diff options
Diffstat (limited to 'src/network/ssl')
-rw-r--r-- | src/network/ssl/qsslcertificate.cpp | 29 | ||||
-rw-r--r-- | src/network/ssl/qsslcertificate.h | 11 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 4 |
3 files changed, 30 insertions, 14 deletions
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 0710001198..ea92485b6e 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -62,11 +62,10 @@ a DER (binary) or PEM (Base64) encoded bundle, typically stored as one or more local files, or in a Qt Resource. - You can call isNull() to check if your certificate is null. By - default, QSslCertificate constructs a null certificate. To check - if the certificate is valid, call isValid(). A null certificate is - invalid, but an invalid certificate is not necessarily null. If - you want to reset all contents in a certificate, call clear(). + You can call isNull() to check if your certificate is null. By default, + QSslCertificate constructs a null certificate. A null certificate is + invalid, but an invalid certificate is not necessarily null. If you want + to reset all contents in a certificate, call clear(). After loading a certificate, you can find information about the certificate, its subject, and its issuer, by calling one of the @@ -212,14 +211,17 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const By default, QSslCertificate constructs a null certificate. - \sa isValid(), clear() + \sa clear() */ bool QSslCertificate::isNull() const { return d->null; } +#if QT_DEPRECATED_SINCE(5,0) /*! + \fn bool QSslCertificate::isValid() const + Returns true if this certificate is valid; otherwise returns false. @@ -230,12 +232,17 @@ bool QSslCertificate::isNull() const \sa isNull() */ -bool QSslCertificate::isValid() const +#endif + +/*! + Returns true if this certificate is blacklisted; otherwise + returns false. + + \sa isNull() +*/ +bool QSslCertificate::isBlacklisted() const { - const QDateTime currentTime = QDateTime::currentDateTime(); - return currentTime >= d->notValidBefore && - currentTime <= d->notValidAfter && - ! QSslCertificatePrivate::isBlacklisted(*this); + return QSslCertificatePrivate::isBlacklisted(*this); } /*! diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h index 07a8df308c..711ee055e2 100644 --- a/src/network/ssl/qsslcertificate.h +++ b/src/network/ssl/qsslcertificate.h @@ -46,6 +46,7 @@ #include <QtCore/qnamespace.h> #include <QtCore/qbytearray.h> #include <QtCore/qcryptographichash.h> +#include <QtCore/qdatetime.h> #include <QtCore/qregexp.h> #include <QtCore/qsharedpointer.h> #include <QtCore/qmap.h> @@ -94,7 +95,15 @@ public: inline bool operator!=(const QSslCertificate &other) const { return !operator==(other); } bool isNull() const; - bool isValid() const; +#if QT_DEPRECATED_SINCE(5,0) + QT_DEPRECATED inline bool isValid() const { + const QDateTime currentTime = QDateTime::currentDateTime(); + return currentTime >= effectiveDate() && + currentTime <= expiryDate() && + !isBlacklisted(); + } +#endif + bool isBlacklisted() const; void clear(); // Certificate info diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 2175f7f78f..9cb7066803 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -336,7 +336,7 @@ init_context: foreach (const QSslCertificate &caCertificate, q->caCertificates()) { // add expired certs later, so that the // valid ones are used before the expired ones - if (! caCertificate.isValid()) { + if (caCertificate.expiryDate() > QDateTime::currentDateTime()) { expiredCerts.append(caCertificate); } else { q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle())); @@ -1533,7 +1533,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(QList<QSslCertificate> certifi foreach (const QSslCertificate &caCertificate, QSslSocket::defaultCaCertificates()) { // add expired certs later, so that the // valid ones are used before the expired ones - if (!caCertificate.isValid()) { + if (caCertificate.expiryDate() > QDateTime::currentDateTime()) { expiredCerts.append(caCertificate); } else { q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle())); |