3 files changed, 30 insertions, 14 deletions

diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index 0710001198..ea92485b6e 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -62,11 +62,10 @@
     a DER (binary) or PEM (Base64) encoded bundle, typically stored as
     one or more local files, or in a Qt Resource.
 
-    You can call isNull() to check if your certificate is null. By
-    default, QSslCertificate constructs a null certificate. To check
-    if the certificate is valid, call isValid(). A null certificate is
-    invalid, but an invalid certificate is not necessarily null. If
-    you want to reset all contents in a certificate, call clear().
+    You can call isNull() to check if your certificate is null. By default,
+    QSslCertificate constructs a null certificate. A null certificate is
+    invalid, but an invalid certificate is not necessarily null. If you want
+    to reset all contents in a certificate, call clear().
 
     After loading a certificate, you can find information about the
     certificate, its subject, and its issuer, by calling one of the
@@ -212,14 +211,17 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const
 
     By default, QSslCertificate constructs a null certificate.
 
-    \sa isValid(), clear()
+    \sa clear()
 */
 bool QSslCertificate::isNull() const
 {
     return d->null;
 }
 
+#if QT_DEPRECATED_SINCE(5,0)
 /*!
+    \fn bool QSslCertificate::isValid() const
+
     Returns true if this certificate is valid; otherwise returns
     false.
 
@@ -230,12 +232,17 @@ bool QSslCertificate::isNull() const
 
     \sa isNull()
 */
-bool QSslCertificate::isValid() const
+#endif
+
+/*!
+    Returns true if this certificate is blacklisted; otherwise
+    returns false.
+
+    \sa isNull()
+*/
+bool QSslCertificate::isBlacklisted() const
 {
-    const QDateTime currentTime = QDateTime::currentDateTime();
-    return currentTime >= d->notValidBefore &&
-            currentTime <= d->notValidAfter &&
-            ! QSslCertificatePrivate::isBlacklisted(*this);
+    return QSslCertificatePrivate::isBlacklisted(*this);
 }
 
 /*!
diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h
index 07a8df308c..711ee055e2 100644
--- a/src/network/ssl/qsslcertificate.h
+++ b/src/network/ssl/qsslcertificate.h
@@ -46,6 +46,7 @@
 #include <QtCore/qnamespace.h>
 #include <QtCore/qbytearray.h>
 #include <QtCore/qcryptographichash.h>
+#include <QtCore/qdatetime.h>
 #include <QtCore/qregexp.h>
 #include <QtCore/qsharedpointer.h>
 #include <QtCore/qmap.h>
@@ -94,7 +95,15 @@ public:
     inline bool operator!=(const QSslCertificate &other) const { return !operator==(other); }
 
     bool isNull() const;
-    bool isValid() const;
+#if QT_DEPRECATED_SINCE(5,0)
+    QT_DEPRECATED inline bool isValid() const {
+        const QDateTime currentTime = QDateTime::currentDateTime();
+        return currentTime >= effectiveDate() &&
+               currentTime <= expiryDate() &&
+               !isBlacklisted();
+    }
+#endif
+    bool isBlacklisted() const;
     void clear();
 
     // Certificate info
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 2175f7f78f..9cb7066803 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -336,7 +336,7 @@ init_context:
     foreach (const QSslCertificate &caCertificate, q->caCertificates()) {
         // add expired certs later, so that the
         // valid ones are used before the expired ones
-        if (! caCertificate.isValid()) {
+        if (caCertificate.expiryDate() > QDateTime::currentDateTime()) {
             expiredCerts.append(caCertificate);
         } else {
             q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle()));
@@ -1533,7 +1533,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(QList<QSslCertificate> certifi
     foreach (const QSslCertificate &caCertificate, QSslSocket::defaultCaCertificates()) {
         // add expired certs later, so that the
         // valid ones are used before the expired ones
-        if (!caCertificate.isValid()) {
+        if (caCertificate.expiryDate() > QDateTime::currentDateTime()) {
             expiredCerts.append(caCertificate);
         } else {
             q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle()));