Merge pull request #35 from nemomobile-packages/ssl-certs

[qmf] Introduce acceptUntrustedCertificates() configuration.

qmf/src/libraries/qmfclient/qmailserviceaction.h

@@ -107,6 +107,8 @@ class QMF_EXPORT QMailServiceAction
             ErrInvalidData,
             ErrTimeout,
             ErrInternalStateReset,
+            ErrNoSslSupport,
+            ErrUntrustedCertificates,
             ErrorCodeMaximum = ErrInternalStateReset
         };
 

qmf/src/libraries/qmfmessageserver/qmailtransport.cpp

@@ -55,6 +55,7 @@
 
 #include <qmaillog.h>
 #include <qmailnamespace.h>
+#include <qmailserviceaction.h>
 
 #ifndef QT_NO_OPENSSL
 static QString sslCertsPath()
@@ -175,7 +176,8 @@ qint64 QMailTransport::Socket::bytesSinceMark() const
 QMailTransport::QMailTransport(const char* name)
     : mName(name),
       mConnected(false),
-      mInUse(false)
+      mInUse(false),
+      mAcceptUntrustedCertificates(0)
 {
 #ifndef QT_NO_OPENSSL
     if (QSslSocket::defaultCaCertificates().isEmpty())
@@ -270,14 +272,15 @@ void QMailTransport::createSocket(EncryptType encryptType)
 /*!
     Opens a connection to the supplied \a url and \a port, using the specified \a encryptionType.
 */
-void QMailTransport::open(const QString& url, int port, EncryptType encryptionType)
+void QMailTransport::open(const QString& url, int port, EncryptType encryptionType, bool acceptUntrustedCertificates)
 {
     if (mSocket && mSocket->isOpen())
     {
         qWarning() << "Failed to open connection - already open!";
         return;
     }
-
+
+    mAcceptUntrustedCertificates = acceptUntrustedCertificates;
     mInUse = true;
 
     const int threeMin = 3 * 60 * 1000;
@@ -423,10 +426,24 @@ void QMailTransport::encryptionEstablished()
 /*! \internal */
 void QMailTransport::connectionFailed(const QList<QSslError>& errors)
 {
-    if (ignoreCertificateErrors(errors))
+    bool sslSupported = ignoreCertificateErrors(errors);
+    if (sslSupported && mAcceptUntrustedCertificates) {
+        qWarning() << "Accepting untrusted certificates";
         mSocket->ignoreSslErrors();
-    else
-        errorHandling(QAbstractSocket::UnknownSocketError, "");
+    } else {
+        connectToHostTimeOut.stop();
+        mConnected = false;
+        mInUse = false;
+        mSocket->abort();
+
+        emit updateStatus(tr("Error occurred"));
+
+        if (!sslSupported) {
+            emit sslErrorOccured(QMailServiceAction::Status::ErrNoSslSupport, tr("Socket error"));
+        } else {
+            emit sslErrorOccured(QMailServiceAction::Status::ErrUntrustedCertificates, tr("Socket error"));
+        }
+    }
 }
 
 /*! \internal */

qmf/src/libraries/qmfmessageserver/qmailtransport.h

@@ -43,6 +43,9 @@
 #define QMAILTRANSPORT_H
 
 #include <qmailglobal.h>
+#ifndef QT_NO_OPENSSL
+#include <qmailserviceaction.h>
+#endif
 
 #include <QObject>
 #include <QAbstractSocket>
@@ -75,7 +78,7 @@ class MESSAGESERVER_EXPORT QMailTransport : public QObject
     virtual ~QMailTransport();
 
     // Open a connection to the specified server
-    void open(const QString& url, int port, EncryptType encryptionType);
+    void open(const QString& url, int port, EncryptType encryptionType, bool acceptUntrustedCertificates = 0);
 
 #ifndef QT_NO_OPENSSL
     // If connection is not currently encrypted, switch to encrypted mode
@@ -112,6 +115,9 @@ class MESSAGESERVER_EXPORT QMailTransport : public QObject
 
     void errorOccurred(int status, QString);
     void updateStatus(const QString &);
+#ifndef QT_NO_OPENSSL
+    void sslErrorOccured(QMailServiceAction::Status::ErrorCode, QString);
+#endif
 
 public slots:
     void errorHandling(int errorCode, QString msg);
@@ -148,6 +154,7 @@ protected slots:
     QTimer connectToHostTimeOut;
     bool mConnected;
     bool mInUse;
+    bool mAcceptUntrustedCertificates;
 };
 
