From ae7bbe34005d704f0c1fd3ca0335095c1df48cde Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <daniel@molkentin.de>
Date: Sun, 13 Apr 2014 12:11:16 +0200
Subject: Provide new API: QSslCertificate::isSelfSigned()

Change-Id: I382a017a0b865b849667301aff8b2f87b676ecc6
Reviewed-by: Richard J. Moore <rich@kde.org>
---
 src/network/ssl/qsslcertificate.cpp            | 15 +++++++++++++++
 src/network/ssl/qsslcertificate.h              |  1 +
 src/network/ssl/qsslsocket_openssl_symbols.cpp |  2 ++
 src/network/ssl/qsslsocket_openssl_symbols_p.h |  1 +
 4 files changed, 19 insertions(+)

(limited to 'src/network/ssl')

diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index 3b7fa4da09..2eef37feff 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -264,6 +264,21 @@ bool QSslCertificate::isBlacklisted() const
     return QSslCertificatePrivate::isBlacklisted(*this);
 }
 
+/*!
+    Returns \c true if this certificate is self signed; otherwise
+    returns \c false.
+
+    A certificate is considered self-signed its issuer and subject
+    are identical.
+*/
+bool QSslCertificate::isSelfSigned() const
+{
+    if (!d->x509)
+        return false;
+
+    return (q_X509_check_issued(d->x509, d->x509) == X509_V_OK);
+}
+
 /*!
     Clears the contents of this certificate, making it a null
     certificate.
diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h
index 988071eb9d..0ae491e8d5 100644
--- a/src/network/ssl/qsslcertificate.h
+++ b/src/network/ssl/qsslcertificate.h
@@ -105,6 +105,7 @@ public:
     }
 #endif
     bool isBlacklisted() const;
+    bool isSelfSigned() const;
     void clear();
 
     // Certificate info
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
index 65f186b9e9..b0e14e0de1 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -316,6 +316,7 @@ DEFINEFUNC2(int, ASN1_STRING_print, BIO *a, a, const ASN1_STRING *b, b, return 0
 #else
 DEFINEFUNC2(int, ASN1_STRING_print, BIO *a, a, ASN1_STRING *b, b, return 0, return)
 #endif
+DEFINEFUNC2(int, X509_check_issued, X509 *a, a, X509 *b, b, return -1, return)
 DEFINEFUNC(X509_NAME *, X509_get_issuer_name, X509 *a, a, return 0, return)
 DEFINEFUNC(X509_NAME *, X509_get_subject_name, X509 *a, a, return 0, return)
 DEFINEFUNC(int, X509_verify_cert, X509_STORE_CTX *a, a, return -1, return)
@@ -819,6 +820,7 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(BASIC_CONSTRAINTS_free)
     RESOLVEFUNC(AUTHORITY_KEYID_free)
     RESOLVEFUNC(ASN1_STRING_print)
+    RESOLVEFUNC(X509_check_issued)
     RESOLVEFUNC(X509_get_issuer_name)
     RESOLVEFUNC(X509_get_subject_name)
     RESOLVEFUNC(X509_verify_cert)
diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
index 70d4c25456..36e196b072 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
@@ -407,6 +407,7 @@ int q_ASN1_STRING_print(BIO *a, const ASN1_STRING *b);
 #else
 int q_ASN1_STRING_print(BIO *a, ASN1_STRING *b);
 #endif
+int q_X509_check_issued(X509 *a, X509 *b);
 X509_NAME *q_X509_get_issuer_name(X509 *a);
 X509_NAME *q_X509_get_subject_name(X509 *a);
 int q_X509_verify_cert(X509_STORE_CTX *ctx);
-- 
cgit v1.2.3