summaryrefslogtreecommitdiffstats
path: root/src/network/ssl
diff options
context:
space:
mode:
authorPeter Hartmann <peter.hartmann@nokia.com>2010-07-09 08:11:13 (GMT)
committerPeter Hartmann <peter.hartmann@nokia.com>2010-07-09 11:41:41 (GMT)
commit230ab8adb281aabc2d0ebf41ade5f2ec7f11e020 (patch)
tree63892d5be891d137af9fdd9c7a6e46be5d68800c /src/network/ssl
parentad0e8a48eade0b2cdcf10a68f36d911784ff03ab (diff)
downloadQt-230ab8adb281aabc2d0ebf41ade5f2ec7f11e020.zip
Qt-230ab8adb281aabc2d0ebf41ade5f2ec7f11e020.tar.gz
Qt-230ab8adb281aabc2d0ebf41ade5f2ec7f11e020.tar.bz2
Revert "SSL backend: load libraries for certificates only once"
This reverts commit f2187e31de13a6ab8631a9067487dab555f7c2e7. Reviewed-by: Markus Goetz
Diffstat (limited to 'src/network/ssl')
-rw-r--r--src/network/ssl/qsslsocket.cpp6
-rw-r--r--src/network/ssl/qsslsocket_openssl.cpp42
-rw-r--r--src/network/ssl/qsslsocket_p.h11
3 files changed, 29 insertions, 30 deletions
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index 809e8aa..f85fa84 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -1849,7 +1849,7 @@ QList<QSslCipher> QSslSocketPrivate::defaultCiphers()
*/
QList<QSslCipher> QSslSocketPrivate::supportedCiphers()
{
- QSslSocketPrivate::ensureCertsAndCiphersLoaded();
+ QSslSocketPrivate::ensureInitialized();
QMutexLocker locker(&globalData()->mutex);
return globalData()->supportedCiphers;
}
@@ -1879,7 +1879,7 @@ void QSslSocketPrivate::setDefaultSupportedCiphers(const QList<QSslCipher> &ciph
*/
QList<QSslCertificate> QSslSocketPrivate::defaultCaCertificates()
{
- QSslSocketPrivate::ensureCertsAndCiphersLoaded();
+ QSslSocketPrivate::ensureInitialized();
QMutexLocker locker(&globalData()->mutex);
return globalData()->config->caCertificates;
}
@@ -1962,7 +1962,7 @@ void QSslConfigurationPrivate::setDefaultConfiguration(const QSslConfiguration &
*/
void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPrivate *ptr)
{
- QSslSocketPrivate::ensureCertsAndCiphersLoaded();
+ QSslSocketPrivate::ensureInitialized();
QMutexLocker locker(&globalData()->mutex);
const QSslConfigurationPrivate *global = globalData()->config.constData();
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index b602b29..d7088ee 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -74,9 +74,8 @@
QT_BEGIN_NAMESPACE
-bool QSslSocketPrivate::s_initialized = false;
-QBasicAtomicInt QSslSocketPrivate::s_CertsAndCiphersLoaded;
-Q_GLOBAL_STATIC(QMutex, s_CertsAndCiphersLoadedMutex);
+bool QSslSocketPrivate::s_libraryLoaded = false;
+bool QSslSocketPrivate::s_loadedCiphersAndCerts = false;
// Useful defines
#define SSL_ERRORSTR() QString::fromLocal8Bit(q_ERR_error_string(q_ERR_get_error(), NULL))
@@ -171,7 +170,7 @@ QSslSocketBackendPrivate::QSslSocketBackendPrivate()
session(0)
{
// Calls SSL_library_init().
- ensureCertsAndCiphersLoaded();
+ ensureInitialized();
}
QSslSocketBackendPrivate::~QSslSocketBackendPrivate()
@@ -422,18 +421,18 @@ void QSslSocketPrivate::deinitialize()
bool QSslSocketPrivate::supportsSsl()
{
- return ensureInitialized();
+ return ensureLibraryLoaded();
}
-bool QSslSocketPrivate::ensureInitialized()
+bool QSslSocketPrivate::ensureLibraryLoaded()
{
if (!q_resolveOpenSslSymbols())
return false;
// Check if the library itself needs to be initialized.
QMutexLocker locker(openssl_locks()->initLock());
- if (!s_initialized) {
- s_initialized = true;
+ if (!s_libraryLoaded) {
+ s_libraryLoaded = true;
// Initialize OpenSSL.
q_CRYPTO_set_id_callback(id_function);
@@ -474,6 +473,16 @@ bool QSslSocketPrivate::ensureInitialized()
return true;
}
+void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
+{
+ if (s_loadedCiphersAndCerts)
+ return;
+ s_loadedCiphersAndCerts = true;
+
+ resetDefaultCiphers();
+ setDefaultCaCertificates(systemCaCertificates());
+}
+
/*!
\internal
@@ -481,18 +490,13 @@ bool QSslSocketPrivate::ensureInitialized()
been initialized.
*/
-void QSslSocketPrivate::ensureCertsAndCiphersLoaded()
+void QSslSocketPrivate::ensureInitialized()
{
- // use double-checked locking to speed up this function
- if (s_CertsAndCiphersLoaded)
+ if (!supportsSsl())
return;
- QMutexLocker locker(s_CertsAndCiphersLoadedMutex());
- if (s_CertsAndCiphersLoaded)
- return;
+ ensureCiphersAndCertsLoaded();
- if (!supportsSsl())
- return;
//load symbols needed to receive certificates from system store
#if defined(Q_OS_MAC)
QLibrary securityLib("/System/Library/Frameworks/Security.framework/Versions/Current/Security");
@@ -528,12 +532,6 @@ void QSslSocketPrivate::ensureCertsAndCiphersLoaded()
qWarning("could not load crypt32 library"); // should never happen
}
#endif
- resetDefaultCiphers();
- setDefaultCaCertificates(systemCaCertificates());
- // we need to make sure that s_CertsAndCiphersLoaded is executed after the library loading above
- // (the compiler/processor might reorder instructions otherwise)
- if (!s_CertsAndCiphersLoaded.testAndSetRelease(0, 1))
- Q_ASSERT_X(false, "certificate store", "certificate store has already been initialized!");
}
/*!
diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
index b474175..72b3ef7 100644
--- a/src/network/ssl/qsslsocket_p.h
+++ b/src/network/ssl/qsslsocket_p.h
@@ -63,7 +63,6 @@
#include <QtCore/qstringlist.h>
#include <private/qringbuffer_p.h>
-#include <QtCore/QMutex>
QT_BEGIN_NAMESPACE
@@ -114,8 +113,7 @@ public:
QString verificationPeerName;
static bool supportsSsl();
- static bool ensureInitialized();
- static void ensureCertsAndCiphersLoaded();
+ static void ensureInitialized();
static void deinitialize();
static QList<QSslCipher> defaultCiphers();
static QList<QSslCipher> supportedCiphers();
@@ -163,8 +161,11 @@ public:
virtual QSslCipher sessionCipher() const = 0;
private:
- static bool s_initialized;
- static QBasicAtomicInt s_CertsAndCiphersLoaded;
+ static bool ensureLibraryLoaded();
+ static void ensureCiphersAndCertsLoaded();
+
+ static bool s_libraryLoaded;
+ static bool s_loadedCiphersAndCerts;
};
QT_END_NAMESPACE