[server] Bail out if certificates cannot be created

4 files changed, 30 insertions, 4 deletions

diff --git a/src/server/net/certmanager.cpp b/src/server/net/certmanager.cpp
index 0f885da..a7df6cc 100644
--- a/src/server/net/certmanager.cpp
+++ b/src/server/net/certmanager.cpp
@@ -23,6 +23,8 @@
 #include <QDebug>
 #include <QFileInfo>
 #include <QSettings>
+#include <QMessageBox>
+#include <QApplication>
 #include <cstdlib>
 
 namespace CertManager
@@ -62,6 +64,15 @@ bool getPrivateKeyAndCert(const QString &name, QSslKey &key, QSslCertificate &ce
 	return true;
 }
 
+void fatal()
+{
+	QMessageBox::critical(NULL, QCoreApplication::trUtf8("OpenSSL error", "CertManager"),
+			QCoreApplication::trUtf8("Could not generate certificates for secure connections.\n"
+			"PVS will not work.\n\n"
+			"Press OK to quit.", "CertManager"));
+	qApp->exit(1);
+}
+
 static bool loadFiles(QString& keyFile, QString& certFile, QSslKey &key, QSslCertificate &cert)
 {
 	QFileInfo keyInfo(keyFile);
diff --git a/src/server/net/certmanager.h b/src/server/net/certmanager.h
index fee2691..c42ed2a 100644
--- a/src/server/net/certmanager.h
+++ b/src/server/net/certmanager.h
@@ -24,6 +24,7 @@
 namespace CertManager
 {
 bool getPrivateKeyAndCert(const QString &name, QSslKey &key, QSslCertificate &cert);
+void fatal();
 }
 
 #endif /* CERTMANAGER_H_ */
diff --git a/src/server/net/discoverylistener.cpp b/src/server/net/discoverylistener.cpp
index e37c81e..95ad5e4 100644
--- a/src/server/net/discoverylistener.cpp
+++ b/src/server/net/discoverylistener.cpp
@@ -121,6 +121,7 @@ void DiscoveryListener::timerEvent(QTimerEvent* /* event */ )
  */
 void DiscoveryListener::onReadyRead()
 {
+	static int certFails = 0;
 	char data[UDPBUFSIZ];
 	QHostAddress addr;
 	quint16 port;
@@ -161,7 +162,12 @@ void DiscoveryListener::onReadyRead()
 		QByteArray myiplist(Network::interfaceAddressesToString().toUtf8());
 		QSslKey key;
 		QSslCertificate cert;
-		CertManager::getPrivateKeyAndCert("manager", key, cert);
+		if (!CertManager::getPrivateKeyAndCert("manager", key, cert)) {
+			if (++certFails > 5) {
+				CertManager::fatal();
+			}
+			continue;
+		}
 		QByteArray certhash(cert.digest(QCryptographicHash::Sha1));
 		// Reply to client
 		_packet.reset();
diff --git a/src/server/net/sslserver.cpp b/src/server/net/sslserver.cpp
index 966ec5d..6aefae9 100644
--- a/src/server/net/sslserver.cpp
+++ b/src/server/net/sslserver.cpp
@@ -18,6 +18,7 @@
 #include <QtNetwork/QSslCipher>
 #include <QtNetwork/QSslSocket>
 #include "certmanager.h"
+#include <unistd.h>
 
 SslServer::SslServer()
 {
@@ -36,11 +37,18 @@ SslServer::~SslServer()
  */
 void SslServer::incomingConnection(int socketDescriptor)
 {
-	QSslSocket *serverSocket = new QSslSocket(NULL);
-	connect(serverSocket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &)));
+	static int certFails = 0;
 	QSslKey key;
 	QSslCertificate cert;
-	CertManager::getPrivateKeyAndCert("manager", key, cert);
+	if (!CertManager::getPrivateKeyAndCert("manager", key, cert)) {
+		if (++certFails > 5) {
+			CertManager::fatal();
+		}
+		::close(socketDescriptor);
+		return;
+	}
+	QSslSocket *serverSocket = new QSslSocket(NULL);
+	connect(serverSocket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &)));
 	serverSocket->setPrivateKey(key);
 	serverSocket->setLocalCertificate(cert);
 	serverSocket->setPeerVerifyMode(QSslSocket::VerifyNone);