From 474bee61e4a1c6797ff876bd0ae25ba87d33a4ec Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@kdab.com>
Date: Fri, 23 Oct 2015 16:32:59 +0200
Subject: QtNetwork: convert some QDateTime::currentDateTime() to
 currentDateTimeUtc()

The latter is much faster as it doesn't have to deal with
time zones.

This change is safe, because the QDateTimes are only used for
comparison with other QDateTimes, which, from a quick glance around,
seem to be mostly, if not exclusively, in UTC. Comparsions work
across time zones, but the comparison between UTC date-times is
fastest.

Credits to Milian Wolff, from whose QtWS15 talk this advice is
taken.

Change-Id: I6859d886d8dc8e0a52fbe394fbb7b93a87b4739a
Reviewed-by: Milian Wolff <milian.wolff@kdab.com>
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@theqtcompany.com>
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
---
 src/network/ssl/qsslsocket_openssl.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/network/ssl/qsslsocket_openssl.cpp')

diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index a8e4c61e9a..dd47dfc45f 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -1660,6 +1660,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> &
         setDefaultCaCertificates(defaultCaCertificates() + systemCaCertificates());
     }
 
+    const QDateTime now = QDateTime::currentDateTimeUtc();
     foreach (const QSslCertificate &caCertificate, QSslConfiguration::defaultConfiguration().caCertificates()) {
         // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html:
         //
@@ -1672,7 +1673,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> &
         // certificates mixed with valid ones.
         //
         // See also: QSslContext::fromConfiguration()
-        if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) {
+        if (caCertificate.expiryDate() >= now) {
             q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle()));
         }
     }
-- 
cgit v1.2.3