Merge remote-tracking branch 'origin/5.15' into dev

Change-Id: Ideaa64d583746f1ce8265997131fb1ce3a9acbcf
author: Qt Forward Merge Bot <qt_forward_merge_bot@qt-project.org> 2019-10-02 01:01:20 +0200
committer: Simon Hausmann <simon.hausmann@qt.io> 2019-10-02 08:39:15 +0200
commit: 4c8814a341aace34f9a6011e9ec16048dc0f18b6 (patch)
tree: 3f3193c51c0883ae70de3ae3a3b225b3c7b9b8cc /src/network/ssl
parent: 009d86da2d5a928865819fe44b4d1c78d455bbb9 (diff)
parent: 8791a8398ac232a8daab98601f1bef88bdf7638f (diff)
4 files changed, 128 insertions, 18 deletions
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index 89a47908fc..738c8d4ac5 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -624,11 +624,10 @@ QList<QSslCipher> QSslConfiguration::supportedCiphers()
   Returns this connection's CA certificate database. The CA certificate
   database is used by the socket during the handshake phase to
   validate the peer's certificate. It can be modified prior to the
-  handshake with setCaCertificates(), or with \l{QSslSocket}'s
-  \l{QSslSocket::}{addCaCertificate()} and
-  \l{QSslSocket::}{addCaCertificates()}.
+  handshake with setCaCertificates(), or with addCaCertificate() and
+  addCaCertificates().
 
-  \sa setCaCertificates()
+  \sa setCaCertificates(), addCaCertificate(), addCaCertificates()
 */
 QList<QSslCertificate> QSslConfiguration::caCertificates() const
 {
@@ -645,7 +644,7 @@ QList<QSslCertificate> QSslConfiguration::caCertificates() const
   that is not available (as is commonly the case on iOS), the default database
   is empty.
 
-  \sa caCertificates()
+  \sa caCertificates(), addCaCertificates(), addCaCertificate()
 */
 void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certificates)
 {
@@ -654,6 +653,72 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific
 }
 
 /*!
+  Searches all files in the \a path for certificates encoded in the
+  specified \a format and adds them to this socket's CA certificate
+  database. \a path must be a file or a pattern matching one or more
+  files, as specified by \a syntax. Returns \c true if one or more
+  certificates are added to the socket's CA certificate database;
+  otherwise returns \c false.
+
+  The CA certificate database is used by the socket during the
+  handshake phase to validate the peer's certificate.
+
+  For more precise control, use addCaCertificate().
+
+  \sa addCaCertificate(), QSslCertificate::fromPath()
+*/
+bool QSslConfiguration::addCaCertificates(const QString &path, QSsl::EncodingFormat format,
+                                          QRegExp::PatternSyntax syntax)
+{
+    QList<QSslCertificate> certs = QSslCertificate::fromPath(path, format, syntax);
+    if (certs.isEmpty())
+        return false;
+
+    d->caCertificates += certs;
+    return true;
+}
+
+/*!
+    \since 5.15
+
+    Adds \a certificate to this configuration's CA certificate database.
+    The certificate database must be set prior to the SSL handshake.
+    The CA certificate database is used by the socket during the
+    handshake phase to validate the peer's certificate.
+
+    \note The default configuration uses the system CA certificate database. If
+    that is not available (as is commonly the case on iOS), the default database
+    is empty.
+
+  \sa caCertificates(), setCaCertificates(), addCaCertificates()
+*/
+void QSslConfiguration::addCaCertificate(const QSslCertificate &certificate)
+{
+    d->caCertificates += certificate;
+    d->allowRootCertOnDemandLoading = false;
+}
+
+/*!
+    \since 5.15
+
+    Adds \a certificates to this configuration's CA certificate database.
+    The certificate database must be set prior to the SSL handshake.
+    The CA certificate database is used by the socket during the
+    handshake phase to validate the peer's certificate.
+
+    \note The default configuration uses the system CA certificate database. If
+    that is not available (as is commonly the case on iOS), the default database
+    is empty.
+
+  \sa caCertificates(), setCaCertificates(), addCaCertificate()
+*/
+void QSslConfiguration::addCaCertificates(const QList<QSslCertificate> &certificates)
+{
+    d->caCertificates += certificates;
+    d->allowRootCertOnDemandLoading = false;
+}
+
+/*!
     \since 5.5
 
     This function provides the CA certificate database
@@ -661,7 +726,8 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific
     returned by this function is used to initialize the database
     returned by caCertificates() on the default QSslConfiguration.
 
