diff --git a/common/network/TcpSocket.cxx b/common/network/TcpSocket.cxx index f5476e8..ab05eeb 100644 --- a/common/network/TcpSocket.cxx +++ b/common/network/TcpSocket.cxx @@ -423,7 +423,7 @@ extern settings_t settings; WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr, socklen_t listenaddrlen, - bool sslonly, const char *cert, + bool sslonly, const char *cert, const char *certkey, const char *basicauth, const char *httpdir) { @@ -496,7 +496,7 @@ WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr, settings.basicauth = basicauth; settings.cert = cert; - settings.key = ""; + settings.key = certkey; settings.ssl_only = sslonly; settings.verbose = vlog.getLevel() >= vlog.LEVEL_DEBUG; settings.httpdir = NULL; @@ -673,7 +673,7 @@ void network::createTcpListeners(std::list *listeners, void network::createWebsocketListeners(std::list *listeners, const struct addrinfo *ai, - bool sslonly, const char *cert, + bool sslonly, const char *cert, const char *certkey, const char *basicauth, const char *httpdir) { @@ -701,7 +701,7 @@ void network::createWebsocketListeners(std::list *listeners, try { new_listeners.push_back(new WebsocketListener(current->ai_addr, current->ai_addrlen, - sslonly, cert, basicauth, + sslonly, cert, certkey, basicauth, httpdir)); } catch (SocketException& e) { // Ignore this if it is due to lack of address family support on @@ -729,6 +729,7 @@ void network::createWebsocketListeners(std::list *listeners, const char *addr, bool sslonly, const char *cert, + const char *certkey, const char *basicauth, const char *httpdir) { @@ -757,7 +758,7 @@ void network::createWebsocketListeners(std::list *listeners, ai[1].ai_addrlen = sizeof(sa[1].u.sin6); ai[1].ai_next = NULL; - createWebsocketListeners(listeners, ai, sslonly, cert, basicauth, httpdir); + createWebsocketListeners(listeners, ai, sslonly, cert, certkey, basicauth, httpdir); } else { struct addrinfo *ai, hints; char service[16]; @@ -780,7 +781,7 @@ void network::createWebsocketListeners(std::list *listeners, gai_strerror(result)); try { - createWebsocketListeners(listeners, ai, sslonly, cert, basicauth, httpdir); + createWebsocketListeners(listeners, ai, sslonly, cert, certkey, basicauth, httpdir); } catch(...) { freeaddrinfo(ai); throw; diff --git a/common/network/TcpSocket.h b/common/network/TcpSocket.h index 2f743e8..57a8629 100644 --- a/common/network/TcpSocket.h +++ b/common/network/TcpSocket.h @@ -90,7 +90,8 @@ namespace network { class WebsocketListener : public SocketListener { public: WebsocketListener(const struct sockaddr *listenaddr, socklen_t listenaddrlen, - bool sslonly, const char *cert, const char *basicauth, + bool sslonly, const char *cert, const char *certkey, + const char *basicauth, const char *httpdir); virtual int getMyPort(); @@ -110,6 +111,7 @@ namespace network { const char *addr, bool sslonly, const char *cert, + const char *certkey, const char *basicauth, const char *httpdir); void createTcpListeners(std::list *listeners, @@ -121,6 +123,7 @@ namespace network { const struct addrinfo *ai, bool sslonly, const char *cert, + const char *certkey, const char *basicauth, const char *httpdir); diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man index f2af360..f8ace17 100644 --- a/unix/xserver/hw/vnc/Xvnc.man +++ b/unix/xserver/hw/vnc/Xvnc.man @@ -315,6 +315,12 @@ Listen for websocket connections on this port, default 6800. SSL pem cert to use for websocket connections, default empty/not used. . .TP +.B \-key \fIpath\fP +SSL pem key to use for websocket connections, default empty/not used. +Only use this if you have the cert and key in separate files. If they +are in the same file, use \fB-cert\fP. +. +.TP .B \-sslOnly Require SSL for websocket connections. Default off, non-SSL allowed. . diff --git a/unix/xserver/hw/vnc/vncExtInit.cc b/unix/xserver/hw/vnc/vncExtInit.cc index 7e1accd..057ceb5 100644 --- a/unix/xserver/hw/vnc/vncExtInit.cc +++ b/unix/xserver/hw/vnc/vncExtInit.cc @@ -87,6 +87,7 @@ rfb::BoolParameter noWebsocket("noWebsocket", false); rfb::IntParameter websocketPort("websocketPort", "websocket port to listen for", 6800); rfb::StringParameter cert("cert", "SSL pem cert to use for websocket connections", ""); +rfb::StringParameter certkey("key", "SSL pem key to use for websocket connections (if separate)", ""); rfb::BoolParameter sslonly("sslOnly", "Require SSL for websockets", false); rfb::StringParameter basicauth("BasicAuth", "user:pass for HTTP basic auth for websockets", ""); rfb::StringParameter interface("interface", @@ -224,7 +225,7 @@ void vncExtensionInit(void) if (!noWebsocket) network::createWebsocketListeners(&listeners, websocketPort, localhostOnly ? "local" : addr, - sslonly, cert, basicauth, httpDir); + sslonly, cert, certkey, basicauth, httpDir); else if (localhostOnly) network::createLocalTcpListeners(&listeners, port); else