VirtualBox

Changeset 104537 in vbox for trunk/src/VBox/Main


Ignore:
Timestamp:
May 8, 2024 7:00:22 AM (7 months ago)
Author:
vboxsync
Message:

Made TLS default with auto-generation of self-signed certificate - #10310

Location:
trunk/src/VBox/Main
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Main/include/VRDEServerImpl.h

    r98103 r104537  
    6060    HRESULT i_loadSettings(const settings::VRDESettings &data);
    6161    HRESULT i_saveSettings(settings::VRDESettings &data);
     62    HRESULT i_generateServerCertificate();
    6263    void i_rollback();
    6364    void i_commit();

  • trunk/src/VBox/Main/src-server/VRDEServerImpl.cpp

    r98292 r104537  
    3838#include <iprt/ldr.h>
    3939#include <iprt/path.h>
     40#include <iprt/crypto/x509.h>
    4041
    4142#include <VBox/err.h>
     
    233234}
    234235
     236/**
     237 * Auto-generates a self-signed certificate for the VM.
     238 *
     239 * @note Locks this object for writing.
     240*/
     241HRESULT VRDEServer::i_generateServerCertificate()
     242{
     243    Utf8Str strServerCertificate = "server_cert.pem";
     244    Utf8Str strServerPrivateKey = "server_key_private.pem";
     245    mParent->i_calculateFullPath(strServerCertificate, strServerCertificate);
     246    mParent->i_calculateFullPath(strServerPrivateKey, strServerPrivateKey);
     247    const char *pszServerCertificate = strServerCertificate.c_str();
     248    const char *pszServerPrivateKey = strServerPrivateKey.c_str();
     249
     250    HRESULT hrc = RTCrX509Certificate_Generate(pszServerCertificate, pszServerPrivateKey);
     251
     252    if (SUCCEEDED(hrc))
     253    {
     254        AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
     255        mData.backup();
     256
     257        mData->mapProperties["Security/Method"] = Utf8Str("TLS");
     258        mData->mapProperties["Security/ServerCertificate"] = strServerCertificate;
     259        mData->mapProperties["Security/ServerPrivateKey"] = strServerPrivateKey;
     260
     261        /* Done with the properties access. */
     262        alock.release();
     263    }
     264    return hrc;
     265}
     266
    235267// IVRDEServer properties
    236268/////////////////////////////////////////////////////////////////////////////
     
    262294        /* leave the lock before informing callbacks */
    263295        alock.release();
     296
     297        /*
     298        * If TLS is not explicitely disabled then auto-generate
     299        * a self-signed certificate for this VM.
     300        */
     301        if (mData->mapProperties["Security/Method"] != "RDP")
     302        {
     303            hrc = i_generateServerCertificate();
     304            if (FAILED(hrc))
     305            {
     306                LogRel(("Failed to auto generate server key and certificate: (%Rrc)\n", hrc));
     307            }
     308        }
    264309
    265310        AutoWriteLock mlock(mParent COMMA_LOCKVAL_SRC_POS);       // mParent is const, needs no locking
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette