From: Christian Kamm Date: Thu, 27 Apr 2017 08:13:55 +0000 (+0200) Subject: SSL error handling: Remove unnecessary confusing code X-Git-Tag: archive/raspbian/3.16.7-1_deb13u1+rpi1~1^2~756 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=c922015521451062c0c1e2ea41a9b30da4cf6a0b;p=nextcloud-desktop.git SSL error handling: Remove unnecessary confusing code I'm confident this is unnecessary. The original bug in #3283 was to call ignoreSslErrors() without an argument in the 'accept' case, which meant ignoring *all* subsequent SSL errors. With that fixed, explicitly aborting the reply and resetting QNAM is not needed since not ignoring the error will lead to the SSL handshake failing. See also: 75b38d1a2ffe57d0f1eb3ebb8c5f30b8b2a185e4 (workaround introduced) 89376e14d6135a6f39a6df99d54fde253573575c (real fix) 76ce5adbf02af052ab8d7596b8ded75c7d4d7fcb (cherry-pick of workaround) --- diff --git a/src/libsync/account.cpp b/src/libsync/account.cpp index b9f591b97..21c31e2d0 100644 --- a/src/libsync/account.cpp +++ b/src/libsync/account.cpp @@ -366,11 +366,8 @@ void Account::slotHandleSslErrors(QNetworkReply *reply , QList errors _rejectedCertificates.append(error.certificate()); } } - // if during normal operation, a new certificate was MITM'ed, and the user does not - // ACK it, the running request must be aborted and the QNAM must be reset, to not - // treat the new cert as granted. See bug #3283 - reply->abort(); - resetNetworkAccessManager(); + + // Not calling ignoreSslErrors will make the SSL handshake fail. return; } }