#6372 Only show padlock when TLSv1.2 is detected

This is really crude and probably a bit fragile, but patches welcome! I also made the fingerprint dialog a bit friendlier while I was poking around.

src/gui/src/MainWindow.cpp

@@ -68,6 +68,9 @@ static const char synergyConfigName[] = "synergy.conf";
 static const QString synergyConfigFilter(QObject::tr("Synergy Configurations (*.conf);;All files (*.*)"));
 #endif
 
+static const char* tlsVersion = "TLS 1.2";
+static const char* tlsCheckString = "network encryption protocol: TLSv1.2";
+
 static const char* synergyIconFiles[] =
 {
     ":/res/icons/16x16/synergy-disconnected.png",
@@ -113,6 +116,7 @@ MainWindow::MainWindow (QSettings& settings, AppConfig& appConfig,
 #ifndef SYNERGY_ENTERPRISE
     , m_ActivationDialogRunning(false)
 #endif
+    , m_SecureSocket(false)
 {
     setupUi(this);
 
@@ -147,9 +151,11 @@ MainWindow::MainWindow (QSettings& settings, AppConfig& appConfig,
     m_SuppressAutoConfigWarning = false;
 
     m_pComboServerList->hide();
-    m_pLabelPadlock->hide();
     m_trialWidget->hide();
 
+    // hide padlock icon
+    secureSocket(false);
+
     connect (this, SIGNAL(windowShown()),
              this, SLOT(on_windowShown()), Qt::QueuedConnection);
 #ifndef SYNERGY_ENTERPRISE
@@ -464,6 +470,8 @@ void MainWindow::updateFromLogLine(const QString &line)
     // TODO: this code makes Andrew cry
     checkConnected(line);
     checkFingerprint(line);
+    checkSecureSocket(line);
+
 #ifndef SYNERGY_ENTERPRISE
     checkLicense(line);
 #endif
@@ -522,11 +530,10 @@ void MainWindow::checkFingerprint(const QString& line)
         QMessageBox::StandardButton fingerprintReply =
             QMessageBox::information(
             this, tr("Security question"),
-            tr("Do you trust this fingerprint?\n\n"
+            tr("You are connecting to a server. Here is it's fingerprint:\n\n"
                "%1\n\n"
-               "This is a server fingerprint. You should compare this "
-               "fingerprint to the one on your server's screen. If the "
-               "two don't match exactly, then it's probably not the server "
+               "Compare this fingerprint to the one on your server's screen."
+               "If the two don't match exactly, then it's probably not the server "
                "you're expecting (it could be a malicious user).\n\n"
                "To automatically trust this fingerprint for future "
                "connections, click Yes. To reject this fingerprint and "
@@ -544,6 +551,15 @@ void MainWindow::checkFingerprint(const QString& line)
     }
 }
 
+void MainWindow::checkSecureSocket(const QString& line)
+{
+    // obviously not very secure, since this can be tricked by injecting something
+    // into the log. however, since we don't have IPC between core and GUI... patches welcome.
+    if (line.contains(tlsCheckString)) {
+        secureSocket(true);
+    }
+}
+
 bool MainWindow::autoHide()
 {
     if ((appConfig().processMode() == Desktop) &&
@@ -925,6 +941,13 @@ void MainWindow::synergyFinished(int exitCode, QProcess::ExitStatus)
 
 void MainWindow::setSynergyState(qSynergyState state)
 {
+    // always assume connection is not secure when connection changes
+    // to anything except connected. the only way the padlock shows is
+    // when the correct TLS version string is detected.
+    if (state != synergyConnected) {
+        secureSocket(false);
+    }
+
     if (synergyState() == state)
         return;
 
@@ -954,24 +977,20 @@ void MainWindow::setSynergyState(qSynergyState state)
     switch (state)
     {
     case synergyConnected: {
-        if (m_AppConfig->getCryptoEnabled()) {
-            m_pLabelPadlock->show();
+        if (m_SecureSocket) {
+            setStatus(tr("Synergy is running (with %1)").arg(tlsVersion));
         }
         else {
-            m_pLabelPadlock->hide();
+            setStatus(tr("Synergy is running (without %1)").arg(tlsVersion));
         }
 
-        setStatus(tr("Synergy is running."));
-
         break;
     }
     case synergyConnecting:
-        m_pLabelPadlock->hide();
-        setStatus(tr("Synergy is starting."));
+        setStatus(tr("Synergy is starting..."));
         break;
     case synergyDisconnected:
-        m_pLabelPadlock->hide();
-        setStatus(tr("Synergy is not running."));
+        setStatus(tr("Synergy is not running"));
         break;
     case synergyTransfering:
         break;
@@ -1567,3 +1586,14 @@ QString MainWindow::getProfileRootForArg()
 
     return QString("\"%1\"").arg(dir);
 }
+
+bool MainWindow::secureSocket(bool secureSocket)
+{
+    m_SecureSocket = secureSocket;
+    if (secureSocket) {
+        m_pLabelPadlock->show();
+    }
+    else {
+        m_pLabelPadlock->hide();
+    }
+}

src/gui/src/MainWindow.h

@@ -197,16 +197,18 @@ public slots:
 #endif
         QString getProfileRootForArg();
         void checkConnected(const QString& line);
+        void checkFingerprint(const QString& line);
+        void checkSecureSocket(const QString& line);
 #ifndef SYNERGY_ENTERPRISE
         void checkLicense(const QString& line);
 #endif
-        void checkFingerprint(const QString& line);
         bool autoHide();
         QString getTimeStamp();
         void restartSynergy();
         void proofreadInfo();
 
         void showEvent (QShowEvent*);
+        bool secureSocket(bool secureSocket);
 
     private:
         QSettings& m_Settings;
@@ -243,6 +245,7 @@ public slots:
         bool m_ActivationDialogRunning;
         QStringList m_PendingClientNames;
 #endif
+        bool m_SecureSocket;
 
 private slots:
     void on_m_pButtonApply_clicked();