QList<QSslCipher> MumbleSSL::ciphersFromOpenSSLCipherString(QString cipherString) { QList<QSslCipher> chosenCiphers; SSL_CTX *ctx = NULL; SSL *ssl = NULL; const SSL_METHOD *meth = NULL; int i = 0; QByteArray csbuf = cipherString.toLatin1(); const char *ciphers = csbuf.constData(); meth = SSLv23_server_method(); if (meth == NULL) { qWarning("MumbleSSL: unable to get SSL method"); goto out; } // We use const_cast to be compatible with OpenSSL 0.9.8. ctx = SSL_CTX_new(const_cast<SSL_METHOD *>(meth)); if (ctx == NULL) { qWarning("MumbleSSL: unable to allocate SSL_CTX"); goto out; } if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { qWarning("MumbleSSL: error parsing OpenSSL cipher string in ciphersFromOpenSSLCipherString"); goto out; } ssl = SSL_new(ctx); if (ssl == NULL) { qWarning("MumbleSSL: unable to create SSL object in ciphersFromOpenSSLCipherString"); goto out; } while (1) { const char *name = SSL_get_cipher_list(ssl, i); if (name == NULL) { break; } #if QT_VERSION >= 0x050300 QSslCipher c = QSslCipher(QString::fromLatin1(name)); if (!c.isNull()) { chosenCiphers << c; } #else foreach (const QSslCipher &c, QSslSocket::supportedCiphers()) { if (c.name() == QString::fromLatin1(name)) { chosenCiphers << c; } } #endif ++i; } out: SSL_CTX_free(ctx); SSL_free(ssl); return chosenCiphers; }
void QgsAuthSslImportDialog::socketEncrypted() { QgsDebugMsg( "socketEncrypted entered" ); if ( !mSocket ) return; // might have disconnected already appendString( tr( "Socket ENCRYPTED" ) ); appendString( QStringLiteral( "%1: %2" ).arg( tr( "Protocol" ), QgsAuthCertUtils::getSslProtocolName( mSocket->protocol() ) ) ); QSslCipher ciph = mSocket->sessionCipher(); QString cipher = QStringLiteral( "%1: %2, %3 (%4/%5)" ) .arg( tr( "Session cipher" ), ciph.authenticationMethod(), ciph.name() ) .arg( ciph.usedBits() ).arg( ciph.supportedBits() ); appendString( cipher ); wdgtSslConfig->setEnabled( true ); QString hostport( QStringLiteral( "%1:%2" ).arg( mSocket->peerName() ).arg( mSocket->peerPort() ) ); wdgtSslConfig->setSslCertificate( mSocket->peerCertificate(), hostport.trimmed() ); if ( !mSslErrors.isEmpty() ) { wdgtSslConfig->appendSslIgnoreErrors( mSslErrors ); mSslErrors.clear(); } // checkCanSave(); // must come after last state change, or gets reverted leServer->setStyleSheet( QgsAuthGuiUtils::greenTextStyleSheet() ); destroySocket(); }
Checker::Checker() { Settings se; this->previousMessage = ""; this->isWorking = false; this->accessUrl = QUrl(se.getString("accessUrl")); accessManager = new QNetworkAccessManager(this); // Signal for finishing network access connect(accessManager, SIGNAL(finished(QNetworkReply*)),this, SLOT(replyFinished(QNetworkReply*))); // SSL/TLS configuration this->sslConfiguration = new QSslConfiguration; sslConfiguration->setProtocol(QSsl::SecureProtocols); // QT 5.0.1: TlsV1SslV3 // CA Certs QList<QSslCertificate> certs = QSslCertificate::fromPath(QString(se.getString("certificateFile")), QSsl::Pem); sslConfiguration->setPeerVerifyMode(QSslSocket::VerifyPeer); // Default behaviour for clients sslConfiguration->setCaCertificates(certs); // Ciphers QList<QSslCipher> ciphers; QStringList cipherList = se.getStringList("cipherList"); foreach (QString cipherName, cipherList) { QSslCipher cipher = QSslCipher(cipherName,QSsl::SecureProtocols); qDebug() << "Instantiated" << cipherName << ":" << cipher.isNull(); if (!cipher.isNull()) { ciphers.append(cipher); } }
