Move gnutls functions into SSecurityTLS
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index b946022..92ff4b8 100644
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -207,9 +207,16 @@
gnutls_certificate_set_dh_params(cert_cred, dh_params);
- if (gnutls_certificate_set_x509_key_file(cert_cred, certfile, keyfile,
- GNUTLS_X509_FMT_PEM) != GNUTLS_E_SUCCESS)
- throw AuthFailureException("load of key failed");
+ switch (gnutls_certificate_set_x509_key_file(cert_cred, certfile, keyfile, GNUTLS_X509_FMT_PEM)) {
+ case GNUTLS_E_SUCCESS:
+ break;
+ case GNUTLS_E_CERTIFICATE_KEY_MISMATCH:
+ throw AuthFailureException("Private key does not match certificate");
+ case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:
+ throw AuthFailureException("Unsupported certificate type");
+ default:
+ throw AuthFailureException("Error loading X509 certificate or key");
+ }
if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred)
!= GNUTLS_E_SUCCESS)
diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h
index 30242a2..dafc997 100644
--- a/common/rfb/SSecurityTLS.h
+++ b/common/rfb/SSecurityTLS.h
@@ -35,6 +35,7 @@
#include <rdr/InStream.h>
#include <rdr/OutStream.h>
#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
namespace rfb {
diff --git a/win/vncconfig/Authentication.h b/win/vncconfig/Authentication.h
index 2967444..8297114 100644
--- a/win/vncconfig/Authentication.h
+++ b/win/vncconfig/Authentication.h
@@ -21,13 +21,6 @@
#include <windows.h>
#include <commctrl.h>
-#ifdef HAVE_GNUTLS
-#include <assert.h>
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
-#define CHECK(x) assert((x)>=0)
-#endif
-
#include <vncconfig/PasswordDialog.h>
#include <rfb_win32/Registry.h>
#include <rfb_win32/SecurityPage.h>
@@ -98,32 +91,8 @@
#ifdef HAVE_GNUTLS
if (isItemChecked(IDC_ENC_X509)) {
- gnutls_certificate_credentials_t xcred;
- CHECK(gnutls_global_init());
- CHECK(gnutls_certificate_allocate_credentials(&xcred));
- int ret = gnutls_certificate_set_x509_key_file (xcred,
- regKey.getString("X509Cert"),
- regKey.getString("X509Key"),
- GNUTLS_X509_FMT_PEM);
- if (ret >= 0) {
- SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Cert"));
- SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Key"));
- } else {
- if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) {
- MsgBox(0, _T("Private key does not match certificate.\n")
- _T("X.509 security types will not be enabled!"),
- MB_ICONWARNING | MB_OK);
- } else if (ret == GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE) {
- MsgBox(0, _T("Unsupported certificate type.\n")
- _T("X.509 security types will not be enabled!"),
- MB_ICONWARNING | MB_OK);
- } else {
- MsgBox(0, _T("Unknown error while importing X.509 certificate or private key.\n")
- _T("X.509 security types will not be enabled!"),
- MB_ICONWARNING | MB_OK);
- }
- }
- gnutls_global_deinit();
+ SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Cert"));
+ SSecurityTLS::X509_CertFile.setParam(regKey.getString("X509Key"));
}
#endif