diff options
author | Peter Hartmann <peter.hartmann@nokia.com> | 2010-07-06 09:06:40 (GMT) |
---|---|---|
committer | Peter Hartmann <peter.hartmann@nokia.com> | 2010-07-07 14:47:25 (GMT) |
commit | f2187e31de13a6ab8631a9067487dab555f7c2e7 (patch) | |
tree | 050a42109199094040eb41cff0edc64e350edc98 | |
parent | 4337d695410301b97b753231c3b8fc9560a9d4c7 (diff) | |
download | Qt-f2187e31de13a6ab8631a9067487dab555f7c2e7.zip Qt-f2187e31de13a6ab8631a9067487dab555f7c2e7.tar.gz Qt-f2187e31de13a6ab8631a9067487dab555f7c2e7.tar.bz2 |
SSL backend: load libraries for certificates only once
Reviewed-by: Olivier Goffart
-rw-r--r-- | src/network/ssl/qsslsocket.cpp | 6 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 42 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_p.h | 11 |
3 files changed, 30 insertions, 29 deletions
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index f85fa84..809e8aa 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -1849,7 +1849,7 @@ QList<QSslCipher> QSslSocketPrivate::defaultCiphers() */ QList<QSslCipher> QSslSocketPrivate::supportedCiphers() { - QSslSocketPrivate::ensureInitialized(); + QSslSocketPrivate::ensureCertsAndCiphersLoaded(); QMutexLocker locker(&globalData()->mutex); return globalData()->supportedCiphers; } @@ -1879,7 +1879,7 @@ void QSslSocketPrivate::setDefaultSupportedCiphers(const QList<QSslCipher> &ciph */ QList<QSslCertificate> QSslSocketPrivate::defaultCaCertificates() { - QSslSocketPrivate::ensureInitialized(); + QSslSocketPrivate::ensureCertsAndCiphersLoaded(); QMutexLocker locker(&globalData()->mutex); return globalData()->config->caCertificates; } @@ -1962,7 +1962,7 @@ void QSslConfigurationPrivate::setDefaultConfiguration(const QSslConfiguration & */ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPrivate *ptr) { - QSslSocketPrivate::ensureInitialized(); + QSslSocketPrivate::ensureCertsAndCiphersLoaded(); QMutexLocker locker(&globalData()->mutex); const QSslConfigurationPrivate *global = globalData()->config.constData(); diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index d7088ee..b602b29 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -74,8 +74,9 @@ QT_BEGIN_NAMESPACE -bool QSslSocketPrivate::s_libraryLoaded = false; -bool QSslSocketPrivate::s_loadedCiphersAndCerts = false; +bool QSslSocketPrivate::s_initialized = false; +QBasicAtomicInt QSslSocketPrivate::s_CertsAndCiphersLoaded; +Q_GLOBAL_STATIC(QMutex, s_CertsAndCiphersLoadedMutex); // Useful defines #define SSL_ERRORSTR() QString::fromLocal8Bit(q_ERR_error_string(q_ERR_get_error(), NULL)) @@ -170,7 +171,7 @@ QSslSocketBackendPrivate::QSslSocketBackendPrivate() session(0) { // Calls SSL_library_init(). - ensureInitialized(); + ensureCertsAndCiphersLoaded(); } QSslSocketBackendPrivate::~QSslSocketBackendPrivate() @@ -421,18 +422,18 @@ void QSslSocketPrivate::deinitialize() bool QSslSocketPrivate::supportsSsl() { - return ensureLibraryLoaded(); + return ensureInitialized(); } -bool QSslSocketPrivate::ensureLibraryLoaded() +bool QSslSocketPrivate::ensureInitialized() { if (!q_resolveOpenSslSymbols()) return false; // Check if the library itself needs to be initialized. QMutexLocker locker(openssl_locks()->initLock()); - if (!s_libraryLoaded) { - s_libraryLoaded = true; + if (!s_initialized) { + s_initialized = true; // Initialize OpenSSL. q_CRYPTO_set_id_callback(id_function); @@ -473,16 +474,6 @@ bool QSslSocketPrivate::ensureLibraryLoaded() return true; } -void QSslSocketPrivate::ensureCiphersAndCertsLoaded() -{ - if (s_loadedCiphersAndCerts) - return; - s_loadedCiphersAndCerts = true; - - resetDefaultCiphers(); - setDefaultCaCertificates(systemCaCertificates()); -} - /*! \internal @@ -490,13 +481,18 @@ void QSslSocketPrivate::ensureCiphersAndCertsLoaded() been initialized. */ -void QSslSocketPrivate::ensureInitialized() +void QSslSocketPrivate::ensureCertsAndCiphersLoaded() { - if (!supportsSsl()) + // use double-checked locking to speed up this function + if (s_CertsAndCiphersLoaded) return; - ensureCiphersAndCertsLoaded(); + QMutexLocker locker(s_CertsAndCiphersLoadedMutex()); + if (s_CertsAndCiphersLoaded) + return; + if (!supportsSsl()) + return; //load symbols needed to receive certificates from system store #if defined(Q_OS_MAC) QLibrary securityLib("/System/Library/Frameworks/Security.framework/Versions/Current/Security"); @@ -532,6 +528,12 @@ void QSslSocketPrivate::ensureInitialized() qWarning("could not load crypt32 library"); // should never happen } #endif + resetDefaultCiphers(); + setDefaultCaCertificates(systemCaCertificates()); + // we need to make sure that s_CertsAndCiphersLoaded is executed after the library loading above + // (the compiler/processor might reorder instructions otherwise) + if (!s_CertsAndCiphersLoaded.testAndSetRelease(0, 1)) + Q_ASSERT_X(false, "certificate store", "certificate store has already been initialized!"); } /*! diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h index 72b3ef7..b474175 100644 --- a/src/network/ssl/qsslsocket_p.h +++ b/src/network/ssl/qsslsocket_p.h @@ -63,6 +63,7 @@ #include <QtCore/qstringlist.h> #include <private/qringbuffer_p.h> +#include <QtCore/QMutex> QT_BEGIN_NAMESPACE @@ -113,7 +114,8 @@ public: QString verificationPeerName; static bool supportsSsl(); - static void ensureInitialized(); + static bool ensureInitialized(); + static void ensureCertsAndCiphersLoaded(); static void deinitialize(); static QList<QSslCipher> defaultCiphers(); static QList<QSslCipher> supportedCiphers(); @@ -161,11 +163,8 @@ public: virtual QSslCipher sessionCipher() const = 0; private: - static bool ensureLibraryLoaded(); - static void ensureCiphersAndCertsLoaded(); - - static bool s_libraryLoaded; - static bool s_loadedCiphersAndCerts; + static bool s_initialized; + static QBasicAtomicInt s_CertsAndCiphersLoaded; }; QT_END_NAMESPACE |