linuxdcpp-team team mailing list archive
-
linuxdcpp-team team
-
Mailing list archive
-
Message #05710
[Branch ~dcplusplus-team/dcplusplus/trunk] Rev 2945: replace USE_TLS (disable/enable C-C TLS support) with REQUIRE_TLS (require/don't require C-C supp...
------------------------------------------------------------
revno: 2945
committer: cologic <ne5@xxxxxxxxxxx>
branch nick: dcplusplus
timestamp: Tue 2012-06-12 21:21:56 -0400
message:
replace USE_TLS (disable/enable C-C TLS support) with REQUIRE_TLS (require/don't require C-C support)
modified:
dcpp/ConnectionManager.cpp
dcpp/CryptoManager.cpp
dcpp/QueueItem.h
dcpp/SettingsManager.cpp
dcpp/SettingsManager.h
help/settings_certs.html
win32/CertificatesPage.cpp
win32/QueueFrame.cpp
--
lp:dcplusplus
https://code.launchpad.net/~dcplusplus-team/dcplusplus/trunk
Your team Dcplusplus-team is subscribed to branch lp:dcplusplus.
To unsubscribe from this branch go to https://code.launchpad.net/~dcplusplus-team/dcplusplus/trunk/+edit-subscription
=== modified file 'dcpp/ConnectionManager.cpp'
--- dcpp/ConnectionManager.cpp 2012-03-03 19:33:45 +0000
+++ dcpp/ConnectionManager.cpp 2012-06-13 01:21:56 +0000
@@ -405,6 +405,12 @@
}
void ConnectionManager::on(UserConnectionListener::Connected, UserConnection* aSource) noexcept {
+ if(BOOLSETTING(REQUIRE_TLS) && !aSource->isSet(UserConnection::FLAG_NMDC) && !aSource->isSecure()) {
+ putConnection(aSource);
+ QueueManager::getInstance()->removeSource(aSource->getUser(), QueueItem::Source::FLAG_UNENCRYPTED);
+ return;
+ }
+
if(aSource->isSecure() && !aSource->isTrusted() && !BOOLSETTING(ALLOW_UNTRUSTED_CLIENTS)) {
putConnection(aSource);
QueueManager::getInstance()->removeSource(aSource->getUser(), QueueItem::Source::FLAG_UNTRUSTED);
=== modified file 'dcpp/CryptoManager.cpp'
--- dcpp/CryptoManager.cpp 2012-03-03 19:33:45 +0000
+++ dcpp/CryptoManager.cpp 2012-06-13 01:21:56 +0000
@@ -122,7 +122,7 @@
}
bool CryptoManager::TLSOk() const noexcept {
- return BOOLSETTING(USE_TLS) && certsLoaded && !keyprint.empty();
+ return certsLoaded && !keyprint.empty();
}
void CryptoManager::generateCertificate() {
@@ -197,7 +197,7 @@
}
void CryptoManager::loadCertificates() noexcept {
- if(!BOOLSETTING(USE_TLS) || !clientContext || !clientVerContext || !serverContext || !serverVerContext)
+ if(!clientContext || !clientVerContext || !serverContext || !serverVerContext)
return;
keyprint.clear();
=== modified file 'dcpp/QueueItem.h'
--- dcpp/QueueItem.h 2012-01-13 20:55:20 +0000
+++ dcpp/QueueItem.h 2012-06-13 01:21:56 +0000
@@ -93,9 +93,11 @@
FLAG_NO_TREE = 0x80,
FLAG_SLOW_SOURCE = 0x100,
FLAG_UNTRUSTED = 0x200,
+ FLAG_UNENCRYPTED = 0x400,
FLAG_MASK = FLAG_FILE_NOT_AVAILABLE
| FLAG_PASSIVE | FLAG_REMOVED | FLAG_CRC_FAILED | FLAG_CRC_WARN
| FLAG_BAD_TREE | FLAG_NO_TREE | FLAG_SLOW_SOURCE | FLAG_UNTRUSTED
+ | FLAG_UNENCRYPTED
};
Source(const HintedUser& aUser) : user(aUser) { }
=== modified file 'dcpp/SettingsManager.cpp'
--- dcpp/SettingsManager.cpp 2012-06-03 17:22:16 +0000
+++ dcpp/SettingsManager.cpp 2012-06-13 01:21:56 +0000
@@ -81,7 +81,7 @@
"NoIpOverride", "SearchOnlyFreeSlots", "BoldFinishedDownloads", "BoldFinishedUploads", "BoldQueue",
"BoldHub", "BoldPm", "BoldFL", "BoldSearch", "BoldSearchSpy", "SocketInBuffer", "SocketOutBuffer",
"BoldSystemLog", "AutoRefreshTime",
- "UseTLS", "AutoSearchLimit", "AltSortOrder", "AutoKickNoFavs", "PromptPassword", "SpyFrameIgnoreTthSearches",
+ "AutoSearchLimit", "AltSortOrder", "AutoKickNoFavs", "PromptPassword", "SpyFrameIgnoreTthSearches",
"DontDlAlreadyQueued", "MaxCommandLength", "AllowUntrustedHubs", "AllowUntrustedClients",
"TLSPort", "SortFavUsersFirst", "SegmentedDL", "FollowLinks",
"SendBloom", "OwnerDrawnMenus", "Coral", "SearchFilterShared", "FinishedDLOnlyFull",
@@ -95,7 +95,7 @@
"AutoDetectIncomingConnection", "SettingsSaveInterval",
"BalloonMainChat", "BalloonPM", "BalloonPMWindow", "BalloonFinishedDL", "BalloonFinishedFL",
"UsersFilterOnline","UsersFilterFavorite","UsersFilterQueue","UsersFilterWaiting",
- "MaxPMWindows",
+ "MaxPMWindows", "RequireTLS",
"SENTRY",
// Int64
"TotalUpload", "TotalDownload",
@@ -276,7 +276,6 @@
setDefault(BOLD_SEARCH_SPY, true);
setDefault(BOLD_SYSTEM_LOG, true);
setDefault(AUTO_REFRESH_TIME, 60);
- setDefault(USE_TLS, true);
setDefault(AUTO_SEARCH_LIMIT, 5);
setDefault(ALT_SORT_ORDER, false);
setDefault(AUTO_KICK_NO_FAVS, false);
@@ -329,6 +328,7 @@
setDefault(USERS_FILTER_QUEUE, false);
setDefault(USERS_FILTER_WAITING, false);
setDefault(MAX_PM_WINDOWS, 50);
+ setDefault(REQUIRE_TLS, false);
setDefault(LAST_SHARED_FOLDER, Util::emptyString);
setSearchTypeDefaults();
=== modified file 'dcpp/SettingsManager.h'
--- dcpp/SettingsManager.h 2012-06-03 17:22:16 +0000
+++ dcpp/SettingsManager.h 2012-06-13 01:21:56 +0000
@@ -100,7 +100,7 @@
NO_IP_OVERRIDE, SEARCH_ONLY_FREE_SLOTS, BOLD_FINISHED_DOWNLOADS, BOLD_FINISHED_UPLOADS, BOLD_QUEUE,
BOLD_HUB, BOLD_PM, BOLD_FL, BOLD_SEARCH, BOLD_SEARCH_SPY, SOCKET_IN_BUFFER, SOCKET_OUT_BUFFER,
BOLD_SYSTEM_LOG, AUTO_REFRESH_TIME,
- USE_TLS, AUTO_SEARCH_LIMIT, ALT_SORT_ORDER, AUTO_KICK_NO_FAVS, PROMPT_PASSWORD, SPY_FRAME_IGNORE_TTH_SEARCHES,
+ AUTO_SEARCH_LIMIT, ALT_SORT_ORDER, AUTO_KICK_NO_FAVS, PROMPT_PASSWORD, SPY_FRAME_IGNORE_TTH_SEARCHES,
DONT_DL_ALREADY_QUEUED, MAX_COMMAND_LENGTH, ALLOW_UNTRUSTED_HUBS, ALLOW_UNTRUSTED_CLIENTS,
