diff options
author | Edward Welbourne <edward.welbourne@qt.io> | 2021-07-15 11:01:09 +0200 |
---|---|---|
committer | Marc Mutz <marc.mutz@kdab.com> | 2021-07-16 15:01:25 +0000 |
commit | e4670df1182b1ec096ede3aad27828cfd85ecf1f (patch) | |
tree | 3368a327610c70314a4efdb82c31b6b2cf2fe296 /src/plugins/tls | |
parent | aff8d83512e719b7599c0e759b81fb9b63eadb04 (diff) |
Tidy up systemCaCertificates() function in OpenSSL backend
As pointed out by Marc Mutz in another review, the Android branches of
its #if-ery amounted to a complicated no-op, so simplify the #if-ery,
add a TODO and then simplify the code thereby freed of the need to
accommodate the #if-ery.
In the process, initialize a set of filenames with the two filenames
that we read certificates from after looping over the set, which might
have left those files being read twice.
Change-Id: I2ee4ee3c3cf40226ee6a50afd6127fa4a71d2834
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'src/plugins/tls')
-rw-r--r-- | src/plugins/tls/openssl/qtlsbackend_openssl.cpp | 29 |
1 files changed, 11 insertions, 18 deletions
diff --git a/src/plugins/tls/openssl/qtlsbackend_openssl.cpp b/src/plugins/tls/openssl/qtlsbackend_openssl.cpp index fe5f5d2354..2374f79ed6 100644 --- a/src/plugins/tls/openssl/qtlsbackend_openssl.cpp +++ b/src/plugins/tls/openssl/qtlsbackend_openssl.cpp @@ -398,20 +398,17 @@ QList<QSslCertificate> systemCaCertificates() } CertCloseStore(hSystemStore, 0); } +#elif defined(Q_OS_ANDROID) + // TODO: find where it hides its system certs ! #elif defined(Q_OS_UNIX) - QSet<QString> certFiles; - QDir currentDir; - QStringList nameFilters; - QSsl::EncodingFormat platformEncodingFormat; -# ifdef Q_OS_ANDROID - const QList<QByteArray> directories; -# else - const QList<QByteArray> directories = QSslSocketPrivate::unixRootCertDirectories(); - nameFilters << QLatin1String("*.pem") << QLatin1String("*.crt"); - platformEncodingFormat = QSsl::Pem; -# endif //Q_OS_ANDROID { - currentDir.setNameFilters(nameFilters); + const QList<QByteArray> directories = QSslSocketPrivate::unixRootCertDirectories(); + QSet<QString> certFiles = { + QStringLiteral("/etc/pki/tls/certs/ca-bundle.crt"), // Fedora, Mandriva + QStringLiteral("/usr/local/share/certs/ca-root-nss.crt") // FreeBSD's ca_root_nss + }; + QDir currentDir; + currentDir.setNameFilters(QStringList{QStringLiteral("*.pem"), QStringLiteral("*.crt")}); for (const auto &directory : directories) { currentDir.setPath(QLatin1String(directory)); QDirIterator it(currentDir); @@ -422,13 +419,9 @@ QList<QSslCertificate> systemCaCertificates() } } for (const QString& file : qAsConst(certFiles)) - systemCerts.append(QSslCertificate::fromPath(file, platformEncodingFormat)); -# ifndef Q_OS_ANDROID - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora, Mandriva - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/share/certs/ca-root-nss.crt"), QSsl::Pem)); // FreeBSD's ca_root_nss -# endif + systemCerts.append(QSslCertificate::fromPath(file, QSsl::Pem)); } -#endif +#endif // platform #ifdef QSSLSOCKET_DEBUG qCDebug(lcTlsBackend) << "systemCaCertificates retrieval time " << timer.elapsed() << "ms"; qCDebug(lcTlsBackend) << "imported " << systemCerts.count() << " certificates"; |