void ConnectDialog::connectToServer(void)
{
delete m_client;
m_client = 0;
m_ui->m_labelStatus->setText("Verbindungsaufbau ...");
/* SelfSignedCertificate akzeptieren */
QList<QSslError> expectedSslErrors;
QSslCertificate cert = QSslCertificate::fromPath("cacert.pem").value(0);
expectedSslErrors.append(QSslError(QSslError::SelfSignedCertificate, cert));
/* Neue Verbindung aufbauen */
QSslSocket* socket = new QSslSocket;
socket->addCaCertificate(cert);
socket->ignoreSslErrors(expectedSslErrors);
socket->connectToHostEncrypted(m_ui->m_lineAddress->text(), m_ui->m_spinPort->value());
/* Warte bis Verbindung steht */
if (!socket->waitForEncrypted(10000))
{
qDebug() << socket->errorString();
m_ui->m_labelStatus->setText(QString("Fehler: ").append(socket->errorString()));
delete socket;
return;
}
m_ui->m_labelStatus->setText("Verbindung erfolgreich aufgebaut.");
m_client = new Client(socket);
this->disconnect(m_ui->m_buttonClose, SIGNAL(clicked()), this, SLOT(reject()));
this->connect(m_ui->m_buttonClose, SIGNAL(clicked()), this, SLOT(accept()));
}
void SshServer::slot_newIncommingConnection( int socketDescriptor )
{
QSslSocket* sslSocket = new QSslSocket();
// before the handshake, we need to adjust some security parameters for SSL
QSsl::SslProtocol sslProtocol;
if( "SSL-v3" == _sshServerSettings._version )
sslProtocol = QSsl::SslV3;
else if( "TLS-v1" == _sshServerSettings._version )
sslProtocol = QSsl::TlsV1;
else
{
logError( this, "no valid SSL version to use" );
delete sslSocket;
return;
}
QSsl::EncodingFormat ecodingFormat = ("PER"==_sshServerSettings._format) ? QSsl::Pem : QSsl::Der;
QSsl::KeyAlgorithm algorithm = ("RSA"==_sshServerSettings._cipher) ? QSsl::Rsa : QSsl::Dsa;
QByteArray password;
// setting the SSL version to use
sslSocket->setProtocol( sslProtocol );
// ensure that the peer's certificate will be verified
sslSocket->setPeerVerifyMode( QSslSocket::VerifyPeer );
// ensure that the peer's cerficiate and its issuer's certificate will be verified
sslSocket->setPeerVerifyDepth( 2 );
// setting server's certificate
sslSocket->setLocalCertificate( _sshServerSettings._certificate, ecodingFormat );
// setting server's private key
sslSocket->setPrivateKey( _sshServerSettings._privateKey, algorithm, ecodingFormat, password );
// setting the CA ceritificate
QList<QSslCertificate> caCertificates = QSslCertificate::fromPath( _sshServerSettings._certificate, ecodingFormat );
sslSocket->setDefaultCaCertificates( caCertificates );
// setup some traps for the socket events
connect( sslSocket, SIGNAL(disconnected()), sslSocket, SLOT(deleteLater()) );
connect( sslSocket, SIGNAL(encrypted()), SLOT(slot_SuccessfulConnected()) );
connect( sslSocket, SIGNAL(sslErrors(const QList<QSslError>&)), this, SLOT(slot_UnSuccessfulConnected(const QList<QSslError>&)) );
connect( sslSocket, SIGNAL(readyRead()), this, SLOT(slot_IncommingData()) );
// start the handshake
bool result = sslSocket->setSocketDescriptor( socketDescriptor );
if( false == result )
{
logError( this, QString("failed to set socket descriptor: %1").arg(sslSocket->errorString()) );
delete sslSocket;
return;
}
sslSocket->startServerEncryption();
}
void Server::connectionFailure()
{
QSslSocket *socket = dynamic_cast<QSslSocket *>(sender());
assert(socket);
std::cout << "connection error " << socket->errorString().toStdString() << std::endl;
sockets.removeOne(socket);
socket->disconnect();
socket->deleteLater();
}
int main(int argc, char **argv)
{
QCoreApplication app(argc, argv);
if (argc < 3) {
QTextStream out(stdout);
out << "Usage: " << argv[0] << " host port [options]" << endl;
out << "The options can be one or more of the following:" << endl;
out << "enable_empty_fragments" << endl;
out << "disable_session_tickets" << endl;
out << "disable_compression" << endl;
out << "disable_sni" << endl;
out << "enable_unsafe_reneg" << endl;
return 1;
}
QString host = QString::fromLocal8Bit(argv[1]);
int port = QString::fromLocal8Bit(argv[2]).toInt();
QSslConfiguration config = QSslConfiguration::defaultConfiguration();
for (int i=3; i < argc; i++) {
QString option = QString::fromLocal8Bit(argv[i]);
