OpenSSL: handle renegotiate errors by comparing certs

If the certificate didn't change then our trust in it didn't either. Sadly, cannot have an autotest because we don't have any way to facilitate a renegotiation at the moment and with TLS 1.3 not having them at all it's unlikely we ever will. Pick-to: 6.2 5.15 Task-number: QTBUG-92231 Change-Id: Ibaa9b2f627daca05021c574e69526710aacdadae Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
author: Mårten Nordheim <marten.nordheim@qt.io> 2021-11-29 16:31:21 +0100
committer: Mårten Nordheim <marten.nordheim@qt.io> 2021-12-02 19:29:58 +0000
commit: a6744bc9f9d0a1bcdaa6769ddb39a18dfad5f5c3 (patch)
tree: 9dad47f98353d9e8602f69cc9bb727edd27d629e /src/plugins/tls/openssl/qtls_openssl_p.h
parent: 3c6582a082bdaa4940efdf93ea294e8f03f39435 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/plugins/tls/openssl/qtls_openssl_p.h b/src/plugins/tls/openssl/qtls_openssl_p.h
index 60dae884fc..2fcefb222c 100644
--- a/src/plugins/tls/openssl/qtls_openssl_p.h
+++ b/src/plugins/tls/openssl/qtls_openssl_p.h
@@ -121,6 +121,9 @@ public:
     unsigned pskServerTlsCallback(const char *identity, unsigned char *psk,
                                   unsigned max_psk_len);
 
+    bool isInSslRead() const;
+    void setRenegotiated(bool renegotiated);
+
 #ifdef Q_OS_WIN
     void fetchCaRootForCert(const QSslCertificate &cert);
     void caRootLoaded(QSslCertificate certificate, QSslCertificate trustedRoot);
@@ -160,6 +163,9 @@ private:
     bool errorsReportedFromCallback = false;
 
     bool shutdown = false;
+
+    bool inSslRead = false;
+    bool renegotiated = false;
 };
 
 } // namespace QTlsPrivate
author	Mårten Nordheim <marten.nordheim@qt.io>	2021-11-29 16:31:21 +0100
committer	Mårten Nordheim <marten.nordheim@qt.io>	2021-12-02 19:29:58 +0000
commit	a6744bc9f9d0a1bcdaa6769ddb39a18dfad5f5c3 (patch)
tree	9dad47f98353d9e8602f69cc9bb727edd27d629e /src/plugins/tls/openssl/qtls_openssl_p.h
parent	3c6582a082bdaa4940efdf93ea294e8f03f39435 (diff)