tristan/kdeconnect-kde
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Do not ignore SSL errors, except for self-signed cert errors.

Browse source 
Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this.
This commit is contained in:
Albert Vaca Cintora 2020-09-24 16:59:22 +02:00
parent a1406ed913
commit f183b5447b
1 changed files with 13 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
core/backends/lan/lanlinkprovider.cpp
View file

@ -297,9 +297,7 @@ void LanLinkProvider::tcpSocketConnected()
connect(socket, &QSslSocket::encrypted, this, &LanLinkProvider::encrypted); connect(socket, &QSslSocket::encrypted, this, &LanLinkProvider::encrypted);
if (isDeviceTrusted) { connect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors);
connect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors);
}
socket->startServerEncryption(); socket->startServerEncryption();
@ -326,8 +324,6 @@ void LanLinkProvider::encrypted()
QSslSocket* socket = qobject_cast<QSslSocket*>(sender()); QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
if (!socket) return; if (!socket) return;
// TODO delete me?
disconnect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors);
Q_ASSERT(socket->mode() != QSslSocket::UnencryptedMode); Q_ASSERT(socket->mode() != QSslSocket::UnencryptedMode);
LanDeviceLink::ConnectionStarted connectionOrigin = (socket->mode() == QSslSocket::SslClientMode)? LanDeviceLink::Locally : LanDeviceLink::Remotely; LanDeviceLink::ConnectionStarted connectionOrigin = (socket->mode() == QSslSocket::SslClientMode)? LanDeviceLink::Locally : LanDeviceLink::Remotely;
@ -346,14 +342,20 @@ void LanLinkProvider::sslErrors(const QList<QSslError>& errors)
QSslSocket* socket = qobject_cast<QSslSocket*>(sender()); QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
if (!socket) return; if (!socket) return;
qCDebug(KDECONNECT_CORE) << "Failing due to " << errors; bool fatal = false;
Device* device = Daemon::instance()->getDevice(socket->peerVerifyName()); for (const QSslError& error : errors) {
if (device) { if (error.error() != QSslError::SelfSignedCertificate) {
device->unpair(); qCCritical(KDECONNECT_CORE) << "Disconnecting due to fatal SSL Error: " << error;
fatal = true;
} else {
qCDebug(KDECONNECT_CORE) << "Ignoring self-signed cert error";
}
} }
delete m_receivedIdentityPackets.take(socket).np; if (fatal) {
// Socket disconnects itself on ssl error and will be deleted by deleteLater slot, no need to delete manually socket->disconnectFromHost();
delete m_receivedIdentityPackets.take(socket).np;
}
} }
//I'm the new device and this is the answer to my UDP identity packet (no data received yet). They are connecting to us through TCP, and they should send an identity. //I'm the new device and this is the answer to my UDP identity packet (no data received yet). They are connecting to us through TCP, and they should send an identity.