if (option == QStringLiteral("enable_empty_fragments"))
config.setSslOption(QSsl::SslOptionDisableEmptyFragments, false);
else if (option == QStringLiteral("disable_session_tickets"))
config.setSslOption(QSsl::SslOptionDisableSessionTickets, true);
else if (option == QStringLiteral("disable_compression"))
config.setSslOption(QSsl::SslOptionDisableCompression, true);
else if (option == QStringLiteral("disable_sni"))
config.setSslOption(QSsl::SslOptionDisableServerNameIndication, true);
else if (option == QStringLiteral("enable_unsafe_reneg"))
config.setSslOption(QSsl::SslOptionDisableLegacyRenegotiation, false);
}
QSslConfiguration::setDefaultConfiguration(config);
QSslSocket socket;
//socket.setSslConfiguration(config);
socket.connectToHostEncrypted(host, port);
if ( !socket.waitForEncrypted() ) {
qDebug() << socket.errorString();
return 1;
}
return 0;
}
void QwwSmtpClientPrivate::onError(QAbstractSocket::SocketError e)
{
emit q->socketError(e, socket->errorString());
onDisconnected();
}
void LanLinkProvider::connectError()
{
QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
if (!socket) return;
disconnect(socket, SIGNAL(connected()), this, SLOT(connected()));
disconnect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(connectError()));
qCDebug(KDECONNECT_CORE) << "Fallback (1), try reverse connection (send udp packet)" << socket->errorString();
NetworkPackage np("");
NetworkPackage::createIdentityPackage(&np);
np.set("tcpPort", mTcpPort);
mUdpSocket.writeDatagram(np.serialize(), receivedIdentityPackages[socket].sender, port);
//The socket we created didn't work, and we didn't manage
//to create a LanDeviceLink from it, deleting everything.
delete receivedIdentityPackages.take(socket).np;
delete socket;
}
bool SenderPrivate::connectToHost()
{
Q_Q(Sender);
QSslSocket *sslSock = nullptr;
switch (connectionType) {
case Sender::TlsConnection:
case Sender::TcpConnection:
qCDebug(SIMPLEMAIL_SENDER) << "Connecting to host" << host << port;
socket->connectToHost(host, port);
break;
case Sender::SslConnection:
{
sslSock = qobject_cast<QSslSocket*>(socket);
if (sslSock) {
qCDebug(SIMPLEMAIL_SENDER) << "Connecting to host encrypted" << host << port;
sslSock->connectToHostEncrypted(host, port);
} else {
return false;
}
}
break;
}
// Tries to connect to server
if (!socket->waitForConnected(connectionTimeout)) {
lastError = socket->errorString();
qCDebug(SIMPLEMAIL_SENDER) << "Connection failed" << socket->errorString();
Q_EMIT q->smtpError(Sender::ConnectionTimeoutError);
return false;
}
// If the response code is not 220 (Service ready)
// means that is something wrong with the server
if (!waitForResponse(220)) {
Q_EMIT q->smtpError(Sender::ServerError);
return false;
}
qCDebug(SIMPLEMAIL_SENDER) << "Sending EHLO" << name;
// Send a EHLO/HELO message to the server
// The client's first command must be EHLO/HELO
sendMessage("EHLO " + name.toLatin1());
// The response code needs to be 250.
if (!waitForResponse(250)) {
Q_EMIT q->smtpError(Sender::ServerError);
return false;
}
qCDebug(SIMPLEMAIL_SENDER) << "Sent hello";
if (connectionType == Sender::TlsConnection) {
qCDebug(SIMPLEMAIL_SENDER) << "Sending STARTTLS";
// send a request to start TLS handshake
sendMessage(QByteArrayLiteral("STARTTLS"));
// The response code needs to be 220.
if (!waitForResponse(220)) {
Q_EMIT q->smtpError(Sender::ServerError);
return false;
};
if (sslSock) {
qCDebug(SIMPLEMAIL_SENDER) << "Starting client encryption";
sslSock->startClientEncryption();
if (!sslSock->waitForEncrypted(connectionTimeout)) {
qCDebug(SIMPLEMAIL_SENDER) << "Failed to encrypt connection" << sslSock->errorString();
Q_EMIT q->smtpError(Sender::ConnectionTimeoutError);
return false;
}
}
qCDebug(SIMPLEMAIL_SENDER) << "Sending second EHLO" << name;
// Send ELHO one more time
sendMessage(QByteArrayLiteral("EHLO ") + name.toLatin1());
// The response code needs to be 250.
if (!waitForResponse(250)) {
Q_EMIT q->smtpError(Sender::ServerError);
return false;
}
}
state = SenderPrivate::Connected;
// If no errors occured the function returns true.
return true;
}
