changeset 1088:508c96e72f62

(issue124) Switch server URL and remove some RELEASE_BUILD options As the test server speaks ECDSA we do not need so much #ifndef RELEASE_BUILD options anymore.
author Andre Heinecke <andre.heinecke@intevation.de>
date Fri, 12 Sep 2014 15:38:42 +0200
parents 7191addd8a53
children 3c67e32b5d4a
files CMakeLists.txt ui/certificates/geotrust.der ui/certificates/intevation.de.der ui/certs.qrc ui/downloader.cpp ui/mainwindow.cpp ui/sslconnection.cpp ui/sslconnection_curl.cpp ui/tests/downloadertest.cpp
diffstat 9 files changed, 20 insertions(+), 56 deletions(-) [+]
line wrap: on
line diff
--- a/CMakeLists.txt	Fri Sep 12 15:13:58 2014 +0200
+++ b/CMakeLists.txt	Fri Sep 12 15:38:42 2014 +0200
@@ -12,7 +12,7 @@
 option(ENABLE_PROFILING "Set to enable profiling." OFF)
 option(USE_CURL "Use libcurl to download updates and certificate lists." ON)
 
-set(DOWNLOAD_SERVER "https://files.intevation.de:443" CACHE STRING "Used as download server" )
+set(DOWNLOAD_SERVER "https://tb-devel.intevation.de:443" CACHE STRING "Used as download server" )
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/")
 
 #Old qtmain linking behavior to be compatible with cmake versions < 2.8.11
Binary file ui/certificates/geotrust.der has changed
Binary file ui/certificates/intevation.de.der has changed
--- a/ui/certs.qrc	Fri Sep 12 15:13:58 2014 +0200
+++ b/ui/certs.qrc	Fri Sep 12 15:38:42 2014 +0200
@@ -1,6 +1,5 @@
 <!DOCTYPE RCC><RCC version="1.0">
 <qresource prefix="/certs">
-    <file alias="intevation.de">certificates/intevation.de.der</file>
-    <file alias="geotrust">certificates/geotrust.der</file>
+    <file alias="ssl-test">certificates/ssl-test.der</file>
 </qresource>
 </RCC>
--- a/ui/downloader.cpp	Fri Sep 12 15:13:58 2014 +0200
+++ b/ui/downloader.cpp	Fri Sep 12 15:38:42 2014 +0200
@@ -8,7 +8,7 @@
 #include "downloader.h"
 
 #ifndef DOWNLOAD_SERVER
-#define DOWNLOAD_SERVER "https://www.intevation.de"
+#define DOWNLOAD_SERVER "https://tb-devel.intevation.de"
 #endif
 
 #include <QFile>
@@ -36,24 +36,12 @@
 #include "sslconnection_bare.h"
 #endif
 
-#ifdef RELEASE_BUILD
 static int accept_ciphers[] = {
     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
     TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
     0
 };
-#else
-static int accept_ciphers[] = {
-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
-    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
-    TLS_RSA_WITH_AES_256_CBC_SHA,
-    0
-};
-#endif
 
 Downloader::Downloader(QObject* parent, const QString& url,
                        const QByteArray& certificate,
--- a/ui/mainwindow.cpp	Fri Sep 12 15:13:58 2014 +0200
+++ b/ui/mainwindow.cpp	Fri Sep 12 15:38:42 2014 +0200
@@ -66,22 +66,22 @@
 #endif
 
 #ifdef RELEASE_BUILD
-# define LIST_RESOURCE "/users/aheinecke/zertifikatsliste.txt"
+# define LIST_RESOURCE "/zertifikatsliste.txt"
 # ifdef Q_OS_WIN
-#  define SW_RESOURCE_VERSION "/users/aheinecke/TrustBridge-%1.exe"
-#  define SW_RESOURCE "/users/aheinecke/TrustBridge.exe"
+#  define SW_RESOURCE_VERSION "/TrustBridge-%1.exe"
+#  define SW_RESOURCE "/TrustBridge.exe"
 # else
-#  define SW_RESOURCE_VERSION "/users/aheinecke/TrustBridge-%1" TB_ARCH_STRING ".sh"
-#  define SW_RESOURCE "/users/aheinecke/TrustBridge" TB_ARCH_STRING ".sh"
+#  define SW_RESOURCE_VERSION "/TrustBridge-%1" TB_ARCH_STRING ".sh"
+#  define SW_RESOURCE "/TrustBridge" TB_ARCH_STRING ".sh"
 # endif
 #else // RELEASE_BUILD
-# define LIST_RESOURCE "/users/aheinecke/development/zertifikatsliste.txt"
+# define LIST_RESOURCE "/zertifikatsliste.txt"
 # ifdef Q_OS_WIN
-#  define SW_RESOURCE_VERSION "/users/aheinecke/development/TrustBridge-development.exe"
-#  define SW_RESOURCE "/users/aheinecke/development/TrustBridge.exe"
+#  define SW_RESOURCE_VERSION "/development/TrustBridge-development.exe"
+#  define SW_RESOURCE "/development/TrustBridge.exe"
 # else
-#  define SW_RESOURCE_VERSION "/users/aheinecke/development/TrustBridge-development" TB_ARCH_STRING ".sh"
-#  define SW_RESOURCE "/users/aheinecke/development/TrustBridge" TB_ARCH_STRING ".sh"
+#  define SW_RESOURCE_VERSION "/development/TrustBridge-development" TB_ARCH_STRING ".sh"
+#  define SW_RESOURCE "/development/TrustBridge" TB_ARCH_STRING ".sh"
 # endif
 #endif
 
