java viewer source

classic Classic list List threaded Threaded
31 messages Options
12
Reply | Threaded
Open this post in threaded view
|

java viewer source

ttw+vnc
adding ssl support to the java client and want to ensure i'm
patching against the correct version.  it's under

        orig/trunk/vnc_javasrc

right?

it appears that tightvnc only bundles a binary of the java client;
it occured to me that, perhaps there is a seperate project for the
java client.  can anyone confirm clarify this situation?


cheers,
--
        t
 t
                 w


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

Karl J. Runge
Hello,

On Sat, 20 Oct 2007, n0g0013 <[hidden email]> wrote:
> adding ssl support to the java client and want to ensure i'm
> patching against the correct version.  it's under ...

You may want to look also at the SSL patch at added to the Java client
a year or so ago:

  http://libvncserver.cvs.sourceforge.net/libvncserver/libvncserver/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch?view=log

it is patches against:

  http://www.karlrunge.com/x11vnc/tightvnc-1.3dev7_javasrc.tar.gz ,

if for no other reason than to avoid the mistakes I made :-)

There is also a SSL patch for the ultravnc java viewer which is similar,
but supports filetransfer.

I also added some patches to improve the usability of the Java client,
which was basically unusable at the 1.3dev7 level..

Please send me a pointer to your client when it is ready, I look forward
to testing it with the SSL support in my x11vnc server (x11vnc -ssl ...)

Best regards,

Karl


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

ttw+vnc
On 21.10-18:29, Karl J. Runge wrote:
[ ... ]
> On Sat, 20 Oct 2007, n0g0013 <[hidden email]> wrote:
> > adding ssl support to the java client and want to ensure i'm
> > patching against the correct version.  it's under ...
[ ... ]
> You may want to look also at the SSL patch at added to the Java client
> a year or so ago:

thank very much for the pointers but i'm totally confused now.
beginning to feel like both tightvnc and the java client are pretty
stagnant (but working well).  if you've patched it over a year ago,
why's it not included in current release?

is there any point in me re-patching what you've done?

is there a standard vnc library that most projects are working from
or is each project/library forking independently?

can anyone advise which is the best base to tackle this from?  i'm
only using tightvnc cause it was the first project to have IPv6 and
i've stuck with it.

nb: i realise this is a partisan crowd but any understanding i can
get of where the general VNC codebase is going at the moment would be
helpful.

thanks again.

--
        t
 t
                 w

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

Dale Southard

Adding to the confusion.  I have an independently developed SSL patch
for the tightvnc java client but never committed upstream.  At the time
(May 06), Constantin was busy with the codebase merge, so it was a bad
time to add features.  Then I got busy with other things and never went
back to merge.

Are we covered on ssl java?  [Being serious since I *will* be coming
back to this issue over the next few months, so if SSL is working on the
java client it's one less thing I'll have to worry about.]


n0g0013 wrote:

> On 21.10-18:29, Karl J. Runge wrote:
> [ ... ]
>> On Sat, 20 Oct 2007, n0g0013 <[hidden email]> wrote:
>>> adding ssl support to the java client and want to ensure i'm
>>> patching against the correct version.  it's under ...
> [ ... ]
>> You may want to look also at the SSL patch at added to the Java client
>> a year or so ago:
>
> thank very much for the pointers but i'm totally confused now.
> beginning to feel like both tightvnc and the java client are pretty
> stagnant (but working well).  if you've patched it over a year ago,
> why's it not included in current release?
>
> is there any point in me re-patching what you've done?
>
> is there a standard vnc library that most projects are working from
> or is each project/library forking independently?
>
> can anyone advise which is the best base to tackle this from?  i'm
> only using tightvnc cause it was the first project to have IPv6 and
> i've stuck with it.
>
> nb: i realise this is a partisan crowd but any understanding i can
> get of where the general VNC codebase is going at the moment would be
> helpful.

--
/*  Dale Southard Jr.   [hidden email]  925-422-1463  f:422-9429
 *  Computer Scientist, Advanced Simulation and Computing Program
 *  Lawrence Livermore National Lab, L-556,  Livermore, CA  94551
 */

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

Constantin Kaplinsky
In reply to this post by ttw+vnc
Hello,

>>>>> n0g0013 wrote:

> adding ssl support to the java client and want to ensure i'm patching
> against the correct version.  it's under
>
>   orig/trunk/vnc_javasrc
>
> right?

