forked from qgis/QGIS
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make SSL error handling thread safe, avoid races and crashes when
SSL error occurs in non-main thread This commit reworks how SSL errors are handled in QGIS. Previously, ssl errors emitted by non-main thread QgsNetworkAccessManager instances were handled by the main thread in QgisApp on next event loop. But app (in the main thread) tried to pause the timeout timer for the QNetworkReply containing the error, which doesn't work, because you can't stop a timer in the main thread for a timer object created in another thread. This meant that the reply could get deleted in the background thread while the main thread was still using it and waiting for users to respond to the SSL error. Now the timer handling is done in the background thread's network access manager instance, so in the thread matching the reply's timeout timer. We then have to do some fancy thread locking using QWaitCondition, because we need to "pause" that thread until the SSL error is handled in the main thread -- if we don't pause the background thread, Qt immediately resumes the QNetworkReply without ever giving us the change to ignore ssl errors in the reply. Phew! Additionally, the previous approach had a shortcoming in that there was no way to notify background threads that ssl errors had actually be handled. To do this we need a new signal which can be fired after app has shown the ssl dialog and given users a chance to respond. BUT... we can't safely do this -- if we add a method to notify background threads when ssl errors have been handled, then it CANNOT safely reside in app -- doing so would break for QGIS server and QField etc, where theres no app instance around to provide this notification. As a result I've abstracted out the ssl error handling. By default there's a simple error handler which just logs errors and returns without ignoring them (i.e. default Qt behavior, an ssl error cancels the request). App has a specific subclass of the ssl error handler which presents the nice dialog and asks users to choose what to do. Potentially server could decide to make its own subclass too, which could e.g. ignore SSL warnings if an environment variable is present (but at the moment the behavior is effectively unchanged for server). The end result is that SSL error handling should now be totally thread safe, and we shouldn't hit any more deadlocks and crashes when ssl errors occur in background threads. I've also taken the opportunity to add a new signal which is always emitted by the main thread QgsNetworkAccessManager instance, which is emitted whenever ANY request on any thread encounters an SSL error, and contains the requestId so that the ssl error can be linked back to the originating request. This is for debugging, and for use by the network monitoring plugin to show ssl errors encountered by requests.
- Loading branch information
1 parent
c44f8f0
commit 2e3a717
Showing
8 changed files
with
366 additions
and
91 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
/*************************************************************************** | ||
qgsappsslerrorhandler.cpp | ||
--------------------------- | ||
begin : December 2018 | ||
copyright : (C) 2018 by Nyall Dawson | ||
email : nyall dot dawson at gmail dot com | ||
*************************************************************************** | ||
* * | ||
* This program is free software; you can redistribute it and/or modify * | ||
* it under the terms of the GNU General Public License as published by * | ||
* the Free Software Foundation; either version 2 of the License, or * | ||
* (at your option) any later version. * | ||
* * | ||
***************************************************************************/ | ||
|
||
#include "qgsappsslerrorhandler.h" | ||
#include "qgslogger.h" | ||
#include "qgsauthcertutils.h" | ||
#include "qgsapplication.h" | ||
#include "qgsauthmanager.h" | ||
#include "qgsauthsslerrorsdialog.h" | ||
#include "qgisapp.h" | ||
|
||
void QgsAppSslErrorHandler::handleSslErrors( QNetworkReply *reply, const QList<QSslError> &errors ) | ||
{ | ||
Q_ASSERT( QThread::currentThread() == QApplication::instance()->thread() ); | ||
|
||
QgsDebugMsg( QStringLiteral( "SSL errors occurred accessing URL:\n%1" ).arg( reply->request().url().toString() ) ); | ||
|
||
QString hostport( QStringLiteral( "%1:%2" ) | ||
.arg( reply->url().host() ) | ||
.arg( reply->url().port() != -1 ? reply->url().port() : 443 ) | ||
.trimmed() ); | ||
QString digest( QgsAuthCertUtils::shaHexForCert( reply->sslConfiguration().peerCertificate() ) ); | ||
QString dgsthostport( QStringLiteral( "%1:%2" ).arg( digest, hostport ) ); | ||
|
||
const QHash<QString, QSet<QSslError::SslError> > &errscache( QgsApplication::authManager()->ignoredSslErrorCache() ); | ||
|
||
if ( errscache.contains( dgsthostport ) ) | ||
{ | ||
QgsDebugMsg( QStringLiteral( "Ignored SSL errors cached item found, ignoring errors if they match for %1" ).arg( hostport ) ); | ||
const QSet<QSslError::SslError> &errenums( errscache.value( dgsthostport ) ); | ||
bool ignore = !errenums.isEmpty(); | ||
int errmatched = 0; | ||
if ( ignore ) | ||
{ | ||
for ( const QSslError &error : errors ) | ||
{ | ||
if ( error.error() == QSslError::NoError ) | ||
continue; | ||
|
||
bool errmatch = errenums.contains( error.error() ); | ||
ignore = ignore && errmatch; | ||
errmatched += errmatch ? 1 : 0; | ||
} | ||
} | ||
|
||
if ( ignore && errenums.size() == errmatched ) | ||
{ | ||
QgsDebugMsg( QStringLiteral( "Errors matched cached item's, ignoring all for %1" ).arg( hostport ) ); | ||
reply->ignoreSslErrors(); | ||
return; | ||
} | ||
|
||
QgsDebugMsg( QStringLiteral( "Errors %1 for cached item for %2" ) | ||
.arg( errenums.isEmpty() ? QStringLiteral( "not found" ) : QStringLiteral( "did not match" ), | ||
hostport ) ); | ||
} | ||
|
||
QgsAuthSslErrorsDialog *dlg = new QgsAuthSslErrorsDialog( reply, errors, QgisApp::instance(), digest, hostport ); | ||
dlg->setWindowModality( Qt::ApplicationModal ); | ||
dlg->resize( 580, 512 ); | ||
if ( dlg->exec() ) | ||
{ | ||
if ( reply ) | ||
{ | ||
QgsDebugMsg( QStringLiteral( "All SSL errors ignored for %1" ).arg( hostport ) ); | ||
reply->ignoreSslErrors(); | ||
} | ||
} | ||
dlg->deleteLater(); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
/*************************************************************************** | ||
qgsappsslerrorhandler.h | ||
------------------------- | ||
begin : December 2018 | ||
copyright : (C) 2018 by Nyall Dawson | ||
email : nyall dot dawson at gmail dot com | ||
*************************************************************************** | ||
* * | ||
* This program is free software; you can redistribute it and/or modify * | ||
* it under the terms of the GNU General Public License as published by * | ||
* the Free Software Foundation; either version 2 of the License, or * | ||
* (at your option) any later version. * | ||
* * | ||
***************************************************************************/ | ||
#ifndef QGSAPPSSLERRORHANDLER_H | ||
#define QGSAPPSSLERRORHANDLER_H | ||
|
||
#include "qgsnetworkaccessmanager.h" | ||
|
||
class CORE_EXPORT QgsAppSslErrorHandler : public QgsSslErrorHandler | ||
{ | ||
Q_OBJECT | ||
|
||
public slots: | ||
|
||
void handleSslErrors( QNetworkReply *reply, const QList<QSslError> &errors ) override; | ||
|
||
}; | ||
|
||
|
||
#endif // QGSAPPSSLERRORHANDLER_H |
Oops, something went wrong.