diff options
author | Dominik Riebeling <Dominik.Riebeling@gmail.com> | 2022-03-19 16:54:27 +0100 |
---|---|---|
committer | Dominik Riebeling <Dominik.Riebeling@gmail.com> | 2022-03-19 16:57:41 +0100 |
commit | 7a2fdf3fd60a63c1a67986d9f83b321ea3758b9d (patch) | |
tree | b01734a734d75b2507df4a0538dba388d4f201b7 /utils/rbutilqt/rbutilqt.cpp | |
parent | a0459de4d5b4bbb062536146cdefaad796480c7c (diff) | |
download | rockbox-7a2fdf3fd60a63c1a67986d9f83b321ea3758b9d.tar.gz rockbox-7a2fdf3fd60a63c1a67986d9f83b321ea3758b9d.zip |
rbutil: Handle SSL certificate errors on first request.
Qt uses the systems certificate store. On old(er) systems the root
certificate might not be present, so checking the certificate from the
rockbox.org server might fail.
On startup we try to download the build-info file. If this fails with a
certificate error allow the user to temporarily accept the rockbox.org
certificate for all successive requests.
Change-Id: I459e12d53286aaedea4db659d90a5e057c56801f
Diffstat (limited to 'utils/rbutilqt/rbutilqt.cpp')
-rw-r--r-- | utils/rbutilqt/rbutilqt.cpp | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/utils/rbutilqt/rbutilqt.cpp b/utils/rbutilqt/rbutilqt.cpp index 6d0da3390f..680303859e 100644 --- a/utils/rbutilqt/rbutilqt.cpp +++ b/utils/rbutilqt/rbutilqt.cpp | |||
@@ -205,6 +205,7 @@ void RbUtilQt::downloadInfo() | |||
205 | // try to get the current build information | 205 | // try to get the current build information |
206 | daily = new HttpGet(this); | 206 | daily = new HttpGet(this); |
207 | connect(daily, &HttpGet::done, this, &RbUtilQt::downloadDone); | 207 | connect(daily, &HttpGet::done, this, &RbUtilQt::downloadDone); |
208 | connect(daily, &HttpGet::sslError, this, &RbUtilQt::sslError); | ||
208 | connect(qApp, &QGuiApplication::lastWindowClosed, daily, &HttpGet::abort); | 209 | connect(qApp, &QGuiApplication::lastWindowClosed, daily, &HttpGet::abort); |
209 | daily->setCache(false); | 210 | daily->setCache(false); |
210 | ui.statusbar->showMessage(tr("Downloading build information, please wait ...")); | 211 | ui.statusbar->showMessage(tr("Downloading build information, please wait ...")); |
@@ -213,10 +214,49 @@ void RbUtilQt::downloadInfo() | |||
213 | daily->getFile(QUrl(PlayerBuildInfo::instance()->value(PlayerBuildInfo::BuildInfoUrl).toString())); | 214 | daily->getFile(QUrl(PlayerBuildInfo::instance()->value(PlayerBuildInfo::BuildInfoUrl).toString())); |
214 | } | 215 | } |
215 | 216 | ||
217 | void RbUtilQt::sslError(const QSslError& error, const QSslCertificate& peerCert) | ||
218 | { | ||
219 | LOG_WARNING() << "sslError" << (int)error.error(); | ||
220 | // On Rockbox Utility start we always try to get the build info first. | ||
221 | // Thus we can use that to catch potential certificate errors. | ||
222 | // If the user accepts the certificate we'll have HttpGet ignore all cert | ||
223 | // errors for the exact certificate we got during this first request. | ||
224 | // Thus we don't need to handle cert errors later anymore. | ||
225 | if (error.error() == QSslError::UnableToGetLocalIssuerCertificate) { | ||
226 | QMessageBox mb(this); | ||
227 | mb.setWindowTitle(tr("Certificate error")); | ||
228 | mb.setIcon(QMessageBox::Warning); | ||
229 | mb.setText(tr("%1\n\n" | ||
230 | "Issuer: %2\n" | ||
231 | "Subject: %3\n" | ||
232 | "Valid since: %4\n" | ||
233 | "Valid until: %5\n\n" | ||
234 | "Temporarily trust certificate?") | ||
235 | .arg(error.errorString()) | ||
236 | .arg(peerCert.issuerInfo(QSslCertificate::Organization).at(0)) | ||
237 | .arg(peerCert.subjectDisplayName()) | ||
238 | .arg(peerCert.effectiveDate().toString()) | ||
239 | .arg(peerCert.expiryDate().toString()) | ||
240 | ); | ||
241 | mb.setDetailedText(peerCert.toText()); | ||
242 | mb.setStandardButtons(QMessageBox::Yes | QMessageBox::No); | ||
243 | |||
244 | auto r = mb.exec(); | ||
245 | if (r == QMessageBox::Yes) { | ||
246 | HttpGet::addTrustedPeerCert(peerCert); | ||
247 | downloadInfo(); | ||
248 | } | ||
249 | else { | ||
250 | downloadDone(QNetworkReply::OperationCanceledError); | ||
251 | } | ||
252 | } | ||
253 | } | ||
254 | |||
216 | 255 | ||
217 | void RbUtilQt::downloadDone(QNetworkReply::NetworkError error) | 256 | void RbUtilQt::downloadDone(QNetworkReply::NetworkError error) |
218 | { | 257 | { |
219 | if(error != QNetworkReply::NoError) { | 258 | if(error != QNetworkReply::NoError |
259 | && error != QNetworkReply::SslHandshakeFailedError) { | ||
220 | LOG_INFO() << "network error:" << daily->errorString(); | 260 | LOG_INFO() << "network error:" << daily->errorString(); |
221 | ui.statusbar->showMessage(tr("Can't get version information!")); | 261 | ui.statusbar->showMessage(tr("Can't get version information!")); |
222 | QMessageBox::critical(this, tr("Network error"), | 262 | QMessageBox::critical(this, tr("Network error"), |