From 3dd8f6dc34a1357018484158a5e91c3afc71ae77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
Date: Fri, 27 Sep 2019 16:16:52 +0200
Subject: Schannel: no longer keep old ssl errors around when reusing socket

And add a test for it so it can no longer happen in any current or
future implementation.

Change-Id: I3214aa90595e291b1e1c66befe185cfe1ea7bc6b
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
---
 src/network/ssl/qsslsocket_schannel.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/network/ssl/qsslsocket_schannel.cpp')

diff --git a/src/network/ssl/qsslsocket_schannel.cpp b/src/network/ssl/qsslsocket_schannel.cpp
index 339ecf4da2..46c109b6e5 100644
--- a/src/network/ssl/qsslsocket_schannel.cpp
+++ b/src/network/ssl/qsslsocket_schannel.cpp
@@ -974,6 +974,7 @@ bool QSslSocketBackendPrivate::performHandshake()
 bool QSslSocketBackendPrivate::verifyHandshake()
 {
     Q_Q(QSslSocket);
+    sslErrors.clear();
 
     const bool isClient = mode == QSslSocket::SslClientMode;
 #define CHECK_STATUS(status)                                                  \
@@ -1062,7 +1063,7 @@ bool QSslSocketBackendPrivate::verifyHandshake()
     }
 
     // verifyCertContext returns false if the user disconnected while it was checking errors.
-    if (certificateContext && sslErrors.isEmpty() && !verifyCertContext(certificateContext))
+    if (certificateContext && !verifyCertContext(certificateContext))
         return false;
 
     if (!checkSslErrors() || state != QAbstractSocket::ConnectedState) {
-- 
cgit v1.2.3