diff options
author | Yonit Halperin <yhalperi@redhat.com> | 2009-12-30 16:07:14 +0200 |
---|---|---|
committer | Yaniv Kamay <ykamay@redhat.com> | 2010-01-06 16:06:46 +0200 |
commit | e38a61900711169d66b1fa7e117b04d49106a1da (patch) | |
tree | 15765c0bb0bcf7b8133203340350c09902cec541 /client/application.cpp | |
parent | 54a8e5027093baa1c847b43f2fb08bea93e0ed67 (diff) | |
download | spice-e38a61900711169d66b1fa7e117b04d49106a1da.tar.gz spice-e38a61900711169d66b1fa7e117b04d49106a1da.tar.xz spice-e38a61900711169d66b1fa7e117b04d49106a1da.zip |
server,client: server authentication for secured channels. #527411 #549673.
3 available mechanisms: by public key, by host name, and by certificate subject name.
In the former method, chain of trust verification is not performed.
The CA certificate files are looked for under <spice-config-dir>/spice_truststore.pem
windows <spice-config-dir>=%APPDATA%\spicec\
linux <spice-config-dir>=$HOME/.spicec
Diffstat (limited to 'client/application.cpp')
-rw-r--r-- | client/application.cpp | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/client/application.cpp b/client/application.cpp index c253cccc..3566adba 100644 --- a/client/application.cpp +++ b/client/application.cpp @@ -49,6 +49,8 @@ #define STICKY_KEY_PIXMAP ALT_IMAGE_RES_ID #define STICKY_KEY_TIMEOUT 750 +#define CA_FILE_NAME "spice_truststore.pem" + #ifdef CAIRO_CANVAS_CACH_IS_SHARED mutex_t cairo_surface_user_data_mutex; #endif @@ -1596,6 +1598,11 @@ bool Application::process_cmd_line(int argc, char** argv) _peer_con_opt[RED_CHANNEL_PLAYBACK] = RedPeer::ConnectionOptions::CON_OP_INVALID; _peer_con_opt[RED_CHANNEL_RECORD] = RedPeer::ConnectionOptions::CON_OP_INVALID; + _host_auth_opt.type_flags = RedPeer::HostAuthOptions::HOST_AUTH_OP_NAME; + + Platform::get_spice_config_dir(_host_auth_opt.CA_file); + _host_auth_opt.CA_file += CA_FILE_NAME; + parser.begin(argc, argv); char* val; @@ -1614,12 +1621,11 @@ bool Application::process_cmd_line(int argc, char** argv) break; } case SPICE_OPT_SPORT: { - if ((port = str_to_port(val)) == -1) { + if ((sport = str_to_port(val)) == -1) { std::cout << "invalid secure port " << val << "\n"; _exit_code = SPICEC_ERROR_CODE_INVALID_ARG; return false; } - sport = port; break; } case SPICE_OPT_FULL_SCREEN: |