Improve TLS error messages

* Add fallback to .toPem() when .toText() is not implemented by the TLS plugin * Add error number (Qt's enum value) * Remove leftover cerr logging
2021-10-09 01:07:55 +02:00 · 2021-10-09 01:07:55 +02:00 · ab605049aa
parent feb7fb04db
commit ab605049aa
1 changed files with 19 additions and 4 deletions
--- a/connector/syncthingconnection_requests.cpp
+++ b/connector/syncthingconnection_requests.cpp
@ -105,6 +105,21 @@ SyncthingConnection::Reply SyncthingConnection::prepareReply(QList<QNetworkReply
    return handleReply(reply, readData, handleAborting);
 }

+/// \cond
+static QString certText(const QSslCertificate &cert)
+{
+    auto text = cert.toText();
+    if (text.startsWith(QStringLiteral("Certificate: "))) {
+        return text;
+    }
+    if (text.isEmpty()) {
+        // .toText() is not implemented for all backends so use .toPem() as fallback
+        text = QChar('\n') + QString::fromUtf8(cert.toPem());
+    }
+    return text.isEmpty() ? QStringLiteral("Certificate: [no information available]") : QStringLiteral("Certificate: ") + text;
+}
+/// \endcond
+
 /*!
 * \brief Handles SSL errors of replies; just for logging purposes at this point.
 */
@ -125,20 +140,20 @@ void SyncthingConnection::handleSslErrors(const QList<QSslError> &errors)
        // handle the error by emitting the error signal with all the details including the certificate
        // note: Of course the failing request would cause a QNetworkReply::SslHandshakeFailedError anyways. However,
        //       at this point the concrete SSL error with the certificate is not accessible anymore.
-        auto errorMessage = QStringLiteral("TLS error: ") + error.errorString();
+        auto errorMessage
+            = QString(QStringLiteral("TLS error: ") % error.errorString() % QChar(' ') % QChar('(') % QString::number(error.error()) % QChar(')'));
        if (const auto cert = error.certificate(); !cert.isNull()) {
            errorMessage += QChar('\n');
            if (cert == m_certFromLastSslError) {
                errorMessage += QStringLiteral("Certificate: same as last");
            } else {
-                errorMessage += cert.toText();
+                errorMessage += certText(cert);
                if (!m_expectedSslErrors.isEmpty()) {
-                    errorMessage += QStringLiteral("\nExpected ") + m_expectedSslErrors.front().certificate().toText();
+                    errorMessage += QStringLiteral("\nExpected ") + certText(m_expectedSslErrors.front().certificate());
                }
                m_certFromLastSslError = cert;
            }
        }
-        cerr << "TLS ERROR" << endl;
        emit this->error(errorMessage, SyncthingErrorCategory::TLS, QNetworkReply::NoError, reply->request());
        hasUnexpectedErrors = true;
    }