OFTC supports a way to identify clients based on the fingerprint of
the SSL certificated used to initialise the connection.
This patch allows to make use of the CertFP identification by creating
a ~/.quassel/quasselClientCert.pem key/certificate file, which will be
used for all the outgoing SSL connections to IRC servers.
At the moment the message sent by the server at the connection is not
displayed by quassel, so you'll have to find the certificate's
fingerprint through OpenSSL (or any other method).
Signed-off-by: Manuel Nickschas <sputnick@quassel-irc.org>
connect(network, SIGNAL(autoReconnectRetriesSet(quint16)), this, SLOT(autoReconnectSettingsChanged()));
#ifndef QT_NO_OPENSSL
connect(network, SIGNAL(autoReconnectRetriesSet(quint16)), this, SLOT(autoReconnectSettingsChanged()));
#ifndef QT_NO_OPENSSL
+ {
+ QFile certFile(quasselDir().absolutePath() + "/quasselClientCert.pem");
+ certFile.open(QIODevice::ReadOnly);
+ QSslCertificate cert(&certFile);
+ certFile.close();
+
+ certFile.open(QIODevice::ReadOnly);
+ QSslKey key(&certFile, QSsl::Rsa);
+ certFile.close();
+
+ if ( !cert.isNull() && cert.isValid() &&
+ !key.isNull() ) {
+ socket.setLocalCertificate(cert);
+ socket.setPrivateKey(key);
+ }
+ }
+
connect(&socket, SIGNAL(encrypted()), this, SLOT(socketEncrypted()));
connect(&socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &)));
#endif
connect(&socket, SIGNAL(encrypted()), this, SLOT(socketEncrypted()));
connect(&socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &)));
#endif