QSslSocket: fix connection to a international domain name

RFC6125 section 6.4.2 specify we need to convert the IDN to ascii
before comparison. Note that we don't need to toLower anymore
because toAce takes care of it.

Section 7.2 recommands that we dod not attempt to check for wildcard
character embedded within the A-labels or U-labels of an
internationalized domain name. So we reject names that contiains a
'*' but starts with 'xn--'.

Change-Id: Ib0830520a1f82bbf9fd11818718277a479527ee3
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>

1 files changed, 2 insertions, 1 deletions

diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
index cec61d07c1..aec3437422 100644
--- a/src/network/ssl/qsslsocket_p.h
+++ b/src/network/ssl/qsslsocket_p.h
@@ -151,7 +151,8 @@ public:
                                          QRegExp::PatternSyntax syntax);
     static void addDefaultCaCertificate(const QSslCertificate &cert);
     static void addDefaultCaCertificates(const QList<QSslCertificate> &certs);
-    static bool isMatchingHostname(const QSslCertificate &cert, const QString &peerName);
+    Q_AUTOTEST_EXPORT static bool isMatchingHostname(const QSslCertificate &cert,
+                                                     const QString &peerName);
     Q_AUTOTEST_EXPORT static bool isMatchingHostname(const QString &cn, const QString &hostname);
 
 #if defined(Q_OS_WIN) && !defined(Q_OS_WINRT)