diff options
author | Richard Moore <rich@kde.org> | 2013-02-11 17:14:25 +0000 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-02-19 21:37:14 +0100 |
commit | 4a07519877b4b3aad45d1a727487d9e87630973b (patch) | |
tree | 8bbd4df14107917fca40b35dd145547376f7508d /src/network | |
parent | 5dbd42a62ee56297b3b3b1881644efa5e0b5b594 (diff) |
Store the local certificate in a QList.
Instead of storing a single QSslCertificate for a the local cert, store
a list of them. This will allow us to handle server sockets that use a
certificate that is not issued directly from the CA root in future.
Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/ssl/qsslconfiguration.cpp | 23 | ||||
-rw-r--r-- | src/network/ssl/qsslconfiguration.h | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslconfiguration_p.h | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket.cpp | 15 |
4 files changed, 31 insertions, 11 deletions
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index 145cd7be5d..3d466b85ca 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -173,7 +173,7 @@ bool QSslConfiguration::operator==(const QSslConfiguration &other) const return true; return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && - d->localCertificate == other.d->localCertificate && + d->localCertificateChain == other.d->localCertificateChain && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && @@ -212,7 +212,7 @@ bool QSslConfiguration::isNull() const d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && - d->localCertificate.isNull() && + d->localCertificateChain.isEmpty() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && @@ -313,6 +313,18 @@ void QSslConfiguration::setPeerVerifyDepth(int depth) } /*! + Returns the certificate chain to be presented to the peer during + the SSL handshake process. + + \sa localCertificate() + \since 5.1 +*/ +QList<QSslCertificate> QSslConfiguration::localCertificateChain() const +{ + return d->localCertificateChain; +} + +/*! Returns the certificate to be presented to the peer during the SSL handshake process. @@ -320,7 +332,9 @@ void QSslConfiguration::setPeerVerifyDepth(int depth) */ QSslCertificate QSslConfiguration::localCertificate() const { - return d->localCertificate; + if (d->localCertificateChain.isEmpty()) + return QSslCertificate(); + return d->localCertificateChain[0]; } /*! @@ -341,7 +355,8 @@ QSslCertificate QSslConfiguration::localCertificate() const */ void QSslConfiguration::setLocalCertificate(const QSslCertificate &certificate) { - d->localCertificate = certificate; + d->localCertificateChain = QList<QSslCertificate>(); + d->localCertificateChain += certificate; } /*! diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h index 064e1b96a8..291f6ead9d 100644 --- a/src/network/ssl/qsslconfiguration.h +++ b/src/network/ssl/qsslconfiguration.h @@ -99,6 +99,8 @@ public: void setPeerVerifyDepth(int depth); // Certificate & cipher configuration + QList<QSslCertificate> localCertificateChain() const; + QSslCertificate localCertificate() const; void setLocalCertificate(const QSslCertificate &certificate); diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h index a6c22db707..54b7264d3d 100644 --- a/src/network/ssl/qsslconfiguration_p.h +++ b/src/network/ssl/qsslconfiguration_p.h @@ -91,7 +91,7 @@ public: QSslCertificate peerCertificate; QList<QSslCertificate> peerCertificateChain; - QSslCertificate localCertificate; + QList<QSslCertificate> localCertificateChain; QSslKey privateKey; QSslCipher sessionCipher; diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index c86234a5ac..421731a174 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -895,7 +895,7 @@ QSslConfiguration QSslSocket::sslConfiguration() const void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration) { Q_D(QSslSocket); - d->configuration.localCertificate = configuration.localCertificate(); + d->configuration.localCertificateChain = configuration.localCertificateChain(); d->configuration.privateKey = configuration.privateKey(); d->configuration.ciphers = configuration.ciphers(); d->configuration.caCertificates = configuration.caCertificates(); @@ -926,7 +926,8 @@ void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration) void QSslSocket::setLocalCertificate(const QSslCertificate &certificate) { Q_D(QSslSocket); - d->configuration.localCertificate = certificate; + d->configuration.localCertificateChain = QList<QSslCertificate>(); + d->configuration.localCertificateChain += certificate; } /*! @@ -939,10 +940,10 @@ void QSslSocket::setLocalCertificate(const QSslCertificate &certificate) void QSslSocket::setLocalCertificate(const QString &path, QSsl::EncodingFormat format) { - Q_D(QSslSocket); QFile file(path); if (file.open(QIODevice::ReadOnly | QIODevice::Text)) - d->configuration.localCertificate = QSslCertificate(file.readAll(), format); + setLocalCertificate(QSslCertificate(file.readAll(), format)); + } /*! @@ -954,7 +955,9 @@ void QSslSocket::setLocalCertificate(const QString &path, QSslCertificate QSslSocket::localCertificate() const { Q_D(const QSslSocket); - return d->configuration.localCertificate; + if (d->configuration.localCertificateChain.isEmpty()) + return QSslCertificate(); + return d->configuration.localCertificateChain[0]; } /*! @@ -2057,7 +2060,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri ptr->ref.store(1); ptr->peerCertificate = global->peerCertificate; ptr->peerCertificateChain = global->peerCertificateChain; - ptr->localCertificate = global->localCertificate; + ptr->localCertificateChain = global->localCertificateChain; ptr->privateKey = global->privateKey; ptr->sessionCipher = global->sessionCipher; ptr->ciphers = global->ciphers; |