diff options
author | Daniel Molkentin <daniel@molkentin.de> | 2015-11-16 15:06:15 +0100 |
---|---|---|
committer | Daniel Molkentin (ownCloud) <danimo@owncloud.com> | 2015-11-24 16:30:21 +0000 |
commit | fe3a84138e266c425f11353f7d8dc28a588af89e (patch) | |
tree | c8304282752cf0b0533d602cabb3191f0c6e0dac /src/network/ssl/qsslsocket.cpp | |
parent | d42d7781f1cd62c3c7c008859507f24a1ff5bb2a (diff) |
QSslSocket: evaluate CAs in all keychain categories
This will make sure that certs in the domainUser (login),
and domainAdmin (per machine) keychain are being picked up
in systemCaCertificates() in addition to the (usually immutable)
DomainSystem keychain.
Also consider the trust settings on OS X: If a certificate
is either fully trusted or trusted for the purpose of SSL,
it will be accepted.
[ChangeLog][Platform Specific Changes] OS X now accepts trusted
certificates from the login and system keychains.
Task-number: QTBUG-32898
Change-Id: Ia23083d5af74388eeee31ba07239735cbbe64368
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
Diffstat (limited to 'src/network/ssl/qsslsocket.cpp')
-rw-r--r-- | src/network/ssl/qsslsocket.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 805adc734f..1dfd87a0f8 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -1507,6 +1507,10 @@ QList<QSslCertificate> QSslSocket::defaultCaCertificates() returned by defaultCaCertificates(). You can replace that database with your own with setDefaultCaCertificates(). + \note: On OS X, only certificates that are either trusted for all + purposes or trusted for the purpose of SSL in the keychain will be + returned. + \sa caCertificates(), defaultCaCertificates(), setDefaultCaCertificates() */ QList<QSslCertificate> QSslSocket::systemCaCertificates() |