From 479c3bd93be061fab5753940fbc64b514e29615b Mon Sep 17 00:00:00 2001
From: Timur Pocheptsov <timur.pocheptsov@qt.io>
Date: Mon, 11 May 2020 12:06:38 +0200
Subject: CA fetcher - do not add CA root if it's already present
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As it was found recently CA fetcher, while building a chain with a missing
intermediary, may return the root we are already aware of (had in the "ROOT"
store). While this is in general harmless, it can be a bit surprising if
some code is analyzing the list of CA certificates after a handshake.

Pick-to: 5.15
Change-Id: I1df3b537e2a812de17e2c94ad4643cf36e7e946f
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
---
 src/network/ssl/qsslsocket.cpp | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/network/ssl/qsslsocket.cpp')

diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index 5252f3348b..667a2e7267 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -2467,6 +2467,8 @@ void QSslSocketPrivate::addDefaultCaCertificate(const QSslCertificate &cert)
 {
     QSslSocketPrivate::ensureInitialized();
     QMutexLocker locker(&globalData()->mutex);
+    if (globalData()->config->caCertificates.contains(cert))
+        return;
     globalData()->config.detach();
     globalData()->config->caCertificates += cert;
     globalData()->dtlsConfig.detach();
-- 
cgit v1.2.3