Yes, correct.

> it appears that tightvnc only bundles a binary of the java client;

Not sure I understand. The source code is available as well.

--
With Best Wishes,
Constantin

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

Constantin Kaplinsky
In reply to this post by ttw+vnc
Hello,

>>>>> n0g0013 wrote:

> thank very much for the pointers but i'm totally confused now.
> beginning to feel like both tightvnc and the java client are pretty
> stagnant (but working well).  if you've patched it over a year ago,
> why's it not included in current release?

The patches need work before applying to the mainstream version --
auditing the code, understanding and documenting the changes, testing
and so on. Normally I accept the changes only when I clearly understand
them in details. Needless to say, reviewing the patches requires a lot
of time, and the bigger the change, the more time it requires. As for
SSL tunneling, I did not have enough time to work on the subject.

By the way, TightVNC Java Viewer is Java 1.1 compatible, and should
remain such for some time, so I will not accept any patch that will
break this compatibility (for post-1.1 features, java.lang.reflect
package should be used).

> is there a standard vnc library that most projects are working from
> or is each project/library forking independently?

There are different code bases -- some are related, some are
independent. Initially, TightVNC Java viewer was based on VNC3, but was
almost rewritten since then.

> can anyone advise which is the best base to tackle this from?  i'm
> only using tightvnc cause it was the first project to have IPv6 and
> i've stuck with it.

Hmm, I thought TightVNC does not support IPv6. :)

--
With Best Wishes,
Constantin


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

Constantin Kaplinsky
In reply to this post by Dale Southard
Hello Dale, Karl,

>>>>> Dale Southard wrote:

> Adding to the confusion.  I have an independently developed SSL patch
> for the tightvnc java client but never committed upstream.  At the
> time (May 06), Constantin was busy with the codebase merge, so it was
> a bad time to add features.  Then I got busy with other things and
> never went back to merge.

Well, I think the Java viewer code will not ever be merged with VNC4
Java code, so actually it might be a good idea to incorporate SSL into
the current version.

It that possible that we could join our efforts and adopt existing SSL
tunneling implementations into the TightVNC Viewer? First of all, it
could be great to include some _minimal_ set of changes that does not
change any defaults, does not have any GUI etc. In other words,
something that I will easily understand. :)

And let me ask a few questions:

  (1) What are the requirements on the server side? Are modifications
      required in server code, or maybe some stand-alone tunneling
      program can be used instead?

  (2) What are the primary differences between the existing
      implementations?

Please let's keep this discussion in this mailing list, so it would not
shift to personal mailboxes.

Thank you!

--
With Best Wishes,
Constantin

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

ttw+vnc
In reply to this post by Constantin Kaplinsky
On 23.10-13:13, Constantin Kaplinsky wrote:
[ ... ]
> By the way, TightVNC Java Viewer is Java 1.1 compatible, and should
> remain such for some time, so I will not accept any patch that will
> break this compatibility (for post-1.1 features, java.lang.reflect
> package should be used).

that's a show stopper for me.  thanks to all for the feedback.

--
        t
 t
                 w

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

ttw+vnc
In reply to this post by Constantin Kaplinsky
On 23.10-12:40, Constantin Kaplinsky wrote:
[ ... ]
> > it appears that tightvnc only bundles a binary of the java client;
>
> Not sure I understand. The source code is available as well.

if 'orig' is the active code base then i think i'm catching up.  i
expected it to be in 'trunk' and all i can find in 'trunk' is the
'.jar' file (which may or may not have source code included i
haven't looked).

        ... it's also possible there's something wrong with my checkout.
i'll verify that when i can.

--
        t
 t
                 w

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

ttw+vnc
In reply to this post by Constantin Kaplinsky
On 23.10-14:36, Constantin Kaplinsky wrote:
[ ... ]
>   (1) What are the requirements on the server side? Are modifications
>       required in server code, or maybe some stand-alone tunneling
>       program can be used instead?

i'm using 'socat' but this certainaly isn't generic.  the key management
would definitely benefit from integration with the UI.  this shouldn't
require massive effort to implement (assuming use of standard
crypto library like openssl) but there are definately architectural
peculiarities in the java client that make it awkward.  hopefully
that wouldn't be the same for the server code.

