Skip to content

Commit

Permalink
Fix unknown server certificate handling
Browse files Browse the repository at this point in the history 
If an endpoint description contains an empty certificate,
we must not add an empty file to the trusted folder.
  • Loading branch information
@basyskom-jvoe
basyskom-jvoe committed Jul 11, 2024
1 parent c6e7d6d commit a2772d4
Showing 1 changed file with 29 additions and 26 deletions.
55 changes: 29 additions & 26 deletions src/backend.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,7 @@ void BackEnd::connectToEndpoint(int endpointIndex, bool usePassword, const QStri

// Automatically add server certificate to the trusted certificates
const QByteArray ba = mEndpointList[endpointIndex].serverCertificate();

// Use hash as file name to recognise whether the server certificate is already saved
const QString hash =
QString::fromUtf8(QCryptographicHash::hash(ba, QCryptographicHash::Md5).toHex());
Expand All @@ -310,32 +311,34 @@ void BackEnd::connectToEndpoint(int endpointIndex, bool usePassword, const QStri
const QString filename = trustedCertsPath + QStringLiteral("%1.der").arg(hash);
if (!QFile::exists(filename)) {
const QSslCertificate ssl(ba, QSsl::Der);
mCertificateInfo.mFilename = filename;
mCertificateInfo.mServerCertificate = ba;
mCertificateInfo.mExpiryDate = ssl.expiryDate();
mCertificateInfo.mEffectiveDate = ssl.effectiveDate();
mCertificateInfo.mIssuerCommonName =
ssl.issuerInfo(QSslCertificate::CommonName).join(QChar::fromLatin1(','));
mCertificateInfo.mIssuerOrganization =
ssl.issuerInfo(QSslCertificate::Organization).join(QChar::fromLatin1(','));
mCertificateInfo.mIssuerOrganizationUnit =
ssl.issuerInfo(QSslCertificate::OrganizationalUnitName)
.join(QChar::fromLatin1(','));
mCertificateInfo.mIssuerLocality =
ssl.issuerInfo(QSslCertificate::LocalityName).join(QChar::fromLatin1(','));
mCertificateInfo.mIssuerState = ssl.issuerInfo(QSslCertificate::StateOrProvinceName)
.join(QChar::fromLatin1(','));
mCertificateInfo.mIssuerCountry =
ssl.issuerInfo(QSslCertificate::CountryName).join(QChar::fromLatin1(','));
mCertificateInfo.mFingerprint =
QString::fromUtf8(ssl.digest(QCryptographicHash::Sha256).toHex());
mCertificateInfo.mSerialNumber =
QString::fromUtf8(ssl.serialNumber()).remove(QChar::fromLatin1(':'));
emit certificateInfoChanged();

mMessageType = MessageType::TrustCertificate;
emit messageTypeChanged();
return;
if (!ssl.isNull()) {
mCertificateInfo.mFilename = filename;
mCertificateInfo.mServerCertificate = ba;
mCertificateInfo.mExpiryDate = ssl.expiryDate();
mCertificateInfo.mEffectiveDate = ssl.effectiveDate();
mCertificateInfo.mIssuerCommonName =
ssl.issuerInfo(QSslCertificate::CommonName).join(QChar::fromLatin1(','));
mCertificateInfo.mIssuerOrganization =
ssl.issuerInfo(QSslCertificate::Organization).join(QChar::fromLatin1(','));
mCertificateInfo.mIssuerOrganizationUnit =
ssl.issuerInfo(QSslCertificate::OrganizationalUnitName)
.join(QChar::fromLatin1(','));
mCertificateInfo.mIssuerLocality =
ssl.issuerInfo(QSslCertificate::LocalityName).join(QChar::fromLatin1(','));
mCertificateInfo.mIssuerState = ssl.issuerInfo(QSslCertificate::StateOrProvinceName)
.join(QChar::fromLatin1(','));
mCertificateInfo.mIssuerCountry =
ssl.issuerInfo(QSslCertificate::CountryName).join(QChar::fromLatin1(','));
mCertificateInfo.mFingerprint =
QString::fromUtf8(ssl.digest(QCryptographicHash::Sha256).toHex());
mCertificateInfo.mSerialNumber =
QString::fromUtf8(ssl.serialNumber()).remove(QChar::fromLatin1(':'));
emit certificateInfoChanged();

mMessageType = MessageType::TrustCertificate;
emit messageTypeChanged();
return;
}
}
}

Expand Down

0 comments on commit a2772d4

Please sign in to comment.