summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/network/ssl/qsslsocket.cpp188
-rw-r--r--src/network/ssl/qsslsocket.h19
-rw-r--r--src/network/ssl/qsslsocket_openssl.cpp4
-rw-r--r--tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp15
-rw-r--r--tests/benchmarks/network/ssl/qsslsocket/tst_qsslsocket.cpp2
5 files changed, 14 insertions, 214 deletions
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index ab1f2b0dc8..188473912c 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -1378,194 +1378,6 @@ QSslKey QSslSocket::privateKey() const
}
/*!
- \deprecated
-
- Use QSslConfiguration::addCaCertificate() instead.
-
- Adds the \a certificate to this socket's CA certificate database.
- The CA certificate database is used by the socket during the
- handshake phase to validate the peer's certificate.
-
- To add multiple certificates, use addCaCertificates().
-
- \sa QSslConfiguration::caCertificates(),
- QSslConfiguration::setCaCertificates()
-*/
-void QSslSocket::addCaCertificate(const QSslCertificate &certificate)
-{
- Q_D(QSslSocket);
- d->configuration.caCertificates += certificate;
-}
-
-/*!
- \deprecated
-
- Use QSslConfiguration::addCaCertificates() instead.
-
- Adds the \a certificates to this socket's CA certificate database.
- The CA certificate database is used by the socket during the
- handshake phase to validate the peer's certificate.
-
- For more precise control, use addCaCertificate().
-
- \sa QSslConfiguration::caCertificates(), addDefaultCaCertificate()
-*/
-void QSslSocket::addCaCertificates(const QList<QSslCertificate> &certificates)
-{
- Q_D(QSslSocket);
- d->configuration.caCertificates += certificates;
-}
-
-#if QT_DEPRECATED_SINCE(5, 5)
-/*!
- \deprecated
-
- Use QSslConfiguration::setCaCertificates() instead.
-
- Sets this socket's CA certificate database to be \a certificates.
- The certificate database must be set prior to the SSL handshake.
- The CA certificate database is used by the socket during the
- handshake phase to validate the peer's certificate.
-
- The CA certificate database can be reset to the current default CA
- certificate database by calling this function with the list of CA
- certificates returned by defaultCaCertificates().
-
- \sa defaultCaCertificates()
-*/
-void QSslSocket::setCaCertificates(const QList<QSslCertificate> &certificates)
-{
- Q_D(QSslSocket);
- d->configuration.caCertificates = certificates;
- d->allowRootCertOnDemandLoading = false;
-}
-
-/*!
- \deprecated
-
- Use QSslConfiguration::caCertificates() instead.
-
- Returns this socket's CA certificate database. The CA certificate
- database is used by the socket during the handshake phase to
- validate the peer's certificate. It can be moodified prior to the
- handshake with addCaCertificate(), addCaCertificates(), and
- setCaCertificates().
-
- \note On Unix, this method may return an empty list if the root
- certificates are loaded on demand.
-
- \sa addCaCertificate(), addCaCertificates(), setCaCertificates()
-*/
-QList<QSslCertificate> QSslSocket::caCertificates() const
-{
- Q_D(const QSslSocket);
- return d->configuration.caCertificates;
-}
-#endif // #if QT_DEPRECATED_SINCE(5, 5)
-
-/*!
- \deprecated
-
- Use QSslConfiguration::addCaCertificate() on the default QSslConfiguration instead.
-
- Adds \a certificate to the default CA certificate database. Each
- SSL socket's CA certificate database is initialized to the default
- CA certificate database.
-
- \sa QSslConfiguration::addCaCertificates()
-*/
-void QSslSocket::addDefaultCaCertificate(const QSslCertificate &certificate)
-{
- QSslSocketPrivate::addDefaultCaCertificate(certificate);
-}
-
-/*!
- \deprecated
-
- Use QSslConfiguration::addCaCertificates() on the default QSslConfiguration instead.
