void SyncConnector::ignoreSslErrors(QNetworkReply *reply)
{
QList<QSslError> errorsThatCanBeIgnored;
size_t foundHttp = mCurrentUrl.toString().toStdString().find("http:");
QVariant statusCode = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute);
// we're getting redirected, find out if to HTTPS
if (statusCode.toInt() == 302 || statusCode.toInt() == 307)
{
QVariant url = reply->attribute(QNetworkRequest::RedirectionTargetAttribute);
size_t found = url.toString().toStdString().find("https:");
if (found != std::string::npos && foundHttp != std::string::npos
&& !didShowSSLWarning)
{
QMessageBox *msgBox = new QMessageBox;
msgBox->setText("SSL Warning");
msgBox->setInformativeText("The SyncThing Server seems to have HTTPS activated, "
"however you are using HTTP. Please make sure to use a correct URL.");
msgBox->setStandardButtons(QMessageBox::Ok);
msgBox->setDefaultButton(QMessageBox::Ok);
msgBox->setAttribute(Qt::WA_DeleteOnClose);
msgBox->show();
msgBox->setFocus();
mCurrentUrl = QUrl(mCurrentUrl.toString().replace(tr("http"), tr("https")));
didShowSSLWarning = true;
}
}
errorsThatCanBeIgnored<<QSslError(QSslError::HostNameMismatch);
errorsThatCanBeIgnored<<QSslError(QSslError::SelfSignedCertificate);
reply->ignoreSslErrors();
}
QByteArray
CRestWorker::send_request(const QNetworkRequest &req,
bool get,
int& http_status_code,
int& err_code,
int &network_error,
bool ignore_ssl_errors) {
if (m_network_manager->networkAccessible() != QNetworkAccessManager::Accessible) {
CApplicationLog::Instance()->LogError("Network isn't accessible : %d", (int)m_network_manager->networkAccessible());
m_network_manager->setNetworkAccessible(QNetworkAccessManager::Accessible);
}
err_code = RE_SUCCESS;
network_error = 0;
http_status_code = -1;
QEventLoop loop;
QTimer timer(&loop);
timer.setSingleShot(true);
timer.start(15000);
QNetworkReply* reply =
get ? m_network_manager->get(req) : m_network_manager->post(req, QByteArray());
connect(&timer, SIGNAL(timeout()), &loop, SLOT(quit()));
connect(reply, SIGNAL(finished()), &loop, SLOT(quit()));
if (!ignore_ssl_errors) {
connect(reply, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ssl_errors_appeared(QList<QSslError>)));
}
else {
QList<QSslError> errors2ignore;
errors2ignore << QSslError(QSslError::CertificateUntrusted);
errors2ignore << QSslError(QSslError::SelfSignedCertificate);
errors2ignore << QSslError(QSslError::HostNameMismatch);
reply->ignoreSslErrors();
}
loop.exec();
//timer active if timeout didn't fire
if (!timer.isActive()) {
reply->abort();
err_code = RE_TIMEOUT;
return QByteArray();
}
timer.stop();
if (reply->error() != QNetworkReply::NoError) {
network_error = reply->error();
CApplicationLog::Instance()->LogError("Send request network error : %s",
reply->errorString().toStdString().c_str());
err_code = RE_NETWORK_ERROR;
return QByteArray();
}
bool parsed = false;
http_status_code = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt(&parsed);
return reply->readAll();
}
void IslInterface::initClient()
{
QList<QSslError> expectedErrors;
expectedErrors.append(QSslError(QSslError::SelfSignedCertificate, peerCert));
socket->ignoreSslErrors(expectedErrors);
qDebug() << "[ISL] Connecting to #" << serverId << ":" << peerAddress << ":" << peerPort;
socket->connectToHostEncrypted(peerAddress, peerPort, peerHostName);
if (!socket->waitForConnected(5000)) {
qDebug() << "[ISL] Socket error:" << socket->errorString();
deleteLater();
return;
}
if (!socket->waitForEncrypted(5000)) {
QList<QSslError> sslErrors(socket->sslErrors());
if (sslErrors.isEmpty())
qDebug() << "[ISL] SSL handshake timeout, terminating connection";
else
qDebug() << "[ISL] SSL errors:" << sslErrors;
deleteLater();
return;
}
server->islLock.lockForWrite();
if (server->islConnectionExists(serverId)) {
qDebug() << "[ISL] Duplicate connection to #" << serverId << "terminating connection";
deleteLater();
return;
}
server->addIslInterface(serverId, this);
server->islLock.unlock();
}
void ConnectDialog::connectToServer(void)
{
delete m_client;
m_client = 0;
m_ui->m_labelStatus->setText("Verbindungsaufbau ...");
/* SelfSignedCertificate akzeptieren */
QList<QSslError> expectedSslErrors;
QSslCertificate cert = QSslCertificate::fromPath("cacert.pem").value(0);
expectedSslErrors.append(QSslError(QSslError::SelfSignedCertificate, cert));
/* Neue Verbindung aufbauen */
QSslSocket* socket = new QSslSocket;
socket->addCaCertificate(cert);
socket->ignoreSslErrors(expectedSslErrors);
socket->connectToHostEncrypted(m_ui->m_lineAddress->text(), m_ui->m_spinPort->value());
/* Warte bis Verbindung steht */
if (!socket->waitForEncrypted(10000))
{
qDebug() << socket->errorString();
m_ui->m_labelStatus->setText(QString("Fehler: ").append(socket->errorString()));
delete socket;
return;
}
m_ui->m_labelStatus->setText("Verbindung erfolgreich aufgebaut.");
m_client = new Client(socket);
this->disconnect(m_ui->m_buttonClose, SIGNAL(clicked()), this, SLOT(reject()));
this->connect(m_ui->m_buttonClose, SIGNAL(clicked()), this, SLOT(accept()));
}
const QList<QSslError> QgsAuthConfigSslServer::sslIgnoredErrors() const
{
QList<QSslError> errors;
const QList<QSslError::SslError> ignoredErrors = sslIgnoredErrorEnums();
for ( QSslError::SslError errenum : ignoredErrors )
{
errors << QSslError( errenum );
}
return errors;
}
void QgsAuthSslConfigWidget::setSslIgnoreErrorEnums( const QList<QSslError::SslError> &errorenums )
{
if ( mDisabled )
{
return;
}
QList<QSslError> errors;
Q_FOREACH ( QSslError::SslError errorenum, errorenums )
{
errors << QSslError( errorenum );
}
QDebug operator<<(QDebug debug, const QSslError::SslError &error)
{
debug << QSslError(error).errorString();
return debug;
}
