From: Vic L. <ll...@16...> - 2009-12-22 00:42:19
|
Hi, Is this patch already ok for merging? Sorry this bug is kind of important to fix. Thanks, Vic On Mon, 2009-12-21 at 08:27 +0800, Vic Lee wrote: > Agreed, this is the standard of non-tls behavior, but there's no spec > anywhere saying the tls sub-authentication should follow the same > behavior... so the best thing is to assume it follows. Besides ssvnc, I > also checked the gtk-vnc implementation, and it appears that it does > follow the non-tls spec: > > 3099: static gboolean gvnc_perform_auth_tls(struct gvnc *gvnc) > ...... > 3152: switch (gvnc->auth_subtype) { > 3153: case GVNC_AUTH_NONE: > 3154: if (gvnc->minor == 8) > 3155: return gvnc_check_auth_result(gvnc); > 3156: return TRUE; > ...... > > And since gtk-vnc has the same developer as vino I think the patch > should be good even if Vino upgrade to 3.8 in the future. > > Thanks, > > Vic > > On Sun, 2009-12-20 at 18:11 -0500, Karl J. Runge wrote: > > I haven't checked in detail, but I think vino is obeying the 3.7 version > > of the protocol: > > > > 6.2 SECURITY TYPE > > 6.2.1 None > > No authentication is needed and protocol data is to be sent unencrypted. > > Version 3.8 onwards The protocol continues with the SecurityResult message. > > Version 3.3 and 3.7 The protocol passes to the initialisation phase (section 6.3). > > > > i.e. for None (aka NoAuth) 3.7 does the same as 3.3, i.e. just get going > > w/o the SecurityResult. > > > > Also, in my ssvnc viewer side project I don't see me doing anything > > special for the AnonTLS/vino case. > > > > So I suspect vino is doing the right thing for 3.7 and Vic's most recent > > patch is the right way to handle it, but like I say I didn't check this > > in detail and so would need to be verified more carefully. > > > > Karl > > > > > > PS: Academically, I suppose there is no strict reason why the > > security-type AnonTLS's *sub-type* "None" needs to match the RFB > > security-type "None" (besides being sensible). However, I think having > > them the same is their intention; but I never found a written spec for > > vino's AnonTLS besides the vino implementation itself... > > > > > > > ------------------------------------------------------------------------------ > This SF.Net email is sponsored by the Verizon Developer Community > Take advantage of Verizon's best-in-class app development support > A streamlined, 14 day to market process makes app distribution fast and easy > Join now and get one step closer to millions of Verizon customers > http://p.sf.net/sfu/verizon-dev2dev > _______________________________________________ > LibVNCServer-common mailing list > Lib...@li... > https://lists.sourceforge.net/lists/listinfo/libvncserver-common |