From 9af1379576468432017f2125bbed27a74f6af054 Mon Sep 17 00:00:00 2001
From: Bill Somerville <g4wjs@classdesign.com>
Date: Sun, 11 Dec 2016 21:19:23 +0000
Subject: [PATCH] Fix handling of SSL/TLS exceptions allowing errors to be
 ignored for a session

Not persistent  but I'm not  sure they need to  be as sites  we access
should have valid certificates and  chains of trust. This should allow
users  with  baulked SSL  installations  or  incomplete CA  stores  to
proceed with network accesses at their discretion.

git-svn-id: svn+ssh://svn.code.sf.net/p/wsjt/wsjt/branches/wsjtx@7378 ab8295b8-cf94-4d9e-aec4-7959e3be5d79
---
 MessageBox.cpp           |  2 +-
 NetworkAccessManager.hpp | 33 +++++++++++++++++++++++----------
 2 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/MessageBox.cpp b/MessageBox.cpp
index b96830cec..0f8b3972c 100644
--- a/MessageBox.cpp
+++ b/MessageBox.cpp
@@ -29,7 +29,7 @@ void MessageBox::about_Qt_message (QWidget * parent)
 
 namespace
 {
-  QMessageBox::StandardButton show_it (QWidget *parent, MessageBox::Icon icon
+  QMessageBox::StandardButton show_it (QWidget * parent, MessageBox::Icon icon
                                        , QString const& text
                                        , QString const& informative
                                        , QString const& detail
diff --git a/NetworkAccessManager.hpp b/NetworkAccessManager.hpp
index 2381621de..df5a4edcd 100644
--- a/NetworkAccessManager.hpp
+++ b/NetworkAccessManager.hpp
@@ -19,7 +19,7 @@ class NetworkAccessManager
   : public QNetworkAccessManager
 {
 public:
-  NetworkAccessManager (QWidget * parent = nullptr)
+  NetworkAccessManager (QWidget * parent)
     : QNetworkAccessManager (parent)
   {
     // handle SSL errors that have not been cached as allowed
@@ -27,21 +27,34 @@ public:
     // exception cache
     connect (this, &QNetworkAccessManager::sslErrors, [this, &parent] (QNetworkReply * reply, QList<QSslError> const& errors) {
         QString message;
+        QList<QSslError> new_errors;
         for (auto const& error: errors)
           {
-            message += '\n' + reply->request ().url ().toDisplayString () + ": "
-              + error.errorString ();
+            if (!allowed_ssl_errors_.contains (error))
+              {
+                new_errors << error;
+                message += '\n' + reply->request ().url ().toDisplayString () + ": "
+                  + error.errorString ();
+              }
           }
-        QString certs;
-        for (auto const& cert : reply->sslConfiguration ().peerCertificateChain ())
+        if (new_errors.size ())
           {
-            certs += cert.toText () + '\n';
+            QString certs;
+            for (auto const& cert : reply->sslConfiguration ().peerCertificateChain ())
+              {
+                certs += cert.toText () + '\n';
+              }
+            if (MessageBox::Ignore == MessageBox::query_message (parent, tr ("Network SSL Errors"), message, certs, MessageBox::Abort | MessageBox::Ignore))
+              {
+                // accumulate new SSL error exceptions that have been allowed
+                allowed_ssl_errors_.append (new_errors);
+                reply->ignoreSslErrors (allowed_ssl_errors_);
+              }
           }
-        if (MessageBox::Ignore == MessageBox::query_message (parent, tr ("Network SSL Errors"), message, certs, MessageBox::Abort | MessageBox::Ignore))
+        else
           {
-            // accumulate SSL error exceptions that have been allowed
-            allowed_ssl_errors_.append (errors);
-            reply->ignoreSslErrors (errors);
+            // no new exceptions so silently ignore the ones already allowed
+            reply->ignoreSslErrors (allowed_ssl_errors_);
           }
       });
   }