 #endif

qmf/src/plugins/messageservices/imap/imapconfiguration.cpp

@@ -206,6 +206,16 @@ void ImapConfiguration::setSearchLimit(int limit)
     setValue("searchLimit", QString::number(limit));
 }
 
+#ifndef QT_NO_OPENSSL
+
+bool ImapConfiguration::acceptUntrustedCertificates() const
+{
+    qDebug() << Q_FUNC_INFO << value("acceptUntrustedCertificates", "0");
+    return (value("acceptUntrustedCertificates", "0").toInt() != 0);
+}
+
+#endif
+
 ImapConfigurationEditor::ImapConfigurationEditor(QMailAccountConfiguration *config)
     : ImapConfiguration(*config)
 {
@@ -243,6 +253,11 @@ void ImapConfigurationEditor::setMailAuthentication(int t)
     setValue("authentication", QString::number(t));
 }
 
+void ImapConfigurationEditor::setAcceptUntrustedCertificates(bool v)
+{
+    setValue("acceptUntrustedCertificates", QString::number(v ? 1 : 0));
+}
+
 #endif
 
 void ImapConfigurationEditor::setDeleteMail(bool b)

qmf/src/plugins/messageservices/imap/imapconfiguration.h

@@ -93,6 +93,10 @@ class PLUGIN_EXPORT ImapConfiguration : public QMailServiceConfiguration
 
     int searchLimit() const;
     void setSearchLimit(int limit);
+
+#ifndef QT_NO_OPENSSL
+    bool acceptUntrustedCertificates() const;
+#endif
 };
 
 class PLUGIN_EXPORT ImapConfigurationEditor : public ImapConfiguration
@@ -107,6 +111,7 @@ class PLUGIN_EXPORT ImapConfigurationEditor : public ImapConfiguration
 #ifndef QT_NO_OPENSSL
     void setMailEncryption(int t);
     void setMailAuthentication(int t);
+    void setAcceptUntrustedCertificates(bool v);
 #endif
 
     void setDeleteMail(bool b);

qmf/src/plugins/messageservices/imap/imapprotocol.cpp

@@ -2928,10 +2928,18 @@ bool ImapProtocol::open( const ImapConfiguration& config, qint64 bufferSize)
                 this, SLOT(connected(QMailTransport::EncryptType)));
         connect(_transport, SIGNAL(readyRead()),
                 this, SLOT(incomingData()));
+#ifndef QT_NO_OPENSSL
+        connect(_transport, SIGNAL(sslErrorOccured(QMailServiceAction::Status::ErrorCode,QString)),
+                this, SIGNAL(connectionError(QMailServiceAction::Status::ErrorCode,QString)));
+#endif
     }
 
     qMailLog(IMAP) << objectName() << "About to open connection" << config.mailUserName() << config.mailServer(); // useful to see object name
-    _transport->open( config.mailServer(), config.mailPort(), static_cast<QMailTransport::EncryptType>(config.mailEncryption()));
+#ifndef QT_NO_OPENSSL
+    _transport->open(config.mailServer(), config.mailPort(), static_cast<QMailTransport::EncryptType>(config.mailEncryption()), config.acceptUntrustedCertificates());
+#else
+    _transport->open(config.mailServer(), config.mailPort(), static_cast<QMailTransport::EncryptType>(config.mailEncryption()));
+#endif
     if (bufferSize) {
         qMailLog(IMAP) << objectName() << "Setting read buffer size to" << bufferSize;
         _transport->socket().setReadBufferSize(bufferSize);

qmf/src/plugins/messageservices/imap/imaptransport.cpp

@@ -289,21 +289,6 @@ void ImapTransport::imapClose()
     _compressor = 0;
 }
 
-#ifndef QT_NO_OPENSSL
-bool ImapTransport::ignoreCertificateErrors(const QList<QSslError>& errors)
-{
-    QMailTransport::ignoreCertificateErrors(errors);
-
-    // Because we can't ask the user (due to string freeze), let's default
-    // to ignoring these errors...
-    foreach (const QSslError& error, errors)
-        if (error.error() == QSslError::NoSslSupport)
-            return false;
-
-    return true;
-}
-#endif
-
 void ImapTransport::test()
 {
 #if 0

qmf/src/plugins/messageservices/imap/imaptransport.h

@@ -74,11 +74,6 @@ class ImapTransport : public QMailTransport
 
     void imapClose();
 
