[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: kdelibs/kio
From: George Staikos <staikos () kde ! org>
Date: 2005-02-28 4:39:31
Message-ID: 20050228043931.3FFF4148A2 () office ! kde ! org
[Download RAW message or body]
CVS commit by staikos:
Two fixes.
1) Allow non-FQDN hostnames to work with SSL security checks (requires updated
kdecore)
2) Disable display of host IP if there is a proxy in use.
Both fixes are relatively untested. In particular, I don't have a proxy to
test with and don't really care even if I did. Please reopen with details if
it doesn't work, or comment if it does. I won't backport unless I receive
positive feedback.
BUG: 90753
FEATURE: 77195
M +2 -0 DESIGN.metadata 1.30
M +21 -6 kio/tcpslavebase.cpp 1.140
M +9 -2 kssl/ksslinfodlg.cc 1.58
M +2 -1 misc/uiserver.cpp 1.123
--- kdelibs/kio/DESIGN.metadata #1.29:1.30
@@ -106,4 +106,6 @@
ssl_session_id string Set in TCPSlaveBase to indicate the SSL session ID \
in base64 encoded ASN.1 encoded binary format. Also set in the caller to indicate to \
TCPSlaveBase to reuse a particular session ID.
+ssl_proxied bool Presently exists only if true. Set in TCPSlaveBase \
to indicate that a proxy is in use for this SSL connection. +
main_frame_request bool Actually for SSL, this is set in the caller to tell \
TCPSlaveBase if this is the request for the main frame of an html page. (dfault: \
true)
--- kdelibs/kio/kio/tcpslavebase.cpp #1.139:1.140
@@ -45,4 +45,5 @@
#include <ksslcertdlg.h>
#include <kmessagebox.h>
+#include <kresolver.h>
#include <klocale.h>
@@ -793,11 +794,22 @@ int TCPSlaveBase::verifyCertificate()
_IPmatchesCN = d->kssl->peerInfo().certMatchesAddress();
+ if (!_IPmatchesCN) {
+ KNetwork::KResolverResults res = \
KNetwork::KResolver::resolve(d->kssl->peerInfo().peerHost(), "80", \
KNetwork::KResolver::CanonName); + if (!res.isEmpty()) {
+ QString old = d->kssl->peerInfo().peerHost();
+ d->kssl->peerInfo().setPeerHost(res[0].canonicalName());
+ _IPmatchesCN = d->kssl->peerInfo().certMatchesAddress();
+ if (!_IPmatchesCN) {
+ d->kssl->peerInfo().setPeerHost(old);
+ }
+ }
if (!_IPmatchesCN && !d->militantSSL) { // force this if the user wants it
- if (d->cc->getHostList(pc).contains(ourHost))
+ if (d->cc->getHostList(pc).contains(ourHost)) {
_IPmatchesCN = true;
}
+ }
+ }
- if (!_IPmatchesCN)
- {
+ if (!_IPmatchesCN) {
ksvl << KSSLCertificate::InvalidHost;
}
@@ -818,4 +830,7 @@ int TCPSlaveBase::verifyCertificate()
QString::number(d->kssl->connectionInfo().getCipherBits()));
setMetaData("ssl_peer_ip", d->ip);
+ if (!d->realHost.isEmpty()) {
+ setMetaData("ssl_proxied", "true");
+ }
QString errorStr;
--- kdelibs/kio/kssl/ksslinfodlg.cc #1.57:1.58
@@ -215,6 +215,13 @@ void KSSLInfoDlg::setup(KSSLCertificate
layout = new QGridLayout(11, 2, KDialog::spacingHint());
layout->setColStretch(1, 1);
- layout->addWidget(new QLabel(i18n("IP address:"), this), 0, 0);
- layout->addWidget(new QLabel(ip, this), 0, 1);
+ QLabel *ipl = new QLabel(i18n("IP address:"), this);
+ layout->addWidget(ipl, 0, 0);
+ if (ip.isEmpty()) {
+ ipl->hide();
+ }
+ layout->addWidget(ipl = new QLabel(ip, this), 0, 1);
+ if (ip.isEmpty()) {
+ ipl->hide();
+ }
layout->addWidget(new QLabel(i18n("URL:"), this), 1, 0);
KSqueezedTextLabel *urlLabel = new KSqueezedTextLabel(url, this);
--- kdelibs/kio/misc/uiserver.cpp #1.122:1.123
@@ -1196,6 +1196,7 @@ void UIServer::showSSLInfoDialog(const Q
kdDebug(7024) << "ssl_cert_errors=" << meta["ssl_cert_errors"] << endl;
kid->setCertState(meta["ssl_cert_errors"]);
+ QString ip = meta.contains("ssl_proxied") ? "" : meta["ssl_peer_ip"];
kid->setup( x,
- meta["ssl_peer_ip"],
+ ip,
url, // the URL
meta["ssl_cipher"],
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic