diff options
| -rw-r--r-- | dist/changes-5.0.0 | 5 | ||||
| -rw-r--r-- | src/network/ssl/qsslcertificate.cpp | 29 | ||||
| -rw-r--r-- | src/network/ssl/qsslcertificate.h | 11 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 4 | ||||
| -rw-r--r-- | tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp | 8 |
5 files changed, 39 insertions, 18 deletions
diff --git a/dist/changes-5.0.0 b/dist/changes-5.0.0 index 2afb40077d..df36b2caf4 100644 --- a/dist/changes-5.0.0 +++ b/dist/changes-5.0.0 @@ -11,9 +11,14 @@ information about a particular change. * Source incompatible changes * **************************************************************************** + - QSslCertificate::subjectInfo() and QSslCertificate::issuerInfo() now return a QStringList instead of a QString +- QSslCertificate::isValid() has been deprecated. Originally it only checked + the certificate dates, but later checking for blacklisting was added. Now + there's a more specific QSslCertificate::isBlacklisted() method. + - Unite clipping support has been removed from QPainter. The alternative is to unite QRegion's and using the result on QPainter. diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 0710001198..ea92485b6e 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -62,11 +62,10 @@ a DER (binary) or PEM (Base64) encoded bundle, typically stored as one or more local files, or in a Qt Resource. - You can call isNull() to check if your certificate is null. By - default, QSslCertificate constructs a null certificate. To check - if the certificate is valid, call isValid(). A null certificate is - invalid, but an invalid certificate is not necessarily null. If - you want to reset all contents in a certificate, call clear(). + You can call isNull() to check if your certificate is null. By default, + QSslCertificate constructs a null certificate. A null certificate is + invalid, but an invalid certificate is not necessarily null. If you want + to reset all contents in a certificate, call clear(). After loading a certificate, you can find information about the certificate, its subject, and its issuer, by calling one of the @@ -212,14 +211,17 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const By default, QSslCertificate constructs a null certificate. - \sa isValid(), clear() + \sa clear() */ bool QSslCertificate::isNull() const { return d->null; } +#if QT_DEPRECATED_SINCE(5,0) /*! + \fn bool QSslCertificate::isValid() const + Returns true if this certificate is valid; otherwise returns false. @@ -230,12 +232,17 @@ bool QSslCertificate::isNull() const \sa isNull() */ -bool QSslCertificate::isValid() const +#endif + +/*! + Returns true if this certificate is blacklisted; otherwise + returns false. + + \sa isNull() +*/ +bool QSslCertificate::isBlacklisted() const { - const QDateTime currentTime = QDateTime::currentDateTime(); - return currentTime >= d->notValidBefore && - currentTime <= d->notValidAfter && - ! QSslCertificatePrivate::isBlacklisted(*this); + return QSslCertificatePrivate::isBlacklisted(*this); } /*! diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h index 07a8df308c..711ee055e2 100644 --- a/src/network/ssl/qsslcertificate.h +++ b/src/network/ssl/qsslcertificate.h @@ -46,6 +46,7 @@ #include <QtCore/qnamespace.h> #include <QtCore/qbytearray.h> #include <QtCore/qcryptographichash.h> +#include <QtCore/qdatetime.h> #include <QtCore/qregexp.h> #include <QtCore/qsharedpointer.h> #include <QtCore/qmap.h> @@ -94,7 +95,15 @@ public: inline bool operator!=(const QSslCertificate &other) const { return !operator==(other); } bool isNull() const; - bool isValid() const; +#if QT_DEPRECATED_SINCE(5,0) + QT_DEPRECATED inline bool isValid() const { + const QDateTime currentTime = QDateTime::currentDateTime(); + return currentTime >= effectiveDate() && + currentTime <= expiryDate() && + !isBlacklisted(); + } +#endif + bool isBlacklisted() const; void clear(); // Certificate info diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 2175f7f78f..9cb7066803 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -336,7 +336,7 @@ init_context: foreach (const QSslCertificate &caCertificate, q->caCertificates()) { // add expired certs later, so that the // valid ones are used before the expired ones - if (! caCertificate.isValid()) { + if (caCertificate.expiryDate() > QDateTime::currentDateTime()) { expiredCerts.append(caCertificate); } else { q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle())); @@ -1533,7 +1533,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(QList<QSslCertificate> certifi foreach (const QSslCertificate &caCertificate, QSslSocket::defaultCaCertificates()) { // add expired certs later, so that the // valid ones are used before the expired ones - if (!caCertificate.isValid()) { + if (caCertificate.expiryDate() > QDateTime::currentDateTime()) { expiredCerts.append(caCertificate); } else { q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle())); diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp index 10bb9dccb9..846c50bc89 100644 --- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp @@ -193,7 +193,7 @@ void tst_QSslCertificate::emptyConstructor() QSslCertificate certificate; QVERIFY(certificate.isNull()); //make sure none of the functions crash (task 203035) - QVERIFY(!certificate.isValid()); + QVERIFY(!certificate.isBlacklisted()); QCOMPARE(certificate.version() , QByteArray()); QCOMPARE(certificate.serialNumber(), QByteArray()); QCOMPARE(certificate.digest(), QCryptographicHash::hash(QByteArray(), QCryptographicHash::Md5)); @@ -256,7 +256,7 @@ void tst_QSslCertificate::compareCertificates( { QCOMPARE(cert1.isNull(), cert2.isNull()); // Note: in theory, the next line could fail even if the certificates are identical! - QCOMPARE(cert1.isValid(), cert2.isValid()); + QCOMPARE(cert1.isBlacklisted(), cert2.isBlacklisted()); QCOMPARE(cert1.version(), cert2.version()); QCOMPARE(cert1.serialNumber(), cert2.serialNumber()); QCOMPARE(cert1.digest(), cert2.digest()); @@ -723,7 +723,7 @@ void tst_QSslCertificate::certInfo() QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2007, 4, 17), QTime(7,40,26), Qt::UTC)); QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2007, 5, 17), QTime(7,40,26), Qt::UTC)); - QVERIFY(!cert.isValid()); // cert has expired + QVERIFY(cert.expiryDate() < QDateTime::currentDateTime()); // cert has expired QSslCertificate copy = cert; QVERIFY(cert == copy); @@ -849,7 +849,7 @@ void tst_QSslCertificate::blacklistedCertificates() QList<QSslCertificate> blacklistedCerts = QSslCertificate::fromPath("more-certificates/blacklisted*.pem", QSsl::Pem, QRegExp::Wildcard); QVERIFY2(blacklistedCerts.count() > 0, "Please run this test from the source directory"); for (int a = 0; a < blacklistedCerts.count(); a++) { - QVERIFY(! blacklistedCerts.at(a).isValid()); + QVERIFY(blacklistedCerts.at(a).isBlacklisted()); } } |