-#ifndef QT_NO_OPENSSL
-protected:
-    virtual bool ignoreCertificateErrors(const QList<QSslError>& errors);
-#endif
-
 private:
     void test();
 

qmf/src/plugins/messageservices/pop/popclient.cpp

@@ -147,6 +147,10 @@ void PopClient::createTransport()
         connect(transport, SIGNAL(connected(QMailTransport::EncryptType)), this, SLOT(connected(QMailTransport::EncryptType)));
         connect(transport, SIGNAL(errorOccurred(int,QString)), this, SLOT(transportError(int,QString)));
         connect(transport, SIGNAL(readyRead()), this, SLOT(incomingData()));
+#ifndef QT_NO_OPENSSL
+        connect(transport, SIGNAL(sslErrorOccured(QMailServiceAction::Status::ErrorCode,QString)),
+                this, SIGNAL(connectionError(QMailServiceAction::Status::ErrorCode,QString)));
+#endif
     }
 }
 
@@ -158,6 +162,10 @@ void PopClient::deleteTransport()
         disconnect(transport, SIGNAL(connected(QMailTransport::EncryptType)), this, SLOT(connected(QMailTransport::EncryptType)));
         disconnect(transport, SIGNAL(errorOccurred(int,QString)), this, SLOT(transportError(int,QString)));
         disconnect(transport, SIGNAL(readyRead()), this, SLOT(incomingData()));
+#ifndef QT_NO_OPENSSL
+        disconnect(transport, SIGNAL(sslErrorOccured(QMailServiceAction::Status::ErrorCode,QString)),
+                this, SIGNAL(connectionError(QMailServiceAction::Status::ErrorCode,QString)));
+#endif
 
         // A Qt socket remains in an unusuable state for a short time after closing,
         // thus it can't be immediately reused
@@ -183,7 +191,11 @@ void PopClient::testConnection()
 
     status = Init;
     capabilities.clear();
+#ifndef QT_NO_OPENSSL
+    transport->open(popCfg.mailServer(), popCfg.mailPort(), static_cast<QMailTransport::EncryptType>(popCfg.mailEncryption()), popCfg.acceptUntrustedCertificates());
+#else
     transport->open(popCfg.mailServer(), popCfg.mailPort(), static_cast<QMailTransport::EncryptType>(popCfg.mailEncryption()));
+#endif
 }
 
 void PopClient::newConnection()
@@ -233,7 +245,11 @@ void PopClient::newConnection()
 
         status = Init;
         capabilities.clear();
+#ifndef QT_NO_OPENSSL
+        transport->open(popCfg.mailServer(), popCfg.mailPort(), static_cast<QMailTransport::EncryptType>(popCfg.mailEncryption()), popCfg.acceptUntrustedCertificates());
+#else
         transport->open(popCfg.mailServer(), popCfg.mailPort(), static_cast<QMailTransport::EncryptType>(popCfg.mailEncryption()));
+#endif
     }
 }
 

qmf/src/plugins/messageservices/pop/popconfiguration.cpp

@@ -107,6 +107,14 @@ bool PopConfiguration::intervalCheckRoamingEnabled() const
     return (value("intervalCheckRoamingEnabled", "0").toInt() != 0);
 }
 
+#ifndef QT_NO_OPENSSL
+
+bool PopConfiguration::acceptUntrustedCertificates() const
+{
+    return (value("acceptUntrustedCertificates", "0").toInt() != 0);
+}
+
+#endif
 
 PopConfigurationEditor::PopConfigurationEditor(QMailAccountConfiguration *config)
     : PopConfiguration(*config)
@@ -140,6 +148,11 @@ void PopConfigurationEditor::setMailEncryption(int t)
     setValue("encryption", QString::number(t));
 }
 
+void PopConfigurationEditor::setAcceptUntrustedCertificates(bool v)
+{
+    setValue("acceptUntrustedCertificates", QString::number(v ? 1 : 0));
+}
+
 #endif
 
 void PopConfigurationEditor::setDeleteMail(bool b)

qmf/src/plugins/messageservices/pop/popconfiguration.h

@@ -75,6 +75,10 @@ class PLUGIN_EXPORT PopConfiguration : public QMailServiceConfiguration
 
     int checkInterval() const;
     bool intervalCheckRoamingEnabled() const;
+
+#ifndef QT_NO_OPENSSL
+    bool acceptUntrustedCertificates() const;
+#endif
 };
 
 class PLUGIN_EXPORT PopConfigurationEditor : public PopConfiguration
@@ -88,6 +92,7 @@ class PLUGIN_EXPORT PopConfigurationEditor : public PopConfiguration
     void setMailPort(int i);
 #ifndef QT_NO_OPENSSL
     void setMailEncryption(int t);
+    void setAcceptUntrustedCertificates(bool v);
 #endif
 
     void setDeleteMail(bool b);

qmf/src/plugins/messageservices/smtp/smtpclient.cpp

@@ -248,10 +248,20 @@ void SmtpClient::newConnection()
                 this, SIGNAL(updateStatus(QString)));
         connect(transport, SIGNAL(errorOccurred(int,QString)),
                 this, SLOT(transportError(int,QString)));
+#ifndef QT_NO_OPENSSL
+        connect(transport, SIGNAL(sslErrorOccured(QMailServiceAction::Status::ErrorCode,QString)),
+                this, SIGNAL(connectionError(QMailServiceAction::Status::ErrorCode,QString)));
+#endif
     }
 
     qMailLog(SMTP) << "Open SMTP connection" << flush;
+#ifndef QT_NO_OPENSSL
+    transport->open(smtpCfg.smtpServer(), smtpCfg.smtpPort(), static_cast<QMailTransport::EncryptType>(smtpCfg.smtpEncryption()), smtpCfg.acceptUntrustedCertificates());
+#else
     transport->open(smtpCfg.smtpServer(), smtpCfg.smtpPort(), static_cast<QMailTransport::EncryptType>(smtpCfg.smtpEncryption()));
+#endif
+
+
 }
 
 QMailServiceAction::Status::ErrorCode SmtpClient::addMail(const QMailMessage& mail)

qmf/src/plugins/messageservices/smtp/smtpconfiguration.cpp

@@ -74,6 +74,11 @@ int SmtpConfiguration::smtpPort() const
 
 #ifndef QT_NO_OPENSSL
 
+bool SmtpConfiguration::acceptUntrustedCertificates() const
+{
+    return (value("acceptUntrustedCertificates", "0").toInt() != 0);
+}
+
 QString SmtpConfiguration::smtpUsername() const
 {
     return value("smtpusername");
@@ -124,6 +129,11 @@ void SmtpConfigurationEditor::setSmtpPort(int i)
 
 #ifndef QT_NO_OPENSSL
 
+void SmtpConfigurationEditor::setAcceptUntrustedCertificates(bool v)
+{
+    setValue("acceptUntrustedCertificates", QString::number(v ? 1 : 0));
+}
+
 void SmtpConfigurationEditor::setSmtpUsername(const QString& str)
 {
     setValue("smtpusername", str);
@@ -134,19 +144,11 @@ void SmtpConfigurationEditor::setSmtpPassword(const QString& str)
     setValue("smtppassword", encodeValue(str));
 }
 
-#endif
-
-#ifndef QT_NO_OPENSSL
-
 void SmtpConfigurationEditor::setSmtpAuthentication(int t)
 {
     setValue("authentication", QString::number(t));
 }
 
-#endif
-
-#ifndef QT_NO_OPENSSL
-
 void SmtpConfigurationEditor::setSmtpEncryption(int t)
 {
     setValue("encryption", QString::number(t));

qmf/src/plugins/messageservices/smtp/smtpconfiguration.h

@@ -77,6 +77,7 @@ class PLUGIN_EXPORT SmtpConfiguration : public QMailServiceConfiguration
     QString smtpServer() const;
     int smtpPort() const;
 #ifndef QT_NO_OPENSSL
+    bool acceptUntrustedCertificates() const;
     QString smtpUsername() const;
     QString smtpPassword() const;
 #endif
@@ -94,13 +95,10 @@ class PLUGIN_EXPORT SmtpConfigurationEditor : public SmtpConfiguration
     void setSmtpServer(const QString &str);
     void setSmtpPort(int i);
 #ifndef QT_NO_OPENSSL
+    void setAcceptUntrustedCertificates(bool v);
     void setSmtpUsername(const QString& username);
     void setSmtpPassword(const QString& password);
-#endif
-#ifndef QT_NO_OPENSSL
     void setSmtpAuthentication(int t);
-#endif
-#ifndef QT_NO_OPENSSL
     void setSmtpEncryption(int t);
 #endif
 };