use official pull request patch

This commit is contained in:
Hive 2020-08-11 23:09:18 +02:00
parent 4fc76b950b
commit 7774a1eb63
3 changed files with 45 additions and 42 deletions

View file

@ -1,40 +0,0 @@
diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp
index 22a150b6..fa77d96f 100644
--- a/src/murmur/Server.cpp
+++ b/src/murmur/Server.cpp
@@ -1373,25 +1373,6 @@ void Server::newClient() {
sock->setPrivateKey(qskKey);
sock->setLocalCertificate(qscCert);
- QSslConfiguration config = sock->sslConfiguration();
-#if QT_VERSION >= QT_VERSION_CHECK(5,15,0)
- // Qt 5.15 introduced QSslConfiguration::addCaCertificate(s) that should be preferred over the functions in QSslSocket
-
- // Treat the leaf certificate as a root.
- // This shouldn't strictly be necessary,
- // and is a left-over from early on.
- // Perhaps it is necessary for self-signed
- // certs?
- config.addCaCertificate(qscCert);
-
- // Add CA certificates specified via
- // murmur.ini's sslCA option.
- config.addCaCertificates(Meta::mp.qlCA);
-
- // Add intermediate CAs found in the PEM
- // bundle used for this server's certificate.
- config.addCaCertificates(qlIntermediates);
-#else
// Treat the leaf certificate as a root.
// This shouldn't strictly be necessary,
// and is a left-over from early on.
@@ -1406,8 +1387,8 @@ void Server::newClient() {
// Add intermediate CAs found in the PEM
// bundle used for this server's certificate.
sock->addCaCertificates(qlIntermediates);
-#endif
+ QSslConfiguration config = sock->sslConfiguration();
config.setCiphers(Meta::mp.qlCiphers);
#if defined(USE_QSSLDIFFIEHELLMANPARAMETERS)
config.setDiffieHellmanParameters(qsdhpDHParams);

43
4414.patch Normal file
View file

@ -0,0 +1,43 @@
From b47e309f3113a3c147070d42e27a2d96ecffb6b8 Mon Sep 17 00:00:00 2001
From: MadMaurice <madmaurice@zom.bi>
Date: Tue, 11 Aug 2020 22:43:02 +0200
Subject: [PATCH] FIX(certificate): Retrieve QSslConfiguration after setting CA
Commit bdb12c6 added a regression for servers built with QT older than version
5.15. After this commit these servers do not serve intermediate certificates
anymore. This happens because the QSslConfiguration is retrieved before adding
the CA certificates to the socket and is reinserted into the socket again after
adding the CA certificates, thereby overwriting the CA certificates added in
between.
This commit fixes that by retrieving the QSslConfiguration just after setting
the CA certificates in case an older QT version than 5.15 is used.
---
src/murmur/Server.cpp | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp
index 22a150b621..9b76709bf9 100644
--- a/src/murmur/Server.cpp
+++ b/src/murmur/Server.cpp
@@ -1373,8 +1373,9 @@ void Server::newClient() {
sock->setPrivateKey(qskKey);
sock->setLocalCertificate(qscCert);
- QSslConfiguration config = sock->sslConfiguration();
+ QSslConfiguration config;
#if QT_VERSION >= QT_VERSION_CHECK(5,15,0)
+ config = sock->sslConfiguration();
// Qt 5.15 introduced QSslConfiguration::addCaCertificate(s) that should be preferred over the functions in QSslSocket
// Treat the leaf certificate as a root.
@@ -1406,6 +1407,9 @@ void Server::newClient() {
// Add intermediate CAs found in the PEM
// bundle used for this server's certificate.
sock->addCaCertificates(qlIntermediates);
+
+ // Must not get config from socket before setting CA certificates
+ config = sock->sslConfiguration();
#endif
config.setCiphers(Meta::mp.qlCiphers);

View file

@ -27,11 +27,11 @@ RUN apt-get update -yqq && apt-get install -yqq \
git --no-install-recommends git --no-install-recommends
WORKDIR /usr/src/murmur WORKDIR /usr/src/murmur
COPY 0001-Fix-ssl.patch / COPY 4414.patch /
RUN \ RUN \
git clone https://github.com/mumble-voip/mumble.git . \ git clone https://github.com/mumble-voip/mumble.git . \
&& git checkout master \ && git checkout master \
&& git apply /0001-Fix-ssl.patch \ && git apply /4414.patch \
&& git submodule init \ && git submodule init \
&& git submodule update && git submodule update