Prevent spurious SSL errors from local certificates.

Qt since approximately 4.4 has set the verify callback on both the SSL store and the SSL context. Only the latter is actually needed. This is normally not a problem, but openssl prior to 1.0.2 uses the verify code to find the intermediate certificates for any local certificate that has been set which can lead to verification errors for the local certificate to be emitted. Backport of 7c8131763de9e70ca56f16635716e7e00559b5d1 Task-number: QTBUG-33228 Task-number: QTBUG-7200 Task-number: QTBUG-24234 Change-Id: I65db8b658df9ff86095381c7b87d690258f03c3a Reviewed-by: Daniel Molkentin <daniel@molkentin.de> Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
author: Richard J. Moore <rich@kde.org> 2014-02-16 11:35:43 +0000
committer: The Qt Project <gerrit-noreply@qt-project.org> 2014-03-13 17:17:06 +0100
commit: b072af9b306010eb3b0e1702be92cfa25eb030bf (patch)
tree: cb34c24a849bc5426a3d386f42cad3d60e875793
parent: 29b34708469d3b5ce08c4d724e047a395a10caac (diff)
1 files changed, 0 insertions, 3 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index d88cace290..9f8477dd61 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -377,9 +377,6 @@ init_context:
             q_SSL_CTX_load_verify_locations(ctx, 0, unixDirs.at(a).constData());
     }
 
-    // Register a custom callback to get all verification errors.
-    X509_STORE_set_verify_cb_func(ctx->cert_store, q_X509Callback);
-
     if (!configuration.localCertificate.isNull()) {
         // Require a private key as well.
         if (configuration.privateKey.isNull()) {
author	Richard J. Moore <rich@kde.org>	2014-02-16 11:35:43 +0000
committer	The Qt Project <gerrit-noreply@qt-project.org>	2014-03-13 17:17:06 +0100
commit	b072af9b306010eb3b0e1702be92cfa25eb030bf (patch)
tree	cb34c24a849bc5426a3d386f42cad3d60e875793
parent	29b34708469d3b5ce08c4d724e047a395a10caac (diff)