From f94d946d6043005f419ac47944cdffdf37d95bdc Mon Sep 17 00:00:00 2001 From: Daniel Schaal Date: Fri, 1 May 2015 16:34:22 +0200 Subject: [PATCH] Add cmdline options for SSL certificate/key paths. Add cmdline options to core to specify the SSL certificate and SSL key path, --ssl-cert and --ssl-key respectively. If not set, the usual path CONFIGDIR/quasselCert.pem will be used for the cert and the key. If only the path to the certificate is set, it is assumed to also contain the key. --- src/common/main.cpp | 2 ++ src/core/sslserver.cpp | 44 ++++++++++++++++++++++++++++++++++++++---- src/core/sslserver.h | 2 +- 3 files changed, 43 insertions(+), 5 deletions(-) diff --git a/src/common/main.cpp b/src/common/main.cpp index b13d3eef..6cbe4383 100644 --- a/src/common/main.cpp +++ b/src/common/main.cpp @@ -170,6 +170,8 @@ int main(int argc, char **argv) cliParser->addOption("oidentd-conffile", 0, "Set path to oidentd configuration file", "file"); #ifdef HAVE_SSL cliParser->addSwitch("require-ssl", 0, "Require SSL for remote (non-loopback) client connections"); + cliParser->addOption("ssl-cert", 0, "Specify the path to the SSL Certificate", "path", "configdir/quasselCert.pem"); + cliParser->addOption("ssl-key", 0, "Specify the path to the SSL key", "path", "ssl-cert-path"); #endif cliParser->addSwitch("enable-experimental-dcc", 0, "Enable highly experimental and unfinished support for CTCP DCC (DANGEROUS)"); #endif diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp index 78495b27..29166c35 100644 --- a/src/core/sslserver.cpp +++ b/src/core/sslserver.cpp @@ -37,7 +37,23 @@ SslServer::SslServer(QObject *parent) _isCertValid(false) { static bool sslWarningShown = false; - if (!setCertificate(Quassel::configDirPath() + "quasselCert.pem")) { + + QString ssl_cert; + QString ssl_key; + + if(Quassel::isOptionSet("ssl-cert")) { + ssl_cert = Quassel::optionValue("ssl-cert"); + } else { + ssl_cert = Quassel::configDirPath() + "quasselCert.pem"; + } + + if(Quassel::isOptionSet("ssl-key")) { + ssl_key = Quassel::optionValue("ssl-key"); + } else { + ssl_key = ssl_cert; + } + + if (!setCertificate(ssl_cert, ssl_key)) { if (!sslWarningShown) { quWarning() << "SslServer: Unable to set certificate file\n" @@ -79,7 +95,7 @@ void SslServer::incomingConnection(int socketDescriptor) } -bool SslServer::setCertificate(const QString &path) +bool SslServer::setCertificate(const QString &path, const QString &keyPath) { _isCertValid = false; @@ -117,7 +133,27 @@ bool SslServer::setCertificate(const QString &path) return false; } - _key = QSslKey(&certFile, QSsl::Rsa); + // load key from keyPath if it differs from path, otherwise load key from path + if(path != keyPath) { + QFile keyFile(keyPath); + if(!keyFile.exists()) { + quWarning() << "SslServer: Key file" << qPrintable(keyPath) << "does not exist"; + return false; + } + + if (!keyFile.open(QIODevice::ReadOnly)) { + quWarning() + << "SslServer: Failed to open key file" << qPrintable(keyPath) + << "error:" << keyFile.error(); + return false; + } + + _key = QSslKey(&keyFile, QSsl::Rsa); + keyFile.close(); + } else { + _key = QSslKey(&certFile, QSsl::Rsa); + } + certFile.close(); if (_cert.isNull()) { @@ -142,7 +178,7 @@ bool SslServer::setCertificate(const QString &path) quWarning() << "SslServer: Certificate blacklisted"; } if (_key.isNull()) { - quWarning() << "SslServer:" << qPrintable(path) << "contains no key data"; + quWarning() << "SslServer:" << qPrintable(keyPath) << "contains no key data"; return false; } diff --git a/src/core/sslserver.h b/src/core/sslserver.h index bd72f29b..9b69a8c5 100644 --- a/src/core/sslserver.h +++ b/src/core/sslserver.h @@ -49,7 +49,7 @@ protected: virtual void incomingConnection(int socketDescriptor); #endif - virtual bool setCertificate(const QString &path); + virtual bool setCertificate(const QString &path, const QString &keyPath); private: QLinkedList _pendingConnections; -- 2.20.1