From e7ca98f40f83bb012002b69226d3c27c02271d31 Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Thu, 14 May 2020 12:58:15 +0200 Subject: QSslSocket::addCaCertificates - do not duplicate certs If we already know the certificate, there is no need in adding it again. This function is deprecated, but will stay forever in 5.15. Pick-to: 5.15 Change-Id: I760f5bcffea78ac02c5643ee1112725edd32f15a Reviewed-by: Timur Pocheptsov --- src/network/ssl/qsslsocket_openssl.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 324ca6eea6..4c96c02ade 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1709,14 +1709,14 @@ void QSslSocketBackendPrivate::fetchCaRootForCert(const QSslCertificate &cert) //This is the callback from QWindowsCaRootFetcher, trustedRoot will be invalid (default constructed) if it failed. void QSslSocketBackendPrivate::_q_caRootLoaded(QSslCertificate cert, QSslCertificate trustedRoot) { - Q_Q(QSslSocket); if (!trustedRoot.isNull() && !trustedRoot.isBlacklisted()) { if (s_loadRootCertsOnDemand) { //Add the new root cert to default cert list for use by future sockets QSslSocket::addDefaultCaCertificate(trustedRoot); } //Add the new root cert to this socket for future connections - q->addCaCertificate(trustedRoot); + if (!configuration.caCertificates.contains(trustedRoot)) + configuration.caCertificates += trustedRoot; //Remove the broken chain ssl errors (as chain is verified by windows) for (int i=sslErrors.count() - 1; i >= 0; --i) { if (sslErrors.at(i).certificate() == cert) { -- cgit v1.2.3