DTLS: load roots from system stores only if allowed
Respect allowRootCertOnDemandLoading, as it's done in QSslSocket (well, almost as in QSslSocket). Change-Id: Ic6cbb24a91e92cdb20f5f749553f15a62aae8b02 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>bb10
parent
b58da27aef
commit
c5bde010ea
|
|
@ -369,6 +369,7 @@ void QDtlsBasePrivate::setConfiguration(const QSslConfiguration &configuration)
|
|||
dtlsConfiguration.nextNegotiatedProtocol = configuration.nextNegotiatedProtocol();
|
||||
dtlsConfiguration.nextProtocolNegotiationStatus = configuration.nextProtocolNegotiationStatus();
|
||||
dtlsConfiguration.dtlsCookieEnabled = configuration.dtlsCookieVerificationEnabled();
|
||||
dtlsConfiguration.allowRootCertOnDemandLoading = configuration.d->allowRootCertOnDemandLoading;
|
||||
|
||||
clearDtlsError();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -732,11 +732,9 @@ bool DtlsState::initCtxAndConnection(QDtlsBasePrivate *dtlsBase)
|
|||
configurationCopy->ref.store(0); // the QSslConfiguration constructor refs up
|
||||
|
||||
// DTLSTODO: check we do not set something DTLS-incompatible there ...
|
||||
// 'true' - means load root certs on-demand loading - double check how this
|
||||
// expected to be done (QSslSocket).
|
||||
TlsContext newContext(QSslContext::sharedFromConfiguration(dtlsBase->mode,
|
||||
configurationCopy,
|
||||
true));
|
||||
dtlsBase->dtlsConfiguration.allowRootCertOnDemandLoading));
|
||||
|
||||
if (newContext->error() != QSslError::NoError) {
|
||||
dtlsBase->setDtlsError(QDtlsError::TlsInitializationError, newContext->errorString());
|
||||
|
|
|
|||
Loading…
Reference in New Issue