quassel/quassel_0.13.1_CVE-2021-34825.patch
2021-06-20 00:38:00 -04:00

19 lines
994 B
Diff

diff --git src/core/sslserver.cpp src/core/sslserver.cpp
index de420bd8..e4fcbc32 100644
--- src/core/sslserver.cpp
+++ src/core/sslserver.cpp
@@ -52,6 +52,13 @@ SslServer::SslServer(QObject *parent)
// Initialize the certificates for first-time usage
if (!loadCerts()) {
+ // If the core is unable to load a certificate, and "--require-ssl" is specified,
+ // do not proceed, throw an exception and quit. This prevents the core from falling
+ // back to a plaintext-only core when they should be expecting SSL/TLS only.
+ if (Quassel::isOptionSet("require-ssl")) {
+ throw ExitException{EXIT_FAILURE, tr("--require-ssl is set, but no SSL certificate is available. Exiting.\n"
+ "Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support.")};
+ }
if (!sslWarningShown) {
quWarning()
<< "SslServer: Unable to set certificate file\n"