Mercurial > trustbridge
comparison ui/sslconnection_curl.cpp @ 991:6a3d284b9c16
Delegate certificate loading to base class. Minor cleanups.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 01 Sep 2014 12:07:19 +0200 |
| parents | 879a634d0a40 |
| children | daa9448b64f5 |
comparison
equal
deleted
inserted
replaced
| 990:2949f1842955 | 991:6a3d284b9c16 |
|---|---|
| 14 SSLConnectionCurl::SSLConnectionCurl(const QString& url, | 14 SSLConnectionCurl::SSLConnectionCurl(const QString& url, |
| 15 const QByteArray& certificate): | 15 const QByteArray& certificate): |
| 16 SSLConnection (url, certificate), | 16 SSLConnection (url, certificate), |
| 17 mCurl (NULL) | 17 mCurl (NULL) |
| 18 { | 18 { |
| 19 if (certificate.isEmpty()) { | |
| 20 /* Security: curl does not support leaf certificate pinning. So | |
| 21 * while the bare connection pins the certificate directly the | |
| 22 * curl implementation pins the issuer of the peer certificate | |
| 23 * | |
| 24 * CURLINFO_TLS_SESSION is also not implmented for polarssl | |
| 25 * so there is no way to obtain / verify peer certificate manually | |
| 26 * at this point. | |
| 27 **/ | |
| 28 #ifdef RELEASE_BUILD | |
| 29 #error "Curl release build is not supported at this moment." | |
| 30 #else | |
| 31 QFile certResource(":certs/geotrust"); | |
| 32 #endif | |
| 33 certResource.open(QFile::ReadOnly); | |
| 34 mPinnedCert = certResource.readAll(); | |
| 35 certResource.close(); | |
| 36 } | |
| 37 | |
| 38 curl_global_init(CURL_GLOBAL_DEFAULT); | 19 curl_global_init(CURL_GLOBAL_DEFAULT); |
| 39 mCurl = curl_easy_init(); | 20 mCurl = curl_easy_init(); |
| 40 | 21 |
| 41 if (!mCurl) { | 22 if (!mCurl) { |
| 42 qDebug() << "Failed to initialize curl"; | 23 qDebug() << "Failed to initialize curl"; |
| 64 if (curl_easy_setopt(mCurl, CURLOPT_CAINFO, | 45 if (curl_easy_setopt(mCurl, CURLOPT_CAINFO, |
| 65 mCertFile.fileName().toUtf8().constData()) != CURLE_OK) { | 46 mCertFile.fileName().toUtf8().constData()) != CURLE_OK) { |
| 66 qDebug() << "Failed to write temporary certificate"; | 47 qDebug() << "Failed to write temporary certificate"; |
| 67 return; | 48 return; |
| 68 } | 49 } |
| 50 | |
| 69 mInitialized = true; | 51 mInitialized = true; |
| 70 | 52 |
| 71 #ifdef CONNECTION_DEBUG | 53 #ifdef CONNECTION_DEBUG |
| 72 curl_easy_setopt(mCurl, CURLOPT_VERBOSE, 1L); | 54 curl_easy_setopt(mCurl, CURLOPT_VERBOSE, 1L); |
| 73 #endif | 55 #endif |
| 108 } | 90 } |
| 109 mConnected = true; | 91 mConnected = true; |
| 110 return 0; | 92 return 0; |
| 111 } | 93 } |
| 112 | 94 |
| 113 /* Globally do this as we can't pass this to the c function */ | 95 /* Globally do this as we can't pass "this" (the ptr) to the c function */ |
| 114 size_t ssl_curl_max_write, ssl_curl_written; | 96 size_t ssl_curl_max_write, ssl_curl_written; |
| 115 | 97 |
| 116 size_t write_data(void *ptr, size_t size, size_t nmemb, | 98 size_t write_data(void *ptr, size_t size, size_t nmemb, |
| 117 QSaveFile *fp) | 99 QSaveFile *fp) |
| 118 { | 100 { |
| 133 | 115 |
| 134 bool SSLConnectionCurl::downloadFile(const QString &resource, | 116 bool SSLConnectionCurl::downloadFile(const QString &resource, |
| 135 const QString &fileName, | 117 const QString &fileName, |
| 136 size_t maxSize) | 118 size_t maxSize) |
| 137 { | 119 { |
| 138 QSaveFile outputFile(fileName); | |
| 139 ssl_curl_written = 0; | 120 ssl_curl_written = 0; |
| 140 ssl_curl_max_write = maxSize; | 121 ssl_curl_max_write = maxSize; |
| 122 QSaveFile outputFile(fileName); | |
| 141 // Open / Create the file to write to. | 123 // Open / Create the file to write to. |
| 142 if (!outputFile.open(QIODevice::WriteOnly)) { | 124 if (!outputFile.open(QIODevice::WriteOnly)) { |
| 143 qDebug() << "Failed to open file"; | 125 qDebug() << "Failed to open file"; |
| 144 return false; | 126 return false; |
| 145 } | 127 } |
| 239 void SSLConnectionCurl::setProxy(const QUrl& proxyUrl) { | 221 void SSLConnectionCurl::setProxy(const QUrl& proxyUrl) { |
| 240 if (curl_easy_setopt(mCurl, CURLOPT_PROXY, proxyUrl.toEncoded().constData()) != CURLE_OK) { | 222 if (curl_easy_setopt(mCurl, CURLOPT_PROXY, proxyUrl.toEncoded().constData()) != CURLE_OK) { |
| 241 qDebug() << "Failed to set proxy"; | 223 qDebug() << "Failed to set proxy"; |
| 242 return; | 224 return; |
| 243 } | 225 } |
| 244 qDebug() << "Set proxy to: " << proxyUrl; | 226 } |
| 245 } | 227 |
| 228 void SSLConnectionCurl::setCiphersuites(int ciphers[]) { | |
| 229 qDebug() << "Set ciphersuites not supported."; | |
| 230 } |