1158ff67b4
QSslCertificate::verify() has an undocumented and not very desirable property - on some platorms it updates the default configuration, which can be surprising. For example, we deprecated QSslSocket::setDefaultCaCertificates() and recommend using QSslConfiguration::defaultConfiguration(), QSslConfiguration::setDefaultConfiguration(), and QSslConfiguration::setCaCertificates(). If an application does this to select CA roots it trusts explicitly, and then for some reason is calling verify, the application can have its QSslSockets successfully connecting to a host, whose root was not trusted by the application. Also, on Windows, defaultCaCertificates() include system roots already, no need to have them twice. [ChangeLog][QtCore][QtNetwork] QSslSocket::verify - do not change the default configuration Pick-to: 5.15 Pick-to: 6.0 Pick-to: 6.0.0 Fixes: QTBUG-88639 Change-Id: I1cd40b259d0a6dcd15c78d1e7c027ff10859595c Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> |
||
---|---|---|
.. | ||
qasn1element | ||
qdtls | ||
qdtlscookie | ||
qocsp | ||
qpassworddigestor | ||
qsslcertificate | ||
qsslcipher | ||
qssldiffiehellmanparameters | ||
qsslellipticcurve | ||
qsslerror | ||
qsslkey | ||
qsslsocket | ||
qsslsocket_onDemandCertificates_member | ||
qsslsocket_onDemandCertificates_static | ||
CMakeLists.txt | ||
ssl.pro |