QSslCertificate (generic) fill the extension's variant map

When parsing subjectAltName extension to make it more like OpenSSL counterpart. Fixes: QTBUG-86830 Change-Id: If1a4e72ee0b19f2cf40aa53632f9ec1468178c3b Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-10-15 13:08:59 +02:00 · 2020-10-15 13:08:59 +02:00 · aa6b865899
commit aa6b865899
parent 1ccd99187c
1 changed files with 18 additions and 2 deletions
--- a/src/network/ssl/qsslcertificate_qt.cpp
+++ b/src/network/ssl/qsslcertificate_qt.cpp
@ -402,10 +402,18 @@ bool QSslCertificatePrivate::parse(const QByteArray &data)
                    QSslCertificateExtension extension;
                    if (!parseExtension(elem.value(), &extension))
                        return false;
-                    extensions << extension;

                    if (extension.oid() == QLatin1String("2.5.29.17")) {
                        // subjectAltName
+
+                        // Note, parseExtension() returns true for this extensions,
+                        // but considers it to be unsupported and assignes a useless
+                        // value. OpenSSL also treats this extension as unsupported,
+                        // but properly creates a map with 'name' and 'value' taken
+                        // from the extension. We only support 'email', 'IP' and 'DNS',
+                        // but this is what our subjectAlternativeNames map can contain
+                        // anyway.
+                        QVariantMap extValue;
                        QAsn1Element sanElem;
                        if (sanElem.read(extension.value().toByteArray()) && sanElem.type() == QAsn1Element::SequenceType) {
                            QDataStream nameStream(sanElem.value());
@ -414,9 +422,11 @@ bool QSslCertificatePrivate::parse(const QByteArray &data)
                                switch (nameElem.type()) {
                                case QAsn1Element::Rfc822NameType:
                                    subjectAlternativeNames.insert(QSsl::EmailEntry, nameElem.toString());
+                                    extValue[QStringLiteral("email")] = nameElem.toString();
                                    break;
                                case QAsn1Element::DnsNameType:
                                    subjectAlternativeNames.insert(QSsl::DnsEntry, nameElem.toString());
+                                    extValue[QStringLiteral("DNS")] = nameElem.toString();
                                    break;
                                case QAsn1Element::IpAddressType: {
                                    QHostAddress ipAddress;
@ -431,16 +441,22 @@ bool QSslCertificatePrivate::parse(const QByteArray &data)
                                    default: // Unknown IP address format
                                        break;
                                    }
-                                    if (!ipAddress.isNull())
+                                    if (!ipAddress.isNull()) {
                                        subjectAlternativeNames.insert(QSsl::IpAddressEntry, ipAddress.toString());
+                                        extValue[QStringLiteral("IP")] = ipAddress.toString();
+                                    }
                                    break;
                                }
                                default:
                                    break;
                                }
                            }
+                            extension.d->value = extValue;
+                            extension.d->supported = true;
                        }
                    }
+
+                    extensions << extension;
                }
            }
        }