From 81910b5f3cfb8c8b0c009913d62dacff4e73bc3b Mon Sep 17 00:00:00 2001
From: Timur Pocheptsov <timur.pocheptsov@qt.io>
Date: Thu, 2 Aug 2018 16:18:00 +0200
Subject: SecureTransport - disable lock on sleep for the custom keychain
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It appears that by default our keychain auto-locks when the
system sleeps. This makes the keychain totally useless, since
its password is a random 256 bytes our user never has a chance
to know. Thanks to Mårten for the hint about SecKeychainSetSettings,
the way to properly fix it.

Task-number: QTBUG-69677
Change-Id: I2603c26b8422a1bcace3336e9b4ebe0381c952d7
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
---
 src/network/ssl/qsslsocket_mac.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'src/network')

diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp
index 046b432252..aa0e1b0dd1 100644
--- a/src/network/ssl/qsslsocket_mac.cpp
+++ b/src/network/ssl/qsslsocket_mac.cpp
@@ -60,6 +60,7 @@
 
 #include <algorithm>
 #include <cstddef>
+#include <limits>
 #include <vector>
 
 #include <QtCore/private/qcore_mac_p.h>
@@ -144,6 +145,16 @@ EphemeralSecKeychain::EphemeralSecKeychain()
         }
     }
 
+    if (keychain) {
+        SecKeychainSettings settings = {};
+        settings.version = SEC_KEYCHAIN_SETTINGS_VERS1;
+        // Strange, huh? But that's what their docs say to do! With lockOnSleep
+        // == false, set interval to INT_MAX to never lock ...
+        settings.lockInterval = INT_MAX;
+        if (SecKeychainSetSettings(keychain, &settings) != errSecSuccess)
+            qCWarning(lcSsl) << "SecKeychainSettings: failed to disable lock on sleep";
+    }
+
 #ifdef QSSLSOCKET_DEBUG
     if (keychain) {
         qCDebug(lcSsl) << "Custom keychain with name" << keychainName << "was created"
-- 
cgit v1.2.3