diff options
-rw-r--r-- | src/network/ssl/qsslsocket.cpp | 188 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket.h | 19 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 4 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp | 15 | ||||
-rw-r--r-- | tests/benchmarks/network/ssl/qsslsocket/tst_qsslsocket.cpp | 2 |
5 files changed, 14 insertions, 214 deletions
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index ab1f2b0dc8..188473912c 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -1378,194 +1378,6 @@ QSslKey QSslSocket::privateKey() const } /*! - \deprecated - - Use QSslConfiguration::addCaCertificate() instead. - - Adds the \a certificate to this socket's CA certificate database. - The CA certificate database is used by the socket during the - handshake phase to validate the peer's certificate. - - To add multiple certificates, use addCaCertificates(). - - \sa QSslConfiguration::caCertificates(), - QSslConfiguration::setCaCertificates() -*/ -void QSslSocket::addCaCertificate(const QSslCertificate &certificate) -{ - Q_D(QSslSocket); - d->configuration.caCertificates += certificate; -} - -/*! - \deprecated - - Use QSslConfiguration::addCaCertificates() instead. - - Adds the \a certificates to this socket's CA certificate database. - The CA certificate database is used by the socket during the - handshake phase to validate the peer's certificate. - - For more precise control, use addCaCertificate(). - - \sa QSslConfiguration::caCertificates(), addDefaultCaCertificate() -*/ -void QSslSocket::addCaCertificates(const QList<QSslCertificate> &certificates) -{ - Q_D(QSslSocket); - d->configuration.caCertificates += certificates; -} - -#if QT_DEPRECATED_SINCE(5, 5) -/*! - \deprecated - - Use QSslConfiguration::setCaCertificates() instead. - - Sets this socket's CA certificate database to be \a certificates. - The certificate database must be set prior to the SSL handshake. - The CA certificate database is used by the socket during the - handshake phase to validate the peer's certificate. - - The CA certificate database can be reset to the current default CA - certificate database by calling this function with the list of CA - certificates returned by defaultCaCertificates(). - - \sa defaultCaCertificates() -*/ -void QSslSocket::setCaCertificates(const QList<QSslCertificate> &certificates) -{ - Q_D(QSslSocket); - d->configuration.caCertificates = certificates; - d->allowRootCertOnDemandLoading = false; -} - -/*! - \deprecated - - Use QSslConfiguration::caCertificates() instead. - - Returns this socket's CA certificate database. The CA certificate - database is used by the socket during the handshake phase to - validate the peer's certificate. It can be moodified prior to the - handshake with addCaCertificate(), addCaCertificates(), and - setCaCertificates(). - - \note On Unix, this method may return an empty list if the root - certificates are loaded on demand. - - \sa addCaCertificate(), addCaCertificates(), setCaCertificates() -*/ -QList<QSslCertificate> QSslSocket::caCertificates() const -{ - Q_D(const QSslSocket); - return d->configuration.caCertificates; -} -#endif // #if QT_DEPRECATED_SINCE(5, 5) - -/*! - \deprecated - - Use QSslConfiguration::addCaCertificate() on the default QSslConfiguration instead. - - Adds \a certificate to the default CA certificate database. Each - SSL socket's CA certificate database is initialized to the default - CA certificate database. - - \sa QSslConfiguration::addCaCertificates() -*/ -void QSslSocket::addDefaultCaCertificate(const QSslCertificate &certificate) -{ - QSslSocketPrivate::addDefaultCaCertificate(certificate); -} - -/*! - \deprecated - - Use QSslConfiguration::addCaCertificates() on the default QSslConfiguration instead. - - Adds \a certificates to the default CA certificate database. Each - SSL socket's CA certificate database is initialized to the default - CA certificate database. - - \sa QSslConfiguration::caCertificates(), QSslConfiguration::addCaCertificates() -*/ -void QSslSocket::addDefaultCaCertificates(const QList<QSslCertificate> &certificates) -{ - QSslSocketPrivate::addDefaultCaCertificates(certificates); -} - -#if QT_DEPRECATED_SINCE(5, 5) -/*! - \deprecated - - Use QSslConfiguration::setCaCertificates() on the default QSslConfiguration instead. - - Sets the default CA certificate database to \a certificates. The - default CA certificate database is originally set to your system's - default CA certificate database. You can override the default CA - certificate database with your own CA certificate database using - this function. - - Each SSL socket's CA certificate database is initialized to the - default CA certificate database. - - \sa addDefaultCaCertificate() -*/ -void QSslSocket::setDefaultCaCertificates(const QList<QSslCertificate> &certificates) -{ - QSslSocketPrivate::setDefaultCaCertificates(certificates); -} - -/*! - \deprecated - - Use QSslConfiguration::caCertificates() on the default QSslConfiguration instead. - - Returns the current default CA certificate database. This database - is originally set to your system's default CA certificate database. - If no system default database is found, an empty database will be - returned. You can override the default CA certificate database - with your own CA certificate database using setDefaultCaCertificates(). - - Each SSL socket's CA certificate database is initialized to the - default CA certificate database. - - \note On Unix, this method may return an empty list if the root - certificates are loaded on demand. - - \sa caCertificates() -*/ -QList<QSslCertificate> QSslSocket::defaultCaCertificates() -{ - return QSslSocketPrivate::defaultCaCertificates(); -} - -/*! - \deprecated - - Use QSslConfiguration::systemDefaultCaCertificates instead. - - This function provides the CA certificate database - provided by the operating system. The CA certificate database - returned by this function is used to initialize the database - returned by defaultCaCertificates(). You can replace that database - with your own with setDefaultCaCertificates(). - - \note: On OS X, only certificates that are either trusted for all - purposes or trusted for the purpose of SSL in the keychain will be - returned. - - \sa caCertificates(), defaultCaCertificates(), setDefaultCaCertificates() -*/ -QList<QSslCertificate> QSslSocket::systemCaCertificates() -{ - // we are calling ensureInitialized() in the method below - return QSslSocketPrivate::systemCaCertificates(); -} -#endif // #if QT_DEPRECATED_SINCE(5, 5) - -/*! Waits until the socket is connected, or \a msecs milliseconds, whichever happens first. If the connection has been established, this function returns \c true; otherwise it returns \c false. diff --git a/src/network/ssl/qsslsocket.h b/src/network/ssl/qsslsocket.h index a091828638..d7a4fbe070 100644 --- a/src/network/ssl/qsslsocket.h +++ b/src/network/ssl/qsslsocket.h @@ -196,25 +196,6 @@ public: const QByteArray &passPhrase = QByteArray()); QSslKey privateKey() const; - // CA settings. -#if QT_DEPRECATED_SINCE(5, 15) - QT_DEPRECATED_X("Use QSslConfiguration::addCaCertificate()") void addCaCertificate(const QSslCertificate &certificate); - QT_DEPRECATED_X("Use QSslConfiguration::addCaCertificates()") void addCaCertificates(const QList<QSslCertificate> &certificates); -#endif // QT_DEPRECATED_SINCE(5, 15) -#if QT_DEPRECATED_SINCE(5, 5) - QT_DEPRECATED_X("Use QSslConfiguration::setCaCertificates()") void setCaCertificates(const QList<QSslCertificate> &certificates); - QT_DEPRECATED_X("Use QSslConfiguration::caCertificates()") QList<QSslCertificate> caCertificates() const; -#endif // QT_DEPRECATED_SINCE(5, 5) -#if QT_DEPRECATED_SINCE(5, 15) - QT_DEPRECATED static void addDefaultCaCertificate(const QSslCertificate &certificate); - QT_DEPRECATED static void addDefaultCaCertificates(const QList<QSslCertificate> &certificates); -#endif // QT_DEPRECATED_SINCE(5, 15) -#if QT_DEPRECATED_SINCE(5, 5) - QT_DEPRECATED static void setDefaultCaCertificates(const QList<QSslCertificate> &certificates); - QT_DEPRECATED static QList<QSslCertificate> defaultCaCertificates(); - QT_DEPRECATED_X("Use QSslConfiguration::systemCaCertificates()") static QList<QSslCertificate> systemCaCertificates(); -#endif // QT_DEPRECATED_SINCE(5, 5) - bool waitForConnected(int msecs = 30000) override; bool waitForEncrypted(int msecs = 30000); bool waitForReadyRead(int msecs = 30000) override; diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index ea59063e72..cf10001050 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1752,7 +1752,9 @@ void QSslSocketBackendPrivate::_q_caRootLoaded(QSslCertificate cert, QSslCertifi if (!trustedRoot.isNull() && !trustedRoot.isBlacklisted()) { if (s_loadRootCertsOnDemand) { //Add the new root cert to default cert list for use by future sockets - QSslSocket::addDefaultCaCertificate(trustedRoot); + auto defaultConfig = QSslConfiguration::defaultConfiguration(); + defaultConfig.addCaCertificate(trustedRoot); + QSslConfiguration::setDefaultConfiguration(defaultConfig); } //Add the new root cert to this socket for future connections if (!configuration.caCertificates.contains(trustedRoot)) diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp index 329e3e367d..ee2b05aada 100644 --- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp @@ -32,6 +32,7 @@ #include <qsslkey.h> #include <qsslsocket.h> #include <qsslcertificateextension.h> +#include <qscopeguard.h> #ifndef QT_NO_OPENSSL #include <openssl/obj_mac.h> @@ -1000,11 +1001,15 @@ void tst_QSslCertificate::verify() // Verify a valid cert signed by a CA QList<QSslCertificate> caCerts = QSslCertificate::fromPath(testDataDir + "verify-certs/cacert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - -QT_WARNING_PUSH -QT_WARNING_DISABLE_DEPRECATED - QSslSocket::addDefaultCaCertificate(caCerts.first()); -QT_WARNING_POP + // For the purpose of this test only, add (and then remove) the + // specific CA certificate. + const auto defaultConfig = QSslConfiguration::defaultConfiguration(); + auto temporaryDefault = defaultConfig; + temporaryDefault.addCaCertificate(caCerts.first()); + QSslConfiguration::setDefaultConfiguration(temporaryDefault); + const auto confGuard = qScopeGuard([&defaultConfig](){ + QSslConfiguration::setDefaultConfiguration(defaultConfig); + }); toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-ocsp-good-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); diff --git a/tests/benchmarks/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/benchmarks/network/ssl/qsslsocket/tst_qsslsocket.cpp index afd0c720a2..d44556db58 100644 --- a/tests/benchmarks/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/benchmarks/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -92,7 +92,7 @@ void tst_QSslSocket::systemCaCertificates() // Therefore this benchmark is only good for manual regression checking between // Qt versions. QBENCHMARK_ONCE { - QList<QSslCertificate> list = QSslSocket::systemCaCertificates(); + QList<QSslCertificate> list = QSslConfiguration::defaultConfiguration().systemCaCertificates(); } } |