diff options
Diffstat (limited to 'src/network/ssl/qsslsocket_openssl.cpp')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 39d011d684..7a237ee7db 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -2319,10 +2319,16 @@ QList<QSslCertificate> QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> &certificateChain, const QString &hostName) { + auto roots = QSslConfiguration::defaultConfiguration().caCertificates(); +#ifndef Q_OS_WIN + // On Windows, system CA certificates are already set as default ones. + // No need to add them again (and again) and also, if the default configuration + // has its own set of CAs, this probably should not be amended by the ones + // from the 'ROOT' store, since it's not what an application chose to trust. if (s_loadRootCertsOnDemand) - setDefaultCaCertificates(defaultCaCertificates() + systemCaCertificates()); - - return verify(QSslConfiguration::defaultConfiguration().caCertificates(), certificateChain, hostName); + roots.append(systemCaCertificates()); +#endif // Q_OS_WIN + return verify(roots, certificateChain, hostName); } QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> &caCertificates, |