try to set CA to Context, but still does not work; refs #43

13 years ago · 7ea7d5d845
parent d88d12cc57
commit 7ea7d5d845
9 changed files with 28 additions and 17 deletions
--- a/swisssurfer/COPYING
+++ b/swisssurfer/COPYING
@ -1 +1 @@
-/usr/share/automake-1.11/COPYING
+/opt/local/share/automake-1.11/COPYING
--- a/swisssurfer/INSTALL
+++ b/swisssurfer/INSTALL
@ -1 +1 @@
-/usr/share/automake-1.11/INSTALL
+/opt/local/share/automake-1.11/INSTALL
--- a/swisssurfer/src/downloadmanager.hxx
+++ b/swisssurfer/src/downloadmanager.hxx
@ -180,6 +180,7 @@ class DownloadManager: public QObject {
           <<"OU="<<err->certificate().subjectInfo(QSslCertificate::OrganizationalUnitName)
           <<"C="<<err->certificate().subjectInfo(QSslCertificate::CountryName)
           <<"ST="<<err->certificate().subjectInfo(QSslCertificate::StateOrProvinceName);
 	LOG<<"Certificate:\n"<<err->certificate().toPem();
      }
    }
--- a/swisssurfer/src/main.cxx
+++ b/swisssurfer/src/main.cxx
@ -186,7 +186,7 @@ int main(int argv, char** argc) try {
  QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
  QList<QSslCertificate> certs(sslConfig.caCertificates());
  certs.push_back(QSslCertificate(SWISSSIGN_GOLD_CA_G2));
-  certs.push_back(QSslCertificate(SWISSSIGN_SERVER_GOLD_CA_2008_G2));
+  //certs.push_back(QSslCertificate(SWISSSIGN_SERVER_GOLD_CA_2008_G2));
  certs.push_back(QSslCertificate(SWISSSIGN_SILVER_CA_G2));
  certs.push_back(QSslCertificate(SWISSSIGN_PLATINUM_CA_G2));
  sslConfig.setCaCertificates(certs);
@ -326,6 +326,10 @@ int main(int argv, char** argc) try {
    }
  sslConfig.setPeerVerifyMode(QSslSocket::VerifyPeer);
  QSslConfiguration::setDefaultConfiguration(sslConfig);
  assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_GOLD_CA_G2));
  //assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_SERVER_GOLD_CA_2008_G2))));
  assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_SILVER_CA_G2));
  assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_PLATINUM_CA_G2));
  //............................................................................
  Browser browser(actlib, urls, settings.get(), mimetypes, silent, login);
  browser.show();
--- a/swisssurfer/src/smartcardauth.hxx
+++ b/swisssurfer/src/smartcardauth.hxx
@ -15,6 +15,8 @@
 #include <memory>
 extern const QByteArray SWISSSIGN_GOLD_CA_G2;
 class CryptokiEngine: public QObject, public openssl::Engine {
    Q_OBJECT;
@ -117,7 +119,11 @@ class SmartCardAuth: public QObject {
    void extendedContextInitialization(ssl_ctx_st* ctx, QSslSocket* socket) {
      qDebug()<<__PRETTY_FUNCTION__;
-      SSL_CTX_set_client_cert_cb(ctx, SmartCardAuth::clientCert);
+      for (std::list<std::string>::iterator cert(_cacerts.begin()); cert!=_cacerts.end(); ++cert) {
 	SSL_CTX_add_extra_chain_cert(ctx, openssl::X509(*cert).lowLevelCopy());
 	qDebug()<<"Added:\n"<<QSslCertificate(QByteArray(cert->data(), cert->size()), QSsl::Der).toPem();
      }
      SSL_CTX_set_client_cert_cb(ctx, &SmartCardAuth::clientCert);
    }
  private:
@ -151,10 +157,10 @@ class SmartCardAuth: public QObject {
      QMutexLocker lock(&_mutex);
      if (!e() || (!force && *e())) return; // no smartcard or already logged in
      try {
 	_cacerts.clear();
        QList<CertInfo> authcerts;
        QList<CertInfo> allcerts;
        QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
        QList<QSslCertificate> cacerts(sslConfig.caCertificates());
        _slots = e()->cryptoki().slotList();
        for (cryptoki::SlotList::iterator slot(_slots.begin());
             slot!=_slots.end(); ++slot) {
@ -176,9 +182,7 @@ class SmartCardAuth: public QObject {
            std::string data(cert->attribute(CKA_VALUE).value);
            if (!keys.size()) { // add CA-certificate
              OPENSSL_LOG("**** add to CA-certificates");
-              cacerts.push_back(QSslCertificate
+              _cacerts.push_back(data);
