# HG changeset patch # User Andre Heinecke # Date 1410529122 -7200 # Node ID 508c96e72f62a0bf8f724893531f26a85c4d3945 # Parent 7191addd8a53f13e15e58c5e62e9b096a13426e8 (issue124) Switch server URL and remove some RELEASE_BUILD options As the test server speaks ECDSA we do not need so much #ifndef RELEASE_BUILD options anymore. diff -r 7191addd8a53 -r 508c96e72f62 CMakeLists.txt --- a/CMakeLists.txt Fri Sep 12 15:13:58 2014 +0200 +++ b/CMakeLists.txt Fri Sep 12 15:38:42 2014 +0200 @@ -12,7 +12,7 @@ option(ENABLE_PROFILING "Set to enable profiling." OFF) option(USE_CURL "Use libcurl to download updates and certificate lists." ON) -set(DOWNLOAD_SERVER "https://files.intevation.de:443" CACHE STRING "Used as download server" ) +set(DOWNLOAD_SERVER "https://tb-devel.intevation.de:443" CACHE STRING "Used as download server" ) set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/") #Old qtmain linking behavior to be compatible with cmake versions < 2.8.11 diff -r 7191addd8a53 -r 508c96e72f62 ui/certificates/geotrust.der Binary file ui/certificates/geotrust.der has changed diff -r 7191addd8a53 -r 508c96e72f62 ui/certificates/intevation.de.der Binary file ui/certificates/intevation.de.der has changed diff -r 7191addd8a53 -r 508c96e72f62 ui/certs.qrc --- a/ui/certs.qrc Fri Sep 12 15:13:58 2014 +0200 +++ b/ui/certs.qrc Fri Sep 12 15:38:42 2014 +0200 @@ -1,6 +1,5 @@ - certificates/intevation.de.der - certificates/geotrust.der + certificates/ssl-test.der diff -r 7191addd8a53 -r 508c96e72f62 ui/downloader.cpp --- a/ui/downloader.cpp Fri Sep 12 15:13:58 2014 +0200 +++ b/ui/downloader.cpp Fri Sep 12 15:38:42 2014 +0200 @@ -8,7 +8,7 @@ #include "downloader.h" #ifndef DOWNLOAD_SERVER -#define DOWNLOAD_SERVER "https://www.intevation.de" +#define DOWNLOAD_SERVER "https://tb-devel.intevation.de" #endif #include @@ -36,24 +36,12 @@ #include "sslconnection_bare.h" #endif -#ifdef RELEASE_BUILD static int accept_ciphers[] = { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 0 }; -#else -static int accept_ciphers[] = { - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, - TLS_RSA_WITH_AES_256_CBC_SHA, - 0 -}; -#endif Downloader::Downloader(QObject* parent, const QString& url, const QByteArray& certificate, diff -r 7191addd8a53 -r 508c96e72f62 ui/mainwindow.cpp --- a/ui/mainwindow.cpp Fri Sep 12 15:13:58 2014 +0200 +++ b/ui/mainwindow.cpp Fri Sep 12 15:38:42 2014 +0200 @@ -66,22 +66,22 @@ #endif #ifdef RELEASE_BUILD -# define LIST_RESOURCE "/users/aheinecke/zertifikatsliste.txt" +# define LIST_RESOURCE "/zertifikatsliste.txt" # ifdef Q_OS_WIN -# define SW_RESOURCE_VERSION "/users/aheinecke/TrustBridge-%1.exe" -# define SW_RESOURCE "/users/aheinecke/TrustBridge.exe" +# define SW_RESOURCE_VERSION "/TrustBridge-%1.exe" +# define SW_RESOURCE "/TrustBridge.exe" # else -# define SW_RESOURCE_VERSION "/users/aheinecke/TrustBridge-%1" TB_ARCH_STRING ".sh" -# define SW_RESOURCE "/users/aheinecke/TrustBridge" TB_ARCH_STRING ".sh" +# define SW_RESOURCE_VERSION "/TrustBridge-%1" TB_ARCH_STRING ".sh" +# define SW_RESOURCE "/TrustBridge" TB_ARCH_STRING ".sh" # endif #else // RELEASE_BUILD -# define LIST_RESOURCE "/users/aheinecke/development/zertifikatsliste.txt" +# define LIST_RESOURCE "/zertifikatsliste.txt" # ifdef Q_OS_WIN -# define SW_RESOURCE_VERSION "/users/aheinecke/development/TrustBridge-development.exe" -# define SW_RESOURCE "/users/aheinecke/development/TrustBridge.exe" +# define SW_RESOURCE_VERSION "/development/TrustBridge-development.exe" +# define SW_RESOURCE "/development/TrustBridge.exe" # else -# define SW_RESOURCE_VERSION "/users/aheinecke/development/TrustBridge-development" TB_ARCH_STRING ".sh" -# define SW_RESOURCE "/users/aheinecke/development/TrustBridge" TB_ARCH_STRING ".sh" +# define SW_RESOURCE_VERSION "/development/TrustBridge-development" TB_ARCH_STRING ".sh" +# define SW_RESOURCE "/development/TrustBridge" TB_ARCH_STRING ".sh" # endif #endif @@ -422,7 +422,6 @@ swResource = mSettings.value("Software/resource", swResource).toString(); #endif - Downloader* downloader = new Downloader(this, QString::fromLatin1(SERVER_URL), QByteArray(), diff -r 7191addd8a53 -r 508c96e72f62 ui/sslconnection.cpp --- a/ui/sslconnection.cpp Fri Sep 12 15:13:58 2014 +0200 +++ b/ui/sslconnection.cpp Fri Sep 12 15:38:42 2014 +0200 @@ -28,9 +28,9 @@ if (certificate.isEmpty()) { #ifdef RELEASE_BUILD /* TODO Change certificate here in case of release build */ - QFile certResource(":certs/intevation.de"); + QFile certResource(":certs/ssl-test"); #else - QFile certResource(":certs/intevation.de"); + QFile certResource(":certs/ssl-test"); #endif certResource.open(QFile::ReadOnly); mPinnedCert = certResource.readAll(); diff -r 7191addd8a53 -r 508c96e72f62 ui/sslconnection_curl.cpp --- a/ui/sslconnection_curl.cpp Fri Sep 12 15:13:58 2014 +0200 +++ b/ui/sslconnection_curl.cpp Fri Sep 12 15:38:42 2014 +0200 @@ -25,25 +25,7 @@ return; } -#ifdef RELEASE_BUILD if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 1L) != CURLE_OK) { -#else - /* For testing we do not have to trust the issuer. This should not - * be dangerous as we pin the peer certificate directly. */ - if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 0L) != CURLE_OK) { -#endif - /* Should be default anyway */ - qDebug() << "Setting verifypeer failed"; - return; - } - -#ifdef RELEASE_BUILD - if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 1L) != CURLE_OK) { -#else - /* For testing we do not have to trust host. This should not - * be dangerous as we pin the peer certificate directly. */ - if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 0L) != CURLE_OK) { -#endif /* Should be default anyway */ qDebug() << "Setting verifypeer failed"; return; @@ -54,12 +36,10 @@ return; } -#ifdef RELEASE_BUILD if (curl_easy_setopt(mCurl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2) != CURLE_OK) { qDebug() << "Setting ssl version failed."; return; } -#endif mCertFile.open(); if (mCertFile.write(mPinnedCert) != mPinnedCert.size()) { diff -r 7191addd8a53 -r 508c96e72f62 ui/tests/downloadertest.cpp --- a/ui/tests/downloadertest.cpp Fri Sep 12 15:13:58 2014 +0200 +++ b/ui/tests/downloadertest.cpp Fri Sep 12 15:38:42 2014 +0200 @@ -149,9 +149,7 @@ QVERIFY(error == SSLConnection::NoConnection); } static int accept_ciphers[] = { - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, 0 }; @@ -162,8 +160,8 @@ QByteArray(), /* Use default testing certificate */ QDateTime::currentDateTime(), QDateTime::fromString("2010", "YYYY"), - "/users/aheinecke/development/TrustBridge-development.exe", - "/users/aheinecke/development/zertifikatsliste.txt"); + "/development/TrustBridge-development.exe", + "/development/zertifikatsliste.txt"); downloader->setCiphersuites(accept_ciphers); @@ -238,8 +236,8 @@ QByteArray(), QDateTime::currentDateTime(), // Last installed SW QDateTime::fromString("2010", "YYYY"), - QString("/users/aheinecke/zertifikatsliste.txt"), - QString("/users/aheinecke/zertifikatsliste.txt")); + QString("/zertifikatsliste.txt"), + QString("/zertifikatsliste.txt")); SETUP_SPY