diff options
author | Peter Hartmann <peter.hartmann@nokia.com> | 2010-09-28 12:56:54 (GMT) |
---|---|---|
committer | Peter Hartmann <peter.hartmann@nokia.com> | 2010-09-28 14:32:23 (GMT) |
commit | 4f1235af805d6ec947730e33d270c30d298e51dc (patch) | |
tree | d7bf126b3377378372b46b68c6ad8d9a3e9f2b25 | |
parent | 02de74f0b2d443e410154e96321357cfe2ef9aad (diff) | |
download | Qt-4f1235af805d6ec947730e33d270c30d298e51dc.zip Qt-4f1235af805d6ec947730e33d270c30d298e51dc.tar.gz Qt-4f1235af805d6ec947730e33d270c30d298e51dc.tar.bz2 |
QSslSocket speed up loading of system certificates on Unix (not Mac)
... by only reading in a certificate once. Before, we were adding all
files from all directories; since they often contained symlinks, the
same certificate was added several times.
Reviewed-by: Markus Goetz
Reviewed-by: Thiago Macieira
Task-number: QTBUG-14013
-rw-r--r-- | src/network/ssl/qsslsocket.cpp | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 37 |
2 files changed, 30 insertions, 9 deletions
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index f18c629..c9f421f 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -1354,7 +1354,7 @@ QList<QSslCertificate> QSslSocket::defaultCaCertificates() */ QList<QSslCertificate> QSslSocket::systemCaCertificates() { - QSslSocketPrivate::ensureInitialized(); + // we are calling ensureInitialized() in the method below return QSslSocketPrivate::systemCaCertificates(); } diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 5033393..cd224df 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -772,14 +772,35 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates() } } #elif defined(Q_OS_UNIX) && !defined(Q_OS_SYMBIAN) - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/var/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // AIX - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Solaris - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/opt/openssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // HP-UX - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // (K)ubuntu, OpenSUSE, Mandriva, ... - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/lib/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Gentoo, Mandrake - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/share/ssl/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Centos, Redhat, SuSE - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Normal OpenSSL Tarball + QSet<QString> certFiles; + QList<QByteArray> directories; + directories << "/etc/ssl/certs/"; // (K)ubuntu, OpenSUSE, Mandriva, MeeGo ... + directories << "/usr/lib/ssl/certs/"; // Gentoo, Mandrake + directories << "/usr/share/ssl/"; // Centos, Redhat, SuSE + directories << "/usr/local/ssl/"; // Normal OpenSSL Tarball + directories << "/var/ssl/certs/"; // AIX + directories << "/usr/local/ssl/certs/"; // Solaris + directories << "/opt/openssl/certs/"; // HP-UX + + QDir currentDir; + QStringList nameFilters; + nameFilters << QLatin1String("*.pem") << QLatin1String("*.crt"); + currentDir.setNameFilters(nameFilters); + for (int a = 0; a < directories.count(); a++) { + currentDir.setPath(QLatin1String(directories.at(a))); + QDirIterator it(currentDir); + while(it.hasNext()) { + it.next(); + // use canonical path here to not load the same certificate twice if symlinked + certFiles.insert(it.fileInfo().canonicalFilePath()); + } + } + QSetIterator<QString> it(certFiles); + while(it.hasNext()) { + systemCerts.append(QSslCertificate::fromPath(it.next())); + } + systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora, Mandriva + #elif defined(Q_OS_SYMBIAN) QList<QByteArray> certs; QScopedPointer<CSymbianCertificateRetriever> retriever(CSymbianCertificateRetriever::NewL()); |