X-Git-Url: https://git.quassel-irc.org/?a=blobdiff_plain;f=src%2Fcore%2Fsslserver.cpp;h=c93f4861bae3064799bd7c3e23e43568ab6e9665;hb=f20d380a36e11a7591dacbf0a62d7c11d997f9db;hp=9fceddd8f27452b3663ca0d33c50b985b1df4cb5;hpb=1a5c1814a0c52f6f35e65c7033b2f896bf1188e3;p=quassel.git

diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp
index 9fceddd8..c93f4861 100644
--- a/src/core/sslserver.cpp
+++ b/src/core/sslserver.cpp
@@ -21,6 +21,7 @@
 #include "sslserver.h"
 
 #include <QDateTime>
+#include <QSslConfiguration>
 #include <QSslSocket>
 
 #include "core.h"
@@ -48,6 +49,12 @@ SslServer::SslServer(QObject* parent)
 
     // Initialize the certificates for first-time usage
     if (!loadCerts()) {
+        // If the core is unable to load a certificate, and "--require-ssl" is specified,
+        // do not proceed, throw an exception and quit. This prevents the core from falling
+        // back to a plaintext-only core when they should be expecting SSL/TLS only.
+        if (Quassel::isOptionSet("require-ssl")) {
+            throw ExitException{EXIT_FAILURE, tr("--require-ssl is set, but no SSL certificate is available. Exiting.")};
+        }
         if (!sslWarningShown) {
             qWarning() << "SslServer: Unable to set certificate file\n"
                        << "          Quassel Core will still work, but cannot provide SSL for client connections.\n"
@@ -57,28 +64,23 @@ SslServer::SslServer(QObject* parent)
     }
 }
 
-QTcpSocket* SslServer::nextPendingConnection()
-{
-    if (_pendingConnections.isEmpty())
-        return nullptr;
-    else
-        return _pendingConnections.takeFirst();
-}
-
 void SslServer::incomingConnection(qintptr socketDescriptor)
 {
-    auto* serverSocket = new QSslSocket(this);
-    if (serverSocket->setSocketDescriptor(socketDescriptor)) {
+    auto* socket = new QSslSocket(this);
+    if (socket->setSocketDescriptor(socketDescriptor)) {
         if (isCertValid()) {
-            serverSocket->setLocalCertificate(_cert);
-            serverSocket->setPrivateKey(_key);
-            serverSocket->addCaCertificates(_ca);
+            auto config = socket->sslConfiguration();
+            config.setLocalCertificate(_cert);
+            config.setPrivateKey(_key);
+            auto certificates = config.caCertificates();
+            certificates += _ca;
+            config.setCaCertificates(certificates);
+            socket->setSslConfiguration(config);
         }
-        _pendingConnections << serverSocket;
-        emit newConnection();
+        addPendingConnection(socket);
     }
     else {
-        delete serverSocket;
+        delete socket;
     }
 }
 
@@ -224,7 +226,8 @@ QSslKey SslServer::loadKey(QFile* keyFile)
     return key;
 }
 
-void SslServer::setMetricsServer(MetricsServer* metricsServer) {
+void SslServer::setMetricsServer(MetricsServer* metricsServer)
+{
     _metricsServer = metricsServer;
     if (_metricsServer) {
         _metricsServer->setCertificateExpires(_certificateExpires);