--
        t
 t
                 w

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

ttw+vnc
In reply to this post by Dale Southard
On 22.10-15:02, Dale Southard wrote:
[ ... ]
> Are we covered on ssl java?  [Being serious since I *will* be coming
> back to this issue over the next few months, so if SSL is working on the
> java client it's one less thing I'll have to worry about.]

given constantin's requirement for 1.1 platform i can only say that
i will not be proceeding here.  i have a very short hack that i am
currently using but karl runge's is more complete/generic.  there also
appears to be another fork of the java codebase that has SSL but it
has carried the architectural problems i can see in the current
codebase.  there's a java VNC library that has done _some_ of the
architectural work it appears to support only protocol 3.3 (if i'm
recalling that correctly).  realvnc 4.1 java client has done some of
the architectural work so perhaps that is the most sensible starting
point.  not sure yet.

good luck.

--
        t
 t
                 w

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

Dale Southard
In reply to this post by Constantin Kaplinsky

Constantin Kaplinsky wrote:

>>>>>> Dale Southard wrote:
>
>> Adding to the confusion.  I have an independently developed SSL patch
>> for the tightvnc java client but never committed upstream.  At the
>> time (May 06), Constantin was busy with the codebase merge, so it was
>> a bad time to add features.  Then I got busy with other things and
>> never went back to merge.
>
> Well, I think the Java viewer code will not ever be merged with VNC4
> Java code, so actually it might be a good idea to incorporate SSL into
> the current version.
>
> It that possible that we could join our efforts and adopt existing SSL
> tunneling implementations into the TightVNC Viewer? First of all, it
> could be great to include some _minimal_ set of changes that does not
> change any defaults, does not have any GUI etc. In other words,
> something that I will easily understand. :)

Speaking for my SSL mod, the SSL patches to the VNC client were around
100 lines total.  They added basic SSL functionality and two parameters
("useSSL" to turn on SSL for the connection, and "sslTrustAll" to
suppress checking of the certificate trust chain for people using
self-signed certs).  No GUI, etc.

Note that I used the Java 1.2 SSL implementation, so the resulting
client needed to be compiled with at least java 1.2.  For our planned
use, this is a fair trade-off vs re-implementing SSL under 1.1.


> And let me ask a few questions:
>
>   (1) What are the requirements on the server side? Are modifications
>       required in server code, or maybe some stand-alone tunneling
>       program can be used instead?

Again speaking for myself:

For testing, running the server though stunnel is sufficient.  I can
post instructions for setting this up if anyone cares.

Our final goal is deploying a distributed renderserver that handles both
X11 and OpenGL.  So, for the final deployment, the server-side SSL will
be integrated into the program (vncproxy) that composites the X11 rfb
traffic and the OpenGL rfb traffic.  So, for OUR use, no server-side
modifications to VNC-tight are required.


>   (2) What are the primary differences between the existing
>       implementations?

Speaking for myself:

 - My SSL patches depend on java 1.2 or better.

 - My SSL patches do not use the existing socket factory hook.  I think
   it could be done, but was more work and it complicated handling the
   SSL-specific setup somewhat.  [Remember that what I have was a proof-
   of-concept for SSL, the main body of work was in the GL/X11
   compositing stuff.]

   For upstream commit, this would probably need to be looked at again
   and weighed against further SSL requirements.


--
/*  Dale Southard Jr.   [hidden email]  925-422-1463  f:422-9429
 *  Computer Scientist, Advanced Simulation and Computing Program
 *  Lawrence Livermore National Lab, L-556,  Livermore, CA  94551
 */

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

Constantin Kaplinsky
In reply to this post by ttw+vnc
Hello,

>>>>> n0g0013 wrote:

> given constantin's requirement for 1.1 platform i can only say that i
> will not be proceeding here.

Well, let me describe my position more precisely. Java 1.1 requirement
does not mean we cannot use Java2. It's ok to use Java2 features, and
current code already does that (for example, VncCanvas2.java calls the
java.awt.Component.setFocusTraversalKeysEnabled() method which is not
available before 1.4).

