summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Hartmann <peter.hartmann@nokia.com>2010-09-28 12:56:54 (GMT)
committerPeter Hartmann <peter.hartmann@nokia.com>2010-09-28 14:32:23 (GMT)
commit4f1235af805d6ec947730e33d270c30d298e51dc (patch)
treed7bf126b3377378372b46b68c6ad8d9a3e9f2b25
parent02de74f0b2d443e410154e96321357cfe2ef9aad (diff)
downloadQt-4f1235af805d6ec947730e33d270c30d298e51dc.zip
Qt-4f1235af805d6ec947730e33d270c30d298e51dc.tar.gz
Qt-4f1235af805d6ec947730e33d270c30d298e51dc.tar.bz2
QSslSocket speed up loading of system certificates on Unix (not Mac)
... by only reading in a certificate once. Before, we were adding all files from all directories; since they often contained symlinks, the same certificate was added several times. Reviewed-by: Markus Goetz Reviewed-by: Thiago Macieira Task-number: QTBUG-14013
-rw-r--r--src/network/ssl/qsslsocket.cpp2
-rw-r--r--src/network/ssl/qsslsocket_openssl.cpp37
2 files changed, 30 insertions, 9 deletions
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index f18c629..c9f421f 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -1354,7 +1354,7 @@ QList<QSslCertificate> QSslSocket::defaultCaCertificates()
*/
QList<QSslCertificate> QSslSocket::systemCaCertificates()
{
- QSslSocketPrivate::ensureInitialized();
+ // we are calling ensureInitialized() in the method below
return QSslSocketPrivate::systemCaCertificates();
}
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 5033393..cd224df 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -772,14 +772,35 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
}
}
#elif defined(Q_OS_UNIX) && !defined(Q_OS_SYMBIAN)
- systemCerts.append(QSslCertificate::fromPath(QLatin1String("/var/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // AIX
- systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Solaris
- systemCerts.append(QSslCertificate::fromPath(QLatin1String("/opt/openssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // HP-UX
- systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // (K)ubuntu, OpenSUSE, Mandriva, ...
- systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora
- systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/lib/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Gentoo, Mandrake
- systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/share/ssl/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Centos, Redhat, SuSE
- systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Normal OpenSSL Tarball
+ QSet<QString> certFiles;
+ QList<QByteArray> directories;
+ directories << "/etc/ssl/certs/"; // (K)ubuntu, OpenSUSE, Mandriva, MeeGo ...
+ directories << "/usr/lib/ssl/certs/"; // Gentoo, Mandrake
+ directories << "/usr/share/ssl/"; // Centos, Redhat, SuSE
+ directories << "/usr/local/ssl/"; // Normal OpenSSL Tarball
+ directories << "/var/ssl/certs/"; // AIX
+ directories << "/usr/local/ssl/certs/"; // Solaris
+ directories << "/opt/openssl/certs/"; // HP-UX
+
+ QDir currentDir;
+ QStringList nameFilters;
+ nameFilters << QLatin1String("*.pem") << QLatin1String("*.crt");
+ currentDir.setNameFilters(nameFilters);
+ for (int a = 0; a < directories.count(); a++) {
+ currentDir.setPath(QLatin1String(directories.at(a)));
+ QDirIterator it(currentDir);
+ while(it.hasNext()) {
+ it.next();
+ // use canonical path here to not load the same certificate twice if symlinked
+ certFiles.insert(it.fileInfo().canonicalFilePath());
+ }
+ }
+ QSetIterator<QString> it(certFiles);
+ while(it.hasNext()) {
+ systemCerts.append(QSslCertificate::fromPath(it.next()));
+ }
+ systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora, Mandriva
+
#elif defined(Q_OS_SYMBIAN)
QList<QByteArray> certs;
QScopedPointer<CSymbianCertificateRetriever> retriever(CSymbianCertificateRetriever::NewL());