Add better error message for insecure certificate algorithms

commit: e43e5e30517498ec070b568a7d91edb942779d63 [log] [tgz]
author: Pierre Ossman <ossman@cendio.se> Fri Sep 01 11:15:31 2017 +0200
committer: Pierre Ossman <ossman@cendio.se> Fri Sep 01 11:15:31 2017 +0200
tree: 046f2ab90b19eabd0488f2b831f52a0815065206
parent: daf3d88aa1b554c5d6d41116c51517d30cb7c4b7 [diff] [blame]
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 8a053e3..58423fb 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx

@@ -332,6 +332,9 @@
   if (status & GNUTLS_CERT_SIGNER_NOT_CA)
     vlog.debug("server cert signer not CA");
 
+  if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
+    throw AuthFailureException("The server certificate uses an insecure algorithm");
+
   if ((status & (~allowed_errors)) != 0) {
     /* No other errors are allowed */
     vlog.debug("GNUTLS status of certificate verification: %u", status);
commit	e43e5e30517498ec070b568a7d91edb942779d63	[log] [tgz]
author	Pierre Ossman <ossman@cendio.se>	Fri Sep 01 11:15:31 2017 +0200
committer	Pierre Ossman <ossman@cendio.se>	Fri Sep 01 11:15:31 2017 +0200
tree	046f2ab90b19eabd0488f2b831f52a0815065206
parent	daf3d88aa1b554c5d6d41116c51517d30cb7c4b7 [diff] [blame]