-    \sa caCertificates(), setCaCertificates(), defaultConfiguration()
+    \sa caCertificates(), setCaCertificates(), defaultConfiguration(),
+    addCaCertificate(), addCaCertificates()
 */
 QList<QSslCertificate> QSslConfiguration::systemCaCertificates()
 {
diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h
index 6e73292922..6ae165af0f 100644
--- a/src/network/ssl/qsslconfiguration.h
+++ b/src/network/ssl/qsslconfiguration.h
@@ -131,6 +131,11 @@ public:
     // Certificate Authority (CA) settings
     QList<QSslCertificate> caCertificates() const;
     void setCaCertificates(const QList<QSslCertificate> &certificates);
+    bool addCaCertificates(const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
+                           QRegExp::PatternSyntax syntax = QRegExp::FixedString);
+    void addCaCertificate(const QSslCertificate &certificate);
+    void addCaCertificates(const QList<QSslCertificate> &certificates);
+
     static QList<QSslCertificate> systemCaCertificates();
 
     void setSslOption(QSsl::SslOption option, bool on);
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index e302aa1761..690251727d 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -139,10 +139,21 @@
     before the handshake phase with setLocalCertificate() and
     setPrivateKey().
     \li The CA certificate database can be extended and customized with
-    addCaCertificate(), addCaCertificates(), addDefaultCaCertificate(),
-    addDefaultCaCertificates(), and QSslConfiguration::defaultConfiguration().setCaCertificates().
+    QSslConfiguration::addCaCertificate(),
+    QSslConfiguration::addCaCertificates().
     \endlist
 
+    To extend the list of \e default CA certificates used by the SSL sockets
+    during the SSL handshake you must update the default configuration, as
+    in the snippet below:
+
+    \code
+        QList<QSslCertificate> certificates = getCertificates();
+        QSslConfiguration configuration = QSslConfiguration::defaultConfiguration();
+        configuration.addCaCertificates(certificates);
+        QSslConfiguration::setDefaultConfiguration(configuration);
+    \endcode
+
     \note If available, root certificates on Unix (excluding \macos) will be
     loaded on demand from the standard certificate directories. If you do not
     want to load root certificates on demand, you need to call either
@@ -1384,6 +1395,10 @@ QList<QSslCipher> QSslSocket::supportedCiphers()
 #endif  // #if QT_DEPRECATED_SINCE(5, 5)
 
 /*!
+  \deprecated
+
+  Use QSslConfiguration::addCaCertificates() instead.
+
   Searches all files in the \a path for certificates encoded in the
   specified \a format and adds them to this socket's CA certificate
   database. \a path must be a file or a pattern matching one or more
@@ -1411,6 +1426,10 @@ bool QSslSocket::addCaCertificates(const QString &path, QSsl::EncodingFormat for
 }
 
 /*!
+  \deprecated
+
+  Use QSslConfiguration::addCaCertificate() instead.
+
   Adds the \a certificate to this socket's CA certificate database.
   The CA certificate database is used by the socket during the
   handshake phase to validate the peer's certificate.
@@ -1427,6 +1446,10 @@ void QSslSocket::addCaCertificate(const QSslCertificate &certificate)
 }
 
 /*!
+  \deprecated
+
+  Use QSslConfiguration::addCaCertificates() instead.
+
   Adds the \a certificates to this socket's CA certificate database.
   The CA certificate database is used by the socket during the
   handshake phase to validate the peer's certificate.
@@ -1489,6 +1512,10 @@ QList<QSslCertificate> QSslSocket::caCertificates() const
 #endif  // #if QT_DEPRECATED_SINCE(5, 5)
 
 /*!
+    \deprecated
+
+    Use QSslConfiguration::addCaCertificates() on the default QSslConfiguration instead.
+
     Searches all files in the \a path for certificates with the
     specified \a encoding and adds them to the default CA certificate
     database. \a path can be an explicit file, or it can contain
@@ -1498,8 +1525,8 @@ QList<QSslCertificate> QSslSocket::caCertificates() const
     Each SSL socket's CA certificate database is initialized to the
     default CA certificate database.
 
-    \sa QSslConfiguration::caCertificates(), addCaCertificates(),
-        addDefaultCaCertificate()
+    \sa QSslConfiguration::caCertificates(), QSslConfiguration::addCaCertificates(),
+        QSslConfiguration::addDefaultCaCertificate()
 */
 bool QSslSocket::addDefaultCaCertificates(const QString &path, QSsl::EncodingFormat encoding,
                                           QRegExp::PatternSyntax syntax)
@@ -1508,11 +1535,15 @@ bool QSslSocket::addDefaultCaCertificates(const QString &path, QSsl::EncodingFor
 }
 
 /*!
+    \deprecated
+
+    Use QSslConfiguration::addCaCertificate() on the default QSslConfiguration instead.
+
     Adds \a certificate to the default CA certificate database.  Each
     SSL socket's CA certificate database is initialized to the default
     CA certificate database.
 
