From af1544bda242d02690bd092f1d1ed7ca57659529 Mon Sep 17 00:00:00 2001
From: Lars Schmertmann <Lars.Schmertmann@governikus.de>
Date: Mon, 13 Jul 2020 12:43:44 +0200
Subject: Mark QSslError(SslError error) as explicit

Currently it is possible to compare a QSslError with a
QSslError::SslError because QSslError has an implicit
constructor. But the comparison often fails because
a QSslError received from the system contains a
certificate.

[ChangeLog][QtNetwork][QSslError] The constructor
QSslError(QSslError::SslError error) is now explicit.

Change-Id: I36cc5895245d3b43ab4b8d65a9635893d6b0e6a4
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
---
 src/network/ssl/qsslerror.h            |  2 +-
 src/network/ssl/qsslsocket_openssl.cpp | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/network/ssl/qsslerror.h b/src/network/ssl/qsslerror.h
index 6c4dabde96..f135dd10b7 100644
--- a/src/network/ssl/qsslerror.h
+++ b/src/network/ssl/qsslerror.h
@@ -100,7 +100,7 @@ public:
     // RVCT compiler in debug build does not like about default values in const-
     // So as an workaround we define all constructor overloads here explicitly
     QSslError();
-    QSslError(SslError error);
+    explicit QSslError(SslError error);
     QSslError(SslError error, const QSslCertificate &certificate);
 
     QSslError(const QSslError &other);
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 99b7a77b4d..f421df875c 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -468,7 +468,7 @@ QSslErrorEntry QSslErrorEntry::fromStoreContext(X509_STORE_CTX *ctx)
 
 #if QT_CONFIG(ocsp)
 
-QSslError qt_OCSP_response_status_to_QSslError(long code)
+QSslError::SslError qt_OCSP_response_status_to_SslError(long code)
 {
     switch (code) {
     case OCSP_RESPONSE_STATUS_MALFORMEDREQUEST:
@@ -1827,7 +1827,7 @@ bool QSslSocketBackendPrivate::checkOcspStatus()
     const unsigned char *responseData = nullptr;
     const long responseLength = q_SSL_get_tlsext_status_ocsp_resp(ssl, &responseData);
     if (responseLength <= 0 || !responseData) {
-        ocspErrors.push_back(QSslError::OcspNoResponseFound);
+        ocspErrors.push_back(QSslError(QSslError::OcspNoResponseFound));
         return false;
     }
 
@@ -1842,7 +1842,7 @@ bool QSslSocketBackendPrivate::checkOcspStatus()
     const int ocspStatus = q_OCSP_response_status(response);
     if (ocspStatus != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
         // It's not a definitive response, it's an error message (not signed by the responder).
-        ocspErrors.push_back(qt_OCSP_response_status_to_QSslError(ocspStatus));
+        ocspErrors.push_back(QSslError(qt_OCSP_response_status_to_SslError(ocspStatus)));
         return false;
     }
 
@@ -1884,10 +1884,10 @@ bool QSslSocketBackendPrivate::checkOcspStatus()
     const unsigned long verificationFlags = 0;
     const int success = q_OCSP_basic_verify(basicResponse, peerChain, store, verificationFlags);
     if (success <= 0)
-        ocspErrors.push_back(QSslError::OcspResponseCannotBeTrusted);
+        ocspErrors.push_back(QSslError(QSslError::OcspResponseCannotBeTrusted));
 
     if (q_OCSP_resp_count(basicResponse) != 1) {
-        ocspErrors.push_back(QSslError::OcspMalformedResponse);
+        ocspErrors.push_back(QSslError(QSslError::OcspMalformedResponse));
         return false;
     }
 
-- 
cgit v1.2.3