X-Git-Url: https://git.quassel-irc.org/?a=blobdiff_plain;f=src%2Fcore%2Fsslserver.cpp;h=c93f4861bae3064799bd7c3e23e43568ab6e9665;hb=f20d380a36e11a7591dacbf0a62d7c11d997f9db;hp=16e3f3e98581dfad7e2af0a614886032e821c482;hpb=8f92b3f08df9f4eb8fd243ccec6aa9d4b563ec23;p=quassel.git diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp index 16e3f3e9..c93f4861 100644 --- a/src/core/sslserver.cpp +++ b/src/core/sslserver.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2019 by the Quassel Project * + * Copyright (C) 2005-2020 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -20,17 +20,13 @@ #include "sslserver.h" -#ifdef HAVE_SSL -# include -#endif - #include +#include +#include #include "core.h" #include "quassel.h" -#ifdef HAVE_SSL - SslServer::SslServer(QObject* parent) : QTcpServer(parent) { @@ -53,6 +49,12 @@ SslServer::SslServer(QObject* parent) // Initialize the certificates for first-time usage if (!loadCerts()) { + // If the core is unable to load a certificate, and "--require-ssl" is specified, + // do not proceed, throw an exception and quit. This prevents the core from falling + // back to a plaintext-only core when they should be expecting SSL/TLS only. + if (Quassel::isOptionSet("require-ssl")) { + throw ExitException{EXIT_FAILURE, tr("--require-ssl is set, but no SSL certificate is available. Exiting.")}; + } if (!sslWarningShown) { qWarning() << "SslServer: Unable to set certificate file\n" << " Quassel Core will still work, but cannot provide SSL for client connections.\n" @@ -62,28 +64,23 @@ SslServer::SslServer(QObject* parent) } } -QTcpSocket* SslServer::nextPendingConnection() -{ - if (_pendingConnections.isEmpty()) - return nullptr; - else - return _pendingConnections.takeFirst(); -} - void SslServer::incomingConnection(qintptr socketDescriptor) { - auto* serverSocket = new QSslSocket(this); - if (serverSocket->setSocketDescriptor(socketDescriptor)) { + auto* socket = new QSslSocket(this); + if (socket->setSocketDescriptor(socketDescriptor)) { if (isCertValid()) { - serverSocket->setLocalCertificate(_cert); - serverSocket->setPrivateKey(_key); - serverSocket->addCaCertificates(_ca); + auto config = socket->sslConfiguration(); + config.setLocalCertificate(_cert); + config.setPrivateKey(_key); + auto certificates = config.caCertificates(); + certificates += _ca; + config.setCaCertificates(certificates); + socket->setSslConfiguration(config); } - _pendingConnections << serverSocket; - emit newConnection(); + addPendingConnection(socket); } else { - delete serverSocket; + delete socket; } } @@ -229,11 +226,10 @@ QSslKey SslServer::loadKey(QFile* keyFile) return key; } -void SslServer::setMetricsServer(MetricsServer* metricsServer) { +void SslServer::setMetricsServer(MetricsServer* metricsServer) +{ _metricsServer = metricsServer; if (_metricsServer) { _metricsServer->setCertificateExpires(_certificateExpires); } } - -#endif // HAVE_SSL