X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fsslserver.cpp;h=aa5be2c23f3f84500f4272bde3e1216d42bab6fc;hp=343af5320949e23853f3253ee5608227e25c5acf;hb=cd37744f0a2cd8ffe027892ddce5c7d6f4848ab0;hpb=f9c4125d5da21eac006eaa2558f87705ddefff4f diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp index 343af532..aa5be2c2 100644 --- a/src/core/sslserver.cpp +++ b/src/core/sslserver.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-08 by the Quassel Project * + * Copyright (C) 2005-09 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -20,34 +20,30 @@ #include "sslserver.h" -#ifndef QT_NO_OPENSSL +#ifdef HAVE_SSL # include #endif #include -#include -#include "util.h" +#include "logger.h" +#include "quassel.h" -#ifndef QT_NO_OPENSSL +#ifdef HAVE_SSL SslServer::SslServer(QObject *parent) - : QTcpServer(parent) + : QTcpServer(parent), + _isCertValid(false) { - QFile certFile(quasselDir().absolutePath() + "/quasselCert.pem"); - certFile.open(QIODevice::ReadOnly); - _cert = QSslCertificate(&certFile); - certFile.close(); - - certFile.open(QIODevice::ReadOnly); - _key = QSslKey(&certFile, QSsl::Rsa); - certFile.close(); - - _certIsValid = !_cert.isNull() && _cert.isValid() && !_key.isNull(); - if(!_certIsValid) { - qWarning() << "SslServer: SSL Certificate is either missing or has wrong format!"; - qWarning() << " make sure that ~/.quassel/quasselCert.pem is pem format and contains the cert and an rsa key!"; - qWarning() << "SslServer: this Quassel Core cannot provide SSL!"; + static bool sslWarningShown = false; + if(!setCertificate(Quassel::configDirPath() + "quasselCert.pem")) { + if(!sslWarningShown) { + quWarning() + << "SslServer: Unable to set certificate file\n" + << " Quassel Core will still work, but cannot provide SSL for client connections.\n" + << " Please see http://quassel-irc.org/faq/cert to learn how to enable SSL support."; + sslWarningShown=true; + } } } @@ -61,7 +57,7 @@ QTcpSocket *SslServer::nextPendingConnection() { void SslServer::incomingConnection(int socketDescriptor) { QSslSocket *serverSocket = new QSslSocket(this); if(serverSocket->setSocketDescriptor(socketDescriptor)) { - if(certIsValid()) { + if(isCertValid()) { serverSocket->setLocalCertificate(_cert); serverSocket->setPrivateKey(_key); } @@ -72,4 +68,50 @@ void SslServer::incomingConnection(int socketDescriptor) { } } -#endif // QT_NO_OPENSSL +bool SslServer::setCertificate(const QString &path) { + _isCertValid = false; + + if(path.isEmpty()) + return false; + + QFile certFile(path); + if(!certFile.exists()) { + quWarning() << "SslServer: Certificate file" << qPrintable(path) << "does not exist"; + return false; + } + + if(!certFile.open(QIODevice::ReadOnly)) { + quWarning() + << "SslServer: Failed to open certificate file" << qPrintable(path) + << "error:" << certFile.error(); + return false; + } + _cert = QSslCertificate(&certFile); + + if(!certFile.reset()) { + quWarning() << "SslServer: IO error reading certificate file"; + return false; + } + + _key = QSslKey(&certFile, QSsl::Rsa); + certFile.close(); + + if(_cert.isNull()) { + quWarning() << "SslServer:" << qPrintable(path) << "contains no certificate data"; + return false; + } + if(!_cert.isValid()) { + quWarning() << "SslServer: Invalid certificate"; + return false; + } + if(_key.isNull()) { + quWarning() << "SslServer:" << qPrintable(path) << "contains no key data"; + return false; + } + + _isCertValid = true; + + return _isCertValid; +} + +#endif // HAVE_SSL