From e4670df1182b1ec096ede3aad27828cfd85ecf1f Mon Sep 17 00:00:00 2001
From: Edward Welbourne <edward.welbourne@qt.io>
Date: Thu, 15 Jul 2021 11:01:09 +0200
Subject: [PATCH] Tidy up systemCaCertificates() function in OpenSSL backend
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As pointed out by Marc Mutz in another review, the Android branches of
its #if-ery amounted to a complicated no-op, so simplify the #if-ery,
add a TODO and then simplify the code thereby freed of the need to
accommodate the #if-ery.

In the process, initialize a set of filenames with the two filenames
that we read certificates from after looping over the set, which might
have left those files being read twice.

Change-Id: I2ee4ee3c3cf40226ee6a50afd6127fa4a71d2834
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
---
 .../tls/openssl/qtlsbackend_openssl.cpp       | 29 +++++++------------
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/src/plugins/tls/openssl/qtlsbackend_openssl.cpp b/src/plugins/tls/openssl/qtlsbackend_openssl.cpp
index fe5f5d2354..2374f79ed6 100644
--- a/src/plugins/tls/openssl/qtlsbackend_openssl.cpp
+++ b/src/plugins/tls/openssl/qtlsbackend_openssl.cpp
@@ -398,20 +398,17 @@ QList<QSslCertificate> systemCaCertificates()
         }
         CertCloseStore(hSystemStore, 0);
     }
+#elif defined(Q_OS_ANDROID)
+    // TODO: find where it hides its system certs !
 #elif defined(Q_OS_UNIX)
-    QSet<QString> certFiles;
-    QDir currentDir;
-    QStringList nameFilters;
-    QSsl::EncodingFormat platformEncodingFormat;
-# ifdef Q_OS_ANDROID
-    const QList<QByteArray> directories;
-# else
-    const QList<QByteArray> directories = QSslSocketPrivate::unixRootCertDirectories();
-    nameFilters << QLatin1String("*.pem") << QLatin1String("*.crt");
-    platformEncodingFormat = QSsl::Pem;
-# endif //Q_OS_ANDROID
     {
-        currentDir.setNameFilters(nameFilters);
+        const QList<QByteArray> directories = QSslSocketPrivate::unixRootCertDirectories();
+        QSet<QString> certFiles = {
+            QStringLiteral("/etc/pki/tls/certs/ca-bundle.crt"), // Fedora, Mandriva
+            QStringLiteral("/usr/local/share/certs/ca-root-nss.crt") // FreeBSD's ca_root_nss
+        };
+        QDir currentDir;
+        currentDir.setNameFilters(QStringList{QStringLiteral("*.pem"), QStringLiteral("*.crt")});
         for (const auto &directory : directories) {
             currentDir.setPath(QLatin1String(directory));
             QDirIterator it(currentDir);
@@ -422,13 +419,9 @@ QList<QSslCertificate> systemCaCertificates()
             }
         }
         for (const QString& file : qAsConst(certFiles))
-            systemCerts.append(QSslCertificate::fromPath(file, platformEncodingFormat));
-# ifndef Q_OS_ANDROID
-        systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora, Mandriva
-        systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/share/certs/ca-root-nss.crt"), QSsl::Pem)); // FreeBSD's ca_root_nss
-# endif
+            systemCerts.append(QSslCertificate::fromPath(file, QSsl::Pem));
     }
-#endif
+#endif // platform
 #ifdef QSSLSOCKET_DEBUG
     qCDebug(lcTlsBackend) << "systemCaCertificates retrieval time " << timer.elapsed() << "ms";
     qCDebug(lcTlsBackend) << "imported " << systemCerts.count() << " certificates";