CA fetcher - do not add CA root if it's already present

As it was found recently CA fetcher, while building a chain with a missing intermediary, may return the root we are already aware of (had in the "ROOT" store). While this is in general harmless, it can be a bit surprising if some code is analyzing the list of CA certificates after a handshake. Pick-to: 5.15 Change-Id: I1df3b537e2a812de17e2c94ad4643cf36e7e946f Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2020-05-11 12:06:38 +0200
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2020-05-11 14:18:44 +0200
commit: 479c3bd93be061fab5753940fbc64b514e29615b (patch)
tree: fa51eea4e7f401ee4dd01193aef7a1f336c545e1 /src/network/ssl/qsslsocket.cpp
parent: b428e98052aa1b97a42f31ed52b1266d17e186ee (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index 5252f3348b..667a2e7267 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -2467,6 +2467,8 @@ void QSslSocketPrivate::addDefaultCaCertificate(const QSslCertificate &cert)
 {
     QSslSocketPrivate::ensureInitialized();
     QMutexLocker locker(&globalData()->mutex);
+    if (globalData()->config->caCertificates.contains(cert))
+        return;
     globalData()->config.detach();
     globalData()->config->caCertificates += cert;
     globalData()->dtlsConfig.detach();
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2020-05-11 12:06:38 +0200
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2020-05-11 14:18:44 +0200
commit	479c3bd93be061fab5753940fbc64b514e29615b (patch)
tree	fa51eea4e7f401ee4dd01193aef7a1f336c545e1 /src/network/ssl/qsslsocket.cpp
parent	b428e98052aa1b97a42f31ed52b1266d17e186ee (diff)