From 6ef3d6a41f07a2f43a9b69f4e75adbffe634ea09 Mon Sep 17 00:00:00 2001
From: "Felix (xq) Queißner" <git@mq32.de>
Date: Sun, 21 Jun 2020 21:29:30 +0200
Subject: Adds option for manually trusting a TLS server.

---
 src/webclient.cpp | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'src/webclient.cpp')

diff --git a/src/webclient.cpp b/src/webclient.cpp
index ecbcfef..ed87694 100644
--- a/src/webclient.cpp
+++ b/src/webclient.cpp
@@ -50,6 +50,8 @@ bool WebClient::startRequest(const QUrl &url, RequestOptions options)
     request.setAttribute(QNetworkRequest::FollowRedirectsAttribute, false);
     request.setSslConfiguration(ssl_config);
 
+    this->manager.clearAccessCache();
+    this->manager.clearConnectionCache();
     this->current_reply = manager.get(request);
     if(this->current_reply == nullptr)
         return false;
@@ -99,6 +101,8 @@ void WebClient::on_data()
 
 void WebClient::on_finished()
 {
+    emit this->hostCertificateLoaded(this->current_reply->sslConfiguration().peerCertificate());
+
     auto * const reply = this->current_reply;
     this->current_reply = nullptr;
 
@@ -159,6 +163,8 @@ void WebClient::on_finished()
 
 void WebClient::on_sslErrors(const QList<QSslError> &errors)
 {
+    emit this->hostCertificateLoaded(this->current_reply->sslConfiguration().peerCertificate());
+
     if(options & IgnoreTlsErrors) {
         this->current_reply->ignoreSslErrors(errors);
         return;
@@ -175,18 +181,19 @@ void WebClient::on_sslErrors(const QList<QSslError> &errors)
         bool ignore = false;
         if(SslTrust::isTrustRelated(err.error()))
         {
-            switch(global_https_trust.getTrust(this->current_reply->url(), this->current_reply->sslConfiguration().peerCertificate()))
+            auto cert = this->current_reply->sslConfiguration().peerCertificate();
+            switch(global_https_trust.getTrust(this->current_reply->url(), cert))
             {
             case SslTrust::Trusted:
                 ignore = true;
                 break;
             case SslTrust::Untrusted:
                 this->suppress_socket_tls_error = true;
-                emit this->networkError(UntrustedHost, "The requested host is not trusted.");
+                emit this->networkError(UntrustedHost,  toFingerprintString(cert));
                 return;
             case SslTrust::Mistrusted:
                 this->suppress_socket_tls_error = true;
-                emit this->networkError(MistrustedHost, "The requested is in the trust store and its signature changed..");
+                emit this->networkError(MistrustedHost, toFingerprintString(cert));
                 return;
             }
         }
-- 
cgit v1.2.3