diff options
| author | Lars Knoll <lars.knoll@qt.io> | 2017-12-30 17:39:21 +0100 |
|---|---|---|
| committer | Lars Knoll <lars.knoll@qt.io> | 2018-01-02 09:58:44 +0100 |
| commit | 0f315adf9199efcfafa44371464ab6d1fc866774 (patch) | |
| tree | 35b67591255624c670aff0579e45b2973f56fd81 /src/network/ssl/qsslsocket_mac.cpp | |
| parent | 2b0eb3fac319a17dd92903106d501f0f06df871f (diff) | |
| parent | 52b85212a2ec8ec5bf187f6cd00b669a45bcf0bd (diff) | |
Merge remote-tracking branch 'origin/5.10' into dev
Conflicts:
.qmake.conf
sc/corelib/io/qfsfileengine_p.h
src/corelib/io/qstorageinfo_unix.cpp
src/platformsupport/eglconvenience/qeglpbuffer_p.h
src/platformsupport/input/libinput/qlibinputkeyboard.cpp
src/platformsupport/input/libinput/qlibinputpointer.cpp
src/plugins/platforms/cocoa/qcocoamenu.mm
src/plugins/platforms/ios/qiosscreen.h
src/plugins/platforms/ios/qioswindow.h
src/plugins/platforms/ios/quiview.mm
src/printsupport/dialogs/qpagesetupdialog_unix_p.h
src/printsupport/dialogs/qprintpreviewdialog.cpp
src/printsupport/widgets/qcupsjobwidget_p.h
src/widgets/widgets/qmenu.cpp
tests/auto/corelib/tools/qdatetime/tst_qdatetime.cpp
tests/auto/widgets/itemviews/qtreeview/tst_qtreeview.cpp
Change-Id: Iecb4883122efe97ef0ed850271e6c51bab568e9c
Diffstat (limited to 'src/network/ssl/qsslsocket_mac.cpp')
| -rw-r--r-- | src/network/ssl/qsslsocket_mac.cpp | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 5c2bd55198..046b432252 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -47,6 +47,7 @@ #include "qsslkey_p.h" #include <QtCore/qmessageauthenticationcode.h> +#include <QtCore/qoperatingsystemversion.h> #include <QtCore/qcryptographichash.h> #include <QtCore/qsystemdetection.h> #include <QtCore/qdatastream.h> @@ -1307,13 +1308,17 @@ bool QSslSocketBackendPrivate::verifyPeerTrust() // actual system CA certificate list (which most use-cases need) other than // by letting SecTrustEvaluate fall through to the system list; so, in this case // (even though the client code may have provided its own certs), we retain - // the default behavior. + // the default behavior. Note, with macOS SDK below 10.12 using 'trust my + // anchors only' may result in some valid chains rejected, apparently the + // ones containing intermediated certificates; so we use this functionality + // on more recent versions only. + + bool anchorsFromConfigurationOnly = false; #ifdef Q_OS_MACOS - const bool anchorsFromConfigurationOnly = true; -#else - const bool anchorsFromConfigurationOnly = false; -#endif + if (QOperatingSystemVersion::current() >= QOperatingSystemVersion::MacOSSierra) + anchorsFromConfigurationOnly = true; +#endif // Q_OS_MACOS SecTrustSetAnchorCertificatesOnly(trust, anchorsFromConfigurationOnly); |