diff options
| author | Felix (xq) Queißner <git@mq32.de> | 2020-06-19 21:13:32 +0200 |
|---|---|---|
| committer | Felix (xq) Queißner <git@mq32.de> | 2020-06-19 21:13:32 +0200 |
| commit | bfdc7d39485bbef90a65b79f6c3b0986133f530d (patch) | |
| tree | 7a50b6c9dc372cb302f064940c25826d0e1e07a1 /src | |
| parent | 63103aa8c7f5b56720da097c73aa99da25841d45 (diff) | |
| download | kristall-bfdc7d39485bbef90a65b79f6c3b0986133f530d.tar.gz | |
Reworks TLS trust to enable symmetry between HTTPS and Gemini
Diffstat (limited to 'src')
| -rw-r--r-- | src/geminiclient.cpp | 17 | ||||
| -rw-r--r-- | src/kristall.hpp | 3 | ||||
| -rw-r--r-- | src/kristall.pro | 5 | ||||
| -rw-r--r-- | src/main.cpp | 9 | ||||
| -rw-r--r-- | src/mainwindow.cpp | 12 | ||||
| -rw-r--r-- | src/settingsdialog.cpp | 72 | ||||
| -rw-r--r-- | src/settingsdialog.hpp | 17 | ||||
| -rw-r--r-- | src/settingsdialog.ui | 113 | ||||
| -rw-r--r-- | src/ssltrust.cpp | 11 | ||||
| -rw-r--r-- | src/ssltrust.hpp | 3 | ||||
| -rw-r--r-- | src/ssltrusteditor.cpp | 82 | ||||
| -rw-r--r-- | src/ssltrusteditor.hpp | 44 | ||||
| -rw-r--r-- | src/ssltrusteditor.ui | 101 | ||||
| -rw-r--r-- | src/webclient.cpp | 62 |
14 files changed, 361 insertions, 190 deletions
diff --git a/src/geminiclient.cpp b/src/geminiclient.cpp index 8bd8fe0..1f4acfb 100644 --- a/src/geminiclient.cpp +++ b/src/geminiclient.cpp @@ -49,7 +49,7 @@ bool GeminiClient::startRequest(const QUrl &url, RequestOptions options) QSslConfiguration ssl_config = socket.sslConfiguration(); ssl_config.setProtocol(QSsl::TlsV1_2); - if(not global_trust.enable_ca) + if(not global_gemini_trust.enable_ca) ssl_config.setCaCertificates(QList<QSslCertificate> { }); else ssl_config.setCaCertificates(QSslConfiguration::systemCaCertificates()); @@ -291,17 +291,6 @@ void GeminiClient::socketDisconnected() } } -static bool isTrustRelated(QSslError::SslError err) -{ - switch(err) - { - case QSslError::CertificateUntrusted: return true; - case QSslError::SelfSignedCertificate: return true; - case QSslError::UnableToGetLocalIssuerCertificate: return true; - default: return false; - } -} - void GeminiClient::sslErrors(QList<QSslError> const & errors) { if(options & IgnoreTlsErrors) { @@ -318,9 +307,9 @@ void GeminiClient::sslErrors(QList<QSslError> const & errors) auto const & err = remaining_errors.at(i); bool ignore = false; - if(isTrustRelated(err.error())) + if(SslTrust::isTrustRelated(err.error())) { - if(global_trust.isTrusted(target_url, socket.peerCertificate())) + if(global_gemini_trust.isTrusted(target_url, socket.peerCertificate())) { ignore = true; } diff --git a/src/kristall.hpp b/src/kristall.hpp index 8949632..8f80045 100644 --- a/src/kristall.hpp +++ b/src/kristall.hpp @@ -47,7 +47,8 @@ struct GenericSettings extern QSettings global_settings; extern IdentityCollection global_identities; extern QClipboard * global_clipboard; -extern SslTrust global_trust; +extern SslTrust global_gemini_trust; +extern SslTrust global_https_trust; extern FavouriteCollection global_favourites; extern GenericSettings global_options; diff --git a/src/kristall.pro b/src/kristall.pro index 38503dd..667677a 100644 --- a/src/kristall.pro +++ b/src/kristall.pro @@ -74,6 +74,7 @@ SOURCES += \ searchbar.cpp \ settingsdialog.cpp \ ssltrust.cpp \ + ssltrusteditor.cpp \ tabbrowsinghistory.cpp \ trustedhost.cpp \ trustedhostcollection.cpp \ @@ -110,6 +111,7 @@ HEADERS += \ searchbar.hpp \ settingsdialog.hpp \ ssltrust.hpp \ + ssltrusteditor.hpp \ tabbrowsinghistory.hpp \ trustedhost.hpp \ trustedhostcollection.hpp \ @@ -122,7 +124,8 @@ FORMS += \ mainwindow.ui \ mediaplayer.ui \ newidentitiydialog.ui \ - settingsdialog.ui + settingsdialog.ui \ + ssltrusteditor.ui TRANSLATIONS += \ kristall_en_US.ts diff --git a/src/main.cpp b/src/main.cpp index 7de50e1..f5252b8 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -10,7 +10,8 @@ IdentityCollection global_identities; QSettings global_settings { "xqTechnologies", "Kristall" }; QClipboard * global_clipboard; -SslTrust global_trust; +SslTrust global_gemini_trust; +SslTrust global_https_trust; FavouriteCollection global_favourites; GenericSettings global_options; @@ -30,7 +31,11 @@ int main(int argc, char *argv[]) global_settings.endGroup(); global_settings.beginGroup("Trusted Servers"); - global_trust.load(global_settings); + global_gemini_trust.load(global_settings); + global_settings.endGroup(); + + global_settings.beginGroup("Trusted HTTPS Servers"); + global_https_trust.load(global_settings); global_settings.endGroup(); global_favourites.load(global_settings); diff --git a/src/mainwindow.cpp b/src/mainwindow.cpp index 02fb0ed..2e96aa9 100644 --- a/src/mainwindow.cpp +++ b/src/mainwindow.cpp @@ -148,7 +148,11 @@ void MainWindow::saveSettings() global_settings.endGroup(); global_settings.beginGroup("Trusted Servers"); - global_trust.save(global_settings); + global_gemini_trust.save(global_settings); + global_settings.endGroup(); + + global_settings.beginGroup("Trusted HTTPS Servers"); + global_https_trust.save(global_settings); global_settings.endGroup(); global_settings.beginGroup("Theme"); @@ -252,12 +256,14 @@ void MainWindow::on_actionSettings_triggered() dialog.setGeminiStyle(this->current_style); dialog.setProtocols(this->protocols); dialog.setOptions(global_options); - dialog.setSslTrust(global_trust); + dialog.setGeminiSslTrust(global_gemini_trust); + dialog.setHttpsSslTrust(global_https_trust); if(dialog.exec() != QDialog::Accepted) return; - global_trust = dialog.sslTrust(); + global_gemini_trust = dialog.geminiSslTrust(); + global_https_trust = dialog.httpsSslTrust(); global_options = dialog.options(); this->protocols = dialog.protocols(); diff --git a/src/settingsdialog.cpp b/src/settingsdialog.cpp index 20ac58a..d1c61c8 100644 --- a/src/settingsdialog.cpp +++ b/src/settingsdialog.cpp @@ -62,23 +62,6 @@ SettingsDialog::SettingsDialog(QWidget *parent) : this->on_presets_currentIndexChanged(-1); } - this->ui->trust_level->clear(); - this->ui->trust_level->addItem("Trust on first encounter", QVariant::fromValue<int>(SslTrust::TrustOnFirstUse)); - this->ui->trust_level->addItem("Trust everything", QVariant::fromValue<int>(SslTrust::TrustEverything)); - this->ui->trust_level->addItem("Manually verify fingerprints", QVariant::fromValue<int>(SslTrust::TrustNoOne)); - - this->ui->trusted_hosts->setModel(&this->current_trust.trusted_hosts); - - this->ui->trusted_hosts->horizontalHeader()->setSectionResizeMode(0, QHeaderView::Stretch); - this->ui->trusted_hosts->horizontalHeader()->setSectionResizeMode(1, QHeaderView::ResizeToContents); - this->ui->trusted_hosts->horizontalHeader()->setSectionResizeMode(2, QHeaderView::ResizeToContents); - - connect( - this->ui->trusted_hosts->selectionModel(), - &QItemSelectionModel::currentChanged, - this, - &SettingsDialog::on_trusted_server_selection); - this->ui->redirection_mode->clear(); this->ui->redirection_mode->addItem("Ask