/***************************************************************************
- * Copyright (C) 2005-2016 by the Quassel Project *
+ * Copyright (C) 2005-2018 by the Quassel Project *
* devel@quassel-irc.org *
* *
* This program is free software; you can redistribute it and/or modify *
#endif
#include <QDateTime>
-#include <QFile>
-#include "logger.h"
#include "quassel.h"
+#include "logmessage.h"
#ifdef HAVE_SSL
SslServer::SslServer(QObject *parent)
- : QTcpServer(parent),
- _isCertValid(false)
+ : QTcpServer(parent)
{
// Keep track if the SSL warning has been mentioned at least once before
static bool sslWarningShown = false;
QTcpSocket *SslServer::nextPendingConnection()
{
if (_pendingConnections.isEmpty())
- return 0;
+ return nullptr;
else
return _pendingConnections.takeFirst();
}
-#if QT_VERSION >= 0x050000
+
void SslServer::incomingConnection(qintptr socketDescriptor)
-#else
-void SslServer::incomingConnection(int socketDescriptor)
-#endif
{
QSslSocket *serverSocket = new QSslSocket(this);
if (serverSocket->setSocketDescriptor(socketDescriptor)) {
return false;
}
- untestedKey = QSslKey(&keyFile, QSsl::Rsa);
+ untestedKey = loadKey(&keyFile);
keyFile.close();
} else {
- untestedKey = QSslKey(&certFile, QSsl::Rsa);
+ untestedKey = loadKey(&certFile);
}
certFile.close();
// We allow the core to offer SSL anyway, so no "return false" here. Client will warn about the cert being invalid.
const QDateTime now = QDateTime::currentDateTime();
- if (now < untestedCert.effectiveDate())
+ if (now < untestedCert.effectiveDate()) {
quWarning() << "SslServer: Certificate won't be valid before" << untestedCert.effectiveDate().toString();
-
- else if (now > untestedCert.expiryDate())
+ }
+ else if (now > untestedCert.expiryDate()) {
quWarning() << "SslServer: Certificate expired on" << untestedCert.expiryDate().toString();
-
- else { // Qt4's isValid() checks for time range and blacklist; avoid a double warning, hence the else block
-#if QT_VERSION < 0x050000
- if (!untestedCert.isValid())
-#else
- if (untestedCert.isBlacklisted())
-#endif
- quWarning() << "SslServer: Certificate blacklisted";
}
+ else if (untestedCert.isBlacklisted()) {
+ quWarning() << "SslServer: Certificate blacklisted";
+ }
+
if (untestedKey.isNull()) {
quWarning() << "SslServer:" << qPrintable(keyPath) << "contains no key data";
return false;
}
+QSslKey SslServer::loadKey(QFile *keyFile)
+{
+ QSslKey key;
+ key = QSslKey(keyFile, QSsl::Rsa);
+ if (key.isNull()) {
+ if (!keyFile->reset()) {
+ quWarning() << "SslServer: IO error reading key file";
+ return key;
+ }
+ key = QSslKey(keyFile, QSsl::Ec);
+ }
+ return key;
+}
+
+
#endif // HAVE_SSL