diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-08-07 09:26:07 +0200 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-08-09 03:52:22 +0000 |
commit | c1117ac496df9f7e47fdc82306bb4e20848a04d4 (patch) | |
tree | 23c76d5c7990e4d013f5267e2e2b9d3972cac1ee /src/network | |
parent | 5b8d5c7493259544f853eb2732cca2829c0f67ca (diff) |
SecureTransport: clean the code a bit
As discussed/proposed previously: remove the duplicated code when converting the
native certificate representation into QSslCertificate (configuration.peerCertificate).
Also, use the correct integer type when iterating - CFIndex is actually long, not int.
Change-Id: Ia6f43172e21b5153a93f1ef2589980d68ec2b39f
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/ssl/qsslsocket_mac.cpp | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 08ff4a9336..e6618b43ef 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -1248,9 +1248,8 @@ bool QSslSocketBackendPrivate::verifyPeerTrust() } QList<QSslError> errors; - // store certificates - const int certCount = SecTrustGetCertificateCount(trust); + // Store certificates. // Apple's docs say SetTrustEvaluate must be called before // SecTrustGetCertificateAtIndex, but this results // in 'kSecTrustResultRecoverableTrustFailure', so @@ -1270,19 +1269,17 @@ bool QSslSocketBackendPrivate::verifyPeerTrust() configuration.peerCertificate.clear(); configuration.peerCertificateChain.clear(); - for (int i = 0; i < certCount; ++i) { + const CFIndex certCount = SecTrustGetCertificateCount(trust); + for (CFIndex i = 0; i < certCount; ++i) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(trust, i); QCFType<CFDataRef> derData = SecCertificateCopyData(cert); configuration.peerCertificateChain << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der); } - if (certCount > 0) { - SecCertificateRef cert = SecTrustGetCertificateAtIndex(trust, 0); - QCFType<CFDataRef> derData = SecCertificateCopyData(cert); - configuration.peerCertificate = QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der); - } + if (configuration.peerCertificateChain.size()) + configuration.peerCertificate = configuration.peerCertificateChain.at(0); - // check the whole chain for blacklisting (including root, as we check for subjectInfo and issuer) + // Check the whole chain for blacklisting (including root, as we check for subjectInfo and issuer): for (const QSslCertificate &cert : qAsConst(configuration.peerCertificateChain)) { if (QSslCertificatePrivate::isBlacklisted(cert) && !canIgnoreVerify) { const QSslError error(QSslError::CertificateBlacklisted, cert); |