From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1K3bYc-0006Nl-Hn
	for qemu-devel@nongnu.org; Tue, 03 Jun 2008 14:48:30 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1K3bYY-0006NZ-Ue
	for qemu-devel@nongnu.org; Tue, 03 Jun 2008 14:48:29 -0400
Received: from [199.232.76.173] (port=52804 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1K3bYY-0006NW-PG
	for qemu-devel@nongnu.org; Tue, 03 Jun 2008 14:48:26 -0400
Received: from moutng.kundenserver.de ([212.227.126.174]:60865)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <stewart@sibecker.co.uk>) id 1K3bYY-0005Du-Is
	for qemu-devel@nongnu.org; Tue, 03 Jun 2008 14:48:26 -0400
Subject: Re: [Qemu-devel] Re: PATCH: Secure TLS encrypted authentication
	for VNC
From: Stewart Becker <stewart@sibecker.co.uk>
In-Reply-To: <20080603103144.GA23880@sellafield.lysator.liu.se>
References: <20080603103144.GA23880@sellafield.lysator.liu.se>
Content-Type: text/plain
Date: Tue, 03 Jun 2008 19:48:10 +0100
Message-Id: <1212518890.7066.8.camel@ezekiel3>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Reply-To: stewart.becker@twbc.org.uk, qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Rosin <peda@lysator.liu.se>
Cc: qemu-devel@nongnu.org

On Tue, 2008-06-03 at 12:31 +0200, Peter Rosin wrote:
> Hi!
> 
> Sorry for the response to this old post, but since it seems to be the
> best reference for the VeNCrypt protocol on the web, I don't feel too
> bad. Hopefully I got the message-id correct so that this post is
> properly linked.
> 

<snip>

> I would like to point out that vencserver seems to be sending an
> extra U8 (== 0x01. Is that a boolean? 0x00 means failure?) before
> the SSL/TLS handshake is started. The QEMU implementation does
> this also, so the bug is clearly in this "spec". This also affects
> sub-types 258, 259, 260, 261 and 262.
> 
> 
> Cheers,
> Peter (not subscribed)

Peter,

It's been a while since I looked at it, and don't have time immediately
to check it in detail, but I think that this is the SecurityResult
message as detailed in section 6.1.3 of the RFB specification.
Re-reading it, I could probably have been more clear in my mail to Dan
about where the VenCrypt extension rejoins the RFB protocol.  The reason
that I put this in the extension code instead of the "main" VNC code is
that only the extension knows whether the success of failure message
should be sent.

Yours,

Stewart