1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

QSslConfiguration: Add functions for adding CA certificates

Browse Source 
The QSslSocket versions of these will be deprecated.

Change-Id: I88c788f88e13f190e015d6a78b958e81c2d483a1
Reviewed-by: Jesus Fernandez <jsfdez@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This commit is contained in:
Mårten Nordheim 2019-09-23 14:51:14 +02:00
parent c5c51f442a
commit 1068d579ee
2 changed files with 77 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
src/network/ssl/qsslconfiguration.cpp
View File

@ -631,11 +631,10 @@ QList<QSslCipher> QSslConfiguration::supportedCiphers()
Returns this connection's CA certificate database. The CA certificate Returns this connection's CA certificate database. The CA certificate
database is used by the socket during the handshake phase to database is used by the socket during the handshake phase to
validate the peer's certificate. It can be modified prior to the validate the peer's certificate. It can be modified prior to the
handshake with setCaCertificates(), or with \l{QSslSocket}'s handshake with setCaCertificates(), or with addCaCertificate() and
\l{QSslSocket::}{addCaCertificate()} and addCaCertificates().
\l{QSslSocket::}{addCaCertificates()}.
\sa setCaCertificates() \sa setCaCertificates(), addCaCertificate(), addCaCertificates()
*/ */
QList<QSslCertificate> QSslConfiguration::caCertificates() const QList<QSslCertificate> QSslConfiguration::caCertificates() const
{ {
@ -652,7 +651,7 @@ QList<QSslCertificate> QSslConfiguration::caCertificates() const
that is not available (as is commonly the case on iOS), the default database that is not available (as is commonly the case on iOS), the default database
is empty. is empty.
\sa caCertificates() \sa caCertificates(), addCaCertificates(), addCaCertificate()
*/ */
void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certificates) void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certificates)
{ {
@ -660,6 +659,72 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific
d->allowRootCertOnDemandLoading = false; d->allowRootCertOnDemandLoading = false;
} }
/*!
Searches all files in the \a path for certificates encoded in the
specified \a format and adds them to this socket's CA certificate
database. \a path must be a file or a pattern matching one or more
files, as specified by \a syntax. Returns \c true if one or more
certificates are added to the socket's CA certificate database;
otherwise returns \c false.
The CA certificate database is used by the socket during the
handshake phase to validate the peer's certificate.
For more precise control, use addCaCertificate().
\sa addCaCertificate(), QSslCertificate::fromPath()
*/
bool QSslConfiguration::addCaCertificates(const QString &path, QSsl::EncodingFormat format,
QRegExp::PatternSyntax syntax)
{
QList<QSslCertificate> certs = QSslCertificate::fromPath(path, format, syntax);
if (certs.isEmpty())
return false;
d->caCertificates += certs;
return true;
}
/*!
\since 5.15
Adds \a certificate to this configuration's CA certificate database.
The certificate database must be set prior to the SSL handshake.
The CA certificate database is used by the socket during the
handshake phase to validate the peer's certificate.
\note The default configuration uses the system CA certificate database. If
that is not available (as is commonly the case on iOS), the default database
is empty.
\sa caCertificates(), setCaCertificates(), addCaCertificates()
*/
void QSslConfiguration::addCaCertificate(const QSslCertificate &certificate)
{
d->caCertificates += certificate;
d->allowRootCertOnDemandLoading = false;
}
/*!
\since 5.15
Adds \a certificates to this configuration's CA certificate database.
The certificate database must be set prior to the SSL handshake.
The CA certificate database is used by the socket during the
handshake phase to validate the peer's certificate.
\note The default configuration uses the system CA certificate database. If
that is not available (as is commonly the case on iOS), the default database
is empty.
\sa caCertificates(), setCaCertificates(), addCaCertificate()
*/
void QSslConfiguration::addCaCertificates(const QList<QSslCertificate> &certificates)
{
d->caCertificates += certificates;
d->allowRootCertOnDemandLoading = false;
}
/*! /*!
\since 5.5 \since 5.5
@ -668,7 +733,8 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific
returned by this function is used to initialize the database returned by this function is used to initialize the database
returned by caCertificates() on the default QSslConfiguration. returned by caCertificates() on the default QSslConfiguration.
\sa caCertificates(), setCaCertificates(), defaultConfiguration() \sa caCertificates(), setCaCertificates(), defaultConfiguration(),
addCaCertificate(), addCaCertificates()
*/ */
QList<QSslCertificate> QSslConfiguration::systemCaCertificates() QList<QSslCertificate> QSslConfiguration::systemCaCertificates()
{ {

5
src/network/ssl/qsslconfiguration.h
View File

@ -131,6 +131,11 @@ public:
// Certificate Authority (CA) settings // Certificate Authority (CA) settings
QList<QSslCertificate> caCertificates() const; QList<QSslCertificate> caCertificates() const;
void setCaCertificates(const QList<QSslCertificate> &certificates); void setCaCertificates(const QList<QSslCertificate> &certificates);
bool addCaCertificates(const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
QRegExp::PatternSyntax syntax = QRegExp::FixedString);
void addCaCertificate(const QSslCertificate &certificate);
void addCaCertificates(const QList<QSslCertificate> &certificates);
static QList<QSslCertificate> systemCaCertificates(); static QList<QSslCertificate> systemCaCertificates();
void setSslOption(QSsl::SslOption option, bool on); void setSslOption(QSsl::SslOption option, bool on);