1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mark QSslError(SslError error) as explicit

Browse Source 
Currently it is possible to compare a QSslError with a
QSslError::SslError because QSslError has an implicit
constructor. But the comparison often fails because
a QSslError received from the system contains a
certificate.

[ChangeLog][QtNetwork][QSslError] The constructor
QSslError(QSslError::SslError error) is now explicit.

Change-Id: I36cc5895245d3b43ab4b8d65a9635893d6b0e6a4
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This commit is contained in:
Lars Schmertmann 2020-07-13 12:43:44 +02:00
parent 3938d93222
commit af1544bda2
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/network/ssl/qsslerror.h
View File

@ -100,7 +100,7 @@ public:
// RVCT compiler in debug build does not like about default values in const-
// So as an workaround we define all constructor overloads here explicitly
QSslError();
QSslError(SslError error);
explicit QSslError(SslError error);
QSslError(SslError error, const QSslCertificate &certificate);
QSslError(const QSslError &other);

10
src/network/ssl/qsslsocket_openssl.cpp
View File

@ -468,7 +468,7 @@ QSslErrorEntry QSslErrorEntry::fromStoreContext(X509_STORE_CTX *ctx)
#if QT_CONFIG(ocsp)
QSslError qt_OCSP_response_status_to_QSslError(long code)
QSslError::SslError qt_OCSP_response_status_to_SslError(long code)
{
switch (code) {
case OCSP_RESPONSE_STATUS_MALFORMEDREQUEST:
@ -1827,7 +1827,7 @@ bool QSslSocketBackendPrivate::checkOcspStatus()
const unsigned char *responseData = nullptr;
const long responseLength = q_SSL_get_tlsext_status_ocsp_resp(ssl, &responseData);
if (responseLength <= 0 || !responseData) {
ocspErrors.push_back(QSslError::OcspNoResponseFound);
ocspErrors.push_back(QSslError(QSslError::OcspNoResponseFound));
return false;
}
@ -1842,7 +1842,7 @@ bool QSslSocketBackendPrivate::checkOcspStatus()
const int ocspStatus = q_OCSP_response_status(response);
if (ocspStatus != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
// It's not a definitive response, it's an error message (not signed by the responder).
ocspErrors.push_back(qt_OCSP_response_status_to_QSslError(ocspStatus));
ocspErrors.push_back(QSslError(qt_OCSP_response_status_to_SslError(ocspStatus)));
return false;
}
@ -1884,10 +1884,10 @@ bool QSslSocketBackendPrivate::checkOcspStatus()
const unsigned long verificationFlags = 0;
const int success = q_OCSP_basic_verify(basicResponse, peerChain, store, verificationFlags);
if (success <= 0)
ocspErrors.push_back(QSslError::OcspResponseCannotBeTrusted);
ocspErrors.push_back(QSslError(QSslError::OcspResponseCannotBeTrusted));
if (q_OCSP_resp_count(basicResponse) != 1) {
ocspErrors.push_back(QSslError::OcspMalformedResponse);
ocspErrors.push_back(QSslError(QSslError::OcspMalformedResponse));
return false;
}