diff options
Diffstat (limited to 'src/plugins/tls/openssl/qwindowscarootfetcher_p.h')
-rw-r--r-- | src/plugins/tls/openssl/qwindowscarootfetcher_p.h | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/src/plugins/tls/openssl/qwindowscarootfetcher_p.h b/src/plugins/tls/openssl/qwindowscarootfetcher_p.h new file mode 100644 index 0000000000..715fd19945 --- /dev/null +++ b/src/plugins/tls/openssl/qwindowscarootfetcher_p.h @@ -0,0 +1,59 @@ +// Copyright (C) 2021 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only + +#ifndef QWINDOWSCAROOTFETCHER_P_H +#define QWINDOWSCAROOTFETCHER_P_H + +#include <QtNetwork/private/qtnetworkglobal_p.h> + +#include <QtNetwork/qsslcertificate.h> +#include <QtNetwork/qsslsocket.h> + +#include <QtCore/QtGlobal> +#include <QtCore/QObject> + +#include "../shared/qwincrypt_p.h" + +// +// W A R N I N G +// ------------- +// +// This file is not part of the Qt API. It exists purely as an +// implementation detail. This header file may change from version to +// version without notice, or even be removed. +// +// We mean it. +// + +QT_BEGIN_NAMESPACE + +class QWindowsCaRootFetcher : public QObject +{ + Q_OBJECT +public: + QWindowsCaRootFetcher(const QSslCertificate &certificate, QSslSocket::SslMode sslMode, + const QList<QSslCertificate> &caCertificates = {}, + const QString &hostName = {}); + ~QWindowsCaRootFetcher(); +public slots: + void start(); +signals: + void finished(QSslCertificate brokenChain, QSslCertificate caroot); +private: + QHCertStorePointer createAdditionalStore() const; + + QSslCertificate cert; + QSslSocket::SslMode mode; + // In case the application set CA certificates in the configuration, + // in the past we did not load missing certs. But this disables + // recoverable case when a certificate has Authority Information Access + // extension. So we try to fetch in this scenario also, but in case + // explicitly trusted root was not in a system store, we'll do + // additional checks, thus we need 'peerVerifyName': + QList<QSslCertificate> explicitlyTrustedCAs; + QString peerVerifyName; +}; + +QT_END_NAMESPACE + +#endif // QWINDOWSCAROOTFETCHER_P_H |