QSslSocket - make ocsp response into ... ocsp responseS

If later we try to introduce multiple ocsp support, the API returning a single response will be somewhat broken and illogical/not clear how to use at all. Let's return a vector of responses (for now it's one, can change in future). This makes isNull() redundant on a response, also, we now need 'subject' - a cert that response was for. Change-Id: Ibbd9dec163b53906b2fd61fa31c43db7d08adc4d Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2019-01-25 15:11:34 +0100
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2019-01-27 10:41:51 +0000
commit: 315969725da24c336b5dd5c5463c605ee679781d (patch)
tree: 9c70ad83df5116ad95a7ce146d549c790cf03cb7 /src/network/ssl/qsslsocket_openssl.cpp
parent: 5ae8fcd17bda45177ae7f65bf1c9f25f30706bb4 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index a7c681920e..15b2b4c2cf 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -1458,9 +1458,7 @@ bool QSslSocketBackendPrivate::checkOcspStatus()
     Q_ASSERT(mode == QSslSocket::SslClientMode); // See initSslContext() for SslServerMode
     Q_ASSERT(configuration.peerVerifyMode != QSslSocket::VerifyNone);
 
-    ocspResponse.clear();
-    QOcspResponsePrivate *dResponse = ocspResponse.d.data();
-
+    ocspResponses.clear();
     ocspErrorDescription.clear();
     ocspErrors.clear();
 
@@ -1556,7 +1554,9 @@ bool QSslSocketBackendPrivate::checkOcspStatus()
     // Let's make sure the response is for the correct certificate - we
     // can re-create this CertID using our peer's certificate and its
     // issuer's public key.
-    dResponse->isNull = false;
+    ocspResponses.push_back(QOcspResponse());
+    QOcspResponsePrivate *dResponse = ocspResponses.back().d.data();
+    dResponse->subjectCert = configuration.peerCertificate;
     bool matchFound = false;
     if (configuration.peerCertificate.isSelfSigned()) {
         dResponse->signerCert = configuration.peerCertificate;
@@ -1599,7 +1599,7 @@ bool QSslSocketBackendPrivate::checkOcspStatus()
         // This is unexpected, treat as SslHandshakeError, OCSP_check_validity assumes this pointer
         // to be != nullptr.
         ocspErrors.clear();
-        ocspResponse.clear();
+        ocspResponses.clear();
         ocspErrorDescription = QSslSocket::tr("Failed to extract 'this update time' from the SingleResponse");
         return false;
     }
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2019-01-25 15:11:34 +0100
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2019-01-27 10:41:51 +0000
commit	315969725da24c336b5dd5c5463c605ee679781d (patch)
tree	9c70ad83df5116ad95a7ce146d549c790cf03cb7 /src/network/ssl/qsslsocket_openssl.cpp
parent	5ae8fcd17bda45177ae7f65bf1c9f25f30706bb4 (diff)