for cross-scheme or cross-host redirection", int(GenericSettings::WarnOnHostChange | GenericSettings::WarnOnSchemeChange)); this->ui->redirection_mode->addItem("Ask for cross-scheme redirection", int(GenericSettings::WarnOnSchemeChange)); @@ -175,25 +158,24 @@ void SettingsDialog::setProtocols(ProtocolSetup const & protocols) #undef M } -SslTrust SettingsDialog::sslTrust() const +SslTrust SettingsDialog::geminiSslTrust() const { - return this->current_trust; + return this->ui->gemini_trust_editor->trust(); } -void SettingsDialog::setSslTrust(const SslTrust &trust) +void SettingsDialog::setGeminiSslTrust(const SslTrust &trust) { - this->current_trust = trust; - - this->ui->trust_level->setCurrentIndex( - this->ui->trust_level->findData(QVariant::fromValue<int>(trust.trust_level)) - ); + return this->ui->gemini_trust_editor->setTrust(trust); +} - if(trust.enable_ca) - this->ui->trust_enable_ca->setChecked(true); - else - this->ui->trust_disable__ca->setChecked(true); +SslTrust SettingsDialog::httpsSslTrust() const +{ + return this->ui->https_trust_editor->trust(); +} - this->ui->trusted_hosts->resizeColumnsToContents(); +void SettingsDialog::setHttpsSslTrust(const SslTrust &trust) +{ + this->ui->https_trust_editor->setTrust(trust); } void SettingsDialog::setOptions(const GenericSettings &options) @@ -329,16 +311,6 @@ void SettingsDialog::updateColor(QColor &input) } } -void SettingsDialog::on_trusted_server_selection(const QModelIndex ¤t, const QModelIndex &previous) -{ - Q_UNUSED(previous); - if(auto host = this->current_trust.trusted_hosts.get(current); host) { - this->ui->trust_revoke_selected->setEnabled(true); - } else { - this->ui->trust_revoke_selected->setEnabled(false); - } -} - void SettingsDialog::on_std_change_color_clicked() { updateColor(current_style.standard_color); @@ -571,26 +543,6 @@ void SettingsDialog::on_preset_export_clicked() export_settings.sync(); } -void SettingsDialog::on_trust_enable_ca_clicked() -{ - this->current_trust.enable_ca = true; -} - -void SettingsDialog::on_trust_disable__ca_clicked() -{ - this->current_trust.enable_ca = false; -} - -void SettingsDialog::on_trust_level_currentIndexChanged(int index) -{ - this->current_trust.trust_level = SslTrust::TrustLevel(this->ui->trust_level->itemData(index).toInt()); -} - -void SettingsDialog::on_trust_revoke_selected_clicked() -{ - this->current_trust.trusted_hosts.remove(this->ui->trusted_hosts->currentIndex()); -} - void SettingsDialog::on_start_page_textChanged(const QString &start_page) { this->current_options.start_page = start_page; diff --git a/src/settingsdialog.hpp b/src/settingsdialog.hpp index d0b0d22..0256f95 100644 --- a/src/settingsdialog.hpp +++ b/src/settingsdialog.hpp @@ -30,8 +30,11 @@ public: ProtocolSetup protocols() const; void setProtocols(ProtocolSetup const & proto); - SslTrust sslTrust() const; - void setSslTrust(SslTrust const & trust); + SslTrust geminiSslTrust() const; + void setGeminiSslTrust(SslTrust const & trust); + + SslTrust httpsSslTrust() const; + void setHttpsSslTrust(SslTrust const & trust); GenericSettings options() const; void setOptions(GenericSettings const & options); @@ -91,14 +94,6 @@ private slots: void on_preset_export_clicked(); - void on_trust_enable_ca_clicked(); - - void on_trust_disable__ca_clicked(); - - void on_trust_level_currentIndexChanged(int index); - - void on_trust_revoke_selected_clicked(); - void on_start_page_textChanged(const QString &arg1); void on_ui_theme_currentIndexChanged(int index); @@ -132,8 +127,6 @@ private: void updateColor(QColor & input); - void on_trusted_server_selection(QModelIndex const & current, QModelIndex const & previous); - private: Ui::SettingsDialog *ui; diff --git a/src/settingsdialog.ui b/src/settingsdialog.ui index 897f68f..9fba39e 100644 --- a/src/settingsdialog.ui +++ b/src/settingsdialog.ui @@ -21,7 +21,7 @@ <item> <widget class="QTabWidget" name="tabWidget"> <property name="currentIndex"> - <number>0</number> + <number>3</number> </property> <widget class="QWidget" name="generic"> <attribute name="icon"> @@ -854,92 +854,23 @@ <attribute name="title"> <string>Gemini TLS</string> </attribute> - <layout class="QFormLayout" name="formLayout_2"> - <item row="0" column="0"> - <widget class="QLabel" name="label_23"> - <property name="text"> - <string>Trust Level</string> - </property> - </widget> - </item> - <item row="0" column="1"> - <widget class="QComboBox" name="trust_level"/> - </item> - <item row="1" column="0"> - <widget class="QLabel" name="label_24"> - <property name="text"> - <string>Certificate Authorities</string> - </property> - </widget> - </item> - <item row="1" column="1"> - <layout class="QHBoxLayout" name="horizontalLayout_8"> - <item> - <widget class="QRadioButton" name="trust_enable_ca"> - <property name="text"> - <string>Use local certificate authorities</string> - </property> - <attribute name="buttonGroup"> - <string notr="true">buttonGroup_2</string> - </attribute> - </widget> - </item> - <item> - <widget class="QRadioButton" name="trust_disable__ca"> - <property name="text"> - <string>Don't use local certificate authorities</string> - </property> - <attribute name="buttonGroup"> - <string notr="true">buttonGroup_2</string> - </attribute> - </widget> - </item> - </layout> - </item> - <item row="2" column="0"> - <widget class="QLabel" name="label_25"> - <property name="text"> - <string>Trusted Hosts</string> - </property> - </widget> + <layout class="QVBoxLayout" name="verticalLayout_3"> + <item> + <widget class="SslTrustEditor" name="gemini_trust_editor" native="true"/> </item> - <item row="2" column="1"> - <layout class="QVBoxLayout" name="verticalLayout_3"> - <item> - <widget class="QTableView" name="trusted_hosts"> - <property name="cornerButtonEnabled"> - <bool>true</bool> - </property> - </widget> - </item> - <item> - <layout class="QHBoxLayout" name="horizontalLayout_9"> - <item> - <widget class="QToolButton" name="trust_revoke_selected"> - <property name="enabled"> - <bool>false</bool> - </property> - <property name="text"> - <string>Revoke trust</string> - </property> - </widget> - </item> - <item> - <spacer name="horizontalSpacer"> - <property name="orientation"> - <enum>Qt::Horizontal</enum> - </property> - <property name="sizeHint" stdset="0"> - <size> - <width>40</width> - <height>20</height> - </size> - </property> - </spacer> - </item> - </layout> - </item> - </layout> + </layout> + </widget> + <widget class="QWidget" name="https_trust"> + <attribute name="icon"> + <iconset resource="icons.qrc"> + <normaloff>:/icons/certificate.svg</normaloff>:/icons/certificate.svg</iconset> + </attribute> + <attribute name="title"> + <string>HTTPS TLS</string> + </attribute> + <layout class="QVBoxLayout" name="verticalLayout_4"> + <item> + <widget class="SslTrustEditor" name="https_trust_editor" native="true"/> </item> </layout> </widget> @@ -957,6 +888,14 @@ </item> </layout> </widget> + <customwidgets> + <customwidget> + <class>SslTrustEditor</class> + <extends>QWidget</extends> + <header>ssltrusteditor.hpp</header> + <container>1</container> + </customwidget> + </customwidgets> <resources> <include location="icons.qrc"/> </resources> @@ -997,8 +936,8 @@ <buttongroups> <buttongroup name="buttonGroup"/> <buttongroup name="buttonGroup_2"/> - <buttongroup name="gophermapBtnGroup"/> <buttongroup name="textRenderingBtnGroup"/> + <buttongroup name="gophermapBtnGroup"/> <buttongroup name="textHighlightsBtnGroup"/> </buttongroups> </ui> diff --git a/src/ssltrust.cpp b/src/ssltrust.cpp index 92d913c..c5b7895 100644 --- a/src/ssltrust.cpp +++ b/src/ssltrust.cpp @@ -74,3 +74,14 @@ bool SslTrust::isTrusted(QUrl const & url, const QSslCertificate &certificate) return false; } } + +bool SslTrust::isTrustRelated(QSslError::SslError err) +{ + switch(err) + { + case QSslError::CertificateUntrusted: return true; + case QSslError::SelfSignedCertificate: return true; + case QSslError::UnableToGetLocalIssuerCertificate: return true; + default: return false; + } +} diff --git a/src/ssltrust.hpp b/src/ssltrust.hpp index 62d4985..15de44d 100644 --- a/src/ssltrust.hpp +++ b/src/ssltrust.hpp @@ -4,6 +4,7 @@ #include <QSslCertificate> #include <QSslKey> #include <QSettings> +#include <QSslError> #include "trustedhostcollection.hpp" @@ -32,6 +33,8 @@ struct SslTrust void save(QSettings & settings) const; bool isTrusted(QUrl const & url, QSslCertificate const & certificate); + + static bool isTrustRelated(QSslError::SslError err); }; #endif // SSLTRUST_HPP diff --git a/src/ssltrusteditor.cpp b/src/ssltrusteditor.cpp new file mode 100644 index 0000000..af10a72 --- /dev/null +++ b/src/ssltrusteditor.cpp @@ -0,0 +1,82 @@ +#include "ssltrusteditor.hpp" +#include "ui_ssltrusteditor.h" + +SslTrustEditor::SslTrustEditor(QWidget *parent) : + QWidget(parent), + ui(new Ui::SslTrustEditor) +{ + ui->setupUi(this); + + this->ui->trust_level->clear(); + this->ui->trust_level->addItem("Trust on first encounter", QVariant::fromValue<int>(SslTrust::TrustOnFirstUse)); + this->ui->trust_level->addItem("Trust everything", QVariant::fromValue<int>(SslTrust::TrustEverything)); + this->ui->trust_level->addItem("Manually verify fingerprints", QVariant::fromValue<int>(SslTrust::TrustNoOne)); + + this->ui->trusted_hosts->setModel(&this->current_trust.trusted_hosts); + + this->ui->trusted_hosts->horizontalHeader()->setSectionResizeMode(0, QHeaderView::Stretch); + this->ui->trusted_hosts->horizontalHeader()->setSectionResizeMode(1, QHeaderView::ResizeToContents); + this->ui->trusted_hosts->horizontalHeader()->setSectionResizeMode(2, QHeaderView::ResizeToContents); + + connect( + this->ui->trusted_hosts->selectionModel(), + &QItemSelectionModel::currentChanged, + this, + &SslTrustEditor::on_trusted_server_selection); +} + +SslTrustEditor::~SslTrustEditor() +{ + delete ui; +} + +SslTrust SslTrustEditor::trust() const +{ + return this->current_trust; +} + +void SslTrustEditor::setTrust(const SslTrust &trust) +{ + this->current_trust = trust; + + this->ui->trust_level->setCurrentIndex( + this->ui->trust_level->findData(QVariant::fromValue<int>(trust.trust_level)) + ); + + if(trust.enable_ca) + this->ui->trust_enable_ca->setChecked(true); + else + this->ui->trust_disable__ca->setChecked(true); + + this->ui->trusted_hosts->resizeColumnsToContents(); +} + +void SslTrustEditor::on_trust_revoke_selected_clicked() +{ + this->current_trust.trusted_hosts.remove(this->ui->trusted_hosts->currentIndex()); +} + +void SslTrustEditor::on_trust_enable_ca_clicked() +{ + this->current_trust.enable_ca = true; +} + +void SslTrustEditor::on_trust_disable__ca_clicked() +{ + this->current_trust.enable_ca = false; +} + +void SslTrustEditor::on_trust_level_currentIndexChanged(int index) +{ + this->current_trust.trust_level = SslTrust::TrustLevel(this->ui->trust_level->itemData(index).toInt()); +} + +void SslTrustEditor::on_trusted_server_selection(const QModelIndex ¤t, const QModelIndex &previous) +{ + Q_UNUSED(previous); + if(auto host = this->current_trust.trusted_hosts.get(current); host) { + this->ui->trust_revoke_selected->setEnabled(true); + } else { + this->ui->trust_revoke_selected->setEnabled(false); + } +} diff --git a/src/ssltrusteditor.hpp b/src/ssltrusteditor.hpp new file mode 100644 index 0000000..841ba64 --- /dev/null +++ b/src/ssltrusteditor.hpp @@ -0,0 +1,44 @@ +#ifndef SSLTRUSTEDITOR_HPP +#define SSLTRUSTEDITOR_HPP + +#include <QWidget> + +#include "ssltrust.hpp" + +namespace Ui { +class SslTrustEditor; +} + +class SslTrustEditor : public QWidget +{ + Q_OBJECT + +public: + explicit SslTrustEditor(QWidget *parent = nullptr); + ~SslTrustEditor(); + + + SslTrust trust() const; + void setTrust(SslTrust const & trust); + +private slots: + void on_trust_revoke_selected_clicked(); + + void on_trust_enable_ca_clicked(); + + void on_trust_disable__ca_clicked(); + + void on_trust_level_currentIndexChanged(int index); + +private: + + + void on_trusted_server_selection(QModelIndex const & current, QModelIndex const & previous); + +private: + Ui::SslTrustEditor *ui; + + SslTrust current_trust; +}; + +#endif // SSLTRUSTEDITOR_HPP diff --git a/src/ssltrusteditor.ui b/src/ssltrusteditor.ui new file mode 100644 index 0000000..068c065 --- /dev/null +++ b/src/ssltrusteditor.ui @@ -0,0 +1,101 @@ +<?xml version="1.0" encoding="UTF-8"?> +<ui version="4.0"> + <class>SslTrustEditor</class> + <widget class="QWidget" name="SslTrustEditor"> + <property name="geometry"> + <rect> + <x>0</x> + <y>0</y> + <width>640</width> + <height>480</height> + </rect> + </property> + <property name="windowTitle"> + <string>Form</string> + </property> + <layout class="QFormLayout" name="formLayout"> + <item row="0" column="0"> + <widget class="QLabel" name="label_23"> + <property name="text"> + <string>Trust Level</string> + </property> + </widget> + </item> + <item row="0" column="1"> + <widget class="QComboBox" name="trust_level"/> + </item> + <item row="1" column="0"> + <widget class="QLabel" name="label_24"> + <property name="text"> + <string>Certificate Authorities</string> + </property> + </widget> + </item> + <item row="1" column="1"> + <layout class="QHBoxLayout" name="horizontalLayout_8"> + <item> + <widget class="QRadioButton" name="trust_enable_ca"> + <property name="text"> + <string>Use local certificate authorities</string> + </property> + </widget> + </item> + <item> + <widget class="QRadioButton" name="trust_disable__ca"> + <property name="text"> + <string>Don't use local certificate authorities</string> + </property> + </widget> + </item> + </layout> + </item> + <item row="2" column="0"> + <widget class="QLabel" name="label_25"> + <property name="text"> + <string>Trusted Hosts</string> + </property> + </widget> + </item> + <item row="2" column="1"> + <layout class="QVBoxLayout" name="verticalLayout_3"> + <item> + <widget class="QTableView" name="trusted_hosts"> + <property name="cornerButtonEnabled"> + <bool>true</bool> + </property> + </widget> + </item> + <item> + <layout class="QHBoxLayout" name="horizontalLayout_9"> + <item> + <widget class="QToolButton" name="trust_revoke_selected"> + <property name="enabled"> + <bool>false</bool> + </property> + <property name="text"> + <string>Revoke trust</string> + </property> + </widget> + </item> + <item> + <spacer name="horizontalSpacer"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + </layout> + </item> + </layout> + </item> + </layout> + </widget> + <resources/> + <connections/> +</ui> diff --git a/src/webclient.cpp b/src/webclient.cpp index 6d23ad3..b5d4d9d 100644 --- a/src/webclient.cpp +++ b/src/webclient.cpp @@ -32,14 +32,15 @@ bool WebClient::startRequest(const QUrl &url, RequestOptions options) this->options = options; this->body.clear(); - QSslConfiguration ssl_config; + QNetworkRequest request(url); + + auto ssl_config = request.sslConfiguration(); // ssl_config.setProtocol(QSsl::TlsV1_2); - // if(global_trust.enable_ca) - // ssl_config.setCaCertificates(QSslConfiguration::systemCaCertificates()); - // else - // ssl_config.setCaCertificates(QList<QSslCertificate> { }); + if(global_https_trust.enable_ca) + ssl_config.setCaCertificates(QSslConfiguration::systemCaCertificates()); + else + ssl_config.setCaCertificates(QList<QSslCertificate> { }); - QNetworkRequest request(url); // request.setMaximumRedirectsAllowed(5); request.setAttribute(QNetworkRequest::FollowRedirectsAttribute, false); request.setSslConfiguration(ssl_config); @@ -141,10 +142,51 @@ void WebClient::on_sslErrors(const QList<QSslError> &errors) return; } - qDebug() << "HTTP SSL Errors:"; - for(auto const & err : errors) - qDebug() << err; - this->current_reply->ignoreSslErrors(); + QList<QSslError> remaining_errors = errors; + QList<QSslError> ignored_errors; + + int i = 0; + while(i < remaining_errors.size()) + { + auto const & err = remaining_errors.at(i); + + bool ignore = false; + if(SslTrust::isTrustRelated(err.error())) + { + if(global_https_trust.isTrusted(current_reply->url(), current_reply->sslConfiguration().peerCertificate())) + { + ignore = true; + } + else + { + emit this->networkError(UntrustedHost, "The requested host is not trusted."); + return; + } + } + else if(err.error() == QSslError::UnableToVerifyFirstCertificate) + { + ignore = true; + } + + if(ignore) { + ignored_errors.append(err); + remaining_errors.removeAt(0); + } else { + i += 1; + } + } + + current_reply->ignoreSslErrors(ignored_errors); + + qDebug() << "ignoring" << ignored_errors.size() << "out of" << errors.size(); + + for(auto const & error : remaining_errors) { + qWarning() << int(error.error()) << error.errorString(); + } + + if(remaining_errors.size() > 0) { + emit this->networkError(TlsFailure, remaining_errors.first().errorString()); + } } void WebClient::on_redirected(const QUrl &url) |