[PATCH 2/2] RDP compositor: enforce certificate and key

Hardening rdp.effort at gmail.com
Thu May 21 00:03:49 PDT 2015


Le 21/05/2015 09:02, Pekka Paalanen a écrit :
> On Tue, 19 May 2015 10:07:40 +0200
> David FORT <rdp.effort at gmail.com> wrote:
> 
>> The RDP compositor is usable without certificates and key in a very limited
>> number of cases (local usage using xfreerdp), so let's force the presence of
>> keys and certificates.
>> ---
>>  src/compositor-rdp.c | 6 ++++++
>>  1 file changed, 6 insertions(+)
>>
>> diff --git a/src/compositor-rdp.c b/src/compositor-rdp.c
>> index f1dcda0..261fa4b 100644
>> --- a/src/compositor-rdp.c
>> +++ b/src/compositor-rdp.c
>> @@ -1278,5 +1278,11 @@ backend_init(struct wl_display *display, int *argc, char *argv[],
>>  	};
>>  
>>  	parse_options(rdp_options, ARRAY_LENGTH(rdp_options), argc, argv);
>> +	if (!config.rdp_key && (!config.server_cert || !config.server_key)) {
>> +		weston_log("the RDP compositor requires keys and an optional certificate for RDP or TLS security ("
>> +				"--rdp4-key or --rdp-tls-cert/--rdp-tls-key)\n");
>> +		return NULL;
>> +	}
>> +
>>  	return rdp_compositor_create(display, &config, argc, argv, wconfig);
>>  }
> 
> Hi,
> 
> do you want to push this one with my Acked-by already given before RC2
> comes out tomorrow? I'd recommend it. :-)
> 

Nice, I was about to send a mail in that sense.


-- 
David FORT
website: http://www.hardening-consulting.com/



More information about the wayland-devel mailing list