diff options
author | Mårten Nordheim <marten.nordheim@qt.io> | 2021-11-29 16:31:21 +0100 |
---|---|---|
committer | Mårten Nordheim <marten.nordheim@qt.io> | 2021-12-02 19:29:58 +0000 |
commit | a6744bc9f9d0a1bcdaa6769ddb39a18dfad5f5c3 (patch) | |
tree | 9dad47f98353d9e8602f69cc9bb727edd27d629e /src/plugins/tls/openssl/qtls_openssl_p.h | |
parent | 3c6582a082bdaa4940efdf93ea294e8f03f39435 (diff) |
OpenSSL: handle renegotiate errors by comparing certs
If the certificate didn't change then our trust in it didn't either.
Sadly, cannot have an autotest because we don't have any way
to facilitate a renegotiation at the moment and with TLS 1.3
not having them at all it's unlikely we ever will.
Pick-to: 6.2 5.15
Task-number: QTBUG-92231
Change-Id: Ibaa9b2f627daca05021c574e69526710aacdadae
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src/plugins/tls/openssl/qtls_openssl_p.h')
-rw-r--r-- | src/plugins/tls/openssl/qtls_openssl_p.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/plugins/tls/openssl/qtls_openssl_p.h b/src/plugins/tls/openssl/qtls_openssl_p.h index 60dae884fc..2fcefb222c 100644 --- a/src/plugins/tls/openssl/qtls_openssl_p.h +++ b/src/plugins/tls/openssl/qtls_openssl_p.h @@ -121,6 +121,9 @@ public: unsigned pskServerTlsCallback(const char *identity, unsigned char *psk, unsigned max_psk_len); + bool isInSslRead() const; + void setRenegotiated(bool renegotiated); + #ifdef Q_OS_WIN void fetchCaRootForCert(const QSslCertificate &cert); void caRootLoaded(QSslCertificate certificate, QSslCertificate trustedRoot); @@ -160,6 +163,9 @@ private: bool errorsReportedFromCallback = false; bool shutdown = false; + + bool inSslRead = false; + bool renegotiated = false; }; } // namespace QTlsPrivate |