GlobalProtect-openconnect icon indicating copy to clipboard operation
GlobalProtect-openconnect copied to clipboard

Published 20 hours ago verified publisher icon yuezk

sslError not implemented in samlloginwindow.cpp

Open jreo opened this issue 3 years ago • 4 comments

When the certificate on the gateway is expired or invalid, the window stays open, displays the ERR_CERT_AUTHORITY_INVALID message and does not handle the error. Sem título

jreo avatar Jan 25 '22 23:01 jreo

Will take care of it in the future release.

yuezk avatar Jan 26 '22 10:01 yuezk

The same problem occur in normal login, if the certificate is expired or invalid the OpenConnect return an option to trust in the server with suggestion to use -servercert pin-sha256:s2/XXXXXXXXXXXXXXX. Which in terms of security doesn't make any sense. The Client GUI does not notice this, it proceeds as if it is connected.

jreo avatar Jan 27 '22 12:01 jreo

Don't suppose anyone has a clever workaround for this one do they?

draxil avatar May 25 '22 11:05 draxil

Wy not? Solution in for everything, just implement.

My suggestion:

In samlloginwindow.cpp

#include "customwebenginepage.h"

webView->setPage(new CustomWebEnginePage());

customwebenginepage.h #ifndef CUSTOMWEBENGINEPAGE_H #define CUSTOMWEBENGINEPAGE_H

#include <QWebEnginePage>

class CustomWebEnginePage : public QWebEnginePage { public: CustomWebEnginePage();

protected: bool certificateError(const QWebEngineCertificateError &certificateError) override;

};

#endif // CUSTOMWEBENGINEPAGE_H

customwebenginepage.cpp #include <QWebEngineCertificateError> #include "customwebenginepage.h"

CustomWebEnginePage::CustomWebEnginePage() {

}

bool CustomWebEnginePage::certificateError(const QWebEngineCertificateError &certificateError) { if (certificateError.isOverridable()) { Fail_SslCert = "True";
return true; } else { Fail_SslCert = "True"; return true; } return false; }

jreo avatar Jul 20 '22 17:07 jreo

No longer a problem in 2.x, closing.

yuezk avatar Jan 25 '24 05:01 yuezk