From 376b33addf9d32514e1f953c0376e39de9342a7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
Date: Thu, 16 Feb 2023 16:50:48 +0100
Subject: [PATCH] TLS[openssl]: Use optional<> for CA cert we are fetching

The QSslCertificate ctor is somewhat expensive, especially when we are
shutting down. By using optional<> we simply reset() it and no longer
need to create a new, valid, certificate.

Task-number: QTBUG-102474
Change-Id: I514433b0d380dd3ceabbed3a6164f7e3efc490c7
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
(cherry picked from commit 61bfe87a64ca322de0ebf9bf61a0a0a81ee5bf7d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/plugins/tls/openssl/qtls_openssl.cpp | 6 +++---
 src/plugins/tls/openssl/qtls_openssl_p.h | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/plugins/tls/openssl/qtls_openssl.cpp b/src/plugins/tls/openssl/qtls_openssl.cpp
index 53380a9824f..031ccd9d15b 100644
--- a/src/plugins/tls/openssl/qtls_openssl.cpp
+++ b/src/plugins/tls/openssl/qtls_openssl.cpp
@@ -490,7 +490,7 @@ void TlsCryptographOpenSSL::init(QSslSocket *qObj, QSslSocketPrivate *dObj)
     handshakeInterrupted = false;
 
     fetchAuthorityInformation = false;
-    caToFetch = QSslCertificate{};
+    caToFetch.reset();
 }
 
 void TlsCryptographOpenSSL::checkSettingSslContext(std::shared_ptr<QSslContext> tlsContext)
@@ -749,7 +749,7 @@ void TlsCryptographOpenSSL::enableHandshakeContinuation()
 void TlsCryptographOpenSSL::cancelCAFetch()
 {
     fetchAuthorityInformation = false;
-    caToFetch = QSslCertificate{};
+    caToFetch.reset();
 }
 
 void TlsCryptographOpenSSL::continueHandshake()
@@ -1803,7 +1803,7 @@ void TlsCryptographOpenSSL::caRootLoaded(QSslCertificate cert, QSslCertificate t
     Q_ASSERT(q);
 
     //Done, fetched already:
-    caToFetch = QSslCertificate{};
+    caToFetch.reset();
 
     if (fetchAuthorityInformation) {
         if (!q->sslConfiguration().caCertificates().contains(trustedRoot))
diff --git a/src/plugins/tls/openssl/qtls_openssl_p.h b/src/plugins/tls/openssl/qtls_openssl_p.h
index 31fede2ace0..65d21a395bd 100644
--- a/src/plugins/tls/openssl/qtls_openssl_p.h
+++ b/src/plugins/tls/openssl/qtls_openssl_p.h
@@ -120,7 +120,7 @@ private:
     bool handshakeInterrupted = false;
 
     bool fetchAuthorityInformation = false;
-    QSslCertificate caToFetch;
+    std::optional<QSslCertificate> caToFetch;
 
     bool inSetAndEmitError = false;
     bool pendingFatalAlert = false;