From 7c8131763de9e70ca56f16635716e7e00559b5d1 Mon Sep 17 00:00:00 2001
From: "Richard J. Moore" <rich@kde.org>
Date: Sun, 12 Jan 2014 16:59:27 +0000
Subject: Prevent spurious SSL errors from local certificates.

Qt since approximately 4.4 has set the verify callback on both the SSL
store and the SSL context. Only the latter is actually needed. This is
normally not a problem, but openssl prior to 1.0.2 uses the verify
code to find the intermediate certificates for any local certificate
that has been set which can lead to verification errors for the local
certificate to be emitted.

Task-number: QTBUG-33228
Task-number: QTBUG-7200
Task-number: QTBUG-24234
Change-Id: Ie4115e7f7faa1267ea9b807c01b1ed6604c4a16c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
 src/network/ssl/qsslcontext.cpp                      | 3 ---
 tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/src/network/ssl/qsslcontext.cpp b/src/network/ssl/qsslcontext.cpp
index 037ee8c672..adf42fb79a 100644
--- a/src/network/ssl/qsslcontext.cpp
+++ b/src/network/ssl/qsslcontext.cpp
@@ -189,9 +189,6 @@ init_context:
             q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDirs.at(a).constData());
     }
 
-    // Register a custom callback to get all verification errors.
-    X509_STORE_set_verify_cb_func(sslContext->ctx->cert_store, q_X509Callback);
-
     if (!sslContext->sslConfiguration.localCertificate().isNull()) {
         // Require a private key as well.
         if (sslContext->sslConfiguration.privateKey().isNull()) {
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index a15daf660a..d19e08178a 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -1924,9 +1924,6 @@ void tst_QSslSocket::verifyMode()
     loop.exec();
 
     QVERIFY(clientSocket.isEncrypted());
-#if (defined(UBUNTU_ONEIRIC) && defined(__x86_64__)) || defined(Q_OS_WIN) || defined(Q_OS_MAC)
-    QEXPECT_FAIL("", "QTBUG-24234", Abort);
-#endif
     QVERIFY(server.socket->sslErrors().isEmpty());
 }
 
-- 
cgit v1.2.3