diff options
Diffstat (limited to 'src/network/ssl/qsslconfiguration.cpp')
| -rw-r--r-- | src/network/ssl/qsslconfiguration.cpp | 89 |
1 files changed, 74 insertions, 15 deletions
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index 7e92d3a526..738c8d4ac5 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -54,7 +54,6 @@ const QSsl::SslOptions QSslConfigurationPrivate::defaultSslOptions = QSsl::SslOp |QSsl::SslOptionDisableSessionPersistence; const char QSslConfiguration::ALPNProtocolHTTP2[] = "h2"; -const char QSslConfiguration::NextProtocolSpdy3_0[] = "spdy/3"; const char QSslConfiguration::NextProtocolHttp1_1[] = "http/1.1"; /*! @@ -134,12 +133,6 @@ const char QSslConfiguration::NextProtocolHttp1_1[] = "http/1.1"; */ /*! - \variable QSslConfiguration::NextProtocolSpdy3_0 - \brief The value used for negotiating SPDY 3.0 during the Next - Protocol Negotiation. -*/ - -/*! \variable QSslConfiguration::NextProtocolHttp1_1 \brief The value used for negotiating HTTP 1.1 during the Next Protocol Negotiation. @@ -631,11 +624,10 @@ QList<QSslCipher> QSslConfiguration::supportedCiphers() Returns this connection's CA certificate database. The CA certificate database is used by the socket during the handshake phase to validate the peer's certificate. It can be modified prior to the - handshake with setCaCertificates(), or with \l{QSslSocket}'s - \l{QSslSocket::}{addCaCertificate()} and - \l{QSslSocket::}{addCaCertificates()}. + handshake with setCaCertificates(), or with addCaCertificate() and + addCaCertificates(). - \sa setCaCertificates() + \sa setCaCertificates(), addCaCertificate(), addCaCertificates() */ QList<QSslCertificate> QSslConfiguration::caCertificates() const { @@ -652,7 +644,7 @@ QList<QSslCertificate> QSslConfiguration::caCertificates() const that is not available (as is commonly the case on iOS), the default database is empty. - \sa caCertificates() + \sa caCertificates(), addCaCertificates(), addCaCertificate() */ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certificates) { @@ -661,6 +653,72 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific } /*! + Searches all files in the \a path for certificates encoded in the + specified \a format and adds them to this socket's CA certificate + database. \a path must be a file or a pattern matching one or more + files, as specified by \a syntax. Returns \c true if one or more + certificates are added to the socket's CA certificate database; + otherwise returns \c false. + + The CA certificate database is used by the socket during the + handshake phase to validate the peer's certificate. + + For more precise control, use addCaCertificate(). + + \sa addCaCertificate(), QSslCertificate::fromPath() +*/ +bool QSslConfiguration::addCaCertificates(const QString &path, QSsl::EncodingFormat format, + QRegExp::PatternSyntax syntax) +{ + QList<QSslCertificate> certs = QSslCertificate::fromPath(path, format, syntax); + if (certs.isEmpty()) + return false; + + d->caCertificates += certs; + return true; +} + +/*! + \since 5.15 + + Adds \a certificate to this configuration's CA certificate database. + The certificate database must be set prior to the SSL handshake. + The CA certificate database is used by the socket during the + handshake phase to validate the peer's certificate. + + \note The default configuration uses the system CA certificate database. If + that is not available (as is commonly the case on iOS), the default database + is empty. + + \sa caCertificates(), setCaCertificates(), addCaCertificates() +*/ +void QSslConfiguration::addCaCertificate(const QSslCertificate &certificate) +{ + d->caCertificates += certificate; + d->allowRootCertOnDemandLoading = false; +} + +/*! + \since 5.15 + + Adds \a certificates to this configuration's CA certificate database. + The certificate database must be set prior to the SSL handshake. + The CA certificate database is used by the socket during the + handshake phase to validate the peer's certificate. + + \note The default configuration uses the system CA certificate database. If + that is not available (as is commonly the case on iOS), the default database + is empty. + + \sa caCertificates(), setCaCertificates(), addCaCertificate() +*/ +void QSslConfiguration::addCaCertificates(const QList<QSslCertificate> &certificates) +{ + d->caCertificates += certificates; + d->allowRootCertOnDemandLoading = false; +} + +/*! \since 5.5 This function provides the CA certificate database @@ -668,7 +726,8 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific returned by this function is used to initialize the database returned by caCertificates() on the default QSslConfiguration. - \sa caCertificates(), setCaCertificates(), defaultConfiguration() + \sa caCertificates(), setCaCertificates(), defaultConfiguration(), + addCaCertificate(), addCaCertificates() */ QList<QSslCertificate> QSslConfiguration::systemCaCertificates() { @@ -967,7 +1026,7 @@ QByteArray QSslConfiguration::nextNegotiatedProtocol() const Whether or not the negotiation succeeded can be queried through nextProtocolNegotiationStatus(). - \sa nextNegotiatedProtocol(), nextProtocolNegotiationStatus(), allowedNextProtocols(), QSslConfiguration::NextProtocolSpdy3_0, QSslConfiguration::NextProtocolHttp1_1 + \sa nextNegotiatedProtocol(), nextProtocolNegotiationStatus(), allowedNextProtocols(), QSslConfiguration::NextProtocolHttp1_1 */ #if QT_VERSION >= QT_VERSION_CHECK(6,0,0) void QSslConfiguration::setAllowedNextProtocols(const QList<QByteArray> &protocols) @@ -985,7 +1044,7 @@ void QSslConfiguration::setAllowedNextProtocols(QList<QByteArray> protocols) server through the Next Protocol Negotiation (NPN) or Application-Layer Protocol Negotiation (ALPN) TLS extension, as set by setAllowedNextProtocols(). - \sa nextNegotiatedProtocol(), nextProtocolNegotiationStatus(), setAllowedNextProtocols(), QSslConfiguration::NextProtocolSpdy3_0, QSslConfiguration::NextProtocolHttp1_1 + \sa nextNegotiatedProtocol(), nextProtocolNegotiationStatus(), setAllowedNextProtocols(), QSslConfiguration::NextProtocolHttp1_1 */ QList<QByteArray> QSslConfiguration::allowedNextProtocols() const { |