mirror of
https://github.com/saitohirga/WSJT-X.git
synced 2024-11-25 05:38:46 -05:00
Fix handling of SSL/TLS exceptions allowing errors to be ignored for a session
Not persistent but I'm not sure they need to be as sites we access should have valid certificates and chains of trust. This should allow users with baulked SSL installations or incomplete CA stores to proceed with network accesses at their discretion. git-svn-id: svn+ssh://svn.code.sf.net/p/wsjt/wsjt/branches/wsjtx@7378 ab8295b8-cf94-4d9e-aec4-7959e3be5d79
This commit is contained in:
parent
dc6c7f959b
commit
9af1379576
@ -19,7 +19,7 @@ class NetworkAccessManager
|
|||||||
: public QNetworkAccessManager
|
: public QNetworkAccessManager
|
||||||
{
|
{
|
||||||
public:
|
public:
|
||||||
NetworkAccessManager (QWidget * parent = nullptr)
|
NetworkAccessManager (QWidget * parent)
|
||||||
: QNetworkAccessManager (parent)
|
: QNetworkAccessManager (parent)
|
||||||
{
|
{
|
||||||
// handle SSL errors that have not been cached as allowed
|
// handle SSL errors that have not been cached as allowed
|
||||||
@ -27,11 +27,18 @@ public:
|
|||||||
// exception cache
|
// exception cache
|
||||||
connect (this, &QNetworkAccessManager::sslErrors, [this, &parent] (QNetworkReply * reply, QList<QSslError> const& errors) {
|
connect (this, &QNetworkAccessManager::sslErrors, [this, &parent] (QNetworkReply * reply, QList<QSslError> const& errors) {
|
||||||
QString message;
|
QString message;
|
||||||
|
QList<QSslError> new_errors;
|
||||||
for (auto const& error: errors)
|
for (auto const& error: errors)
|
||||||
{
|
{
|
||||||
|
if (!allowed_ssl_errors_.contains (error))
|
||||||
|
{
|
||||||
|
new_errors << error;
|
||||||
message += '\n' + reply->request ().url ().toDisplayString () + ": "
|
message += '\n' + reply->request ().url ().toDisplayString () + ": "
|
||||||
+ error.errorString ();
|
+ error.errorString ();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
if (new_errors.size ())
|
||||||
|
{
|
||||||
QString certs;
|
QString certs;
|
||||||
for (auto const& cert : reply->sslConfiguration ().peerCertificateChain ())
|
for (auto const& cert : reply->sslConfiguration ().peerCertificateChain ())
|
||||||
{
|
{
|
||||||
@ -39,9 +46,15 @@ public:
|
|||||||
}
|
}
|
||||||
if (MessageBox::Ignore == MessageBox::query_message (parent, tr ("Network SSL Errors"), message, certs, MessageBox::Abort | MessageBox::Ignore))
|
if (MessageBox::Ignore == MessageBox::query_message (parent, tr ("Network SSL Errors"), message, certs, MessageBox::Abort | MessageBox::Ignore))
|
||||||
{
|
{
|
||||||
// accumulate SSL error exceptions that have been allowed
|
// accumulate new SSL error exceptions that have been allowed
|
||||||
allowed_ssl_errors_.append (errors);
|
allowed_ssl_errors_.append (new_errors);
|
||||||
reply->ignoreSslErrors (errors);
|
reply->ignoreSslErrors (allowed_ssl_errors_);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
// no new exceptions so silently ignore the ones already allowed
|
||||||
|
reply->ignoreSslErrors (allowed_ssl_errors_);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user