Fix handling of SSL/TLS exceptions allowing errors to be ignored for a session

Not persistent  but I'm not  sure they need to  be as sites  we access
should have valid certificates and  chains of trust. This should allow
users  with  baulked SSL  installations  or  incomplete CA  stores  to
proceed with network accesses at their discretion.

git-svn-id: svn+ssh://svn.code.sf.net/p/wsjt/wsjt/branches/wsjtx@7378 ab8295b8-cf94-4d9e-aec4-7959e3be5d79
This commit is contained in:
Bill Somerville 2016-12-11 21:19:23 +00:00
parent dc6c7f959b
commit 9af1379576
2 changed files with 24 additions and 11 deletions

View File

@ -19,7 +19,7 @@ class NetworkAccessManager
: public QNetworkAccessManager : public QNetworkAccessManager
{ {
public: public:
NetworkAccessManager (QWidget * parent = nullptr) NetworkAccessManager (QWidget * parent)
: QNetworkAccessManager (parent) : QNetworkAccessManager (parent)
{ {
// handle SSL errors that have not been cached as allowed // handle SSL errors that have not been cached as allowed
@ -27,11 +27,18 @@ public:
// exception cache // exception cache
connect (this, &QNetworkAccessManager::sslErrors, [this, &parent] (QNetworkReply * reply, QList<QSslError> const& errors) { connect (this, &QNetworkAccessManager::sslErrors, [this, &parent] (QNetworkReply * reply, QList<QSslError> const& errors) {
QString message; QString message;
QList<QSslError> new_errors;
for (auto const& error: errors) for (auto const& error: errors)
{ {
if (!allowed_ssl_errors_.contains (error))
{
new_errors << error;
message += '\n' + reply->request ().url ().toDisplayString () + ": " message += '\n' + reply->request ().url ().toDisplayString () + ": "
+ error.errorString (); + error.errorString ();
} }
}
if (new_errors.size ())
{
QString certs; QString certs;
for (auto const& cert : reply->sslConfiguration ().peerCertificateChain ()) for (auto const& cert : reply->sslConfiguration ().peerCertificateChain ())
{ {
@ -39,9 +46,15 @@ public:
} }
if (MessageBox::Ignore == MessageBox::query_message (parent, tr ("Network SSL Errors"), message, certs, MessageBox::Abort | MessageBox::Ignore)) if (MessageBox::Ignore == MessageBox::query_message (parent, tr ("Network SSL Errors"), message, certs, MessageBox::Abort | MessageBox::Ignore))
{ {
// accumulate SSL error exceptions that have been allowed // accumulate new SSL error exceptions that have been allowed
allowed_ssl_errors_.append (errors); allowed_ssl_errors_.append (new_errors);
reply->ignoreSslErrors (errors); reply->ignoreSslErrors (allowed_ssl_errors_);
}
}
else
{
// no new exceptions so silently ignore the ones already allowed
reply->ignoreSslErrors (allowed_ssl_errors_);
} }
}); });
} }