X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fsslserver.cpp;h=987db4bad561f78dc20ba9745d49ae1f059f3fde;hp=f256923bd318c3a3b6e1e413a3fa6d1afc0dafa6;hb=61c8d84d1c849373e0f115dc748ed45cff95287d;hpb=94899dd5e482868ca01a3de3857e47a46d996553 diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp index f256923b..987db4ba 100644 --- a/src/core/sslserver.cpp +++ b/src/core/sslserver.cpp @@ -27,7 +27,7 @@ #include #include "logger.h" -#include "util.h" +#include "quassel.h" #ifdef HAVE_SSL @@ -36,7 +36,7 @@ SslServer::SslServer(QObject *parent) _isCertValid(false) { static bool sslWarningShown = false; - if(!setCertificate(quasselDir().absolutePath() + "/quasselCert.pem")) { + if(!setCertificate(Quassel::configDirPath() + "quasselCert.pem")) { if(!sslWarningShown) { quWarning() << "SslServer: Unable to set certificate file\n" @@ -60,6 +60,7 @@ void SslServer::incomingConnection(int socketDescriptor) { if(isCertValid()) { serverSocket->setLocalCertificate(_cert); serverSocket->setPrivateKey(_key); + serverSocket->addCaCertificates(_ca); } _pendingConnections << serverSocket; emit newConnection(); @@ -86,7 +87,19 @@ bool SslServer::setCertificate(const QString &path) { << "error:" << certFile.error(); return false; } - _cert = QSslCertificate(&certFile); + + QList certList = QSslCertificate::fromDevice(&certFile); + + if (certList.isEmpty()) { + quWarning() << "SslServer: Certificate file doesn't contain a certificate"; + return false; + } + + _cert = certList[0]; + certList.removeFirst(); // remove server cert + + // store CA and intermediates certs + _ca = certList; if(!certFile.reset()) { quWarning() << "SslServer: IO error reading certificate file"; @@ -101,8 +114,7 @@ bool SslServer::setCertificate(const QString &path) { return false; } if(!_cert.isValid()) { - quWarning() << "SslServer: Invalid certificate"; - return false; + quWarning() << "SslServer: Invalid certificate (most likely expired)"; } if(_key.isNull()) { quWarning() << "SslServer:" << qPrintable(path) << "contains no key data";