                                (QByteArray(data.data(), data.size()),
                                 QSsl::Der));
            } else {
              OPENSSL_LOG("**** user cert, check for authentictaion");
              if (label.value.find("auth")==0 ||
@ -212,7 +216,6 @@ class SmartCardAuth: public QObject {
                e()->cert(keys[0],
                          std::auto_ptr<openssl::X509>
                          (new openssl::X509(c.data)));
                sslConfig.setCaCertificates(cacerts);
                break;
              }
            } catch (std::exception& x) {
@ -223,6 +226,8 @@ class SmartCardAuth: public QObject {
                                                    " please try again."));
            }
        }
 	QByteArray ca(QSslCertificate(SWISSSIGN_GOLD_CA_G2, QSsl::Pem).toDer());
 	_cacerts.push_back(std::string(ca.data(), ca.size()));
      } catch (...) {
        throw;
      }
@ -246,6 +251,7 @@ class SmartCardAuth: public QObject {
    cryptoki::SlotList _slots;
    std::auto_ptr<cryptoki::Session> _session;
    QMutex _mutex;
    std::list<std::string> _cacerts;
 };
--- a/swisssurfer/src/swisssurfer_de.ts
+++ b/swisssurfer/src/swisssurfer_de.ts
@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
 <context>
    <name>QMessageBox</name>
    <message>
-        <location filename="smartcardauth.hxx" line="221"/>
+        <location filename="smartcardauth.hxx" line="224"/>
        <source>Wrong PIN</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
-        <location filename="smartcardauth.hxx" line="222"/>
+        <location filename="smartcardauth.hxx" line="225"/>
        <source>Authentication failed, please try again.</source>
        <translation type="unfinished"></translation>
    </message>
--- a/swisssurfer/src/swisssurfer_en.ts
+++ b/swisssurfer/src/swisssurfer_en.ts
@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
 <context>
    <name>QMessageBox</name>
    <message>
-        <location filename="smartcardauth.hxx" line="221"/>
+        <location filename="smartcardauth.hxx" line="224"/>
        <source>Wrong PIN</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
-        <location filename="smartcardauth.hxx" line="222"/>
+        <location filename="smartcardauth.hxx" line="225"/>
        <source>Authentication failed, please try again.</source>
        <translation type="unfinished"></translation>
    </message>
--- a/swisssurfer/src/swisssurfer_fr.ts
+++ b/swisssurfer/src/swisssurfer_fr.ts
@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
 <context>
    <name>QMessageBox</name>
    <message>
-        <location filename="smartcardauth.hxx" line="221"/>
+        <location filename="smartcardauth.hxx" line="224"/>
        <source>Wrong PIN</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
-        <location filename="smartcardauth.hxx" line="222"/>
+        <location filename="smartcardauth.hxx" line="225"/>
        <source>Authentication failed, please try again.</source>
        <translation type="unfinished"></translation>
    </message>
--- a/swisssurfer/src/swisssurfer_it.ts
+++ b/swisssurfer/src/swisssurfer_it.ts
@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
 <context>
    <name>QMessageBox</name>
    <message>
-        <location filename="smartcardauth.hxx" line="221"/>
+        <location filename="smartcardauth.hxx" line="224"/>
        <source>Wrong PIN</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
-        <location filename="smartcardauth.hxx" line="222"/>
+        <location filename="smartcardauth.hxx" line="225"/>
        <source>Authentication failed, please try again.</source>
        <translation type="unfinished"></translation>
    </message>
		`@ -1 +1 @@`
			`/usr/share/automake-1.11/COPYING`				`/opt/local/share/automake-1.11/COPYING`
		`@ -1 +1 @@`
			`/usr/share/automake-1.11/INSTALL`				`/opt/local/share/automake-1.11/INSTALL`