X-Git-Url: https://git.quassel-irc.org/?a=blobdiff_plain;f=src%2Fcore%2Fsslserver.cpp;h=a1e090b7fe9c578f9627c2e7f83b1dcb308992dd;hb=d9e586707522241d628a90466e13722e342cc28a;hp=b6becaf6c00fabed2539cf3d1d10f7f4ebaa49a2;hpb=25a3ae50ac0d9835283e4f5f10fcfcc10ed5575d;p=quassel.git

diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp
index b6becaf6..a1e090b7 100644
--- a/src/core/sslserver.cpp
+++ b/src/core/sslserver.cpp
@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2005-2016 by the Quassel Project                        *
+ *   Copyright (C) 2005-2018 by the Quassel Project                        *
  *   devel@quassel-irc.org                                                 *
  *                                                                         *
  *   This program is free software; you can redistribute it and/or modify  *
@@ -25,10 +25,9 @@
 #endif
 
 #include <QDateTime>
-#include <QFile>
 
-#include "logger.h"
 #include "quassel.h"
+#include "logmessage.h"
 
 #ifdef HAVE_SSL
 
@@ -57,7 +56,7 @@ SslServer::SslServer(QObject *parent)
             quWarning()
             << "SslServer: Unable to set certificate file\n"
             << "          Quassel Core will still work, but cannot provide SSL for client connections.\n"
-            << "          Please see http://quassel-irc.org/faq/cert to learn how to enable SSL support.";
+            << "          Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support.";
             sslWarningShown = true;
         }
     }
@@ -72,11 +71,8 @@ QTcpSocket *SslServer::nextPendingConnection()
         return _pendingConnections.takeFirst();
 }
 
-#if QT_VERSION >= 0x050000
+
 void SslServer::incomingConnection(qintptr socketDescriptor)
-#else
-void SslServer::incomingConnection(int socketDescriptor)
-#endif
 {
     QSslSocket *serverSocket = new QSslSocket(this);
     if (serverSocket->setSocketDescriptor(socketDescriptor)) {
@@ -112,12 +108,12 @@ bool SslServer::reloadCerts()
             quWarning()
             << "SslServer: Unable to reload certificate file, reverting\n"
             << "          Quassel Core will use the previous key to provide SSL for client connections.\n"
-            << "          Please see http://quassel-irc.org/faq/cert to learn how to enable SSL support.";
+            << "          Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support.";
         } else {
             quWarning()
             << "SslServer: Unable to reload certificate file\n"
             << "          Quassel Core will still work, but cannot provide SSL for client connections.\n"
-            << "          Please see http://quassel-irc.org/faq/cert to learn how to enable SSL support.";
+            << "          Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support.";
         }
         return false;
     }
@@ -182,10 +178,10 @@ bool SslServer::setCertificate(const QString &path, const QString &keyPath)
             return false;
         }
 
-        untestedKey = QSslKey(&keyFile, QSsl::Rsa);
+        untestedKey = loadKey(&keyFile);
         keyFile.close();
     } else {
-        untestedKey = QSslKey(&certFile, QSsl::Rsa);
+        untestedKey = loadKey(&certFile);
     }
 
     certFile.close();
@@ -197,20 +193,16 @@ bool SslServer::setCertificate(const QString &path, const QString &keyPath)
 
     // We allow the core to offer SSL anyway, so no "return false" here. Client will warn about the cert being invalid.
     const QDateTime now = QDateTime::currentDateTime();
-    if (now < untestedCert.effectiveDate())
+    if (now < untestedCert.effectiveDate()) {
         quWarning() << "SslServer: Certificate won't be valid before" << untestedCert.effectiveDate().toString();
-
-    else if (now > untestedCert.expiryDate())
+    }
+    else if (now > untestedCert.expiryDate()) {
         quWarning() << "SslServer: Certificate expired on" << untestedCert.expiryDate().toString();
-
-    else { // Qt4's isValid() checks for time range and blacklist; avoid a double warning, hence the else block
-#if QT_VERSION < 0x050000
-        if (!untestedCert.isValid())
-#else
-        if (untestedCert.isBlacklisted())
-#endif
-            quWarning() << "SslServer: Certificate blacklisted";
     }
+    else if (untestedCert.isBlacklisted()) {
+        quWarning() << "SslServer: Certificate blacklisted";
+    }
+
     if (untestedKey.isNull()) {
         quWarning() << "SslServer:" << qPrintable(keyPath) << "contains no key data";
         return false;
@@ -227,4 +219,19 @@ bool SslServer::setCertificate(const QString &path, const QString &keyPath)
 }
 
 
+QSslKey SslServer::loadKey(QFile *keyFile)
+{
+    QSslKey key;
+    key = QSslKey(keyFile, QSsl::Rsa);
+    if (key.isNull()) {
+        if (!keyFile->reset()) {
+            quWarning() << "SslServer: IO error reading key file";
+            return key;
+        }
+        key = QSslKey(keyFile, QSsl::Ec);
+    }
+    return key;
+}
+
+
 #endif // HAVE_SSL