[X2Go-Commits] x2goclient.git - master (branch) updated: 4.0.1.1-14-g1a4504a
X2Go dev team
git-admin at x2go.org
Tue Oct 29 16:40:18 CET 2013
The branch, master has been updated
via 1a4504aefb145446c9011fb34743aa8535db3b7b (commit)
from 2053e46bfda54ca967f01e637576c65697427952 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1a4504aefb145446c9011fb34743aa8535db3b7b
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Tue Oct 29 16:39:43 2013 +0100
Add option --broker-cacertfile. Allow usage of non-system-wide installed (self-signed) SSL certificate chains for https (SSL) session broker connections. (Fixes: #311).
-----------------------------------------------------------------------
Summary of changes:
debian/changelog | 3 +++
httpbrokerclient.cpp | 30 ++++++++++++++++++++----------
httpbrokerclient.h | 2 ++
man/man1/x2goclient.1 | 3 +++
onmainwindow.cpp | 5 +++++
onmainwindow.h | 1 +
6 files changed, 34 insertions(+), 10 deletions(-)
The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index e069591..78908d6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,9 @@ x2goclient (4.0.1.2-0~x2go2) UNRELEASED; urgency=low
+ Perform sanity checks on data that comes in from X2Go Servers.
Prohibit the execution of arbitrary code via the ~/.bashrc file.
(Fixes: #333).
+ + Add option --broker-cacertfile. Allow usage of non-system-wide
+ installed (self-signed) SSL certificate chains for https (SSL)
+ session broker connections. (Fixes: #311).
* Pull-in packaging changes from Debian.
[ Ricardo Díaz Martín ]
diff --git a/httpbrokerclient.cpp b/httpbrokerclient.cpp
index 6d16b7b..5bf9caf 100644
--- a/httpbrokerclient.cpp
+++ b/httpbrokerclient.cpp
@@ -21,6 +21,7 @@
#include <QTextStream>
#include <QFile>
#include <QDir>
+#include <QSslSocket>
#include "x2gologdebug.h"
#include <QMessageBox>
#include <QDateTime>
@@ -41,10 +42,6 @@ HttpBrokerClient::HttpBrokerClient ( ONMainWindow* wnd, ConfigFile* cfg )
QUrl lurl ( config->brokerurl );
if(lurl.userName().length()>0)
config->brokerUser=lurl.userName();
- /*
- * load self-signed / custome (root-)CA certificate
- * see. http://www.thomaskeller.biz/blog/2009/01/03/ssl-verification-with-qt-and-a-custom-ca-certificate/
- */
if(config->brokerurl.indexOf("ssh://")==0)
{
@@ -58,18 +55,31 @@ HttpBrokerClient::HttpBrokerClient ( ONMainWindow* wnd, ConfigFile* cfg )
else
{
sshBroker=false;
+
http=new QHttp ( this );
- if ( config->brokerurl.indexOf ( "https://" ) ==0 )
+
+ if ( config->brokerurl.indexOf ( "https://" ) ==0 ) {
+ if ((config->brokerCaCertFile.length() >0) && (QFile::exists(config->brokerCaCertFile))) {
+
+ sslSocket = new QSslSocket(this);
+ connect ( sslSocket, SIGNAL ( sslErrors ( const QList<QSslError>& ) ),this,
+ SLOT ( slotSslErrors ( const QList<QSslError>& ) ) );
+ http->setSocket(sslSocket);
+ sslSocket->addCaCertificates(config->brokerCaCertFile, QSsl::Pem);
+ x2goDebug<<"Custom CA certificate file loaded into HTTPS broker client: "<<config->brokerCaCertFile;
+
+ } else {
+ connect ( http, SIGNAL ( sslErrors ( const QList<QSslError>& ) ),this,
+ SLOT ( slotSslErrors ( const QList<QSslError>& ) ) );
+ }
http->setHost ( lurl.host(),QHttp::ConnectionModeHttps,
lurl.port ( 443 ) );
- else
+ } else {
http->setHost ( lurl.host(),QHttp::ConnectionModeHttp,
lurl.port ( 80 ) );
-
+ }
connect ( http,SIGNAL ( requestFinished ( int,bool ) ),this,
SLOT ( slotRequestFinished ( int,bool ) ) );
- connect ( http,SIGNAL ( sslErrors ( const QList<QSslError>& ) ),this,
- SLOT ( slotSslErrors ( const QList<QSslError>& ) ) );
}
}
@@ -520,7 +530,7 @@ void HttpBrokerClient::slotSslErrors ( const QList<QSslError> & errors )
QSslCertificate cert;
for ( int i=0; i<errors.count(); ++i )
{
- x2goDebug<<"sslError ,code:"<<errors[i].error() <<":";
+ x2goDebug<<"sslError, code:"<<errors[i].error() <<":";
err<<errors[i].errorString();
if ( !errors[i].certificate().isNull() )
cert=errors[i].certificate();
diff --git a/httpbrokerclient.h b/httpbrokerclient.h
index 78218dc..fc4115d 100644
--- a/httpbrokerclient.h
+++ b/httpbrokerclient.h
@@ -22,6 +22,7 @@
#include <QBuffer>
#include <QObject>
#include <QDateTime>
+#include <QSslSocket>
#include "sshmasterconnection.h"
/**
@author Oleksandr Shneyder <oleksandr.shneyder at obviously-nice.de>
@@ -43,6 +44,7 @@ private:
QBuffer httpCmdAnswer;
QBuffer httpSessionAnswer;
QHttp* http;
+ QSslSocket* sslSocket;
int sessionsRequest;
int selSessRequest;
int chPassRequest;
diff --git a/man/man1/x2goclient.1 b/man/man1/x2goclient.1
index 9eb69ae..8f77f87 100644
--- a/man/man1/x2goclient.1
+++ b/man/man1/x2goclient.1
@@ -106,6 +106,9 @@ In case you want to retrieve \fBx2goclient\fR session profiles from an X2Go Sess
\*(T<\fB\-\-broker-url=<URL>\fR\*(T>
Specify the <URL> of the X2Go Session Broker. X2Go Client can access http:// and ssh:// style URLs.
.TP
+\*(T<\fB\-\-broker-cacertfile=</path/to/cafile.crt>\fR\*(T>
+Specify a special (self-signed) root-CACert file that shall get used when connecting to an X2Go Session Broker via https (SSL).
+.TP
\*(T<\fB\-\-broker-noauth\fR\*(T>
The X2Go Session Broker is accessible without authentication.
.TP
diff --git a/onmainwindow.cpp b/onmainwindow.cpp
index 3036ecd..d0a3108 100644
--- a/onmainwindow.cpp
+++ b/onmainwindow.cpp
@@ -6597,6 +6597,11 @@ bool ONMainWindow::parseParameter ( QString param )
config.brokerurl=value;
return true;
}
+ if ( setting == "--broker-cacertfile")
+ {
+ config.brokerCaCertFile=value;
+ return true;
+ }
if ( setting == "--broker-ssh-key")
{
config.brokerSshKey=value;
diff --git a/onmainwindow.h b/onmainwindow.h
index 70504d2..7e1d02c 100644
--- a/onmainwindow.h
+++ b/onmainwindow.h
@@ -168,6 +168,7 @@ struct ConfigFile
bool brokerAutologin;
bool brokerAutologoff;
QString brokerSshKey;
+ QString brokerCaCertFile;
QString iniFile;
QString server;
QString serverIp;//Can be different from server (use for loadballancing)
hooks/post-receive
--
x2goclient.git (X2Go Client)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goclient.git" (X2Go Client).
More information about the x2go-commits
mailing list