commit 06c1199c0a68cfb48fdb19ae337450de64900e8c
author Pierre Ossman <ossman@cendio.se> Fri Sep 21 15:34:47 2018 +0200
committer Pierre Ossman <ossman@cendio.se> Fri Sep 21 15:59:46 2018 +0200
tree 1ff085cae1a5bb92e0ab2f3ab77a41189274adb2
parent 1b7463478e30c6855ea62db1f5647630f0acd24b

Restore original streams when terminating TLS

In theory we could return to communicate without TLS after a
shutdown. It also makes sure the connection object isn't left
completely without streams.

common/rfb/CSecurityTLS.cxx

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 7ca01d5..e1a31f7 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -69,7 +69,7 @@
 
 CSecurityTLS::CSecurityTLS(CConnection* cc, bool _anon)
   : CSecurity(cc), session(NULL), anon_cred(NULL), cert_cred(NULL),
-    anon(_anon), tlsis(NULL), tlsos(NULL)
+    anon(_anon), tlsis(NULL), tlsos(NULL), rawis(NULL), rawos(NULL)
 {
   cafile = X509CA.getData();
   crlfile = X509CRL.getData();
@@ -116,6 +116,12 @@
     cert_cred = 0;
   }
 
+  if (rawis && rawos) {
+    cc->setStreams(rawis, rawos);
+    rawis = NULL;
+    rawos = NULL;
+  }
+
   if (tlsis) {
     delete tlsis;
     tlsis = NULL;
@@ -174,6 +180,9 @@
     // for GnuTLS
     tlsis = new rdr::TLSInStream(is, session);
     tlsos = new rdr::TLSOutStream(os, session);
+
+    rawis = is;
+    rawos = os;
   }
 
   int err;

common/rfb/CSecurityTLS.h

diff --git a/common/rfb/CSecurityTLS.h b/common/rfb/CSecurityTLS.h
index 0d5f899..4932c07 100644
--- a/common/rfb/CSecurityTLS.h
+++ b/common/rfb/CSecurityTLS.h
@@ -72,6 +72,9 @@
 
     rdr::InStream* tlsis;
     rdr::OutStream* tlsos;
+
+    rdr::InStream* rawis;
+    rdr::OutStream* rawos;
   };
 }
 

common/rfb/SSecurityTLS.cxx

diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index bf77b9b..49532f5 100644
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -51,7 +51,8 @@
 
 SSecurityTLS::SSecurityTLS(SConnection* sc, bool _anon)
   : SSecurity(sc), session(NULL), dh_params(NULL), anon_cred(NULL),
-    cert_cred(NULL), anon(_anon), tlsis(NULL), tlsos(NULL)
+    cert_cred(NULL), anon(_anon), tlsis(NULL), tlsos(NULL),
+    rawis(NULL), rawos(NULL)
 {
   certfile = X509_CertFile.getData();
   keyfile = X509_KeyFile.getData();
@@ -84,6 +85,12 @@
     cert_cred = 0;
   }
 
+  if (rawis && rawos) {
+    sc->setStreams(rawis, rawos);
+    rawis = NULL;
+    rawos = NULL;
+  }
+
   if (tlsis) {
     delete tlsis;
     tlsis = NULL;
@@ -139,6 +146,9 @@
     // for GnuTLS
     tlsis = new rdr::TLSInStream(is, session);
     tlsos = new rdr::TLSOutStream(os, session);
+
+    rawis = is;
+    rawos = os;
   }
 
   int err;

common/rfb/SSecurityTLS.h

diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h
index 6d32e3b..6f71182 100644
--- a/common/rfb/SSecurityTLS.h
+++ b/common/rfb/SSecurityTLS.h
@@ -65,6 +65,9 @@
 
     rdr::InStream* tlsis;
     rdr::OutStream* tlsos;
+
+    rdr::InStream* rawis;
+    rdr::OutStream* rawos;
   };
 
 }