- _certIsValid = !_cert.isNull() && _cert.isValid() && !_key.isNull();
- if(!_certIsValid) {
- qWarning() << "SslServer: SSL Certificate is either missing or has a wrong format!\n"
- << " Quassel Core will still work, but cannot provide SSL for client connections.\n"
- << " Please see http://quassel-irc.org/faq/cert to learn how to enable SSL support.";
- }
+ if (!certFile.reset()) {
+ qWarning() << "SslServer: IO error reading certificate file";
+ return false;
+ }
+
+ // load key from keyPath if it differs from path, otherwise load key from path
+ if (path != keyPath) {
+ QFile keyFile(keyPath);
+ if (!keyFile.exists()) {
+ qWarning() << "SslServer: Key file" << qPrintable(keyPath) << "does not exist";
+ return false;
+ }
+
+ if (!keyFile.open(QIODevice::ReadOnly)) {
+ qWarning() << "SslServer: Failed to open key file" << qPrintable(keyPath) << "error:" << keyFile.error();
+ return false;
+ }
+
+ untestedKey = loadKey(&keyFile);
+ keyFile.close();
+ }
+ else {
+ untestedKey = loadKey(&certFile);
+ }
+
+ certFile.close();
+
+ if (untestedCert.isNull()) {
+ qWarning() << "SslServer:" << qPrintable(path) << "contains no certificate data";
+ return false;
+ }
+
+ // We allow the core to offer SSL anyway, so no "return false" here. Client will warn about the cert being invalid.
+ const QDateTime now = QDateTime::currentDateTime();
+ if (now < untestedCert.effectiveDate()) {
+ qWarning() << "SslServer: Certificate won't be valid before" << untestedCert.effectiveDate().toString();
+ }
+ else if (now > untestedCert.expiryDate()) {
+ qWarning() << "SslServer: Certificate expired on" << untestedCert.expiryDate().toString();
+ }
+ else if (untestedCert.isBlacklisted()) {
+ qWarning() << "SslServer: Certificate blacklisted";
+ }