Prevent spurious SSL errors from local certificates.

Qt since approximately 4.4 has set the verify callback on both the SSL store and the SSL context. Only the latter is actually needed. This is normally not a problem, but openssl prior to 1.0.2 uses the verify code to find the intermediate certificates for any local certificate that has been set which can lead to verification errors for the local certificate to be emitted. Task-number: QTBUG-33228 Task-number: QTBUG-7200 Task-number: QTBUG-24234 Change-Id: Ie4115e7f7faa1267ea9b807c01b1ed6604c4a16c Reviewed-by: Peter Hartmann <phartmann@blackberry.com> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2014-01-12 16:59:27 +00:00 · 2014-01-12 16:59:27 +00:00 · 7c8131763d
commit 7c8131763d
parent 3a26313919
2 changed files with 0 additions and 6 deletions
--- a/src/network/ssl/qsslcontext.cpp
+++ b/src/network/ssl/qsslcontext.cpp
@ -189,9 +189,6 @@ init_context:
            q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDirs.at(a).constData());
    }

-    // Register a custom callback to get all verification errors.
-    X509_STORE_set_verify_cb_func(sslContext->ctx->cert_store, q_X509Callback);
-
    if (!sslContext->sslConfiguration.localCertificate().isNull()) {
        // Require a private key as well.
        if (sslContext->sslConfiguration.privateKey().isNull()) {
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@ -1924,9 +1924,6 @@ void tst_QSslSocket::verifyMode()
    loop.exec();

    QVERIFY(clientSocket.isEncrypted());
-#if (defined(UBUNTU_ONEIRIC) && defined(__x86_64__)) || defined(Q_OS_WIN) || defined(Q_OS_MAC)
-    QEXPECT_FAIL("", "QTBUG-24234", Abort);
-#endif
    QVERIFY(server.socket->sslErrors().isEmpty());
 }