Tidy up systemCaCertificates() function in OpenSSL backend
As pointed out by Marc Mutz in another review, the Android branches of its #if-ery amounted to a complicated no-op, so simplify the #if-ery, add a TODO and then simplify the code thereby freed of the need to accommodate the #if-ery. In the process, initialize a set of filenames with the two filenames that we read certificates from after looping over the set, which might have left those files being read twice. Change-Id: I2ee4ee3c3cf40226ee6a50afd6127fa4a71d2834 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Marc Mutz <marc.mutz@kdab.com> Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This commit is contained in:
parent
aff8d83512
commit
e4670df118
@ -398,20 +398,17 @@ QList<QSslCertificate> systemCaCertificates()
|
|||||||
}
|
}
|
||||||
CertCloseStore(hSystemStore, 0);
|
CertCloseStore(hSystemStore, 0);
|
||||||
}
|
}
|
||||||
|
#elif defined(Q_OS_ANDROID)
|
||||||
|
// TODO: find where it hides its system certs !
|
||||||
#elif defined(Q_OS_UNIX)
|
#elif defined(Q_OS_UNIX)
|
||||||
QSet<QString> certFiles;
|
|
||||||
QDir currentDir;
|
|
||||||
QStringList nameFilters;
|
|
||||||
QSsl::EncodingFormat platformEncodingFormat;
|
|
||||||
# ifdef Q_OS_ANDROID
|
|
||||||
const QList<QByteArray> directories;
|
|
||||||
# else
|
|
||||||
const QList<QByteArray> directories = QSslSocketPrivate::unixRootCertDirectories();
|
|
||||||
nameFilters << QLatin1String("*.pem") << QLatin1String("*.crt");
|
|
||||||
platformEncodingFormat = QSsl::Pem;
|
|
||||||
# endif //Q_OS_ANDROID
|
|
||||||
{
|
{
|
||||||
currentDir.setNameFilters(nameFilters);
|
const QList<QByteArray> directories = QSslSocketPrivate::unixRootCertDirectories();
|
||||||
|
QSet<QString> certFiles = {
|
||||||
|
QStringLiteral("/etc/pki/tls/certs/ca-bundle.crt"), // Fedora, Mandriva
|
||||||
|
QStringLiteral("/usr/local/share/certs/ca-root-nss.crt") // FreeBSD's ca_root_nss
|
||||||
|
};
|
||||||
|
QDir currentDir;
|
||||||
|
currentDir.setNameFilters(QStringList{QStringLiteral("*.pem"), QStringLiteral("*.crt")});
|
||||||
for (const auto &directory : directories) {
|
for (const auto &directory : directories) {
|
||||||
currentDir.setPath(QLatin1String(directory));
|
currentDir.setPath(QLatin1String(directory));
|
||||||
QDirIterator it(currentDir);
|
QDirIterator it(currentDir);
|
||||||
@ -422,13 +419,9 @@ QList<QSslCertificate> systemCaCertificates()
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
for (const QString& file : qAsConst(certFiles))
|
for (const QString& file : qAsConst(certFiles))
|
||||||
systemCerts.append(QSslCertificate::fromPath(file, platformEncodingFormat));
|
systemCerts.append(QSslCertificate::fromPath(file, QSsl::Pem));
|
||||||
# ifndef Q_OS_ANDROID
|
|
||||||
systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora, Mandriva
|
|
||||||
systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/share/certs/ca-root-nss.crt"), QSsl::Pem)); // FreeBSD's ca_root_nss
|
|
||||||
# endif
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif // platform
|
||||||
#ifdef QSSLSOCKET_DEBUG
|
#ifdef QSSLSOCKET_DEBUG
|
||||||
qCDebug(lcTlsBackend) << "systemCaCertificates retrieval time " << timer.elapsed() << "ms";
|
qCDebug(lcTlsBackend) << "systemCaCertificates retrieval time " << timer.elapsed() << "ms";
|
||||||
qCDebug(lcTlsBackend) << "imported " << systemCerts.count() << " certificates";
|
qCDebug(lcTlsBackend) << "imported " << systemCerts.count() << " certificates";
|
||||||
|
Loading…
Reference in New Issue
Block a user