QSslSocket: evaluate CAs in all keychain categories

This will make sure that certs in the domainUser (login),
and domainAdmin (per machine) keychain are being picked up
in systemCaCertificates() in addition to the (usually immutable)
DomainSystem keychain.

Also consider the trust settings on OS X: If a certificate
is either fully trusted or trusted for the purpose of SSL,
it will be accepted.

[ChangeLog][Platform Specific Changes] OS X now accepts trusted
        certificates from the login and system keychains.

Task-number: QTBUG-32898
Change-Id: Ia23083d5af74388eeee31ba07239735cbbe64368
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>

1 files changed, 0 insertions, 23 deletions

diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp
index a8f7b7320e..2af0264116 100644
--- a/src/network/ssl/qsslsocket_mac.cpp
+++ b/src/network/ssl/qsslsocket_mac.cpp
@@ -213,29 +213,6 @@ void QSslSocketPrivate::resetDefaultEllipticCurves()
     Q_UNIMPLEMENTED();
 }
 
-
-QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
-{
-    QList<QSslCertificate> systemCerts;
-#ifdef Q_OS_OSX
-    // SecTrustSettingsCopyCertificates is not defined on iOS.
-    QCFType<CFArrayRef> cfCerts;
-    OSStatus status = SecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts);
-    if (status == noErr) {
-        const CFIndex size = CFArrayGetCount(cfCerts);
-        for (CFIndex i = 0; i < size; ++i) {
-            SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
-            QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert);
-            systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der);
-        }
-    } else {
-       // no detailed error handling here
-       qCWarning(lcSsl) << "SecTrustSettingsCopyCertificates failed:" << status;
-    }
-#endif
-    return systemCerts;
-}
-
 QSslSocketBackendPrivate::QSslSocketBackendPrivate()
     : context(Q_NULLPTR)
 {