SecureTransport - disable lock on sleep for the custom keychain

It appears that by default our keychain auto-locks when the system sleeps. This makes the keychain totally useless, since its password is a random 256 bytes our user never has a chance to know. Thanks to Mårten for the hint about SecKeychainSetSettings, the way to properly fix it. Task-number: QTBUG-69677 Change-Id: I2603c26b8422a1bcace3336e9b4ebe0381c952d7 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2018-08-02 16:18:00 +02:00 · 2018-08-02 16:18:00 +02:00 · 81910b5f3c
commit 81910b5f3c
parent db738cbaf1
1 changed files with 11 additions and 0 deletions
--- a/src/network/ssl/qsslsocket_mac.cpp
+++ b/src/network/ssl/qsslsocket_mac.cpp
@ -60,6 +60,7 @@

 #include <algorithm>
 #include <cstddef>
+#include <limits>
 #include <vector>

 #include <QtCore/private/qcore_mac_p.h>
@ -144,6 +145,16 @@ EphemeralSecKeychain::EphemeralSecKeychain()
        }
    }

+    if (keychain) {
+        SecKeychainSettings settings = {};
+        settings.version = SEC_KEYCHAIN_SETTINGS_VERS1;
+        // Strange, huh? But that's what their docs say to do! With lockOnSleep
+        // == false, set interval to INT_MAX to never lock ...
+        settings.lockInterval = INT_MAX;
+        if (SecKeychainSetSettings(keychain, &settings) != errSecSuccess)
+            qCWarning(lcSsl) << "SecKeychainSettings: failed to disable lock on sleep";
+    }
+
 #ifdef QSSLSOCKET_DEBUG
    if (keychain) {
        qCDebug(lcSsl) << "Custom keychain with name" << keychainName << "was created"