diff options
Diffstat (limited to 'src/network/ssl')
| -rw-r--r-- | src/network/ssl/qsslconfiguration.cpp | 3 | ||||
| -rw-r--r-- | src/network/ssl/qsslconfiguration_p.h | 2 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket.cpp | 15 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_p.h | 2 |
4 files changed, 21 insertions, 1 deletions
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index 46aa1a1eb5..0ae67b3c1f 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -181,6 +181,7 @@ bool QSslConfiguration::operator==(const QSslConfiguration &other) const d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && + d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions; } @@ -208,6 +209,7 @@ bool QSslConfiguration::isNull() const return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && + d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && @@ -519,6 +521,7 @@ QList<QSslCertificate> QSslConfiguration::caCertificates() const void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certificates) { d->caCertificates = certificates; + d->allowRootCertOnDemandLoading = false; } /*! diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h index 841641d6aa..3e6e43361d 100644 --- a/src/network/ssl/qsslconfiguration_p.h +++ b/src/network/ssl/qsslconfiguration_p.h @@ -83,6 +83,7 @@ public: : protocol(QSsl::SecureProtocols), peerVerifyMode(QSslSocket::AutoVerifyPeer), peerVerifyDepth(0), + allowRootCertOnDemandLoading(true), sslOptions(QSslConfigurationPrivate::defaultSslOptions) { } @@ -98,6 +99,7 @@ public: QSsl::SslProtocol protocol; QSslSocket::PeerVerifyMode peerVerifyMode; int peerVerifyDepth; + bool allowRootCertOnDemandLoading; QSsl::SslOptions sslOptions; diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 87ea975bec..cfc3c19bba 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -903,7 +903,12 @@ void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration) d->configuration.peerVerifyMode = configuration.peerVerifyMode(); d->configuration.protocol = configuration.protocol(); d->configuration.sslOptions = configuration.d->sslOptions; - d->allowRootCertOnDemandLoading = false; + + // if the CA certificates were set explicitly (either via + // QSslConfiguration::setCaCertificates() or QSslSocket::setCaCertificates(), + // we cannot load the certificates on demand + if (!configuration.d->allowRootCertOnDemandLoading) + d->allowRootCertOnDemandLoading = false; } /*! @@ -2381,6 +2386,14 @@ QByteArray QSslSocketPrivate::peek(qint64 maxSize) /*! \internal */ +bool QSslSocketPrivate::rootCertOnDemandLoadingSupported() +{ + return s_loadRootCertsOnDemand; +} + +/*! + \internal +*/ QList<QByteArray> QSslSocketPrivate::unixRootCertDirectories() { return QList<QByteArray>() << "/etc/ssl/certs/" // (K)ubuntu, OpenSUSE, Mandriva, MeeGo ... diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h index 3dc80ea22a..851dec5840 100644 --- a/src/network/ssl/qsslsocket_p.h +++ b/src/network/ssl/qsslsocket_p.h @@ -182,6 +182,8 @@ public: virtual QSslCipher sessionCipher() const = 0; virtual void continueHandshake() = 0; + Q_AUTOTEST_EXPORT static bool rootCertOnDemandLoadingSupported(); + private: static bool ensureLibraryLoaded(); static void ensureCiphersAndCertsLoaded(); |