Enable OCSP stapling in QSslSocket

This patch enables OCSP stapling in QSslSocket::SslClientMode (OpenSSL back-end
only). OCSP stapling is described by RFC6066 and based on the original OCSP as
defined by RFC2560. At the moment multiple certificate status protocol is not
supported (not implemented in OpenSSL). SecureTransport does not support OCSP
stapling at the moment.

[ChangeLog][QtNetwork][TLS] Added OCSP-stapling support for OpenSSL backend

Task-number: QTBUG-12812
Task-number: QTBUG-17158
Change-Id: Id2e0f4cc861311d1ece462864e5e30c76184af8c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>

1 files changed, 12 insertions, 0 deletions

diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h
index c16b9d5f76..6396b44808 100644
--- a/src/network/ssl/qsslsocket_openssl_p.h
+++ b/src/network/ssl/qsslsocket_openssl_p.h
@@ -69,6 +69,9 @@
 #include <QtNetwork/private/qtnetworkglobal_p.h>
 #include "qsslsocket_p.h"
 
+#include <QtCore/qvector.h>
+#include <QtCore/qstring.h>
+
 #ifdef Q_OS_WIN
 #include <qt_windows.h>
 #if defined(OCSP_RESPONSE)
@@ -152,6 +155,15 @@ public:
     void _q_caRootLoaded(QSslCertificate,QSslCertificate) override;
 #endif
 
+#if QT_CONFIG(ocsp)
+    bool checkOcspStatus();
+
+    // This decription will go to setErrorAndEmit(SslHandshakeError, ocspErrorDescription)
+    QString ocspErrorDescription;
+    // These will go to sslErrors()
+    QVector<QSslError> ocspErrors;
+#endif
+
     Q_AUTOTEST_EXPORT static long setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions);
     static QSslCipher QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher);
     static QList<QSslCertificate> STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509);