From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1K3c7u-0003w6-VU for qemu-devel@nongnu.org; Tue, 03 Jun 2008 15:24:59 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1K3c7t-0003uj-S9 for qemu-devel@nongnu.org; Tue, 03 Jun 2008 15:24:58 -0400 Received: from [199.232.76.173] (port=41937 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1K3c7t-0003uS-Hz for qemu-devel@nongnu.org; Tue, 03 Jun 2008 15:24:57 -0400 Received: from mx1.redhat.com ([66.187.233.31]:40615) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1K3c7t-0003WI-F4 for qemu-devel@nongnu.org; Tue, 03 Jun 2008 15:24:57 -0400 Date: Tue, 3 Jun 2008 20:24:48 +0100 From: "Daniel P. Berrange" Subject: Re: [Qemu-devel] Re: PATCH: Secure TLS encrypted authentication for VNC Message-ID: <20080603192448.GB22726@redhat.com> References: <20080603103144.GA23880@sellafield.lysator.liu.se> <1212518890.7066.8.camel@ezekiel3> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1212518890.7066.8.camel@ezekiel3> Reply-To: "Daniel P. Berrange" , qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: stewart.becker@twbc.org.uk Cc: Peter Rosin , qemu-devel@nongnu.org On Tue, Jun 03, 2008 at 07:48:10PM +0100, Stewart Becker wrote: > On Tue, 2008-06-03 at 12:31 +0200, Peter Rosin wrote: > > Hi! > > > > Sorry for the response to this old post, but since it seems to be the > > best reference for the VeNCrypt protocol on the web, I don't feel too > > bad. Hopefully I got the message-id correct so that this post is > > properly linked. > > > > > > > I would like to point out that vencserver seems to be sending an > > extra U8 (== 0x01. Is that a boolean? 0x00 means failure?) before > > the SSL/TLS handshake is started. The QEMU implementation does > > this also, so the bug is clearly in this "spec". This also affects > > sub-types 258, 259, 260, 261 and 262. > > It's been a while since I looked at it, and don't have time immediately > to check it in detail, but I think that this is the SecurityResult > message as detailed in section 6.1.3 of the RFB specification. > Re-reading it, I could probably have been more clear in my mail to Dan > about where the VenCrypt extension rejoins the RFB protocol. The reason > that I put this in the extension code instead of the "main" VNC code is > that only the extension knows whether the success of failure message > should be sent. When I wrote the code I checked the interoperability of QEMU against the VeNCrypt client, and the GTK-VNC client agains the VeNCrypt server and QEMU server, so the impl is the defacto spec :-) Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|