1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deprecate QSslCertificate::isValid() replace with isBlacklisted()

Browse Source 
Currently isValid wrongly gives the impression it checks a certificate
for validity - it doesn't. It merely checks if the certificate dates
are valid and if the certificate is blacklisted. Since it's already
easy for users to check the dates, let's just give them access to the
ability to check for blacklisting.

Change-Id: I25be3bde6a01063034702a9574b28469bf4882cd
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
This commit is contained in:
Richard Moore 2011-11-11 23:08:42 +00:00 committed by Qt by Nokia
parent fd3d7429b2
commit e66d3d9899
5 changed files with 39 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
dist/changes-5.0.0 vendored
View File

@ -11,9 +11,14 @@ information about a particular change.
* Source incompatible changes * * Source incompatible changes *
**************************************************************************** ****************************************************************************
- QSslCertificate::subjectInfo() and QSslCertificate::issuerInfo() now - QSslCertificate::subjectInfo() and QSslCertificate::issuerInfo() now
return a QStringList instead of a QString return a QStringList instead of a QString
- QSslCertificate::isValid() has been deprecated. Originally it only checked
the certificate dates, but later checking for blacklisting was added. Now
there's a more specific QSslCertificate::isBlacklisted() method.
- Unite clipping support has been removed from QPainter. The alternative is - Unite clipping support has been removed from QPainter. The alternative is
to unite QRegion's and using the result on QPainter. to unite QRegion's and using the result on QPainter.

29
src/network/ssl/qsslcertificate.cpp
View File

@ -62,11 +62,10 @@
a DER (binary) or PEM (Base64) encoded bundle, typically stored as a DER (binary) or PEM (Base64) encoded bundle, typically stored as
one or more local files, or in a Qt Resource. one or more local files, or in a Qt Resource.
You can call isNull() to check if your certificate is null. By You can call isNull() to check if your certificate is null. By default,
default, QSslCertificate constructs a null certificate. To check QSslCertificate constructs a null certificate. A null certificate is
if the certificate is valid, call isValid(). A null certificate is invalid, but an invalid certificate is not necessarily null. If you want
invalid, but an invalid certificate is not necessarily null. If to reset all contents in a certificate, call clear().
you want to reset all contents in a certificate, call clear().
After loading a certificate, you can find information about the After loading a certificate, you can find information about the
certificate, its subject, and its issuer, by calling one of the certificate, its subject, and its issuer, by calling one of the
@ -212,14 +211,17 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const
By default, QSslCertificate constructs a null certificate. By default, QSslCertificate constructs a null certificate.
\sa isValid(), clear() \sa clear()
*/ */
bool QSslCertificate::isNull() const bool QSslCertificate::isNull() const
{ {
return d->null; return d->null;
} }
#if QT_DEPRECATED_SINCE(5,0)
/*! /*!
\fn bool QSslCertificate::isValid() const
Returns true if this certificate is valid; otherwise returns Returns true if this certificate is valid; otherwise returns
false. false.
@ -230,12 +232,17 @@ bool QSslCertificate::isNull() const
\sa isNull() \sa isNull()
*/ */
bool QSslCertificate::isValid() const #endif
/*!
Returns true if this certificate is blacklisted; otherwise
returns false.
\sa isNull()
*/
bool QSslCertificate::isBlacklisted() const
{ {
const QDateTime currentTime = QDateTime::currentDateTime(); return QSslCertificatePrivate::isBlacklisted(*this);
return currentTime >= d->notValidBefore &&
currentTime <= d->notValidAfter &&
! QSslCertificatePrivate::isBlacklisted(*this);
} }
/*! /*!

11
src/network/ssl/qsslcertificate.h
View File

@ -46,6 +46,7 @@
#include <QtCore/qnamespace.h> #include <QtCore/qnamespace.h>
#include <QtCore/qbytearray.h> #include <QtCore/qbytearray.h>
#include <QtCore/qcryptographichash.h> #include <QtCore/qcryptographichash.h>
#include <QtCore/qdatetime.h>
#include <QtCore/qregexp.h> #include <QtCore/qregexp.h>
#include <QtCore/qsharedpointer.h> #include <QtCore/qsharedpointer.h>
#include <QtCore/qmap.h> #include <QtCore/qmap.h>
@ -94,7 +95,15 @@ public:
inline bool operator!=(const QSslCertificate &other) const { return !operator==(other); } inline bool operator!=(const QSslCertificate &other) const { return !operator==(other); }
bool isNull() const; bool isNull() const;
bool isValid() const; #if QT_DEPRECATED_SINCE(5,0)
QT_DEPRECATED inline bool isValid() const {
const QDateTime currentTime = QDateTime::currentDateTime();
return currentTime >= effectiveDate() &&
currentTime <= expiryDate() &&
!isBlacklisted();
}
#endif
bool isBlacklisted() const;
void clear(); void clear();
// Certificate info // Certificate info

