csync: Put up the QNAM key chain for comparison

Comparing with the CA certs will not help with intermediates, and other cases.
2025-10-26 11:17:43 +00:00 · 2013-01-21 13:29:17 +01:00 · 2013-01-21 13:29:17 +01:00 · 7794480da0
commit 7794480da0
parent 0171b8b998
3 changed files with 19 additions and 4 deletions
--- a/src/mirall/csyncthread.cpp
+++ b/src/mirall/csyncthread.cpp
@ -18,6 +18,7 @@
 #include "mirall/theme.h"
 #include "mirall/logger.h"
 #include "mirall/utility.h"
+#include "mirall/owncloudinfo.h"

 #ifdef Q_OS_WIN
 #include <windows.h>
@ -446,11 +447,10 @@ int CSyncThread::getauth(const char *prompt,

            int pos = 0;

-            // IF we had a cert ack'ed by the user, it was added to the Qt default
-            // CA Cert list. So we get the list of certs to check against from
-            // Qt.
-            QList<QSslCertificate> certs = QSslSocket::defaultCaCertificates();

+            // This is the set of certificates which QNAM accepted, so we should accept
+            // them as well
+            QList<QSslCertificate> certs = ownCloudInfo::instance()->certificateChain();

            while (!certOk && (pos = regexp.indexIn(qPrompt, 1+pos)) != -1) {
                QString neon_fingerprint = regexp.cap(1);
--- a/src/mirall/owncloudinfo.cpp
+++ b/src/mirall/owncloudinfo.cpp
@ -263,6 +263,11 @@ QString ownCloudInfo::configHandle(QNetworkReply *reply)
    return configHandle;
 }

+QList<QSslCertificate> ownCloudInfo::certificateChain() const
+{
+    return _certificateChain;
+}
+
 QUrl ownCloudInfo::redirectUrl(const QUrl& possibleRedirectUrl,
                               const QUrl& oldRedirectUrl) const {
    QUrl redirectUrl;
@ -285,6 +290,9 @@ QUrl ownCloudInfo::redirectUrl(const QUrl& possibleRedirectUrl,
 void ownCloudInfo::slotReplyFinished()
 {
    QNetworkReply *reply = qobject_cast<QNetworkReply *>(sender());
+    if (reply->header(QNetworkRequest::LocationHeader).toUrl().scheme() == QLatin1String("https"))
+        _certificateChain = reply->sslConfiguration().peerCertificateChain();
+

    if( ! reply ) {
        qDebug() << "ownCloudInfo: Reply empty!";
--- a/src/mirall/owncloudinfo.h
+++ b/src/mirall/owncloudinfo.h
@ -83,6 +83,12 @@ public:
     */
    QString configHandle(QNetworkReply *reply = 0);

+    /**
+     * Certificate chain of the connection est. with ownCloud.
+     * Empty if the connection is HTTP-based
+     */
+    QList<QSslCertificate> certificateChain() const;
+
 signals:
    // result signal with url- and version string.
    void ownCloudInfoFound( const QString&, const QString&, const QString&, const QString& );
@ -129,6 +135,7 @@ private:
    QUrl                           _urlRedirectedTo;
    QHash<QNetworkReply*, QString> _directories;
    QHash<QNetworkReply*, QString> _configHandleMap;
+    QList<QSslCertificate>         _certificateChain;
    bool                           _certsUntrusted;
    int                            _authAttempts;
 };