TLS_PORT, SORT_FAVUSERS_FIRST, SEGMENTED_DL, FOLLOW_LINKS,
SEND_BLOOM, OWNER_DRAWN_MENUS, CORAL, SEARCH_FILTER_SHARED, FINISHED_DL_ONLY_FULL,
@@ -114,7 +114,7 @@
AUTO_DETECT_CONNECTION, SETTINGS_SAVE_INTERVAL,
BALLOON_MAIN_CHAT, BALLOON_PM, BALLOON_PM_WINDOW, BALLOON_FINISHED_DL, BALLOON_FINISHED_FL,
USERS_FILTER_ONLINE, USERS_FILTER_FAVORITE, USERS_FILTER_QUEUE, USERS_FILTER_WAITING,
- MAX_PM_WINDOWS,
+ MAX_PM_WINDOWS, REQUIRE_TLS,
INT_LAST };
enum Int64Setting { INT64_FIRST = INT_LAST + 1,
=== modified file 'help/settings_certs.html'
--- help/settings_certs.html 2011-04-07 13:40:55 +0000
+++ help/settings_certs.html 2012-06-13 01:21:56 +0000
@@ -17,10 +17,6 @@
</dl>
<h2>Options</h2>
<dl style="margin-left: 40px;">
- <dt>Use TLS when remote client supports it</dt>
- <dd cshelp="IDH_SETTINGS_CERTIFICATES_USE_TLS">When this option is enabled, DC++ will connect to remote
-clients on an ADC hub that support SSL using SSL. This option is
-an experimental one, and shouldn't imply that DC++ is secure in any way.</dd>
<dt>Allow TLS connections to hubs without trusted certificate</dt>
<dd cshelp="IDH_SETTINGS_CERTIFICATES_ALLOW_UNTRUSTED_HUBS">With this option disabled, all hubs you connect to must have a certificate in your Trusted certificate folder.</dd>
<dt>Allow TLS connections to clients without trusted certificate</dt>
=== modified file 'win32/CertificatesPage.cpp'
--- win32/CertificatesPage.cpp 2012-01-23 20:18:58 +0000
+++ win32/CertificatesPage.cpp 2012-06-13 01:21:56 +0000
@@ -34,7 +34,7 @@
using dwt::Label;
PropPage::ListItem CertificatesPage::listItems[] = {
- { SettingsManager::USE_TLS, N_("Use TLS when remote client supports it"), IDH_SETTINGS_CERTIFICATES_USE_TLS },
+ { SettingsManager::REQUIRE_TLS, N_("Require TLS ADC client-client connections"), IDH_SETTINGS_CERTIFICATES_ALLOW_UNTRUSTED_HUBS },
{ SettingsManager::ALLOW_UNTRUSTED_HUBS, N_("Allow TLS connections to hubs without trusted certificate"), IDH_SETTINGS_CERTIFICATES_ALLOW_UNTRUSTED_HUBS },
{ SettingsManager::ALLOW_UNTRUSTED_CLIENTS, N_("Allow TLS connections to clients without trusted certificate"), IDH_SETTINGS_CERTIFICATES_ALLOW_UNTRUSTED_CLIENTS },
{ 0, 0 }
=== modified file 'win32/QueueFrame.cpp'
--- win32/QueueFrame.cpp 2012-06-08 15:27:48 +0000
+++ win32/QueueFrame.cpp 2012-06-13 01:21:56 +0000
@@ -381,6 +381,8 @@
tmp += T_("Remote client does not fully support TTH - cannot download");
} else if(j.isSet(QueueItem::Source::FLAG_UNTRUSTED)) {
tmp += T_("User certificate not trusted");
+ } else if(j.isSet(QueueItem::Source::FLAG_UNENCRYPTED)) {
+ tmp += T_("Remote ADC client does not use TLS encryption");
}
tmp += ')';
}
