void ConnectDialog::connectToServer(void) { delete m_client; m_client = 0; m_ui->m_labelStatus->setText("Verbindungsaufbau ..."); /* SelfSignedCertificate akzeptieren */ QList<QSslError> expectedSslErrors; QSslCertificate cert = QSslCertificate::fromPath("cacert.pem").value(0); expectedSslErrors.append(QSslError(QSslError::SelfSignedCertificate, cert)); /* Neue Verbindung aufbauen */ QSslSocket* socket = new QSslSocket; socket->addCaCertificate(cert); socket->ignoreSslErrors(expectedSslErrors); socket->connectToHostEncrypted(m_ui->m_lineAddress->text(), m_ui->m_spinPort->value()); /* Warte bis Verbindung steht */ if (!socket->waitForEncrypted(10000)) { qDebug() << socket->errorString(); m_ui->m_labelStatus->setText(QString("Fehler: ").append(socket->errorString())); delete socket; return; } m_ui->m_labelStatus->setText("Verbindung erfolgreich aufgebaut."); m_client = new Client(socket); this->disconnect(m_ui->m_buttonClose, SIGNAL(clicked()), this, SLOT(reject())); this->connect(m_ui->m_buttonClose, SIGNAL(clicked()), this, SLOT(accept())); }
void SslServer::newConnectionPrivate(qintptr descriptor) { QSslSocket *socket = new QSslSocket(this); socket->setSocketDescriptor(descriptor); if (m_max_connections == 0) { socket->abort(); return; } socket->setProtocol(QSsl::TlsV1_2OrLater); socket->addCaCertificate(m_cert); socket->setLocalCertificate(m_cert); socket->setPrivateKey(m_key); //New connection done, set one less available connection m_max_connections--; QByteArray m_buffer; qint32 size = 0; m_socket_list.append(socket); m_descriptor_hash.insert(socket, descriptor); m_socket_hash.insert(descriptor, socket); m_buffer_hash.insert(socket, m_buffer); m_size_hash.insert(socket, size); connect(socket, &QSslSocket::encrypted, this, &SslServer::encrypted); connect(socket, &QSslSocket::disconnected, this, &SslServer::disconnectedPrivate); connect(socket, static_cast<void(QSslSocket::*)(const QList<QSslError>&)>(&QSslSocket::sslErrors), this, &SslServer::sslErrors); m_alive_hash[socket].start(); socket->startServerEncryption(); }
void LanLinkProvider::connected() { qCDebug(KDECONNECT_CORE) << "Socket connected"; QSslSocket* socket = qobject_cast<QSslSocket*>(sender()); if (!socket) return; disconnect(socket, SIGNAL(connected()), this, SLOT(connected())); disconnect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(connectError())); configureSocket(socket); // If socket disconnects due to any reason after connection, link on ssl faliure connect(socket, SIGNAL(disconnected()), socket, SLOT(deleteLater())); NetworkPackage* receivedPackage = receivedIdentityPackages[socket].np; const QString& deviceId = receivedPackage->get<QString>("deviceId"); //qCDebug(KDECONNECT_CORE) << "Connected" << socket->isWritable(); // If network is on ssl, do not believe when they are connected, believe when handshake is completed NetworkPackage np2(""); NetworkPackage::createIdentityPackage(&np2); socket->write(np2.serialize()); bool success = socket->waitForBytesWritten(); if (success) { qCDebug(KDECONNECT_CORE) << "Handshaking done (i'm the existing device)"; // if ssl supported if (receivedPackage->get<int>("protocolVersion") >= NetworkPackage::ProtocolVersion) { // since I support ssl and remote device support ssl socket->setPeerVerifyName(deviceId); QString certString = KdeConnectConfig::instance()->getDeviceProperty(deviceId, "certificate", QString()); if (!certString.isEmpty()) { qCDebug(KDECONNECT_CORE) << "Device trusted"; socket->addCaCertificate(QSslCertificate(certString.toLatin1())); socket->setPeerVerifyMode(QSslSocket::VerifyPeer); connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(sslErrors(QList<QSslError>))); } else { qCDebug(KDECONNECT_CORE) << "Device untrusted"; // Do not care about ssl errors here, socket will not be closed due to errors because of query peer socket->setPeerVerifyMode(QSslSocket::QueryPeer); connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(sslErrorsLogButIgnore(QList<QSslError>))); } qCDebug(KDECONNECT_CORE) << "Starting server ssl (I'm the client TCP socket)"; connect(socket, SIGNAL(encrypted()), this, SLOT(encrypted())); socket->startServerEncryption(); return; // Return statement prevents from deleting received package, needed in slot "encrypted" } else { qWarning() << "Incompatible protocol version, this won't work"; //addLink(deviceId, socket, receivedPackage, LanDeviceLink::Remotely); } } else { //I think this will never happen, but if it happens the deviceLink //(or the socket that is now inside it) might not be valid. Delete them. qCDebug(KDECONNECT_CORE) << "Fallback (2), try reverse connection (send udp packet)"; mUdpSocket.writeDatagram(np2.serialize(), receivedIdentityPackages[socket].sender, port); } delete receivedIdentityPackages.take(socket).np; //We don't delete the socket because now it's owned by the LanDeviceLink }
