Prevent spurious SSL errors from local certificates.
Qt since approximately 4.4 has set the verify callback on both the SSL store and the SSL context. Only the latter is actually needed. This is normally not a problem, but openssl prior to 1.0.2 uses the verify code to find the intermediate certificates for any local certificate that has been set which can lead to verification errors for the local certificate to be emitted. Task-number: QTBUG-33228 Task-number: QTBUG-7200 Task-number: QTBUG-24234 Change-Id: Ie4115e7f7faa1267ea9b807c01b1ed6604c4a16c Reviewed-by: Peter Hartmann <phartmann@blackberry.com> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
This commit is contained in:
parent
3a26313919
commit
7c8131763d
@ -189,9 +189,6 @@ init_context:
|
||||
q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDirs.at(a).constData());
|
||||
}
|
||||
|
||||
// Register a custom callback to get all verification errors.
|
||||
X509_STORE_set_verify_cb_func(sslContext->ctx->cert_store, q_X509Callback);
|
||||
|
||||
if (!sslContext->sslConfiguration.localCertificate().isNull()) {
|
||||
// Require a private key as well.
|
||||
if (sslContext->sslConfiguration.privateKey().isNull()) {
|
||||
|
@ -1924,9 +1924,6 @@ void tst_QSslSocket::verifyMode()
|
||||
loop.exec();
|
||||
|
||||
QVERIFY(clientSocket.isEncrypted());
|
||||
#if (defined(UBUNTU_ONEIRIC) && defined(__x86_64__)) || defined(Q_OS_WIN) || defined(Q_OS_MAC)
|
||||
QEXPECT_FAIL("", "QTBUG-24234", Abort);
|
||||
#endif
|
||||
QVERIFY(server.socket->sslErrors().isEmpty());
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user