Ssl: Windows: Don't load Crypt32 symbols on runtime

We have linked against Crypt32 for a while. Change-Id: I7ec9401a63d7405e4b5357d6589501e997e31aca Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
author: Mårten Nordheim <marten.nordheim@qt.io> 2018-11-14 15:16:00 +0100
committer: Mårten Nordheim <marten.nordheim@qt.io> 2018-11-16 10:54:23 +0000
commit: a5e1dc5e9207a6068a8d42533dd77891c1a426cb (patch)
tree: db4384f9d6948d14f2c6a828d47162dc02380656
parent: 5725809fe717f525f47dbe4165b9801c9437b152 (diff)
4 files changed, 15 insertions, 65 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 37bb3e4933..c4306abdf8 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -87,12 +87,6 @@
 
 QT_BEGIN_NAMESPACE
 
-#if defined(Q_OS_WIN)
-    PtrCertOpenSystemStoreW QSslSocketPrivate::ptrCertOpenSystemStoreW = nullptr;
-    PtrCertFindCertificateInStore QSslSocketPrivate::ptrCertFindCertificateInStore = nullptr;
-    PtrCertCloseStore QSslSocketPrivate::ptrCertCloseStore = nullptr;
-#endif
-
 bool QSslSocketPrivate::s_libraryLoaded = false;
 bool QSslSocketPrivate::s_loadedCiphersAndCerts = false;
 bool QSslSocketPrivate::s_loadRootCertsOnDemand = false;
@@ -544,22 +538,20 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
 #endif
     QList<QSslCertificate> systemCerts;
 #if defined(Q_OS_WIN)
-    if (ptrCertOpenSystemStoreW && ptrCertFindCertificateInStore && ptrCertCloseStore) {
-        HCERTSTORE hSystemStore;
-        hSystemStore = ptrCertOpenSystemStoreW(0, L"ROOT");
-        if (hSystemStore) {
-            PCCERT_CONTEXT pc = nullptr;
-            while (1) {
-                pc = ptrCertFindCertificateInStore(hSystemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, nullptr, pc);
-                if (!pc)
-                    break;
-                QByteArray der(reinterpret_cast<const char *>(pc->pbCertEncoded),
-                               static_cast<int>(pc->cbCertEncoded));
-                QSslCertificate cert(der, QSsl::Der);
-                systemCerts.append(cert);
-            }
-            ptrCertCloseStore(hSystemStore, 0);
+    HCERTSTORE hSystemStore;
+    hSystemStore = CertOpenSystemStoreW(0, L"ROOT");
+    if (hSystemStore) {
+        PCCERT_CONTEXT pc = nullptr;
+        while (1) {
+            pc = CertFindCertificateInStore(hSystemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, nullptr, pc);
+            if (!pc)
+                break;
+            QByteArray der(reinterpret_cast<const char *>(pc->pbCertEncoded),
+                            static_cast<int>(pc->cbCertEncoded));
+            QSslCertificate cert(der, QSsl::Der);
+            systemCerts.append(cert);
         }
+        CertCloseStore(hSystemStore, 0);
     }
 #elif defined(Q_OS_UNIX)
     QSet<QString> certFiles;
diff --git a/src/network/ssl/qsslsocket_openssl11.cpp b/src/network/ssl/qsslsocket_openssl11.cpp
index 2a2667bd48..b60b8be41f 100644
--- a/src/network/ssl/qsslsocket_openssl11.cpp
+++ b/src/network/ssl/qsslsocket_openssl11.cpp
@@ -122,21 +122,7 @@ void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
 
 #if QT_CONFIG(library)
     //load symbols needed to receive certificates from system store
-#if defined(Q_OS_WIN)
-    HINSTANCE hLib = LoadLibraryW(L"Crypt32");
-    if (hLib) {
-        ptrCertOpenSystemStoreW = reinterpret_cast<PtrCertOpenSystemStoreW>(
-            reinterpret_cast<QFunctionPointer>(GetProcAddress(hLib, "CertOpenSystemStoreW")));
-        ptrCertFindCertificateInStore = reinterpret_cast<PtrCertFindCertificateInStore>(
-            reinterpret_cast<QFunctionPointer>(GetProcAddress(hLib, "CertFindCertificateInStore")));
-        ptrCertCloseStore = reinterpret_cast<PtrCertCloseStore>(
-            reinterpret_cast<QFunctionPointer>(GetProcAddress(hLib, "CertCloseStore")));
-        if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore)
-            qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen
-    } else {
-        qCWarning(lcSsl, "could not load crypt32 library"); // should never happen
-    }
-#elif defined(Q_OS_QNX)
+#if defined(Q_OS_QNX)
     s_loadRootCertsOnDemand = true;
 #elif defined(Q_OS_UNIX) && !defined(Q_OS_DARWIN)
     // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there)
diff --git a/src/network/ssl/qsslsocket_opensslpre11.cpp b/src/network/ssl/qsslsocket_opensslpre11.cpp
index bc4fd9dc85..f5aab821ea 100644
--- a/src/network/ssl/qsslsocket_opensslpre11.cpp
+++ b/src/network/ssl/qsslsocket_opensslpre11.cpp
@@ -251,21 +251,7 @@ void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
 
