From 06a401f8f81b1fcf94bce6c99e4823d6e697881c Mon Sep 17 00:00:00 2001 From: runge Date: Tue, 13 Jun 2006 02:35:28 +0000 Subject: x11vnc: -display WAIT:cmd=FINDDISPLAY, HTTPONCE, -http_ssl option, Java fixes. --- classes/ssl/SignedVncViewer.jar | Bin 75021 -> 76058 bytes classes/ssl/VncViewer.jar | Bin 72295 -> 73328 bytes .../tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch | 118 +++++++++++++++++---- 3 files changed, 95 insertions(+), 23 deletions(-) (limited to 'classes/ssl') diff --git a/classes/ssl/SignedVncViewer.jar b/classes/ssl/SignedVncViewer.jar index 292e163..7d54bfb 100644 Binary files a/classes/ssl/SignedVncViewer.jar and b/classes/ssl/SignedVncViewer.jar differ diff --git a/classes/ssl/VncViewer.jar b/classes/ssl/VncViewer.jar index fa7d8fa..05be367 100644 Binary files a/classes/ssl/VncViewer.jar and b/classes/ssl/VncViewer.jar differ diff --git a/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch b/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch index e579a57..2229166 100644 --- a/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch +++ b/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch @@ -73,8 +73,8 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/RfbProto.java vnc_javasrc/RfbProto serverMajor = (b[4] - '0') * 100 + (b[5] - '0') * 10 + (b[6] - '0'); diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSLSocketToMe.java --- vnc_javasrc.orig/SSLSocketToMe.java 1969-12-31 19:00:00.000000000 -0500 -+++ vnc_javasrc/SSLSocketToMe.java 2006-04-16 11:21:30.000000000 -0400 -@@ -0,0 +1,1204 @@ ++++ vnc_javasrc/SSLSocketToMe.java 2006-06-12 00:00:28.000000000 -0400 +@@ -0,0 +1,1276 @@ +/* + * SSLSocketToMe.java: add SSL encryption to Java VNC Viewer. + * @@ -212,8 +212,19 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL + "No Trust url Certs."); + } + if (trusturlCerts.length > 1) { -+ throw new CertificateException( -+ "Too many Trust url Certs."); ++ int i; ++ boolean ok = true; ++ for (i = 0; i < trusturlCerts.length - 1; i++) { ++ if (! trusturlCerts[i].equals(trusturlCerts[i+1])) { ++ ok = false; ++ } ++ } ++ if (! ok) { ++ throw new CertificateException( ++ "Too many Trust url Certs: " ++ + trusturlCerts.length ++ ); ++ } + } + if (certs == null) { + throw new CertificateException( @@ -224,8 +235,19 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL + "No this-certs Certs."); + } + if (certs.length > 1) { -+ throw new CertificateException( -+ "Too many this-certs."); ++ int i; ++ boolean ok = true; ++ for (i = 0; i < certs.length - 1; i++) { ++ if (! certs[i].equals(certs[i+1])) { ++ ok = false; ++ } ++ } ++ if (! ok) { ++ throw new CertificateException( ++ "Too many this-certs: " ++ + certs.length ++ ); ++ } + } + if (! trusturlCerts[0].equals(certs[0])) { + throw new CertificateException( @@ -262,8 +284,19 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL + "No Trust All Server Certs."); + } + if (trustallCerts.length > 1) { -+ throw new CertificateException( -+ "Too many Trust All Server Certs."); ++ int i; ++ boolean ok = true; ++ for (i = 0; i < trustallCerts.length - 1; i++) { ++ if (! trustallCerts[i].equals(trustallCerts[i+1])) { ++ ok = false; ++ } ++ } ++ if (! ok) { ++ throw new CertificateException( ++ "Too many Trust All Server Certs: " ++ + trustallCerts.length ++ ); ++ } + } + if (certs == null) { + throw new CertificateException( @@ -274,8 +307,19 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL + "No this-certs Certs."); + } + if (certs.length > 1) { -+ throw new CertificateException( -+ "Too many this-certs."); ++ int i; ++ boolean ok = true; ++ for (i = 0; i < certs.length - 1; i++) { ++ if (! certs[i].equals(certs[i+1])) { ++ ok = false; ++ } ++ } ++ if (! ok) { ++ throw new CertificateException( ++ "Too many this-certs: " ++ + certs.length ++ ); ++ } + } + if (! trustallCerts[0].equals(certs[0])) { + throw new CertificateException( @@ -920,17 +964,26 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL ++ "\n" ++ "This may be due to:\n" ++ "\n" +++ " - Your requesting to View the Certificate before accepting.