From 3eae1c80d97ce6d1e0eee69f7454973abdb94ef6 Mon Sep 17 00:00:00 2001 From: Yonit Halperin Date: Sun, 10 Jan 2010 09:48:38 +0200 Subject: server,client: server authentication for secured channels. 3 available mechanisms: by public key, by host name, and by certificate subject name. In the former method, chain of trust verification is not performed. The CA certificate files are looked for under /spice_truststore.pem windows =%APPDATA%\spicec\ linux =$HOME/.spicec/ --- client/application.cpp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'client/application.cpp') diff --git a/client/application.cpp b/client/application.cpp index ac5877c4..d4fe59f6 100644 --- a/client/application.cpp +++ b/client/application.cpp @@ -51,6 +51,8 @@ #define STICKY_KEY_PIXMAP ALT_IMAGE_RES_ID #define STICKY_KEY_TIMEOUT 750 +#define CA_FILE_NAME "spice_truststore.pem" + #ifdef CAIRO_CANVAS_CACH_IS_SHARED mutex_t cairo_surface_user_data_mutex; #endif @@ -1818,6 +1820,11 @@ bool Application::process_cmd_line(int argc, char** argv) _peer_con_opt[i] = RedPeer::ConnectionOptions::CON_OP_INVALID; } + _host_auth_opt.type_flags = RedPeer::HostAuthOptions::HOST_AUTH_OP_NAME; + + Platform::get_spice_config_dir(_host_auth_opt.CA_file); + _host_auth_opt.CA_file += CA_FILE_NAME; + parser.begin(argc, argv); char* val; @@ -1836,12 +1843,11 @@ bool Application::process_cmd_line(int argc, char** argv) break; } case SPICE_OPT_SPORT: { - if ((port = str_to_port(val)) == -1) { + if ((sport = str_to_port(val)) == -1) { std::cout << "invalid secure port " << val << "\n"; _exit_code = SPICEC_ERROR_CODE_INVALID_ARG; return false; } - sport = port; break; } case SPICE_OPT_FULL_SCREEN: -- cgit