void LoginDialog::onSslErrors(QNetworkReply* reply, const QList<QSslError>& errors) { const QSslCertificate &cert = reply->sslConfiguration().peerCertificate(); qDebug() << "\n= SslErrors =\n" << dumpSslErrors(errors); qDebug() << "\n= Certificate =\n" << dumpCertificate(cert); if (seafApplet->detailedYesOrNoBox(tr("<b>Warning:</b> The ssl certificate of this server is not trusted, proceed anyway?"), dumpSslErrors(errors) + dumpCertificate(cert), this, false)) reply->ignoreSslErrors(); }
void SeafileApiClient::onSslErrors(const QList<QSslError>& errors) { const QUrl url = reply_->url(); CertsManager *mgr = seafApplet->certsManager(); Q_FOREACH(const QSslError &error, errors) { const QSslCertificate &cert = error.certificate(); if (cert.isNull()) { // The server has no ssl certificate, we do nothing and let the // request fail // it is a fatal error, no way to recover qWarning("the certificate for %s is null", url.toString().toUtf8().data()); break; } QSslCertificate saved_cert = mgr->getCertificate(url.toString()); if (saved_cert.isNull()) { // dump certificate information qWarning() << "\n= SslError =\n" << error.errorString(); qWarning() << dumpCipher(reply_->sslConfiguration().sessionCipher()); qWarning() << dumpCertificate(cert); // This is the first time when the client connects to the server. if (seafApplet->detailedYesOrNoBox( tr("<b>Warning:</b> The ssl certificate of this server is not trusted, proceed anyway?"), error.errorString() + "\n" + dumpCertificate(cert), 0, false)) { mgr->saveCertificate(url, cert); // TODO handle ssl by verifying certificate chain instead reply_->ignoreSslErrors(); } break; } else if (saved_cert == cert) { // The user has choosen to trust the certificate before // TODO handle ssl by verifying certificate chain instead reply_->ignoreSslErrors(); break; } else { // dump certificate information qWarning() << "\n= SslError =\n" << error.errorString(); qWarning() << dumpCipher(reply_->sslConfiguration().sessionCipher()); qWarning() << dumpCertificate(cert); qWarning() << dumpCertificate(saved_cert); /** * The cert which the user had chosen to trust has been changed. It * may be either: * * 1. The server has changed its ssl certificate * 2. The user's connection is under security attack * * Anyway, we'll prompt the user */ SslConfirmDialog dialog(url, cert, saved_cert, seafApplet->mainWindow()); if (dialog.exec() == QDialog::Accepted) { // TODO handle ssl by verifying certificate chain instead reply_->ignoreSslErrors(); if (dialog.rememberChoice()) { mgr->saveCertificate(url, cert); } } else { reply_->abort(); break; } break; } } }