diff options
author | Richard Moore <rich@kde.org> | 2011-11-14 21:56:40 +0000 |
---|---|---|
committer | Qt by Nokia <qt-info@nokia.com> | 2011-11-15 11:53:44 +0100 |
commit | 75b2a4960b753766ea2eec4dbd34c67733ca8089 (patch) | |
tree | aca83ece26b82b33a2d735c4cb70f273550cf0a1 /src/network/ssl/qsslsocket_openssl.cpp | |
parent | e1ca68077a99c5f8dc4a1c8a337b738a5bf6d5dc (diff) |
Add the ability to do unsafe SSL renegotiation as a fallback.
This commit adds the ability to perform legacy SSL renegotiation as
a fallback via QSsl::SslOptions. This is something that used to work,
but has been disabled by default in newer versions of openssl. The
need for this has been reported by users (eg. in QTBUG-14983).
Change-Id: I5b80f3ffd07e0c5faddc469f6a8f857bac5740f7
Reviewed-by: Corentin Chary <corentin.chary@gmail.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Diffstat (limited to 'src/network/ssl/qsslsocket_openssl.cpp')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 4a2ebf89b1..817860e4c7 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -287,6 +287,14 @@ init_context: else options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; +#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + // This option is disabled by default, so we need to be able to clear it + if (configuration.sslOptions & QSsl::SslOptionDisableLegacyRenegotiation) + options &= ~SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; + else + options |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; +#endif + #ifdef SSL_OP_NO_TICKET if (configuration.sslOptions & QSsl::SslOptionDisableSessionTickets) options |= SSL_OP_NO_TICKET; |