1 files changed, 60 insertions, 14 deletions

diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index f0c3f40a28..a8bf8f83b8 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -267,7 +267,7 @@
 
 /*!
     \fn void QSslSocket::sslErrors(const QList<QSslError> &errors);
-    
+
     QSslSocket emits this signal after the SSL handshake to indicate that one
     or more errors have occurred while establishing the identity of the
     peer. The errors are usually an indication that QSslSocket is unable to
@@ -281,7 +281,7 @@
 
     \a errors contains one or more errors that prevent QSslSocket from
     verifying the identity of the peer.
-    
+
     Note: You cannot use Qt::QueuedConnection when connecting to this signal,
     or calling QSslSocket::ignoreSslErrors() will have no effect.
 
@@ -436,7 +436,7 @@ void QSslSocket::connectToHostEncrypted(const QString &hostName, quint16 port, O
     \overload
 
     In addition to the original behaviour of connectToHostEncrypted,
-    this overloaded method enables the usage of a different hostname 
+    this overloaded method enables the usage of a different hostname
     (\a sslPeerName) for the certificate validation instead of
     the one used for the TCP connection (\a hostName).
 
@@ -827,7 +827,7 @@ bool QSslSocket::flush()
 /*!
     \since 4.4
 
-    Sets the size of QSslSocket's internal read buffer to be \a size bytes. 
+    Sets the size of QSslSocket's internal read buffer to be \a size bytes.
 */
 void QSslSocket::setReadBufferSize(qint64 size)
 {
@@ -895,7 +895,7 @@ QSslConfiguration QSslSocket::sslConfiguration() const
 void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration)
 {
     Q_D(QSslSocket);
-    d->configuration.localCertificate = configuration.localCertificate();
+    d->configuration.localCertificateChain = configuration.localCertificateChain();
     d->configuration.privateKey = configuration.privateKey();
     d->configuration.ciphers = configuration.ciphers();
     d->configuration.caCertificates = configuration.caCertificates();
@@ -912,6 +912,32 @@ void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration)
 }
 
 /*!
+    Sets the certificate chain to be presented to the peer during the
+    SSL handshake to be \a localChain.
+
+    \sa QSslConfiguration::setLocalCertificateChain()
+    \since 5.1
+ */
+void QSslSocket::setLocalCertificateChain(const QList<QSslCertificate> &localChain)
+{
+    Q_D(QSslSocket);
+    d->configuration.localCertificateChain = localChain;
+}
+
+/*!
+    Returns the socket's local \l {QSslCertificate} {certificate} chain,
+    or an empty list if no local certificates have been assigned.
+
+    \sa setLocalCertificateChain()
+    \since 5.1
+*/
+QList<QSslCertificate> QSslSocket::localCertificateChain() const
+{
+    Q_D(const QSslSocket);
+    return d->configuration.localCertificateChain;
+}
+
+/*!
     Sets the socket's local certificate to \a certificate. The local
     certificate is necessary if you need to confirm your identity to the
     peer. It is used together with the private key; if you set the local
@@ -926,23 +952,24 @@ void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration)
 void QSslSocket::setLocalCertificate(const QSslCertificate &certificate)
 {
     Q_D(QSslSocket);
-    d->configuration.localCertificate = certificate;
+    d->configuration.localCertificateChain = QList<QSslCertificate>();
+    d->configuration.localCertificateChain += certificate;
 }
 
 /*!
     \overload
 
     Sets the socket's local \l {QSslCertificate} {certificate} to the
-    first one found in file \a path, which is parsed according to the 
+    first one found in file \a path, which is parsed according to the
     specified \a format.
 */
 void QSslSocket::setLocalCertificate(const QString &path,
                                      QSsl::EncodingFormat format)
 {
-    Q_D(QSslSocket);
     QFile file(path);
     if (file.open(QIODevice::ReadOnly | QIODevice::Text))
-        d->configuration.localCertificate = QSslCertificate(file.readAll(), format);
+        setLocalCertificate(QSslCertificate(file.readAll(), format));
+
 }
 
 /*!
@@ -954,14 +981,16 @@ void QSslSocket::setLocalCertificate(const QString &path,
 QSslCertificate QSslSocket::localCertificate() const
 {
     Q_D(const QSslSocket);
-    return d->configuration.localCertificate;
+    if (d->configuration.localCertificateChain.isEmpty())
+        return QSslCertificate();
+    return d->configuration.localCertificateChain[0];
 }
 
 /*!
     Returns the peer's digital certificate (i.e., the immediate
     certificate of the host you are connected to), or a null
     certificate, if the peer has not assigned a certificate.
-    
+
     The peer certificate is checked automatically during the
     handshake phase, so this function is normally used to fetch
     the certificate for display or for connection diagnostic
@@ -1073,7 +1102,7 @@ void QSslSocket::setPrivateKey(const QSslKey &key)
     creating an SSL server socket. If you are creating an SSL client
     socket, the key and local certificate are required if your client
     must identify itself to an SSL server.
-    
+
     \sa privateKey(), setLocalCertificate()
 */
 void QSslSocket::setPrivateKey(const QString &fileName, QSsl::KeyAlgorithm algorithm,
@@ -1681,7 +1710,7 @@ void QSslSocket::startClientEncryption()
     subclass of QTcpServer and reimplement
     QTcpServer::incomingConnection(). The returned socket descriptor
     is then passed to QSslSocket::setSocketDescriptor().
-    
+
     \sa connectToHostEncrypted(), startClientEncryption()
 */
 void QSslSocket::startServerEncryption()
@@ -2057,7 +2086,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
     ptr->ref.store(1);
     ptr->peerCertificate = global->peerCertificate;
     ptr->peerCertificateChain = global->peerCertificateChain;
-    ptr->localCertificate = global->localCertificate;
+    ptr->localCertificateChain = global->localCertificateChain;
     ptr->privateKey = global->privateKey;
     ptr->sessionCipher = global->sessionCipher;
     ptr->ciphers = global->ciphers;
@@ -2410,6 +2439,23 @@ QList<QByteArray> QSslSocketPrivate::unixRootCertDirectories()
                                << "/opt/openssl/certs/"; // HP-UX
 }
 
+/*!
+    \internal
+*/
+void QSslSocketPrivate::checkSettingSslContext(QSslSocket* socket, QSharedPointer<QSslContext> sslContext)
+{
+    if (socket->d_func()->sslContextPointer.isNull())
+        socket->d_func()->sslContextPointer = sslContext;
+}
+
+/*!
+    \internal
+*/
+QSharedPointer<QSslContext> QSslSocketPrivate::sslContext(QSslSocket *socket)
+{
+    return (socket) ? socket->d_func()->sslContextPointer : QSharedPointer<QSslContext>();
+}
+
 QT_END_NAMESPACE
 
 #include "moc_qsslsocket.cpp"