/***************************************************************************
- * Copyright (C) 2005-08 by the Quassel Project *
+ * Copyright (C) 2005-09 by the Quassel Project *
* devel@quassel-irc.org *
* *
* This program is free software; you can redistribute it and/or modify *
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
***************************************************************************/
-#ifndef QT_NO_OPENSSL
-
#include "sslserver.h"
-#include <QSslSocket>
+#ifdef HAVE_SSL
+# include <QSslSocket>
+#endif
+
#include <QFile>
-#include <QDebug>
-#include "util.h"
+#include "logger.h"
+#include "quassel.h"
+
+#ifdef HAVE_SSL
SslServer::SslServer(QObject *parent)
- : QTcpServer(parent)
+ : QTcpServer(parent),
+ _isCertValid(false)
{
- QFile certFile(quasselDir().absolutePath() + "/quasselCert.pem");
- certFile.open(QIODevice::ReadOnly);
- _cert = QSslCertificate(&certFile);
- certFile.close();
-
- certFile.open(QIODevice::ReadOnly);
- _key = QSslKey(&certFile, QSsl::Rsa);
- certFile.close();
-
- _certIsValid = !_cert.isNull() && _cert.isValid() && !_key.isNull();
- if(!_certIsValid) {
- qWarning() << "SslServer: SSL Certificate is either missing or has wrong format!";
- qWarning() << " make sure that ~/.quassel/quasselCert.pem is pem format and contains the cert and an rsa key!";
- qWarning() << "SslServer: this Quassel Core cannot provide SSL!";
+ static bool sslWarningShown = false;
+ if(!setCertificate(Quassel::configDirPath() + "quasselCert.pem")) {
+ if(!sslWarningShown) {
+ quWarning()
+ << "SslServer: Unable to set certificate file\n"
+ << " Quassel Core will still work, but cannot provide SSL for client connections.\n"
+ << " Please see http://quassel-irc.org/faq/cert to learn how to enable SSL support.";
+ sslWarningShown=true;
+ }
}
}
void SslServer::incomingConnection(int socketDescriptor) {
QSslSocket *serverSocket = new QSslSocket(this);
if(serverSocket->setSocketDescriptor(socketDescriptor)) {
- if(certIsValid()) {
+ if(isCertValid()) {
serverSocket->setLocalCertificate(_cert);
serverSocket->setPrivateKey(_key);
+ serverSocket->addCaCertificates(_ca);
}
_pendingConnections << serverSocket;
emit newConnection();
}
}
-#endif // QT_NO_OPENSSL
+bool SslServer::setCertificate(const QString &path) {
+ _isCertValid = false;
+
+ if(path.isEmpty())
+ return false;
+
+ QFile certFile(path);
+ if(!certFile.exists()) {
+ quWarning() << "SslServer: Certificate file" << qPrintable(path) << "does not exist";
+ return false;
+ }
+
+ if(!certFile.open(QIODevice::ReadOnly)) {
+ quWarning()
+ << "SslServer: Failed to open certificate file" << qPrintable(path)
+ << "error:" << certFile.error();
+ return false;
+ }
+
+ QList<QSslCertificate> certList = QSslCertificate::fromDevice(&certFile);
+
+ if (certList.isEmpty()) {
+ quWarning() << "SslServer: Certificate file doesn't contain a certificate";
+ return false;
+ }
+
+ _cert = certList[0];
+ certList.removeFirst(); // remove server cert
+
+ // store CA and intermediates certs
+ _ca = certList;
+
+ if(!certFile.reset()) {
+ quWarning() << "SslServer: IO error reading certificate file";
+ return false;
+ }
+
+ _key = QSslKey(&certFile, QSsl::Rsa);
+ certFile.close();
+
+ if(_cert.isNull()) {
+ quWarning() << "SslServer:" << qPrintable(path) << "contains no certificate data";
+ return false;
+ }
+ if(!_cert.isValid()) {
+ quWarning() << "SslServer: Invalid certificate (most likely expired)";
+ }
+ if(_key.isNull()) {
+ quWarning() << "SslServer:" << qPrintable(path) << "contains no key data";
+ return false;
+ }
+
+ _isCertValid = true;
+
+ return _isCertValid;
+}
+
+#endif // HAVE_SSL
projects / quassel.git / blobdiff