diff options
author | runge <runge> | 2006-04-05 21:26:45 +0000 |
---|---|---|
committer | runge <runge> | 2006-04-05 21:26:45 +0000 |
commit | d14cf0a84c88a02222caad1692228584b610aacc (patch) | |
tree | 3482ef126e8b2bf3b9741f779539cfd74c77c698 /classes/ssl/proxy.vnc | |
parent | 1602b345f3e7e508b043133d5c289d9984e39f18 (diff) | |
download | libtdevnc-d14cf0a84c88a02222caad1692228584b610aacc.tar.gz libtdevnc-d14cf0a84c88a02222caad1692228584b610aacc.zip |
SSL Java viewer work thru proxy. -sslGenCA, etc key/cert management utils for x11vnc. FBPM "support".
Diffstat (limited to 'classes/ssl/proxy.vnc')
-rw-r--r-- | classes/ssl/proxy.vnc | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/classes/ssl/proxy.vnc b/classes/ssl/proxy.vnc new file mode 100644 index 0000000..9bb30e4 --- /dev/null +++ b/classes/ssl/proxy.vnc @@ -0,0 +1,70 @@ +<!-- + index.vnc - default HTML page for TightVNC Java viewer applet, to be + used with Xvnc. On any file ending in .vnc, the HTTP server embedded in + Xvnc will substitute the following variables when preceded by a dollar: + USER, DESKTOP, DISPLAY, APPLETWIDTH, APPLETHEIGHT, WIDTH, HEIGHT, PORT, + PARAMS. Use two dollar signs ($$) to get a dollar sign in the generated + HTML page. + + NOTE: the $PARAMS variable is not supported by the standard VNC, so + make sure you have TightVNC on the server side, if you're using this + variable. +--> + +<!-- +The idea behind using the signed applet in SignedVncViewer.jar for +firewall proxies: + +Java socket applets and http proxies do not get along well. + +Java security allows the applet to connect back via a socket to the +originating host, but the browser/plugin Proxy settings are not used for +socket connections (only http and the like). So the socket connection +fails in the proxy environment. + +The applet is not allowed to open a socket connection to the proxy (since +that would let it connect to just about any host, e.g. CONNECT method). + +This is indpendent of SSL but of course fails for that socket connection +as well. I.e. this is a problem for non-SSL VNC Viewers as well. + +Solution? Sign the applet and have the user click on "Yes" that they +fully trust the applet. Then the applet can connect to any host via +sockets, in particular the proxy. It next issues the request + + CONNECT host:port HTTP/1.1 + Host: host:port + +and if the proxy supports the CONNECT method we are finally connected to +the VNC server. + +For SSL connections, SSL is layered on top of this socket. However note +this scheme will work for non-SSL applet proxy tunnelling as well. + +It should be able to get non-SSL VNC connections to work via GET +command but that has not been done yet. + +Note that some proxies only allow CONNECT to only these the ports 443 +(HTTPS) and 563 (SNEWS). So you would have to run the VNC server on +those ports. + +SignedVncViewer.jar is just a signed version of VncViewer.jar + +The URL to use for this file: https://host:port/proxy.vnc + +--> + + +<HTML> +<TITLE> +$USER's $DESKTOP desktop ($DISPLAY) +</TITLE> +<APPLET CODE=VncViewer.class ARCHIVE=SignedVncViewer.jar + WIDTH=$APPLETWIDTH HEIGHT=$APPLETHEIGHT> +<param name=PORT value=$PORT> +<param name="Open New Window" value=yes> +$PARAMS +</APPLET> +<BR> +<A href="http://www.tightvnc.com/">TightVNC site</A> +</HTML> |