1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SecureTransport - disable lock on sleep for the custom keychain

Browse Source 
It appears that by default our keychain auto-locks when the
system sleeps. This makes the keychain totally useless, since
its password is a random 256 bytes our user never has a chance
to know. Thanks to Mårten for the hint about SecKeychainSetSettings,
the way to properly fix it.

Task-number: QTBUG-69677
Change-Id: I2603c26b8422a1bcace3336e9b4ebe0381c952d7
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
This commit is contained in:
Timur Pocheptsov 2018-08-02 16:18:00 +02:00
parent db738cbaf1
commit 81910b5f3c
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/network/ssl/qsslsocket_mac.cpp
View File

@ -60,6 +60,7 @@
#include <algorithm> #include <algorithm>
#include <cstddef> #include <cstddef>
#include <limits>
#include <vector> #include <vector>
#include <QtCore/private/qcore_mac_p.h> #include <QtCore/private/qcore_mac_p.h>
@ -144,6 +145,16 @@ EphemeralSecKeychain::EphemeralSecKeychain()
} }
} }
if (keychain) {
SecKeychainSettings settings = {};
settings.version = SEC_KEYCHAIN_SETTINGS_VERS1;
// Strange, huh? But that's what their docs say to do! With lockOnSleep
// == false, set interval to INT_MAX to never lock ...
settings.lockInterval = INT_MAX;
if (SecKeychainSetSettings(keychain, &settings) != errSecSuccess)
qCWarning(lcSsl) << "SecKeychainSettings: failed to disable lock on sleep";
}
#ifdef QSSLSOCKET_DEBUG #ifdef QSSLSOCKET_DEBUG
if (keychain) { if (keychain) {
qCDebug(lcSsl) << "Custom keychain with name" << keychainName << "was created" qCDebug(lcSsl) << "Custom keychain with name" << keychainName << "was created"