mirror of
https://github.com/moonlight-stream/moonlight-qt
synced 2024-12-13 12:52:27 +00:00
Fix SSL on macOS
This commit is contained in:
parent
0357e6865d
commit
f80450176a
4 changed files with 44 additions and 17 deletions
|
@ -10,7 +10,6 @@
|
|||
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/pkcs12.h>
|
||||
|
||||
IdentityManager::IdentityManager()
|
||||
{
|
||||
|
@ -49,16 +48,10 @@ IdentityManager::IdentityManager()
|
|||
m_CachedPemCert = certificateFile.readAll();
|
||||
m_CachedPrivateKey = privateKeyFile.readAll();
|
||||
|
||||
// Make sure it really loads
|
||||
if (!QSslKey(m_CachedPrivateKey, QSsl::Rsa).isNull() && !QSslCertificate(m_CachedPemCert).isNull())
|
||||
{
|
||||
qDebug() << "Loaded cached identity key pair from disk";
|
||||
return;
|
||||
}
|
||||
|
||||
qDebug() << "Regenerating corrupted local key pair";
|
||||
}
|
||||
|
||||
privateKeyFile.close();
|
||||
certificateFile.close();
|
||||
|
||||
|
@ -117,13 +110,42 @@ IdentityManager::IdentityManager()
|
|||
BIO_free(biokey);
|
||||
BIO_free(biocert);
|
||||
|
||||
// Ensure we can actually consume the keys we just wrote
|
||||
Q_ASSERT(!QSslCertificate(m_CachedPemCert).isNull());
|
||||
Q_ASSERT(!QSslKey(m_CachedPrivateKey, QSsl::Rsa).isNull());
|
||||
|
||||
qDebug() << "Wrote new identity credentials to disk";
|
||||
}
|
||||
|
||||
QSslConfiguration
|
||||
IdentityManager::getSslConfig()
|
||||
{
|
||||
BIO* bio = BIO_new_mem_buf(m_CachedPrivateKey.data(), -1);
|
||||
THROW_BAD_ALLOC_IF_NULL(bio);
|
||||
|
||||
EVP_PKEY* pk = PEM_read_bio_PrivateKey(bio, nullptr, nullptr, nullptr);
|
||||
BIO_free(bio);
|
||||
|
||||
bio = BIO_new(BIO_s_mem());
|
||||
THROW_BAD_ALLOC_IF_NULL(bio);
|
||||
|
||||
// We must write out our PEM in the old PKCS1 format for SecureTransport
|
||||
// on macOS/iOS to be able to read it.
|
||||
BUF_MEM* mem;
|
||||
BIO_get_mem_ptr(bio, &mem);
|
||||
PEM_write_bio_PrivateKey_traditional(bio, pk, nullptr, nullptr, 0, nullptr, 0);
|
||||
|
||||
QSslCertificate cert = QSslCertificate(m_CachedPemCert);
|
||||
QSslKey key = QSslKey(QByteArray::fromRawData(mem->data, mem->length), QSsl::Rsa);
|
||||
Q_ASSERT(!cert.isNull());
|
||||
Q_ASSERT(!key.isNull());
|
||||
|
||||
BIO_free(bio);
|
||||
EVP_PKEY_free(pk);
|
||||
|
||||
QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
|
||||
sslConfig.setLocalCertificate(cert);
|
||||
sslConfig.setPrivateKey(key);
|
||||
|
||||
return sslConfig;
|
||||
}
|
||||
|
||||
QString
|
||||
IdentityManager::getUniqueId()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
#pragma once
|
||||
|
||||
#include <QDir>
|
||||
#include <QSslConfiguration>
|
||||
|
||||
class IdentityManager
|
||||
{
|
||||
|
@ -16,6 +17,9 @@ public:
|
|||
QByteArray
|
||||
getPrivateKey();
|
||||
|
||||
QSslConfiguration
|
||||
getSslConfig();
|
||||
|
||||
private:
|
||||
QDir m_RootDirectory;
|
||||
|
||||
|
|
|
@ -7,6 +7,10 @@ int main(int argc, char *argv[])
|
|||
// i.e. it's in the window, and not the top left of the screen
|
||||
QCoreApplication::setAttribute(Qt::AA_DontUseNativeMenuBar);
|
||||
|
||||
// This avoids using the default keychain for SSL, which may cause
|
||||
// password prompts on macOS.
|
||||
qputenv("QT_SSL_USE_TEMPORARY_KEYCHAIN", QByteArray("1"));
|
||||
|
||||
QApplication a(argc, argv);
|
||||
MainWindow w;
|
||||
w.show();
|
||||
|
|
|
@ -221,10 +221,7 @@ NvHTTP::openConnection(QUrl baseUrl,
|
|||
QNetworkRequest request = QNetworkRequest(url);
|
||||
|
||||
// Add our client certificate
|
||||
QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
|
||||
sslConfig.setLocalCertificate(QSslCertificate(m_Im.getCertificate()));
|
||||
sslConfig.setPrivateKey(QSslKey(m_Im.getPrivateKey(), QSsl::Rsa));
|
||||
request.setSslConfiguration(sslConfig);
|
||||
request.setSslConfiguration(m_Im.getSslConfig());
|
||||
|
||||
QNetworkReply* reply = m_Nam.get(request);
|
||||
|
||||
|
|
Loading…
Reference in a new issue