Add cmdline options for SSL certificate/key paths.

Add cmdline options to core to specify the SSL certificate
and SSL key path, --ssl-cert and --ssl-key respectively.
If not set, the usual path CONFIGDIR/quasselCert.pem
will be used for the cert and the key.

If only the path to the certificate is set, it is assumed
to also contain the key.

diff --git a/src/common/main.cpp b/src/common/main.cpp
index b13d3ee..6cbe438 100644 (file)
--- a/src/common/main.cpp
+++ b/src/common/main.cpp
@@ -170,6 +170,8 @@ int main(int argc, char **argv)
     cliParser->addOption("oidentd-conffile", 0, "Set path to oidentd configuration file", "file");
 #ifdef HAVE_SSL
     cliParser->addSwitch("require-ssl", 0, "Require SSL for remote (non-loopback) client connections");
+    cliParser->addOption("ssl-cert", 0, "Specify the path to the SSL Certificate", "path", "configdir/quasselCert.pem");
+    cliParser->addOption("ssl-key", 0, "Specify the path to the SSL key", "path", "ssl-cert-path");
 #endif
     cliParser->addSwitch("enable-experimental-dcc", 0, "Enable highly experimental and unfinished support for CTCP DCC (DANGEROUS)");
 #endif

diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp
index 78495b2..29166c3 100644 (file)
--- a/src/core/sslserver.cpp
+++ b/src/core/sslserver.cpp
@@ -37,7 +37,23 @@ SslServer::SslServer(QObject *parent)
     _isCertValid(false)
 {
     static bool sslWarningShown = false;
-    if (!setCertificate(Quassel::configDirPath() + "quasselCert.pem")) {
+
+    QString ssl_cert;
+    QString ssl_key;
+
+    if(Quassel::isOptionSet("ssl-cert")) {
+        ssl_cert = Quassel::optionValue("ssl-cert");
+    } else {
+        ssl_cert = Quassel::configDirPath() + "quasselCert.pem";
+    }
+
+    if(Quassel::isOptionSet("ssl-key")) {
+        ssl_key = Quassel::optionValue("ssl-key");
+    } else {
+        ssl_key = ssl_cert;
+    }
+
+    if (!setCertificate(ssl_cert, ssl_key)) {
         if (!sslWarningShown) {
             quWarning()
             << "SslServer: Unable to set certificate file\n"
@@ -79,7 +95,7 @@ void SslServer::incomingConnection(int socketDescriptor)
 }
 
 
-bool SslServer::setCertificate(const QString &path)
+bool SslServer::setCertificate(const QString &path, const QString &keyPath)
 {
     _isCertValid = false;
 
@@ -117,7 +133,27 @@ bool SslServer::setCertificate(const QString &path)
         return false;
     }
 
-    _key = QSslKey(&certFile, QSsl::Rsa);
+    // load key from keyPath if it differs from path, otherwise load key from path
+    if(path != keyPath) {
+        QFile keyFile(keyPath);
+        if(!keyFile.exists()) {
+            quWarning() << "SslServer: Key file" << qPrintable(keyPath) << "does not exist";
+            return false;
+        }
+
+        if (!keyFile.open(QIODevice::ReadOnly)) {
+            quWarning()
+            << "SslServer: Failed to open key file" << qPrintable(keyPath)
+            << "error:" << keyFile.error();
+            return false;
+        }
+
+        _key = QSslKey(&keyFile, QSsl::Rsa);
+        keyFile.close();
+    } else {
+        _key = QSslKey(&certFile, QSsl::Rsa);
+    }
+
     certFile.close();
 
     if (_cert.isNull()) {
@@ -142,7 +178,7 @@ bool SslServer::setCertificate(const QString &path)
             quWarning() << "SslServer: Certificate blacklisted";
     }
     if (_key.isNull()) {
-        quWarning() << "SslServer:" << qPrintable(path) << "contains no key data";
+        quWarning() << "SslServer:" << qPrintable(keyPath) << "contains no key data";
         return false;
     }
 

diff --git a/src/core/sslserver.h b/src/core/sslserver.h
index bd72f29..9b69a8c 100644 (file)
--- a/src/core/sslserver.h
+++ b/src/core/sslserver.h
@@ -49,7 +49,7 @@ protected:
     virtual void incomingConnection(int socketDescriptor);
 #endif
 
-    virtual bool setCertificate(const QString &path);
+    virtual bool setCertificate(const QString &path, const QString &keyPath);
 
 private:
     QLinkedList<QTcpSocket *> _pendingConnections;