From 75084776140610f31f28371a2c78191464577c40 Mon Sep 17 00:00:00 2001
From: "Felix (xq) Queißner" <git@mq32.de>
Date: Sun, 21 Jun 2020 18:48:46 +0200
Subject: Fixes a double-error-handlign with SSL trust. Error page is now more
 correct

---
 src/webclient.cpp | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

(limited to 'src/webclient.cpp')

diff --git a/src/webclient.cpp b/src/webclient.cpp
index b50d508..ecbcfef 100644
--- a/src/webclient.cpp
+++ b/src/webclient.cpp
@@ -54,6 +54,8 @@ bool WebClient::startRequest(const QUrl &url, RequestOptions options)
     if(this->current_reply == nullptr)
         return false;
 
+    this->suppress_socket_tls_error = true;
+
     connect(this->current_reply, &QNetworkReply::readyRead, this, &WebClient::on_data);
     connect(this->current_reply, &QNetworkReply::finished, this,  &WebClient::on_finished);
     connect(this->current_reply, &QNetworkReply::sslErrors, this, &WebClient::on_sslErrors);
@@ -129,7 +131,10 @@ void WebClient::on_finished()
 
         qDebug() << "web network error" << reply->errorString();
         qDebug() << this->body;
-        emit this->networkError(error, reply->errorString());
+
+        if(not this->suppress_socket_tls_error) {
+            emit this->networkError(error, reply->errorString());
+        }
     }
     else
     {
@@ -170,14 +175,19 @@ void WebClient::on_sslErrors(const QList<QSslError> &errors)
         bool ignore = false;
         if(SslTrust::isTrustRelated(err.error()))
         {
-            if(global_https_trust.isTrusted(current_reply->url(), current_reply->sslConfiguration().peerCertificate()))
+            switch(global_https_trust.getTrust(this->current_reply->url(), this->current_reply->sslConfiguration().peerCertificate()))
             {
+            case SslTrust::Trusted:
                 ignore = true;
-            }
-            else
-            {
+                break;
+            case SslTrust::Untrusted:
+                this->suppress_socket_tls_error = true;
                 emit this->networkError(UntrustedHost, "The requested host is not trusted.");
                 return;
+            case SslTrust::Mistrusted:
+                this->suppress_socket_tls_error = true;
+                emit this->networkError(MistrustedHost, "The requested is in the trust store and its signature changed..");
+                return;
             }
         }
         else if(err.error() == QSslError::UnableToVerifyFirstCertificate)
-- 
cgit v1.2.3