From 1f8aba3147ec13aaa70a44372775b72bb4e59941 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Tue, 29 Dec 2015 15:02:11 +0100
Subject: Add workaround for Vino's VeNCrypt implementation
diff --git a/common/rfb/Security.cxx b/common/rfb/Security.cxx
index e623ab5..0666041 100644
--- a/common/rfb/Security.cxx
+++ b/common/rfb/Security.cxx
@@ -74,7 +74,18 @@ const std::list<rdr::U8> Security::GetEnabledSecTypes(void)
list<rdr::U8> result;
list<U32>::iterator i;
- result.push_back(secTypeVeNCrypt);
+ /* Partial workaround for Vino's stupid behaviour. It doesn't allow
+ * the basic authentication types as part of the VeNCrypt handshake,
+ * making it impossible for a client to do opportunistic encryption.
+ * At least make it possible to connect when encryption is explicitly
+ * disabled. */
+ for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++) {
+ if (*i >= 0x100) {
+ result.push_back(secTypeVeNCrypt);
+ break;
+ }
+ }
+
for (i = enabledSecTypes.begin(); i != enabledSecTypes.end(); i++)
if (*i < 0x100)
result.push_back(*i);