Mercurial > trustbridge
changeset 1088:508c96e72f62
(issue124) Switch server URL and remove some RELEASE_BUILD options
As the test server speaks ECDSA we do not need so much
#ifndef RELEASE_BUILD options anymore.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Fri, 12 Sep 2014 15:38:42 +0200 |
parents | 7191addd8a53 |
children | 3c67e32b5d4a |
files | CMakeLists.txt ui/certificates/geotrust.der ui/certificates/intevation.de.der ui/certs.qrc ui/downloader.cpp ui/mainwindow.cpp ui/sslconnection.cpp ui/sslconnection_curl.cpp ui/tests/downloadertest.cpp |
diffstat | 9 files changed, 20 insertions(+), 56 deletions(-) [+] |
line wrap: on
line diff
--- a/CMakeLists.txt Fri Sep 12 15:13:58 2014 +0200 +++ b/CMakeLists.txt Fri Sep 12 15:38:42 2014 +0200 @@ -12,7 +12,7 @@ option(ENABLE_PROFILING "Set to enable profiling." OFF) option(USE_CURL "Use libcurl to download updates and certificate lists." ON) -set(DOWNLOAD_SERVER "https://files.intevation.de:443" CACHE STRING "Used as download server" ) +set(DOWNLOAD_SERVER "https://tb-devel.intevation.de:443" CACHE STRING "Used as download server" ) set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/") #Old qtmain linking behavior to be compatible with cmake versions < 2.8.11
--- a/ui/certs.qrc Fri Sep 12 15:13:58 2014 +0200 +++ b/ui/certs.qrc Fri Sep 12 15:38:42 2014 +0200 @@ -1,6 +1,5 @@ <!DOCTYPE RCC><RCC version="1.0"> <qresource prefix="/certs"> - <file alias="intevation.de">certificates/intevation.de.der</file> - <file alias="geotrust">certificates/geotrust.der</file> + <file alias="ssl-test">certificates/ssl-test.der</file> </qresource> </RCC>
--- a/ui/downloader.cpp Fri Sep 12 15:13:58 2014 +0200 +++ b/ui/downloader.cpp Fri Sep 12 15:38:42 2014 +0200 @@ -8,7 +8,7 @@ #include "downloader.h" #ifndef DOWNLOAD_SERVER -#define DOWNLOAD_SERVER "https://www.intevation.de" +#define DOWNLOAD_SERVER "https://tb-devel.intevation.de" #endif #include <QFile> @@ -36,24 +36,12 @@ #include "sslconnection_bare.h" #endif -#ifdef RELEASE_BUILD static int accept_ciphers[] = { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 0 }; -#else -static int accept_ciphers[] = { - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, - TLS_RSA_WITH_AES_256_CBC_SHA, - 0 -}; -#endif Downloader::Downloader(QObject* parent, const QString& url, const QByteArray& certificate,
--- a/ui/mainwindow.cpp Fri Sep 12 15:13:58 2014 +0200 +++ b/ui/mainwindow.cpp Fri Sep 12 15:38:42 2014 +0200 @@ -66,22 +66,22 @@ #endif #ifdef RELEASE_BUILD -# define LIST_RESOURCE "/users/aheinecke/zertifikatsliste.txt" +# define LIST_RESOURCE "/zertifikatsliste.txt" # ifdef Q_OS_WIN -# define SW_RESOURCE_VERSION "/users/aheinecke/TrustBridge-%1.exe" -# define SW_RESOURCE "/users/aheinecke/TrustBridge.exe" +# define SW_RESOURCE_VERSION "/TrustBridge-%1.exe" +# define SW_RESOURCE "/TrustBridge.exe" # else -# define SW_RESOURCE_VERSION "/users/aheinecke/TrustBridge-%1" TB_ARCH_STRING ".sh" -# define SW_RESOURCE "/users/aheinecke/TrustBridge" TB_ARCH_STRING ".sh" +# define SW_RESOURCE_VERSION "/TrustBridge-%1" TB_ARCH_STRING ".sh" +# define SW_RESOURCE "/TrustBridge" TB_ARCH_STRING ".sh" # endif #else // RELEASE_BUILD -# define LIST_RESOURCE "/users/aheinecke/development/zertifikatsliste.txt" +# define LIST_RESOURCE "/zertifikatsliste.txt" # ifdef Q_OS_WIN -# define SW_RESOURCE_VERSION "/users/aheinecke/development/TrustBridge-development.exe" -# define SW_RESOURCE "/users/aheinecke/development/TrustBridge.exe" +# define SW_RESOURCE_VERSION "/development/TrustBridge-development.exe" +# define SW_RESOURCE "/development/TrustBridge.exe" # else -# define SW_RESOURCE_VERSION "/users/aheinecke/development/TrustBridge-development" TB_ARCH_STRING ".sh" -# define SW_RESOURCE "/users/aheinecke/development/TrustBridge" TB_ARCH_STRING ".sh" +# define SW_RESOURCE_VERSION "/development/TrustBridge-development" TB_ARCH_STRING ".sh" +# define SW_RESOURCE "/development/TrustBridge" TB_ARCH_STRING ".sh" # endif #endif @@ -422,7 +422,6 @@ swResource = mSettings.value("Software/resource", swResource).toString(); #endif - Downloader* downloader = new Downloader(this, QString::fromLatin1(SERVER_URL), QByteArray(),
--- a/ui/sslconnection.cpp Fri Sep 12 15:13:58 2014 +0200 +++ b/ui/sslconnection.cpp Fri Sep 12 15:38:42 2014 +0200 @@ -28,9 +28,9 @@ if (certificate.isEmpty()) { #ifdef RELEASE_BUILD /* TODO Change certificate here in case of release build */ - QFile certResource(":certs/intevation.de"); + QFile certResource(":certs/ssl-test"); #else - QFile certResource(":certs/intevation.de"); + QFile certResource(":certs/ssl-test"); #endif certResource.open(QFile::ReadOnly); mPinnedCert = certResource.readAll();
--- a/ui/sslconnection_curl.cpp Fri Sep 12 15:13:58 2014 +0200 +++ b/ui/sslconnection_curl.cpp Fri Sep 12 15:38:42 2014 +0200 @@ -25,25 +25,7 @@ return; } -#ifdef RELEASE_BUILD if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 1L) != CURLE_OK) { -#else - /* For testing we do not have to trust the issuer. This should not - * be dangerous as we pin the peer certificate directly. */ - if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 0L) != CURLE_OK) { -#endif - /* Should be default anyway */ - qDebug() << "Setting verifypeer failed"; - return; - } - -#ifdef RELEASE_BUILD - if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 1L) != CURLE_OK) { -#else - /* For testing we do not have to trust host. This should not - * be dangerous as we pin the peer certificate directly. */ - if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 0L) != CURLE_OK) { -#endif /* Should be default anyway */ qDebug() << "Setting verifypeer failed"; return; @@ -54,12 +36,10 @@ return; } -#ifdef RELEASE_BUILD if (curl_easy_setopt(mCurl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2) != CURLE_OK) { qDebug() << "Setting ssl version failed."; return; } -#endif mCertFile.open(); if (mCertFile.write(mPinnedCert) != mPinnedCert.size()) {
--- a/ui/tests/downloadertest.cpp Fri Sep 12 15:13:58 2014 +0200 +++ b/ui/tests/downloadertest.cpp Fri Sep 12 15:38:42 2014 +0200 @@ -149,9 +149,7 @@ QVERIFY(error == SSLConnection::NoConnection); } static int accept_ciphers[] = { - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, 0 }; @@ -162,8 +160,8 @@ QByteArray(), /* Use default testing certificate */ QDateTime::currentDateTime(), QDateTime::fromString("2010", "YYYY"), - "/users/aheinecke/development/TrustBridge-development.exe", - "/users/aheinecke/development/zertifikatsliste.txt"); + "/development/TrustBridge-development.exe", + "/development/zertifikatsliste.txt"); downloader->setCiphersuites(accept_ciphers); @@ -238,8 +236,8 @@ QByteArray(), QDateTime::currentDateTime(), // Last installed SW QDateTime::fromString("2010", "YYYY"), - QString("/users/aheinecke/zertifikatsliste.txt"), - QString("/users/aheinecke/zertifikatsliste.txt")); + QString("/zertifikatsliste.txt"), + QString("/zertifikatsliste.txt")); SETUP_SPY