On Wed, Nov 26, 2008 at 01:55:46PM +0530, Bharat Varma wrote:
> A possible solution I am thinking of is to try and use an SSL tunnel. If it is
> possible to have a HTTPS server which can act as a gateway - i.e. the libcurl
> client does the SSL handshakes, authentication and then there is a tunnel ready
> to transport tcp data as usual, which the server then directly passes on to the
> actual VNC Reflector, the traffic itself would appear to be SSL so the proxies
> wouldn't have anything to complain, unless they do deep inspection.
Even if they do deep packet inspection, all they'll see is actual SSL so
they should have nothing to complain about.
> Has any one tried this ? I have seen some solutions with stunnel and ssh. But
> when it comes to VNC, I am at a loss. I seem to be able to do SSL certificate
> exchange, but after that the channel breaks.
> I do not understand SSL / TLS (infact, HTTP itself.. I feel lucky that I found
> out about the HTTPPROXYTUNNEL option itself) all too well, so it would be great
> to see if anyone knows that this is atleast possible.
Is the reflector literally reflecting packets from real client to real server,
or does it actually understand the VNC protocol itself and terminate the
two ends of the VNC connection itself? If the former, then you'll just be
passing SSL traffic blindly from one connection to the other, which libcurl
will happily do.
If the latter, then libcurl will handle the client end just fine (using
curl_easy_recv and curl_easy_send). The server end (terminating the
connection to the VNC server) it won't do. But depending on whether you
want SSL on both legs of the reflector, that might not be necessary. If
so, then you'll have to write that side to OpenSSL/GnuTLS/etc. directly.
http://www.MoveAnnouncer.com The web change of address service
Let webmasters know that your web site has moved
Received on 2008-11-26