use official pull request patch
This commit is contained in:
parent
4fc76b950b
commit
7774a1eb63
3 changed files with 45 additions and 42 deletions
|
@ -1,40 +0,0 @@
|
||||||
diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp
|
|
||||||
index 22a150b6..fa77d96f 100644
|
|
||||||
--- a/src/murmur/Server.cpp
|
|
||||||
+++ b/src/murmur/Server.cpp
|
|
||||||
@@ -1373,25 +1373,6 @@ void Server::newClient() {
|
|
||||||
sock->setPrivateKey(qskKey);
|
|
||||||
sock->setLocalCertificate(qscCert);
|
|
||||||
|
|
||||||
- QSslConfiguration config = sock->sslConfiguration();
|
|
||||||
-#if QT_VERSION >= QT_VERSION_CHECK(5,15,0)
|
|
||||||
- // Qt 5.15 introduced QSslConfiguration::addCaCertificate(s) that should be preferred over the functions in QSslSocket
|
|
||||||
-
|
|
||||||
- // Treat the leaf certificate as a root.
|
|
||||||
- // This shouldn't strictly be necessary,
|
|
||||||
- // and is a left-over from early on.
|
|
||||||
- // Perhaps it is necessary for self-signed
|
|
||||||
- // certs?
|
|
||||||
- config.addCaCertificate(qscCert);
|
|
||||||
-
|
|
||||||
- // Add CA certificates specified via
|
|
||||||
- // murmur.ini's sslCA option.
|
|
||||||
- config.addCaCertificates(Meta::mp.qlCA);
|
|
||||||
-
|
|
||||||
- // Add intermediate CAs found in the PEM
|
|
||||||
- // bundle used for this server's certificate.
|
|
||||||
- config.addCaCertificates(qlIntermediates);
|
|
||||||
-#else
|
|
||||||
// Treat the leaf certificate as a root.
|
|
||||||
// This shouldn't strictly be necessary,
|
|
||||||
// and is a left-over from early on.
|
|
||||||
@@ -1406,8 +1387,8 @@ void Server::newClient() {
|
|
||||||
// Add intermediate CAs found in the PEM
|
|
||||||
// bundle used for this server's certificate.
|
|
||||||
sock->addCaCertificates(qlIntermediates);
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
+ QSslConfiguration config = sock->sslConfiguration();
|
|
||||||
config.setCiphers(Meta::mp.qlCiphers);
|
|
||||||
#if defined(USE_QSSLDIFFIEHELLMANPARAMETERS)
|
|
||||||
config.setDiffieHellmanParameters(qsdhpDHParams);
|
|
43
4414.patch
Normal file
43
4414.patch
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
From b47e309f3113a3c147070d42e27a2d96ecffb6b8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: MadMaurice <madmaurice@zom.bi>
|
||||||
|
Date: Tue, 11 Aug 2020 22:43:02 +0200
|
||||||
|
Subject: [PATCH] FIX(certificate): Retrieve QSslConfiguration after setting CA
|
||||||
|
|
||||||
|
Commit bdb12c6 added a regression for servers built with QT older than version
|
||||||
|
5.15. After this commit these servers do not serve intermediate certificates
|
||||||
|
anymore. This happens because the QSslConfiguration is retrieved before adding
|
||||||
|
the CA certificates to the socket and is reinserted into the socket again after
|
||||||
|
adding the CA certificates, thereby overwriting the CA certificates added in
|
||||||
|
between.
|
||||||
|
|
||||||
|
This commit fixes that by retrieving the QSslConfiguration just after setting
|
||||||
|
the CA certificates in case an older QT version than 5.15 is used.
|
||||||
|
---
|
||||||
|
src/murmur/Server.cpp | 6 +++++-
|
||||||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp
|
||||||
|
index 22a150b621..9b76709bf9 100644
|
||||||
|
--- a/src/murmur/Server.cpp
|
||||||
|
+++ b/src/murmur/Server.cpp
|
||||||
|
@@ -1373,8 +1373,9 @@ void Server::newClient() {
|
||||||
|
sock->setPrivateKey(qskKey);
|
||||||
|
sock->setLocalCertificate(qscCert);
|
||||||
|
|
||||||
|
- QSslConfiguration config = sock->sslConfiguration();
|
||||||
|
+ QSslConfiguration config;
|
||||||
|
#if QT_VERSION >= QT_VERSION_CHECK(5,15,0)
|
||||||
|
+ config = sock->sslConfiguration();
|
||||||
|
// Qt 5.15 introduced QSslConfiguration::addCaCertificate(s) that should be preferred over the functions in QSslSocket
|
||||||
|
|
||||||
|
// Treat the leaf certificate as a root.
|
||||||
|
@@ -1406,6 +1407,9 @@ void Server::newClient() {
|
||||||
|
// Add intermediate CAs found in the PEM
|
||||||
|
// bundle used for this server's certificate.
|
||||||
|
sock->addCaCertificates(qlIntermediates);
|
||||||
|
+
|
||||||
|
+ // Must not get config from socket before setting CA certificates
|
||||||
|
+ config = sock->sslConfiguration();
|
||||||
|
#endif
|
||||||
|
|
||||||
|
config.setCiphers(Meta::mp.qlCiphers);
|
|
@ -27,11 +27,11 @@ RUN apt-get update -yqq && apt-get install -yqq \
|
||||||
git --no-install-recommends
|
git --no-install-recommends
|
||||||
|
|
||||||
WORKDIR /usr/src/murmur
|
WORKDIR /usr/src/murmur
|
||||||
COPY 0001-Fix-ssl.patch /
|
COPY 4414.patch /
|
||||||
RUN \
|
RUN \
|
||||||
git clone https://github.com/mumble-voip/mumble.git . \
|
git clone https://github.com/mumble-voip/mumble.git . \
|
||||||
&& git checkout master \
|
&& git checkout master \
|
||||||
&& git apply /0001-Fix-ssl.patch \
|
&& git apply /4414.patch \
|
||||||
&& git submodule init \
|
&& git submodule init \
|
||||||
&& git submodule update
|
&& git submodule update
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue