DTLS: load roots from system stores only if allowed

Respect allowRootCertOnDemandLoading, as it's done in QSslSocket (well, almost as in QSslSocket). Change-Id: Ic6cbb24a91e92cdb20f5f749553f15a62aae8b02 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2018-08-15 09:38:58 +0200
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2018-08-15 18:19:25 +0000
commit: c5bde010eabb79b10cea630d366d94ff5981fa57 (patch)
tree: c3d68a4bb0b43e07d32efbbd80c0a50083f679e9
parent: b58da27aef4868ebadc14bab714675e72e82ee2a (diff)
2 files changed, 2 insertions, 3 deletions
diff --git a/src/network/ssl/qdtls.cpp b/src/network/ssl/qdtls.cpp
index e9c462cd80..da37951de2 100644
--- a/src/network/ssl/qdtls.cpp
+++ b/src/network/ssl/qdtls.cpp
@@ -369,6 +369,7 @@ void QDtlsBasePrivate::setConfiguration(const QSslConfiguration &configuration)
     dtlsConfiguration.nextNegotiatedProtocol = configuration.nextNegotiatedProtocol();
     dtlsConfiguration.nextProtocolNegotiationStatus = configuration.nextProtocolNegotiationStatus();
     dtlsConfiguration.dtlsCookieEnabled = configuration.dtlsCookieVerificationEnabled();
+    dtlsConfiguration.allowRootCertOnDemandLoading = configuration.d->allowRootCertOnDemandLoading;
 
     clearDtlsError();
 }
diff --git a/src/network/ssl/qdtls_openssl.cpp b/src/network/ssl/qdtls_openssl.cpp
index 1f4b5a0419..8be53df24f 100644
--- a/src/network/ssl/qdtls_openssl.cpp
+++ b/src/network/ssl/qdtls_openssl.cpp
@@ -732,11 +732,9 @@ bool DtlsState::initCtxAndConnection(QDtlsBasePrivate *dtlsBase)
     configurationCopy->ref.store(0); // the QSslConfiguration constructor refs up
 
     // DTLSTODO: check we do not set something DTLS-incompatible there ...
-    // 'true' - means load root certs on-demand loading - double check how this
-    // expected to be done (QSslSocket).
     TlsContext newContext(QSslContext::sharedFromConfiguration(dtlsBase->mode,
                                                                configurationCopy,
-                                                               true));
+                                                               dtlsBase->dtlsConfiguration.allowRootCertOnDemandLoading));
 
     if (newContext->error() != QSslError::NoError) {
         dtlsBase->setDtlsError(QDtlsError::TlsInitializationError, newContext->errorString());
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2018-08-15 09:38:58 +0200
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2018-08-15 18:19:25 +0000
commit	c5bde010eabb79b10cea630d366d94ff5981fa57 (patch)
tree	c3d68a4bb0b43e07d32efbbd80c0a50083f679e9
parent	b58da27aef4868ebadc14bab714675e72e82ee2a (diff)