summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrea Diamantini <adjam7@gmail.com>2011-07-20 18:46:52 +0200
committerAndrea Diamantini <adjam7@gmail.com>2011-07-20 18:46:52 +0200
commitc0c9350c43a206fd37c77f67c65197bbdc386f76 (patch)
tree4b44383d5ed01c582564d2c4ea78a1e97248fa7d
parentRight astyle options (diff)
downloadrekonq-c0c9350c43a206fd37c77f67c65197bbdc386f76.tar.xz
Improve SSL management
Hopefully addressed the problems against our (new) SSL code. CCMAIL:timb@nth-dimension.org.uk
-rw-r--r--src/sslinfodialog.cpp33
-rw-r--r--src/sslinfodialog.h2
-rw-r--r--src/urlbar/sslwidget.cpp16
-rw-r--r--src/webpage.cpp12
4 files changed, 50 insertions, 13 deletions
diff --git a/src/sslinfodialog.cpp b/src/sslinfodialog.cpp
index 56cd0858..97aafd81 100644
--- a/src/sslinfodialog.cpp
+++ b/src/sslinfodialog.cpp
@@ -28,6 +28,7 @@
#include "sslinfodialog.h"
#include "sslinfodialog.moc"
+
#include <KFileDialog>
#include <QtGui/QFrame>
@@ -37,12 +38,12 @@
#include <QtGui/QLayout>
#include <QtCore/Q_PID>
#include <QtNetwork/QSslCertificate>
-#include <QtNetwork/QSslError>
#include <QFormLayout>
#include <kglobal.h>
#include <klocale.h>
+#include <ktcpsocket.h>
SslInfoDialog::SslInfoDialog(const QString &host, const WebSslInfo &info, QWidget *parent)
@@ -87,20 +88,39 @@ void SslInfoDialog::showCertificateInfo(QSslCertificate subjectCert, const QStri
c += QL1S("</ul>");
ui.certInfoLabel->setText(c);
+ // WARNING (Security Issue): set these labels to use PlainText!
ui.subjectCN->setText(subjectCert.subjectInfo(QSslCertificate::CommonName));
+ ui.subjectCN->setTextFormat(Qt::PlainText);
+
ui.subjectO->setText(subjectCert.subjectInfo(QSslCertificate::Organization));
+ ui.subjectO->setTextFormat(Qt::PlainText);
+
ui.subjectOU->setText(subjectCert.subjectInfo(QSslCertificate::OrganizationalUnitName));
+ ui.subjectOU->setTextFormat(Qt::PlainText);
+
ui.subjectSN->setText(subjectCert.serialNumber());
+ ui.subjectSN->setTextFormat(Qt::PlainText);
ui.issuerCN->setText(subjectCert.issuerInfo(QSslCertificate::CommonName));
+ ui.issuerCN->setTextFormat(Qt::PlainText);
+
ui.issuerO->setText(subjectCert.issuerInfo(QSslCertificate::Organization));
+ ui.issuerO->setTextFormat(Qt::PlainText);
+
ui.issuerOU->setText(subjectCert.issuerInfo(QSslCertificate::OrganizationalUnitName));
+ ui.issuerOU->setTextFormat(Qt::PlainText);
ui.issuedOn->setText(subjectCert.effectiveDate().date().toString(Qt::SystemLocaleShortDate));
+ ui.issuedOn->setTextFormat(Qt::PlainText);
+
ui.expiresOn->setText(subjectCert.expiryDate().date().toString(Qt::SystemLocaleShortDate));
+ ui.expiresOn->setTextFormat(Qt::PlainText);
+
ui.md5->setText(subjectCert.digest(QCryptographicHash::Md5).toHex());
- ui.sha1->setText(subjectCert.digest(QCryptographicHash::Sha1).toHex());
+ ui.md5->setTextFormat(Qt::PlainText);
+ ui.sha1->setText(subjectCert.digest(QCryptographicHash::Sha1).toHex());
+ ui.sha1->setTextFormat(Qt::PlainText);
}
@@ -109,7 +129,9 @@ void SslInfoDialog::displayFromChain(int i)
QList<QSslCertificate> caList = m_info.certificateChain();
QSslCertificate cert = caList.at(i);
- if(cert.isValid())
+ QStringList errors = SslInfoDialog::errorsFromString(m_info.certificateErrors()).at(i);
+
+ if(cert.isValid() && errors.isEmpty())
{
QStringList certInfo;
certInfo << i18n("The Certificate is Valid!");
@@ -117,7 +139,6 @@ void SslInfoDialog::displayFromChain(int i)
}
else
{
- QStringList errors = SslInfoDialog::errorsFromString(m_info.certificateErrors()).at(i);
errors.prepend(i18n("The certificate for this site is NOT valid for the following reasons:"));
showCertificateInfo(cert, errors);
}
@@ -155,10 +176,10 @@ QList<QStringList> SslInfoDialog::errorsFromString(const QString &s)
Q_FOREACH(const QString & s, sl)
{
bool didConvert;
- QSslError::SslError error = static_cast<QSslError::SslError>(s.trimmed().toInt(&didConvert));
