From b072af9b306010eb3b0e1702be92cfa25eb030bf Mon Sep 17 00:00:00 2001
From: "Richard J. Moore" <rich@kde.org>
Date: Sun, 16 Feb 2014 11:35:43 +0000
Subject: Prevent spurious SSL errors from local certificates.

Qt since approximately 4.4 has set the verify callback on both the SSL
store and the SSL context. Only the latter is actually needed. This is
normally not a problem, but openssl prior to 1.0.2 uses the verify
code to find the intermediate certificates for any local certificate
that has been set which can lead to verification errors for the local
certificate to be emitted.

Backport of 7c8131763de9e70ca56f16635716e7e00559b5d1

Task-number: QTBUG-33228
Task-number: QTBUG-7200
Task-number: QTBUG-24234

Change-Id: I65db8b658df9ff86095381c7b87d690258f03c3a
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
---
 src/network/ssl/qsslsocket_openssl.cpp | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index d88cace290..9f8477dd61 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -377,9 +377,6 @@ init_context:
             q_SSL_CTX_load_verify_locations(ctx, 0, unixDirs.at(a).constData());
     }
 
-    // Register a custom callback to get all verification errors.
-    X509_STORE_set_verify_cb_func(ctx->cert_store, q_X509Callback);
-
     if (!configuration.localCertificate.isNull()) {
         // Require a private key as well.
         if (configuration.privateKey.isNull()) {
-- 
cgit v1.2.3