diff --git a/src/murmur/Cert.cpp b/src/murmur/Cert.cpp index 675793b88..2ccfb56a0 100644 --- a/src/murmur/Cert.cpp +++ b/src/murmur/Cert.cpp @@ -48,7 +48,7 @@ int add_ext(X509 * crt, int nid, char *value) { void Server::initializeCert() { QByteArray crt, key; - if (QSslSocket::supportsSsl()) { + if (! QSslSocket::supportsSsl()) { qFatal("Qt without SSL Support"); } @@ -59,6 +59,9 @@ void Server::initializeCert() { qscCert = QSslCertificate(crt); if (qscCert.isNull()) { log("Failed to parse certificate."); + } else if (qscCert.issuerInfo(QSslCertificate::CommonName) == QLatin1String("Murmur Autogenerated Certificate")) { + log("Old autogenerated certificate is unusable for registration, invalidating it"); + qscCert = QSslCertificate(); } } @@ -116,12 +119,11 @@ void Server::initializeCert() { X509_NAME *name=X509_get_subject_name(x509); - X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, reinterpret_cast(const_cast("Murmur Autogenerated Certificate")), -1, -1, 0); + X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, reinterpret_cast(const_cast("Murmur Autogenerated Certificate v2")), -1, -1, 0); X509_set_issuer_name(x509, name); add_ext(x509, NID_basic_constraints, "critical,CA:FALSE"); add_ext(x509, NID_ext_key_usage, "serverAuth,clientAuth"); add_ext(x509, NID_subject_key_identifier, "hash"); - add_ext(x509, NID_netscape_cert_type, "server"); add_ext(x509, NID_netscape_comment, "Generated from murmur"); X509_sign(x509, pkey, EVP_md5()); diff --git a/src/murmur/Register.cpp b/src/murmur/Register.cpp index d8747eed2..4803d683b 100644 --- a/src/murmur/Register.cpp +++ b/src/murmur/Register.cpp @@ -34,11 +34,13 @@ void Server::initRegister() { http = NULL; + qssReg = NULL; + connect(&qtTick, SIGNAL(timeout()), this, SLOT(update())); if (! qsRegName.isEmpty()) { if ((! qsRegName.isEmpty()) && (! qsRegPassword.isEmpty()) && (qurlRegWeb.isValid()) && (qsPassword.isEmpty())) - qtTick.start(60000); + qtTick.start(60 * 10); else log("Registration needs nonempty name, password and url, and the server must not be password protected."); } else { @@ -48,14 +50,19 @@ void Server::initRegister() { void Server::abort() { if (http) { + http->setSocket(NULL); http->deleteLater(); http = NULL; } + if (qssReg) { + qssReg->deleteLater(); + qssReg = NULL; + } } void Server::update() { abort(); - qtTick.start(1000 * 60 * 60); + qtTick.start(10 * 60 * 60); QDomDocument doc; QDomElement root=doc.createElement(QLatin1String("server")); @@ -100,9 +107,15 @@ void Server::update() { t=doc.createTextNode(getDigest()); tag.appendChild(t); - http = new QHttp(this); + qssReg = new QSslSocket(this); + qssReg->setLocalCertificate(qscCert); + qssReg->setPrivateKey(qskKey); + + http = new QHttp(QLatin1String("mumble.hive.no"), QHttp::ConnectionModeHttps, 443, this); + http->setSocket(qssReg); + connect(http, SIGNAL(done(bool)), this, SLOT(done(bool))); - http->setHost(QLatin1String("mumble.hive.no"), 80); + connect(http, SIGNAL(sslErrors ( const QList &)), this, SLOT(regSslError(const QList &))); QHttpRequestHeader h(QLatin1String("POST"), QLatin1String("/register.cgi")); h.setValue(QLatin1String("Connection"), QLatin1String("Keep-Alive")); @@ -112,6 +125,8 @@ void Server::update() { } void Server::done(bool err) { + if (! http || ! qssReg) + return; if (err) { log("Regstration failed: %s", qPrintable(http->errorString())); } else { @@ -120,3 +135,8 @@ void Server::done(bool err) { } abort(); } + +void Server::regSslError(const QList &errs) { + foreach(const QSslError &e, errs) + log("Registration: SSL Handshake error: %s", qPrintable(e.errorString())); +} diff --git a/src/murmur/Server.h b/src/murmur/Server.h index dc2950355..45a183a5f 100644 --- a/src/murmur/Server.h +++ b/src/murmur/Server.h @@ -120,8 +120,10 @@ class Server : public QThread, public MessageHandler { // Registration, implementation in Register.cpp QTimer qtTick; QHttp *http; + QSslSocket *qssReg; void initRegister(); public slots: + void regSslError(const QList &); void done(bool); void update(); void abort();