1 files changed, 78 insertions, 6 deletions

diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index 1f9f1eb923..c94e5c7ffd 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -142,6 +142,8 @@ private slots:
     void protocolServerSide();
     void setCaCertificates();
     void setLocalCertificate();
+    void localCertificateChain();
+    void setLocalCertificateChain();
     void setPrivateKey();
     void setSocketDescriptor();
     void setSslConfiguration_data();
@@ -927,15 +929,20 @@ class SslServer : public QTcpServer
 {
     Q_OBJECT
 public:
-    SslServer(const QString &keyFile = SRCDIR "certs/fluke.key", const QString &certFile = SRCDIR "certs/fluke.cert")
+    SslServer(const QString &keyFile = SRCDIR "certs/fluke.key",
+              const QString &certFile = SRCDIR "certs/fluke.cert",
+              const QString &interFile = QString())
         : socket(0),
           protocol(QSsl::TlsV1_0),
           m_keyFile(keyFile),
-          m_certFile(certFile) { }
+          m_certFile(certFile),
+          m_interFile(interFile)
+          { }
     QSslSocket *socket;
     QSsl::SslProtocol protocol;
     QString m_keyFile;
     QString m_certFile;
+    QString m_interFile;
 
 protected:
     void incomingConnection(qintptr socketDescriptor)
@@ -950,10 +957,24 @@ protected:
         QVERIFY(!key.isNull());
         socket->setPrivateKey(key);
 
-        QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile);
-        QVERIFY(!localCert.isEmpty());
-        QVERIFY(localCert.first().handle());
-        socket->setLocalCertificate(localCert.first());
+        // If we have a cert issued directly from the CA
+        if (m_interFile.isEmpty()) {
+            QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile);
+            QVERIFY(!localCert.isEmpty());
+            QVERIFY(localCert.first().handle());
+            socket->setLocalCertificate(localCert.first());
+        }
+        else {
+            QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile);
+            QVERIFY(!localCert.isEmpty());
+            QVERIFY(localCert.first().handle());
+
+            QList<QSslCertificate> interCert = QSslCertificate::fromPath(m_interFile);
+            QVERIFY(!interCert.isEmpty());
+            QVERIFY(interCert.first().handle());
+
+            socket->setLocalCertificateChain(localCert + interCert);
+        }
 
         QVERIFY(socket->setSocketDescriptor(socketDescriptor, QAbstractSocket::ConnectedState));
         QVERIFY(!socket->peerAddress().isNull());
@@ -1100,6 +1121,55 @@ void tst_QSslSocket::setLocalCertificate()
 {
 }
 
+void tst_QSslSocket::localCertificateChain()
+{
+    if (!QSslSocket::supportsSsl())
+        return;
+
+    QSslSocket socket;
+    socket.setLocalCertificate(QLatin1String(SRCDIR "certs/fluke.cert"));
+
+    QSslConfiguration conf = socket.sslConfiguration();
+    QList<QSslCertificate> chain = conf.localCertificateChain();
+    QCOMPARE(chain.size(), 1);
+    QCOMPARE(chain[0], conf.localCertificate());
+    QCOMPARE(chain[0], socket.localCertificate());
+}
+
+void tst_QSslSocket::setLocalCertificateChain()
+{
+    if (!QSslSocket::supportsSsl())
+        return;
+
+    QFETCH_GLOBAL(bool, setProxy);
+    if (setProxy)
+        return;
+
+    SslServer server(QLatin1String(SRCDIR "certs/leaf.key"),
+                     QLatin1String(SRCDIR "certs/leaf.crt"),
+                     QLatin1String(SRCDIR "certs/inter.crt"));
+
+    QVERIFY(server.listen());
+
+    QEventLoop loop;
+    QTimer::singleShot(5000, &loop, SLOT(quit()));
+
+    socket = new QSslSocket();
+    connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit()));
+    connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), &loop, SLOT(quit()));
+    connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot()));
+
+    socket->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort());
+    loop.exec();
+
+    QList<QSslCertificate> chain = socket->peerCertificateChain();
+    QCOMPARE(chain.size(), 2);
+    QCOMPARE(chain[0].serialNumber(), QByteArray("10:a0:ad:77:58:f6:6e:ae:46:93:a3:43:f9:59:8a:9e"));
+    QCOMPARE(chain[1].serialNumber(), QByteArray("3b:eb:99:c5:ea:d8:0b:5d:0b:97:5d:4f:06:75:4b:e1"));
+
+    socket->deleteLater();
+}
+
 void tst_QSslSocket::setPrivateKey()
 {
 }
@@ -1533,6 +1603,8 @@ public slots:
 
 void tst_QSslSocket::setReadBufferSize_task_250027()
 {
+    QSKIP("QTBUG-29730 - flakey test blocking integration");
+
     // do not execute this when a proxy is set.
     QFETCH_GLOBAL(bool, setProxy);
     if (setProxy)