void StartDialog::loadPerson()
{
std::string passwd = ui.loadPasswd->text().toStdString();
#ifdef RS_USE_PGPSSL
std::string gpgPasswd = ui.loadGPGPasswd->text().toStdString();
int pgpidx = ui.loadName->currentIndex();
if (pgpidx < 0)
{
/* Message Dialog */
QMessageBox::StandardButton sb = QMessageBox::warning ( NULL,
"Load Person Failure",
"Missing PGP Certificate",
QMessageBox::Ok);
return;
}
QVariant data = ui.loadName->itemData(pgpidx);
std::string PGPId = (data.toString()).toStdString();
RsInit::LoadGPGPassword(PGPId, gpgPasswd);
#else
#endif
RsInit::LoadPassword(passwd);
loadCertificates();
}
PosixSslServerSocket::PosixSslServerSocket( const unsigned int port,
const std::string & certificatFile,
const std::string & keyFile ) :
ServerSocket(port) {
initialize();
setFileDescriptor(-1);
loadCertificates(certificatFile,keyFile);
}
void NetworkManager::loadSettings()
{
Settings settings;
if (settings.value("Web-Browser-Settings/AllowLocalCache", true).toBool() && !mApp->isPrivateSession()) {
QNetworkDiskCache* cache = mApp->networkCache();
cache->setMaximumCacheSize(settings.value("MaximumCacheSize", 50).toInt() * 1024 * 1024); //MegaBytes
setCache(cache);
}
settings.beginGroup("Web-Browser-Settings");
m_doNotTrack = settings.value("DoNotTrack", false).toBool();
m_sendReferer = settings.value("SendReferer", true).toBool();
settings.endGroup();
m_acceptLanguage = AcceptLanguage::generateHeader(settings.value("Language/acceptLanguage", AcceptLanguage::defaultLanguage()).toStringList());
// Falling back to Qt 4.7 default behavior, use SslV3 by default
// Fixes issue with some older servers closing the connection
// However, it also makes some servers requesting TLS ClientHello
// not working, or showing invalid certificates.
// See #921
// QSslConfiguration config = QSslConfiguration::defaultConfiguration();
// config.setProtocol(QSsl::SslV3);
// QSslConfiguration::setDefaultConfiguration(config);
#if defined(Q_OS_WIN) || defined(Q_OS_HAIKU) || defined(Q_OS_OS2)
QString certDir = mApp->PROFILEDIR + "certificates";
QString bundlePath = certDir + "/ca-bundle.crt";
QString bundleVersionPath = certDir + "/bundle_version";
if (!QDir(certDir).exists()) {
QDir dir(mApp->PROFILEDIR);
dir.mkdir("certificates");
}
if (!QFile::exists(bundlePath)) {
QFile(":data/ca-bundle.crt").copy(bundlePath);
QFile(bundlePath).setPermissions(QFile::ReadUser | QFile::WriteUser);
QFile(":data/bundle_version").copy(bundleVersionPath);
QFile(bundleVersionPath).setPermissions(QFile::ReadUser | QFile::WriteUser);
}
QSslSocket::setDefaultCaCertificates(QSslCertificate::fromPath(bundlePath));
#else
QSslSocket::setDefaultCaCertificates(QSslSocket::systemCaCertificates());
#endif
loadCertificates();
m_proxyFactory->loadSettings();
}
Context init_ctx_client(const char *caPath) {
Context ctx(SSL_CTX_new(DTLS_client_method()));
if(loadCertificates(ctx, caPath, nullptr, nullptr, true)) {
err::code = err::LIB_SSL;
return {};
}
return ctx;
}
Context init_ctx_server(const char *caPath, const char *certPath, const char *keyPath, bool verify) {
Context ctx(SSL_CTX_new(DTLS_server_method()));
if(loadCertificates(ctx, caPath, certPath, keyPath, verify)) {
err::code = err::LIB_SSL;
return {};
}
return ctx;
}
void Network::sockSetup() {
listenSock = 0;
int out, yes=1;
struct addrinfo hints, *servinfo = NULL,*p;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_PASSIVE;
if ((sslContext = SSL_CTX_new(SSLv23_server_method ())) == NULL) {
std::cerr << "(" << __FILE__ << ":" << __LINE__ << ") SSL: " << ERR_error_string(errno, NULL) << std::endl;
return;
}
loadCertificates();
if ((out = getaddrinfo(NULL, PORT, &hints, &servinfo)) != 0) {
std::cerr << "(" << __FILE__ << ":" << __LINE__ << ") getaddrinfo: " << gai_strerror(out) << std::endl;
return;
}
for (p = servinfo; p != NULL; p = p->ai_next) {
if ((listenSock = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1) {
close(listenSock);
listenSock = 0;
std::cerr << "(" << __FILE__ << ":" << __LINE__ << ") socket: " << strerror(errno) << std::endl;
}
if (setsockopt(listenSock, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) == -1) {
std::cerr << "(" << __FILE__ << ":" << __LINE__ << ") setsockopt" << strerror(errno) << std::endl;
close(listenSock);
listenSock = 0;
return;
}
if (bind(listenSock, p->ai_addr, p->ai_addrlen) == -1) {
close(listenSock);
std::cerr << "(" << __FILE__ << ":" << __LINE__ << ") bind" << strerror(errno) << std::endl;
continue;
} else {
break;
}
}
freeaddrinfo(servinfo);
if (p == NULL) {
if (listenSock) {
close(listenSock);
listenSock = 0;
}
std::cerr << "(" << __FILE__ << ":" << __LINE__ << ") Failed Connection: " << strerror(errno) << std::endl;
throw std::exception();
}
}
void start()
{
try
{
readClientsThatCanBroadcastFromFile();
SSL_library_init();
serverContext_ = initServerContext();
loadCertificates(serverContext_, certFile_, keyFile_);
FD_ZERO(&clientsSet_);
std::cout << "Server is ready for accepting connections." <<std::endl;
listenForClients();
}
catch (std::exception& e)
{
std::cout << e.what() << std::endl;
exit(1);
}
}
bool SslConnection::initServerContext( const std::string certificateFile,
const std::string privateKeyFile )
{
TRACE;
m_sslContext = SSL_CTX_new (TLSv1_2_server_method ());
if ( m_sslContext == NULL ) {
LOG (Logger::ERR, getSslError("Creating SSL context failed. ").c_str() );
return false;
}
SSL_CTX_set_options(m_sslContext, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(m_sslContext, SSL_OP_NO_SSLv3);
SSL_CTX_set_options(m_sslContext, SSL_OP_NO_TLSv1);
SSL_CTX_set_options(m_sslContext, SSL_OP_NO_TLSv1_1);
if ( !loadCertificates(certificateFile, privateKeyFile) )
return false;
return initHandle();
}
