Deprecate QSslCertificate::isValid() replace with isBlacklisted()

Currently isValid wrongly gives the impression it checks a certificate for validity - it doesn't. It merely checks if the certificate dates are valid and if the certificate is blacklisted. Since it's already easy for users to check the dates, let's just give them access to the ability to check for blacklisting. Change-Id: I25be3bde6a01063034702a9574b28469bf4882cd Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
author: Richard Moore <rich@kde.org> 2011-11-11 23:08:42 +0000
committer: Qt by Nokia <qt-info@nokia.com> 2011-11-14 10:39:47 +0100
commit: e66d3d98996c918162f2bf5bf94a0d356a39b5af (patch)
tree: 75862d157b9beb114d3293bc6d401b6b4b5827e2 /src/network/ssl
parent: fd3d7429b2b00fe2e3f8ca7b41a04273b42077e8 (diff)
3 files changed, 30 insertions, 14 deletions
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index 0710001198..ea92485b6e 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -62,11 +62,10 @@
     a DER (binary) or PEM (Base64) encoded bundle, typically stored as
     one or more local files, or in a Qt Resource.
 
-    You can call isNull() to check if your certificate is null. By
-    default, QSslCertificate constructs a null certificate. To check
-    if the certificate is valid, call isValid(). A null certificate is
-    invalid, but an invalid certificate is not necessarily null. If
-    you want to reset all contents in a certificate, call clear().
+    You can call isNull() to check if your certificate is null. By default,
+    QSslCertificate constructs a null certificate. A null certificate is
+    invalid, but an invalid certificate is not necessarily null. If you want
+    to reset all contents in a certificate, call clear().
 
     After loading a certificate, you can find information about the
     certificate, its subject, and its issuer, by calling one of the
@@ -212,14 +211,17 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const
 
     By default, QSslCertificate constructs a null certificate.
 
-    \sa isValid(), clear()
+    \sa clear()
 */
 bool QSslCertificate::isNull() const
 {
     return d->null;
 }
 
+#if QT_DEPRECATED_SINCE(5,0)
 /*!
+    \fn bool QSslCertificate::isValid() const
+
     Returns true if this certificate is valid; otherwise returns
     false.
 
@@ -230,12 +232,17 @@ bool QSslCertificate::isNull() const
 
     \sa isNull()
 */
-bool QSslCertificate::isValid() const
+#endif
+
+/*!
+    Returns true if this certificate is blacklisted; otherwise
+    returns false.
+
+    \sa isNull()
+*/
+bool QSslCertificate::isBlacklisted() const
 {
-    const QDateTime currentTime = QDateTime::currentDateTime();
-    return currentTime >= d->notValidBefore &&
-            currentTime <= d->notValidAfter &&
-            ! QSslCertificatePrivate::isBlacklisted(*this);
+    return QSslCertificatePrivate::isBlacklisted(*this);
 }
 
 /*!
diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h
index 07a8df308c..711ee055e2 100644
--- a/src/network/ssl/qsslcertificate.h
+++ b/src/network/ssl/qsslcertificate.h
@@ -46,6 +46,7 @@
 #include <QtCore/qnamespace.h>
 #include <QtCore/qbytearray.h>
 #include <QtCore/qcryptographichash.h>
+#include <QtCore/qdatetime.h>
 #include <QtCore/qregexp.h>
 #include <QtCore/qsharedpointer.h>
 #include <QtCore/qmap.h>
@@ -94,7 +95,15 @@ public:
     inline bool operator!=(const QSslCertificate &other) const { return !operator==(other); }
 
     bool isNull() const;
-    bool isValid() const;
+#if QT_DEPRECATED_SINCE(5,0)
+    QT_DEPRECATED inline bool isValid() const {
+        const QDateTime currentTime = QDateTime::currentDateTime();
+        return currentTime >= effectiveDate() &&
+               currentTime <= expiryDate() &&
+               !isBlacklisted();
+    }
+#endif
+    bool isBlacklisted() const;
     void clear();
 
     // Certificate info
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 2175f7f78f..9cb7066803 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -336,7 +336,7 @@ init_context:
     foreach (const QSslCertificate &caCertificate, q->caCertificates()) {
         // add expired certs later, so that the
         // valid ones are used before the expired ones
-        if (! caCertificate.isValid()) {
+        if (caCertificate.expiryDate() > QDateTime::currentDateTime()) {
             expiredCerts.append(caCertificate);
         } else {
             q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle()));
@@ -1533,7 +1533,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(QList<QSslCertificate> certifi
     foreach (const QSslCertificate &caCertificate, QSslSocket::defaultCaCertificates()) {
         // add expired certs later, so that the
         // valid ones are used before the expired ones
-        if (!caCertificate.isValid()) {
+        if (caCertificate.expiryDate() > QDateTime::currentDateTime()) {
             expiredCerts.append(caCertificate);
         } else {
             q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle()));
author	Richard Moore <rich@kde.org>	2011-11-11 23:08:42 +0000
committer	Qt by Nokia <qt-info@nokia.com>	2011-11-14 10:39:47 +0100
commit	e66d3d98996c918162f2bf5bf94a0d356a39b5af (patch)
tree	75862d157b9beb114d3293bc6d401b6b4b5827e2 /src/network/ssl
parent	fd3d7429b2b00fe2e3f8ca7b41a04273b42077e8 (diff)