bool ssh::dossh() { #ifdef USE_QSSH { if(m_connection && m_connection->state() != QSsh::SshConnection::Unconnected) { helpers::log("ssh: already connecting...", LOG_INF, qApp, 0); return true; } m_connection = new QSsh::SshConnection(params, this); connect(m_connection, SIGNAL(connected()), SLOT(onQsshConnected())); connect(m_connection, SIGNAL(error(QSsh::SshError)), SLOT(onQsshConnectionError(QSsh::SshError))); helpers::log("ssh: connecting START...", LOG_INF, qApp, 0); m_connection->connectToHost(); return false; } #else helpers::log("ssh: START: " + QString::number(QSslSocket::supportsSsl()), QSslSocket::supportsSsl() ? LOG_INF : LOG_ERR, qApp, 0); //http://stackoverflow.com/questions/15213139/simple-qssl-client-server-cannot-start-handshake-on-non-plain-connection QSslSocket *socket = new QSslSocket(this); socket->ignoreSslErrors(); socket->setPeerVerifyMode(QSslSocket::VerifyNone); socket->setProtocol(QSsl::SslV3); connect(socket, SIGNAL(encrypted()), this, SLOT(ready())); connect(socket, SIGNAL(encryptedBytesWritten(qint64)), this, SLOT(encryptedBytesWritten(qint64))); connect(socket, SIGNAL(modeChanged(QSslSocket::SslMode)), this, SLOT(modeChanged(QSslSocket::SslMode))); connect(socket, SIGNAL(peerVerifyError(const QSslError &)), this, SLOT(peerVerifyError(const QSslError &))); connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &))); connect(socket, SIGNAL(connected()), this, SLOT(connected())); connect(socket, SIGNAL(disconnected()), this, SLOT(disconnected())); connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(error(QAbstractSocket::SocketError))); connect(socket, SIGNAL(hostFound()), this, SLOT(hostFound())); connect(socket, SIGNAL(proxyAuthenticationRequired(const QNetworkProxy &, QAuthenticator *)), this, SLOT(proxyAuthenticationRequired(const QNetworkProxy &, QAuthenticator *))); connect(socket, SIGNAL(stateChanged(QAbstractSocket::SocketState)), this, SLOT(stateChanged(QAbstractSocket::SocketState))); connect(socket, SIGNAL(readyRead()), this, SLOT(readyRead())); { { QFile file( "c:/Users/gherczeg/.ssh/id_boot2docker" ); if( ! file.open( QIODevice::ReadOnly ) ) { QMessageBox::question(0, "Erreur", "Impossible de charger id_boot2docker"); return; } QSslKey key(&file); file.close(); helpers::log("ssh:keyok: "+QString::number(!key.isNull()), !key.isNull() ? LOG_INF : LOG_ERR, qApp, 0); socket->setPrivateKey( key ); } foreach (const QSslCertificate &cert, QSslCertificate::fromPath("c:/Users/gherczeg/.boot2docker/certs/boot2docker-vm/*.pem", QSsl::Pem, QRegExp::Wildcard)) { helpers::log("ssh:certok1: "+QString::number(!cert.isNull()), !cert.isNull() ? LOG_INF : LOG_ERR, qApp, 0); socket->setLocalCertificate( cert ); socket->sslConfiguration().caCertificates().append(cert); socket->addCaCertificate( cert ); socket->addDefaultCaCertificate(cert); } } socket->connectToHostEncrypted("127.0.0.1", 2022); //socket->connectToHost("127.0.0.1", 2022); bool bok = socket->waitForEncrypted(100000); //bool bok = socket->waitForConnected(100000); if(!bok) { helpers::log("ssh:!waited:"+QString::number(bok),LOG_ERR, qApp, 0); return; } helpers::log("ssh:waited4ecnrypt/connect:"+QString::number(bok),LOG_INF, qApp, 0); socket->startClientEncryption(); bool wait4Read1 = socket->waitForReadyRead(100000); helpers::log("ssh:wait4Read1:"+QString::number(wait4Read1),wait4Read1 ? LOG_INF : LOG_ERR, qApp, 0); QString s = "docker: do!"; qint64 written = socket->write(s.toStdString().c_str()); helpers::log("ssh:written:"+QString::number(written),written > 0 ? LOG_INF : LOG_ERR, qApp, 0); bool flushed = socket->flush(); helpers::log("ssh:flush:"+QString::number(flushed),flushed ? LOG_INF : LOG_ERR, qApp, 0); bool wait4Write = socket->waitForBytesWritten(100000); helpers::log("ssh:wait4Write:"+QString::number(wait4Write),wait4Write ? LOG_INF : LOG_ERR, qApp, 0); bool wait4Read2 = socket->waitForReadyRead(100000); helpers::log("ssh:wait4Read2:"+QString::number(wait4Read2),wait4Read2 ? LOG_INF : LOG_ERR, qApp, 0); socket->disconnectFromHost(); #endif }