path: root/tests
diff options
authorJeremy Lainé <>2014-08-30 16:39:29 +0200
committerJeremy Lainé <>2014-08-30 17:36:23 +0200
commit5c3a499c9ffbf2d4872dd6a6916b3a3a9a7d9cdd (patch)
tree9ea3da5c7856f1ae48b192e3f4999a8e775bc7b3 /tests
parent2fd0afc1f87edf28295caeaeb8a830d888a3e81b (diff)
ssl: disable (broken) i/o on DER encoded keys
QSslKey currently has methods which supposedly allow decoding and encoding private keys as DER protected by a passphrase. This is broken by design as explained in QTBUG-41038, as storing the encrypted DER data alone makes no sense: such a file lacks the necessary information about the encryption algorithm and initialization vector. This change: - explicitly stops using the passphrase when decoding DER in the constructor. The behavior is unchanged, it is not possible to read the encrypted DER alone. - refuses to honor the passphrase to DER encode a private key. The toDer method now outputs an empty QByteArray instead of garbage. Task-number: QTBUG-41038 Change-Id: I4281050cf1104f12d154db201a173633bfe22bd9 Reviewed-by: Richard J. Moore <>
Diffstat (limited to 'tests')
1 files changed, 3 insertions, 11 deletions
diff --git a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp
index ebe9f0f4d2..642b115bee 100644
--- a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp
+++ b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp
@@ -325,18 +325,10 @@ void tst_QSslKey::toEncryptedPemOrDer()
if (type == QSsl::PrivateKey) {
+ // verify that private keys are never "encrypted" by toDer() and
+ // instead an empty string is returned, see QTBUG-41038.
QByteArray encryptedDer = key.toDer(pwBytes);
- // ### at this point, encryptedDer is invalid, hence the below QEXPECT_FAILs
- QVERIFY(!encryptedDer.isEmpty());
- QSslKey keyDer(encryptedDer, algorithm, QSsl::Der, type, pwBytes);
- if (type == QSsl::PrivateKey)
- QTest::currentDataTag(), "We're not able to decrypt these yet...", Continue);
- QVERIFY(!keyDer.isNull());
- if (type == QSsl::PrivateKey)
- QTest::currentDataTag(), "We're not able to decrypt these yet...", Continue);
- QCOMPARE(keyDer.toPem(), key.toPem());
+ QVERIFY(encryptedDer.isEmpty());
} else {
// verify that public keys are never encrypted by toDer()
QByteArray encryptedDer = key.toDer(pwBytes);