-
Notifications
You must be signed in to change notification settings - Fork 953
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
X509 client authentication #787
Comments
X509 is currently only used to authenticate the server, not the client. So basically how most web servers work. It should theoretically be possible to use client certificates as well, but this is not implemented at the moment. It could also require a protocol extension to work really well. |
I have crypto experience. I could work on this... |
Go right ahead. We have the development mailing list if you want to discuss technical details. |
I have made one patch to tag 1.14.0 that can use with qemu. |
Can you create a PR so it can be reviewed? |
Not exactly true. Apache has
|
This is a nice feature. but because gnutls does not support cross-platform (e.g., msvc compilation is not supported), it is recommended to use openSSL for this feature |
Please review the code. |
Is there a technical reason why the X509CA configuration option is available on the client side, but not the server side ?
I wanted to use this so that a VNC server would only accept client connections from users with a certificate signed from the configured CA.
It is possible to configure OpenVPN and SSH to trust a given CA, so I was wondering why this "trusting feature" was implemented the other way around in TigerVNC.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: