ui: enforce TLS when using websockets server

When TLS is required, the primary VNC server considers it to be mandatory. ie the server admin decides whether or not TLS is used, and the client has to comply with this decision. The websockets server, however, treated it as optional, allowing non-TLS clients to connect to a server which had setup TLS. Thus enabling websockets lowers the security of the VNC server leaving the admin no way to enforce use of TLS. This removes the code that allows non-TLS fallback in the websockets server, so that if TLS is requested for VNC it is now mandatory for both the primary VNC server and the websockets VNC server. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
author: Daniel P. Berrange <berrange@redhat.com> 2015-03-17 13:42:58 +0000
committer: Gerd Hoffmann <kraxel@redhat.com> 2015-03-18 09:25:13 +0100
commit: 51941e4695c6f6c1f786bacef7e8c3a477570e04 (patch)
tree: 2daa1177dcca1bb92c607f06f835b9bd136c14ed /ui/vnc-ws.h
parent: f9148c8ae7b1515776699387b4d59864f302c77d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ui/vnc-ws.h b/ui/vnc-ws.h
index 95c1b0aeae..ef229b7c0c 100644
--- a/ui/vnc-ws.h
+++ b/ui/vnc-ws.h
@@ -75,7 +75,7 @@ enum {
 };
 
 #ifdef CONFIG_VNC_TLS
-void vncws_tls_handshake_peek(void *opaque);
+void vncws_tls_handshake_io(void *opaque);
 #endif /* CONFIG_VNC_TLS */
 void vncws_handshake_read(void *opaque);
 long vnc_client_write_ws(VncState *vs);
author	Daniel P. Berrange <berrange@redhat.com>	2015-03-17 13:42:58 +0000
committer	Gerd Hoffmann <kraxel@redhat.com>	2015-03-18 09:25:13 +0100
commit	51941e4695c6f6c1f786bacef7e8c3a477570e04 (patch)
tree	2daa1177dcca1bb92c607f06f835b9bd136c14ed /ui/vnc-ws.h
parent	f9148c8ae7b1515776699387b4d59864f302c77d (diff)