Precise error messages in SslServer::setCertificate.

[quassel.git] / src / core / sslserver.cpp

diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp
index c7e1b35..2557f2f 100644 (file)
--- a/src/core/sslserver.cpp
+++ b/src/core/sslserver.cpp
@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2005-08 by the Quassel Project                          *
+ *   Copyright (C) 2005-09 by the Quassel Project                          *
  *   devel@quassel-irc.org                                                 *
  *                                                                         *
  *   This program is free software; you can redistribute it and/or modify  *
@@ -35,21 +35,7 @@
 SslServer::SslServer(QObject *parent)
   : QTcpServer(parent)
 {
-  QFile certFile(quasselDir().absolutePath() + "/quasselCert.pem");
-  certFile.open(QIODevice::ReadOnly);
-  _cert = QSslCertificate(&certFile);
-  certFile.close();
-
-  certFile.open(QIODevice::ReadOnly);
-  _key = QSslKey(&certFile, QSsl::Rsa);
-  certFile.close();
-
-  _certIsValid = !_cert.isNull() && _cert.isValid() && !_key.isNull();
-  if(!_certIsValid) {
-    qWarning() << "SslServer: SSL Certificate is either missing or has a wrong format!\n"
-               << "          Quassel Core will still work, but cannot provide SSL for client connections.\n"
-               << "          Please see http://quassel-irc.org/faq/cert to learn how to enable SSL support.";
-  }
+  setCertificate(quasselDir().absolutePath() + "/quasselCert.pem");
 }
 
 QTcpSocket *SslServer::nextPendingConnection() {
@@ -73,4 +59,51 @@ void SslServer::incomingConnection(int socketDescriptor) {
   }
 }
 
+bool SslServer::setCertificate(const QString &path) {
+  _certIsValid = false;
+
+  if (path.isNull()) {
+    return false;
+  }
+
+  QFile certFile(path);
+  if (! certFile.exists()) {
+    qWarning() << "SslServer: Certificate file" << qPrintable(path) << "does not exist";
+    return false;
+  }
+
+  if (! certFile.open(QIODevice::ReadOnly)) {
+    qWarning()
+      << "SslServer: Failed to open certificate file" << qPrintable(path)
+      << "error:" << certFile.error();
+    return false;
+  }
+  _cert = QSslCertificate(&certFile);
+
+  if (! certFile.reset()) {
+    qWarning() << "SslServer: IO error reading certificate file";
+    return false;
+  }
+
+  _key = QSslKey(&certFile, QSsl::Rsa);
+  certFile.close();
+
+  if (_cert.isNull()) {
+    qWarning() << "SslServer:" << qPrintable(path) << "contains no certificate data";
+    return false;
+  }
+  if (! _cert.isValid()) {
+    qWarning() << "SslServer: Invalid certificate";
+    return false;
+  }
+  if (_key.isNull()) {
+    qWarning() << "SslServer:" << qPrintable(path) << "contains no key data";
+    return false;
+  }
+
+  _certIsValid = true;
+
+  return _certIsValid;
+}
+
 #endif // HAVE_SSL