diff options
-rw-r--r-- | src/server/net/certmanager.cpp | 11 | ||||
-rw-r--r-- | src/server/net/certmanager.h | 1 | ||||
-rw-r--r-- | src/server/net/discoverylistener.cpp | 8 | ||||
-rw-r--r-- | src/server/net/sslserver.cpp | 14 |
4 files changed, 30 insertions, 4 deletions
diff --git a/src/server/net/certmanager.cpp b/src/server/net/certmanager.cpp index 0f885da..a7df6cc 100644 --- a/src/server/net/certmanager.cpp +++ b/src/server/net/certmanager.cpp @@ -23,6 +23,8 @@ #include <QDebug> #include <QFileInfo> #include <QSettings> +#include <QMessageBox> +#include <QApplication> #include <cstdlib> namespace CertManager @@ -62,6 +64,15 @@ bool getPrivateKeyAndCert(const QString &name, QSslKey &key, QSslCertificate &ce return true; } +void fatal() +{ + QMessageBox::critical(NULL, QCoreApplication::trUtf8("OpenSSL error", "CertManager"), + QCoreApplication::trUtf8("Could not generate certificates for secure connections.\n" + "PVS will not work.\n\n" + "Press OK to quit.", "CertManager")); + qApp->exit(1); +} + static bool loadFiles(QString& keyFile, QString& certFile, QSslKey &key, QSslCertificate &cert) { QFileInfo keyInfo(keyFile); diff --git a/src/server/net/certmanager.h b/src/server/net/certmanager.h index fee2691..c42ed2a 100644 --- a/src/server/net/certmanager.h +++ b/src/server/net/certmanager.h @@ -24,6 +24,7 @@ namespace CertManager { bool getPrivateKeyAndCert(const QString &name, QSslKey &key, QSslCertificate &cert); +void fatal(); } #endif /* CERTMANAGER_H_ */ diff --git a/src/server/net/discoverylistener.cpp b/src/server/net/discoverylistener.cpp index e37c81e..95ad5e4 100644 --- a/src/server/net/discoverylistener.cpp +++ b/src/server/net/discoverylistener.cpp @@ -121,6 +121,7 @@ void DiscoveryListener::timerEvent(QTimerEvent* /* event */ ) */ void DiscoveryListener::onReadyRead() { + static int certFails = 0; char data[UDPBUFSIZ]; QHostAddress addr; quint16 port; @@ -161,7 +162,12 @@ void DiscoveryListener::onReadyRead() QByteArray myiplist(Network::interfaceAddressesToString().toUtf8()); QSslKey key; QSslCertificate cert; - CertManager::getPrivateKeyAndCert("manager", key, cert); + if (!CertManager::getPrivateKeyAndCert("manager", key, cert)) { + if (++certFails > 5) { + CertManager::fatal(); + } + continue; + } QByteArray certhash(cert.digest(QCryptographicHash::Sha1)); // Reply to client _packet.reset(); diff --git a/src/server/net/sslserver.cpp b/src/server/net/sslserver.cpp index 966ec5d..6aefae9 100644 --- a/src/server/net/sslserver.cpp +++ b/src/server/net/sslserver.cpp @@ -18,6 +18,7 @@ #include <QtNetwork/QSslCipher> #include <QtNetwork/QSslSocket> #include "certmanager.h" +#include <unistd.h> SslServer::SslServer() { @@ -36,11 +37,18 @@ SslServer::~SslServer() */ void SslServer::incomingConnection(int socketDescriptor) { - QSslSocket *serverSocket = new QSslSocket(NULL); - connect(serverSocket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &))); + static int certFails = 0; QSslKey key; QSslCertificate cert; - CertManager::getPrivateKeyAndCert("manager", key, cert); + if (!CertManager::getPrivateKeyAndCert("manager", key, cert)) { + if (++certFails > 5) { + CertManager::fatal(); + } + ::close(socketDescriptor); + return; + } + QSslSocket *serverSocket = new QSslSocket(NULL); + connect(serverSocket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &))); serverSocket->setPrivateKey(key); serverSocket->setLocalCertificate(cert); serverSocket->setPeerVerifyMode(QSslSocket::VerifyNone); |