diff options
Diffstat (limited to 'src/network/ssl/qsslsocket.cpp')
-rw-r--r-- | src/network/ssl/qsslsocket.cpp | 74 |
1 files changed, 60 insertions, 14 deletions
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index f0c3f40a28..a8bf8f83b8 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -267,7 +267,7 @@ /*! \fn void QSslSocket::sslErrors(const QList<QSslError> &errors); - + QSslSocket emits this signal after the SSL handshake to indicate that one or more errors have occurred while establishing the identity of the peer. The errors are usually an indication that QSslSocket is unable to @@ -281,7 +281,7 @@ \a errors contains one or more errors that prevent QSslSocket from verifying the identity of the peer. - + Note: You cannot use Qt::QueuedConnection when connecting to this signal, or calling QSslSocket::ignoreSslErrors() will have no effect. @@ -436,7 +436,7 @@ void QSslSocket::connectToHostEncrypted(const QString &hostName, quint16 port, O \overload In addition to the original behaviour of connectToHostEncrypted, - this overloaded method enables the usage of a different hostname + this overloaded method enables the usage of a different hostname (\a sslPeerName) for the certificate validation instead of the one used for the TCP connection (\a hostName). @@ -827,7 +827,7 @@ bool QSslSocket::flush() /*! \since 4.4 - Sets the size of QSslSocket's internal read buffer to be \a size bytes. + Sets the size of QSslSocket's internal read buffer to be \a size bytes. */ void QSslSocket::setReadBufferSize(qint64 size) { @@ -895,7 +895,7 @@ QSslConfiguration QSslSocket::sslConfiguration() const void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration) { Q_D(QSslSocket); - d->configuration.localCertificate = configuration.localCertificate(); + d->configuration.localCertificateChain = configuration.localCertificateChain(); d->configuration.privateKey = configuration.privateKey(); d->configuration.ciphers = configuration.ciphers(); d->configuration.caCertificates = configuration.caCertificates(); @@ -912,6 +912,32 @@ void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration) } /*! + Sets the certificate chain to be presented to the peer during the + SSL handshake to be \a localChain. + + \sa QSslConfiguration::setLocalCertificateChain() + \since 5.1 + */ +void QSslSocket::setLocalCertificateChain(const QList<QSslCertificate> &localChain) +{ + Q_D(QSslSocket); + d->configuration.localCertificateChain = localChain; +} + +/*! + Returns the socket's local \l {QSslCertificate} {certificate} chain, + or an empty list if no local certificates have been assigned. + + \sa setLocalCertificateChain() + \since 5.1 +*/ +QList<QSslCertificate> QSslSocket::localCertificateChain() const +{ + Q_D(const QSslSocket); + return d->configuration.localCertificateChain; +} + +/*! Sets the socket's local certificate to \a certificate. The local certificate is necessary if you need to confirm your identity to the peer. It is used together with the private key; if you set the local @@ -926,23 +952,24 @@ void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration) void QSslSocket::setLocalCertificate(const QSslCertificate &certificate) { Q_D(QSslSocket); - d->configuration.localCertificate = certificate; + d->configuration.localCertificateChain = QList<QSslCertificate>(); + d->configuration.localCertificateChain += certificate; } /*! \overload Sets the socket's local \l {QSslCertificate} {certificate} to the - first one found in file \a path, which is parsed according to the + first one found in file \a path, which is parsed according to the specified \a format. */ void QSslSocket::setLocalCertificate(const QString &path, QSsl::EncodingFormat format) { - Q_D(QSslSocket); QFile file(path); if (file.open(QIODevice::ReadOnly | QIODevice::Text)) - d->configuration.localCertificate = QSslCertificate(file.readAll(), format); + setLocalCertificate(QSslCertificate(file.readAll(), format)); + } /*! @@ -954,14 +981,16 @@ void QSslSocket::setLocalCertificate(const QString &path, QSslCertificate QSslSocket::localCertificate() const { Q_D(const QSslSocket); - return d->configuration.localCertificate; + if (d->configuration.localCertificateChain.isEmpty()) + return QSslCertificate(); + return d->configuration.localCertificateChain[0]; } /*! Returns the peer's digital certificate (i.e., the immediate certificate of the host you are connected to), or a null certificate, if the peer has not assigned a certificate. - + The peer certificate is checked automatically during the handshake phase, so this function is normally used to fetch the certificate for display or for connection diagnostic @@ -1073,7 +1102,7 @@ void QSslSocket::setPrivateKey(const QSslKey &key) creating an SSL server socket. If you are creating an SSL client socket, the key and local certificate are required if your client must identify itself to an SSL server. - + \sa privateKey(), setLocalCertificate() */ void QSslSocket::setPrivateKey(const QString &fileName, QSsl::KeyAlgorithm algorithm, @@ -1681,7 +1710,7 @@ void QSslSocket::startClientEncryption() subclass of QTcpServer and reimplement QTcpServer::incomingConnection(). The returned socket descriptor is then passed to QSslSocket::setSocketDescriptor(). - + \sa connectToHostEncrypted(), startClientEncryption() */ void QSslSocket::startServerEncryption() @@ -2057,7 +2086,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri ptr->ref.store(1); ptr->peerCertificate = global->peerCertificate; ptr->peerCertificateChain = global->peerCertificateChain; - ptr->localCertificate = global->localCertificate; + ptr->localCertificateChain = global->localCertificateChain; ptr->privateKey = global->privateKey; ptr->sessionCipher = global->sessionCipher; ptr->ciphers = global->ciphers; @@ -2410,6 +2439,23 @@ QList<QByteArray> QSslSocketPrivate::unixRootCertDirectories() << "/opt/openssl/certs/"; // HP-UX } +/*! + \internal +*/ +void QSslSocketPrivate::checkSettingSslContext(QSslSocket* socket, QSharedPointer<QSslContext> sslContext) +{ + if (socket->d_func()->sslContextPointer.isNull()) + socket->d_func()->sslContextPointer = sslContext; +} + +/*! + \internal +*/ +QSharedPointer<QSslContext> QSslSocketPrivate::sslContext(QSslSocket *socket) +{ + return (socket) ? socket->d_func()->sslContextPointer : QSharedPointer<QSslContext>(); +} + QT_END_NAMESPACE #include "moc_qsslsocket.cpp" |