diff options
author | Lars Knoll <lars.knoll@qt.io> | 2017-12-29 15:56:33 +0100 |
---|---|---|
committer | Lars Knoll <lars.knoll@qt.io> | 2017-12-30 12:09:53 +0100 |
commit | db92f2f3aac60218756a1aa8811cf192acc0b0e6 (patch) | |
tree | f28a47aebb2f08e221fe7bffafce62a0a96cf7fd /src/network/ssl | |
parent | dd61a1d98ea9fbffeaf0e2adcd0ddd58105f6a75 (diff) | |
parent | 44da5b863597e761df3545dc7ff02a9b53bbb13d (diff) |
Merge remote-tracking branch 'origin/5.9' into 5.10
Conflicts:
.qmake.conf
mkspecs/win32-g++/qmake.conf
src/corelib/global/qglobal_p.h
src/corelib/global/qoperatingsystemversion_p.h
src/corelib/io/qfilesystemengine_win.cpp
src/network/bearer/qbearerengine.cpp
src/platformsupport/input/libinput/qlibinputpointer.cpp
src/sql/doc/snippets/code/doc_src_sql-driver.cpp
src/widgets/kernel/qwidget_p.h
src/widgets/kernel/qwidgetwindow.cpp
src/widgets/styles/qfusionstyle.cpp
tests/auto/corelib/io/qfileinfo/tst_qfileinfo.cpp
Change-Id: I80e2722f481b12fff5d967c28f89208c0e9a1dd8
Diffstat (limited to 'src/network/ssl')
-rw-r--r-- | src/network/ssl/qsslkey_qt.cpp | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_mac.cpp | 15 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_winrt.cpp | 8 |
3 files changed, 17 insertions, 8 deletions
diff --git a/src/network/ssl/qsslkey_qt.cpp b/src/network/ssl/qsslkey_qt.cpp index 3c5dc830d3..fd76d3353a 100644 --- a/src/network/ssl/qsslkey_qt.cpp +++ b/src/network/ssl/qsslkey_qt.cpp @@ -94,7 +94,7 @@ static OidLengthMap createOidMap() oids.insert(oids.cend(), QByteArrayLiteral("1.3.132.0.8"), 160); // secp160r1 oids.insert(oids.cend(), QByteArrayLiteral("1.3.132.0.9"), 160); // secp160k1 oids.insert(oids.cend(), QByteArrayLiteral("1.3.36.3.3.2.8.1.1.11"), 384); // brainpoolP384r1 - oids.insert(oids.cend(), QByteArrayLiteral("1.3.36.3.3.2.8.1.1.13"), 521); // brainpoolP512r1 + oids.insert(oids.cend(), QByteArrayLiteral("1.3.36.3.3.2.8.1.1.13"), 512); // brainpoolP512r1 oids.insert(oids.cend(), QByteArrayLiteral("1.3.36.3.3.2.8.1.1.7"), 256); // brainpoolP256r1 return oids; } diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 8d2efe74be..5312464964 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -47,6 +47,7 @@ #include "qsslkey_p.h" #include <QtCore/qmessageauthenticationcode.h> +#include <QtCore/qoperatingsystemversion.h> #include <QtCore/qcryptographichash.h> #include <QtCore/qdatastream.h> #include <QtCore/qsysinfo.h> @@ -1245,13 +1246,17 @@ bool QSslSocketBackendPrivate::verifyPeerTrust() // actual system CA certificate list (which most use-cases need) other than // by letting SecTrustEvaluate fall through to the system list; so, in this case // (even though the client code may have provided its own certs), we retain - // the default behavior. + // the default behavior. Note, with macOS SDK below 10.12 using 'trust my + // anchors only' may result in some valid chains rejected, apparently the + // ones containing intermediated certificates; so we use this functionality + // on more recent versions only. + + bool anchorsFromConfigurationOnly = false; #ifdef Q_OS_MACOS - const bool anchorsFromConfigurationOnly = true; -#else - const bool anchorsFromConfigurationOnly = false; -#endif + if (QOperatingSystemVersion::current() >= QOperatingSystemVersion::MacOSSierra) + anchorsFromConfigurationOnly = true; +#endif // Q_OS_MACOS SecTrustSetAnchorCertificatesOnly(trust, anchorsFromConfigurationOnly); diff --git a/src/network/ssl/qsslsocket_winrt.cpp b/src/network/ssl/qsslsocket_winrt.cpp index ca65f8a015..762b393738 100644 --- a/src/network/ssl/qsslsocket_winrt.cpp +++ b/src/network/ssl/qsslsocket_winrt.cpp @@ -47,6 +47,7 @@ #include <QtCore/QSysInfo> #include <QtCore/qfunctions_winrt.h> #include <private/qnativesocketengine_winrt_p.h> +#include <private/qeventdispatcher_winrt_p.h> #include <windows.networking.h> #include <windows.networking.sockets.h> @@ -443,8 +444,11 @@ void QSslSocketBackendPrivate::continueHandshake() return; } - hr = op->put_Completed(Callback<IAsyncActionCompletedHandler>( - this, &QSslSocketBackendPrivate::onSslUpgrade).Get()); + hr = QEventDispatcherWinRT::runOnXamlThread([this, op]() { + HRESULT hr = op->put_Completed(Callback<IAsyncActionCompletedHandler>( + this, &QSslSocketBackendPrivate::onSslUpgrade).Get()); + return hr; + }); Q_ASSERT_SUCCEEDED(hr); } |