int main(int argc, char **argv) { QCoreApplication app(argc, argv); if (argc < 3) { QTextStream out(stdout); out << "Usage: " << argv[0] << " host port [options]" << endl; out << "The options can be one or more of the following:" << endl; out << "enable_empty_fragments" << endl; out << "disable_session_tickets" << endl; out << "disable_compression" << endl; out << "disable_sni" << endl; out << "enable_unsafe_reneg" << endl; return 1; } QString host = QString::fromLocal8Bit(argv[1]); int port = QString::fromLocal8Bit(argv[2]).toInt(); QSslConfiguration config = QSslConfiguration::defaultConfiguration(); for (int i=3; i < argc; i++) { QString option = QString::fromLocal8Bit(argv[i]); if (option == QStringLiteral("enable_empty_fragments")) config.setSslOption(QSsl::SslOptionDisableEmptyFragments, false); else if (option == QStringLiteral("disable_session_tickets")) config.setSslOption(QSsl::SslOptionDisableSessionTickets, true); else if (option == QStringLiteral("disable_compression")) config.setSslOption(QSsl::SslOptionDisableCompression, true); else if (option == QStringLiteral("disable_sni")) config.setSslOption(QSsl::SslOptionDisableServerNameIndication, true); else if (option == QStringLiteral("enable_unsafe_reneg")) config.setSslOption(QSsl::SslOptionDisableLegacyRenegotiation, false); } QSslConfiguration::setDefaultConfiguration(config); QSslSocket socket; //socket.setSslConfiguration(config); socket.connectToHostEncrypted(host, port); if ( !socket.waitForEncrypted() ) { qDebug() << socket.errorString(); return 1; } return 0; }
void HeadlessApplication::getFavoriteThreads() { // list green + yellow flags const QUrl url(DefineConsts::FORUM_URL + "/forum1f.php?owntopic=1"); qDebug() << "getFavoriteThreads()"; CookieJar *cookies = new CookieJar(); cookies->loadFromDisk(); QNetworkAccessManager *accessManager = new QNetworkAccessManager(); accessManager->setCookieJar(cookies); QNetworkRequest request(url); request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded"); QSslConfiguration sslConfig = request.sslConfiguration(); sslConfig.setPeerVerifyMode(QSslSocket::VerifyNone); sslConfig.setPeerVerifyDepth(1); sslConfig.setProtocol(QSsl::TlsV1); sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, true); QNetworkReply* reply = accessManager->get(request); bool ok = connect(reply, SIGNAL(finished()), this, SLOT(checkReplyFav())); Q_ASSERT(ok); Q_UNUSED(ok); }
SslTlsSocket::SslTlsSocket(QSslSocket *sock, const QString &host, const quint16 port, const bool startEncrypted): IODeviceSocket(sock), startEncrypted(startEncrypted), host(host), port(port), m_proxySettings(ProxySettings::RespectSystemProxy) { // The Qt API for deciding about whereabouts of a SSL connection is unfortunately blocking, ie. one is expected to // call a function from a slot attached to the sslErrors signal to tell the code whether to proceed or not. // In QML, one cannot display a dialog box with a nested event loop, so this means that we have to deal with SSL/TLS // establishing at higher level. sock->ignoreSslErrors(); sock->setProtocol(QSsl::AnyProtocol); sock->setPeerVerifyMode(QSslSocket::QueryPeer); // In response to the attacks related to the SSL compression, Digia has decided to disable SSL compression starting in // Qt 4.8.4 -- see http://qt.digia.com/en/Release-Notes/security-issue-september-2012/. // I have brought this up on the imap-protocol mailing list; the consensus seemed to be that the likelihood of an // successful exploit on an IMAP conversation is very unlikely. The compression itself is, on the other hand, a // very worthwhile goal, so we explicitly enable it again. // Unfortunately, this was backported to older Qt versions as well (see qt4.git's 3488f1db96dbf70bb0486d3013d86252ebf433e0), // but there is no way of enabling compression back again. QSslConfiguration sslConf = sock->sslConfiguration(); sslConf.setSslOption(QSsl::SslOptionDisableCompression, false); sock->setSslConfiguration(sslConf); connect(sock, &QSslSocket::encrypted, this, &Socket::encrypted); connect(sock, &QAbstractSocket::stateChanged, this, &SslTlsSocket::handleStateChanged); connect(sock, static_cast<void (QAbstractSocket::*)(QAbstractSocket::SocketError)>(&QAbstractSocket::error), this, &SslTlsSocket::handleSocketError); }
BluecherryApp::BluecherryApp() : nam(new QNetworkAccessManager(this)), liveView(new LiveViewManager(this)), globalRate(new TransferRateCalculator(this)), m_updateChecker(0), m_livePaused(false), m_inPauseQuery(false), m_screensaverInhibited(false), m_screensaveValue(0) { Q_ASSERT(!bcApp); bcApp = this; m_serverRepository = new DVRServerRepository(this); connect(qApp, SIGNAL(aboutToQuit()), SLOT(aboutToQuit())); appIcon.addFile(QLatin1String(":/icons/icon16.png")); appIcon.addFile(QLatin1String(":/icons/icon32.png")); appIcon.addFile(QLatin1String(":/icons/icon64.png")); appIcon.addFile(QLatin1String(":/icons/bluecherry-client.png")); qApp->setWindowIcon(appIcon); connect(nam, SIGNAL(sslErrors(QNetworkReply*,QList<QSslError>)), SLOT(sslErrors(QNetworkReply*,QList<QSslError>))); /* Don't use the system CAs to verify certificates */ QSslConfiguration sslConfig = QSslConfiguration::defaultConfiguration(); sslConfig.setCaCertificates(QList<QSslCertificate>()); #if QT_VERSION >= 0x040800 /* SNI breaks connections (before