diff options
author | Marc Mutz <marc.mutz@kdab.com> | 2015-10-23 16:32:59 +0200 |
---|---|---|
committer | Marc Mutz <marc.mutz@kdab.com> | 2015-10-27 18:27:59 +0000 |
commit | 474bee61e4a1c6797ff876bd0ae25ba87d33a4ec (patch) | |
tree | b2dd1bf81432d38ea5c35d8e90fdb772688c212c /src/network/ssl/qsslcontext_openssl.cpp | |
parent | 1e32ade79ced64597ef4148f16e0d8a329733c4e (diff) |
QtNetwork: convert some QDateTime::currentDateTime() to currentDateTimeUtc()
The latter is much faster as it doesn't have to deal with
time zones.
This change is safe, because the QDateTimes are only used for
comparison with other QDateTimes, which, from a quick glance around,
seem to be mostly, if not exclusively, in UTC. Comparsions work
across time zones, but the comparison between UTC date-times is
fastest.
Credits to Milian Wolff, from whose QtWS15 talk this advice is
taken.
Change-Id: I6859d886d8dc8e0a52fbe394fbb7b93a87b4739a
Reviewed-by: Milian Wolff <milian.wolff@kdab.com>
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@theqtcompany.com>
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
Diffstat (limited to 'src/network/ssl/qsslcontext_openssl.cpp')
-rw-r--r-- | src/network/ssl/qsslcontext_openssl.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp index b88ab54038..68caaeb6dc 100644 --- a/src/network/ssl/qsslcontext_openssl.cpp +++ b/src/network/ssl/qsslcontext_openssl.cpp @@ -215,6 +215,8 @@ init_context: return sslContext; } + const QDateTime now = QDateTime::currentDateTimeUtc(); + // Add all our CAs to this store. foreach (const QSslCertificate &caCertificate, sslContext->sslConfiguration.caCertificates()) { // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: @@ -228,7 +230,7 @@ init_context: // certificates mixed with valid ones. // // See also: QSslSocketBackendPrivate::verify() - if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) { + if (caCertificate.expiryDate() >= now) { q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); } } |