murmur/4414.patch

From b47e309f3113a3c147070d42e27a2d96ecffb6b8 Mon Sep 17 00:00:00 2001
From: MadMaurice <madmaurice@zom.bi>
Date: Tue, 11 Aug 2020 22:43:02 +0200
Subject: [PATCH] FIX(certificate): Retrieve QSslConfiguration after setting CA

Commit bdb12c6 added a regression for servers built with QT older than version
5.15. After this commit these servers do not serve intermediate certificates
anymore.  This happens because the QSslConfiguration is retrieved before adding
the CA certificates to the socket and is reinserted into the socket again after
adding the CA certificates, thereby overwriting the CA certificates added in
between.

This commit fixes that by retrieving the QSslConfiguration just after setting
the CA certificates in case an older QT version than 5.15 is used.
---
 src/murmur/Server.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp
index 22a150b621..9b76709bf9 100644
--- a/src/murmur/Server.cpp
+++ b/src/murmur/Server.cpp
@@ -1373,8 +1373,9 @@ void Server::newClient() {
 		sock->setPrivateKey(qskKey);
 		sock->setLocalCertificate(qscCert);
 
-		QSslConfiguration config = sock->sslConfiguration();
+		QSslConfiguration config;
 #if QT_VERSION >= QT_VERSION_CHECK(5,15,0)
+		config = sock->sslConfiguration();
 		// Qt 5.15 introduced QSslConfiguration::addCaCertificate(s) that should be preferred over the functions in QSslSocket
 
 		// Treat the leaf certificate as a root.
@@ -1406,6 +1407,9 @@ void Server::newClient() {
 		// Add intermediate CAs found in the PEM
 		// bundle used for this server's certificate.
 		sock->addCaCertificates(qlIntermediates);
+
+		// Must not get config from socket before setting CA certificates
+		config = sock->sslConfiguration();
 #endif
 
 		config.setCiphers(Meta::mp.qlCiphers);
use official pull request patch 2020-08-11 23:09:18 +02:00			`From b47e309f3113a3c147070d42e27a2d96ecffb6b8 Mon Sep 17 00:00:00 2001`
			`From: MadMaurice <madmaurice@zom.bi>`
			`Date: Tue, 11 Aug 2020 22:43:02 +0200`
			`Subject: [PATCH] FIX(certificate): Retrieve QSslConfiguration after setting CA`

			`Commit bdb12c6 added a regression for servers built with QT older than version`
			`5.15. After this commit these servers do not serve intermediate certificates`
			`anymore. This happens because the QSslConfiguration is retrieved before adding`
			`the CA certificates to the socket and is reinserted into the socket again after`
			`adding the CA certificates, thereby overwriting the CA certificates added in`
			`between.`

			`This commit fixes that by retrieving the QSslConfiguration just after setting`
			`the CA certificates in case an older QT version than 5.15 is used.`
			`---`
			`src/murmur/Server.cpp \| 6 +++++-`
			`1 file changed, 5 insertions(+), 1 deletion(-)`

			`diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp`
			`index 22a150b621..9b76709bf9 100644`
			`--- a/src/murmur/Server.cpp`
			`+++ b/src/murmur/Server.cpp`
			`@@ -1373,8 +1373,9 @@ void Server::newClient() {`
			`sock->setPrivateKey(qskKey);`
			`sock->setLocalCertificate(qscCert);`

			`- QSslConfiguration config = sock->sslConfiguration();`
			`+ QSslConfiguration config;`
			`#if QT_VERSION >= QT_VERSION_CHECK(5,15,0)`
			`+ config = sock->sslConfiguration();`
			`// Qt 5.15 introduced QSslConfiguration::addCaCertificate(s) that should be preferred over the functions in QSslSocket`

			`// Treat the leaf certificate as a root.`
			`@@ -1406,6 +1407,9 @@ void Server::newClient() {`
			`// Add intermediate CAs found in the PEM`
			`// bundle used for this server's certificate.`
			`sock->addCaCertificates(qlIntermediates);`
			`+`
			`+ // Must not get config from socket before setting CA certificates`
			`+ config = sock->sslConfiguration();`
			`#endif`

			`config.setCiphers(Meta::mp.qlCiphers);`