diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-08-15 09:38:58 +0200 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-08-15 18:19:25 +0000 |
commit | c5bde010eabb79b10cea630d366d94ff5981fa57 (patch) | |
tree | c3d68a4bb0b43e07d32efbbd80c0a50083f679e9 | |
parent | b58da27aef4868ebadc14bab714675e72e82ee2a (diff) |
DTLS: load roots from system stores only if allowed
Respect allowRootCertOnDemandLoading, as it's done in QSslSocket (well,
almost as in QSslSocket).
Change-Id: Ic6cbb24a91e92cdb20f5f749553f15a62aae8b02
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
-rw-r--r-- | src/network/ssl/qdtls.cpp | 1 | ||||
-rw-r--r-- | src/network/ssl/qdtls_openssl.cpp | 4 |
2 files changed, 2 insertions, 3 deletions
diff --git a/src/network/ssl/qdtls.cpp b/src/network/ssl/qdtls.cpp index e9c462cd80..da37951de2 100644 --- a/src/network/ssl/qdtls.cpp +++ b/src/network/ssl/qdtls.cpp @@ -369,6 +369,7 @@ void QDtlsBasePrivate::setConfiguration(const QSslConfiguration &configuration) dtlsConfiguration.nextNegotiatedProtocol = configuration.nextNegotiatedProtocol(); dtlsConfiguration.nextProtocolNegotiationStatus = configuration.nextProtocolNegotiationStatus(); dtlsConfiguration.dtlsCookieEnabled = configuration.dtlsCookieVerificationEnabled(); + dtlsConfiguration.allowRootCertOnDemandLoading = configuration.d->allowRootCertOnDemandLoading; clearDtlsError(); } diff --git a/src/network/ssl/qdtls_openssl.cpp b/src/network/ssl/qdtls_openssl.cpp index 1f4b5a0419..8be53df24f 100644 --- a/src/network/ssl/qdtls_openssl.cpp +++ b/src/network/ssl/qdtls_openssl.cpp @@ -732,11 +732,9 @@ bool DtlsState::initCtxAndConnection(QDtlsBasePrivate *dtlsBase) configurationCopy->ref.store(0); // the QSslConfiguration constructor refs up // DTLSTODO: check we do not set something DTLS-incompatible there ... - // 'true' - means load root certs on-demand loading - double check how this - // expected to be done (QSslSocket). TlsContext newContext(QSslContext::sharedFromConfiguration(dtlsBase->mode, configurationCopy, - true)); + dtlsBase->dtlsConfiguration.allowRootCertOnDemandLoading)); if (newContext->error() != QSslError::NoError) { dtlsBase->setDtlsError(QDtlsError::TlsInitializationError, newContext->errorString()); |