1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

QSslCertificate (generic) fill the extension's variant map

Browse Source 
When parsing subjectAltName extension to make it more like OpenSSL
counterpart.

Fixes: QTBUG-86830
Change-Id: If1a4e72ee0b19f2cf40aa53632f9ec1468178c3b
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
This commit is contained in:
Timur Pocheptsov 2020-10-15 13:08:59 +02:00
parent 1ccd99187c
commit aa6b865899
1 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/network/ssl/qsslcertificate_qt.cpp
View File

@ -402,10 +402,18 @@ bool QSslCertificatePrivate::parse(const QByteArray &data)
QSslCertificateExtension extension; QSslCertificateExtension extension;
if (!parseExtension(elem.value(), &extension)) if (!parseExtension(elem.value(), &extension))
return false; return false;
extensions << extension;
if (extension.oid() == QLatin1String("2.5.29.17")) { if (extension.oid() == QLatin1String("2.5.29.17")) {
// subjectAltName // subjectAltName
// Note, parseExtension() returns true for this extensions,
// but considers it to be unsupported and assignes a useless
// value. OpenSSL also treats this extension as unsupported,
// but properly creates a map with 'name' and 'value' taken
// from the extension. We only support 'email', 'IP' and 'DNS',
// but this is what our subjectAlternativeNames map can contain
// anyway.
QVariantMap extValue;
QAsn1Element sanElem; QAsn1Element sanElem;
if (sanElem.read(extension.value().toByteArray()) && sanElem.type() == QAsn1Element::SequenceType) { if (sanElem.read(extension.value().toByteArray()) && sanElem.type() == QAsn1Element::SequenceType) {
QDataStream nameStream(sanElem.value()); QDataStream nameStream(sanElem.value());
@ -414,9 +422,11 @@ bool QSslCertificatePrivate::parse(const QByteArray &data)
switch (nameElem.type()) { switch (nameElem.type()) {
case QAsn1Element::Rfc822NameType: case QAsn1Element::Rfc822NameType:
subjectAlternativeNames.insert(QSsl::EmailEntry, nameElem.toString()); subjectAlternativeNames.insert(QSsl::EmailEntry, nameElem.toString());
extValue[QStringLiteral("email")] = nameElem.toString();
break; break;
case QAsn1Element::DnsNameType: case QAsn1Element::DnsNameType:
subjectAlternativeNames.insert(QSsl::DnsEntry, nameElem.toString()); subjectAlternativeNames.insert(QSsl::DnsEntry, nameElem.toString());
extValue[QStringLiteral("DNS")] = nameElem.toString();
break; break;
case QAsn1Element::IpAddressType: { case QAsn1Element::IpAddressType: {
QHostAddress ipAddress; QHostAddress ipAddress;
@ -431,16 +441,22 @@ bool QSslCertificatePrivate::parse(const QByteArray &data)
default: // Unknown IP address format default: // Unknown IP address format
break; break;
} }
if (!ipAddress.isNull()) if (!ipAddress.isNull()) {
subjectAlternativeNames.insert(QSsl::IpAddressEntry, ipAddress.toString()); subjectAlternativeNames.insert(QSsl::IpAddressEntry, ipAddress.toString());
extValue[QStringLiteral("IP")] = ipAddress.toString();
}
break; break;
} }
default: default:
break; break;
} }
} }
extension.d->value = extValue;
extension.d->supported = true;
} }
} }
extensions << extension;
} }
} }
} }