diff options
Diffstat (limited to 'src/network/ssl')
| -rw-r--r-- | src/network/ssl/qsslkey_qt.cpp | 2 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_mac.cpp | 15 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_winrt.cpp | 8 |
3 files changed, 17 insertions, 8 deletions
diff --git a/src/network/ssl/qsslkey_qt.cpp b/src/network/ssl/qsslkey_qt.cpp index 817317f303..a85fed21ed 100644 --- a/src/network/ssl/qsslkey_qt.cpp +++ b/src/network/ssl/qsslkey_qt.cpp @@ -95,7 +95,7 @@ static OidLengthMap createOidMap() oids.insert(oids.cend(), QByteArrayLiteral("1.3.132.0.8"), 160); // secp160r1 oids.insert(oids.cend(), QByteArrayLiteral("1.3.132.0.9"), 160); // secp160k1 oids.insert(oids.cend(), QByteArrayLiteral("1.3.36.3.3.2.8.1.1.11"), 384); // brainpoolP384r1 - oids.insert(oids.cend(), QByteArrayLiteral("1.3.36.3.3.2.8.1.1.13"), 521); // brainpoolP512r1 + oids.insert(oids.cend(), QByteArrayLiteral("1.3.36.3.3.2.8.1.1.13"), 512); // brainpoolP512r1 oids.insert(oids.cend(), QByteArrayLiteral("1.3.36.3.3.2.8.1.1.7"), 256); // brainpoolP256r1 return oids; } diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 5c2bd55198..046b432252 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -47,6 +47,7 @@ #include "qsslkey_p.h" #include <QtCore/qmessageauthenticationcode.h> +#include <QtCore/qoperatingsystemversion.h> #include <QtCore/qcryptographichash.h> #include <QtCore/qsystemdetection.h> #include <QtCore/qdatastream.h> @@ -1307,13 +1308,17 @@ bool QSslSocketBackendPrivate::verifyPeerTrust() // actual system CA certificate list (which most use-cases need) other than // by letting SecTrustEvaluate fall through to the system list; so, in this case // (even though the client code may have provided its own certs), we retain - // the default behavior. + // the default behavior. Note, with macOS SDK below 10.12 using 'trust my + // anchors only' may result in some valid chains rejected, apparently the + // ones containing intermediated certificates; so we use this functionality + // on more recent versions only. + + bool anchorsFromConfigurationOnly = false; #ifdef Q_OS_MACOS - const bool anchorsFromConfigurationOnly = true; -#else - const bool anchorsFromConfigurationOnly = false; -#endif + if (QOperatingSystemVersion::current() >= QOperatingSystemVersion::MacOSSierra) + anchorsFromConfigurationOnly = true; +#endif // Q_OS_MACOS SecTrustSetAnchorCertificatesOnly(trust, anchorsFromConfigurationOnly); diff --git a/src/network/ssl/qsslsocket_winrt.cpp b/src/network/ssl/qsslsocket_winrt.cpp index 6c5a09962b..f64ae2e020 100644 --- a/src/network/ssl/qsslsocket_winrt.cpp +++ b/src/network/ssl/qsslsocket_winrt.cpp @@ -47,6 +47,7 @@ #include <QtCore/QSysInfo> #include <QtCore/qfunctions_winrt.h> #include <private/qnativesocketengine_winrt_p.h> +#include <private/qeventdispatcher_winrt_p.h> #include <windows.networking.h> #include <windows.networking.sockets.h> @@ -443,8 +444,11 @@ void QSslSocketBackendPrivate::continueHandshake() return; } - hr = op->put_Completed(Callback<IAsyncActionCompletedHandler>( - this, &QSslSocketBackendPrivate::onSslUpgrade).Get()); + hr = QEventDispatcherWinRT::runOnXamlThread([this, op]() { + HRESULT hr = op->put_Completed(Callback<IAsyncActionCompletedHandler>( + this, &QSslSocketBackendPrivate::onSslUpgrade).Get()); + return hr; + }); Q_ASSERT_SUCCEEDED(hr); } |