Merge branch '4.7' of scm.dev.nokia.troll.no:qt/oslo-staging-1 into 4.7

2 files changed, 7 insertions, 2 deletions

diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index f73068e..91265f3 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -210,7 +210,7 @@
     valid. On failure, QSslSocket will emit the QSslSocket::sslErrors()
     signal. This mode is the default for clients.
 
-    \value AutoVerifyPeer QSslSocket will automaticaly use QueryPeer for
+    \value AutoVerifyPeer QSslSocket will automatically use QueryPeer for
     server sockets and VerifyPeer for client sockets.
 
     \sa QSslSocket::peerVerifyMode()
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index b4d030c..94b1568 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -750,7 +750,7 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
             ptrCertCloseStore(hSystemStore, 0);
         }
     }
-#elif defined(Q_OS_UNIX)
+#elif defined(Q_OS_UNIX) && !defined(Q_OS_SYMBIAN)
     systemCerts.append(QSslCertificate::fromPath(QLatin1String("/var/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // AIX
     systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Solaris
     systemCerts.append(QSslCertificate::fromPath(QLatin1String("/opt/openssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // HP-UX
@@ -1288,6 +1288,11 @@ bool QSslSocketBackendPrivate::isMatchingHostname(const QString &cn, const QStri
     if (hostname.midRef(hostname.indexOf(QLatin1Char('.'))) != cn.midRef(firstCnDot))
         return false;
 
+    // Check if the hostname is an IP address, if so then wildcards are not allowed
+    QHostAddress addr(hostname);
+    if (!addr.isNull())
+        return false;
+
     // Ok, I guess this was a wildcard CN and the hostname matches.
     return true;
 }