📄 tcpslavebase.cpp
字号:
arg << theurl << mOutgoingMetaData; d->dcc->call("kio_uiserver", "UIServer", "showSSLInfoDialog(QString,KIO::MetaData)", data, ignoretype, ignore); } } while (result == KMessageBox::Yes); if (result == KMessageBox::No) { setMetaData("ssl_action", "accept"); rc = 1; cp = KSSLCertificateCache::Accept; result = messageBox( WarningYesNo, i18n("Would you like to accept this " "certificate forever without " "being prompted?"), i18n("Server Authentication"), i18n("&Forever"), i18n("&Current Sessions Only")); if (result == KMessageBox::Yes) permacache = true; else permacache = false; } else { setMetaData("ssl_action", "reject"); rc = -1; cp = KSSLCertificateCache::Prompt; } break; } default: kdDebug(7029) << "TCPSlaveBase/SSL error in cert code." << "Please report this to kfm-devel@kde.org." << endl; break; } } // - cache the results d->cc->addCertificate(pc, cp, permacache); } else { // Child frame // - Read from cache and see if there is a policy for this int result; KSSLCertificateCache::KSSLCertificatePolicy cp = d->cc->getPolicyByCertificate(pc); isChild = true; // Check the cert and IP to make sure they're the same // as the parent frame bool certAndIPTheSame = (d->ip == metaData("ssl_parent_ip") && pc.toString() == metaData("ssl_parent_cert")); if (ksv == KSSLCertificate::Ok && _IPmatchesCN) { if (certAndIPTheSame) { // success rc = 1; setMetaData("ssl_action", "accept"); } else { if (d->militantSSL) return -1; result = messageBox(WarningYesNo, i18n("The certificate is valid but does not appear to have been assigned to this server. Do you wish to continue loading?"), i18n("Server Authentication")); if (result == KMessageBox::Yes) { // success rc = 1; setMetaData("ssl_action", "accept"); } else { // fail rc = -1; setMetaData("ssl_action", "reject"); } } } else { if (d->militantSSL) return -1; if (cp == KSSLCertificateCache::Accept) { if (certAndIPTheSame) { // success rc = 1; setMetaData("ssl_action", "accept"); } else { // fail result = messageBox(WarningYesNo, i18n("You have indicated that you wish to accept this certificate, but it is not issued to the server who is presenting it. Do you wish to continue loading?"), i18n("Server Authentication")); if (result == KMessageBox::Yes) { rc = 1; setMetaData("ssl_action", "accept"); } else { rc = -1; setMetaData("ssl_action", "reject"); } } } else if (cp == KSSLCertificateCache::Reject) { // fail messageBox(Information, i18n("SSL certificate is being rejected as requested. You can disable this in the KDE control center."), i18n("Server Authentication")); rc = -1; setMetaData("ssl_action", "reject"); } else { do { QString msg = i18n("The server certificate failed the " "authenticity test (%1)."); result = messageBox(WarningYesNoCancel, msg.arg(d->host), i18n("Server Authentication"), i18n("&Details..."), i18n("Co&ntinue")); if (result == KMessageBox::Yes) { if (!d->dcc) { d->dcc = new DCOPClient; d->dcc->attach(); } QByteArray data, ignore; QCString ignoretype; QDataStream arg(data, IO_WriteOnly); arg << theurl << mOutgoingMetaData; d->dcc->call("kio_uiserver", "UIServer", "showSSLInfoDialog(QString,KIO::MetaData)", data, ignoretype, ignore); } } while (result == KMessageBox::Yes); if (result == KMessageBox::No) { setMetaData("ssl_action", "accept"); rc = 1; cp = KSSLCertificateCache::Accept; result = messageBox( WarningYesNo, i18n("Would you like to accept this " "certificate forever without " "being prompted?"), i18n("Server Authentication"), i18n("&Forever"), i18n("&Current Sessions Only")); if (result == KMessageBox::Yes) permacache = true; else permacache = false; } else { setMetaData("ssl_action", "reject"); rc = -1; cp = KSSLCertificateCache::Prompt; } d->cc->addCertificate(pc, cp, permacache); } } } if (rc == -1) return rc; // Things to check: // - posting unencrypted data -- elsewhere? // - transmitting any data unencrypted? In the app?? // singleton in write()? if (metaData("ssl_activate_warnings") == "TRUE") { // - entering SSL if (!isChild && metaData("ssl_was_in_use") == "FALSE" && d->kssl->settings()->warnOnEnter()) { int result; do { result = messageBox( WarningYesNo, i18n("You are about to " "enter secure mode. " "All transmissions " "will be encrypted " "unless otherwise " "noted.