changeset 991:6a3d284b9c16

Delegate certificate loading to base class. Minor cleanups.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 01 Sep 2014 12:07:19 +0200 (2014-09-01)
parents 2949f1842955
children a1e8ef2d7081
files ui/sslconnection_curl.cpp ui/sslconnection_curl.h
diffstat 2 files changed, 10 insertions(+), 23 deletions(-) [+]
line wrap: on
line diff
--- a/ui/sslconnection_curl.cpp	Mon Sep 01 12:04:11 2014 +0200
+++ b/ui/sslconnection_curl.cpp	Mon Sep 01 12:07:19 2014 +0200
@@ -16,25 +16,6 @@
     SSLConnection (url, certificate),
     mCurl (NULL)
 {
-    if (certificate.isEmpty()) {
-        /* Security: curl does not support leaf certificate pinning. So
-         * while the bare connection pins the certificate directly the
-         * curl implementation pins the issuer of the peer certificate
-         *
-         * CURLINFO_TLS_SESSION is also not implmented for polarssl
-         * so there is no way to obtain / verify peer certificate manually
-         * at this point.
-         **/
-#ifdef RELEASE_BUILD
-#error "Curl release build is not supported at this moment."
-#else
-        QFile certResource(":certs/geotrust");
-#endif
-        certResource.open(QFile::ReadOnly);
-        mPinnedCert = certResource.readAll();
-        certResource.close();
-    }
-
     curl_global_init(CURL_GLOBAL_DEFAULT);
     mCurl = curl_easy_init();
 
@@ -66,6 +47,7 @@
         qDebug() << "Failed to write temporary certificate";
         return;
     }
+
     mInitialized = true;
 
 #ifdef CONNECTION_DEBUG
@@ -110,7 +92,7 @@
     return 0;
 }
 
-/* Globally do this as we can't pass this to the c function */
+/* Globally do this as we can't pass "this" (the ptr) to the c function */
 size_t ssl_curl_max_write, ssl_curl_written;
 
 size_t write_data(void *ptr, size_t size, size_t nmemb,
@@ -135,9 +117,9 @@
                                      const QString &fileName,
                                      size_t maxSize)
 {
-    QSaveFile outputFile(fileName);
     ssl_curl_written = 0;
     ssl_curl_max_write = maxSize;
+    QSaveFile outputFile(fileName);
     // Open / Create the file to write to.
     if (!outputFile.open(QIODevice::WriteOnly)) {
         qDebug() << "Failed to open file";
@@ -241,5 +223,8 @@
         qDebug() << "Failed to set proxy";
         return;
     }
-    qDebug() << "Set proxy to: " << proxyUrl;
 }
+
+void SSLConnectionCurl::setCiphersuites(int ciphers[]) {
+    qDebug() << "Set ciphersuites not supported.";
+}
--- a/ui/sslconnection_curl.h	Mon Sep 01 12:04:11 2014 +0200
+++ b/ui/sslconnection_curl.h	Mon Sep 01 12:07:19 2014 +0200
@@ -39,14 +39,16 @@
 
     void setProxy(const QUrl &proxyUrl);
 
+    void setCiphersuites(int ciphers[]);
+
 private:
     CURL *mCurl;
     QTemporaryFile mCertFile;
     char mErrBuf[CURL_ERROR_SIZE + 1];
 
-    /** @brief Internal write function for curl */
 };
 
+/** @brief Internal write function for curl */
 size_t write_data(void *ptr, size_t size, size_t nmemb, QSaveFile *fp);
 
 #endif // UI_SSLCONNECTION_CURL_H

http://wald.intevation.org/projects/trustbridge/