From: Michael Marley <michael@michaelmarley.com>
Date: Mon, 26 Mar 2018 02:11:39 +0000 (-0400)
Subject: SslServer: Add support for Elliptic Curve keys
X-Git-Tag: travis-deploy-test~140
X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=commitdiff_plain;h=d31101ed316b6449de0d8dad7a1e1e8d097807a5

SslServer: Add support for Elliptic Curve keys

If the key won't load as an RSA key, attempt to load it again as an
EC key.  DSA support was not added because DSA is obsolete and no-
one should be using it.

Note that this only works with Qt5.5 and up as EC support was added
in that version (https://github.com/qt/qtbase/commit/962ea569). An
if macro has been used to allow for continued compilation under Qt4
and Qt5<5.5.

Closes GH-344.
---

diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp
index 8b0d0657..ae231c03 100644
--- a/src/core/sslserver.cpp
+++ b/src/core/sslserver.cpp
@@ -25,7 +25,6 @@
 #endif
 
 #include <QDateTime>
-#include <QFile>
 
 #include "logger.h"
 #include "quassel.h"
@@ -182,10 +181,10 @@ bool SslServer::setCertificate(const QString &path, const QString &keyPath)
             return false;
         }
 
-        untestedKey = QSslKey(&keyFile, QSsl::Rsa);
+        untestedKey = loadKey(&keyFile);
         keyFile.close();
     } else {
-        untestedKey = QSslKey(&certFile, QSsl::Rsa);
+        untestedKey = loadKey(&certFile);
     }
 
     certFile.close();
@@ -227,4 +226,21 @@ bool SslServer::setCertificate(const QString &path, const QString &keyPath)
 }
 
 
+QSslKey SslServer::loadKey(QFile *keyFile)
+{
+    QSslKey key;
+    key = QSslKey(keyFile, QSsl::Rsa);
+#if QT_VERSION >= 0x050500
+    if (key.isNull()) {
+        if (!keyFile->reset()) {
+            quWarning() << "SslServer: IO error reading key file";
+            return key;
+        }
+        key = QSslKey(keyFile, QSsl::Ec);
+    }
+#endif
+    return key;
+}
+
+
 #endif // HAVE_SSL
diff --git a/src/core/sslserver.h b/src/core/sslserver.h
index 1f43cc43..01d6af9e 100644
--- a/src/core/sslserver.h
+++ b/src/core/sslserver.h
@@ -27,6 +27,7 @@
 #include <QSslKey>
 #include <QTcpServer>
 #include <QLinkedList>
+#include <QFile>
 
 class SslServer : public QTcpServer
 {
@@ -71,6 +72,7 @@ private:
      * @return True if certificates loaded successfully, otherwise false.
      */
     bool loadCerts();
+    QSslKey loadKey(QFile *keyFile);
 
     QLinkedList<QTcpSocket *> _pendingConnections;
     QSslCertificate _cert;