X-Git-Url: https://git.quassel-irc.org/?a=blobdiff_plain;f=src%2Fcore%2Fsslserver.cpp;h=cf98bc2f6c790b6d9dfa3be0ab215c02e741cf04;hb=24c7de34254b5de4cf28045a6923a527e06f7290;hp=f7d35c3447df70f49d5f871fc7f80e6a3c848638;hpb=b62292bbe3f21887dc5ee4353ca9cf675f9aa3f3;p=quassel.git

diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp
index f7d35c34..cf98bc2f 100644
--- a/src/core/sslserver.cpp
+++ b/src/core/sslserver.cpp
@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2005-2020 by the Quassel Project                        *
+ *   Copyright (C) 2005-2022 by the Quassel Project                        *
  *   devel@quassel-irc.org                                                 *
  *                                                                         *
  *   This program is free software; you can redistribute it and/or modify  *
@@ -21,6 +21,7 @@
 #include "sslserver.h"
 
 #include <QDateTime>
+#include <QSslConfiguration>
 #include <QSslSocket>
 
 #include "core.h"
@@ -48,6 +49,13 @@ SslServer::SslServer(QObject* parent)
 
     // Initialize the certificates for first-time usage
     if (!loadCerts()) {
+        // If the core is unable to load a certificate, and "--require-ssl" is specified,
+        // do not proceed, throw an exception and quit. This prevents the core from falling
+        // back to a plaintext-only core when they should be expecting SSL/TLS only.
+        if (Quassel::isOptionSet("require-ssl")) {
+            throw ExitException{EXIT_FAILURE, tr("--require-ssl is set, but no SSL certificate is available. Exiting.\n"
+                                                 "Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support.")};
+        }
         if (!sslWarningShown) {
             qWarning() << "SslServer: Unable to set certificate file\n"
                        << "          Quassel Core will still work, but cannot provide SSL for client connections.\n"
@@ -62,9 +70,13 @@ void SslServer::incomingConnection(qintptr socketDescriptor)
     auto* socket = new QSslSocket(this);
     if (socket->setSocketDescriptor(socketDescriptor)) {
         if (isCertValid()) {
-            socket->setLocalCertificate(_cert);
-            socket->setPrivateKey(_key);
-            socket->addCaCertificates(_ca);
+            auto config = socket->sslConfiguration();
+            config.setLocalCertificate(_cert);
+            config.setPrivateKey(_key);
+            auto certificates = config.caCertificates();
+            certificates += _ca;
+            config.setCaCertificates(certificates);
+            socket->setSslConfiguration(config);
         }
         addPendingConnection(socket);
     }
@@ -215,7 +227,8 @@ QSslKey SslServer::loadKey(QFile* keyFile)
     return key;
 }
 
-void SslServer::setMetricsServer(MetricsServer* metricsServer) {
+void SslServer::setMetricsServer(MetricsServer* metricsServer)
+{
     _metricsServer = metricsServer;
     if (_metricsServer) {
         _metricsServer->setCertificateExpires(_certificateExpires);