w4kek/WSJT-X
1
0
Fork 0
mirror of https://github.com/saitohirga/WSJT-X.git synced 2024-11-22 04:11:16 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix handling of SSL/TLS exceptions allowing errors to be ignored for a session

Browse Source 
Not persistent  but I'm not  sure they need to  be as sites  we access
should have valid certificates and  chains of trust. This should allow
users  with  baulked SSL  installations  or  incomplete CA  stores  to
proceed with network accesses at their discretion.

git-svn-id: svn+ssh://svn.code.sf.net/p/wsjt/wsjt/branches/wsjtx@7378 ab8295b8-cf94-4d9e-aec4-7959e3be5d79
This commit is contained in:
Bill Somerville 2016-12-11 21:19:23 +00:00
parent dc6c7f959b
commit 9af1379576
2 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
MessageBox.cpp
View File

@ -29,7 +29,7 @@ void MessageBox::about_Qt_message (QWidget * parent)
namespace namespace
{ {
QMessageBox::StandardButton show_it (QWidget *parent, MessageBox::Icon icon QMessageBox::StandardButton show_it (QWidget * parent, MessageBox::Icon icon
, QString const& text , QString const& text
, QString const& informative , QString const& informative
, QString const& detail , QString const& detail

21
NetworkAccessManager.hpp
View File

@ -19,7 +19,7 @@ class NetworkAccessManager
: public QNetworkAccessManager : public QNetworkAccessManager
{ {
public: public:
NetworkAccessManager (QWidget * parent = nullptr) NetworkAccessManager (QWidget * parent)
: QNetworkAccessManager (parent) : QNetworkAccessManager (parent)
{ {
// handle SSL errors that have not been cached as allowed // handle SSL errors that have not been cached as allowed
@ -27,11 +27,18 @@ public:
// exception cache // exception cache
connect (this, &QNetworkAccessManager::sslErrors, [this, &parent] (QNetworkReply * reply, QList<QSslError> const& errors) { connect (this, &QNetworkAccessManager::sslErrors, [this, &parent] (QNetworkReply * reply, QList<QSslError> const& errors) {
QString message; QString message;
QList<QSslError> new_errors;
for (auto const& error: errors) for (auto const& error: errors)
{ {
if (!allowed_ssl_errors_.contains (error))
{
new_errors << error;
message += '\n' + reply->request ().url ().toDisplayString () + ": " message += '\n' + reply->request ().url ().toDisplayString () + ": "
+ error.errorString (); + error.errorString ();
} }
}
if (new_errors.size ())
{
QString certs; QString certs;
for (auto const& cert : reply->sslConfiguration ().peerCertificateChain ()) for (auto const& cert : reply->sslConfiguration ().peerCertificateChain ())
{ {
@ -39,9 +46,15 @@ public:
} }
if (MessageBox::Ignore == MessageBox::query_message (parent, tr ("Network SSL Errors"), message, certs, MessageBox::Abort | MessageBox::Ignore)) if (MessageBox::Ignore == MessageBox::query_message (parent, tr ("Network SSL Errors"), message, certs, MessageBox::Abort | MessageBox::Ignore))
{ {
// accumulate SSL error exceptions that have been allowed // accumulate new SSL error exceptions that have been allowed
allowed_ssl_errors_.append (errors); allowed_ssl_errors_.append (new_errors);
reply->ignoreSslErrors (errors); reply->ignoreSslErrors (allowed_ssl_errors_);
}
}
else
{
// no new exceptions so silently ignore the ones already allowed
reply->ignoreSslErrors (allowed_ssl_errors_);
} }
}); });
} }