diff options
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 26 | ||||
-rw-r--r-- | tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp | 3 |
2 files changed, 23 insertions, 6 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index bac837e62f..59f6f53fef 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1239,7 +1239,8 @@ bool QSslSocketBackendPrivate::startHandshake() #ifdef Q_OS_WIN //Skip this if not using system CAs, or if the SSL errors are configured in advance to be ignorable - if (s_loadRootCertsOnDemand + if (doVerifyPeer + && s_loadRootCertsOnDemand && allowRootCertOnDemandLoading && !verifyErrorsHaveBeenIgnored()) { //Windows desktop versions starting from vista ship with minimal set of roots @@ -1247,12 +1248,29 @@ bool QSslSocketBackendPrivate::startHandshake() //trusted by MS. //However, this is only transparent if using WinINET - we have to trigger it //ourselves. + QSslCertificate certToFetch; + bool fetchCertificate = true; for (int i=0; i< sslErrors.count(); i++) { - if (sslErrors.at(i).error() == QSslError::UnableToGetLocalIssuerCertificate) { - fetchCaRootForCert(sslErrors.at(i).certificate()); - return false; + switch (sslErrors.at(i).error()) { + case QSslError::UnableToGetLocalIssuerCertificate: + certToFetch = sslErrors.at(i).certificate(); + break; + case QSslError::SelfSignedCertificate: + case QSslError::CertificateBlacklisted: + //With these errors, we know it will be untrusted so save time by not asking windows + fetchCertificate = false; + break; + default: +#ifdef QSSLSOCKET_DEBUG + qDebug() << sslErrors.at(i).errorString(); +#endif + break; } } + if (fetchCertificate && !certToFetch.isNull()) { + fetchCaRootForCert(certToFetch); + return false; + } } #endif diff --git a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp index 824f5fc507..90cecba72c 100644 --- a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp +++ b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp @@ -4410,9 +4410,8 @@ void tst_QNetworkReply::ioPostToHttpsUploadProgress() incomingSocket->setReadBufferSize(1*1024); - QTestEventLoop::instance().enterLoop(2); // some progress should have been made - QVERIFY(!spy.isEmpty()); + QTRY_VERIFY(!spy.isEmpty()); QList<QVariant> args = spy.last(); QVERIFY(args.at(0).toLongLong() > 0); // but not everything! |