From: Michael Marley Date: Fri, 27 Feb 2015 17:31:17 +0000 (-0500) Subject: Add back the SSL protocol selection dialog box for old cores. X-Git-Tag: 0.12-rc1~4^2 X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=commitdiff_plain;h=a8dd070641e70ff96fc2077df63cc5fabe3f7785 Add back the SSL protocol selection dialog box for old cores. Cores before 0.10 will default to SSLv3 if the user doesn't make a selection. If a >=0.10 client is used with a <0.10 core to connect to a server that has SSLv3 disabled, it is impossible to connect to that server without upgrading the core or using an old client to change the SSL protocol settings. This also changes the SSLv2 and SSLv3 options to indicate their insecurity and therefore discourage their use. Cores from 0.10 and up use SSL autonegotiation and to not need the protocol setting. This partially reverts commit e53fc69a91553b57932ba599b39999d550114588. --- diff --git a/src/client/coreconnection.h b/src/client/coreconnection.h index 0019a534..ba33f178 100644 --- a/src/client/coreconnection.h +++ b/src/client/coreconnection.h @@ -73,6 +73,8 @@ public: //! Check if we consider the last connect as reconnect bool wasReconnect() const { return _wasReconnect; } + QPointer peer() { return _peer; } + public slots: bool connectToCore(AccountId = 0); void reconnectToCore(); diff --git a/src/common/internalpeer.h b/src/common/internalpeer.h index 97499bd7..103c47d3 100644 --- a/src/common/internalpeer.h +++ b/src/common/internalpeer.h @@ -42,6 +42,7 @@ public: InternalPeer(QObject *parent = 0); virtual ~InternalPeer(); + Protocol::Type protocol() const { return Protocol::InternalProtocol; } QString description() const; SignalProxy *signalProxy() const; diff --git a/src/common/peer.h b/src/common/peer.h index a21e9c1b..5a863eea 100644 --- a/src/common/peer.h +++ b/src/common/peer.h @@ -35,6 +35,7 @@ class Peer : public QObject public: Peer(AuthHandler *authHandler, QObject *parent = 0); + virtual Protocol::Type protocol() const = 0; virtual QString description() const = 0; virtual SignalProxy *signalProxy() const = 0; diff --git a/src/common/protocol.h b/src/common/protocol.h index 15f5e5d3..ba705303 100644 --- a/src/common/protocol.h +++ b/src/common/protocol.h @@ -30,6 +30,7 @@ namespace Protocol { const quint32 magic = 0x42b33f00; enum Type { + InternalProtocol = 0x00, LegacyProtocol = 0x01, DataStreamProtocol = 0x02 }; diff --git a/src/common/remotepeer.h b/src/common/remotepeer.h index 5650120e..677ff21c 100644 --- a/src/common/remotepeer.h +++ b/src/common/remotepeer.h @@ -45,7 +45,6 @@ public: void setSignalProxy(SignalProxy *proxy); - virtual Protocol::Type protocol() const = 0; virtual QString protocolName() const = 0; virtual QString description() const; virtual quint16 enabledFeatures() const { return 0; } diff --git a/src/qtui/settingspages/networkssettingspage.cpp b/src/qtui/settingspages/networkssettingspage.cpp index 011328d5..f422ebb5 100644 --- a/src/qtui/settingspages/networkssettingspage.cpp +++ b/src/qtui/settingspages/networkssettingspage.cpp @@ -869,12 +869,30 @@ ServerEditDlg::ServerEditDlg(const Network::Server &server, QWidget *parent) : Q ui.port->setValue(server.port); ui.password->setText(server.password); ui.useSSL->setChecked(server.useSsl); + ui.sslVersion->setCurrentIndex(server.sslVersion); ui.useProxy->setChecked(server.useProxy); ui.proxyType->setCurrentIndex(server.proxyType == QNetworkProxy::Socks5Proxy ? 0 : 1); ui.proxyHost->setText(server.proxyHost); ui.proxyPort->setValue(server.proxyPort); ui.proxyUsername->setText(server.proxyUser); ui.proxyPassword->setText(server.proxyPass); + + // This is a dirty hack to display the core->IRC SSL protocol dropdown + // only if the core won't use autonegotiation to determine the best + // protocol. When autonegotiation was introduced, it would have been + // a good idea to use the CoreFeatures enum to accomplish this. + // However, since multiple versions have been released since then, that + // is no longer possible. Instead, we rely on the fact that the + // Datastream protocol was introduced in the same version (0.10) as SSL + // autonegotiation. Because of that, we can display the dropdown only + // if the Legacy protocol is in use. If any other RemotePeer protocol + // is in use, that means a newer protocol is in use and therefore the + // core will use autonegotiation. + if (Client::coreConnection()->peer()->protocol() != Protocol::LegacyProtocol) { + ui.label_3->hide(); + ui.sslVersion->hide(); + } + on_host_textChanged(); } @@ -882,6 +900,7 @@ ServerEditDlg::ServerEditDlg(const Network::Server &server, QWidget *parent) : Q Network::Server ServerEditDlg::serverData() const { Network::Server server(ui.host->text().trimmed(), ui.port->value(), ui.password->text(), ui.useSSL->isChecked()); + server.sslVersion = ui.sslVersion->currentIndex(); server.useProxy = ui.useProxy->isChecked(); server.proxyType = ui.proxyType->currentIndex() == 0 ? QNetworkProxy::Socks5Proxy : QNetworkProxy::HttpProxy; server.proxyHost = ui.proxyHost->text(); diff --git a/src/qtui/settingspages/servereditdlg.ui b/src/qtui/settingspages/servereditdlg.ui index d16d1e49..29177102 100644 --- a/src/qtui/settingspages/servereditdlg.ui +++ b/src/qtui/settingspages/servereditdlg.ui @@ -119,6 +119,52 @@ Advanced + + + + + + Qt::Horizontal + + + + 40 + 20 + + + + + + + + SSL Version: + + + + + + + Use only TLSv1 unless you know what you are doing! + + + + SSLv3 (insecure) + + + + + SSLv2 (insecure) + + + + + TLSv1 + + + + + + @@ -263,6 +309,7 @@ port password useSSL + sslVersion useProxy proxyType proxyHost