From 97540de56ca8a975ed31d86879d0e5c4cf169173 Mon Sep 17 00:00:00 2001 From: runge Date: Sun, 21 Mar 2010 00:05:51 -0400 Subject: classes/ssl: Many improvements to Java SSL applet, onetimekey serverCert param, debugging printout, user dialogs, catch socket exceptions, autodetect x11vnc for GET=1. x11vnc: misc/scripts: desktop.cgi, inet6to4, panner.pl. X11VNC_HTTPS_DOWNLOAD_WAIT_TIME, -unixpw %xxx documented, and can run user cmd in UNIXPW_CMD. FD_XDMCP_IF for create script, autodetect dm on udp6 only. Queries: pointer_x, pointer_y, pointer_same, pointer_root. Switch on -xkd if keysyms per key > 4 in all cases. daemon mode improvements for connect_switch, inet6to4, ultravnc_repeater.pl. Dynamic change of -clip do not create new fb if WxH is unchanged. --- classes/ssl/README | 67 ++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 50 insertions(+), 17 deletions(-) (limited to 'classes/ssl/README') diff --git a/classes/ssl/README b/classes/ssl/README index 0767ce9..b244cf1 100644 --- a/classes/ssl/README +++ b/classes/ssl/README @@ -137,6 +137,15 @@ Both TightVNC and UltraVNC Java viewers: number, default: 50 Milliseconds delay + PASSWORD + string, default: none + VNC session password in plain text. + + ENCPASSWORD + string, default: none + VNC session password in encrypted in DES with KNOWN FIXED + key. It is a hex string. This is like the ~/.vnc/passwd format. + The following are added by x11vnc and/or ssvnc project @@ -173,16 +182,47 @@ Both TightVNC and UltraVNC Java viewers: oneTimeKey string, default: none - set a special hex "key" to correspond to an SSL X.509 cert. - See the 'onetimekey' helper script. Can also be PROMPT to - prompt the user to paste the hex key string in. + set a special hex "key" to correspond to an SSL X.509 cert+key. + See the 'onetimekey' helper script. Can also be PROMPT to prompt + the user to paste the hex key string in. + + This provides a Client-Side cert+key that the client will use to + authenticate itself by SSL To the VNC Server. + + This is to try to work around the problem that the Java applet + cannot keep an SSL keystore on disk, etc. E.g. if they log + into an HTTPS website via password they are authenticated and + encrypted, then the website can safely put oneTimeKey=... on the + URL. The Vncviewer authenticates the VNC server with this key. + + Note that there is currently a problem in that if x11vnc requires + Client Certificates the user cannot download the index.vnc HTML + and VncViewer.jar from the same x11vnc. Those need to come from + a different x11vnc or from a web server. + + Note that the HTTPS website can also put the VNC Password + (e.g. a temporary/one-time one) in the parameter PASSWORD. + The Java Applet will automatically supply this VNC password + instead of prompting. + + serverCert + string, default: none + set a special hex "cert" to correspond to an SSL X.509 cert + See the 'onetimekey -certonly' helper script. - This is to try to work around the problem that the Java - applet cannot keep an SSL keystore on disk, etc. - E.g. if they log into an HTTPS website via password they - are authenticated and encrypted, then the website can - safely put oneTimeKey=... on the URL. The Vncviewer - authenticates the VNC server with this key. + This provides a Server-Side cert that the client will authenticate + the VNC Server against by SSL. + + This is to try to work around the problem that the Java applet + cannot keep an SSL keystore on disk, etc. E.g. if they log + into an HTTPS website via password they are authenticated and + encrypted, then the website can safely put serverCert=... on the + URL. + + Of course the VNC Server is sending this string to the Java + Applet, so this is only reasonable security if the VNC Viewer + already trusts the HTTPS retrieval of the URL + serverCert param + that it gets. This should be done over HTTPS not HTTP. proxyHost string, default: none @@ -238,15 +278,8 @@ TightVNC Java viewer only: UltraVNC Java viewer only: - PASSWORD - string, default: none - VNC session password in plain text. + None. - ENCPASSWORD - string, default: none - VNC session password in encrypted in DES with KNOWN FIXED - key. It is a hex string. This is like the ~/.vnc/passwd format. - The following are added by x11vnc and/or ssvnc project ftpDropDown -- cgit v1.2.3