Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/desktop.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorallexzander <blackslayer4@gmail.com>2022-10-07 18:09:10 +0300
committerallexzander <blackslayer4@gmail.com>2022-10-11 09:43:31 +0300
commit49305319496965ecf18963a81bf8a5a69df0d97e (patch)
tree1273e0f408f76c7be016df6686d73fab7b20bdd0 /src
parent256aa522020610d41d7fd2e1b6f7a604b42f4fcc (diff)
Command-line client. Do not trust SSL certificates by default, unlss '--trust' option is set.
Signed-off-by: allexzander <blackslayer4@gmail.com>
Diffstat (limited to 'src')
-rw-r--r--src/cmd/cmd.cpp1
-rw-r--r--src/cmd/simplesslerrorhandler.cpp20
-rw-r--r--src/libsync/account.cpp10
-rw-r--r--src/libsync/account.h5
4 files changed, 31 insertions, 5 deletions
diff --git a/src/cmd/cmd.cpp b/src/cmd/cmd.cpp
index 1dd894a67..cdc583911 100644
--- a/src/cmd/cmd.cpp
+++ b/src/cmd/cmd.cpp
@@ -440,6 +440,7 @@ int main(int argc, char **argv)
account->setUrl(hostUrl);
account->setSslErrorHandler(sslErrorHandler);
+ account->setTrustCertificates(options.trustSSL);
QEventLoop loop;
auto *job = new JsonApiJob(account, QLatin1String("ocs/v1.php/cloud/capabilities"));
diff --git a/src/cmd/simplesslerrorhandler.cpp b/src/cmd/simplesslerrorhandler.cpp
index 48a199773..b88fbeb7b 100644
--- a/src/cmd/simplesslerrorhandler.cpp
+++ b/src/cmd/simplesslerrorhandler.cpp
@@ -19,17 +19,27 @@ namespace OCC {
bool SimpleSslErrorHandler::handleErrors(QList<QSslError> errors, const QSslConfiguration &conf, QList<QSslCertificate> *certs, OCC::AccountPtr account)
{
- (void)account;
- (void)conf;
+ Q_UNUSED(conf);
- if (!certs) {
- qDebug() << "Certs parameter required but is NULL!";
+ if (!account || !certs) {
+ qDebug() << "account and certs parameters are required!";
return false;
}
+ if (account->trustCertificates()) {
+ for (const auto &error : qAsConst(errors)) {
+ certs->append(error.certificate());
+ }
+ return true;
+ }
+
for (const auto &error : qAsConst(errors)) {
- certs->append(error.certificate());
+ if (!account->approvedCerts().contains(error.certificate())) {
+ certs->append(error.certificate());
+ return false;
+ }
}
+
return true;
}
}
diff --git a/src/libsync/account.cpp b/src/libsync/account.cpp
index bb23cd07c..f3f8c1f10 100644
--- a/src/libsync/account.cpp
+++ b/src/libsync/account.cpp
@@ -909,4 +909,14 @@ bool Account::fileCanBeUnlocked(SyncJournalDb * const journal,
return false;
}
+void Account::setTrustCertificates(bool trustCertificates)
+{
+ _trustCertificates = trustCertificates;
+}
+
+bool Account::trustCertificates() const
+{
+ return _trustCertificates;
+}
+
} // namespace OCC
diff --git a/src/libsync/account.h b/src/libsync/account.h
index d4a7858a0..635caeac8 100644
--- a/src/libsync/account.h
+++ b/src/libsync/account.h
@@ -291,6 +291,9 @@ public:
bool fileCanBeUnlocked(SyncJournalDb * const journal, const QString &folderRelativePath) const;
+ void setTrustCertificates(bool trustCertificates);
+ [[nodiscard]] bool trustCertificates() const;
+
public slots:
/// Used when forgetting credentials
void clearQNAMCache();
@@ -343,6 +346,8 @@ private:
static QString davPathBase();
+ bool _trustCertificates = false;
+
QWeakPointer<Account> _sharedThis;
QString _id;
QString _davUser;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-11 21:55:12 +0300