Add better error message for insecure certificate algorithms
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 8a053e3..58423fb 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -332,6 +332,9 @@
if (status & GNUTLS_CERT_SIGNER_NOT_CA)
vlog.debug("server cert signer not CA");
+ if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
+ throw AuthFailureException("The server certificate uses an insecure algorithm");
+
if ((status & (~allowed_errors)) != 0) {
/* No other errors are allowed */
vlog.debug("GNUTLS status of certificate verification: %u", status);