>From the other side, the viewer does not fail under JRE 1.1. The
java.lang.reflect package is used to check APIs available at run time.
Moreover, even using java.lang.reflect is not necessary, as I think SSL
tunneling could be implemented via the SocketFactory interface. In that
case, SSL-related classes will not be loaded by default, so the viewer
will remain 1.1-compatible unless some special parameters are specified.

--
With Best Wishes,
Constantin

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

ttw+vnc
On 24.10-00:55, Constantin Kaplinsky wrote:
[ ... ]
> Well, let me describe my position more precisely. Java 1.1 requirement
> does not mean we cannot use Java2. It's ok to use Java2 features, and
> current code already does that (for example, VncCanvas2.java calls the
> java.awt.Component.setFocusTraversalKeysEnabled() method which is not
> available before 1.4).

thanks for the clarification on the project's stance around platform
but from a personal point of view i am not prepared to start hacking
around the platforms unless there is actual benefit.  i don't think
i'll be able to see that, especially going back as far as java 1.1.
i accept there _may be_ a case for 1.3 but from our perspective all
the useful stuff (ssl and socket factory interfaces) came in 1.4, and
that, is the only sensible baseline from my perspective.

please, don't mis-interpret me, i understand you have a much bigger
world to consider, i'm just not convinced and am not prepared to
re-implement basic interfaces to support seriously outdated platforms.

n.b: as a side point, yes, i implemented via a generic socket factory
implementation and that is one of the reasons i mentioned "architectural
issues" within the codebase (i.e. poor abstraction)
--
        t
 t
                 w

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

[patch] Re: java viewer source

ttw+vnc
In reply to this post by ttw+vnc
On 23.10-13:03, n0g0013 wrote:

> On 22.10-15:02, Dale Southard wrote:
> [ ... ]
> > Are we covered on ssl java?  [Being serious since I *will* be coming
> > back to this issue over the next few months, so if SSL is working on the
> > java client it's one less thing I'll have to worry about.]
>
> given constantin's requirement for 1.1 platform i can only say that
> i will not be proceeding here.  i have a very short hack that i am
> currently using but karl runge's is more complete/generic.  there also
> appears to be another fork of the java codebase that has SSL but it
> has carried the architectural problems i can see in the current
> codebase.  there's a java VNC library that has done _some_ of the
> architectural work it appears to support only protocol 3.3 (if i'm
> recalling that correctly).  realvnc 4.1 java client has done some of
> the architectural work so perhaps that is the most sensible starting
> point.  not sure yet.
was trying karl's patch and it didn't work for me (didn't look into
it), tried the fork with ssl support and that didn't work from
either (didn't look into that either), i didn't find dale's patch
(sorry dale) so haven't tried that but at a quick glance there's some
fairly muddy stuff out there.  this may be crap but it's simple and
pretty secure as far as self-signed certificates go (or perhaps i
should just say that it meets my requirements).

it should also be simple to wrap with 'reflect' stuff if people wish
to do that.

either way, thought i would add it to the archives.

also available at

        http://www.cameron-consulting.ie/devel/patches/VERSION_1_3_9-vnc_javasrc-static_certificate_ssl_hack.patch

p.s: obviously you should delete the test certificate as i can't
comment as to it's security in the larger scheme of things
--
        t
 t
                 w

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel

VERSION_1_3_9-vnc_javasrc-static_certificate_ssl_hack.patch (13K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [patch] Re: java viewer source

Constantin Kaplinsky
Hello,

>>>>> n0g0013 wrote:

> there's some fairly muddy stuff out there.  this may be crap but it's
> simple and pretty secure as far as self-signed certificates go (or
> perhaps i should just say that it meets my requirements).

Yes, it looks as a simple hack, but it looks interesting for me, just
because it's simple. Thank you.

--
With Best Wishes,
Constantin

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

Constantin Kaplinsky
In reply to this post by Dale Southard
Hello Dale,

>>>>> Dale Southard wrote:

> Speaking for my SSL mod, the SSL patches to the VNC client were
> around 100 lines total.  They added basic SSL functionality and two
> parameters ("useSSL" to turn on SSL for the connection, and
> "sslTrustAll" to suppress checking of the certificate trust chain for
> people using self-signed certs).  No GUI, etc.