void SslClient::socketEncrypted() { QSslCipher ciph = ssl_->sessionCipher(); QString cipher = QString("%1, %2 (%3/%4)").arg(ciph.authenticationMethod()) .arg(ciph.name()).arg(ciph.usedBits()).arg(ciph.supportedBits()); CDebug() << "SSL cipher " << cipher; }
QDebug operator<<(QDebug debug, const QSslCipher &cipher) { debug << "QSslCipher(name=" << qPrintable(cipher.name()) << ", bits=" << cipher.usedBits() << ", proto=" << qPrintable(cipher.protocolString()) << ")"; return debug; }
QDebug operator<<(QDebug debug, const QSslCipher &cipher) { QDebugStateSaver saver(debug); debug.resetFormat().nospace().noquote(); debug << "QSslCipher(name=" << cipher.name() << ", bits=" << cipher.usedBits() << ", proto=" << cipher.protocolString() << ')'; return debug; }
void Server::connectionAccepted() { qDebug() << "SERVER: Now connected"; qDebug() << "SERVER: Connection is encrypted:" << clientConnection -> isEncrypted(); qDebug() << "SERVER: Socket Descriptor:" << clientConnection -> socketDescriptor(); QSslCipher ciph = clientConnection->sessionCipher(); QString cipher = QString("%1, %2 (%3/%4)").arg(ciph.authenticationMethod()).arg(ciph.name()).arg(ciph.usedBits()).arg(ciph.supportedBits()); qDebug() << "SERVER: Cipher:" << cipher; connected=1; emit readyToSendData(); }
QString Server :: getSSLCypher() { QString cipher(""); if(connected) //I know it's not pretty but it looks a lot better than a segfault :P if(clientConnection!=0) if(clientConnection -> isOpen()) { QSslCipher ciph = clientConnection->sessionCipher(); cipher = QString("%1, %2 (%3/%4)").arg(ciph.authenticationMethod()).arg(ciph.name()).arg(ciph.usedBits()).arg(ciph.supportedBits()); } return cipher; }
void SslClient::socketEncrypted() { form->sessionOutput->clear(); form->sessionInput->setFocus(); QPalette palette; palette.setColor(QPalette::Base, QColor(255, 255, 192)); form->hostNameEdit->setPalette(palette); const QSslCipher cipher = socket->sessionCipher(); const QString cipherInfo = QString("%1, %2 (%3/%4)").arg(cipher.authenticationMethod()) .arg(cipher.name()).arg(cipher.usedBits()) .arg(cipher.supportedBits());; form->cipherLabel->setText(cipherInfo); padLock->show(); }
SslInfoDlg::SslInfoDlg(const QSslSocket *socket, QWidget *parent) : QDialog(parent), _socket(socket) { ui.setupUi(this); QSslCipher cipher = socket->sessionCipher(); ui.hostname->setText(socket->peerName()); ui.address->setText(socket->peerAddress().toString()); ui.encryption->setText(cipher.name()); ui.protocol->setText(cipher.protocolString()); connect(ui.certificateChain, SIGNAL(currentIndexChanged(int)), SLOT(setCurrentCert(int))); foreach(const QSslCertificate &cert, socket->peerCertificateChain()) { ui.certificateChain->addItem(subjectInfo(cert, QSslCertificate::CommonName)); } }
