X-Git-Url: https://git.quassel-irc.org/?a=blobdiff_plain;f=src%2Fcore%2Fsslserver.cpp;h=b8c010fa448087fff3908a07d4c90f0dc97aca8a;hb=fcacaaf16551524c7ebb6114254d005274cc3d63;hp=8b0d06577b292200b48ef95c48dfdfdfb4591643;hpb=c2e3479b87e7d0713d302d26fb2d7d01d7b8c9c2;p=quassel.git diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp index 8b0d0657..b8c010fa 100644 --- a/src/core/sslserver.cpp +++ b/src/core/sslserver.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2016 by the Quassel Project * + * Copyright (C) 2005-2018 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -25,16 +25,14 @@ #endif #include -#include -#include "logger.h" #include "quassel.h" +#include "logmessage.h" #ifdef HAVE_SSL SslServer::SslServer(QObject *parent) - : QTcpServer(parent), - _isCertValid(false) + : QTcpServer(parent) { // Keep track if the SSL warning has been mentioned at least once before static bool sslWarningShown = false; @@ -67,18 +65,15 @@ SslServer::SslServer(QObject *parent) QTcpSocket *SslServer::nextPendingConnection() { if (_pendingConnections.isEmpty()) - return 0; + return nullptr; else return _pendingConnections.takeFirst(); } -#if QT_VERSION >= 0x050000 + void SslServer::incomingConnection(qintptr socketDescriptor) -#else -void SslServer::incomingConnection(int socketDescriptor) -#endif { - QSslSocket *serverSocket = new QSslSocket(this); + auto *serverSocket = new QSslSocket(this); if (serverSocket->setSocketDescriptor(socketDescriptor)) { if (isCertValid()) { serverSocket->setLocalCertificate(_cert); @@ -182,10 +177,10 @@ bool SslServer::setCertificate(const QString &path, const QString &keyPath) return false; } - untestedKey = QSslKey(&keyFile, QSsl::Rsa); + untestedKey = loadKey(&keyFile); keyFile.close(); } else { - untestedKey = QSslKey(&certFile, QSsl::Rsa); + untestedKey = loadKey(&certFile); } certFile.close(); @@ -197,20 +192,16 @@ bool SslServer::setCertificate(const QString &path, const QString &keyPath) // We allow the core to offer SSL anyway, so no "return false" here. Client will warn about the cert being invalid. const QDateTime now = QDateTime::currentDateTime(); - if (now < untestedCert.effectiveDate()) + if (now < untestedCert.effectiveDate()) { quWarning() << "SslServer: Certificate won't be valid before" << untestedCert.effectiveDate().toString(); - - else if (now > untestedCert.expiryDate()) + } + else if (now > untestedCert.expiryDate()) { quWarning() << "SslServer: Certificate expired on" << untestedCert.expiryDate().toString(); - - else { // Qt4's isValid() checks for time range and blacklist; avoid a double warning, hence the else block -#if QT_VERSION < 0x050000 - if (!untestedCert.isValid()) -#else - if (untestedCert.isBlacklisted()) -#endif - quWarning() << "SslServer: Certificate blacklisted"; } + else if (untestedCert.isBlacklisted()) { + quWarning() << "SslServer: Certificate blacklisted"; + } + if (untestedKey.isNull()) { quWarning() << "SslServer:" << qPrintable(keyPath) << "contains no key data"; return false; @@ -227,4 +218,19 @@ bool SslServer::setCertificate(const QString &path, const QString &keyPath) } +QSslKey SslServer::loadKey(QFile *keyFile) +{ + QSslKey key; + key = QSslKey(keyFile, QSsl::Rsa); + if (key.isNull()) { + if (!keyFile->reset()) { + quWarning() << "SslServer: IO error reading key file"; + return key; + } + key = QSslKey(keyFile, QSsl::Ec); + } + return key; +} + + #endif // HAVE_SSL