Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/kde-misc/kdeconnect/files/kdeconnect-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch
blob: cafeb9501cd89ebf63c36cd4e278f6d6b9c0660b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

From f183b5447bad47655c21af87214579f03bf3a163 Mon Sep 17 00:00:00 2001
From: Albert Vaca Cintora <albertvaka@gmail.com>
Date: Thu, 24 Sep 2020 16:59:22 +0200
Subject: [PATCH 01/10] Do not ignore SSL errors, except for self-signed cert
 errors.

Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this.
---
 core/backends/lan/lanlinkprovider.cpp | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp
index d9a7d8fa..fc005cee 100644
--- a/core/backends/lan/lanlinkprovider.cpp
+++ b/core/backends/lan/lanlinkprovider.cpp
@@ -297,9 +297,7 @@ void LanLinkProvider::tcpSocketConnected()
 
             connect(socket, &QSslSocket::encrypted, this, &LanLinkProvider::encrypted);
 
-            if (isDeviceTrusted) {
-                connect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors);
-            }
+            connect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors);
 
             socket->startServerEncryption();
 
@@ -326,8 +324,6 @@ void LanLinkProvider::encrypted()
 
     QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
     if (!socket) return;
-    // TODO delete me?
-    disconnect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors);
 
     Q_ASSERT(socket->mode() != QSslSocket::UnencryptedMode);
     LanDeviceLink::ConnectionStarted connectionOrigin = (socket->mode() == QSslSocket::SslClientMode)? LanDeviceLink::Locally : LanDeviceLink::Remotely;
@@ -346,14 +342,20 @@ void LanLinkProvider::sslErrors(const QList<QSslError>& errors)
     QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
     if (!socket) return;
 
-    qCDebug(KDECONNECT_CORE) << "Failing due to " << errors;
-    Device* device = Daemon::instance()->getDevice(socket->peerVerifyName());
-    if (device) {
-        device->unpair();
+    bool fatal = false;
+    for (const QSslError& error : errors) {
+        if (error.error() != QSslError::SelfSignedCertificate) {
+            qCCritical(KDECONNECT_CORE) << "Disconnecting due to fatal SSL Error: " << error;
+            fatal = true;
+        } else {
+            qCDebug(KDECONNECT_CORE) << "Ignoring self-signed cert error";
+        }
     }
 
-    delete m_receivedIdentityPackets.take(socket).np;
-    // Socket disconnects itself on ssl error and will be deleted by deleteLater slot, no need to delete manually
+    if (fatal) {
+        socket->disconnectFromHost();
+        delete m_receivedIdentityPackets.take(socket).np;
+    }
 }
 
 //I'm the new device and this is the answer to my UDP identity packet (no data received yet). They are connecting to us through TCP, and they should send an identity.
-- 
2.28.0