From 5c7d2033e07ea1d5d4540a0917cc0994a8656199 Mon Sep 17 00:00:00 2001
From: Timur Pocheptsov <timur.pocheptsov@qt.io>
Date: Tue, 31 Jul 2018 10:43:00 +0200
Subject: QDtls: respect pre-set verification errors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

That's actually how ignoreVerificationErrors (and QSslSocket::ignoreSslErrors)
are used to set the expected/known verification errors before handshake.
Auto-test updated too.

Change-Id: I9c700302d81ddb383a4a750fafd594373fb38ace
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
---
 tests/auto/network/ssl/qdtls/tst_qdtls.cpp | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'tests/auto/network')

diff --git a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp
index 571d341126..60ab87d6f2 100644
--- a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp
+++ b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp
@@ -41,6 +41,7 @@
 
 #include <QtCore/qcryptographichash.h>
 #include <QtCore/qbytearray.h>
+#include <QtCore/qvector.h>
 #include <QtCore/qstring.h>
 #include <QtCore/qobject.h>
 
@@ -99,6 +100,7 @@ private slots:
     void protocolVersionMatching();
     void verificationErrors_data();
     void verificationErrors();
+    void ignoreExpectedErrors();
     void verifyServerCertificate_data();
     void verifyServerCertificate();
     void verifyClientCertificate_data();
@@ -685,6 +687,31 @@ void tst_QDtls::verificationErrors()
     }
 }
 
+void tst_QDtls::ignoreExpectedErrors()
+{
+    connectHandshakeReadingSlots();
+
+    auto serverConfig = defaultServerConfig;
+    serverConfig.setPrivateKey(serverKeySS);
+    serverConfig.setLocalCertificate(selfSignedCert);
+    QVERIFY(serverCrypto->setDtlsConfiguration(serverConfig));
+
+    const QVector<QSslError> expectedErrors = {{QSslError::HostNameMismatch, selfSignedCert},
+                                               {QSslError::SelfSignedCertificate, selfSignedCert}};
+
+    clientCrypto->ignoreVerificationErrors(expectedErrors);
+    QVERIFY(clientCrypto->setPeer(serverAddress, serverPort));
+    QVERIFY(clientCrypto->doHandshake(&clientSocket));
+
+    testLoop.enterLoopMSecs(handshakeTimeoutMS);
+
+    QVERIFY(!testLoop.timeout());
+
+    QDTLS_VERIFY_HANDSHAKE_SUCCESS(serverCrypto);
+    QCOMPARE(clientCrypto->handshakeState(), QDtls::HandshakeComplete);
+    QVERIFY(clientCrypto->isConnectionEncrypted());
+}
+
 void tst_QDtls::verifyServerCertificate_data()
 {
     QTest::addColumn<QSslSocket::PeerVerifyMode>("verifyMode");
-- 
cgit v1.2.3