_q_makePkcs12: Don't embed a key if we don't have one

Usually we embed the private key for the leaf certificate, but in
Schannel _q_makePkcs12 is also used to create a certificate store for
our CA certificates, which we don't have any private key for.

So lift this restriction.

Change-Id: Ic86a2a6725f2c8272c951148eb97e18a964a36f2
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This commit is contained in:
Mårten Nordheim 2018-10-16 12:21:59 +02:00
parent 37f773a754
commit e19df161cd

View File

@ -242,8 +242,10 @@ static QByteArray _q_PKCS12_bag(const QList<QSslCertificate> &certs, const QSslK
items << _q_PKCS7_data(_q_PKCS12_certBag(certs[i]));
// key
const QByteArray localKeyId = certs.first().digest(QCryptographicHash::Sha1);
items << _q_PKCS7_data(_q_PKCS12_shroudedKeyBag(key, passPhrase, localKeyId));
if (!key.isNull()) {
const QByteArray localKeyId = certs.first().digest(QCryptographicHash::Sha1);
items << _q_PKCS7_data(_q_PKCS12_shroudedKeyBag(key, passPhrase, localKeyId));
}
// dump
QAsn1Element root = QAsn1Element::fromVector(items);