Fix certificate errors when Schannel TLS backend is used
* Unify code paths for compiling expected SSL errors so in any case the expected errors are including the error types emitted by the Schannel backend * See https://github.com/Martchus/syncthingtray/issues/223
This commit is contained in:
parent
c1284331be
commit
e45db9d668
|
@ -802,14 +802,11 @@ bool SyncthingConnection::loadSelfSignedCertificate(const QUrl &url)
|
||||||
}
|
}
|
||||||
// add exception
|
// add exception
|
||||||
const QList<QSslCertificate> certs = QSslCertificate::fromPath(certPath);
|
const QList<QSslCertificate> certs = QSslCertificate::fromPath(certPath);
|
||||||
if (certs.isEmpty()) {
|
if (certs.isEmpty() || certs.at(0).isNull()) {
|
||||||
emit error(tr("Unable to load certificate used by Syncthing."), SyncthingErrorCategory::OverallConnection, QNetworkReply::NoError);
|
emit error(tr("Unable to load certificate used by Syncthing."), SyncthingErrorCategory::OverallConnection, QNetworkReply::NoError);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
const QSslCertificate &cert = certs.at(0);
|
m_expectedSslErrors = SyncthingConnectionSettings::compileSslErrors(certs.at(0));
|
||||||
m_expectedSslErrors.reserve(4);
|
|
||||||
m_expectedSslErrors << QSslError(QSslError::UnableToGetLocalIssuerCertificate, cert) << QSslError(QSslError::UnableToVerifyFirstCertificate, cert)
|
|
||||||
<< QSslError(QSslError::SelfSignedCertificate, cert) << QSslError(QSslError::HostNameMismatch, cert);
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,20 @@
|
||||||
|
|
||||||
namespace Data {
|
namespace Data {
|
||||||
|
|
||||||
|
QList<QSslError> SyncthingConnectionSettings::compileSslErrors(const QSslCertificate &trustedCert)
|
||||||
|
{
|
||||||
|
// clang-format off
|
||||||
|
return QList<QSslError>{
|
||||||
|
QSslError(QSslError::UnableToGetLocalIssuerCertificate, trustedCert),
|
||||||
|
QSslError(QSslError::UnableToVerifyFirstCertificate, trustedCert),
|
||||||
|
QSslError(QSslError::SelfSignedCertificate, trustedCert),
|
||||||
|
QSslError(QSslError::HostNameMismatch, trustedCert),
|
||||||
|
QSslError(QSslError::CertificateUntrusted, trustedCert),
|
||||||
|
QSslError(QSslError::CertificateRejected, trustedCert)
|
||||||
|
};
|
||||||
|
// clang-format on
|
||||||
|
}
|
||||||
|
|
||||||
bool SyncthingConnectionSettings::loadHttpsCert()
|
bool SyncthingConnectionSettings::loadHttpsCert()
|
||||||
{
|
{
|
||||||
expectedSslErrors.clear();
|
expectedSslErrors.clear();
|
||||||
|
@ -9,23 +23,11 @@ bool SyncthingConnectionSettings::loadHttpsCert()
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
const auto certs(QSslCertificate::fromPath(httpsCertPath));
|
const auto certs(QSslCertificate::fromPath(httpsCertPath));
|
||||||
if (certs.isEmpty()) {
|
if (certs.isEmpty() || certs.at(0).isNull()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
const auto &cert(certs.front());
|
|
||||||
if (cert.isNull()) {
|
expectedSslErrors = compileSslErrors(certs.at(0));
|
||||||
return false;
|
|
||||||
}
|
|
||||||
// clang-format off
|
|
||||||
expectedSslErrors = {
|
|
||||||
QSslError(QSslError::UnableToGetLocalIssuerCertificate, cert),
|
|
||||||
QSslError(QSslError::UnableToVerifyFirstCertificate, cert),
|
|
||||||
QSslError(QSslError::SelfSignedCertificate, cert),
|
|
||||||
QSslError(QSslError::HostNameMismatch, cert),
|
|
||||||
QSslError(QSslError::CertificateUntrusted, cert),
|
|
||||||
QSslError(QSslError::CertificateRejected, cert)
|
|
||||||
};
|
|
||||||
// clang-format on
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
} // namespace Data
|
} // namespace Data
|
||||||
|
|
|
@ -10,6 +10,8 @@
|
||||||
#include <QSslError>
|
#include <QSslError>
|
||||||
#include <QString>
|
#include <QString>
|
||||||
|
|
||||||
|
QT_FORWARD_DECLARE_CLASS(QSslCertificate)
|
||||||
|
|
||||||
namespace Data {
|
namespace Data {
|
||||||
|
|
||||||
/*!
|
/*!
|
||||||
|
@ -49,6 +51,7 @@ struct LIB_SYNCTHING_CONNECTOR_EXPORT SyncthingConnectionSettings {
|
||||||
QList<QSslError> expectedSslErrors;
|
QList<QSslError> expectedSslErrors;
|
||||||
SyncthingStatusComputionFlags statusComputionFlags = SyncthingStatusComputionFlags::Default;
|
SyncthingStatusComputionFlags statusComputionFlags = SyncthingStatusComputionFlags::Default;
|
||||||
bool autoConnect = false;
|
bool autoConnect = false;
|
||||||
|
static QList<QSslError> compileSslErrors(const QSslCertificate &trustedCert);
|
||||||
bool loadHttpsCert();
|
bool loadHttpsCert();
|
||||||
|
|
||||||
static constexpr int defaultTrafficPollInterval = 5000;
|
static constexpr int defaultTrafficPollInterval = 5000;
|
||||||
|
|
Loading…
Reference in New Issue