diff options
| -rw-r--r-- | src/network/ssl/qdtls_openssl.cpp | 2 | ||||
| -rw-r--r-- | tests/auto/network/ssl/qdtls/tst_qdtls.cpp | 27 |
2 files changed, 28 insertions, 1 deletions
diff --git a/src/network/ssl/qdtls_openssl.cpp b/src/network/ssl/qdtls_openssl.cpp index 2e5a26d596..a8f6ebcf7f 100644 --- a/src/network/ssl/qdtls_openssl.cpp +++ b/src/network/ssl/qdtls_openssl.cpp @@ -1054,7 +1054,7 @@ bool QDtlsPrivateOpenSSL::continueHandshake(QUdpSocket *socket, const QByteArray || (dtlsConfiguration.peerVerifyMode == QSslSocket::AutoVerifyPeer && mode == QSslSocket::SslClientMode); - if (!doVerifyPeer || verifyPeer()) { + if (!doVerifyPeer || verifyPeer() || tlsErrorsWereIgnored()) { connectionEncrypted = true; handshakeState = QDtls::HandshakeComplete; return true; diff --git a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp index 571d341126..60ab87d6f2 100644 --- a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp +++ b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp @@ -41,6 +41,7 @@ #include <QtCore/qcryptographichash.h> #include <QtCore/qbytearray.h> +#include <QtCore/qvector.h> #include <QtCore/qstring.h> #include <QtCore/qobject.h> @@ -99,6 +100,7 @@ private slots: void protocolVersionMatching(); void verificationErrors_data(); void verificationErrors(); + void ignoreExpectedErrors(); void verifyServerCertificate_data(); void verifyServerCertificate(); void verifyClientCertificate_data(); @@ -685,6 +687,31 @@ void tst_QDtls::verificationErrors() } } +void tst_QDtls::ignoreExpectedErrors() +{ + connectHandshakeReadingSlots(); + + auto serverConfig = defaultServerConfig; + serverConfig.setPrivateKey(serverKeySS); + serverConfig.setLocalCertificate(selfSignedCert); + QVERIFY(serverCrypto->setDtlsConfiguration(serverConfig)); + + const QVector<QSslError> expectedErrors = {{QSslError::HostNameMismatch, selfSignedCert}, + {QSslError::SelfSignedCertificate, selfSignedCert}}; + + clientCrypto->ignoreVerificationErrors(expectedErrors); + QVERIFY(clientCrypto->setPeer(serverAddress, serverPort)); + QVERIFY(clientCrypto->doHandshake(&clientSocket)); + + testLoop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY(!testLoop.timeout()); + + QDTLS_VERIFY_HANDSHAKE_SUCCESS(serverCrypto); + QCOMPARE(clientCrypto->handshakeState(), QDtls::HandshakeComplete); + QVERIFY(clientCrypto->isConnectionEncrypted()); +} + void tst_QDtls::verifyServerCertificate_data() { QTest::addColumn<QSslSocket::PeerVerifyMode>("verifyMode"); |