diff options
author | Dominik Riebeling <Dominik.Riebeling@gmail.com> | 2022-03-19 16:54:27 +0100 |
---|---|---|
committer | Dominik Riebeling <Dominik.Riebeling@gmail.com> | 2022-03-19 16:57:41 +0100 |
commit | 7a2fdf3fd60a63c1a67986d9f83b321ea3758b9d (patch) | |
tree | b01734a734d75b2507df4a0538dba388d4f201b7 /utils/rbutilqt/base | |
parent | a0459de4d5b4bbb062536146cdefaad796480c7c (diff) | |
download | rockbox-7a2fdf3fd60a63c1a67986d9f83b321ea3758b9d.tar.gz rockbox-7a2fdf3fd60a63c1a67986d9f83b321ea3758b9d.zip |
rbutil: Handle SSL certificate errors on first request.
Qt uses the systems certificate store. On old(er) systems the root
certificate might not be present, so checking the certificate from the
rockbox.org server might fail.
On startup we try to download the build-info file. If this fails with a
certificate error allow the user to temporarily accept the rockbox.org
certificate for all successive requests.
Change-Id: I459e12d53286aaedea4db659d90a5e057c56801f
Diffstat (limited to 'utils/rbutilqt/base')
-rw-r--r-- | utils/rbutilqt/base/httpget.cpp | 23 | ||||
-rw-r--r-- | utils/rbutilqt/base/httpget.h | 5 |
2 files changed, 28 insertions, 0 deletions
diff --git a/utils/rbutilqt/base/httpget.cpp b/utils/rbutilqt/base/httpget.cpp index fb74514e73..0cd9236209 100644 --- a/utils/rbutilqt/base/httpget.cpp +++ b/utils/rbutilqt/base/httpget.cpp | |||
@@ -20,6 +20,7 @@ | |||
20 | 20 | ||
21 | #include <QNetworkAccessManager> | 21 | #include <QNetworkAccessManager> |
22 | #include <QNetworkRequest> | 22 | #include <QNetworkRequest> |
23 | #include <QSslConfiguration> | ||
23 | 24 | ||
24 | #include "httpget.h" | 25 | #include "httpget.h" |
25 | #include "Logger.h" | 26 | #include "Logger.h" |
@@ -27,6 +28,7 @@ | |||
27 | QString HttpGet::m_globalUserAgent; //< globally set user agent for requests | 28 | QString HttpGet::m_globalUserAgent; //< globally set user agent for requests |
28 | QDir HttpGet::m_globalCache; //< global cach path value for new objects | 29 | QDir HttpGet::m_globalCache; //< global cach path value for new objects |
29 | QNetworkProxy HttpGet::m_globalProxy; | 30 | QNetworkProxy HttpGet::m_globalProxy; |
31 | QList<QSslCertificate> HttpGet::m_acceptedClientCerts; | ||
30 | 32 | ||
31 | HttpGet::HttpGet(QObject *parent) | 33 | HttpGet::HttpGet(QObject *parent) |
32 | : QObject(parent), | 34 | : QObject(parent), |
@@ -211,9 +213,30 @@ void HttpGet::startRequest(QUrl url) | |||
211 | connect(m_reply, &QNetworkReply::errorOccurred, this, &HttpGet::networkError); | 213 | connect(m_reply, &QNetworkReply::errorOccurred, this, &HttpGet::networkError); |
212 | #endif | 214 | #endif |
213 | connect(m_reply, &QNetworkReply::downloadProgress, this, &HttpGet::downloadProgress); | 215 | connect(m_reply, &QNetworkReply::downloadProgress, this, &HttpGet::downloadProgress); |
216 | connect(m_reply, &QNetworkReply::sslErrors, this, &HttpGet::gotSslError); | ||
214 | } | 217 | } |
215 | 218 | ||
216 | 219 | ||
220 | void HttpGet::gotSslError(const QList<QSslError> &errors) | ||
221 | { | ||
222 | LOG_WARNING() << "Got SSL error" << errors; | ||
223 | |||
224 | // if this is a cert error, and only if we already accepted a remote cert | ||
225 | // ignore the error. | ||
226 | // This will make QNAM continue the request and finish it. | ||
227 | if (errors.size() == 1 | ||
228 | && errors.at(0).error() == QSslError::UnableToGetLocalIssuerCertificate | ||
229 | && m_acceptedClientCerts.contains(m_reply->sslConfiguration().peerCertificate())) { | ||
230 | LOG_INFO() << "client cert temporarily trusted by user."; | ||
231 | m_reply->ignoreSslErrors(); | ||
232 | } | ||
233 | else { | ||
234 | LOG_ERROR() << m_reply->sslConfiguration().peerCertificate().toText(); | ||
235 | emit sslError(errors.at(0), m_reply->sslConfiguration().peerCertificate()); | ||
236 | } | ||
237 | |||
238 | } | ||
239 | |||
217 | void HttpGet::networkError(QNetworkReply::NetworkError error) | 240 | void HttpGet::networkError(QNetworkReply::NetworkError error) |
218 | { | 241 | { |
219 | LOG_ERROR() << "NetworkError occured:" << error << m_reply->errorString(); | 242 | LOG_ERROR() << "NetworkError occured:" << error << m_reply->errorString(); |
diff --git a/utils/rbutilqt/base/httpget.h b/utils/rbutilqt/base/httpget.h index 443a606e6d..fb5b920b47 100644 --- a/utils/rbutilqt/base/httpget.h +++ b/utils/rbutilqt/base/httpget.h | |||
@@ -73,6 +73,8 @@ class HttpGet : public QObject | |||
73 | //< set global user agent string | 73 | //< set global user agent string |
74 | static void setGlobalUserAgent(const QString& u) | 74 | static void setGlobalUserAgent(const QString& u) |
75 | { m_globalUserAgent = u; } | 75 | { m_globalUserAgent = u; } |
76 | static void addTrustedPeerCert(QSslCertificate cert) | ||
77 | { m_acceptedClientCerts.append(cert);} | ||
76 | 78 | ||
77 | public slots: | 79 | public slots: |
78 | void abort(void); | 80 | void abort(void); |
@@ -81,14 +83,17 @@ class HttpGet : public QObject | |||
81 | void done(QNetworkReply::NetworkError error); | 83 | void done(QNetworkReply::NetworkError error); |
82 | void dataReadProgress(int, int); | 84 | void dataReadProgress(int, int); |
83 | void headerFinished(void); | 85 | void headerFinished(void); |
86 | void sslError(const QSslError& error, const QSslCertificate& peerCert); | ||
84 | 87 | ||
85 | private slots: | 88 | private slots: |
86 | void requestFinished(QNetworkReply* reply); | 89 | void requestFinished(QNetworkReply* reply); |
87 | void startRequest(QUrl url); | 90 | void startRequest(QUrl url); |
88 | void downloadProgress(qint64 received, qint64 total); | 91 | void downloadProgress(qint64 received, qint64 total); |
89 | void networkError(QNetworkReply::NetworkError error); | 92 | void networkError(QNetworkReply::NetworkError error); |
93 | void gotSslError(const QList<QSslError> &errors); | ||
90 | 94 | ||
91 | private: | 95 | private: |
96 | static QList<QSslCertificate> m_acceptedClientCerts; | ||
92 | static QString m_globalUserAgent; | 97 | static QString m_globalUserAgent; |
93 | static QNetworkProxy m_globalProxy; | 98 | static QNetworkProxy m_globalProxy; |
94 | QNetworkAccessManager m_mgr; | 99 | QNetworkAccessManager m_mgr; |