[PATCH] (issue124) Switch server URL and remove some RELEASE_BUILD options
Wald Commits
scm-commit at wald.intevation.org
Fri Sep 12 15:39:30 CEST 2014
# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1410529122 -7200
# Node ID 508c96e72f62a0bf8f724893531f26a85c4d3945
# Parent 7191addd8a53f13e15e58c5e62e9b096a13426e8
(issue124) Switch server URL and remove some RELEASE_BUILD options
As the test server speaks ECDSA we do not need so much
#ifndef RELEASE_BUILD options anymore.
diff -r 7191addd8a53 -r 508c96e72f62 CMakeLists.txt
--- a/CMakeLists.txt Fri Sep 12 15:13:58 2014 +0200
+++ b/CMakeLists.txt Fri Sep 12 15:38:42 2014 +0200
@@ -12,7 +12,7 @@
option(ENABLE_PROFILING "Set to enable profiling." OFF)
option(USE_CURL "Use libcurl to download updates and certificate lists." ON)
-set(DOWNLOAD_SERVER "https://files.intevation.de:443" CACHE STRING "Used as download server" )
+set(DOWNLOAD_SERVER "https://tb-devel.intevation.de:443" CACHE STRING "Used as download server" )
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/")
#Old qtmain linking behavior to be compatible with cmake versions < 2.8.11
diff -r 7191addd8a53 -r 508c96e72f62 ui/certificates/geotrust.der
Binary file ui/certificates/geotrust.der has changed
diff -r 7191addd8a53 -r 508c96e72f62 ui/certificates/intevation.de.der
Binary file ui/certificates/intevation.de.der has changed
diff -r 7191addd8a53 -r 508c96e72f62 ui/certs.qrc
--- a/ui/certs.qrc Fri Sep 12 15:13:58 2014 +0200
+++ b/ui/certs.qrc Fri Sep 12 15:38:42 2014 +0200
@@ -1,6 +1,5 @@
<!DOCTYPE RCC><RCC version="1.0">
<qresource prefix="/certs">
- <file alias="intevation.de">certificates/intevation.de.der</file>
- <file alias="geotrust">certificates/geotrust.der</file>
+ <file alias="ssl-test">certificates/ssl-test.der</file>
</qresource>
</RCC>
diff -r 7191addd8a53 -r 508c96e72f62 ui/downloader.cpp
--- a/ui/downloader.cpp Fri Sep 12 15:13:58 2014 +0200
+++ b/ui/downloader.cpp Fri Sep 12 15:38:42 2014 +0200
@@ -8,7 +8,7 @@
#include "downloader.h"
#ifndef DOWNLOAD_SERVER
-#define DOWNLOAD_SERVER "https://www.intevation.de"
+#define DOWNLOAD_SERVER "https://tb-devel.intevation.de"
#endif
#include <QFile>
@@ -36,24 +36,12 @@
#include "sslconnection_bare.h"
#endif
-#ifdef RELEASE_BUILD
static int accept_ciphers[] = {
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
0
};
-#else
-static int accept_ciphers[] = {
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
- TLS_RSA_WITH_AES_256_CBC_SHA,
- 0
-};
-#endif
Downloader::Downloader(QObject* parent, const QString& url,
const QByteArray& certificate,
diff -r 7191addd8a53 -r 508c96e72f62 ui/mainwindow.cpp
--- a/ui/mainwindow.cpp Fri Sep 12 15:13:58 2014 +0200
+++ b/ui/mainwindow.cpp Fri Sep 12 15:38:42 2014 +0200
@@ -66,22 +66,22 @@
#endif
#ifdef RELEASE_BUILD
-# define LIST_RESOURCE "/users/aheinecke/zertifikatsliste.txt"
+# define LIST_RESOURCE "/zertifikatsliste.txt"
# ifdef Q_OS_WIN
-# define SW_RESOURCE_VERSION "/users/aheinecke/TrustBridge-%1.exe"
-# define SW_RESOURCE "/users/aheinecke/TrustBridge.exe"
+# define SW_RESOURCE_VERSION "/TrustBridge-%1.exe"
+# define SW_RESOURCE "/TrustBridge.exe"
# else
-# define SW_RESOURCE_VERSION "/users/aheinecke/TrustBridge-%1" TB_ARCH_STRING ".sh"
-# define SW_RESOURCE "/users/aheinecke/TrustBridge" TB_ARCH_STRING ".sh"
+# define SW_RESOURCE_VERSION "/TrustBridge-%1" TB_ARCH_STRING ".sh"
+# define SW_RESOURCE "/TrustBridge" TB_ARCH_STRING ".sh"
# endif
#else // RELEASE_BUILD
-# define LIST_RESOURCE "/users/aheinecke/development/zertifikatsliste.txt"
+# define LIST_RESOURCE "/zertifikatsliste.txt"
# ifdef Q_OS_WIN
-# define SW_RESOURCE_VERSION "/users/aheinecke/development/TrustBridge-development.exe"
-# define SW_RESOURCE "/users/aheinecke/development/TrustBridge.exe"
