+
+
+/*** SSL Stuff ***/
+
+void ClientAuthHandler::checkAndEnableSsl(bool coreSupportsSsl)
+{
+#ifndef HAVE_SSL
+ Q_UNUSED(coreSupportsSsl);
+#else
+ CoreAccountSettings s;
+ if (coreSupportsSsl && _account.useSsl()) {
+ // Make sure the warning is shown next time we don't have SSL in the core
+ s.setAccountValue("ShowNoCoreSslWarning", true);
+
+ QSslSocket *sslSocket = qobject_cast<QSslSocket *>(socket());
+ Q_ASSERT(sslSocket);
+ connect(sslSocket, SIGNAL(encrypted()), SLOT(onSslSocketEncrypted()));
+ connect(sslSocket, SIGNAL(sslErrors(QList<QSslError>)), SLOT(onSslErrors()));
+ qDebug() << "Starting encryption...";
+ sslSocket->flush();
+ sslSocket->startClientEncryption();
+ }
+ else {
+ if (s.accountValue("ShowNoCoreSslWarning", true).toBool()) {
+ bool accepted = false;
+ emit handleNoSslInCore(&accepted);
+ if (!accepted) {
+ requestDisconnect(tr("Unencrypted connection cancelled"));
+ return;
+ }
+ s.setAccountValue("ShowNoCoreSslWarning", false);
+ s.setAccountValue("SslCert", QString());
+ }
+ if (_legacy)
+ onConnectionReady();
+ else
+ startRegistration();
+ }
+#endif
+}
+
+#ifdef HAVE_SSL
+
+void ClientAuthHandler::onSslSocketEncrypted()
+{
+ QSslSocket *socket = qobject_cast<QSslSocket *>(sender());
+ Q_ASSERT(socket);
+
+ if (!socket->sslErrors().count()) {
+ // Cert is valid, so we don't want to store it as known
+ // That way, a warning will appear in case it becomes invalid at some point
+ CoreAccountSettings s;
+ s.setAccountValue("SSLCert", QString());
+ }
+
+ emit encrypted(true);
+
+ if (_legacy)
+ onConnectionReady();
+ else
+ startRegistration();
+}
+
+
+void ClientAuthHandler::onSslErrors()
+{
+ QSslSocket *socket = qobject_cast<QSslSocket *>(sender());
+ Q_ASSERT(socket);
+
+ CoreAccountSettings s;
+ QByteArray knownDigest = s.accountValue("SslCert").toByteArray();
+
+ if (knownDigest != socket->peerCertificate().digest()) {
+ bool accepted = false;
+ bool permanently = false;
+ emit handleSslErrors(socket, &accepted, &permanently);
+
+ if (!accepted) {
+ requestDisconnect(tr("Unencrypted connection canceled"));
+ return;
+ }
+
+ if (permanently)
+ s.setAccountValue("SslCert", socket->peerCertificate().digest());
+ else
+ s.setAccountValue("SslCert", QString());
+ }
+
+ socket->ignoreSslErrors();
+}
+
+#endif /* HAVE_SSL */