diff options
| author | Robert Adam <dev@robert-adam.de> | 2020-06-11 11:14:22 +0300 |
|---|---|---|
| committer | Robert Adam <dev@robert-adam.de> | 2020-06-11 11:23:29 +0300 |
| commit | bdb12c6622dc34592078b13b40f5c2707cc757a2 (patch) | |
| tree | 3a42cc9a78daa57c66e5a3ef46393ab1a19e6471 /src/murmur/Server.cpp | |
| parent | 0fcafd86e761bcb80f68bf2ae1bf01c5ea785655 (diff) | |
REFAC(deprecated): set certificates on QSslConfiguration
Previously the certificates were added to the QSslSocket object directly
but Qt 5.15 added this functionality to the QSslConfiguration object and
deprecated the ones in QSslSocket.
Diffstat (limited to 'src/murmur/Server.cpp')
| -rw-r--r-- | src/murmur/Server.cpp | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp index 656129661..141cc691e 100644 --- a/src/murmur/Server.cpp +++ b/src/murmur/Server.cpp @@ -1329,6 +1329,25 @@ void Server::newClient() { sock->setPrivateKey(qskKey); sock->setLocalCertificate(qscCert); + QSslConfiguration config = sock->sslConfiguration(); +#if QT_VERSION >= QT_VERSION_CHECK(5,15,0) + // Qt 5.15 introduced QSslConfiguration::addCaCertificate(s) that should be preferred over the functions in QSslSocket + + // Treat the leaf certificate as a root. + // This shouldn't strictly be necessary, + // and is a left-over from early on. + // Perhaps it is necessary for self-signed + // certs? + config.addCaCertificate(qscCert); + + // Add CA certificates specified via + // murmur.ini's sslCA option. + config.addCaCertificates(Meta::mp.qlCA); + + // Add intermediate CAs found in the PEM + // bundle used for this server's certificate. + config.addCaCertificates(qlIntermediates); +#else // Treat the leaf certificate as a root. // This shouldn't strictly be necessary, // and is a left-over from early on. @@ -1343,13 +1362,13 @@ void Server::newClient() { // Add intermediate CAs found in the PEM // bundle used for this server's certificate. sock->addCaCertificates(qlIntermediates); +#endif - QSslConfiguration cfg = sock->sslConfiguration(); - cfg.setCiphers(Meta::mp.qlCiphers); + config.setCiphers(Meta::mp.qlCiphers); #if defined(USE_QSSLDIFFIEHELLMANPARAMETERS) - cfg.setDiffieHellmanParameters(qsdhpDHParams); + config.setDiffieHellmanParameters(qsdhpDHParams); #endif - sock->setSslConfiguration(cfg); + sock->setSslConfiguration(config); if (qqIds.isEmpty()) { log(QString("Session ID pool (%1) empty, rejecting connection").arg(iMaxUsers)); |