X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fsslserver.cpp;h=83d7e6035aca4d8ca18b1baa8f6442ec8d840451;hp=8b0d06577b292200b48ef95c48dfdfdfb4591643;hb=39328183a6a87c6eb10a9dbbffcd5d65bf154a1f;hpb=c2e3479b87e7d0713d302d26fb2d7d01d7b8c9c2 diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp index 8b0d0657..83d7e603 100644 --- a/src/core/sslserver.cpp +++ b/src/core/sslserver.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2016 by the Quassel Project * + * Copyright (C) 2005-2018 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -25,10 +25,9 @@ #endif #include -#include -#include "logger.h" #include "quassel.h" +#include "logmessage.h" #ifdef HAVE_SSL @@ -67,16 +66,13 @@ SslServer::SslServer(QObject *parent) QTcpSocket *SslServer::nextPendingConnection() { if (_pendingConnections.isEmpty()) - return 0; + return nullptr; else return _pendingConnections.takeFirst(); } -#if QT_VERSION >= 0x050000 + void SslServer::incomingConnection(qintptr socketDescriptor) -#else -void SslServer::incomingConnection(int socketDescriptor) -#endif { QSslSocket *serverSocket = new QSslSocket(this); if (serverSocket->setSocketDescriptor(socketDescriptor)) { @@ -182,10 +178,10 @@ bool SslServer::setCertificate(const QString &path, const QString &keyPath) return false; } - untestedKey = QSslKey(&keyFile, QSsl::Rsa); + untestedKey = loadKey(&keyFile); keyFile.close(); } else { - untestedKey = QSslKey(&certFile, QSsl::Rsa); + untestedKey = loadKey(&certFile); } certFile.close(); @@ -197,20 +193,16 @@ bool SslServer::setCertificate(const QString &path, const QString &keyPath) // We allow the core to offer SSL anyway, so no "return false" here. Client will warn about the cert being invalid. const QDateTime now = QDateTime::currentDateTime(); - if (now < untestedCert.effectiveDate()) + if (now < untestedCert.effectiveDate()) { quWarning() << "SslServer: Certificate won't be valid before" << untestedCert.effectiveDate().toString(); - - else if (now > untestedCert.expiryDate()) + } + else if (now > untestedCert.expiryDate()) { quWarning() << "SslServer: Certificate expired on" << untestedCert.expiryDate().toString(); - - else { // Qt4's isValid() checks for time range and blacklist; avoid a double warning, hence the else block -#if QT_VERSION < 0x050000 - if (!untestedCert.isValid()) -#else - if (untestedCert.isBlacklisted()) -#endif - quWarning() << "SslServer: Certificate blacklisted"; } + else if (untestedCert.isBlacklisted()) { + quWarning() << "SslServer: Certificate blacklisted"; + } + if (untestedKey.isNull()) { quWarning() << "SslServer:" << qPrintable(keyPath) << "contains no key data"; return false; @@ -227,4 +219,19 @@ bool SslServer::setCertificate(const QString &path, const QString &keyPath) } +QSslKey SslServer::loadKey(QFile *keyFile) +{ + QSslKey key; + key = QSslKey(keyFile, QSsl::Rsa); + if (key.isNull()) { + if (!keyFile->reset()) { + quWarning() << "SslServer: IO error reading key file"; + return key; + } + key = QSslKey(keyFile, QSsl::Ec); + } + return key; +} + + #endif // HAVE_SSL