diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2020-06-03 12:30:41 +0200 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2020-07-28 15:35:41 +0200 |
commit | c9a702a04d4b90b0a04966d7918f01ddfe9808c1 (patch) | |
tree | 64c9628c57dedb615405b5af25faeca92be72d0d /src/network/ssl/qsslsocket_openssl.cpp | |
parent | 964f5757ea00c5fd4a8c617e8df1bfa353c5b225 (diff) |
QSslSocket (OpenSSL, Windows) - make sure we ignore stale fetch results
The CA fetcher on Windows works on a separate thread, it can take
quite some time to finish its job and if a connection was meanwhile
closed (via 'abort', 'close' or 'disconnectFromHost') but the socket
is still alive/re-used - we don't want to be fooled by the previous
fetch 'finished' signal, only if it's fetching for the same certificate.
Change-Id: Ibd0a70000ad10cff10207d37d7b47c38e615d0f1
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/network/ssl/qsslsocket_openssl.cpp')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 43fe94639f..99b7a77b4d 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1736,8 +1736,13 @@ void QSslSocketBackendPrivate::fetchCaRootForCert(const QSslCertificate &cert) if (fetchAuthorityInformation) customRoots = configuration.caCertificates; + //Remember we are fetching and what we are fetching: + caToFetch = cert; + QWindowsCaRootFetcher *fetcher = new QWindowsCaRootFetcher(cert, mode, customRoots, q->peerVerifyName()); - QObject::connect(fetcher, SIGNAL(finished(QSslCertificate,QSslCertificate)), q, SLOT(_q_caRootLoaded(QSslCertificate,QSslCertificate)), Qt::QueuedConnection); + QObjectPrivate::connect(fetcher, &QWindowsCaRootFetcher::finished, + this, &QSslSocketBackendPrivate::_q_caRootLoaded, + Qt::QueuedConnection); QMetaObject::invokeMethod(fetcher, "start", Qt::QueuedConnection); pauseSocketNotifiers(q); paused = true; @@ -1746,6 +1751,14 @@ void QSslSocketBackendPrivate::fetchCaRootForCert(const QSslCertificate &cert) //This is the callback from QWindowsCaRootFetcher, trustedRoot will be invalid (default constructed) if it failed. void QSslSocketBackendPrivate::_q_caRootLoaded(QSslCertificate cert, QSslCertificate trustedRoot) { + if (caToFetch != cert) { + //Ooops, something from the previous connection attempt, ignore! + return; + } + + //Done, fetched already: + caToFetch = QSslCertificate{}; + if (fetchAuthorityInformation) { if (!configuration.caCertificates.contains(trustedRoot)) trustedRoot = QSslCertificate{}; |