-
- Adds \a certificates to the default CA certificate database. Each
- SSL socket's CA certificate database is initialized to the default
- CA certificate database.
-
- \sa QSslConfiguration::caCertificates(), QSslConfiguration::addCaCertificates()
-*/
-void QSslSocket::addDefaultCaCertificates(const QList<QSslCertificate> &certificates)
-{
- QSslSocketPrivate::addDefaultCaCertificates(certificates);
-}
-
-#if QT_DEPRECATED_SINCE(5, 5)
-/*!
- \deprecated
-
- Use QSslConfiguration::setCaCertificates() on the default QSslConfiguration instead.
-
- Sets the default CA certificate database to \a certificates. The
- default CA certificate database is originally set to your system's
- default CA certificate database. You can override the default CA
- certificate database with your own CA certificate database using
- this function.
-
- Each SSL socket's CA certificate database is initialized to the
- default CA certificate database.
-
- \sa addDefaultCaCertificate()
-*/
-void QSslSocket::setDefaultCaCertificates(const QList<QSslCertificate> &certificates)
-{
- QSslSocketPrivate::setDefaultCaCertificates(certificates);
-}
-
-/*!
- \deprecated
-
- Use QSslConfiguration::caCertificates() on the default QSslConfiguration instead.
-
- Returns the current default CA certificate database. This database
- is originally set to your system's default CA certificate database.
- If no system default database is found, an empty database will be
- returned. You can override the default CA certificate database
- with your own CA certificate database using setDefaultCaCertificates().
-
- Each SSL socket's CA certificate database is initialized to the
- default CA certificate database.
-
- \note On Unix, this method may return an empty list if the root
- certificates are loaded on demand.
-
- \sa caCertificates()
-*/
-QList<QSslCertificate> QSslSocket::defaultCaCertificates()
-{
- return QSslSocketPrivate::defaultCaCertificates();
-}
-
-/*!
- \deprecated
-
- Use QSslConfiguration::systemDefaultCaCertificates instead.
-
- This function provides the CA certificate database
- provided by the operating system. The CA certificate database
- returned by this function is used to initialize the database
- returned by defaultCaCertificates(). You can replace that database
- with your own with setDefaultCaCertificates().
-
- \note: On OS X, only certificates that are either trusted for all
- purposes or trusted for the purpose of SSL in the keychain will be
- returned.
-
- \sa caCertificates(), defaultCaCertificates(), setDefaultCaCertificates()
-*/
-QList<QSslCertificate> QSslSocket::systemCaCertificates()
-{
- // we are calling ensureInitialized() in the method below
- return QSslSocketPrivate::systemCaCertificates();
-}
-#endif // #if QT_DEPRECATED_SINCE(5, 5)
-
-/*!
Waits until the socket is connected, or \a msecs milliseconds,
whichever happens first. If the connection has been established,
this function returns \c true; otherwise it returns \c false.
diff --git a/src/network/ssl/qsslsocket.h b/src/network/ssl/qsslsocket.h
index a091828638..d7a4fbe070 100644
--- a/src/network/ssl/qsslsocket.h
+++ b/src/network/ssl/qsslsocket.h
@@ -196,25 +196,6 @@ public:
const QByteArray &passPhrase = QByteArray());
QSslKey privateKey() const;
- // CA settings.
