pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2025-12-27 15:45:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Introduce reds_stream_is_ssl()

Browse Source
This commit is contained in:
Christophe Fergeau 2014-01-06 22:37:45 +01:00
parent 1f7123298f
commit 30fecf87f8
4 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/inputs_channel.c
View File

@ -551,7 +551,7 @@ static void inputs_connect(RedChannel *channel, RedClient *client,
spice_assert(g_inputs_channel);
spice_assert(channel == &g_inputs_channel->base);
if (!stream->ssl && !red_client_during_migrate_at_target(client)) {
if (!reds_stream_is_ssl(stream) && !red_client_during_migrate_at_target(client)) {
main_channel_client_push_notify(red_client_get_main(client),
"keyboard channel is insecure");
}

10
server/reds.c
View File

@ -1412,9 +1412,9 @@ static void reds_info_new_channel(RedLinkInfo *link, int connection_id)
spice_info("channel %d:%d, connected successfully, over %s link",
link->link_mess->channel_type,
link->link_mess->channel_id,
link->stream->ssl == NULL ? "Non Secure" : "Secure");
reds_stream_is_ssl(link->stream) ? "Secure" : "Non Secure");
/* add info + send event */
if (link->stream->ssl) {
if (reds_stream_is_ssl(link->stream)) {
link->stream->info->flags |= SPICE_CHANNEL_EVENT_FLAG_TLS;
}
link->stream->info->connection_id = connection_id;
@ -2033,8 +2033,8 @@ static int reds_security_check(RedLinkInfo *link)
{
ChannelSecurityOptions *security_option = find_channel_security(link->link_mess->channel_type);
uint32_t security = security_option ? security_option->options : default_channel_security;
return (link->stream->ssl && (security & SPICE_CHANNEL_SECURITY_SSL)) ||
(!link->stream->ssl && (security & SPICE_CHANNEL_SECURITY_NONE));
return (reds_stream_is_ssl(link->stream) && (security & SPICE_CHANNEL_SECURITY_SSL)) ||
(!reds_stream_is_ssl(link->stream) && (security & SPICE_CHANNEL_SECURITY_NONE));
}
static void reds_handle_read_link_done(void *opaque)
@ -2058,7 +2058,7 @@ static void reds_handle_read_link_done(void *opaque)
SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION);
if (!reds_security_check(link)) {
if (link->stream->ssl) {
if (reds_stream_is_ssl(link->stream)) {
spice_warning("spice channels %d should not be encrypted", link_mess->channel_type);
reds_send_link_error(link, SPICE_LINK_ERR_NEED_UNSECURED);
} else {

5
server/reds_stream.c
View File

@ -255,6 +255,11 @@ RedsStream *reds_stream_new(int socket)
return stream;
}
bool reds_stream_is_ssl(RedsStream *stream)
{
return (stream->ssl != NULL);
}
void reds_stream_disable_writev(RedsStream *stream)
{
stream->writev = NULL;

1
server/reds_stream.h
View File

@ -125,6 +125,7 @@ void reds_stream_free(RedsStream *s);
void reds_stream_push_channel_event(RedsStream *s, int event);
void reds_stream_remove_watch(RedsStream* s);
RedsStream *reds_stream_new(int socket);
bool reds_stream_is_ssl(RedsStream *stream);
RedsStreamSslStatus reds_stream_ssl_accept(RedsStream *stream);
int reds_stream_enable_ssl(RedsStream *stream, SSL_CTX *ctx);