void SslClient::socketEncrypted() { if (!socket) return; // might have disconnected already form->sessionOutput->clear(); form->sessionInput->setFocus(); QPalette palette; palette.setColor(QPalette::Base, QColor(255, 255, 192)); form->hostNameEdit->setPalette(palette); QSslCipher ciph = socket->sessionCipher(); QString cipher = QString("%1, %2 (%3/%4)").arg(ciph.authenticationMethod()) .arg(ciph.name()).arg(ciph.usedBits()).arg(ciph.supportedBits());; form->cipherLabel->setText(cipher); if (!padLock) { padLock = new QToolButton; padLock->setIcon(QIcon(":/encrypted.png")); #ifndef QT_NO_CURSOR padLock->setCursor(Qt::ArrowCursor); #endif padLock->setToolTip(tr("Display encryption details.")); int extent = form->hostNameEdit->height() - 2; padLock->resize(extent, extent); padLock->setSizePolicy(QSizePolicy::Fixed, QSizePolicy::Ignored); QHBoxLayout *layout = new QHBoxLayout(form->hostNameEdit); layout->setMargin(form->hostNameEdit->style()->pixelMetric(QStyle::PM_DefaultFrameWidth)); layout->setSpacing(0); layout->addStretch(); layout->addWidget(padLock); form->hostNameEdit->setLayout(layout); connect(padLock, SIGNAL(clicked()), this, SLOT(displayCertificateInfo())); } else { padLock->show(); } }
//! [3] void SslClient::socketEncrypted() { if (!m_socket) return; // Might have disconnected already // We started a new connection, so clear the response from previous connections m_response.clear(); emit responseChanged(); // Retrieve the information about the used cipher and update the property const QSslCipher cipher = m_socket->sessionCipher(); m_cipher = QString("%1, %2 (%3/%4)").arg(cipher.authenticationMethod()) .arg(cipher.name()) .arg(cipher.usedBits()) .arg(cipher.supportedBits()); emit cipherChanged(); // Tell the CertificateInfoControl about the certificate chain of this connection emit certificateChainChanged(m_socket->peerCertificateChain()); }
void SslButton::updateAccountInfo(Account *account) { if (!account || account->state() != Account::Connected) { setVisible(false); return; } else { setVisible(true); } if (account->url().scheme() == QLatin1String("https")) { setIcon(QIcon(QPixmap(":/mirall/resources/lock-https.png"))); QSslCipher cipher = account->sslConfiguration().sessionCipher(); setToolTip(tr("This connection is encrypted using %1 bit %2.\n").arg(cipher.usedBits()).arg(cipher.name())); QMenu *menu = new QMenu(this); QList<QSslCertificate> chain = account->sslConfiguration().peerCertificateChain(); menu->addAction(tr("Certificate information:"))->setEnabled(false); QList<QSslCertificate> tmpChain; foreach(QSslCertificate cert, chain) { tmpChain << cert; if (QSslSocket::systemCaCertificates().contains(cert)) break; }
QString dumpCipher(const QSslCipher &cipher) { QString s = "\n"; s += "Authentication: " + cipher.authenticationMethod() + "\n"; s += "Encryption: " + cipher.encryptionMethod() + "\n"; s += "Key Exchange: " + cipher.keyExchangeMethod() + "\n"; s += "Cipher Name: " + cipher.name() + "\n"; s += "Protocol: " + cipher.protocolString() + "\n"; s += "Supported Bits: " + QString(cipher.supportedBits()) + "\n"; s += "Used Bits: " + QString(cipher.usedBits()) + "\n"; return s; }
