Skip to content

/tigervnc

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

X509 client authentication #787

Open
mestag-a opened this issue Jan 14, 2019 · 1 comment

Comments

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
2 participants
@mestag-a @CendioOssman
@mestag-a
Copy link

commented Jan 14, 2019
edited by CendioOssman

Is there a technical reason why the X509CA configuration option is available on the client side, but not the server side ?
I wanted to use this so that a VNC server would only accept client connections from users with a certificate signed from the configured CA.
It is possible to configure OpenVPN and SSH to trust a given CA, so I was wondering why this "trusting feature" was implemented the other way around in TigerVNC.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
@CendioOssman

This comment has been minimized.

Sign in to view
Copy link
Member

commented Jan 16, 2019

X509 is currently only used to authenticate the server, not the client. So basically how most web servers work.

It should theoretically be possible to use client certificates as well, but this is not implemented at the moment. It could also require a protocol extension to work really well.

@CendioOssman CendioOssman added the enhancement label Jan 16, 2019

@CendioOssman CendioOssman changed the title X509CA option on server side X509 client authentication Jan 16, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.