mirror of
https://github.com/nextcloud/desktop.git
synced 2024-11-29 12:19:03 +03:00
Merge pull request #3924 from nextcloud/feature/request-ocsp-data-for-peer-certificates
Request OCSP data for peer certificates
This commit is contained in:
commit
acd8553be9
6 changed files with 56 additions and 0 deletions
|
@ -11,6 +11,8 @@ set( APPLICATION_SERVER_URL "" CACHE STRING "URL for the server to use. If enter
|
|||
set( APPLICATION_SERVER_URL_ENFORCE ON ) # If set and APPLICATION_SERVER_URL is defined, the server can only connect to the pre-defined URL
|
||||
set( APPLICATION_REV_DOMAIN "com.nextcloud.desktopclient" )
|
||||
set( APPLICATION_VIRTUALFILE_SUFFIX "nextcloud" CACHE STRING "Virtual file suffix (not including the .)")
|
||||
set( APPLICATION_OCSP_STAPLING_ENABLED OFF )
|
||||
set( APPLICATION_FORBID_BAD_SSL OFF )
|
||||
|
||||
set( LINUX_PACKAGE_SHORTNAME "nextcloud" )
|
||||
set( LINUX_APPLICATION_ID "${APPLICATION_REV_DOMAIN}.${LINUX_PACKAGE_SHORTNAME}")
|
||||
|
|
|
@ -29,6 +29,8 @@
|
|||
#cmakedefine APPLICATION_WIZARD_HEADER_TITLE_COLOR "@APPLICATION_WIZARD_HEADER_TITLE_COLOR@"
|
||||
#cmakedefine APPLICATION_WIZARD_USE_CUSTOM_LOGO "@APPLICATION_WIZARD_USE_CUSTOM_LOGO@"
|
||||
#cmakedefine APPLICATION_VIRTUALFILE_SUFFIX "@APPLICATION_VIRTUALFILE_SUFFIX@"
|
||||
#cmakedefine APPLICATION_OCSP_STAPLING_ENABLED "@APPLICATION_OCSP_STAPLING_ENABLED@"
|
||||
#cmakedefine APPLICATION_FORBID_BAD_SSL "@APPLICATION_FORBID_BAD_SSL@"
|
||||
#define APPLICATION_DOTVIRTUALFILE_SUFFIX "." APPLICATION_VIRTUALFILE_SUFFIX
|
||||
|
||||
#cmakedefine ZLIB_FOUND @ZLIB_FOUND@
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
*/
|
||||
#include "configfile.h"
|
||||
#include "sslerrordialog.h"
|
||||
#include "theme.h"
|
||||
|
||||
#include <QtGui>
|
||||
#include <QtNetwork>
|
||||
|
@ -68,6 +69,8 @@ SslErrorDialog::SslErrorDialog(AccountPtr account, QWidget *parent)
|
|||
QPushButton *cancelButton =
|
||||
_ui->_dialogButtonBox->button(QDialogButtonBox::Cancel);
|
||||
okButton->setEnabled(false);
|
||||
|
||||
_ui->_cbTrustConnect->setEnabled(!Theme::instance()->forbidBadSSL());
|
||||
connect(_ui->_cbTrustConnect, &QAbstractButton::clicked,
|
||||
okButton, &QWidget::setEnabled);
|
||||
|
||||
|
@ -105,6 +108,8 @@ bool SslErrorDialog::checkFailingCertsKnown(const QList<QSslError> &errors)
|
|||
|
||||
QStringList errorStrings;
|
||||
|
||||
QStringList additionalErrorStrings;
|
||||
|
||||
QList<QSslCertificate> trustedCerts = _account->approvedCerts();
|
||||
|
||||
for (int i = 0; i < errors.count(); ++i) {
|
||||
|
@ -115,6 +120,8 @@ bool SslErrorDialog::checkFailingCertsKnown(const QList<QSslError> &errors)
|
|||
errorStrings += error.errorString();
|
||||
if (!error.certificate().isNull()) {
|
||||
_unknownCerts.append(error.certificate());
|
||||
} else {
|
||||
additionalErrorStrings.append(error.errorString());
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -146,6 +153,17 @@ bool SslErrorDialog::checkFailingCertsKnown(const QList<QSslError> &errors)
|
|||
msg += QL("<hr/>");
|
||||
}
|
||||
}
|
||||
|
||||
if (!additionalErrorStrings.isEmpty()) {
|
||||
msg += QL("<h4>") + tr("Additional errors:") + QL("</h4>");
|
||||
|
||||
for (const auto &errorString : additionalErrorStrings) {
|
||||
msg += QL("<div id=\"ca_error\">");
|
||||
msg += QL("<p>") + errorString + QL("</p>");
|
||||
msg += QL("</div>");
|
||||
}
|
||||
}
|
||||
|
||||
msg += QL("</div></body></html>");
|
||||
|
||||
auto *doc = new QTextDocument(nullptr);
|
||||
|
|
|
@ -389,6 +389,8 @@ QSslConfiguration Account::getOrCreateSslConfig()
|
|||
sslConfig.setSslOption(QSsl::SslOptionDisableSessionSharing, false);
|
||||
sslConfig.setSslOption(QSsl::SslOptionDisableSessionPersistence, false);
|
||||
|
||||
sslConfig.setOcspStaplingEnabled(Theme::instance()->enableStaplingOCSP());
|
||||
|
||||
return sslConfig;
|
||||
}
|
||||
|
||||
|
|
|
@ -399,6 +399,24 @@ bool Theme::forceOverrideServerUrl() const
|
|||
#endif
|
||||
}
|
||||
|
||||
bool Theme::enableStaplingOCSP() const
|
||||
{
|
||||
#ifdef APPLICATION_OCSP_STAPLING_ENABLED
|
||||
return true;
|
||||
#else
|
||||
return false;
|
||||
#endif
|
||||
}
|
||||
|
||||
bool Theme::forbidBadSSL() const
|
||||
{
|
||||
#ifdef APPLICATION_FORBID_BAD_SSL
|
||||
return true;
|
||||
#else
|
||||
return false;
|
||||
#endif
|
||||
}
|
||||
|
||||
QString Theme::forceConfigAuthType() const
|
||||
{
|
||||
return QString();
|
||||
|
|
|
@ -239,6 +239,20 @@ public:
|
|||
* When true, the respective UI controls will be disabled
|
||||
*/
|
||||
virtual bool forceOverrideServerUrl() const;
|
||||
|
||||
/**
|
||||
* Enable OCSP stapling for SSL handshakes
|
||||
*
|
||||
* When true, peer will be requested for Online Certificate Status Protocol response
|
||||
*/
|
||||
virtual bool enableStaplingOCSP() const;
|
||||
|
||||
/**
|
||||
* Enforce SSL validity
|
||||
*
|
||||
* When true, trusting the untrusted certificate is not allowed
|
||||
*/
|
||||
virtual bool forbidBadSSL() const;
|
||||
|
||||
/**
|
||||
* This is only usefull when previous version had a different overrideServerUrl
|
||||
|
|
Loading…
Reference in a new issue