moonlight-stream/moonlight-qt
1
0
Fork 0
mirror of https://github.com/moonlight-stream/moonlight-qt.git synced 2026-06-18 06:30:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow other SSL errors as long as the cert is correct

Browse Source
This commit is contained in:
Cameron Gutman
2019-03-16 18:50:07 -07:00
parent c540bec824
commit 37636ef1eb
2 changed files with 32 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/backend/nvhttp.cpp
+26 -19
View File
@@ -33,6 +33,8 @@ NvHTTP::NvHTTP(QString address, QSslCertificate serverCert) :
// Never use a proxy server // Never use a proxy server
QNetworkProxy noProxy(QNetworkProxy::NoProxy); QNetworkProxy noProxy(QNetworkProxy::NoProxy);
m_Nam.setProxy(noProxy); m_Nam.setProxy(noProxy);
connect(&m_Nam, &QNetworkAccessManager::sslErrors, this, &NvHTTP::handleSslErrors);
} }
void NvHTTP::setServerCert(QSslCertificate serverCert) void NvHTTP::setServerCert(QSslCertificate serverCert)
@@ -377,6 +379,28 @@ NvHTTP::getXmlString(QString xml,
return nullptr; return nullptr;
} }
void NvHTTP::handleSslErrors(QNetworkReply* reply, const QList<QSslError>& errors)
{
bool ignoreErrors = true;
if (m_ServerCert.isNull()) {
// We should never make an HTTPS request without a cert
Q_ASSERT(!m_ServerCert.isNull());
return;
}
for (auto error : errors) {
if (m_ServerCert != error.certificate()) {
ignoreErrors = false;
break;
}
}
if (ignoreErrors) {
reply->ignoreSslErrors(errors);
}
}
QString QString
NvHTTP::openConnectionToString(QUrl baseUrl, NvHTTP::openConnectionToString(QUrl baseUrl,
QString command, QString command,
@@ -413,33 +437,16 @@ NvHTTP::openConnection(QUrl baseUrl,
QUuid::createUuid().toRfc4122().toHex() + QUuid::createUuid().toRfc4122().toHex() +
((arguments != nullptr) ? ("&" + arguments) : "")); ((arguments != nullptr) ? ("&" + arguments) : ""));
QNetworkRequest request = QNetworkRequest(url); QNetworkRequest request(url);
// Add our client certificate // Add our client certificate
request.setSslConfiguration(IdentityManager::get()->getSslConfig()); request.setSslConfiguration(IdentityManager::get()->getSslConfig());
QNetworkReply* reply = m_Nam.get(request); QNetworkReply* reply = m_Nam.get(request);
// Assert that we always have a server cert for HTTPS, since
// the request will fail anyway if we do not.
Q_ASSERT(!m_ServerCert.isNull() || baseUrl == m_BaseUrlHttp);
if (!m_ServerCert.isNull()) {
// Pin the server certificate received during pairing
QList<QSslError> expectedSslErrors;
expectedSslErrors.append(QSslError(QSslError::HostNameMismatch, m_ServerCert));
expectedSslErrors.append(QSslError(QSslError::SelfSignedCertificate, m_ServerCert));
// The SecureTransport backend for Qt TLS on macOS throws CertificateUntrusted
// instead of SelfSignedCertificate, so we will need to allow that error too.
expectedSslErrors.append(QSslError(QSslError::CertificateUntrusted, m_ServerCert));
reply->ignoreSslErrors(expectedSslErrors);
}
// Run the request with a timeout if requested // Run the request with a timeout if requested
QEventLoop loop; QEventLoop loop;
QObject::connect(reply, SIGNAL(finished()), &loop, SLOT(quit())); connect(reply, SIGNAL(finished()), &loop, SLOT(quit()));
if (timeoutMs) { if (timeoutMs) {
QTimer::singleShot(timeoutMs, &loop, SLOT(quit())); QTimer::singleShot(timeoutMs, &loop, SLOT(quit()));
} }
app/backend/nvhttp.h
+6 -1
View File
@@ -113,8 +113,10 @@ private:
QString m_ErrorText; QString m_ErrorText;
}; };
class NvHTTP class NvHTTP : public QObject
{ {
Q_OBJECT
public: public:
enum NvLogLevel { enum NvLogLevel {
NVLL_NONE, NVLL_NONE,
@@ -184,6 +186,9 @@ public:
QUrl m_BaseUrlHttp; QUrl m_BaseUrlHttp;
QUrl m_BaseUrlHttps; QUrl m_BaseUrlHttps;
private: private:
void
handleSslErrors(QNetworkReply* reply, const QList<QSslError>& errors);
QNetworkReply* QNetworkReply*
openConnection(QUrl baseUrl, openConnection(QUrl baseUrl,
QString command, QString command,