cmake: avoid de-duplication of user's CXXFLAGS

[quassel.git] / src / core / sslserver.cpp
diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp

index 9fceddd..cf98bc2 100644 (file)
--- a/src/core/sslserver.cpp
+++ b/src/core/sslserver.cpp
@@ -1,5 +1,5 @@
  /***************************************************************************
- *   Copyright (C) 2005-2020 by the Quassel Project                        *
+ *   Copyright (C) 2005-2022 by the Quassel Project                        *
   *   devel@quassel-irc.org                                                 *
   *                                                                         *
   *   This program is free software; you can redistribute it and/or modify  *
@@ -21,6 +21,7 @@
  #include "sslserver.h"
  
  #include <QDateTime>
+#include <QSslConfiguration>
  #include <QSslSocket>
  
  #include "core.h"
@@ -48,6 +49,13 @@ SslServer::SslServer(QObject* parent)
  
      // Initialize the certificates for first-time usage
      if (!loadCerts()) {
+        // If the core is unable to load a certificate, and "--require-ssl" is specified,
+        // do not proceed, throw an exception and quit. This prevents the core from falling
+        // back to a plaintext-only core when they should be expecting SSL/TLS only.
+        if (Quassel::isOptionSet("require-ssl")) {
+            throw ExitException{EXIT_FAILURE, tr("--require-ssl is set, but no SSL certificate is available. Exiting.\n"
+                                                 "Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support.")};
+        }
          if (!sslWarningShown) {
              qWarning() << "SslServer: Unable to set certificate file\n"
                         << "          Quassel Core will still work, but cannot provide SSL for client connections.\n"
@@ -57,28 +65,23 @@ SslServer::SslServer(QObject* parent)
      }
  }
  
-QTcpSocket* SslServer::nextPendingConnection()
-{
-    if (_pendingConnections.isEmpty())
-        return nullptr;
-    else
-        return _pendingConnections.takeFirst();
-}
-
  void SslServer::incomingConnection(qintptr socketDescriptor)
  {
-    auto* serverSocket = new QSslSocket(this);
-    if (serverSocket->setSocketDescriptor(socketDescriptor)) {
+    auto* socket = new QSslSocket(this);
+    if (socket->setSocketDescriptor(socketDescriptor)) {
          if (isCertValid()) {
-            serverSocket->setLocalCertificate(_cert);
-            serverSocket->setPrivateKey(_key);
-            serverSocket->addCaCertificates(_ca);
+            auto config = socket->sslConfiguration();
+            config.setLocalCertificate(_cert);
+            config.setPrivateKey(_key);
+            auto certificates = config.caCertificates();
+            certificates += _ca;
+            config.setCaCertificates(certificates);
+            socket->setSslConfiguration(config);
          }
-        _pendingConnections << serverSocket;
-        emit newConnection();
+        addPendingConnection(socket);
      }
      else {
-        delete serverSocket;
+        delete socket;
      }
  }
  
@@ -224,7 +227,8 @@ QSslKey SslServer::loadKey(QFile* keyFile)
      return key;
  }
  
-void SslServer::setMetricsServer(MetricsServer* metricsServer) {
+void SslServer::setMetricsServer(MetricsServer* metricsServer)
+{
      _metricsServer = metricsServer;
      if (_metricsServer) {
          _metricsServer->setCertificateExpires(_certificateExpires);