summaryrefslogtreecommitdiffstats
path: root/src/network/access/qnetworkreply.cpp
diff options
context:
space:
mode:
authorPeter Hartmann <phartmann@rim.com>2013-02-13 11:59:38 +0100
committerThe Qt Project <gerrit-noreply@qt-project.org>2013-02-16 09:28:03 +0100
commiteaa18f306341818165c2ee4fc22750da04d5e45e (patch)
tree646e93213844365f5d9c4a16f17d576a79866848 /src/network/access/qnetworkreply.cpp
parentabb8beb06490123f1a4a2053d728ae2891726a88 (diff)
SSL docs: Be more explicit about the threats of ignoring SSL errors
... because almost everybody gets it wrong almost every time. Change-Id: I54938ef094323ba8de02186b585b11b9579f3ca4 Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src/network/access/qnetworkreply.cpp')
-rw-r--r--src/network/access/qnetworkreply.cpp9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/network/access/qnetworkreply.cpp b/src/network/access/qnetworkreply.cpp
index 669725b016..fd3b7760cb 100644
--- a/src/network/access/qnetworkreply.cpp
+++ b/src/network/access/qnetworkreply.cpp
@@ -680,8 +680,13 @@ void QNetworkReply::ignoreSslErrorsImplementation(const QList<QSslError> &)
connection will be ignored, including certificate validation
errors.
- Note that calling this function without restraint may pose a
- security risk for your application. Use it with care.
+ \warning Be sure to always let the user inspect the errors
+ reported by the sslErrors() signal, and only call this method
+ upon confirmation from the user that proceeding is ok.
+ If there are unexpected errors, the reply should be aborted.
+ Calling this method without inspecting the actual errors will
+ most likely pose a security risk for your application. Use it
+ with great care!
This function can be called from the slot connected to the
sslErrors() signal, which indicates which errors were