mirror of
https://github.com/moonlight-stream/moonlight-qt.git
synced 2025-07-04 00:36:36 +00:00
Fix SSL on macOS
This commit is contained in:
parent
0357e6865d
commit
f80450176a
@ -10,7 +10,6 @@
|
|||||||
|
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
#include <openssl/rsa.h>
|
#include <openssl/rsa.h>
|
||||||
#include <openssl/pkcs12.h>
|
|
||||||
|
|
||||||
IdentityManager::IdentityManager()
|
IdentityManager::IdentityManager()
|
||||||
{
|
{
|
||||||
@ -49,14 +48,8 @@ IdentityManager::IdentityManager()
|
|||||||
m_CachedPemCert = certificateFile.readAll();
|
m_CachedPemCert = certificateFile.readAll();
|
||||||
m_CachedPrivateKey = privateKeyFile.readAll();
|
m_CachedPrivateKey = privateKeyFile.readAll();
|
||||||
|
|
||||||
// Make sure it really loads
|
qDebug() << "Loaded cached identity key pair from disk";
|
||||||
if (!QSslKey(m_CachedPrivateKey, QSsl::Rsa).isNull() && !QSslCertificate(m_CachedPemCert).isNull())
|
return;
|
||||||
{
|
|
||||||
qDebug() << "Loaded cached identity key pair from disk";
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
qDebug() << "Regenerating corrupted local key pair";
|
|
||||||
}
|
}
|
||||||
|
|
||||||
privateKeyFile.close();
|
privateKeyFile.close();
|
||||||
@ -117,13 +110,42 @@ IdentityManager::IdentityManager()
|
|||||||
BIO_free(biokey);
|
BIO_free(biokey);
|
||||||
BIO_free(biocert);
|
BIO_free(biocert);
|
||||||
|
|
||||||
// Ensure we can actually consume the keys we just wrote
|
|
||||||
Q_ASSERT(!QSslCertificate(m_CachedPemCert).isNull());
|
|
||||||
Q_ASSERT(!QSslKey(m_CachedPrivateKey, QSsl::Rsa).isNull());
|
|
||||||
|
|
||||||
qDebug() << "Wrote new identity credentials to disk";
|
qDebug() << "Wrote new identity credentials to disk";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
QSslConfiguration
|
||||||
|
IdentityManager::getSslConfig()
|
||||||
|
{
|
||||||
|
BIO* bio = BIO_new_mem_buf(m_CachedPrivateKey.data(), -1);
|
||||||
|
THROW_BAD_ALLOC_IF_NULL(bio);
|
||||||
|
|
||||||
|
EVP_PKEY* pk = PEM_read_bio_PrivateKey(bio, nullptr, nullptr, nullptr);
|
||||||
|
BIO_free(bio);
|
||||||
|
|
||||||
|
bio = BIO_new(BIO_s_mem());
|
||||||
|
THROW_BAD_ALLOC_IF_NULL(bio);
|
||||||
|
|
||||||
|
// We must write out our PEM in the old PKCS1 format for SecureTransport
|
||||||
|
// on macOS/iOS to be able to read it.
|
||||||
|
BUF_MEM* mem;
|
||||||
|
BIO_get_mem_ptr(bio, &mem);
|
||||||
|
PEM_write_bio_PrivateKey_traditional(bio, pk, nullptr, nullptr, 0, nullptr, 0);
|
||||||
|
|
||||||
|
QSslCertificate cert = QSslCertificate(m_CachedPemCert);
|
||||||
|
QSslKey key = QSslKey(QByteArray::fromRawData(mem->data, mem->length), QSsl::Rsa);
|
||||||
|
Q_ASSERT(!cert.isNull());
|
||||||
|
Q_ASSERT(!key.isNull());
|
||||||
|
|
||||||
|
BIO_free(bio);
|
||||||
|
EVP_PKEY_free(pk);
|
||||||
|
|
||||||
|
QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
|
||||||
|
sslConfig.setLocalCertificate(cert);
|
||||||
|
sslConfig.setPrivateKey(key);
|
||||||
|
|
||||||
|
return sslConfig;
|
||||||
|
}
|
||||||
|
|
||||||
QString
|
QString
|
||||||
IdentityManager::getUniqueId()
|
IdentityManager::getUniqueId()
|
||||||
{
|
{
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
#include <QDir>
|
#include <QDir>
|
||||||
|
#include <QSslConfiguration>
|
||||||
|
|
||||||
class IdentityManager
|
class IdentityManager
|
||||||
{
|
{
|
||||||
@ -16,6 +17,9 @@ public:
|
|||||||
QByteArray
|
QByteArray
|
||||||
getPrivateKey();
|
getPrivateKey();
|
||||||
|
|
||||||
|
QSslConfiguration
|
||||||
|
getSslConfig();
|
||||||
|
|
||||||
private:
|
private:
|
||||||
QDir m_RootDirectory;
|
QDir m_RootDirectory;
|
||||||
|
|
||||||
|
@ -7,6 +7,10 @@ int main(int argc, char *argv[])
|
|||||||
// i.e. it's in the window, and not the top left of the screen
|
// i.e. it's in the window, and not the top left of the screen
|
||||||
QCoreApplication::setAttribute(Qt::AA_DontUseNativeMenuBar);
|
QCoreApplication::setAttribute(Qt::AA_DontUseNativeMenuBar);
|
||||||
|
|
||||||
|
// This avoids using the default keychain for SSL, which may cause
|
||||||
|
// password prompts on macOS.
|
||||||
|
qputenv("QT_SSL_USE_TEMPORARY_KEYCHAIN", QByteArray("1"));
|
||||||
|
|
||||||
QApplication a(argc, argv);
|
QApplication a(argc, argv);
|
||||||
MainWindow w;
|
MainWindow w;
|
||||||
w.show();
|
w.show();
|
||||||
|
@ -221,10 +221,7 @@ NvHTTP::openConnection(QUrl baseUrl,
|
|||||||
QNetworkRequest request = QNetworkRequest(url);
|
QNetworkRequest request = QNetworkRequest(url);
|
||||||
|
|
||||||
// Add our client certificate
|
// Add our client certificate
|
||||||
QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
|
request.setSslConfiguration(m_Im.getSslConfig());
|
||||||
sslConfig.setLocalCertificate(QSslCertificate(m_Im.getCertificate()));
|
|
||||||
sslConfig.setPrivateKey(QSslKey(m_Im.getPrivateKey(), QSsl::Rsa));
|
|
||||||
request.setSslConfiguration(sslConfig);
|
|
||||||
|
|
||||||
QNetworkReply* reply = m_Nam.get(request);
|
QNetworkReply* reply = m_Nam.get(request);
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user