 #if QT_CONFIG(library)
     //load symbols needed to receive certificates from system store
-#if defined(Q_OS_WIN)
-    HINSTANCE hLib = LoadLibraryW(L"Crypt32");
-    if (hLib) {
-        ptrCertOpenSystemStoreW = reinterpret_cast<PtrCertOpenSystemStoreW>(
-            reinterpret_cast<QFunctionPointer>(GetProcAddress(hLib, "CertOpenSystemStoreW")));
-        ptrCertFindCertificateInStore = reinterpret_cast<PtrCertFindCertificateInStore>(
-            reinterpret_cast<QFunctionPointer>(GetProcAddress(hLib, "CertFindCertificateInStore")));
-        ptrCertCloseStore = reinterpret_cast<PtrCertCloseStore>(
-            reinterpret_cast<QFunctionPointer>(GetProcAddress(hLib, "CertCloseStore")));
-        if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore)
-            qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen
-    } else {
-        qCWarning(lcSsl, "could not load crypt32 library"); // should never happen
-    }
-#elif defined(Q_OS_QNX)
+#if defined(Q_OS_QNX)
     s_loadRootCertsOnDemand = true;
 #elif defined(Q_OS_UNIX) && !defined(Q_OS_MACOS)
     // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there)
diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
index c27496ec02..2f394f013b 100644
--- a/src/network/ssl/qsslsocket_p.h
+++ b/src/network/ssl/qsslsocket_p.h
@@ -89,14 +89,6 @@ QT_BEGIN_NAMESPACE
     typedef OSStatus (*PtrSecTrustCopyAnchorCertificates)(CFArrayRef*);
 #endif
 
-#if defined(Q_OS_WIN) && !defined(Q_OS_WINRT)
-    typedef HCERTSTORE (WINAPI *PtrCertOpenSystemStoreW)(HCRYPTPROV_LEGACY, LPCWSTR);
-    typedef PCCERT_CONTEXT (WINAPI *PtrCertFindCertificateInStore)(HCERTSTORE, DWORD, DWORD, DWORD, const void*, PCCERT_CONTEXT);
-    typedef BOOL (WINAPI *PtrCertCloseStore)(HCERTSTORE, DWORD);
-#endif // Q_OS_WIN && !Q_OS_WINRT
-
-
-
 class QSslSocketPrivate : public QTcpSocketPrivate
 {
     Q_DECLARE_PUBLIC(QSslSocket)
@@ -155,12 +147,6 @@ public:
                                                      const QString &peerName);
     Q_AUTOTEST_EXPORT static bool isMatchingHostname(const QString &cn, const QString &hostname);
 
-#if defined(Q_OS_WIN) && !defined(Q_OS_WINRT)
-    static PtrCertOpenSystemStoreW ptrCertOpenSystemStoreW;
-    static PtrCertFindCertificateInStore ptrCertFindCertificateInStore;
-    static PtrCertCloseStore ptrCertCloseStore;
-#endif // Q_OS_WIN && !Q_OS_WINRT
-
     // The socket itself, including private slots.
     QTcpSocket *plainSocket;
     void createPlainSocket(QIODevice::OpenMode openMode);
author	Mårten Nordheim <marten.nordheim@qt.io>	2018-11-14 15:16:00 +0100
committer	Mårten Nordheim <marten.nordheim@qt.io>	2018-11-16 10:54:23 +0000
commit	a5e1dc5e9207a6068a8d42533dd77891c1a426cb (patch)
tree	db4384f9d6948d14f2c6a828d47162dc02380656
parent	5725809fe717f525f47dbe4165b9801c9437b152 (diff)