diff --git a/src/network/ssl/qsslkey_openssl.cpp b/src/network/ssl/qsslkey_openssl.cpp index 79df33eccab..26119023d14 100644 --- a/src/network/ssl/qsslkey_openssl.cpp +++ b/src/network/ssl/qsslkey_openssl.cpp @@ -84,6 +84,9 @@ void QSslKeyPrivate::clear(bool deep) bool QSslKeyPrivate::fromEVP_PKEY(EVP_PKEY *pkey) { + if (pkey == nullptr) + return false; + if (pkey->type == EVP_PKEY_RSA) { isNull = false; algorithm = QSsl::Rsa; diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 644dfdb6a89..ab82cdcfc9a 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1805,7 +1805,7 @@ bool QSslSocketBackendPrivate::importPkcs12(QIODevice *device, } // Extract the data - EVP_PKEY *pkey; + EVP_PKEY *pkey = nullptr; X509 *x509; STACK_OF(X509) *ca = 0; diff --git a/tests/auto/network/ssl/qsslcertificate/pkcs12/README b/tests/auto/network/ssl/qsslcertificate/pkcs12/README index 1828d089c1c..231567f5863 100644 --- a/tests/auto/network/ssl/qsslcertificate/pkcs12/README +++ b/tests/auto/network/ssl/qsslcertificate/pkcs12/README @@ -1,8 +1,19 @@ -The PKCS#12 bundle was created by running the following on -in the qsslsocket/certs directory: +The PKCS#12 bundle was created by running the following in an +interactive shell in ../../qsslsocket/certs/: -openssl pkcs12 -export -in leaf.crt -inkey leaf.key \ - -out leaf.p12 \ +openssl pkcs12 -export -in leaf.crt \ + -inkey leaf.key -out leaf.p12 \ -certfile inter.crt -CAfile ca.crt -No password was provided. +An empty password was provided (twice). The pkcs.crt and pkcs.key +files were then copied here and leaf.p12 was moved here. + + +The test-case with no private key (in a valid PKCS12 file) was created +similarly but with the command adjusted to: + +openssl pkcs12 -export -in leaf.crt \ + -nokeys -out leaf-nokey.p12 \ + -certfile inter.crt -CAfile ca.crt + +The file leaf-nokey.p12 was then moved here. diff --git a/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf-nokey.p12 b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf-nokey.p12 new file mode 100644 index 00000000000..032bf97b1b5 Binary files /dev/null and b/tests/auto/network/ssl/qsslcertificate/pkcs12/leaf-nokey.p12 differ diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp index fced638ecb5..064efc120bd 100644 --- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp @@ -1308,6 +1308,7 @@ void tst_QSslCertificate::version() void tst_QSslCertificate::pkcs12() { + // See pkcs12/README for how to generate the PKCS12 files used here. if (!QSslSocket::supportsSsl()) { qWarning("SSL not supported, skipping test"); return; @@ -1349,6 +1350,15 @@ void tst_QSslCertificate::pkcs12() QVERIFY(!caCerts.isEmpty()); QCOMPARE(caCerts.first(), caCert.first()); QCOMPARE(caCerts, caCert); + + // QTBUG-62335 - Fail (found no private key) but don't crash: + QFile nocert(testDataDir + QLatin1String("/pkcs12/leaf-nokey.p12")); + ok = nocert.open(QIODevice::ReadOnly); + QVERIFY(ok); + QTest::ignoreMessage(QtWarningMsg, "Unable to convert private key"); + ok = QSslCertificate::importPkcs12(&nocert, &key, &cert, &caCerts); + QVERIFY(!ok); + nocert.close(); } #endif // QT_NO_SSL