X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fcore.cpp;h=21e7c16f9f1b2926592ea6dc2ffac17e8cde193a;hp=20dc44940b2c72d0d25e0a7182d5eb3ca05218a4;hb=444e91f948b435e652205c4d0f1148906e9e86dc;hpb=8ec76e512d20ce5d1dc76de556bb98a06b75d695

diff --git a/src/core/core.cpp b/src/core/core.cpp
index 20dc4494..21e7c16f 100644
--- a/src/core/core.cpp
+++ b/src/core/core.cpp
@@ -30,6 +30,8 @@
 #include "sqlitestorage.h"
 #include "network.h"
 
+#include "util.h"
+
 Core *Core::instanceptr = 0;
 QMutex Core::mutex;
 
@@ -332,11 +334,12 @@ void Core::stopListening() {
 }
 
 void Core::incomingConnection() {
-  // TODO implement SSL
   while(server.hasPendingConnections()) {
     QTcpSocket *socket = server.nextPendingConnection();
     connect(socket, SIGNAL(disconnected()), this, SLOT(clientDisconnected()));
     connect(socket, SIGNAL(readyRead()), this, SLOT(clientHasData()));
+    connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(socketError(QAbstractSocket::SocketError)));
+    
     QVariantMap clientInfo;
     blocksizes.insert(socket, (quint32)0);
     qDebug() << "Client connected from"  << qPrintable(socket->peerAddress().toString());
@@ -381,7 +384,17 @@ void Core::processClientMessage(QTcpSocket *socket, const QVariantMap &msg) {
                             "Up %3d%4h%5m (since %6)").arg(Global::quasselVersion).arg(Global::quasselBuild)
                             .arg(updays).arg(uphours,2,10,QChar('0')).arg(upmins,2,10,QChar('0')).arg(startTime.toString(Qt::TextDate));
 
-    reply["SupportSsl"] = false;
+#ifndef QT_NO_OPENSSL
+    SslServer *sslServer = qobject_cast<SslServer *>(&server);
+    QSslSocket *sslSocket = qobject_cast<QSslSocket *>(socket);
+    bool supportSsl = (bool)sslServer && (bool)sslSocket && sslServer->certIsValid();
+#else
+    bool supportSsl = false;
+#endif
+    
+    reply["SupportSsl"] = supportSsl;
+    // switch to ssl after client has been informed about our capabilities (see below)
+
     reply["LoginEnabled"] = true;
 
     // Just version information -- check it!
@@ -412,6 +425,16 @@ void Core::processClientMessage(QTcpSocket *socket, const QVariantMap &msg) {
     clientInfo[socket] = msg; // store for future reference
     reply["MsgType"] = "ClientInitAck";
     SignalProxy::writeDataToDevice(socket, reply);
+
+#ifndef QT_NO_OPENSSL
+    // after we told the client that we are ssl capable we switch to ssl mode
+    if(supportSsl && msg["UseSsl"].toBool()) {
+      qDebug() << "Starting TLS for Client:"  << qPrintable(socket->peerAddress().toString());
+      connect(sslSocket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &)));
+      sslSocket->startServerEncryption();
+    }
+#endif
+
   } else {
     // for the rest, we need an initialized connection
     if(!clientInfo.contains(socket)) {
@@ -445,7 +468,7 @@ void Core::processClientMessage(QTcpSocket *socket, const QVariantMap &msg) {
       }
       reply["MsgType"] = "ClientLoginAck";
       SignalProxy::writeDataToDevice(socket, reply);
-      qDebug() << qPrintable(tr("Client %1 initialized and authentificated successfully as \"%2\".").arg(socket->peerAddress().toString(), msg["User"].toString()));
+      qDebug() << qPrintable(tr("Client %1 initialized and authentificated successfully as \"%2\" (UserId: %3).").arg(socket->peerAddress().toString(), msg["User"].toString()).arg(uid.toInt()));
       setupClientSession(socket, uid);
     }
   }
@@ -496,3 +519,18 @@ SessionThread *Core::createSession(UserId uid, bool restore) {
   sess->start();
   return sess;
 }
+
+#ifndef QT_NO_OPENSSL
+void Core::sslErrors(const QList<QSslError> &errors) {
+  Q_UNUSED(errors);
+  QSslSocket *socket = qobject_cast<QSslSocket *>(sender());
+  if(socket)
+    socket->ignoreSslErrors();
+}
+#endif
+
+void Core::socketError(QAbstractSocket::SocketError err) {
+  QAbstractSocket *socket = qobject_cast<QAbstractSocket *>(sender());
+  if(socket && err != QAbstractSocket::RemoteHostClosedError)
+    qDebug() << "Core::socketError()" << socket << err << socket->errorString();
+}