#6372 Only show padlock when TLSv1.2 is detected

This is really crude and probably a bit fragile, but patches welcome! I also made the fingerprint dialog a bit friendlier while I was poking around.
This commit is contained in:
Nick Bolton 2018-07-28 01:52:56 +01:00
parent 60c0df5984
commit 0e0c701b61
2 changed files with 48 additions and 15 deletions

View File

@ -68,6 +68,9 @@ static const char synergyConfigName[] = "synergy.conf";
static const QString synergyConfigFilter(QObject::tr("Synergy Configurations (*.conf);;All files (*.*)"));
#endif
static const char* tlsVersion = "TLS 1.2";
static const char* tlsCheckString = "network encryption protocol: TLSv1.2";
static const char* synergyIconFiles[] =
{
":/res/icons/16x16/synergy-disconnected.png",
@ -113,6 +116,7 @@ MainWindow::MainWindow (QSettings& settings, AppConfig& appConfig,
#ifndef SYNERGY_ENTERPRISE
, m_ActivationDialogRunning(false)
#endif
, m_SecureSocket(false)
{
setupUi(this);
@ -147,9 +151,11 @@ MainWindow::MainWindow (QSettings& settings, AppConfig& appConfig,
m_SuppressAutoConfigWarning = false;
m_pComboServerList->hide();
m_pLabelPadlock->hide();
m_trialWidget->hide();
// hide padlock icon
secureSocket(false);
connect (this, SIGNAL(windowShown()),
this, SLOT(on_windowShown()), Qt::QueuedConnection);
#ifndef SYNERGY_ENTERPRISE
@ -464,6 +470,8 @@ void MainWindow::updateFromLogLine(const QString &line)
// TODO: this code makes Andrew cry
checkConnected(line);
checkFingerprint(line);
checkSecureSocket(line);
#ifndef SYNERGY_ENTERPRISE
checkLicense(line);
#endif
@ -522,11 +530,10 @@ void MainWindow::checkFingerprint(const QString& line)
QMessageBox::StandardButton fingerprintReply =
QMessageBox::information(
this, tr("Security question"),
tr("Do you trust this fingerprint?\n\n"
tr("You are connecting to a server. Here is it's fingerprint:\n\n"
"%1\n\n"
"This is a server fingerprint. You should compare this "
"fingerprint to the one on your server's screen. If the "
"two don't match exactly, then it's probably not the server "
"Compare this fingerprint to the one on your server's screen."
"If the two don't match exactly, then it's probably not the server "
"you're expecting (it could be a malicious user).\n\n"
"To automatically trust this fingerprint for future "
"connections, click Yes. To reject this fingerprint and "
@ -544,6 +551,15 @@ void MainWindow::checkFingerprint(const QString& line)
}
}
void MainWindow::checkSecureSocket(const QString& line)
{
// obviously not very secure, since this can be tricked by injecting something
// into the log. however, since we don't have IPC between core and GUI... patches welcome.
if (line.contains(tlsCheckString)) {
secureSocket(true);
}
}
bool MainWindow::autoHide()
{
if ((appConfig().processMode() == Desktop) &&
@ -925,6 +941,13 @@ void MainWindow::synergyFinished(int exitCode, QProcess::ExitStatus)
void MainWindow::setSynergyState(qSynergyState state)
{
// always assume connection is not secure when connection changes
// to anything except connected. the only way the padlock shows is
// when the correct TLS version string is detected.
if (state != synergyConnected) {
secureSocket(false);
}
if (synergyState() == state)
return;
@ -954,24 +977,20 @@ void MainWindow::setSynergyState(qSynergyState state)
switch (state)
{
case synergyConnected: {
if (m_AppConfig->getCryptoEnabled()) {
m_pLabelPadlock->show();
if (m_SecureSocket) {
setStatus(tr("Synergy is running (with %1)").arg(tlsVersion));
}
else {
m_pLabelPadlock->hide();
setStatus(tr("Synergy is running (without %1)").arg(tlsVersion));
}
setStatus(tr("Synergy is running."));
break;
}
case synergyConnecting:
m_pLabelPadlock->hide();
setStatus(tr("Synergy is starting."));
setStatus(tr("Synergy is starting..."));
break;
case synergyDisconnected:
m_pLabelPadlock->hide();
setStatus(tr("Synergy is not running."));
setStatus(tr("Synergy is not running"));
break;
case synergyTransfering:
break;
@ -1567,3 +1586,14 @@ QString MainWindow::getProfileRootForArg()
return QString("\"%1\"").arg(dir);
}
bool MainWindow::secureSocket(bool secureSocket)
{
m_SecureSocket = secureSocket;
if (secureSocket) {
m_pLabelPadlock->show();
}
else {
m_pLabelPadlock->hide();
}
}

View File

@ -197,16 +197,18 @@ public slots:
#endif
QString getProfileRootForArg();
void checkConnected(const QString& line);
void checkFingerprint(const QString& line);
void checkSecureSocket(const QString& line);
#ifndef SYNERGY_ENTERPRISE
void checkLicense(const QString& line);
#endif
void checkFingerprint(const QString& line);
bool autoHide();
QString getTimeStamp();
void restartSynergy();
void proofreadInfo();
void showEvent (QShowEvent*);
bool secureSocket(bool secureSocket);
private:
QSettings& m_Settings;
@ -243,6 +245,7 @@ public slots:
bool m_ActivationDialogRunning;
QStringList m_PendingClientNames;
#endif
bool m_SecureSocket;
private slots:
void on_m_pButtonApply_clicked();