Allow user to provide a key/certificate pair for outgoing IRC connections.

OFTC supports a way to identify clients based on the fingerprint of
the SSL certificated used to initialise the connection.

This patch allows to make use of the CertFP identification by creating
a ~/.quassel/quasselClientCert.pem key/certificate file, which will be
used for all the outgoing SSL connections to IRC servers.

At the moment the message sent by the server at the connection is not
displayed by quassel, so you'll have to find the certificate's
fingerprint through OpenSSL (or any other method).

Signed-off-by: Manuel Nickschas <sputnick@quassel-irc.org>

diff --git a/src/core/networkconnection.cpp b/src/core/networkconnection.cpp
index 3d9fcc7..c74dc4e 100644 (file)
--- a/src/core/networkconnection.cpp
+++ b/src/core/networkconnection.cpp
@@ -91,6 +91,23 @@ NetworkConnection::NetworkConnection(Network *network, CoreSession *session)
   connect(network, SIGNAL(autoReconnectRetriesSet(quint16)), this, SLOT(autoReconnectSettingsChanged()));
 
 #ifndef QT_NO_OPENSSL
+  {
+    QFile certFile(quasselDir().absolutePath() + "/quasselClientCert.pem");
+    certFile.open(QIODevice::ReadOnly);
+    QSslCertificate cert(&certFile);
+    certFile.close();
+
+    certFile.open(QIODevice::ReadOnly);
+    QSslKey key(&certFile, QSsl::Rsa);
+    certFile.close();
+
+    if ( !cert.isNull() && cert.isValid() &&
+        !key.isNull() ) {
+      socket.setLocalCertificate(cert);
+      socket.setPrivateKey(key);
+    }
+  }
+
   connect(&socket, SIGNAL(encrypted()), this, SLOT(socketEncrypted()));
   connect(&socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &)));
 #endif