Tidy up systemCaCertificates() function in OpenSSL backend

As pointed out by Marc Mutz in another review, the Android branches of
its #if-ery amounted to a complicated no-op, so simplify the #if-ery,
add a TODO and then simplify the code thereby freed of the need to
accommodate the #if-ery.

In the process, initialize a set of filenames with the two filenames
that we read certificates from after looping over the set, which might
have left those files being read twice.

Change-Id: I2ee4ee3c3cf40226ee6a50afd6127fa4a71d2834
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This commit is contained in:
Edward Welbourne 2021-07-15 11:01:09 +02:00 committed by Marc Mutz
parent aff8d83512
commit e4670df118

View File

@ -398,20 +398,17 @@ QList<QSslCertificate> systemCaCertificates()
} }
CertCloseStore(hSystemStore, 0); CertCloseStore(hSystemStore, 0);
} }
#elif defined(Q_OS_ANDROID)
// TODO: find where it hides its system certs !
#elif defined(Q_OS_UNIX) #elif defined(Q_OS_UNIX)
QSet<QString> certFiles;
QDir currentDir;
QStringList nameFilters;
QSsl::EncodingFormat platformEncodingFormat;
# ifdef Q_OS_ANDROID
const QList<QByteArray> directories;
# else
const QList<QByteArray> directories = QSslSocketPrivate::unixRootCertDirectories();
nameFilters << QLatin1String("*.pem") << QLatin1String("*.crt");
platformEncodingFormat = QSsl::Pem;
# endif //Q_OS_ANDROID
{ {
currentDir.setNameFilters(nameFilters); const QList<QByteArray> directories = QSslSocketPrivate::unixRootCertDirectories();
QSet<QString> certFiles = {
QStringLiteral("/etc/pki/tls/certs/ca-bundle.crt"), // Fedora, Mandriva
QStringLiteral("/usr/local/share/certs/ca-root-nss.crt") // FreeBSD's ca_root_nss
};
QDir currentDir;
currentDir.setNameFilters(QStringList{QStringLiteral("*.pem"), QStringLiteral("*.crt")});
for (const auto &directory : directories) { for (const auto &directory : directories) {
currentDir.setPath(QLatin1String(directory)); currentDir.setPath(QLatin1String(directory));
QDirIterator it(currentDir); QDirIterator it(currentDir);
@ -422,13 +419,9 @@ QList<QSslCertificate> systemCaCertificates()
} }
} }
for (const QString& file : qAsConst(certFiles)) for (const QString& file : qAsConst(certFiles))
systemCerts.append(QSslCertificate::fromPath(file, platformEncodingFormat)); systemCerts.append(QSslCertificate::fromPath(file, QSsl::Pem));
# ifndef Q_OS_ANDROID
systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora, Mandriva
systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/share/certs/ca-root-nss.crt"), QSsl::Pem)); // FreeBSD's ca_root_nss
# endif
} }
#endif #endif // platform
#ifdef QSSLSOCKET_DEBUG #ifdef QSSLSOCKET_DEBUG
qCDebug(lcTlsBackend) << "systemCaCertificates retrieval time " << timer.elapsed() << "ms"; qCDebug(lcTlsBackend) << "systemCaCertificates retrieval time " << timer.elapsed() << "ms";
qCDebug(lcTlsBackend) << "imported " << systemCerts.count() << " certificates"; qCDebug(lcTlsBackend) << "imported " << systemCerts.count() << " certificates";