1 /***************************************************************************
2 * Copyright (C) 2005-2013 by the Quassel Project *
3 * devel@quassel-irc.org *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) version 3. *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. *
19 ***************************************************************************/
21 #include "sslserver.h"
24 # include <QSslSocket>
34 SslServer::SslServer(QObject *parent)
38 static bool sslWarningShown = false;
39 if (!setCertificate(Quassel::configDirPath() + "quasselCert.pem")) {
40 if (!sslWarningShown) {
42 << "SslServer: Unable to set certificate file\n"
43 << " Quassel Core will still work, but cannot provide SSL for client connections.\n"
44 << " Please see http://quassel-irc.org/faq/cert to learn how to enable SSL support.";
45 sslWarningShown = true;
51 QTcpSocket *SslServer::nextPendingConnection()
53 if (_pendingConnections.isEmpty())
56 return _pendingConnections.takeFirst();
60 void SslServer::incomingConnection(int socketDescriptor)
62 QSslSocket *serverSocket = new QSslSocket(this);
63 if (serverSocket->setSocketDescriptor(socketDescriptor)) {
65 serverSocket->setLocalCertificate(_cert);
66 serverSocket->setPrivateKey(_key);
67 serverSocket->addCaCertificates(_ca);
69 _pendingConnections << serverSocket;
78 bool SslServer::setCertificate(const QString &path)
86 if (!certFile.exists()) {
87 quWarning() << "SslServer: Certificate file" << qPrintable(path) << "does not exist";
91 if (!certFile.open(QIODevice::ReadOnly)) {
93 << "SslServer: Failed to open certificate file" << qPrintable(path)
94 << "error:" << certFile.error();
98 QList<QSslCertificate> certList = QSslCertificate::fromDevice(&certFile);
100 if (certList.isEmpty()) {
101 quWarning() << "SslServer: Certificate file doesn't contain a certificate";
106 certList.removeFirst(); // remove server cert
108 // store CA and intermediates certs
111 if (!certFile.reset()) {
112 quWarning() << "SslServer: IO error reading certificate file";
116 _key = QSslKey(&certFile, QSsl::Rsa);
119 if (_cert.isNull()) {
120 quWarning() << "SslServer:" << qPrintable(path) << "contains no certificate data";
123 if (!_cert.isValid()) {
124 quWarning() << "SslServer: Invalid certificate (most likely expired)";
125 // We allow the core to offer SSL anyway, so no "return false" here. Client will warn about the cert being invalid.
128 quWarning() << "SslServer:" << qPrintable(path) << "contains no key data";