sslError, even) when the hostname does * not match the server. */ sslConfig.setSslOption(QSsl::SslOptionDisableServerNameIndication, true); #endif QSslConfiguration::setDefaultConfiguration(sslConfig); loadServers(); if (shouldAddLocalServer()) addLocalServer(); autoConnectServers(); sendSettingsChanged(); m_updateChecker = new UpdateChecker(nam, this); connect(m_updateChecker, SIGNAL(newVersionAvailable(Version)), this, SLOT(newVersionAvailable(Version))); QSettings settings; if (!settings.value(QLatin1String("ui/disableUpdateNotifications"), false).toBool()) { startUpdateChecker(); } m_mediaDownloadManager = new MediaDownloadManager(this); m_mediaDownloadManager->setCookieJar(nam->cookieJar()); m_eventDownloadManager = new EventDownloadManager(this); connect(m_serverRepository, SIGNAL(serverRemoved(DVRServer*)), m_eventDownloadManager, SLOT(serverRemoved(DVRServer*))); registerVideoPlayerFactory(); connect(qApp, SIGNAL(commitDataRequest(QSessionManager&)), this, SLOT(commitDataRequest(QSessionManager&))); connect(qApp, SIGNAL(aboutToQuit()), this, SLOT(saveSettings())); }
QSslConfiguration Account::getOrCreateSslConfig() { if (!_sslConfiguration.isNull()) { // Will be set by CheckServerJob::finished() // We need to use a central shared config to get SSL session tickets return _sslConfiguration; } // if setting the client certificate fails, you will probably get an error similar to this: // "An internal error number 1060 happened. SSL handshake failed, client certificate was requested: SSL error: sslv3 alert handshake failure" QSslConfiguration sslConfig = QSslConfiguration::defaultConfiguration(); QSslCertificate sslClientCertificate; ConfigFile cfgFile; if(!cfgFile.certificatePath().isEmpty() && !cfgFile.certificatePasswd().isEmpty()) { resultP12ToPem certif = p12ToPem(cfgFile.certificatePath().toStdString(), cfgFile.certificatePasswd().toStdString()); QString s = QString::fromStdString(certif.Certificate); QByteArray ba = s.toLocal8Bit(); this->setCertificate(ba, QString::fromStdString(certif.PrivateKey)); } if((!_pemCertificate.isEmpty())&&(!_pemPrivateKey.isEmpty())) { // Read certificates QList<QSslCertificate> sslCertificateList = QSslCertificate::fromData(_pemCertificate, QSsl::Pem); if(sslCertificateList.length() != 0) { sslClientCertificate = sslCertificateList.takeAt(0); } // Read key from file QSslKey privateKey(_pemPrivateKey.toLocal8Bit(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey , ""); // SSL configuration sslConfig.setCaCertificates(QSslSocket::systemCaCertificates()); sslConfig.setLocalCertificate(sslClientCertificate); sslConfig.setPrivateKey(privateKey); qDebug() << "Added SSL client certificate to the query"; } #if QT_VERSION > QT_VERSION_CHECK(5, 2, 0) // Try hard to re-use session for different requests sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, false); sslConfig.setSslOption(QSsl::SslOptionDisableSessionSharing, false); sslConfig.setSslOption(QSsl::SslOptionDisableSessionPersistence, false); #endif return sslConfig; }
void SslClient::ConfigureForLMAX() { // configure required session protocol QSslConfiguration config = ssl_->sslConfiguration(); QSsl::SslProtocol p = config.sessionProtocol(); if( p != proto_ ) config.setProtocol(proto_); config.setPeerVerifyMode(QSslSocket::VerifyNone); config.setSslOption(QSsl::SslOptionDisableServerNameIndication, true); ssl_->setSslConfiguration(config); }
void ProfileController::loadProfile(const QString& url) { // ----------------------------------------------------------------------------------------- // request page QNetworkRequest request(DefineConsts::FORUM_URL+url); request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded"); QSslConfiguration sslConfig = request.sslConfiguration(); sslConfig.setPeerVerifyMode(QSslSocket::VerifyNone); sslConfig.setPeerVerifyDepth(1); sslConfig.setProtocol(QSsl::TlsV1); sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, true); request.setSslConfiguration(sslConfig); QNetworkReply* reply = HFRNetworkAccessManager::get()->get(request); bool ok = connect(reply, SIGNAL(finished()), this, SLOT(checkReply())); Q_ASSERT(ok); Q_UNUSED(ok); }
void SmileyPickerController::getSmiley(const QString &keyword) { if(keyword.isEmpty()) return; // list green + yellow flags const QUrl url(DefineConsts::FORUM_URL + "/message-smi-mp-aj.php?config=hfr.inc&findsmilies=" + keyword); QNetworkRequest request(url); request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded"); QSslConfiguration sslConfig = request.sslConfiguration(); sslConfig.setPeerVerifyMode(QSslSocket::VerifyNone); sslConfig.setPeerVerifyDepth(1); sslConfig.setProtocol(QSsl::TlsV1); sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, true); request.setSslConfiguration(sslConfig); QNetworkReply* reply = HFRNetworkAccessManager::get()->get(request); bool ok = connect(reply, SIGNAL(finished()), this, SLOT(checkReply())); Q_ASSERT(ok); Q_UNUSED(ok); // ---------------------------------------------------------------------------------------------- // get the dataModel of the listview if not already available using namespace bb::cascades; if(m_ListView == NULL) { qWarning() << "did not received the listview. quit."; return; } GroupDataModel* dataModel = dynamic_cast<GroupDataModel*>(m_ListView->dataModel()); dataModel->clear(); }