-#if QT_DEPRECATED_SINCE(5, 15)
- QT_DEPRECATED_X("Use QSslConfiguration::addCaCertificate()") void addCaCertificate(const QSslCertificate &certificate);
- QT_DEPRECATED_X("Use QSslConfiguration::addCaCertificates()") void addCaCertificates(const QList<QSslCertificate> &certificates);
-#endif // QT_DEPRECATED_SINCE(5, 15)
-#if QT_DEPRECATED_SINCE(5, 5)
- QT_DEPRECATED_X("Use QSslConfiguration::setCaCertificates()") void setCaCertificates(const QList<QSslCertificate> &certificates);
- QT_DEPRECATED_X("Use QSslConfiguration::caCertificates()") QList<QSslCertificate> caCertificates() const;
-#endif // QT_DEPRECATED_SINCE(5, 5)
-#if QT_DEPRECATED_SINCE(5, 15)
- QT_DEPRECATED static void addDefaultCaCertificate(const QSslCertificate &certificate);
- QT_DEPRECATED static void addDefaultCaCertificates(const QList<QSslCertificate> &certificates);
-#endif // QT_DEPRECATED_SINCE(5, 15)
-#if QT_DEPRECATED_SINCE(5, 5)
- QT_DEPRECATED static void setDefaultCaCertificates(const QList<QSslCertificate> &certificates);
- QT_DEPRECATED static QList<QSslCertificate> defaultCaCertificates();
- QT_DEPRECATED_X("Use QSslConfiguration::systemCaCertificates()") static QList<QSslCertificate> systemCaCertificates();
-#endif // QT_DEPRECATED_SINCE(5, 5)
-
bool waitForConnected(int msecs = 30000) override;
bool waitForEncrypted(int msecs = 30000);
bool waitForReadyRead(int msecs = 30000) override;
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index ea59063e72..cf10001050 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -1752,7 +1752,9 @@ void QSslSocketBackendPrivate::_q_caRootLoaded(QSslCertificate cert, QSslCertifi
if (!trustedRoot.isNull() && !trustedRoot.isBlacklisted()) {
if (s_loadRootCertsOnDemand) {
//Add the new root cert to default cert list for use by future sockets
- QSslSocket::addDefaultCaCertificate(trustedRoot);
+ auto defaultConfig = QSslConfiguration::defaultConfiguration();
+ defaultConfig.addCaCertificate(trustedRoot);
+ QSslConfiguration::setDefaultConfiguration(defaultConfig);
}
//Add the new root cert to this socket for future connections
if (!configuration.caCertificates.contains(trustedRoot))
diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
index 329e3e367d..ee2b05aada 100644
--- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
+++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
@@ -32,6 +32,7 @@
#include <qsslkey.h>
#include <qsslsocket.h>
#include <qsslcertificateextension.h>
+#include <qscopeguard.h>
#ifndef QT_NO_OPENSSL
#include <openssl/obj_mac.h>
@@ -1000,11 +1001,15 @@ void tst_QSslCertificate::verify()
// Verify a valid cert signed by a CA
QList<QSslCertificate> caCerts = QSslCertificate::fromPath(testDataDir + "verify-certs/cacert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
-
-QT_WARNING_PUSH
-QT_WARNING_DISABLE_DEPRECATED
- QSslSocket::addDefaultCaCertificate(caCerts.first());
-QT_WARNING_POP
+ // For the purpose of this test only, add (and then remove) the
+ // specific CA certificate.
+ const auto defaultConfig = QSslConfiguration::defaultConfiguration();
+ auto temporaryDefault = defaultConfig;
+ temporaryDefault.addCaCertificate(caCerts.first());
+ QSslConfiguration::setDefaultConfiguration(temporaryDefault);
+ const auto confGuard = qScopeGuard([&defaultConfig](){
+ QSslConfiguration::setDefaultConfiguration(defaultConfig);
+ });
toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-ocsp-good-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
diff --git a/tests/benchmarks/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/benchmarks/network/ssl/qsslsocket/tst_qsslsocket.cpp
index afd0c720a2..d44556db58 100644
--- a/tests/benchmarks/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/benchmarks/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -92,7 +92,7 @@ void tst_QSslSocket::systemCaCertificates()
// Therefore this benchmark is only good for manual regression checking between
// Qt versions.
QBENCHMARK_ONCE {
- QList<QSslCertificate> list = QSslSocket::systemCaCertificates();
+ QList<QSslCertificate> list = QSslConfiguration::defaultConfiguration().systemCaCertificates();
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-09 13:47:18 +0000