4
src/network/ssl/qsslsocket_openssl.cpp
View File

@ -336,7 +336,7 @@ init_context:
foreach (const QSslCertificate &caCertificate, q->caCertificates()) { foreach (const QSslCertificate &caCertificate, q->caCertificates()) {
// add expired certs later, so that the // add expired certs later, so that the
// valid ones are used before the expired ones // valid ones are used before the expired ones
if (! caCertificate.isValid()) { if (caCertificate.expiryDate() > QDateTime::currentDateTime()) {
expiredCerts.append(caCertificate); expiredCerts.append(caCertificate);
} else { } else {
q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle())); q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle()));
@ -1533,7 +1533,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(QList<QSslCertificate> certifi
foreach (const QSslCertificate &caCertificate, QSslSocket::defaultCaCertificates()) { foreach (const QSslCertificate &caCertificate, QSslSocket::defaultCaCertificates()) {
// add expired certs later, so that the // add expired certs later, so that the
// valid ones are used before the expired ones // valid ones are used before the expired ones
if (!caCertificate.isValid()) { if (caCertificate.expiryDate() > QDateTime::currentDateTime()) {
expiredCerts.append(caCertificate); expiredCerts.append(caCertificate);
} else { } else {
q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle())); q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle()));

8
tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp
View File

@ -193,7 +193,7 @@ void tst_QSslCertificate::emptyConstructor()
QSslCertificate certificate; QSslCertificate certificate;
QVERIFY(certificate.isNull()); QVERIFY(certificate.isNull());
//make sure none of the functions crash (task 203035) //make sure none of the functions crash (task 203035)
QVERIFY(!certificate.isValid()); QVERIFY(!certificate.isBlacklisted());
QCOMPARE(certificate.version() , QByteArray()); QCOMPARE(certificate.version() , QByteArray());
QCOMPARE(certificate.serialNumber(), QByteArray()); QCOMPARE(certificate.serialNumber(), QByteArray());
QCOMPARE(certificate.digest(), QCryptographicHash::hash(QByteArray(), QCryptographicHash::Md5)); QCOMPARE(certificate.digest(), QCryptographicHash::hash(QByteArray(), QCryptographicHash::Md5));
@ -256,7 +256,7 @@ void tst_QSslCertificate::compareCertificates(
{ {
QCOMPARE(cert1.isNull(), cert2.isNull()); QCOMPARE(cert1.isNull(), cert2.isNull());
// Note: in theory, the next line could fail even if the certificates are identical! // Note: in theory, the next line could fail even if the certificates are identical!
QCOMPARE(cert1.isValid(), cert2.isValid()); QCOMPARE(cert1.isBlacklisted(), cert2.isBlacklisted());
QCOMPARE(cert1.version(), cert2.version()); QCOMPARE(cert1.version(), cert2.version());
QCOMPARE(cert1.serialNumber(), cert2.serialNumber()); QCOMPARE(cert1.serialNumber(), cert2.serialNumber());
QCOMPARE(cert1.digest(), cert2.digest()); QCOMPARE(cert1.digest(), cert2.digest());
@ -723,7 +723,7 @@ void tst_QSslCertificate::certInfo()
QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2007, 4, 17), QTime(7,40,26), Qt::UTC)); QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2007, 4, 17), QTime(7,40,26), Qt::UTC));
QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2007, 5, 17), QTime(7,40,26), Qt::UTC)); QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2007, 5, 17), QTime(7,40,26), Qt::UTC));
QVERIFY(!cert.isValid()); // cert has expired QVERIFY(cert.expiryDate() < QDateTime::currentDateTime()); // cert has expired
QSslCertificate copy = cert; QSslCertificate copy = cert;
QVERIFY(cert == copy); QVERIFY(cert == copy);
@ -849,7 +849,7 @@ void tst_QSslCertificate::blacklistedCertificates()
QList<QSslCertificate> blacklistedCerts = QSslCertificate::fromPath("more-certificates/blacklisted*.pem", QSsl::Pem, QRegExp::Wildcard); QList<QSslCertificate> blacklistedCerts = QSslCertificate::fromPath("more-certificates/blacklisted*.pem", QSsl::Pem, QRegExp::Wildcard);
QVERIFY2(blacklistedCerts.count() > 0, "Please run this test from the source directory"); QVERIFY2(blacklistedCerts.count() > 0, "Please run this test from the source directory");
for (int a = 0; a < blacklistedCerts.count(); a++) { for (int a = 0; a < blacklistedCerts.count(); a++) {
QVERIFY(! blacklistedCerts.at(a).isValid()); QVERIFY(blacklistedCerts.at(a).isBlacklisted());
} }
} }