:30:23 +01:00
rop3.c Use a log handler to modify abort() behaviour 2012-03-20 15:30:23 +01:00
rop3.h Use SPICE_{BEGIN,END}_DECLS 2012-03-20 15:30:23 +01:00
spice_common.h Use a log handler to modify abort() behaviour 2012-03-20 15:30:23 +01:00
ssl_verify.c ssl: Don't try hostname check if cert subject check fails 2013-10-11 10:21:54 +02:00
ssl_verify.h Use SPICE_{BEGIN,END}_DECLS 2012-03-20 15:30:23 +01:00
sw_canvas.c Add support for A8 images to the LZ routines 2012-08-24 13:37:51 -04:00
sw_canvas.h Remove need for SPICE_CANVAS_INTERNAL 2012-03-20 15:30:24 +01:00
verify.h Add compile-time check for lz arrays 2013-04-10 09:53:51 +02:00