[Spice-devel] [PATCH 10/17] Introduce reds_stream_is_ssl()
Christophe Fergeau
cfergeau at redhat.com
Tue Jan 7 03:14:36 PST 2014
---
server/inputs_channel.c | 2 +-
server/reds.c | 10 +++++-----
server/reds_stream.c | 5 +++++
server/reds_stream.h | 1 +
4 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/server/inputs_channel.c b/server/inputs_channel.c
index 8d4feab..395b81f 100644
--- a/server/inputs_channel.c
+++ b/server/inputs_channel.c
@@ -551,7 +551,7 @@ static void inputs_connect(RedChannel *channel, RedClient *client,
spice_assert(g_inputs_channel);
spice_assert(channel == &g_inputs_channel->base);
- if (!stream->ssl && !red_client_during_migrate_at_target(client)) {
+ if (!reds_stream_is_ssl(stream) && !red_client_during_migrate_at_target(client)) {
main_channel_client_push_notify(red_client_get_main(client),
"keyboard channel is insecure");
}
diff --git a/server/reds.c b/server/reds.c
index da93dec..f35f989 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -1411,9 +1411,9 @@ static void reds_info_new_channel(RedLinkInfo *link, int connection_id)
spice_info("channel %d:%d, connected successfully, over %s link",
link->link_mess->channel_type,
link->link_mess->channel_id,
- link->stream->ssl == NULL ? "Non Secure" : "Secure");
+ reds_stream_is_ssl(link->stream) ? "Secure" : "Non Secure");
/* add info + send event */
- if (link->stream->ssl) {
+ if (reds_stream_is_ssl(link->stream)) {
link->stream->info->flags |= SPICE_CHANNEL_EVENT_FLAG_TLS;
}
link->stream->info->connection_id = connection_id;
@@ -2032,8 +2032,8 @@ static int reds_security_check(RedLinkInfo *link)
{
ChannelSecurityOptions *security_option = find_channel_security(link->link_mess->channel_type);
uint32_t security = security_option ? security_option->options : default_channel_security;
- return (link->stream->ssl && (security & SPICE_CHANNEL_SECURITY_SSL)) ||
- (!link->stream->ssl && (security & SPICE_CHANNEL_SECURITY_NONE));
+ return (reds_stream_is_ssl(link->stream) && (security & SPICE_CHANNEL_SECURITY_SSL)) ||
+ (!reds_stream_is_ssl(link->stream) && (security & SPICE_CHANNEL_SECURITY_NONE));
}
static void reds_handle_read_link_done(void *opaque)
@@ -2057,7 +2057,7 @@ static void reds_handle_read_link_done(void *opaque)
SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION);
if (!reds_security_check(link)) {
- if (link->stream->ssl) {
+ if (reds_stream_is_ssl(link->stream)) {
spice_warning("spice channels %d should not be encrypted", link_mess->channel_type);
reds_send_link_error(link, SPICE_LINK_ERR_NEED_UNSECURED);
} else {
diff --git a/server/reds_stream.c b/server/reds_stream.c
index e94995c..95c159f 100644
--- a/server/reds_stream.c
+++ b/server/reds_stream.c
@@ -255,6 +255,11 @@ RedsStream *reds_stream_new(int socket)
return stream;
}
+bool reds_stream_is_ssl(RedsStream *stream)
+{
+ return (stream->ssl != NULL);
+}
+
void reds_stream_disable_writev(RedsStream *stream)
{
stream->writev = NULL;
diff --git a/server/reds_stream.h b/server/reds_stream.h
index 4927336..fca2a71 100644
--- a/server/reds_stream.h
+++ b/server/reds_stream.h
@@ -125,6 +125,7 @@ void reds_stream_free(RedsStream *s);
void reds_stream_push_channel_event(RedsStream *s, int event);
void reds_stream_remove_watch(RedsStream* s);
RedsStream *reds_stream_new(int socket);
+bool reds_stream_is_ssl(RedsStream *stream);
RedsStreamSslStatus reds_stream_ssl_accept(RedsStream *stream);
int reds_stream_enable_ssl(RedsStream *stream, SSL_CTX *ctx);
--
1.8.4.2
More information about the Spice-devel
mailing list