X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fsslserver.cpp;h=cf98bc2f6c790b6d9dfa3be0ab215c02e741cf04;hp=16e3f3e98581dfad7e2af0a614886032e821c482;hb=HEAD;hpb=8f92b3f08df9f4eb8fd243ccec6aa9d4b563ec23 diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp index 16e3f3e9..cf98bc2f 100644 --- a/src/core/sslserver.cpp +++ b/src/core/sslserver.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2019 by the Quassel Project * + * Copyright (C) 2005-2022 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -20,17 +20,13 @@ #include "sslserver.h" -#ifdef HAVE_SSL -# include -#endif - #include +#include +#include #include "core.h" #include "quassel.h" -#ifdef HAVE_SSL - SslServer::SslServer(QObject* parent) : QTcpServer(parent) { @@ -53,6 +49,13 @@ SslServer::SslServer(QObject* parent) // Initialize the certificates for first-time usage if (!loadCerts()) { + // If the core is unable to load a certificate, and "--require-ssl" is specified, + // do not proceed, throw an exception and quit. This prevents the core from falling + // back to a plaintext-only core when they should be expecting SSL/TLS only. + if (Quassel::isOptionSet("require-ssl")) { + throw ExitException{EXIT_FAILURE, tr("--require-ssl is set, but no SSL certificate is available. Exiting.\n" + "Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support.")}; + } if (!sslWarningShown) { qWarning() << "SslServer: Unable to set certificate file\n" << " Quassel Core will still work, but cannot provide SSL for client connections.\n" @@ -62,28 +65,23 @@ SslServer::SslServer(QObject* parent) } } -QTcpSocket* SslServer::nextPendingConnection() -{ - if (_pendingConnections.isEmpty()) - return nullptr; - else - return _pendingConnections.takeFirst(); -} - void SslServer::incomingConnection(qintptr socketDescriptor) { - auto* serverSocket = new QSslSocket(this); - if (serverSocket->setSocketDescriptor(socketDescriptor)) { + auto* socket = new QSslSocket(this); + if (socket->setSocketDescriptor(socketDescriptor)) { if (isCertValid()) { - serverSocket->setLocalCertificate(_cert); - serverSocket->setPrivateKey(_key); - serverSocket->addCaCertificates(_ca); + auto config = socket->sslConfiguration(); + config.setLocalCertificate(_cert); + config.setPrivateKey(_key); + auto certificates = config.caCertificates(); + certificates += _ca; + config.setCaCertificates(certificates); + socket->setSslConfiguration(config); } - _pendingConnections << serverSocket; - emit newConnection(); + addPendingConnection(socket); } else { - delete serverSocket; + delete socket; } } @@ -229,11 +227,10 @@ QSslKey SslServer::loadKey(QFile* keyFile) return key; } -void SslServer::setMetricsServer(MetricsServer* metricsServer) { +void SslServer::setMetricsServer(MetricsServer* metricsServer) +{ _metricsServer = metricsServer; if (_metricsServer) { _metricsServer->setCertificateExpires(_certificateExpires); } } - -#endif // HAVE_SSL