From 5c3a499c9ffbf2d4872dd6a6916b3a3a9a7d9cdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jeremy=20Lain=C3=A9?= Date: Sat, 30 Aug 2014 16:39:29 +0200 Subject: ssl: disable (broken) i/o on DER encoded keys QSslKey currently has methods which supposedly allow decoding and encoding private keys as DER protected by a passphrase. This is broken by design as explained in QTBUG-41038, as storing the encrypted DER data alone makes no sense: such a file lacks the necessary information about the encryption algorithm and initialization vector. This change: - explicitly stops using the passphrase when decoding DER in the constructor. The behavior is unchanged, it is not possible to read the encrypted DER alone. - refuses to honor the passphrase to DER encode a private key. The toDer method now outputs an empty QByteArray instead of garbage. Task-number: QTBUG-41038 Change-Id: I4281050cf1104f12d154db201a173633bfe22bd9 Reviewed-by: Richard J. Moore --- src/network/ssl/qsslcertificate_qt.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/network/ssl/qsslcertificate_qt.cpp') diff --git a/src/network/ssl/qsslcertificate_qt.cpp b/src/network/ssl/qsslcertificate_qt.cpp index 26c9c5e64e..391ee6f7f9 100644 --- a/src/network/ssl/qsslcertificate_qt.cpp +++ b/src/network/ssl/qsslcertificate_qt.cpp @@ -143,7 +143,7 @@ QSslKey QSslCertificate::publicKey() const key.d->type = QSsl::PublicKey; if (d->publicKeyAlgorithm != QSsl::Opaque) { key.d->algorithm = d->publicKeyAlgorithm; - key.d->decodeDer(d->publicKeyDerData, QByteArray()); + key.d->decodeDer(d->publicKeyDerData); } return key; } -- cgit v1.2.3