From 62005f23ba21f1246c1f7768e60f401b2083da90 Mon Sep 17 00:00:00 2001
From: "Felix (xq) Queißner" <git@mq32.de>
Date: Tue, 16 Jun 2020 23:32:15 +0200
Subject: Improves SSL handling a tad.

---
 src/geminiclient.cpp | 13 ++++++++-----
 src/webclient.cpp    |  9 +++++++++
 2 files changed, 17 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/geminiclient.cpp b/src/geminiclient.cpp
index c8a9642..a21eea4 100644
--- a/src/geminiclient.cpp
+++ b/src/geminiclient.cpp
@@ -16,11 +16,6 @@ GeminiClient::GeminiClient() : ProtocolHandler(nullptr)
 #else
     connect(&socket, QOverload<QAbstractSocket::SocketError>::of(&QTcpSocket::error), this, &GeminiClient::socketError);
 #endif
-
-    QSslConfiguration ssl_config;
-    ssl_config.setProtocol(QSsl::TlsV1_2);
-    ssl_config.setCaCertificates(QList<QSslCertificate> { });
-    socket.setSslConfiguration(ssl_config);
 }
 
 GeminiClient::~GeminiClient()
@@ -41,6 +36,14 @@ bool GeminiClient::startRequest(const QUrl &url)
     if(socket.isOpen())
         return false;
 
+    QSslConfiguration ssl_config;
+    ssl_config.setProtocol(QSsl::TlsV1_2);
+    if(not global_trust.enable_ca)
+        ssl_config.setCaCertificates(QList<QSslCertificate> { });
+    else
+        ssl_config.setCaCertificates(QSslConfiguration::systemCaCertificates());
+    socket.setSslConfiguration(ssl_config);
+
     socket.connectToHostEncrypted(url.host(), url.port(1965));
 
     buffer.clear();
diff --git a/src/webclient.cpp b/src/webclient.cpp
index 40beec0..e8a9959 100644
--- a/src/webclient.cpp
+++ b/src/webclient.cpp
@@ -1,4 +1,5 @@
 #include "webclient.hpp"
+#include "kristall.hpp"
 
 #include <QNetworkRequest>
 #include <QNetworkReply>
@@ -30,9 +31,17 @@ bool WebClient::startRequest(const QUrl &url)
 
     this->body.clear();
 
+    QSslConfiguration ssl_config;
+    // ssl_config.setProtocol(QSsl::TlsV1_2);
+    // if(global_trust.enable_ca)
+    //     ssl_config.setCaCertificates(QSslConfiguration::systemCaCertificates());
+    // else
+    //     ssl_config.setCaCertificates(QList<QSslCertificate> { });
+
     QNetworkRequest request(url);
     request.setMaximumRedirectsAllowed(5);
     request.setAttribute(QNetworkRequest::FollowRedirectsAttribute, true);
+    request.setSslConfiguration(ssl_config);
 
     this->current_reply = manager.get(request);
     if(this->current_reply == nullptr)
-- 
cgit v1.2.3