Command-line client. Do not trust SSL certificates by default, unlss …

…'--trust' option is set. Signed-off-by: allexzander <blackslayer4@gmail.com>
nextcloud · Oct 7, 2022 · e721f93 · e721f93
1 parent dec66ae
commit e721f93
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 5 deletions.
diff --git a/src/cmd/cmd.cpp b/src/cmd/cmd.cpp
@@ -440,6 +440,7 @@ int main(int argc, char **argv)
 
     account->setUrl(hostUrl);
     account->setSslErrorHandler(sslErrorHandler);
+    account->setTrustCertificates(options.trustSSL);
 
     QEventLoop loop;
     auto *job = new JsonApiJob(account, QLatin1String("ocs/v1.php/cloud/capabilities"));

diff --git a/src/cmd/simplesslerrorhandler.cpp b/src/cmd/simplesslerrorhandler.cpp
@@ -19,17 +19,27 @@ namespace OCC {
 
 bool SimpleSslErrorHandler::handleErrors(QList<QSslError> errors, const QSslConfiguration &conf, QList<QSslCertificate> *certs, OCC::AccountPtr account)
 {
-    (void)account;
-    (void)conf;
+    Q_UNUSED(conf);
 
-    if (!certs) {
-        qDebug() << "Certs parameter required but is NULL!";
+    if (!account || !certs) {
+        qDebug() << "account and certs parameters are required!";
         return false;
     }
 
+    if (account->isTrustCertificates()) {
+        for (const auto &error : qAsConst(errors)) {
+            certs->append(error.certificate());
+        }
+        return true;
+    }
+
     for (const auto &error : qAsConst(errors)) {
-        certs->append(error.certificate());
+        if (!account->approvedCerts().contains(error.certificate())) {
+            certs->append(error.certificate());
+            return false;
+        }
     }
+
     return true;
 }
 }
diff --git a/src/libsync/account.cpp b/src/libsync/account.cpp
@@ -909,4 +909,14 @@ bool Account::fileCanBeUnlocked(SyncJournalDb * const journal,
     return false;
 }
 
+void Account::setTrustCertificates(bool trustCertificates)
+{
+    _trustCertificates = trustCertificates;
+}
+
+bool Account::isTrustCertificates() const
+{
+    return _trustCertificates;
+}
+
 } // namespace OCC
diff --git a/src/libsync/account.h b/src/libsync/account.h
@@ -291,6 +291,9 @@ class OWNCLOUDSYNC_EXPORT Account : public QObject
 
     bool fileCanBeUnlocked(SyncJournalDb * const journal, const QString &folderRelativePath) const;
 
+    void setTrustCertificates(bool trustCertificates);
+    [[nodiscard]] bool isTrustCertificates() const;
+
 public slots:
     /// Used when forgetting credentials
     void clearQNAMCache();
@@ -343,6 +346,8 @@ protected Q_SLOTS:
 
     static QString davPathBase();
 
+    bool _trustCertificates = false;
+
     QWeakPointer<Account> _sharedThis;
     QString _id;
     QString _davUser;