Merge remote-tracking branch 'origin/5.9' into dev

Conflicts:
	src/widgets/widgets/qmenu.cpp

Change-Id: I6d3baf56eb24501cddb129a3cb6b958ccc25a308

4 files changed, 38 insertions, 34 deletions

diff --git a/src/network/socket/qnativesocketengine_winrt.cpp b/src/network/socket/qnativesocketengine_winrt.cpp
index 0625ea65da..38c2b6e8c0 100644
--- a/src/network/socket/qnativesocketengine_winrt.cpp
+++ b/src/network/socket/qnativesocketengine_winrt.cpp
@@ -1250,20 +1250,22 @@ void QNativeSocketEngine::handleConnectOpFinished(bool success, QAbstractSocket:
 void QNativeSocketEngine::handleNewDatagrams(const QList<WinRtDatagram> &datagrams)
 {
     Q_D(QNativeSocketEngine);
-    // Defer putting the datagrams into the list until the next event loop iteration
-    // (where the readyRead signal is emitted as well)
-    QMetaObject::invokeMethod(this, "putIntoPendingDatagramsList", Qt::QueuedConnection,
-                              Q_ARG(QList<WinRtDatagram>, datagrams));
+    QMutexLocker locker(&d->readMutex);
+    d->pendingDatagrams.append(datagrams);
     if (d->notifyOnRead)
         emit readReady();
 }
 
 void QNativeSocketEngine::handleNewData(const QVector<QByteArray> &data)
 {
-    // Defer putting the data into the list until the next event loop iteration
-    // (where the readyRead signal is emitted as well)
-    QMetaObject::invokeMethod(this, "putIntoPendingData", Qt::QueuedConnection,
-                              Q_ARG(QVector<QByteArray>, data));
+    Q_D(QNativeSocketEngine);
+    QMutexLocker locker(&d->readMutex);
+    d->pendingData.append(data);
+    for (const QByteArray &newData : data)
+        d->bytesAvailable += newData.length();
+    locker.unlock();
+    if (d->notifyOnRead)
+        readNotification();
 }
 
 void QNativeSocketEngine::handleTcpError(QAbstractSocket::SocketError error)
@@ -1284,25 +1286,6 @@ void QNativeSocketEngine::handleTcpError(QAbstractSocket::SocketError error)
         emit readReady();
 }
 
-void QNativeSocketEngine::putIntoPendingDatagramsList(const QList<WinRtDatagram> &datagrams)
-{
-    Q_D(QNativeSocketEngine);
-    QMutexLocker locker(&d->readMutex);
-    d->pendingDatagrams.append(datagrams);
-}
-
-void QNativeSocketEngine::putIntoPendingData(const QVector<QByteArray> &data)
-{
-    Q_D(QNativeSocketEngine);
-    QMutexLocker locker(&d->readMutex);
-    d->pendingData.append(data);
-    for (const QByteArray &newData : data)
-        d->bytesAvailable += newData.length();
-    locker.unlock();
-    if (d->notifyOnRead)
-        readNotification();
-}
-
 bool QNativeSocketEnginePrivate::createNewSocket(QAbstractSocket::SocketType socketType, QAbstractSocket::NetworkLayerProtocol &socketProtocol)
 {
     Q_UNUSED(socketProtocol);
diff --git a/src/network/socket/qnativesocketengine_winrt_p.h b/src/network/socket/qnativesocketengine_winrt_p.h
index 6528c6d627..13922cb397 100644
--- a/src/network/socket/qnativesocketengine_winrt_p.h
+++ b/src/network/socket/qnativesocketengine_winrt_p.h
@@ -183,9 +183,6 @@ private slots:
     void handleTcpError(QAbstractSocket::SocketError error);
 
 private:
-    Q_INVOKABLE void putIntoPendingDatagramsList(const QList<WinRtDatagram> &datagrams);
-    Q_INVOKABLE void putIntoPendingData(const QVector<QByteArray> &data);
-
     Q_DECLARE_PRIVATE(QNativeSocketEngine)
     Q_DISABLE_COPY(QNativeSocketEngine)
 };
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index ce78399e01..6433b84e80 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -143,7 +143,7 @@ QSslCertificate::QSslCertificate(QIODevice *device, QSsl::EncodingFormat format)
     : d(new QSslCertificatePrivate)
 {
     QSslSocketPrivate::ensureInitialized();
-    if (device)
+    if (device && QSslSocket::supportsSsl())
         d->init(device->readAll(), format);
 }
 
@@ -157,7 +157,8 @@ QSslCertificate::QSslCertificate(const QByteArray &data, QSsl::EncodingFormat fo
     : d(new QSslCertificatePrivate)
 {
     QSslSocketPrivate::ensureInitialized();
-    d->init(data, format);
+    if (QSslSocket::supportsSsl())
+        d->init(data, format);
 }
 
 /*!
diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp
index 0456b7cdc7..0a9588deea 100644
--- a/src/network/ssl/qsslsocket_mac.cpp
+++ b/src/network/ssl/qsslsocket_mac.cpp
@@ -1226,9 +1226,32 @@ bool QSslSocketBackendPrivate::verifyPeerTrust()
         QCFType<SecCertificateRef> certRef = SecCertificateCreateWithData(NULL, certData);
         CFArrayAppendValue(certArray, certRef);
     }
+
     SecTrustSetAnchorCertificates(trust, certArray);
-    // Secure Transport should use anchors only from our QSslConfiguration:
-    SecTrustSetAnchorCertificatesOnly(trust, true);
+
+    // By default SecTrustEvaluate uses both CA certificates provided in
+    // QSslConfiguration and the ones from the system database. This behavior can
+    // be unexpected if a user's code tries to limit the trusted CAs to those
+    // explicitly set in QSslConfiguration.
+    // Since on macOS we initialize the default QSslConfiguration copying the
+    // system CA certificates (using SecTrustSettingsCopyCertificates) we can
+    // call SecTrustSetAnchorCertificatesOnly(trust, true) to force SecTrustEvaluate
+    // to use anchors only from our QSslConfiguration.
+    // Unfortunately, SecTrustSettingsCopyCertificates is not available on iOS
+    // and the default QSslConfiguration always has an empty list of system CA
+    // certificates. This leaves no way to provide client code with access to the
+    // actual system CA certificate list (which most use-cases need) other than
+    // by letting SecTrustEvaluate fall through to the system list; so, in this case
+    // (even though the client code may have provided its own certs), we retain
+    // the default behavior.
+
+#ifdef Q_OS_MACOS
+    const bool anchorsFromConfigurationOnly = true;
+#else
+    const bool anchorsFromConfigurationOnly = false;
+#endif
+
+    SecTrustSetAnchorCertificatesOnly(trust, anchorsFromConfigurationOnly);
 
     SecTrustResultType trustResult = kSecTrustResultInvalid;
     SecTrustEvaluate(trust, &trustResult);