From 920487bf6b4d06ce9fef82e99e262ee0dd7d2ea3 Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Fri, 8 May 2020 12:52:25 +0200 Subject: [PATCH] QSslSocket::setSslSonfiguration - set d.configuration properly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We end up with an absurd situation: QSslConfiguration conf; //we set CA certs so that on demand loading is disabled: conf.setCaCertificates({...}); QSslSocket s; s.setSslConfiguration(conf); Q_ASSERT(conf == s.sslConfiguration); // this assert fails. Pick-to: 5.15 Change-Id: I272bed145434082acc6ead95fe3640d222b21131 Reviewed-by: MÃ¥rten Nordheim --- src/network/ssl/qsslsocket.cpp | 4 +++- .../network/ssl/qsslsocket/tst_qsslsocket.cpp | 20 +++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 5313e97430..5252f3348b 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -1111,8 +1111,10 @@ void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration) // if the CA certificates were set explicitly (either via // QSslConfiguration::setCaCertificates() or QSslSocket::setCaCertificates(), // we cannot load the certificates on demand - if (!configuration.d->allowRootCertOnDemandLoading) + if (!configuration.d->allowRootCertOnDemandLoading) { d->allowRootCertOnDemandLoading = false; + d->configuration.allowRootCertOnDemandLoading = false; + } } /*! diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 8b5b4156bb..79bd4994db 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -151,6 +151,7 @@ public slots: #ifndef QT_NO_SSL private slots: void constructing(); + void configNoOnDemandLoad(); void simpleConnect(); void simpleConnectWithIgnore(); @@ -590,6 +591,25 @@ void tst_QSslSocket::constructing() QSslConfiguration::setDefaultConfiguration(savedDefault); } +void tst_QSslSocket::configNoOnDemandLoad() +{ + QFETCH_GLOBAL(bool, setProxy); + if (setProxy) + return; // NoProxy is enough. + + // We noticed a peculiar situation, where a configuration + // set on a socket is not equal to the configuration we + // get back from the socket afterwards. + auto customConfig = QSslConfiguration::defaultConfiguration(); + // Setting CA certificates disables loading root certificates + // during verification: + customConfig.setCaCertificates(customConfig.caCertificates()); + + QSslSocket socket; + socket.setSslConfiguration(customConfig); + QCOMPARE(customConfig, socket.sslConfiguration()); +} + void tst_QSslSocket::simpleConnect() { if (!QSslSocket::supportsSsl())