From eaa18f306341818165c2ee4fc22750da04d5e45e Mon Sep 17 00:00:00 2001 From: Peter Hartmann Date: Wed, 13 Feb 2013 11:59:38 +0100 Subject: SSL docs: Be more explicit about the threats of ignoring SSL errors ... because almost everybody gets it wrong almost every time. Change-Id: I54938ef094323ba8de02186b585b11b9579f3ca4 Reviewed-by: Richard J. Moore --- src/network/access/qnetworkreply.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'src/network/access') diff --git a/src/network/access/qnetworkreply.cpp b/src/network/access/qnetworkreply.cpp index 669725b016..fd3b7760cb 100644 --- a/src/network/access/qnetworkreply.cpp +++ b/src/network/access/qnetworkreply.cpp @@ -680,8 +680,13 @@ void QNetworkReply::ignoreSslErrorsImplementation(const QList &) connection will be ignored, including certificate validation errors. - Note that calling this function without restraint may pose a - security risk for your application. Use it with care. + \warning Be sure to always let the user inspect the errors + reported by the sslErrors() signal, and only call this method + upon confirmation from the user that proceeding is ok. + If there are unexpected errors, the reply should be aborted. + Calling this method without inspecting the actual errors will + most likely pose a security risk for your application. Use it + with great care! This function can be called from the slot connected to the sslErrors() signal, which indicates which errors were -- cgit v1.2.3