}
#endif
-#define DH_BITS 1024
+#define DH_BITS 2048
static gnutls_dh_params_t dh_params;
typedef struct {
return NULL;
}
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+ gnutls_anon_set_server_known_dh_params(anon_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
gnutls_anon_set_server_dh_params(anon_cred, dh_params);
+#endif
return anon_cred;
}
gnutls_certificate_free_credentials(x509_cred);
return NULL;
}
-
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+ /* only available since GnuTLS 3.5.6, on previous versions see
+ * gnutls_certificate_set_dh_params(). */
+ gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
gnutls_certificate_set_dh_params (x509_cred, dh_params);
+#endif
return x509_cred;
}
if (!strcmp (argv[i], "-timeout")) {
CHECK_ARGC (argc, argv, i);
idle_timeout = atoi(argv[i+1]);
- rfbPurgeArguments(&argc, &i, 2, argv);
- }
- if (!strcmp (argv[i], "-authpath")) {
+ rfbPurgeArguments(&argc, &i, 2, argv); i--;
+ } else if (!strcmp (argv[i], "-authpath")) {
CHECK_ARGC (argc, argv, i);
auth_path = argv[i+1];
- rfbPurgeArguments(&argc, &i, 2, argv);
- }
- if (!strcmp (argv[i], "-perm")) {
+ rfbPurgeArguments(&argc, &i, 2, argv); i--;
+ } else if (!strcmp (argv[i], "-perm")) {
CHECK_ARGC (argc, argv, i);
auth_perm = argv[i+1];
- rfbPurgeArguments(&argc, &i, 2, argv);
- }
- if (!strcmp (argv[i], "-notls")) {
- rfbPurgeArguments(&argc, &i, 1, argv);
+ rfbPurgeArguments(&argc, &i, 2, argv); i--;
+ } else if (!strcmp (argv[i], "-notls")) {
+ rfbPurgeArguments(&argc, &i, 1, argv); i--;
if ((vncticket = getenv("PVE_VNC_TICKET")) == NULL) {
- fprintf(stderr, "missing env PVE_VNC_TICKET (-notls)\n");
+ fprintf(stderr, "missing env PVE_VNC_TICKET (-notls)\n");
exit(-1);
}
}
}
+ unsetenv("PVE_VNC_TICKET"); // do not expose this to child
+
#ifdef DEBUG
rfbLogEnable (1);
gnutls_global_set_log_level(10);
projects / vncterm.git / blobdiff