diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2020-05-14 16:40:08 +0200 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2020-05-29 16:58:43 +0200 |
commit | 73158a9cb0942c2cdb3c6a98bcfd5763eed65c85 (patch) | |
tree | 0ac4b5b9a110d0c0b76ea9d9a758b18a106ea43e /src/corelib/text/qbytearray.cpp | |
parent | 2216f10ffdd7e6e836dd0b63f5130bcac2f071d7 (diff) |
CA fetcher (Windows) - relax the logic a bit
In case a certificate chain is missing an intermediate,
for a certificate having "Authority Information Access"
extension it's possible to fetch this intermediate and
build the chain up to the trusted root. Unfortunately,
it's not always possible to install the root certificate
in the system "ROOT" store and then an application
wants to set it in the socket's configuration,
using setCaCertificates(). But this call also
disables CA fetcher ('no on demand root loading').
It makes sense to relax this logic for such
certificates and try to fetch the intermediate CA
and then have the complete chain verified.
Pick-to: 5.15
Fixes: QTBUG-84173
Change-Id: I5b9b4271767eba6f5fd2b5cf05e942360c6aa245
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/corelib/text/qbytearray.cpp')
0 files changed, 0 insertions, 0 deletions