diff options
| author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2020-11-20 10:34:15 +0100 |
|---|---|---|
| committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2020-12-01 05:09:29 +0000 |
| commit | 65e2837b30becb745036f13d98a9472a0332b152 (patch) | |
| tree | e168715a378e0da9ebd0609537ff1674c3a337e2 /src/corelib/global/qhooks.cpp | |
| parent | 440134815c3cfb102207903ba80b83da064906c9 (diff) | |
QSslSocket::verify: do not alter the default configuration
QSslCertificate::verify() has an undocumented and not very desirable property -
on some platorms it updates the default configuration, which can be surprising.
For example, we deprecated QSslSocket::setDefaultCaCertificates() and recommend
using QSslConfiguration::defaultConfiguration(), QSslConfiguration::setDefaultConfiguration(),
and QSslConfiguration::setCaCertificates(). If an application does this to select
CA roots it trusts explicitly, and then for some reason is calling verify, the
application can have its QSslSockets successfully connecting to a host, whose
root was not trusted by the application. Also, on Windows, defaultCaCertificates()
include system roots already, no need to have them twice.
[ChangeLog][QtCore][QtNetwork] QSslSocket::verify - do not change the default configuration
Fixes: QTBUG-88639
Change-Id: I1cd40b259d0a6dcd15c78d1e7c027ff10859595c
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 1158ff67b492853b72199ed78bfcf24132e1c7ff)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src/corelib/global/qhooks.cpp')
0 files changed, 0 insertions, 0 deletions