-    \sa QSslConfiguration::caCertificates(), addCaCertificates()
+    \sa QSslConfiguration::caCertificates(), QSslConfiguration::addCaCertificates()
 */
 void QSslSocket::addDefaultCaCertificate(const QSslCertificate &certificate)
 {
@@ -1520,11 +1551,15 @@ void QSslSocket::addDefaultCaCertificate(const QSslCertificate &certificate)
 }
 
 /*!
+    \deprecated
+
+    Use QSslConfiguration::addCaCertificates() on the default QSslConfiguration instead.
+
     Adds \a certificates to the default CA certificate database.  Each
     SSL socket's CA certificate database is initialized to the default
     CA certificate database.
 
-    \sa QSslConfiguration::caCertificates(), addCaCertificates()
+    \sa QSslConfiguration::caCertificates(), QSslConfiguration::addCaCertificates()
 */
 void QSslSocket::addDefaultCaCertificates(const QList<QSslCertificate> &certificates)
 {
diff --git a/src/network/ssl/qsslsocket.h b/src/network/ssl/qsslsocket.h
index 35943c7d7e..843e2d15f5 100644
--- a/src/network/ssl/qsslsocket.h
+++ b/src/network/ssl/qsslsocket.h
@@ -164,18 +164,22 @@ public:
 #endif // QT_DEPRECATED_SINCE(5, 5)
 
     // CA settings.
-    bool addCaCertificates(const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
+#if QT_DEPRECATED_SINCE(5, 15)
+    QT_DEPRECATED_X("Use QSslConfiguration::addCaCertificates()") bool addCaCertificates(const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
                            QRegExp::PatternSyntax syntax = QRegExp::FixedString);
-    void addCaCertificate(const QSslCertificate &certificate);
-    void addCaCertificates(const QList<QSslCertificate> &certificates);
+    QT_DEPRECATED_X("Use QSslConfiguration::addCaCertificate()") void addCaCertificate(const QSslCertificate &certificate);
+    QT_DEPRECATED_X("Use QSslConfiguration::addCaCertificates()") void addCaCertificates(const QList<QSslCertificate> &certificates);
+#endif // QT_DEPRECATED_SINCE(5, 15)
 #if QT_DEPRECATED_SINCE(5, 5)
     QT_DEPRECATED_X("Use QSslConfiguration::setCaCertificates()") void setCaCertificates(const QList<QSslCertificate> &certificates);
     QT_DEPRECATED_X("Use QSslConfiguration::caCertificates()") QList<QSslCertificate> caCertificates() const;
 #endif // QT_DEPRECATED_SINCE(5, 5)
-    static bool addDefaultCaCertificates(const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
+#if QT_DEPRECATED_SINCE(5, 15)
+    QT_DEPRECATED static bool addDefaultCaCertificates(const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
                                          QRegExp::PatternSyntax syntax = QRegExp::FixedString);
-    static void addDefaultCaCertificate(const QSslCertificate &certificate);
-    static void addDefaultCaCertificates(const QList<QSslCertificate> &certificates);
+    QT_DEPRECATED static void addDefaultCaCertificate(const QSslCertificate &certificate);
+    QT_DEPRECATED static void addDefaultCaCertificates(const QList<QSslCertificate> &certificates);
+#endif // QT_DEPRECATED_SINCE(5, 15)
 #if QT_DEPRECATED_SINCE(5, 5)
     QT_DEPRECATED static void setDefaultCaCertificates(const QList<QSslCertificate> &certificates);
     QT_DEPRECATED static QList<QSslCertificate> defaultCaCertificates();
author	Qt Forward Merge Bot <qt_forward_merge_bot@qt-project.org>	2019-10-02 01:01:20 +0200
committer	Simon Hausmann <simon.hausmann@qt.io>	2019-10-02 08:39:15 +0200
commit	4c8814a341aace34f9a6011e9ec16048dc0f18b6 (patch)
tree	3f3193c51c0883ae70de3ae3a3b225b3c7b9b8cc /src/network/ssl
parent	009d86da2d5a928865819fe44b4d1c78d455bbb9 (diff)
parent	8791a8398ac232a8daab98601f1bef88bdf7638f (diff)