diff options
-rw-r--r-- | src/network/ssl/qsslcertificate.cpp | 15 | ||||
-rw-r--r-- | src/network/ssl/qsslcertificate.h | 1 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl_symbols.cpp | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl_symbols_p.h | 1 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp | 8 |
5 files changed, 27 insertions, 0 deletions
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 3b7fa4da09..2eef37feff 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -265,6 +265,21 @@ bool QSslCertificate::isBlacklisted() const } /*! + Returns \c true if this certificate is self signed; otherwise + returns \c false. + + A certificate is considered self-signed its issuer and subject + are identical. +*/ +bool QSslCertificate::isSelfSigned() const +{ + if (!d->x509) + return false; + + return (q_X509_check_issued(d->x509, d->x509) == X509_V_OK); +} + +/*! Clears the contents of this certificate, making it a null certificate. diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h index 988071eb9d..0ae491e8d5 100644 --- a/src/network/ssl/qsslcertificate.h +++ b/src/network/ssl/qsslcertificate.h @@ -105,6 +105,7 @@ public: } #endif bool isBlacklisted() const; + bool isSelfSigned() const; void clear(); // Certificate info diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index 65f186b9e9..b0e14e0de1 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -316,6 +316,7 @@ DEFINEFUNC2(int, ASN1_STRING_print, BIO *a, a, const ASN1_STRING *b, b, return 0 #else DEFINEFUNC2(int, ASN1_STRING_print, BIO *a, a, ASN1_STRING *b, b, return 0, return) #endif +DEFINEFUNC2(int, X509_check_issued, X509 *a, a, X509 *b, b, return -1, return) DEFINEFUNC(X509_NAME *, X509_get_issuer_name, X509 *a, a, return 0, return) DEFINEFUNC(X509_NAME *, X509_get_subject_name, X509 *a, a, return 0, return) DEFINEFUNC(int, X509_verify_cert, X509_STORE_CTX *a, a, return -1, return) @@ -819,6 +820,7 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(BASIC_CONSTRAINTS_free) RESOLVEFUNC(AUTHORITY_KEYID_free) RESOLVEFUNC(ASN1_STRING_print) + RESOLVEFUNC(X509_check_issued) RESOLVEFUNC(X509_get_issuer_name) RESOLVEFUNC(X509_get_subject_name) RESOLVEFUNC(X509_verify_cert) diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h index 70d4c25456..36e196b072 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols_p.h +++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h @@ -407,6 +407,7 @@ int q_ASN1_STRING_print(BIO *a, const ASN1_STRING *b); #else int q_ASN1_STRING_print(BIO *a, ASN1_STRING *b); #endif +int q_X509_check_issued(X509 *a, X509 *b); X509_NAME *q_X509_get_issuer_name(X509 *a); X509_NAME *q_X509_get_subject_name(X509 *a); int q_X509_verify_cert(X509_STORE_CTX *ctx); diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp index 74c3f7833b..e3151ba862 100644 --- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp @@ -104,6 +104,7 @@ private slots: void largeSerialNumber(); void largeExpirationDate(); void blacklistedCertificates(); + void selfsignedCertificates(); void toText(); void multipleCommonNames(); void subjectAndIssuerAttributes(); @@ -846,6 +847,13 @@ void tst_QSslCertificate::blacklistedCertificates() } } +void tst_QSslCertificate::selfsignedCertificates() +{ + QVERIFY(QSslCertificate::fromPath(testDataDir + "/certificates/cert-ss.pem").first().isSelfSigned()); + QVERIFY(!QSslCertificate::fromPath(testDataDir + "/certificates/cert.pem").first().isSelfSigned()); + QVERIFY(!QSslCertificate().isSelfSigned()); +} + void tst_QSslCertificate::toText() { QList<QSslCertificate> certList = |