1 /***************************************************************************
2 * Copyright (C) 2005-2014 by the Quassel Project *
3 * devel@quassel-irc.org *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) version 3. *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. *
19 ***************************************************************************/
21 #include "sslserver.h"
24 # include <QSslSocket>
35 SslServer::SslServer(QObject *parent)
39 static bool sslWarningShown = false;
40 if (!setCertificate(Quassel::configDirPath() + "quasselCert.pem")) {
41 if (!sslWarningShown) {
43 << "SslServer: Unable to set certificate file\n"
44 << " Quassel Core will still work, but cannot provide SSL for client connections.\n"
45 << " Please see http://quassel-irc.org/faq/cert to learn how to enable SSL support.";
46 sslWarningShown = true;
52 QTcpSocket *SslServer::nextPendingConnection()
54 if (_pendingConnections.isEmpty())
57 return _pendingConnections.takeFirst();
60 #if QT_VERSION >= 0x050000
61 void SslServer::incomingConnection(qintptr socketDescriptor)
63 void SslServer::incomingConnection(int socketDescriptor)
66 QSslSocket *serverSocket = new QSslSocket(this);
67 if (serverSocket->setSocketDescriptor(socketDescriptor)) {
69 serverSocket->setLocalCertificate(_cert);
70 serverSocket->setPrivateKey(_key);
71 serverSocket->addCaCertificates(_ca);
73 _pendingConnections << serverSocket;
82 bool SslServer::setCertificate(const QString &path)
90 if (!certFile.exists()) {
91 quWarning() << "SslServer: Certificate file" << qPrintable(path) << "does not exist";
95 if (!certFile.open(QIODevice::ReadOnly)) {
97 << "SslServer: Failed to open certificate file" << qPrintable(path)
98 << "error:" << certFile.error();
102 QList<QSslCertificate> certList = QSslCertificate::fromDevice(&certFile);
104 if (certList.isEmpty()) {
105 quWarning() << "SslServer: Certificate file doesn't contain a certificate";
110 certList.removeFirst(); // remove server cert
112 // store CA and intermediates certs
115 if (!certFile.reset()) {
116 quWarning() << "SslServer: IO error reading certificate file";
120 _key = QSslKey(&certFile, QSsl::Rsa);
123 if (_cert.isNull()) {
124 quWarning() << "SslServer:" << qPrintable(path) << "contains no certificate data";
128 // We allow the core to offer SSL anyway, so no "return false" here. Client will warn about the cert being invalid.
129 const QDateTime now = QDateTime::currentDateTime();
130 if (now < _cert.effectiveDate())
131 quWarning() << "SslServer: Certificate won't be valid before" << _cert.effectiveDate().toString();
133 else if (now > _cert.expiryDate())
134 quWarning() << "SslServer: Certificate expired on" << _cert.expiryDate().toString();
136 else { // Qt4's isValid() checks for time range and blacklist; avoid a double warning, hence the else block
137 #if QT_VERSION < 0x050000
138 if (!_cert.isValid())
140 if (_cert.isBlacklisted())
142 quWarning() << "SslServer: Certificate blacklisted";
145 quWarning() << "SslServer:" << qPrintable(path) << "contains no key data";