VirtualBox

Changeset 104570 in vbox for trunk/src/VBox/Main/src-server


Ignore:
Timestamp:
May 10, 2024 4:58:46 AM (8 months ago)
Author:
vboxsync
Message:

Make TLS default and auto-generate a certificate - bugref:10310

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Main/src-server/VRDEServerImpl.cpp

    r104541 r104570  
    3838#include <iprt/ldr.h>
    3939#include <iprt/path.h>
     40#include <iprt/crypto/x509.h>
    4041
    4142#include <VBox/err.h>
     
    233234}
    234235
     236/**
     237 * Auto-generates a self-signed certificate for the VM.
     238 *
     239 * @note Locks this object for writing.
     240*/
     241int VRDEServer::i_generateServerCertificate()
     242{
     243    Utf8Str strServerCertificate = "server_cert.pem";
     244    Utf8Str strServerPrivateKey = "server_key_private.pem";
     245    mParent->i_calculateFullPath(strServerCertificate, strServerCertificate);
     246    mParent->i_calculateFullPath(strServerPrivateKey, strServerPrivateKey);
     247    const char *pszServerCertificate = strServerCertificate.c_str();
     248    const char *pszServerPrivateKey = strServerPrivateKey.c_str();
     249
     250    int vrc = RTCrX509Certificate_Generate(pszServerCertificate, pszServerPrivateKey);
     251
     252    if (RT_SUCCESS(vrc))
     253    {
     254        AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
     255        mData.backup();
     256
     257        mData->mapProperties["Security/Method"] = Utf8Str("TLS");
     258        mData->mapProperties["Security/ServerCertificate"] = strServerCertificate;
     259        mData->mapProperties["Security/ServerPrivateKey"] = strServerPrivateKey;
     260
     261        /* Done with the properties access. */
     262        alock.release();
     263    }
     264    return vrc;
     265}
     266
    235267// IVRDEServer properties
    236268/////////////////////////////////////////////////////////////////////////////
     
    262294        /* leave the lock before informing callbacks */
    263295        alock.release();
     296
     297        /*
     298        * If TLS is not explicitely disabled then auto-generate
     299        * a self-signed certificate for this VM.
     300        */
     301        if (mData->mapProperties["Security/Method"] != "RDP")
     302        {
     303            int vrc = i_generateServerCertificate();
     304            if (RT_FAILURE(vrc))
     305            {
     306                LogRel(("Failed to auto generate server key and certificate: (%Rrc)\n", vrc));
     307            }
     308        }
    264309
    265310        AutoWriteLock mlock(mParent COMMA_LOCKVAL_SRC_POS);       // mParent is const, needs no locking
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette