From 62005f23ba21f1246c1f7768e60f401b2083da90 Mon Sep 17 00:00:00 2001
From: "Felix (xq) Queißner" <git@mq32.de>
Date: Tue, 16 Jun 2020 23:32:15 +0200
Subject: Improves SSL handling a tad.

---
 src/geminiclient.cpp | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'src/geminiclient.cpp')

diff --git a/src/geminiclient.cpp b/src/geminiclient.cpp
index c8a9642..a21eea4 100644
--- a/src/geminiclient.cpp
+++ b/src/geminiclient.cpp
@@ -16,11 +16,6 @@ GeminiClient::GeminiClient() : ProtocolHandler(nullptr)
 #else
     connect(&socket, QOverload<QAbstractSocket::SocketError>::of(&QTcpSocket::error), this, &GeminiClient::socketError);
 #endif
-
-    QSslConfiguration ssl_config;
-    ssl_config.setProtocol(QSsl::TlsV1_2);
-    ssl_config.setCaCertificates(QList<QSslCertificate> { });
-    socket.setSslConfiguration(ssl_config);
 }
 
 GeminiClient::~GeminiClient()
@@ -41,6 +36,14 @@ bool GeminiClient::startRequest(const QUrl &url)
     if(socket.isOpen())
         return false;
 
+    QSslConfiguration ssl_config;
+    ssl_config.setProtocol(QSsl::TlsV1_2);
+    if(not global_trust.enable_ca)
+        ssl_config.setCaCertificates(QList<QSslCertificate> { });
+    else
+        ssl_config.setCaCertificates(QSslConfiguration::systemCaCertificates());
+    socket.setSslConfiguration(ssl_config);
+
     socket.connectToHostEncrypted(url.host(), url.port(1965));
 
     buffer.clear();
-- 
cgit v1.2.3