From c0c9350c43a206fd37c77f67c65197bbdc386f76 Mon Sep 17 00:00:00 2001 From: Andrea Diamantini Date: Wed, 20 Jul 2011 18:46:52 +0200 Subject: Improve SSL management Hopefully addressed the problems against our (new) SSL code. CCMAIL:timb@nth-dimension.org.uk --- src/sslinfodialog.cpp | 33 +++++++++++++++++++++++++++------ src/sslinfodialog.h | 2 +- src/urlbar/sslwidget.cpp | 16 ++++++++++------ src/webpage.cpp | 12 ++++++++++++ 4 files changed, 50 insertions(+), 13 deletions(-) diff --git a/src/sslinfodialog.cpp b/src/sslinfodialog.cpp index 56cd0858..97aafd81 100644 --- a/src/sslinfodialog.cpp +++ b/src/sslinfodialog.cpp @@ -28,6 +28,7 @@ #include "sslinfodialog.h" #include "sslinfodialog.moc" + #include #include @@ -37,12 +38,12 @@ #include #include #include -#include #include #include #include +#include SslInfoDialog::SslInfoDialog(const QString &host, const WebSslInfo &info, QWidget *parent) @@ -87,20 +88,39 @@ void SslInfoDialog::showCertificateInfo(QSslCertificate subjectCert, const QStri c += QL1S(""); ui.certInfoLabel->setText(c); + // WARNING (Security Issue): set these labels to use PlainText! ui.subjectCN->setText(subjectCert.subjectInfo(QSslCertificate::CommonName)); + ui.subjectCN->setTextFormat(Qt::PlainText); + ui.subjectO->setText(subjectCert.subjectInfo(QSslCertificate::Organization)); + ui.subjectO->setTextFormat(Qt::PlainText); + ui.subjectOU->setText(subjectCert.subjectInfo(QSslCertificate::OrganizationalUnitName)); + ui.subjectOU->setTextFormat(Qt::PlainText); + ui.subjectSN->setText(subjectCert.serialNumber()); + ui.subjectSN->setTextFormat(Qt::PlainText); ui.issuerCN->setText(subjectCert.issuerInfo(QSslCertificate::CommonName)); + ui.issuerCN->setTextFormat(Qt::PlainText); + ui.issuerO->setText(subjectCert.issuerInfo(QSslCertificate::Organization)); + ui.issuerO->setTextFormat(Qt::PlainText); + ui.issuerOU->setText(subjectCert.issuerInfo(QSslCertificate::OrganizationalUnitName)); + ui.issuerOU->setTextFormat(Qt::PlainText); ui.issuedOn->setText(subjectCert.effectiveDate().date().toString(Qt::SystemLocaleShortDate)); + ui.issuedOn->setTextFormat(Qt::PlainText); + ui.expiresOn->setText(subjectCert.expiryDate().date().toString(Qt::SystemLocaleShortDate)); + ui.expiresOn->setTextFormat(Qt::PlainText); + ui.md5->setText(subjectCert.digest(QCryptographicHash::Md5).toHex()); - ui.sha1->setText(subjectCert.digest(QCryptographicHash::Sha1).toHex()); + ui.md5->setTextFormat(Qt::PlainText); + ui.sha1->setText(subjectCert.digest(QCryptographicHash::Sha1).toHex()); + ui.sha1->setTextFormat(Qt::PlainText); } @@ -109,7 +129,9 @@ void SslInfoDialog::displayFromChain(int i) QList caList = m_info.certificateChain(); QSslCertificate cert = caList.at(i); - if(cert.isValid()) + QStringList errors = SslInfoDialog::errorsFromString(m_info.certificateErrors()).at(i); + + if(cert.isValid() && errors.isEmpty()) { QStringList certInfo; certInfo << i18n("The Certificate is Valid!"); @@ -117,7 +139,6 @@ void SslInfoDialog::displayFromChain(int i) } else { - QStringList errors = SslInfoDialog::errorsFromString(m_info.certificateErrors()).at(i); errors.prepend(i18n("The certificate for this site is NOT valid for the following reasons:")); showCertificateInfo(cert, errors); } @@ -155,10 +176,10 @@ QList SslInfoDialog::errorsFromString(const QString &s) Q_FOREACH(const QString & s, sl) { bool didConvert; - QSslError::SslError error = static_cast(s.trimmed().toInt(&didConvert)); + KSslError::Error error = static_cast(s.trimmed().toInt(&didConvert)); if(didConvert) { - errors << QSslError(error).errorString(); + errors << KSslError(error).errorString(); } } resultList << errors; diff --git a/src/sslinfodialog.h b/src/sslinfodialog.h index b40ce4f0..3544c62c 100644 --- a/src/sslinfodialog.h +++ b/src/sslinfodialog.h @@ -56,7 +56,7 @@ public: explicit SslInfoDialog(const QString &host, const WebSslInfo &info, QWidget *parent = 0); static QList errorsFromString(const QString &s); - + private Q_SLOTS: void displayFromChain(int); void exportCert(); diff --git a/src/urlbar/sslwidget.cpp b/src/urlbar/sslwidget.cpp index fd0b97b8..dec7033c 100644 --- a/src/urlbar/sslwidget.cpp +++ b/src/urlbar/sslwidget.cpp @@ -48,8 +48,9 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent) setAttribute(Qt::WA_DeleteOnClose); setMinimumWidth(400); - QSslCertificate cert = info.certificateChain().first(); - + QSslCertificate cert = m_info.certificateChain().first(); + QStringList errorList = SslInfoDialog::errorsFromString(m_info.certificateErrors()).first(); + QGridLayout *layout = new QGridLayout(this); QLabel *label; @@ -75,10 +76,11 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent) } else { - if(cert.isValid()) + if(cert.isValid() && errorList.isEmpty()) { label = new QLabel(this); label->setWordWrap(true); + label->setTextFormat(Qt::PlainText); label->setText(i18n("This certificate for this site is valid and has been verified by:\n%1.", cert.issuerInfo(QSslCertificate::CommonName))); @@ -134,7 +136,7 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent) { label = new QLabel(this); label->setWordWrap(true); - label->setText(i18n("Your connection to %1 is NOT encrypted!!\n\n", m_url.host())); + label->setText(i18n("Your connection to %1 is NOT encrypted!!\n", m_url.host())); layout->addWidget(label, rows++ , 1); imageLabel->setPixmap(KIcon("security-low").pixmap(32)); @@ -143,7 +145,8 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent) { label = new QLabel(this); label->setWordWrap(true); - label->setText(i18n("Your connection to %1 is encrypted with %2-bit encryption.\n\n", m_url.host(), m_info.supportedChiperBits())); + label->setTextFormat(Qt::PlainText); + label->setText(i18n("Your connection to %1 is encrypted with %2-bit encryption.\n", m_url.host(), m_info.supportedChiperBits())); layout->addWidget(label, rows++, 1); int vers = cert.version().toInt(); @@ -170,12 +173,13 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent) label = new QLabel(this); label->setWordWrap(true); - label->setText(i18n("The connection uses %1.\n\n", sslVersion)); + label->setText(i18n("The connection uses %1.\n", sslVersion)); layout->addWidget(label, rows++, 1); const QStringList cipherInfo = m_info.ciphers().split('\n', QString::SkipEmptyParts); label = new QLabel(this); label->setWordWrap(true); + label->setTextFormat(Qt::PlainText); label->setText( i18n("The connection is encrypted using %1 at %2 bits with %3 for message authentication and %4 as the key exchange mechanism.\n\n", cipherInfo[0], diff --git a/src/webpage.cpp b/src/webpage.cpp index 93e41944..0c9b436d 100644 --- a/src/webpage.cpp +++ b/src/webpage.cpp @@ -50,6 +50,7 @@ #include "webpluginfactory.h" #include "webtab.h" #include "sslwidget.h" +#include "sslinfodialog.h" // KDE Includes #include @@ -755,9 +756,20 @@ bool WebPage::hasSslValid() { bool v = true; QList certList = _sslInfo.certificateChain(); + + if (certList.isEmpty()) + return false; + Q_FOREACH(const QSslCertificate & cert, certList) { v &= cert.isValid(); } + + QList errorsList = SslInfoDialog::errorsFromString(_sslInfo.certificateErrors()); + Q_FOREACH(const QStringList & err, errorsList) + { + v &= err.isEmpty(); + } + return v; } -- cgit v1.2.1