diff options
Diffstat (limited to 'main/xen/qemu-xen-tls-websockets.patch')
| -rw-r--r-- | main/xen/qemu-xen-tls-websockets.patch | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/main/xen/qemu-xen-tls-websockets.patch b/main/xen/qemu-xen-tls-websockets.patch new file mode 100644 index 0000000000..8175676f78 --- /dev/null +++ b/main/xen/qemu-xen-tls-websockets.patch @@ -0,0 +1,114 @@ +--- xen-4.2.2.orig/tools/qemu-xen/ui/vnc-ws.c ++++ xen-4.2.2/tools/qemu-xen/ui/vnc-ws.c +@@ -20,7 +20,7 @@ + + #include "vnc.h" + +-void vncws_handshake_read(void *opaque) ++static void vncws_handshake_read_impl(void *opaque) + { + VncState *vs = opaque; + uint8_t *handshake_end; +@@ -46,6 +46,78 @@ + } + } + ++#ifdef CONFIG_VNC_TLS ++static void vncws_tls_handshake_io(void *opaque); ++ ++int vncws_tls_handshake(struct VncState *vs) { ++ int ret; ++ ++ if ((ret = gnutls_handshake(vs->tls.session)) < 0) { ++ if (!gnutls_error_is_fatal(ret)) { ++ VNC_DEBUG("Handshake interrupted (blocking)\n"); ++ if (!gnutls_record_get_direction(vs->tls.session)) ++ qemu_set_fd_handler(vs->csock, vncws_tls_handshake_io, NULL, vs); ++ else ++ qemu_set_fd_handler(vs->csock, NULL, vncws_tls_handshake_io, vs); ++ return 0; ++ } ++ VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret)); ++ vnc_client_error(vs); ++ return -1; ++ } ++ ++ if (vs->vd->tls.x509verify) { ++ if (vnc_tls_validate_certificate(vs) < 0) { ++ VNC_DEBUG("Client verification failed\n"); ++ vnc_client_error(vs); ++ return -1; ++ } else { ++ VNC_DEBUG("Client verification passed\n"); ++ } ++ } ++ ++ VNC_DEBUG("Handshake done, switching to TLS data mode and waiting for HTTPS upgrade\n"); ++ vs->tls.wiremode = VNC_WIREMODE_TLS; ++ qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read_impl, NULL, vs); ++ ++ return 0; ++} ++ ++static void vncws_tls_handshake_io(void *opaque) { ++ struct VncState *vs = (struct VncState *)opaque; ++ ++ VNC_DEBUG("Handshake IO continues\n"); ++ vncws_tls_handshake(vs); ++} ++ ++#define NEED_X509_AUTH(vs) \ ++ ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \ ++ (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \ ++ (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN || \ ++ (vs)->subauth == VNC_AUTH_VENCRYPT_X509SASL) ++#endif ++ ++void vncws_handshake_read(void *opaque) ++{ ++ VncState *vs = opaque; ++ ++#ifdef CONFIG_VNC_TLS ++ if (!vs->vd->want_tls) ++ return vncws_handshake_read_impl(vs); ++ ++ if (vnc_tls_client_setup(vs, NEED_X509_AUTH(vs)) < 0) { ++ VNC_DEBUG("Failed to setup TLS\n"); ++ return 0; ++ } ++ ++ if (vncws_tls_handshake(vs) < 0) { ++ VNC_DEBUG("Failed to start TLS handshake\n"); ++ return 0; ++ } ++#else ++ vncws_handshake_read_impl(vs); ++#endif ++} + + long vnc_client_read_ws(VncState *vs) + { +--- xen-4.2.2.orig/tools/qemu-xen/ui/vnc.c ++++ xen-4.2.2/tools/qemu-xen/ui/vnc.c +@@ -2897,6 +2897,9 @@ + } else if (strncmp(options, "x509", 4) == 0) { + char *start, *end; + x509 = 1; /* Require x509 certificates */ ++#ifdef CONFIG_VNC_WS ++ vs->want_tls = true; ++#endif + if (strncmp(options, "x509verify", 10) == 0) + vs->tls.x509verify = 1; /* ...and verify client certs */ + +--- xen-4.2.2.orig/tools/qemu-xen/ui/vnc.h ++++ xen-4.2.2/tools/qemu-xen/ui/vnc.h +@@ -157,6 +157,9 @@ + bool lossy; + bool non_adaptive; + #ifdef CONFIG_VNC_TLS ++#ifdef CONFIG_VNC_WS ++ bool want_tls; ++#endif + int subauth; /* Used by VeNCrypt */ + VncDisplayTLS tls; + #endif |