\nThis means " "that no third party " "will be able to " "easily observe your " " data in transfer."), i18n("Security information"), i18n("Display SSL " "Information"), i18n("Continue") ); if ( result == KMessageBox::Yes ) { if (!d->dcc) { d->dcc = new DCOPClient; d->dcc->attach(); } QByteArray data, ignore; QCString ignoretype; QDataStream arg(data, IO_WriteOnly); arg << theurl << mOutgoingMetaData; d->dcc->call("kio_uiserver", "UIServer", "showSSLInfoDialog(QString,KIO::MetaData)", data, ignoretype, ignore); } } while (result != KMessageBox::No); }#if 0 // This will probably go to khtml_part // - mixed SSL/nonSSL // I assert that if any two portions of a loaded document are of // opposite SSL status then either one of them must be different // than the parent. Therefore we can only compare each child // against the parent both here and in non-SSL mode. // The problem which remains is how to have this notification // appear only once per page. if ( isChild && d->kssl->settings()->warnOnMixed() && metaData("ssl_was_in_use") != "TRUE") { // FIXME: do something! }#endif } // if ssl_activate_warnings kdDebug(7029) << "SSL connection information follows:" << endl << "+-----------------------------------------------" << endl << "| Cipher: " << d->kssl->connectionInfo().getCipher() << endl << "| Description: " << d->kssl->connectionInfo().getCipherDescription() << endl << "| Version: " << d->kssl->connectionInfo().getCipherVersion() << endl << "| Strength: " << d->kssl->connectionInfo().getCipherUsedBits() << " of " << d->kssl->connectionInfo().getCipherBits() << " bits used." << endl << "| PEER:" << endl << "| Subject: " << d->kssl->peerInfo().getPeerCertificate().getSubject() << endl << "| Issuer: " << d->kssl->peerInfo().getPeerCertificate().getIssuer() << endl << "| Validation: " << (int)ksv << endl << "| Certificate matches IP: " << _IPmatchesCN << endl << "+-----------------------------------------------" << endl; // sendMetaData(); Do not call this function!! return rc;}bool TCPSlaveBase::isConnectionValid(){ if ( m_iSock == -1 ) return false; fd_set rdfs; FD_ZERO(&rdfs); FD_SET(m_iSock , &rdfs); struct timeval tv; tv.tv_usec = 0; tv.tv_sec = 0; int retval = select(m_iSock+1, &rdfs, NULL, NULL, &tv); // retval == 0 ==> Connection Idle // retval >= 1 ==> Connection Active if ( retval == -1 ) return false; // should really never happen, but just in-case... else if ( retval > 0 ) { char buffer[100]; retval = recv(m_iSock, buffer, 80, MSG_PEEK); // retval == 0 ==> Connection closed if ( retval == 0 ) return false; } return true;}bool TCPSlaveBase::waitForResponse( int t ){if (0 /*m_bIsSSL || d->usingTLS*/) { if (t < 0) t *= -1; t *= 10; while (t--) { if (d->kssl->pending()) return true; usleep(100000); // a tenth of a second } return false;} else { fd_set rd, wr; struct timeval timeout; int n = t; // Timeout in seconds while(n--) { FD_ZERO(&rd); FD_ZERO(&wr); FD_SET(m_iSock, &rd); timeout.tv_usec = 0; timeout.tv_sec = 1; // 1 second select(m_iSock+1, &rd, &wr, (fd_set *)0, &timeout); if (FD_ISSET(m_iSock, &rd)) return true; } return false; // Timed out!}}int TCPSlaveBase::connectResult(){ return d->status;}void TCPSlaveBase::setBlockConnection( bool b ){ d->block = b;}void TCPSlaveBase::setConnectTimeout( int t ){ d->timeout = t;}bool TCPSlaveBase::isSSLTunnelEnabled(){ return d->useSSLTunneling;}void TCPSlaveBase::setEnableSSLTunnel( bool enable ){ d->useSSLTunneling = enable;}void TCPSlaveBase::setRealHost( const QString& realHost ){ d->realHost = realHost;}bool TCPSlaveBase::doSSLHandShake( bool sendError ){ kdDebug(7029) << "TCPSlaveBase::doSSLHandShake: " << endl; QString msgHost = d->host; d->kssl->reInitialize(); certificatePrompt(); if ( !d->realHost.isEmpty() ) { msgHost = d->realHost; } kdDebug(7029) << "Setting real hostname: " << msgHost << endl; d->kssl->setPeerHost(msgHost); d->status = d->kssl->connect(m_iSock); if (d->status < 0) { CloseDescriptor(); if ( sendError ) error( ERR_COULD_NOT_CONNECT, d->host); return false; } setMetaData("ssl_in_use", "TRUE"); int rc = verifyCertificate(); if ( rc != 1 ) { d->status = -1; CloseDescriptor(); if ( sendError ) error( ERR_COULD_NOT_CONNECT, d->host); return false; } d->needSSLHandShake = false; return true;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -