QSslSocket (OpenSSL, Windows) - make sure we ignore stale fetch results

The CA fetcher on Windows works on a separate thread, it can take quite some time to finish its job and if a connection was meanwhile closed (via 'abort', 'close' or 'disconnectFromHost') but the socket is still alive/re-used - we don't want to be fooled by the previous fetch 'finished' signal, only if it's fetching for the same certificate. Change-Id: Ibd0a70000ad10cff10207d37d7b47c38e615d0f1 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2020-06-03 12:30:41 +0200
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2020-07-28 15:35:41 +0200
commit: c9a702a04d4b90b0a04966d7918f01ddfe9808c1 (patch)
tree: 64c9628c57dedb615405b5af25faeca92be72d0d /src/network/ssl/qsslsocket_openssl.cpp
parent: 964f5757ea00c5fd4a8c617e8df1bfa353c5b225 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 43fe94639f..99b7a77b4d 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -1736,8 +1736,13 @@ void QSslSocketBackendPrivate::fetchCaRootForCert(const QSslCertificate &cert)
     if (fetchAuthorityInformation)
         customRoots = configuration.caCertificates;
 
+    //Remember we are fetching and what we are fetching:
+    caToFetch = cert;
+
     QWindowsCaRootFetcher *fetcher = new QWindowsCaRootFetcher(cert, mode, customRoots, q->peerVerifyName());
-    QObject::connect(fetcher, SIGNAL(finished(QSslCertificate,QSslCertificate)), q, SLOT(_q_caRootLoaded(QSslCertificate,QSslCertificate)), Qt::QueuedConnection);
+    QObjectPrivate::connect(fetcher,  &QWindowsCaRootFetcher::finished,
+                            this, &QSslSocketBackendPrivate::_q_caRootLoaded,
+                            Qt::QueuedConnection);
     QMetaObject::invokeMethod(fetcher, "start", Qt::QueuedConnection);
     pauseSocketNotifiers(q);
     paused = true;
@@ -1746,6 +1751,14 @@ void QSslSocketBackendPrivate::fetchCaRootForCert(const QSslCertificate &cert)
 //This is the callback from QWindowsCaRootFetcher, trustedRoot will be invalid (default constructed) if it failed.
 void QSslSocketBackendPrivate::_q_caRootLoaded(QSslCertificate cert, QSslCertificate trustedRoot)
 {
+    if (caToFetch != cert) {
+        //Ooops, something from the previous connection attempt, ignore!
+        return;
+    }
+
+    //Done, fetched already:
+    caToFetch = QSslCertificate{};
+
     if (fetchAuthorityInformation) {
         if (!configuration.caCertificates.contains(trustedRoot))
             trustedRoot = QSslCertificate{};
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2020-06-03 12:30:41 +0200
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2020-07-28 15:35:41 +0200
commit	c9a702a04d4b90b0a04966d7918f01ddfe9808c1 (patch)
tree	64c9628c57dedb615405b5af25faeca92be72d0d /src/network/ssl/qsslsocket_openssl.cpp
parent	964f5757ea00c5fd4a8c617e8df1bfa353c5b225 (diff)