From 75b2a4960b753766ea2eec4dbd34c67733ca8089 Mon Sep 17 00:00:00 2001
From: Richard Moore <rich@kde.org>
Date: Mon, 14 Nov 2011 21:56:40 +0000
Subject: Add the ability to do unsafe SSL renegotiation as a fallback.

This commit adds the ability to perform legacy SSL renegotiation as
a fallback via QSsl::SslOptions. This is something that used to work,
but has been disabled by default in newer versions of openssl. The
need for this has been reported by users (eg. in QTBUG-14983).

Change-Id: I5b80f3ffd07e0c5faddc469f6a8f857bac5740f7
Reviewed-by: Corentin Chary <corentin.chary@gmail.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
---
 src/network/ssl/qsslconfiguration_p.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/network/ssl/qsslconfiguration_p.h')

diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h
index b83edb9eb8..a711eeb27f 100644
--- a/src/network/ssl/qsslconfiguration_p.h
+++ b/src/network/ssl/qsslconfiguration_p.h
@@ -82,7 +82,8 @@ public:
     QSslConfigurationPrivate()
         : protocol(QSsl::SecureProtocols),
           peerVerifyMode(QSslSocket::AutoVerifyPeer),
-          peerVerifyDepth(0)
+          peerVerifyDepth(0),
+          sslOptions(QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation)
     { }
 
     QSslCertificate peerCertificate;
-- 
cgit v1.2.3