AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SSL - dump failed certificate chains when debug logging is enabled

Browse Source 
This is to help us debug problems with CA certificates.
Code is not compiled by default, only when QtNetwork is built with
QSSLSOCKET_DEBUG defined

Change-Id: I404c36bf4c6bf1190f480196038197be30b4b5f9
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
This commit is contained in:
Shane Kearns 2012-01-06 16:50:23 +00:00 committed by Qt by Nokia
parent aa23a18ad2
commit 1ee9c0925b
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/network/ssl/qsslsocket_openssl.cpp
View File

@ -225,6 +225,27 @@ static int q_X509Callback(int ok, X509_STORE_CTX *ctx)
if (!ok) {
// Store the error and at which depth the error was detected.
_q_sslErrorList()->errors << qMakePair<int, int>(ctx->error, ctx->error_depth);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "verification error: dumping bad certificate";
qDebug() << QSslCertificatePrivate::QSslCertificate_from_X509(ctx->current_cert).toPem();
qDebug() << "dumping chain";
foreach (QSslCertificate cert, QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(ctx->chain)) {
QString certFormat(QStringLiteral("O=%1 CN=%2 L=%3 OU=%4 C=%5 ST=%6"));
qDebug() << "Issuer:" << "O=" << cert.issuerInfo(QSslCertificate::Organization)
<< "CN=" << cert.issuerInfo(QSslCertificate::CommonName)
<< "L=" << cert.issuerInfo(QSslCertificate::LocalityName)
<< "OU=" << cert.issuerInfo(QSslCertificate::OrganizationalUnitName)
<< "C=" << cert.issuerInfo(QSslCertificate::CountryName)
<< "ST=" << cert.issuerInfo(QSslCertificate::StateOrProvinceName);
qDebug() << "Subject:" << "O=" << cert.subjectInfo(QSslCertificate::Organization)
<< "CN=" << cert.subjectInfo(QSslCertificate::CommonName)
<< "L=" << cert.subjectInfo(QSslCertificate::LocalityName)
<< "OU=" << cert.subjectInfo(QSslCertificate::OrganizationalUnitName)
<< "C=" << cert.subjectInfo(QSslCertificate::CountryName)
<< "ST=" << cert.subjectInfo(QSslCertificate::StateOrProvinceName);
qDebug() << "Valid:" << cert.effectiveDate() << "-" << cert.expiryDate();
}
#endif
}
// Always return OK to allow verification to continue. We're handle the
// errors gracefully after collecting all errors, after verification has