mirror/sqlitebrowser
1
0
Fork 0
mirror of https://github.com/sqlitebrowser/sqlitebrowser.git synced 2026-01-20 02:50:46 -06:00
Code Issues Packages Projects Releases Wiki Activity

dbhub: Ignore errors about self signed certificates in a chain

Browse Source 
Previously we'd only ignore errors about a single self signed
certificate but apparently it's an entirely different matter to Qt or
OpenSSL if we're talking about a self signed certificate in a
certificate chain.
This commit is contained in:
Martin Kleusberg
2016-10-26 23:54:41 +02:00
parent e12022432f
commit 19d45bfc54
1 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/RemoteDatabase.cpp
View File

@@ -96,9 +96,20 @@ void RemoteDatabase::fetchDatabase(const QString& url)
void RemoteDatabase::gotEncrypted(QNetworkReply* reply)
{
// Verify the server's certificate using our CA certs. If it's not good, abort the reply here
// Verify the server's certificate using our CA certs
auto verificationErrors = reply->sslConfiguration().peerCertificate().verify(m_sslConfiguration.caCertificates());
if(!(verificationErrors.size() == 0 || (verificationErrors.size() == 1 && verificationErrors.at(0).error() == QSslError::SelfSignedCertificate)))
bool good = false;
if(verificationErrors.size() == 0)
{
good = true;
} else if(verificationErrors.size() == 1) {
// Ignore any self signed certificate errors
if(verificationErrors.at(0).error() == QSslError::SelfSignedCertificate || verificationErrors.at(0).error() == QSslError::SelfSignedCertificateInChain)
good = true;
}
// If the server certificate didn't turn out to be good, abort the reply here
if(!good)
reply->abort();
}