From b596a6f0719ab67fa69b95523bbd513963f57e27 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 6 Mar 2017 11:27:47 +0100 Subject: [server] Bail out if certificates cannot be created --- src/server/net/certmanager.cpp | 11 +++++++++++ src/server/net/certmanager.h | 1 + src/server/net/discoverylistener.cpp | 8 +++++++- src/server/net/sslserver.cpp | 14 +++++++++++--- 4 files changed, 30 insertions(+), 4 deletions(-) diff --git a/src/server/net/certmanager.cpp b/src/server/net/certmanager.cpp index 0f885da..a7df6cc 100644 --- a/src/server/net/certmanager.cpp +++ b/src/server/net/certmanager.cpp @@ -23,6 +23,8 @@ #include #include #include +#include +#include #include namespace CertManager @@ -62,6 +64,15 @@ bool getPrivateKeyAndCert(const QString &name, QSslKey &key, QSslCertificate &ce return true; } +void fatal() +{ + QMessageBox::critical(NULL, QCoreApplication::trUtf8("OpenSSL error", "CertManager"), + QCoreApplication::trUtf8("Could not generate certificates for secure connections.\n" + "PVS will not work.\n\n" + "Press OK to quit.", "CertManager")); + qApp->exit(1); +} + static bool loadFiles(QString& keyFile, QString& certFile, QSslKey &key, QSslCertificate &cert) { QFileInfo keyInfo(keyFile); diff --git a/src/server/net/certmanager.h b/src/server/net/certmanager.h index fee2691..c42ed2a 100644 --- a/src/server/net/certmanager.h +++ b/src/server/net/certmanager.h @@ -24,6 +24,7 @@ namespace CertManager { bool getPrivateKeyAndCert(const QString &name, QSslKey &key, QSslCertificate &cert); +void fatal(); } #endif /* CERTMANAGER_H_ */ diff --git a/src/server/net/discoverylistener.cpp b/src/server/net/discoverylistener.cpp index e37c81e..95ad5e4 100644 --- a/src/server/net/discoverylistener.cpp +++ b/src/server/net/discoverylistener.cpp @@ -121,6 +121,7 @@ void DiscoveryListener::timerEvent(QTimerEvent* /* event */ ) */ void DiscoveryListener::onReadyRead() { + static int certFails = 0; char data[UDPBUFSIZ]; QHostAddress addr; quint16 port; @@ -161,7 +162,12 @@ void DiscoveryListener::onReadyRead() QByteArray myiplist(Network::interfaceAddressesToString().toUtf8()); QSslKey key; QSslCertificate cert; - CertManager::getPrivateKeyAndCert("manager", key, cert); + if (!CertManager::getPrivateKeyAndCert("manager", key, cert)) { + if (++certFails > 5) { + CertManager::fatal(); + } + continue; + } QByteArray certhash(cert.digest(QCryptographicHash::Sha1)); // Reply to client _packet.reset(); diff --git a/src/server/net/sslserver.cpp b/src/server/net/sslserver.cpp index 966ec5d..6aefae9 100644 --- a/src/server/net/sslserver.cpp +++ b/src/server/net/sslserver.cpp @@ -18,6 +18,7 @@ #include #include #include "certmanager.h" +#include SslServer::SslServer() { @@ -36,11 +37,18 @@ SslServer::~SslServer() */ void SslServer::incomingConnection(int socketDescriptor) { - QSslSocket *serverSocket = new QSslSocket(NULL); - connect(serverSocket, SIGNAL(sslErrors(const QList &)), this, SLOT(sslErrors(const QList &))); + static int certFails = 0; QSslKey key; QSslCertificate cert; - CertManager::getPrivateKeyAndCert("manager", key, cert); + if (!CertManager::getPrivateKeyAndCert("manager", key, cert)) { + if (++certFails > 5) { + CertManager::fatal(); + } + ::close(socketDescriptor); + return; + } + QSslSocket *serverSocket = new QSslSocket(NULL); + connect(serverSocket, SIGNAL(sslErrors(const QList &)), this, SLOT(sslErrors(const QList &))); serverSocket->setPrivateKey(key); serverSocket->setLocalCertificate(cert); serverSocket->setPeerVerifyMode(QSslSocket::VerifyNone); -- cgit v1.2.3-55-g7522