diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2019-01-25 15:11:34 +0100 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2019-01-27 10:41:51 +0000 |
commit | 315969725da24c336b5dd5c5463c605ee679781d (patch) | |
tree | 9c70ad83df5116ad95a7ce146d549c790cf03cb7 /src/network/ssl/qsslsocket_openssl.cpp | |
parent | 5ae8fcd17bda45177ae7f65bf1c9f25f30706bb4 (diff) |
QSslSocket - make ocsp response into ... ocsp responseS
If later we try to introduce multiple ocsp support, the API returning
a single response will be somewhat broken and illogical/not clear
how to use at all. Let's return a vector of responses (for now it's
one, can change in future). This makes isNull() redundant on a
response, also, we now need 'subject' - a cert that response was for.
Change-Id: Ibbd9dec163b53906b2fd61fa31c43db7d08adc4d
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/network/ssl/qsslsocket_openssl.cpp')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index a7c681920e..15b2b4c2cf 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1458,9 +1458,7 @@ bool QSslSocketBackendPrivate::checkOcspStatus() Q_ASSERT(mode == QSslSocket::SslClientMode); // See initSslContext() for SslServerMode Q_ASSERT(configuration.peerVerifyMode != QSslSocket::VerifyNone); - ocspResponse.clear(); - QOcspResponsePrivate *dResponse = ocspResponse.d.data(); - + ocspResponses.clear(); ocspErrorDescription.clear(); ocspErrors.clear(); @@ -1556,7 +1554,9 @@ bool QSslSocketBackendPrivate::checkOcspStatus() // Let's make sure the response is for the correct certificate - we // can re-create this CertID using our peer's certificate and its // issuer's public key. - dResponse->isNull = false; + ocspResponses.push_back(QOcspResponse()); + QOcspResponsePrivate *dResponse = ocspResponses.back().d.data(); + dResponse->subjectCert = configuration.peerCertificate; bool matchFound = false; if (configuration.peerCertificate.isSelfSigned()) { dResponse->signerCert = configuration.peerCertificate; @@ -1599,7 +1599,7 @@ bool QSslSocketBackendPrivate::checkOcspStatus() // This is unexpected, treat as SslHandshakeError, OCSP_check_validity assumes this pointer // to be != nullptr. ocspErrors.clear(); - ocspResponse.clear(); + ocspResponses.clear(); ocspErrorDescription = QSslSocket::tr("Failed to extract 'this update time' from the SingleResponse"); return false; } |