\n" +++ "\n" ++ " - The VNC server using a Self-Signed Certificate.\n" ++ "\n" ++ " - The VNC server using a Certificate Authority not recognized by your\n" -++ " Java applet runtime.\n" +++ " Browser or Java Plugin runtime.\n" +++ "\n" +++ " - The use of an Apache SSL portal employing CONNECT proxying and the\n" +++ " Apache web server has a certificate different from the VNC server's. \n" ++ "\n" ++ " - A Man-In-The-Middle attack impersonating as the VNC server you wish\n" -++ " to connect to.\n" +++ " to connect to. (Wouldn't that be exciting!!)\n" ++ "\n" -++ "By copying the VNC server's Certificate (or using a common Certificate\n" -++ "Authority certificate) you can configure your Java applet runtime to\n" -++ "automatically authenticate the Server.\n" +++ "By safely copying the VNC server's Certificate (or using a common\n" +++ "Certificate Authority certificate) you can configure your Web Browser or\n" +++ "Java Plugin to automatically authenticate this Server.\n" +++ "\n" +++ "If you do so, then you will only have to click \"Yes\" when this VNC\n" +++ "Viewer applet asks you whether to trust your Browser/Java Plugin's\n" +++ "acceptance of the certificate. (except for the Apache portal case above.)\n" +; + + /* the accept / do-not-accept radio buttons: */ @@ -966,7 +1019,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL + label.setFont(new Font("Helvetica", Font.BOLD, 16)); + + /* textarea in the middle */ -+ textarea = new TextArea(text, 28, 64, ++ textarea = new TextArea(text, 36, 64, + TextArea.SCROLLBARS_VERTICAL_ONLY); + textarea.setEditable(false); + @@ -1188,13 +1241,32 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL + + dialog = new Dialog(frame, true); + -+ String m = "\nShould this VNC Viewer applet use your Browser/JVM certs to\n"; -+ m += "authenticate the VNC Server:\n"; -+ m += "\n " + hostport + "\n\n " + vncServer + "\n\n"; -+ m += "(NOTE: this *includes* any certs you have Just Now accepted in a\n"; -+ m += "dialog box with your Web Browser or Java Applet Plugin)\n\n"; -+ -+ TextArea textarea = new TextArea(m, 12, 64, ++ String m = ""; ++m += "\n"; ++m += "This VNC Viewer applet does not have its own keystore to track\n"; ++m += "SSL certificates, and so cannot authenticate the certificate\n"; ++m += "of the VNC Server:\n"; ++m += "\n"; ++m += " " + hostport + "\n\n " + vncServer + "\n"; ++m += "\n"; ++m += "on its own.\n"; ++m += "\n"; ++m += "However, it has noticed that your Web Browser or Java VM Plugin\n"; ++m += "has previously accepted the same certificate. You may have set\n"; ++m += "this up permanently or just for this session, or the server\n"; ++m += "certificate was signed by a CA cert that your Web Browser or\n"; ++m += "Java VM Plugin has.\n"; ++m += "\n"; ++m += "Should this VNC Viewer applet now connect to the above VNC server?\n"; ++m += "\n"; ++ ++// String m = "\nShould this VNC Viewer applet use your Browser/JVM certs to\n"; ++// m += "authenticate the VNC Server:\n"; ++// m += "\n " + hostport + "\n\n " + vncServer + "\n\n"; ++// m += "(NOTE: this *includes* any certs you have Just Now accepted in a\n"; ++// m += "dialog box with your Web Browser or Java Applet Plugin)\n\n"; ++ ++ TextArea textarea = new TextArea(m, 20, 64, + TextArea.SCROLLBARS_VERTICAL_ONLY); + textarea.setEditable(false); + yes = new Button("Yes"); -- cgit v1.2.1