Fix handling of SSL/TLS exceptions allowing errors to be ignored for a session

Not persistent but I'm not sure they need to be as sites we access should have valid certificates and chains of trust. This should allow users with baulked SSL installations or incomplete CA stores to proceed with network accesses at their discretion. git-svn-id: svn+ssh://svn.code.sf.net/p/wsjt/wsjt/branches/wsjtx@7378 ab8295b8-cf94-4d9e-aec4-7959e3be5d79
2016-12-11 21:19:23 +00:00 · 2016-12-11 21:19:23 +00:00 · 9af1379576
parent dc6c7f959b
commit 9af1379576
2 changed files with 24 additions and 11 deletions
--- a/MessageBox.cpp
+++ b/MessageBox.cpp
@ -29,7 +29,7 @@ void MessageBox::about_Qt_message (QWidget * parent)

 namespace
 {
-  QMessageBox::StandardButton show_it (QWidget *parent, MessageBox::Icon icon
+  QMessageBox::StandardButton show_it (QWidget * parent, MessageBox::Icon icon
                                       , QString const& text
                                       , QString const& informative
                                       , QString const& detail
--- a/NetworkAccessManager.hpp
+++ b/NetworkAccessManager.hpp
@ -19,7 +19,7 @@ class NetworkAccessManager
  : public QNetworkAccessManager
 {
 public:
-  NetworkAccessManager (QWidget * parent = nullptr)
+  NetworkAccessManager (QWidget * parent)
    : QNetworkAccessManager (parent)
  {
    // handle SSL errors that have not been cached as allowed
@ -27,21 +27,34 @@ public:
    // exception cache
    connect (this, &QNetworkAccessManager::sslErrors, [this, &parent] (QNetworkReply * reply, QList<QSslError> const& errors) {
        QString message;
+        QList<QSslError> new_errors;
        for (auto const& error: errors)
          {
-            message += '\n' + reply->request ().url ().toDisplayString () + ": "
-              + error.errorString ();
+            if (!allowed_ssl_errors_.contains (error))
+              {
+                new_errors << error;
+                message += '\n' + reply->request ().url ().toDisplayString () + ": "
+                  + error.errorString ();
+              }
          }
-        QString certs;
-        for (auto const& cert : reply->sslConfiguration ().peerCertificateChain ())
+        if (new_errors.size ())
          {
-            certs += cert.toText () + '\n';
+            QString certs;
+            for (auto const& cert : reply->sslConfiguration ().peerCertificateChain ())
+              {
+                certs += cert.toText () + '\n';
+              }
+            if (MessageBox::Ignore == MessageBox::query_message (parent, tr ("Network SSL Errors"), message, certs, MessageBox::Abort | MessageBox::Ignore))
+              {
+                // accumulate new SSL error exceptions that have been allowed
+                allowed_ssl_errors_.append (new_errors);
+                reply->ignoreSslErrors (allowed_ssl_errors_);
+              }
          }
-        if (MessageBox::Ignore == MessageBox::query_message (parent, tr ("Network SSL Errors"), message, certs, MessageBox::Abort | MessageBox::Ignore))
+        else
          {
-            // accumulate SSL error exceptions that have been allowed
-            allowed_ssl_errors_.append (errors);
-            reply->ignoreSslErrors (errors);
+            // no new exceptions so silently ignore the ones already allowed
+            reply->ignoreSslErrors (allowed_ssl_errors_);
          }
      });
  }