|
|
|
#!/bin/sh
|
|
|
|
#
|
|
|
|
# usage: onetimekey path/to/mycert.pem
|
classes/ssl: Many improvements to Java SSL applet, onetimekey
serverCert param, debugging printout, user dialogs, catch
socket exceptions, autodetect x11vnc for GET=1.
x11vnc: misc/scripts: desktop.cgi, inet6to4, panner.pl.
X11VNC_HTTPS_DOWNLOAD_WAIT_TIME, -unixpw %xxx documented, and
can run user cmd in UNIXPW_CMD. FD_XDMCP_IF for create script,
autodetect dm on udp6 only. Queries: pointer_x, pointer_y,
pointer_same, pointer_root. Switch on -xkd if keysyms per key >
4 in all cases. daemon mode improvements for connect_switch,
inet6to4, ultravnc_repeater.pl. Dynamic change of -clip do
not create new fb if WxH is unchanged.
15 years ago
|
|
|
# onetimekey -certonly path/to/mycert.pem
|
|
|
|
#
|
|
|
|
# Takes an openssl cert+key pem file and turns into a long string
|
|
|
|
# for the x11vnc SSL VNC Java Viewer.
|
|
|
|
#
|
|
|
|
# The Java applet URL parameter can be oneTimeKey=<str> where str is
|
|
|
|
# the output of this program, or can be oneTimeKey=PROMPT in which
|
|
|
|
# case the applet will ask you to paste in the string.
|
|
|
|
#
|
|
|
|
# The problem trying to be solved here is it is difficult to get
|
|
|
|
# the Java applet to have or use a keystore with the key saved
|
|
|
|
# in it. Also, as the name implies, an HTTPS server can create
|
|
|
|
# a one time key to send to the applet (the user has already
|
|
|
|
# logged in via password to the HTTPS server).
|
classes/ssl: Many improvements to Java SSL applet, onetimekey
serverCert param, debugging printout, user dialogs, catch
socket exceptions, autodetect x11vnc for GET=1.
x11vnc: misc/scripts: desktop.cgi, inet6to4, panner.pl.
X11VNC_HTTPS_DOWNLOAD_WAIT_TIME, -unixpw %xxx documented, and
can run user cmd in UNIXPW_CMD. FD_XDMCP_IF for create script,
autodetect dm on udp6 only. Queries: pointer_x, pointer_y,
pointer_same, pointer_root. Switch on -xkd if keysyms per key >
4 in all cases. daemon mode improvements for connect_switch,
inet6to4, ultravnc_repeater.pl. Dynamic change of -clip do
not create new fb if WxH is unchanged.
15 years ago
|
|
|
#
|
|
|
|
# Note oneTimeKey is to provide a CLIENT Certificate for the viewer
|
|
|
|
# to authenticate itself to the VNC Server.
|
|
|
|
#
|
|
|
|
# There is also the serverCert=<str> Applet parameter. This is
|
|
|
|
# a cert to authenticate the VNC server against. To create that
|
|
|
|
# string with this tool specify -certonly as the first argument.
|
|
|
|
|
|
|
|
certonly=""
|
|
|
|
if [ "X$1" = "X-certonly" ]; then
|
|
|
|
shift
|
|
|
|
certonly=1
|
|
|
|
fi
|
|
|
|
|
|
|
|
in=$1
|
|
|
|
der=/tmp/1time$$.der
|
|
|
|
touch $der
|
|
|
|
chmod 600 $der
|
|
|
|
|
|
|
|
openssl pkcs8 -topk8 -nocrypt -in "$in" -out "$der" -outform der
|
|
|
|
|
|
|
|
pbinhex=/tmp/pbinhex.$$
|
|
|
|
cat > $pbinhex <<END
|
|
|
|
#!/usr/bin/perl
|
|
|
|
|
|
|
|
\$str = '';
|
|
|
|
while (1) {
|
|
|
|
\$c = getc(STDIN);
|
|
|
|
last if \$c eq '';
|
|
|
|
\$str .= sprintf("%02x", unpack("C", \$c));
|
|
|
|
}
|
|
|
|
|
|
|
|
print "\$str\n";
|
|
|
|
END
|
|
|
|
|
|
|
|
chmod 700 $pbinhex
|
|
|
|
|
|
|
|
str1=`$pbinhex < "$der"`
|
|
|
|
rm -f "$der"
|
|
|
|
|
|
|
|
n=`grep -n 'BEGIN CERTIFICATE' $in | awk -F: '{print $1}' | head -1`
|
|
|
|
str2=`tail +$n $in | $pbinhex`
|
classes/ssl: Many improvements to Java SSL applet, onetimekey
serverCert param, debugging printout, user dialogs, catch
socket exceptions, autodetect x11vnc for GET=1.
x11vnc: misc/scripts: desktop.cgi, inet6to4, panner.pl.
X11VNC_HTTPS_DOWNLOAD_WAIT_TIME, -unixpw %xxx documented, and
can run user cmd in UNIXPW_CMD. FD_XDMCP_IF for create script,
autodetect dm on udp6 only. Queries: pointer_x, pointer_y,
pointer_same, pointer_root. Switch on -xkd if keysyms per key >
4 in all cases. daemon mode improvements for connect_switch,
inet6to4, ultravnc_repeater.pl. Dynamic change of -clip do
not create new fb if WxH is unchanged.
15 years ago
|
|
|
if [ "X$certonly" = "X1" ]; then
|
|
|
|
echo "$str2"
|
|
|
|
else
|
|
|
|
echo "$str1,$str2"
|
|
|
|
fi
|
|
|
|
rm -f $pbinhex
|