1 files changed, 18 insertions, 2 deletions

diff --git a/src/network/ssl/qsslcertificate_qt.cpp b/src/network/ssl/qsslcertificate_qt.cpp
index c0f3710a9a..f17d1500c5 100644
--- a/src/network/ssl/qsslcertificate_qt.cpp
+++ b/src/network/ssl/qsslcertificate_qt.cpp
@@ -402,10 +402,18 @@ bool QSslCertificatePrivate::parse(const QByteArray &data)
                     QSslCertificateExtension extension;
                     if (!parseExtension(elem.value(), &extension))
                         return false;
-                    extensions << extension;
 
                     if (extension.oid() == QLatin1String("2.5.29.17")) {
                         // subjectAltName
+
+                        // Note, parseExtension() returns true for this extensions,
+                        // but considers it to be unsupported and assignes a useless
+                        // value. OpenSSL also treats this extension as unsupported,
+                        // but properly creates a map with 'name' and 'value' taken
+                        // from the extension. We only support 'email', 'IP' and 'DNS',
+                        // but this is what our subjectAlternativeNames map can contain
+                        // anyway.
+                        QVariantMap extValue;
                         QAsn1Element sanElem;
                         if (sanElem.read(extension.value().toByteArray()) && sanElem.type() == QAsn1Element::SequenceType) {
                             QDataStream nameStream(sanElem.value());
@@ -414,9 +422,11 @@ bool QSslCertificatePrivate::parse(const QByteArray &data)
                                 switch (nameElem.type()) {
                                 case QAsn1Element::Rfc822NameType:
                                     subjectAlternativeNames.insert(QSsl::EmailEntry, nameElem.toString());
+                                    extValue[QStringLiteral("email")] = nameElem.toString();
                                     break;
                                 case QAsn1Element::DnsNameType:
                                     subjectAlternativeNames.insert(QSsl::DnsEntry, nameElem.toString());
+                                    extValue[QStringLiteral("DNS")] = nameElem.toString();
                                     break;
                                 case QAsn1Element::IpAddressType: {
                                     QHostAddress ipAddress;
@@ -431,16 +441,22 @@ bool QSslCertificatePrivate::parse(const QByteArray &data)
                                     default: // Unknown IP address format
                                         break;
                                     }
-                                    if (!ipAddress.isNull())
+                                    if (!ipAddress.isNull()) {
                                         subjectAlternativeNames.insert(QSsl::IpAddressEntry, ipAddress.toString());
+                                        extValue[QStringLiteral("IP")] = ipAddress.toString();
+                                    }
                                     break;
                                 }
                                 default:
                                     break;
                                 }
                             }
+                            extension.d->value = extValue;
+                            extension.d->supported = true;
                         }
                     }
+
+                    extensions << extension;
                 }
             }
         }