images/murmur
7
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Patch no longer required

Browse source
This commit is contained in:
paul 2020-08-12 20:13:42 +02:00
parent 7774a1eb63
commit 5a0bce88d0
2 changed files with 0 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
4414.patch
View file

@ -1,43 +0,0 @@
From b47e309f3113a3c147070d42e27a2d96ecffb6b8 Mon Sep 17 00:00:00 2001
From: MadMaurice <madmaurice@zom.bi>
Date: Tue, 11 Aug 2020 22:43:02 +0200
Subject: [PATCH] FIX(certificate): Retrieve QSslConfiguration after setting CA
Commit bdb12c6 added a regression for servers built with QT older than version
5.15. After this commit these servers do not serve intermediate certificates
anymore. This happens because the QSslConfiguration is retrieved before adding
the CA certificates to the socket and is reinserted into the socket again after
adding the CA certificates, thereby overwriting the CA certificates added in
between.
This commit fixes that by retrieving the QSslConfiguration just after setting
the CA certificates in case an older QT version than 5.15 is used.
---
src/murmur/Server.cpp | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp
index 22a150b621..9b76709bf9 100644
--- a/src/murmur/Server.cpp
+++ b/src/murmur/Server.cpp
@@ -1373,8 +1373,9 @@ void Server::newClient() {
sock->setPrivateKey(qskKey);
sock->setLocalCertificate(qscCert);
- QSslConfiguration config = sock->sslConfiguration();
+ QSslConfiguration config;
#if QT_VERSION >= QT_VERSION_CHECK(5,15,0)
+ config = sock->sslConfiguration();
// Qt 5.15 introduced QSslConfiguration::addCaCertificate(s) that should be preferred over the functions in QSslSocket
// Treat the leaf certificate as a root.
@@ -1406,6 +1407,9 @@ void Server::newClient() {
// Add intermediate CAs found in the PEM
// bundle used for this server's certificate.
sock->addCaCertificates(qlIntermediates);
+
+ // Must not get config from socket before setting CA certificates
+ config = sock->sslConfiguration();
#endif
config.setCiphers(Meta::mp.qlCiphers);

2
Dockerfile
View file

@ -27,11 +27,9 @@ RUN apt-get update -yqq && apt-get install -yqq \
git --no-install-recommends
WORKDIR /usr/src/murmur
COPY 4414.patch /
RUN \
git clone https://github.com/mumble-voip/mumble.git . \
&& git checkout master \
&& git apply /4414.patch \
&& git submodule init \
&& git submodule update