NOISSUE remove macOS SSL workarounds

Should not be necessary anymore...
This commit is contained in:
Petr Mrázek 2017-04-25 23:03:11 +02:00
parent 4fa3e2a714
commit 6fe9258161
7 changed files with 1 additions and 172 deletions

View File

@ -313,18 +313,8 @@ set(MULTIMC_QRCS
resources/pe_blue/pe_blue.qrc
resources/OSX/OSX.qrc
resources/iOS/iOS.qrc
resources/certs/certs.qrc
)
set(MultiMC_OSX_source
CertWorkaround.cpp
CertWorkaround.h
)
if(APPLE)
list(APPEND MULTIMC_SOURCES ${MultiMC_OSX_source})
endif()
######## Windows resource files ########
if(WIN32)
set(MULTIMC_RCS resources/multimc.rc)

View File

@ -1,120 +0,0 @@
#include <stdexcept>
#include <iostream>
#include <QByteArray>
#include <QSslSocket>
#include <QDebug>
#include <Security/Security.h>
// CFRelease will crash if passed NULL
#define SafeCFRelease(ref) \
if (ref) \
CFRelease(ref);
/*!
* \brief LoadCertificatesFromKeyChain Load all certificates from the KeyChain path provided
* and return them as
* QSslCertificates.
* \param keyChainPath The KeyChain path. Pass an empty string to use the
* user's keychain.
* \return A list of new QSslCertificates generated from the
* KeyChain DER data.
*/
static QList<QSslCertificate>
LoadCertificatesFromKeyChain(const std::string &keyChainPath = std::string())
{
QList<QSslCertificate> qtCerts;
SecKeychainRef certsKeyChain = NULL;
SecKeychainSearchRef searchItem = NULL;
SecKeychainItemRef itemRef = NULL;
CSSM_DATA certData = {0, 0};
try
{
OSStatus status = errSecSuccess;
// if a keychain path was provided, obtain a pointer
if (!keyChainPath.empty())
{
status = SecKeychainOpen(keyChainPath.c_str(), &certsKeyChain);
if (status != errSecSuccess)
{
throw status;
}
}
// build a search query reference for certificates
status = SecKeychainSearchCreateFromAttributes(certsKeyChain, kSecCertificateItemClass,
NULL, &searchItem);
if (status != errSecSuccess)
{
throw status;
}
// loop through the certificates
while (SecKeychainSearchCopyNext(searchItem, &itemRef) != errSecItemNotFound)
{
// copy the KeyChain item data into a CSSM_DATA struct - this will be the certs Der
// data
status = SecKeychainItemCopyContent(itemRef, NULL, NULL,
reinterpret_cast<UInt32 *>(&certData.Length),
reinterpret_cast<void **>(&certData.Data));
if (status != errSecSuccess)
{
throw status;
}
// create a Qt byte array from the data - the data is NOT copied
const QByteArray byteArray = QByteArray::fromRawData(
reinterpret_cast<const char *>(certData.Data), certData.Length);
// create a Qt certificate from the data and add it to the list
QSslCertificate qtCert(byteArray, QSsl::Der);
qDebug() << "COMMON NAME: "
<< qtCert.issuerInfo(QSslCertificate::CommonName).join('\n')
<< " ORG NAME: "
<< qtCert.issuerInfo(QSslCertificate::Organization).join('\n');
qtCerts << qtCert;
}
}
catch (OSStatus status)
{
CFStringRef errorMessage = SecCopyErrorMessageString(status, NULL);
std::cerr << CFStringGetCStringPtr(errorMessage, kCFStringEncodingMacRoman)
<< std::endl;
SafeCFRelease(errorMessage);
}
SecKeychainItemFreeContent(NULL, certData.Data);
SafeCFRelease(itemRef);
SafeCFRelease(searchItem);
SafeCFRelease(certsKeyChain);
return qtCerts;
}
void RebuildQtCertificates()
{
const QList<QSslCertificate> existingCerts = QSslSocket::defaultCaCertificates();
QList<QSslCertificate> certs = LoadCertificatesFromKeyChain();
certs += LoadCertificatesFromKeyChain(
"/System/Library/Keychains/SystemRootCertificates.keychain");
Q_FOREACH (const QSslCertificate qtCert, certs)
{
if (!existingCerts.contains(qtCert))
{
qDebug() << "cert not known to Qt - adding";
qDebug() << "COMMON NAME: "
<< qtCert.issuerInfo(QSslCertificate::CommonName).join('\n')
<< " ORG NAME: "
<< qtCert.issuerInfo(QSslCertificate::Organization).join('\n');
QSslSocket::addDefaultCaCertificate(qtCert);
}
}
}

View File

@ -1,3 +0,0 @@
#pragma once
void RebuildQtCertificates();

View File

@ -1268,6 +1268,7 @@ void MainWindow::on_actionSettings_triggered()
{
SettingsUI::ShowPageDialog(MMC->globalSettingsPages(), this, "global-settings");
// FIXME: quick HACK to make this work. improve, optimize.
MMC->instances()->loadList(true);
proxymodel->invalidate();
proxymodel->sort(0);
updateToolsMenu();

View File

@ -501,10 +501,6 @@ void MultiMC::messageReceived(const QString& message)
}
}
#ifdef Q_OS_MAC
#include "CertWorkaround.h"
#endif
void MultiMC::initNetwork()
{
// init the http meta cache
@ -519,15 +515,6 @@ void MultiMC::initNetwork()
QString pass = settings()->get("ProxyPass").toString();
ENV.updateProxySettings(proxyTypeStr, addr, port, user, pass);
}
#ifdef Q_OS_MAC
Q_INIT_RESOURCE(certs);
RebuildQtCertificates();
QFile equifaxFile(":/certs/Equifax_Secure_Certificate_Authority.pem");
equifaxFile.open(QIODevice::ReadOnly);
QSslCertificate equifaxCert(equifaxFile.readAll(), QSsl::Pem);
QSslSocket::addDefaultCaCertificate(equifaxCert);
#endif
}
void MultiMC::initTranslations()

View File

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----

View File

@ -1,7 +0,0 @@
<!DOCTYPE RCC>
<RCC version="1.0">
<qresource prefix="/certs">
<file>Equifax_Secure_Certificate_Authority.pem</file>
</qresource>
</RCC>