@@ -422,7 +422,6 @@
     swResource = mSettings.value("Software/resource", swResource).toString();
 #endif
 
-
     Downloader* downloader = new Downloader(this,
                                             QString::fromLatin1(SERVER_URL),
                                             QByteArray(),
--- a/ui/sslconnection.cpp	Fri Sep 12 15:13:58 2014 +0200
+++ b/ui/sslconnection.cpp	Fri Sep 12 15:38:42 2014 +0200
@@ -28,9 +28,9 @@
     if (certificate.isEmpty()) {
 #ifdef RELEASE_BUILD
         /* TODO Change certificate here in case of release build */
-        QFile certResource(":certs/intevation.de");
+        QFile certResource(":certs/ssl-test");
 #else
-        QFile certResource(":certs/intevation.de");
+        QFile certResource(":certs/ssl-test");
 #endif
         certResource.open(QFile::ReadOnly);
         mPinnedCert = certResource.readAll();
--- a/ui/sslconnection_curl.cpp	Fri Sep 12 15:13:58 2014 +0200
+++ b/ui/sslconnection_curl.cpp	Fri Sep 12 15:38:42 2014 +0200
@@ -25,25 +25,7 @@
         return;
     }
 
-#ifdef RELEASE_BUILD
     if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 1L) != CURLE_OK) {
-#else
-    /* For testing we do not have to trust the issuer. This should not
-     * be dangerous as we pin the peer certificate directly. */
-    if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 0L) != CURLE_OK) {
-#endif
-        /* Should be default anyway */
-        qDebug() << "Setting verifypeer failed";
-        return;
-    }
-
-#ifdef RELEASE_BUILD
-    if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 1L) != CURLE_OK) {
-#else
-    /* For testing we do not have to trust host. This should not
-     * be dangerous as we pin the peer certificate directly. */
-    if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 0L) != CURLE_OK) {
-#endif
         /* Should be default anyway */
         qDebug() << "Setting verifypeer failed";
         return;
@@ -54,12 +36,10 @@
         return;
     }
 
-#ifdef RELEASE_BUILD
     if (curl_easy_setopt(mCurl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2) != CURLE_OK) {
         qDebug() << "Setting ssl version failed.";
         return;
     }
-#endif
 
     mCertFile.open();
     if (mCertFile.write(mPinnedCert) != mPinnedCert.size()) {
--- a/ui/tests/downloadertest.cpp	Fri Sep 12 15:13:58 2014 +0200
+++ b/ui/tests/downloadertest.cpp	Fri Sep 12 15:38:42 2014 +0200
@@ -149,9 +149,7 @@
     QVERIFY(error == SSLConnection::NoConnection);
 }
 static int accept_ciphers[] = {
-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
-    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-    TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
     0
 };
 
@@ -162,8 +160,8 @@
             QByteArray(), /* Use default testing certificate */
             QDateTime::currentDateTime(),
             QDateTime::fromString("2010", "YYYY"),
-            "/users/aheinecke/development/TrustBridge-development.exe",
-            "/users/aheinecke/development/zertifikatsliste.txt");
+            "/development/TrustBridge-development.exe",
+            "/development/zertifikatsliste.txt");
 
     downloader->setCiphersuites(accept_ciphers);
 
@@ -238,8 +236,8 @@
             QByteArray(),
             QDateTime::currentDateTime(), // Last installed SW
             QDateTime::fromString("2010", "YYYY"),
-            QString("/users/aheinecke/zertifikatsliste.txt"),
-            QString("/users/aheinecke/zertifikatsliste.txt"));
+            QString("/zertifikatsliste.txt"),
+            QString("/zertifikatsliste.txt"));
 
     SETUP_SPY
 

http://wald.intevation.org/projects/trustbridge/