void SeafileApiClient::onSslErrors(const QList<QSslError>& errors)
{
QUrl url = reply_->url();
QSslCertificate cert = reply_->sslConfiguration().peerCertificate();
if (cert.isNull()) {
// The server has no ssl certificate, we do nothing and let the
// request fail
qDebug("the certificate for %s is null", url.toString().toUtf8().data());
return;
}
CertsManager *mgr = seafApplet->certsManager();
QSslCertificate saved_cert = mgr->getCertificate(url.toString());
if (saved_cert.isNull()) {
// This is the first time when the client connects to the server.
QString question = tr("<b>Warning:</b> The ssl certificate of this server is not trusted, proceed anyway?");
if (seafApplet->yesOrNoBox(question)) {
mgr->saveCertificate(url, cert);
reply_->ignoreSslErrors();
}
return;
} else if (saved_cert == cert) {
// The user has choosen to trust the certificate before
reply_->ignoreSslErrors();
return;
} else {
/**
* The cert which the user had chosen to trust has been changed. It
* may be either:
*
* 1. The server has changed its ssl certificate
* 2. The user's connection is under security attack
*
* Anyway, we'll prompt the user
*/
SslConfirmDialog dialog(url, seafApplet->mainWindow());
if (dialog.exec() == QDialog::Accepted) {
reply_->ignoreSslErrors();
if (dialog.rememberChoice()) {
mgr->saveCertificate(url, cert);
}
} else {
reply_->abort();
}
return;
}
// SslConfirmDialog *dialog = new SslConfirmDialog(url, cert, errors, seafApplet->mainWindow());
// dialog->show();
// dialog->raise();
// dialog->activateWindow();
}
void FileServerTask::onSslErrors(const QList<QSslError>& errors)
{
if (canceled_) {
return;
}
QUrl url = reply_->url();
QSslCertificate cert = reply_->sslConfiguration().peerCertificate();
CertsManager *mgr = seafApplet->certsManager();
if (!cert.isNull() && cert == mgr->getCertificate(url.toString())) {
reply_->ignoreSslErrors();
return;
}
}
void SeafileApiClient::onSslErrors(const QList<QSslError>& errors)
{
const QUrl url = reply_->url();
CertsManager *mgr = seafApplet->certsManager();
Q_FOREACH(const QSslError &error, errors) {
const QSslCertificate &cert = error.certificate();
if (cert.isNull()) {
// The server has no ssl certificate, we do nothing and let the
// request fail
// it is a fatal error, no way to recover
qWarning("the certificate for %s is null", url.toString().toUtf8().data());
break;
}
QSslCertificate saved_cert = mgr->getCertificate(url.toString());
if (saved_cert.isNull()) {
// dump certificate information
qWarning() << "\n= SslError =\n" << error.errorString();
qWarning() << dumpCipher(reply_->sslConfiguration().sessionCipher());
qWarning() << dumpCertificate(cert);
// This is the first time when the client connects to the server.
if (seafApplet->detailedYesOrNoBox(
tr("<b>Warning:</b> The ssl certificate of this server is not trusted, proceed anyway?"),
error.errorString() + "\n" + dumpCertificate(cert), 0, false)) {
mgr->saveCertificate(url, cert);
// TODO handle ssl by verifying certificate chain instead
reply_->ignoreSslErrors();
}
break;
} else if (saved_cert == cert) {
// The user has choosen to trust the certificate before
// TODO handle ssl by verifying certificate chain instead
reply_->ignoreSslErrors();
break;
} else {
// dump certificate information
qWarning() << "\n= SslError =\n" << error.errorString();
qWarning() << dumpCipher(reply_->sslConfiguration().sessionCipher());
qWarning() << dumpCertificate(cert);
qWarning() << dumpCertificate(saved_cert);
/**
* The cert which the user had chosen to trust has been changed. It
* may be either:
*
* 1. The server has changed its ssl certificate
* 2. The user's connection is under security attack
*
* Anyway, we'll prompt the user
*/
SslConfirmDialog dialog(url, cert, saved_cert, seafApplet->mainWindow());
if (dialog.exec() == QDialog::Accepted) {
// TODO handle ssl by verifying certificate chain instead
reply_->ignoreSslErrors();
if (dialog.rememberChoice()) {
mgr->saveCertificate(url, cert);
}
} else {
reply_->abort();
break;
}
break;
}
}
}
