diff options
author | Jeremy Lainé <jeremy.laine@m4x.org> | 2014-08-30 16:39:29 +0200 |
---|---|---|
committer | Jeremy Lainé <jeremy.laine@m4x.org> | 2014-08-30 17:36:23 +0200 |
commit | 5c3a499c9ffbf2d4872dd6a6916b3a3a9a7d9cdd (patch) | |
tree | 9ea3da5c7856f1ae48b192e3f4999a8e775bc7b3 /src/network/ssl/qsslcertificate_qt.cpp | |
parent | 2fd0afc1f87edf28295caeaeb8a830d888a3e81b (diff) |
ssl: disable (broken) i/o on DER encoded keys
QSslKey currently has methods which supposedly allow decoding and
encoding private keys as DER protected by a passphrase. This is
broken by design as explained in QTBUG-41038, as storing the encrypted
DER data alone makes no sense: such a file lacks the necessary
information about the encryption algorithm and initialization vector.
This change:
- explicitly stops using the passphrase when decoding DER in the
constructor. The behavior is unchanged, it is not possible to
read the encrypted DER alone.
- refuses to honor the passphrase to DER encode a private key. The toDer
method now outputs an empty QByteArray instead of garbage.
Task-number: QTBUG-41038
Change-Id: I4281050cf1104f12d154db201a173633bfe22bd9
Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src/network/ssl/qsslcertificate_qt.cpp')
-rw-r--r-- | src/network/ssl/qsslcertificate_qt.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/network/ssl/qsslcertificate_qt.cpp b/src/network/ssl/qsslcertificate_qt.cpp index 26c9c5e64e..391ee6f7f9 100644 --- a/src/network/ssl/qsslcertificate_qt.cpp +++ b/src/network/ssl/qsslcertificate_qt.cpp @@ -143,7 +143,7 @@ QSslKey QSslCertificate::publicKey() const key.d->type = QSsl::PublicKey; if (d->publicKeyAlgorithm != QSsl::Opaque) { key.d->algorithm = d->publicKeyAlgorithm; - key.d->decodeDer(d->publicKeyDerData, QByteArray()); + key.d->decodeDer(d->publicKeyDerData); } return key; } |