+# define SW_RESOURCE_VERSION "/development/TrustBridge-development.exe"
+# define SW_RESOURCE "/development/TrustBridge.exe"
# else
-# define SW_RESOURCE_VERSION "/users/aheinecke/development/TrustBridge-development" TB_ARCH_STRING ".sh"
-# define SW_RESOURCE "/users/aheinecke/development/TrustBridge" TB_ARCH_STRING ".sh"
+# define SW_RESOURCE_VERSION "/development/TrustBridge-development" TB_ARCH_STRING ".sh"
+# define SW_RESOURCE "/development/TrustBridge" TB_ARCH_STRING ".sh"
# endif
#endif
@@ -422,7 +422,6 @@
swResource = mSettings.value("Software/resource", swResource).toString();
#endif
-
Downloader* downloader = new Downloader(this,
QString::fromLatin1(SERVER_URL),
QByteArray(),
diff -r 7191addd8a53 -r 508c96e72f62 ui/sslconnection.cpp
--- a/ui/sslconnection.cpp Fri Sep 12 15:13:58 2014 +0200
+++ b/ui/sslconnection.cpp Fri Sep 12 15:38:42 2014 +0200
@@ -28,9 +28,9 @@
if (certificate.isEmpty()) {
#ifdef RELEASE_BUILD
/* TODO Change certificate here in case of release build */
- QFile certResource(":certs/intevation.de");
+ QFile certResource(":certs/ssl-test");
#else
- QFile certResource(":certs/intevation.de");
+ QFile certResource(":certs/ssl-test");
#endif
certResource.open(QFile::ReadOnly);
mPinnedCert = certResource.readAll();
diff -r 7191addd8a53 -r 508c96e72f62 ui/sslconnection_curl.cpp
--- a/ui/sslconnection_curl.cpp Fri Sep 12 15:13:58 2014 +0200
+++ b/ui/sslconnection_curl.cpp Fri Sep 12 15:38:42 2014 +0200
@@ -25,25 +25,7 @@
return;
}
-#ifdef RELEASE_BUILD
if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 1L) != CURLE_OK) {
-#else
- /* For testing we do not have to trust the issuer. This should not
- * be dangerous as we pin the peer certificate directly. */
- if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 0L) != CURLE_OK) {
-#endif
- /* Should be default anyway */
- qDebug() << "Setting verifypeer failed";
- return;
- }
-
-#ifdef RELEASE_BUILD
- if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 1L) != CURLE_OK) {
-#else
- /* For testing we do not have to trust host. This should not
- * be dangerous as we pin the peer certificate directly. */
- if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 0L) != CURLE_OK) {
-#endif
/* Should be default anyway */
qDebug() << "Setting verifypeer failed";
return;
@@ -54,12 +36,10 @@
return;
}
-#ifdef RELEASE_BUILD
if (curl_easy_setopt(mCurl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2) != CURLE_OK) {
qDebug() << "Setting ssl version failed.";
return;
}
-#endif
mCertFile.open();
if (mCertFile.write(mPinnedCert) != mPinnedCert.size()) {
diff -r 7191addd8a53 -r 508c96e72f62 ui/tests/downloadertest.cpp
--- a/ui/tests/downloadertest.cpp Fri Sep 12 15:13:58 2014 +0200
+++ b/ui/tests/downloadertest.cpp Fri Sep 12 15:38:42 2014 +0200
@@ -149,9 +149,7 @@
QVERIFY(error == SSLConnection::NoConnection);
}
static int accept_ciphers[] = {
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
0
};
@@ -162,8 +160,8 @@
QByteArray(), /* Use default testing certificate */
QDateTime::currentDateTime(),
QDateTime::fromString("2010", "YYYY"),
- "/users/aheinecke/development/TrustBridge-development.exe",
- "/users/aheinecke/development/zertifikatsliste.txt");
+ "/development/TrustBridge-development.exe",
+ "/development/zertifikatsliste.txt");
downloader->setCiphersuites(accept_ciphers);
@@ -238,8 +236,8 @@
QByteArray(),
QDateTime::currentDateTime(), // Last installed SW
QDateTime::fromString("2010", "YYYY"),
- QString("/users/aheinecke/zertifikatsliste.txt"),
- QString("/users/aheinecke/zertifikatsliste.txt"));
+ QString("/zertifikatsliste.txt"),
+ QString("/zertifikatsliste.txt"));
SETUP_SPY
More information about the Trustbridge-commits
mailing list