_q_makePkcs12: Don't embed a key if we don't have one

Usually we embed the private key for the leaf certificate, but in Schannel _q_makePkcs12 is also used to create a certificate store for our CA certificates, which we don't have any private key for. So lift this restriction. Change-Id: Ic86a2a6725f2c8272c951148eb97e18a964a36f2 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
author: Mårten Nordheim <marten.nordheim@qt.io> 2018-10-16 12:21:59 +0200
committer: Mårten Nordheim <marten.nordheim@qt.io> 2018-12-04 14:26:57 +0000
commit: e19df161cdc14f834a278fe0939d50475864a78c (patch)
tree: 73dd683fd952c23d6c65b68f302c24a6acee4c55 /src/network/ssl
parent: 37f773a754cd8c6a9ce05a67ae2a59cea4b4cc4a (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/src/network/ssl/qsslsocket_qt.cpp b/src/network/ssl/qsslsocket_qt.cpp
index da865c476c..b0fb60ea76 100644
--- a/src/network/ssl/qsslsocket_qt.cpp
+++ b/src/network/ssl/qsslsocket_qt.cpp
@@ -242,8 +242,10 @@ static QByteArray _q_PKCS12_bag(const QList<QSslCertificate> &certs, const QSslK
         items << _q_PKCS7_data(_q_PKCS12_certBag(certs[i]));
 
     // key
-    const QByteArray localKeyId = certs.first().digest(QCryptographicHash::Sha1);
-    items << _q_PKCS7_data(_q_PKCS12_shroudedKeyBag(key, passPhrase, localKeyId));
+    if (!key.isNull()) {
+        const QByteArray localKeyId = certs.first().digest(QCryptographicHash::Sha1);
+        items << _q_PKCS7_data(_q_PKCS12_shroudedKeyBag(key, passPhrase, localKeyId));
+    }
 
     // dump
     QAsn1Element root = QAsn1Element::fromVector(items);
author	Mårten Nordheim <marten.nordheim@qt.io>	2018-10-16 12:21:59 +0200
committer	Mårten Nordheim <marten.nordheim@qt.io>	2018-12-04 14:26:57 +0000
commit	e19df161cdc14f834a278fe0939d50475864a78c (patch)
tree	73dd683fd952c23d6c65b68f302c24a6acee4c55 /src/network/ssl
parent	37f773a754cd8c6a9ce05a67ae2a59cea4b4cc4a (diff)