diff options
| author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2020-10-15 13:08:59 +0200 |
|---|---|---|
| committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2020-10-16 05:21:49 +0200 |
| commit | aa6b865899f1ef1b9960d70763cbd19cc18fffd4 (patch) | |
| tree | fb29692ea0cadb9113120b0e630b7103368a43c3 /src | |
| parent | 1ccd99187ccf2eb5c8f23cf2c84ae205dc7e29ff (diff) | |
QSslCertificate (generic) fill the extension's variant map
When parsing subjectAltName extension to make it more like OpenSSL
counterpart.
Fixes: QTBUG-86830
Change-Id: If1a4e72ee0b19f2cf40aa53632f9ec1468178c3b
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src')
| -rw-r--r-- | src/network/ssl/qsslcertificate_qt.cpp | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/network/ssl/qsslcertificate_qt.cpp b/src/network/ssl/qsslcertificate_qt.cpp index c0f3710a9a..f17d1500c5 100644 --- a/src/network/ssl/qsslcertificate_qt.cpp +++ b/src/network/ssl/qsslcertificate_qt.cpp @@ -402,10 +402,18 @@ bool QSslCertificatePrivate::parse(const QByteArray &data) QSslCertificateExtension extension; if (!parseExtension(elem.value(), &extension)) return false; - extensions << extension; if (extension.oid() == QLatin1String("2.5.29.17")) { // subjectAltName + + // Note, parseExtension() returns true for this extensions, + // but considers it to be unsupported and assignes a useless + // value. OpenSSL also treats this extension as unsupported, + // but properly creates a map with 'name' and 'value' taken + // from the extension. We only support 'email', 'IP' and 'DNS', + // but this is what our subjectAlternativeNames map can contain + // anyway. + QVariantMap extValue; QAsn1Element sanElem; if (sanElem.read(extension.value().toByteArray()) && sanElem.type() == QAsn1Element::SequenceType) { QDataStream nameStream(sanElem.value()); @@ -414,9 +422,11 @@ bool QSslCertificatePrivate::parse(const QByteArray &data) switch (nameElem.type()) { case QAsn1Element::Rfc822NameType: subjectAlternativeNames.insert(QSsl::EmailEntry, nameElem.toString()); + extValue[QStringLiteral("email")] = nameElem.toString(); break; case QAsn1Element::DnsNameType: subjectAlternativeNames.insert(QSsl::DnsEntry, nameElem.toString()); + extValue[QStringLiteral("DNS")] = nameElem.toString(); break; case QAsn1Element::IpAddressType: { QHostAddress ipAddress; @@ -431,16 +441,22 @@ bool QSslCertificatePrivate::parse(const QByteArray &data) default: // Unknown IP address format break; } - if (!ipAddress.isNull()) + if (!ipAddress.isNull()) { subjectAlternativeNames.insert(QSsl::IpAddressEntry, ipAddress.toString()); + extValue[QStringLiteral("IP")] = ipAddress.toString(); + } break; } default: break; } } + extension.d->value = extValue; + extension.d->supported = true; } } + + extensions << extension; } } } |