diff options
-rw-r--r-- | src/network/access/qnetworkcookiejar.cpp | 4 | ||||
-rw-r--r-- | src/network/ssl/qsslcertificate.h | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslcontext_openssl.cpp | 4 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 3 |
4 files changed, 8 insertions, 5 deletions
diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp index 3cefb28f68..39f94a451f 100644 --- a/src/network/access/qnetworkcookiejar.cpp +++ b/src/network/access/qnetworkcookiejar.cpp @@ -216,7 +216,7 @@ QList<QNetworkCookie> QNetworkCookieJar::cookiesForUrl(const QUrl &url) const // It does not implement a very good cross-domain verification yet. Q_D(const QNetworkCookieJar); - QDateTime now = QDateTime::currentDateTime(); + const QDateTime now = QDateTime::currentDateTimeUtc(); QList<QNetworkCookie> result; bool isEncrypted = url.scheme().toLower() == QLatin1String("https"); @@ -265,7 +265,7 @@ QList<QNetworkCookie> QNetworkCookieJar::cookiesForUrl(const QUrl &url) const bool QNetworkCookieJar::insertCookie(const QNetworkCookie &cookie) { Q_D(QNetworkCookieJar); - QDateTime now = QDateTime::currentDateTime(); + const QDateTime now = QDateTime::currentDateTimeUtc(); bool isDeletion = !cookie.isSessionCookie() && cookie.expirationDate() < now; diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h index af605b0629..d58cfcf5d1 100644 --- a/src/network/ssl/qsslcertificate.h +++ b/src/network/ssl/qsslcertificate.h @@ -97,7 +97,7 @@ public: bool isNull() const; #if QT_DEPRECATED_SINCE(5,0) QT_DEPRECATED inline bool isValid() const { - const QDateTime currentTime = QDateTime::currentDateTime(); + const QDateTime currentTime = QDateTime::currentDateTimeUtc(); return currentTime >= effectiveDate() && currentTime <= expiryDate() && !isBlacklisted(); diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp index b88ab54038..68caaeb6dc 100644 --- a/src/network/ssl/qsslcontext_openssl.cpp +++ b/src/network/ssl/qsslcontext_openssl.cpp @@ -215,6 +215,8 @@ init_context: return sslContext; } + const QDateTime now = QDateTime::currentDateTimeUtc(); + // Add all our CAs to this store. foreach (const QSslCertificate &caCertificate, sslContext->sslConfiguration.caCertificates()) { // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: @@ -228,7 +230,7 @@ init_context: // certificates mixed with valid ones. // // See also: QSslSocketBackendPrivate::verify() - if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) { + if (caCertificate.expiryDate() >= now) { q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); } } diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index a8e4c61e9a..dd47dfc45f 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1660,6 +1660,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> & setDefaultCaCertificates(defaultCaCertificates() + systemCaCertificates()); } + const QDateTime now = QDateTime::currentDateTimeUtc(); foreach (const QSslCertificate &caCertificate, QSslConfiguration::defaultConfiguration().caCertificates()) { // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: // @@ -1672,7 +1673,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> & // certificates mixed with valid ones. // // See also: QSslContext::fromConfiguration() - if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) { + if (caCertificate.expiryDate() >= now) { q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle())); } } |