Fix certificate errors when Schannel TLS backend is used
* Unify code paths for compiling expected SSL errors so in any case the expected errors are including the error types emitted by the Schannel backend * See https://github.com/Martchus/syncthingtray/issues/223
This commit is contained in:
parent
c1284331be
commit
e45db9d668
|
@ -802,14 +802,11 @@ bool SyncthingConnection::loadSelfSignedCertificate(const QUrl &url)
|
|||
}
|
||||
// add exception
|
||||
const QList<QSslCertificate> certs = QSslCertificate::fromPath(certPath);
|
||||
if (certs.isEmpty()) {
|
||||
if (certs.isEmpty() || certs.at(0).isNull()) {
|
||||
emit error(tr("Unable to load certificate used by Syncthing."), SyncthingErrorCategory::OverallConnection, QNetworkReply::NoError);
|
||||
return false;
|
||||
}
|
||||
const QSslCertificate &cert = certs.at(0);
|
||||
m_expectedSslErrors.reserve(4);
|
||||
m_expectedSslErrors << QSslError(QSslError::UnableToGetLocalIssuerCertificate, cert) << QSslError(QSslError::UnableToVerifyFirstCertificate, cert)
|
||||
<< QSslError(QSslError::SelfSignedCertificate, cert) << QSslError(QSslError::HostNameMismatch, cert);
|
||||
m_expectedSslErrors = SyncthingConnectionSettings::compileSslErrors(certs.at(0));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
@ -2,6 +2,20 @@
|
|||
|
||||
namespace Data {
|
||||
|
||||
QList<QSslError> SyncthingConnectionSettings::compileSslErrors(const QSslCertificate &trustedCert)
|
||||
{
|
||||
// clang-format off
|
||||
return QList<QSslError>{
|
||||
QSslError(QSslError::UnableToGetLocalIssuerCertificate, trustedCert),
|
||||
QSslError(QSslError::UnableToVerifyFirstCertificate, trustedCert),
|
||||
QSslError(QSslError::SelfSignedCertificate, trustedCert),
|
||||
QSslError(QSslError::HostNameMismatch, trustedCert),
|
||||
QSslError(QSslError::CertificateUntrusted, trustedCert),
|
||||
QSslError(QSslError::CertificateRejected, trustedCert)
|
||||
};
|
||||
// clang-format on
|
||||
}
|
||||
|
||||
bool SyncthingConnectionSettings::loadHttpsCert()
|
||||
{
|
||||
expectedSslErrors.clear();
|
||||
|
@ -9,23 +23,11 @@ bool SyncthingConnectionSettings::loadHttpsCert()
|
|||
return true;
|
||||
}
|
||||
const auto certs(QSslCertificate::fromPath(httpsCertPath));
|
||||
if (certs.isEmpty()) {
|
||||
if (certs.isEmpty() || certs.at(0).isNull()) {
|
||||
return false;
|
||||
}
|
||||
const auto &cert(certs.front());
|
||||
if (cert.isNull()) {
|
||||
return false;
|
||||
}
|
||||
// clang-format off
|
||||
expectedSslErrors = {
|
||||
QSslError(QSslError::UnableToGetLocalIssuerCertificate, cert),
|
||||
QSslError(QSslError::UnableToVerifyFirstCertificate, cert),
|
||||
QSslError(QSslError::SelfSignedCertificate, cert),
|
||||
QSslError(QSslError::HostNameMismatch, cert),
|
||||
QSslError(QSslError::CertificateUntrusted, cert),
|
||||
QSslError(QSslError::CertificateRejected, cert)
|
||||
};
|
||||
// clang-format on
|
||||
|
||||
expectedSslErrors = compileSslErrors(certs.at(0));
|
||||
return true;
|
||||
}
|
||||
} // namespace Data
|
||||
|
|
|
@ -10,6 +10,8 @@
|
|||
#include <QSslError>
|
||||
#include <QString>
|
||||
|
||||
QT_FORWARD_DECLARE_CLASS(QSslCertificate)
|
||||
|
||||
namespace Data {
|
||||
|
||||
/*!
|
||||
|
@ -49,6 +51,7 @@ struct LIB_SYNCTHING_CONNECTOR_EXPORT SyncthingConnectionSettings {
|
|||
QList<QSslError> expectedSslErrors;
|
||||
SyncthingStatusComputionFlags statusComputionFlags = SyncthingStatusComputionFlags::Default;
|
||||
bool autoConnect = false;
|
||||
static QList<QSslError> compileSslErrors(const QSslCertificate &trustedCert);
|
||||
bool loadHttpsCert();
|
||||
|
||||
static constexpr int defaultTrafficPollInterval = 5000;
|
||||
|
|
Loading…
Reference in New Issue