QSslSocket::addCaCertificates - do not duplicate certs

If we already know the certificate, there is no need in adding it again.
This function is deprecated, but will stay forever in 5.15.

Pick-to: 5.15
Change-Id: I760f5bcffea78ac02c5643ee1112725edd32f15a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>

1 files changed, 2 insertions, 2 deletions

diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 324ca6eea6..4c96c02ade 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -1709,14 +1709,14 @@ void QSslSocketBackendPrivate::fetchCaRootForCert(const QSslCertificate &cert)
 //This is the callback from QWindowsCaRootFetcher, trustedRoot will be invalid (default constructed) if it failed.
 void QSslSocketBackendPrivate::_q_caRootLoaded(QSslCertificate cert, QSslCertificate trustedRoot)
 {
-    Q_Q(QSslSocket);
     if (!trustedRoot.isNull() && !trustedRoot.isBlacklisted()) {
         if (s_loadRootCertsOnDemand) {
             //Add the new root cert to default cert list for use by future sockets
             QSslSocket::addDefaultCaCertificate(trustedRoot);
         }
         //Add the new root cert to this socket for future connections
-        q->addCaCertificate(trustedRoot);
+        if (!configuration.caCertificates.contains(trustedRoot))
+            configuration.caCertificates += trustedRoot;
         //Remove the broken chain ssl errors (as chain is verified by windows)
         for (int i=sslErrors.count() - 1; i >= 0; --i) {
             if (sslErrors.at(i).certificate() == cert) {