Merge pull request #21658 from Chocobo1/ssl_setup
Some checks failed
CI - File health / Check (push) Waiting to run
CI - macOS / Build (1.2.19, GUI=OFF, 6.7.0) (push) Waiting to run
CI - macOS / Build (1.2.19, GUI=ON, 6.7.0) (push) Waiting to run
CI - macOS / Build (2.0.10, GUI=OFF, 6.7.0) (push) Waiting to run
CI - macOS / Build (2.0.10, GUI=ON, 6.7.0) (push) Waiting to run
CI - Python / Check (push) Waiting to run
CI - Ubuntu / Build (1.2.19, GUI=OFF, 6.5.2) (push) Waiting to run
CI - Ubuntu / Build (1.2.19, GUI=ON, 6.5.2) (push) Waiting to run
CI - Ubuntu / Build (2.0.10, GUI=OFF, 6.5.2) (push) Waiting to run
CI - Ubuntu / Build (2.0.10, GUI=ON, 6.5.2) (push) Waiting to run
CI - WebUI / Check (push) Waiting to run
CI - Windows / Build (1.2.19) (push) Waiting to run
CI - Windows / Build (2.0.10) (push) Waiting to run
Coverity Scan / Scan (2.0.10, GUI=ON, 6.5.2) (push) Has been cancelled

Simplify SSL parameters setup
This commit is contained in:
Chocobo1 2024-11-01 04:03:51 +08:00 committed by GitHub
commit 7af6ac18aa
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 14 additions and 19 deletions

View File

@ -37,8 +37,9 @@
#include <QtLogging>
#include <QNetworkProxy>
#include <QSslCertificate>
#include <QSslCipher>
#include <QSslConfiguration>
#include <QSslKey>
#include <QSslSocket>
#include <QStringList>
#include <QTimer>
@ -100,13 +101,12 @@ using namespace Http;
Server::Server(IRequestHandler *requestHandler, QObject *parent)
: QTcpServer(parent)
, m_requestHandler(requestHandler)
, m_sslConfig {QSslConfiguration::defaultConfiguration()}
{
setProxy(QNetworkProxy::NoProxy);
QSslConfiguration sslConf {QSslConfiguration::defaultConfiguration()};
sslConf.setProtocol(QSsl::TlsV1_2OrLater);
sslConf.setCiphers(safeCipherList());
QSslConfiguration::setDefaultConfiguration(sslConf);
m_sslConfig.setCiphers(safeCipherList());
m_sslConfig.setPeerVerifyMode(QSslSocket::VerifyNone);
auto *dropConnectionTimer = new QTimer(this);
connect(dropConnectionTimer, &QTimer::timeout, this, &Server::dropTimedOutConnection);
@ -115,7 +115,7 @@ Server::Server(IRequestHandler *requestHandler, QObject *parent)
void Server::incomingConnection(const qintptr socketDescriptor)
{
std::unique_ptr<QTcpSocket> serverSocket = m_https ? std::make_unique<QSslSocket>(this) : std::make_unique<QTcpSocket>(this);
std::unique_ptr<QTcpSocket> serverSocket = isHttps() ? std::make_unique<QSslSocket>(this) : std::make_unique<QTcpSocket>(this);
if (!serverSocket->setSocketDescriptor(socketDescriptor))
return;
@ -127,13 +127,10 @@ void Server::incomingConnection(const qintptr socketDescriptor)
try
{
if (m_https)
if (isHttps())
{
auto *sslSocket = static_cast<QSslSocket *>(serverSocket.get());
sslSocket->setProtocol(QSsl::SecureProtocols);
sslSocket->setPrivateKey(m_key);
sslSocket->setLocalCertificateChain(m_certificates);
sslSocket->setPeerVerifyMode(QSslSocket::VerifyNone);
sslSocket->setSslConfiguration(m_sslConfig);
sslSocket->startServerEncryption();
}
@ -178,17 +175,17 @@ bool Server::setupHttps(const QByteArray &certificates, const QByteArray &privat
return false;
}
m_key = key;
m_certificates = certs;
m_sslConfig.setLocalCertificateChain(certs);
m_sslConfig.setPrivateKey(key);
m_https = true;
return true;
}
void Server::disableHttps()
{
m_sslConfig.setLocalCertificateChain({});
m_sslConfig.setPrivateKey({});
m_https = false;
m_certificates.clear();
m_key.clear();
}
bool Server::isHttps() const

View File

@ -31,8 +31,7 @@
#pragma once
#include <QSet>
#include <QSslCertificate>
#include <QSslKey>
#include <QSslConfiguration>
#include <QTcpServer>
namespace Http
@ -63,7 +62,6 @@ namespace Http
QSet<Connection *> m_connections; // for tracking persistent connections
bool m_https = false;
QList<QSslCertificate> m_certificates;
QSslKey m_key;
QSslConfiguration m_sslConfig;
};
}