diff options
author | Liang Qi <liang.qi@theqtcompany.com> | 2016-03-21 09:02:57 +0100 |
---|---|---|
committer | Liang Qi <liang.qi@theqtcompany.com> | 2016-03-21 09:02:57 +0100 |
commit | 6cb8121a44ee0f94f2c9fcb075d1d3c802d8c5c7 (patch) | |
tree | 25822898b71068f820d25a9e8372dfb348190ec1 /src/network/ssl | |
parent | 96740193e1e0f0608f67660811a44b696924ad4c (diff) | |
parent | 2e02de165115c9d67ac343ff0960ed80f9c09bc8 (diff) |
Merge remote-tracking branch 'origin/5.6' into 5.7
Conflicts:
src/widgets/styles/qgtkstyle_p.cpp
tests/auto/corelib/io/qtextstream/test/test.pro
tests/auto/corelib/plugin/plugin.pro
Change-Id: I512bc1b36acf3933ed2b96c00f476ee3819c1f4b
Diffstat (limited to 'src/network/ssl')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index fcc267e7cc..b86b69cad4 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -399,6 +399,10 @@ bool QSslSocketBackendPrivate::initSslContext() if (!ace.isEmpty() && !QHostAddress().setAddress(tlsHostName) && !(configuration.sslOptions & QSsl::SslOptionDisableServerNameIndication)) { + // We don't send the trailing dot from the host header if present see + // https://tools.ietf.org/html/rfc6066#section-3 + if (ace.endsWith('.')) + ace.chop(1); if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.data())) qCWarning(lcSsl, "could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled"); } @@ -632,10 +636,12 @@ void QSslSocketPrivate::resetDefaultCiphers() // Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection if (!ciph.name().toLower().startsWith(QLatin1String("adh")) && !ciph.name().toLower().startsWith(QLatin1String("exp-adh")) && - !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) + !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) { ciphers << ciph; - if (ciph.usedBits() >= 128) - defaultCiphers << ciph; + + if (ciph.usedBits() >= 128) + defaultCiphers << ciph; + } } } } |