From 7898080ca78ceec15163976390979631fcbd178d Mon Sep 17 00:00:00 2001
From: Richard Moore <rich@kde.org>
Date: Mon, 11 Feb 2013 22:31:00 +0000
Subject: Add support for intermediate certificates to server sockets.

Add intermediate certificates to our server sockets, and to our client
certs.

Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba
Task-Number: QTBUG-19825
Task-Number: QTBUG-13281
Reviewed-by: Peter Hartmann <phartmann@rim.com>
---
 src/network/ssl/qsslcontext.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'src/network/ssl/qsslcontext.cpp')

diff --git a/src/network/ssl/qsslcontext.cpp b/src/network/ssl/qsslcontext.cpp
index f75ff3796d..22ad42116b 100644
--- a/src/network/ssl/qsslcontext.cpp
+++ b/src/network/ssl/qsslcontext.cpp
@@ -234,6 +234,17 @@ init_context:
             sslContext->errorCode = QSslError::UnspecifiedError;
             return sslContext;
         }
+
+        // If we have any intermediate certificates then we need to add them to our chain
+        bool first = true;
+        foreach (const QSslCertificate &cert, configuration.d->localCertificateChain) {
+            if (first) {
+                first = false;
+                continue;
+            }
+            q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0,
+                           q_X509_dup(reinterpret_cast<X509 *>(cert.handle())));
+        }
     }
 
     // Initialize peer verification.
-- 
cgit v1.2.3