Could you please send the changes, so I'll have a look and estimate
integration complexity?

> Note that I used the Java 1.2 SSL implementation, so the resulting
> client needed to be compiled with at least java 1.2.  For our planned
>  use, this is a fair trade-off vs re-implementing SSL under 1.1.

Compiling under Java 1.2 is fine.

> For testing, running the server though stunnel is sufficient.  I can
> post instructions for setting this up if anyone cares.

Yes, I would appreciate if you could send the instructions.

Thank you!

--
With Best Wishes,
Constantin

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

ttw+vnc
On 31.10-09:35, Constantin Kaplinsky wrote:
[ ... ]
> > Note that I used the Java 1.2 SSL implementation, so the resulting
> > client needed to be compiled with at least java 1.2.  For our planned
> >  use, this is a fair trade-off vs re-implementing SSL under 1.1.
>
> Compiling under Java 1.2 is fine.

this must surely be an error.  1.2 has no SSL support.

--
        t
 t
                 w

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

ttw+vnc
In reply to this post by Constantin Kaplinsky
On 31.10-09:35, Constantin Kaplinsky wrote:
[ ... ]
> > For testing, running the server though stunnel is sufficient.  I can
> > post instructions for setting this up if anyone cares.
>
> Yes, I would appreciate if you could send the instructions.

these instructions are not for 'stunnel', they are for 'socat' but
perhaps this will be useful for others.

generate/save the relevant SSL certificates where you like, for example

        <cafile> /etc/ssl/certs/ca.pem Certificate Authority PEM certificate
        <cert> /etc/ssl/certs/vnc.pem VNC service certificate
        <key> /etc/ssl/private/vnc.key VNC private key file

if you generate a self-signed certificate with the key included i
guess(?) these could all be the same file.  you then start 'socat' in a
method of your choosing (e.g. rc script, manually) as follows

        socat \
                        "OPENSSL-LISTEN:5900,fork,verify=0,\
                                        cafile=<cafile>,\
                                        key=<key>,\
                                        certificate=<cert>" \
                        TCP4:localhost:5950
        n.b: above formatting may not execute, each parameter must be
        single argument (i think) (quotes may work).

the "fork" tells socat to act like a server forking for each
connection and the "verify=0" to allow any client connection.

the first parameter is the SSL listening connection (in this case the
default 5900 port) which is then piped to the second parameter (in
this case a localhost connection on port 5950).  this can be used to
connect to any working VNC connection over SSL.

if you are using my patch you will need to copy the DER encoded
certificate into the TrustedCertificate class and re-build the viewer.
this can be captured with the following command

        sed -e \
                        '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/ ! d' \
                        < cafile \
                | sed -e 's/$/\\n" +/' \
                | sed -e 's/^/"/' \
                >TrustedCertificates.java
        n.b: these sed commands should make it simpler to edit the
        'TrustedCertificates.java' file but it doesn't eliminate the
        need

rebuild with

        make

upload the new 'VncViewer.jar' and away you go.

you should also be able to import only the root certificate (if you
have one) which will allow you to connect to any SSL wrapped VNC
service using a properly signed certificate (i.e. your own (or any
other) CA, not one of the known, default, trusted CAs).

--
        t
 t
                 w

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Reply | Threaded
Open this post in threaded view
|

Re: java viewer source

Dale Southard
In reply to this post by ttw+vnc
n0g0013 wrote:
> On 31.10-09:35, Constantin Kaplinsky wrote:
> [ ... ]
>>> Note that I used the Java 1.2 SSL implementation, so the resulting
>>> client needed to be compiled with at least java 1.2.  For our planned
>>>  use, this is a fair trade-off vs re-implementing SSL under 1.1.
>> Compiling under Java 1.2 is fine.
>
> this must surely be an error.  1.2 has no SSL support.

Yup.  Thought 1.4 and typed 1.2.  1.4 is the is where javax.net.ssl
first appears.  1.4 is the minimum for my patches.



--
/*  Dale Southard Jr.   [hidden email]  925-422-1463  f:422-9429
  *  Computer Scientist, Advanced Simulation and Computing Program
  *  Lawrence Livermore National Lab, L-556,  Livermore, CA  94551
  */

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
12