DTLS: load roots from system stores only if allowed

Respect allowRootCertOnDemandLoading, as it's done in QSslSocket (well,
almost as in QSslSocket).

Change-Id: Ic6cbb24a91e92cdb20f5f749553f15a62aae8b02
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
bb10
Timur Pocheptsov 2018-08-15 09:38:58 +02:00
parent b58da27aef
commit c5bde010ea
2 changed files with 2 additions and 3 deletions

View File

@ -369,6 +369,7 @@ void QDtlsBasePrivate::setConfiguration(const QSslConfiguration &configuration)
dtlsConfiguration.nextNegotiatedProtocol = configuration.nextNegotiatedProtocol();
dtlsConfiguration.nextProtocolNegotiationStatus = configuration.nextProtocolNegotiationStatus();
dtlsConfiguration.dtlsCookieEnabled = configuration.dtlsCookieVerificationEnabled();
dtlsConfiguration.allowRootCertOnDemandLoading = configuration.d->allowRootCertOnDemandLoading;
clearDtlsError();
}

View File

@ -732,11 +732,9 @@ bool DtlsState::initCtxAndConnection(QDtlsBasePrivate *dtlsBase)
configurationCopy->ref.store(0); // the QSslConfiguration constructor refs up
// DTLSTODO: check we do not set something DTLS-incompatible there ...
// 'true' - means load root certs on-demand loading - double check how this
// expected to be done (QSslSocket).
TlsContext newContext(QSslContext::sharedFromConfiguration(dtlsBase->mode,
configurationCopy,
true));
dtlsBase->dtlsConfiguration.allowRootCertOnDemandLoading));
if (newContext->error() != QSslError::NoError) {
dtlsBase->setDtlsError(QDtlsError::TlsInitializationError, newContext->errorString());