void WebsocketServer::initialisieren(const QString &name, const QString &ipAdresse, const int &anschluss, const QStringList &sslAlgorithmen, const QStringList &ssl_EK, const QString &ssl_DH, const QString &zertifikatSchluessel, const QString &zertifikat, const QString &zertifkatKette, const bool &ssl_aktiv) { QWebSocketServer::SslMode SSL_Modus; if (ssl_aktiv) { SSL_Modus=QWebSocketServer::SecureMode; K_IPAdresse=QHostAddress(ipAdresse); } else { SSL_Modus=QWebSocketServer::NonSecureMode; K_IPAdresse=QHostAddress(QHostAddress::LocalHost); } K_Server=new QWebSocketServer(name,SSL_Modus,this); connect(K_Server,&QWebSocketServer::sslErrors,this, &WebsocketServer::SSL_Fehler); connect(K_Server,&QWebSocketServer::serverError,this,&WebsocketServer::SSL_Serverfehler); connect(K_Server,&QWebSocketServer::newConnection,this,&WebsocketServer::NeuerKlient); connect(K_Server,&QWebSocketServer::acceptError,this,&WebsocketServer::Verbindungsfehler); K_Anschluss=anschluss; QSslConfiguration SSL; QList<QSslCipher> Algorithmen; QVector<QSslEllipticCurve> EK; SSL.setProtocol(QSsl::TlsV1_2OrLater); SSL.setPeerVerifyMode(QSslSocket::VerifyNone); QSslCipher Algorithmus; QSslEllipticCurve Kurve; if (ssl_aktiv) { //BUG Das mit der Reihenfolge geht nicht for (auto Eintrag : sslAlgorithmen) { Algorithmus=QSslCipher(Eintrag); if (Algorithmus.isNull()) qCWarning(qalarm_serverWebsocketServer)<< tr("Algorithmus %1 wird nicht unterstützt.").arg(Eintrag); else Algorithmen.append(Algorithmus); } SSL.setCiphers(Algorithmen); //BUG Es werden nie Kurven angeboten for (auto Eintrag : ssl_EK) { Kurve=QSslEllipticCurve::fromShortName(Eintrag); if (!Kurve.isValid()) qCWarning(qalarm_serverWebsocketServer)<< tr("Kurve %1 wird nicht unterstützt.").arg(Eintrag); else EK.append(Kurve); } SSL.setEllipticCurves(EK); if(!ssl_DH.isEmpty()) { #if (QT_VERSION >= QT_VERSION_CHECK(5,8,0)) SSL.setDiffieHellmanParameters(QSslDiffieHellmanParameters::fromEncoded(DateiLaden(ssl_DH,tr("Die DH Parameter %1 konnten nicht geladen werden.")))); #else qCWarning(qalarm_serverWebsocketServer)<<tr("Qt kann die DH Parameter erst ab Version 5.8.0 setzen"); #endif } QList<QSslCertificate> Zertifikate; Zertifikate=QSslCertificate::fromDevice(DateiLaden(zertifikat,tr("Zertifikat %1 konnte nicht geladen werden.").arg(zertifikat))); Zertifikate.append(QSslCertificate::fromDevice(DateiLaden(zertifkatKette,tr("Die Zertifikatskette %1 konnte nicht geladen werden.").arg(zertifkatKette)))); SSL.setLocalCertificateChain(Zertifikate); SSL.setPrivateKey(QSslKey(DateiLaden(zertifikatSchluessel,tr("Der Schlüssel %1 für das Zertifikat konnte nicht geladen werden.").arg(zertifikatSchluessel)),QSsl::Rsa)); if(SSL.privateKey().isNull() || SSL.localCertificate().isNull() || SSL.localCertificateChain().isEmpty()) return; qCDebug(qalarm_serverWebsocketServer)<<tr("Setze SSL Konfiguration"); qCDebug(qalarm_serverWebsocketServer)<<tr("Privater Schlüssel: ")<<SSL.privateKey(); qCDebug(qalarm_serverWebsocketServer)<<tr("Zertifikate: ")<<SSL.localCertificateChain(); #if (QT_VERSION >= QT_VERSION_CHECK(5,8,0)) qCDebug(qalarm_serverWebsocketServer)<<tr("DH Parameter: ")<<SSL.diffieHellmanParameters(); #endif qCDebug(qalarm_serverWebsocketServer)<<tr("Zerttest: ")<<SSL.peerVerifyMode(); qCDebug(qalarm_serverWebsocketServer)<<tr("Elliptische Kurven: ")<<SSL.ellipticCurves(); qCDebug(qalarm_serverWebsocketServer)<<tr("Algorithmen: ")<<SSL.ciphers(); K_Server->setSslConfiguration(SSL); } if(!K_Initfehler) Q_EMIT Initialisiert(); }