+ KSslError::Error error = static_cast<KSslError::Error>(s.trimmed().toInt(&didConvert));
if(didConvert)
{
- errors << QSslError(error).errorString();
+ errors << KSslError(error).errorString();
}
}
resultList << errors;
diff --git a/src/sslinfodialog.h b/src/sslinfodialog.h
index b40ce4f0..3544c62c 100644
--- a/src/sslinfodialog.h
+++ b/src/sslinfodialog.h
@@ -56,7 +56,7 @@ public:
explicit SslInfoDialog(const QString &host, const WebSslInfo &info, QWidget *parent = 0);
static QList<QStringList> errorsFromString(const QString &s);
-
+
private Q_SLOTS:
void displayFromChain(int);
void exportCert();
diff --git a/src/urlbar/sslwidget.cpp b/src/urlbar/sslwidget.cpp
index fd0b97b8..dec7033c 100644
--- a/src/urlbar/sslwidget.cpp
+++ b/src/urlbar/sslwidget.cpp
@@ -48,8 +48,9 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent)
setAttribute(Qt::WA_DeleteOnClose);
setMinimumWidth(400);
- QSslCertificate cert = info.certificateChain().first();
-
+ QSslCertificate cert = m_info.certificateChain().first();
+ QStringList errorList = SslInfoDialog::errorsFromString(m_info.certificateErrors()).first();
+
QGridLayout *layout = new QGridLayout(this);
QLabel *label;
@@ -75,10 +76,11 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent)
}
else
{
- if(cert.isValid())
+ if(cert.isValid() && errorList.isEmpty())
{
label = new QLabel(this);
label->setWordWrap(true);
+ label->setTextFormat(Qt::PlainText);
label->setText(i18n("This certificate for this site is valid and has been verified by:\n%1.",
cert.issuerInfo(QSslCertificate::CommonName)));
@@ -134,7 +136,7 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent)
{
label = new QLabel(this);
label->setWordWrap(true);
- label->setText(i18n("Your connection to %1 is NOT encrypted!!\n\n", m_url.host()));
+ label->setText(i18n("Your connection to %1 is NOT encrypted!!\n", m_url.host()));
layout->addWidget(label, rows++ , 1);
imageLabel->setPixmap(KIcon("security-low").pixmap(32));
@@ -143,7 +145,8 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent)
{
label = new QLabel(this);
label->setWordWrap(true);
- label->setText(i18n("Your connection to %1 is encrypted with %2-bit encryption.\n\n", m_url.host(), m_info.supportedChiperBits()));
+ label->setTextFormat(Qt::PlainText);
+ label->setText(i18n("Your connection to %1 is encrypted with %2-bit encryption.\n", m_url.host(), m_info.supportedChiperBits()));
layout->addWidget(label, rows++, 1);
int vers = cert.version().toInt();
@@ -170,12 +173,13 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent)
label = new QLabel(this);
label->setWordWrap(true);
- label->setText(i18n("The connection uses %1.\n\n", sslVersion));
+ label->setText(i18n("The connection uses %1.\n", sslVersion));
layout->addWidget(label, rows++, 1);
const QStringList cipherInfo = m_info.ciphers().split('\n', QString::SkipEmptyParts);
label = new QLabel(this);
label->setWordWrap(true);
+ label->setTextFormat(Qt::PlainText);
label->setText(
i18n("The connection is encrypted using %1 at %2 bits with %3 for message authentication and %4 as the key exchange mechanism.\n\n",
cipherInfo[0],
diff --git a/src/webpage.cpp b/src/webpage.cpp
index 93e41944..0c9b436d 100644
--- a/src/webpage.cpp
+++ b/src/webpage.cpp
@@ -50,6 +50,7 @@
#include "webpluginfactory.h"
#include "webtab.h"
#include "sslwidget.h"
+#include "sslinfodialog.h"
// KDE Includes
#include <KIO/Job>
@@ -755,9 +756,20 @@ bool WebPage::hasSslValid()
{
bool v = true;
QList<QSslCertificate> certList = _sslInfo.certificateChain();
+
+ if (certList.isEmpty())
+ return false;
+
Q_FOREACH(const QSslCertificate & cert, certList)
{
v &= cert.isValid();
}
+
+ QList<QStringList> errorsList = SslInfoDialog::errorsFromString(_sslInfo.certificateErrors());
+ Q_FOREACH(const QStringList & err, errorsList)
+ {
+ v &= err.isEmpty();
+ }
+
return v;
}