/***************************************************************************
- * Copyright (C) 2005-2020 by the Quassel Project *
+ * Copyright (C) 2005-2022 by the Quassel Project *
* devel@quassel-irc.org *
* *
* This program is free software; you can redistribute it and/or modify *
#include "sslserver.h"
#include <QDateTime>
+#include <QSslConfiguration>
#include <QSslSocket>
#include "core.h"
// Initialize the certificates for first-time usage
if (!loadCerts()) {
+ // If the core is unable to load a certificate, and "--require-ssl" is specified,
+ // do not proceed, throw an exception and quit. This prevents the core from falling
+ // back to a plaintext-only core when they should be expecting SSL/TLS only.
+ if (Quassel::isOptionSet("require-ssl")) {
+ throw ExitException{EXIT_FAILURE, tr("--require-ssl is set, but no SSL certificate is available. Exiting.\n"
+ "Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support.")};
+ }
if (!sslWarningShown) {
qWarning() << "SslServer: Unable to set certificate file\n"
<< " Quassel Core will still work, but cannot provide SSL for client connections.\n"
}
}
-QTcpSocket* SslServer::nextPendingConnection()
-{
- if (_pendingConnections.isEmpty())
- return nullptr;
- else
- return _pendingConnections.takeFirst();
-}
-
void SslServer::incomingConnection(qintptr socketDescriptor)
{
- auto* serverSocket = new QSslSocket(this);
- if (serverSocket->setSocketDescriptor(socketDescriptor)) {
+ auto* socket = new QSslSocket(this);
+ if (socket->setSocketDescriptor(socketDescriptor)) {
if (isCertValid()) {
- serverSocket->setLocalCertificate(_cert);
- serverSocket->setPrivateKey(_key);
- serverSocket->addCaCertificates(_ca);
+ auto config = socket->sslConfiguration();
+ config.setLocalCertificate(_cert);
+ config.setPrivateKey(_key);
+ auto certificates = config.caCertificates();
+ certificates += _ca;
+ config.setCaCertificates(certificates);
+ socket->setSslConfiguration(config);
}
- _pendingConnections << serverSocket;
- emit newConnection();
+ addPendingConnection(socket);
}
else {
- delete serverSocket;
+ delete socket;
}
}
return key;
}
-void SslServer::setMetricsServer(MetricsServer* metricsServer) {
+void SslServer::setMetricsServer(MetricsServer* metricsServer)
+{
_metricsServer = metricsServer;
if (_metricsServer) {
_metricsServer->setCertificateExpires(_certificateExpires);