Add support for intermediate certificates to server sockets.

Add intermediate certificates to our server sockets, and to our client certs. Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba Task-Number: QTBUG-19825 Task-Number: QTBUG-13281 Reviewed-by: Peter Hartmann <phartmann@rim.com>
author: Richard Moore <rich@kde.org> 2013-02-11 22:31:00 +0000
committer: The Qt Project <gerrit-noreply@qt-project.org> 2013-02-19 21:37:24 +0100
commit: 7898080ca78ceec15163976390979631fcbd178d (patch)
tree: 7cfc458b51addf0a6ddd585700335030e9d2c56e /src/network/ssl/qsslcontext.cpp
parent: 4a07519877b4b3aad45d1a727487d9e87630973b (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/src/network/ssl/qsslcontext.cpp b/src/network/ssl/qsslcontext.cpp
index f75ff3796d..22ad42116b 100644
--- a/src/network/ssl/qsslcontext.cpp
+++ b/src/network/ssl/qsslcontext.cpp
@@ -234,6 +234,17 @@ init_context:
             sslContext->errorCode = QSslError::UnspecifiedError;
             return sslContext;
         }
+
+        // If we have any intermediate certificates then we need to add them to our chain
+        bool first = true;
+        foreach (const QSslCertificate &cert, configuration.d->localCertificateChain) {
+            if (first) {
+                first = false;
+                continue;
+            }
+            q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0,
+                           q_X509_dup(reinterpret_cast<X509 *>(cert.handle())));
+        }
     }
 
     // Initialize peer verification.
author	Richard Moore <rich@kde.org>	2013-02-11 22:31:00 +0000
committer	The Qt Project <gerrit-noreply@qt-project.org>	2013-02-19 21:37:24 +0100
commit	7898080ca78ceec15163976390979631fcbd178d (patch)
tree	7cfc458b51addf0a6ddd585700335030e9d2c56e /src/network/ssl/qsslcontext.cpp
parent	4a07519877b4b3aad45d1a727487d9e87630973b (diff)