diff options
| author | Peter Hartmann <peter.hartmann@nokia.com> | 2011-03-28 13:06:25 (GMT) |
|---|---|---|
| committer | Peter Hartmann <peter.hartmann@nokia.com> | 2011-04-07 13:19:00 (GMT) |
| commit | 4d67ecf8a40ad0669c269091a6e15b157b4090a6 (patch) | |
| tree | 61a1f0a9e0d186ee169c27adc82c3e0bc8a14351 /src/network/ssl | |
| parent | 2310cbe07b8f7de64d47fe825e0f5a49359923d8 (diff) | |
| download | Qt-4d67ecf8a40ad0669c269091a6e15b157b4090a6.zip Qt-4d67ecf8a40ad0669c269091a6e15b157b4090a6.tar.gz Qt-4d67ecf8a40ad0669c269091a6e15b157b4090a6.tar.bz2 | |
SSL code: introduce new error value for blacklisted certificates
improve error reporting by introducing a new enum value in case the
peer certificate is blacklisted.
Reviewed-by: Markus Goetz
Task-number: QTBUG-18338
Diffstat (limited to 'src/network/ssl')
| -rw-r--r-- | src/network/ssl/qsslerror.cpp | 4 | ||||
| -rw-r--r-- | src/network/ssl/qsslerror.h | 1 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 16 |
3 files changed, 14 insertions, 7 deletions
diff --git a/src/network/ssl/qsslerror.cpp b/src/network/ssl/qsslerror.cpp index 198b1f5..ae18b47 100644 --- a/src/network/ssl/qsslerror.cpp +++ b/src/network/ssl/qsslerror.cpp @@ -86,6 +86,7 @@ \value HostNameMismatch \value UnspecifiedError \value NoSslSupport + \value CertificateBlacklisted \sa QSslError::errorString() */ @@ -281,6 +282,9 @@ QString QSslError::errorString() const break; case NoSslSupport: break; + case CertificateBlacklisted: + errStr = QSslSocket::tr("The peer certificate is blacklisted"); + break; default: errStr = QSslSocket::tr("Unknown error"); break; diff --git a/src/network/ssl/qsslerror.h b/src/network/ssl/qsslerror.h index ce4c749..c30c02a 100644 --- a/src/network/ssl/qsslerror.h +++ b/src/network/ssl/qsslerror.h @@ -83,6 +83,7 @@ public: NoPeerCertificate, HostNameMismatch, NoSslSupport, + CertificateBlacklisted, UnspecifiedError = -1 }; diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 1abb295..78a78a2 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1238,16 +1238,18 @@ bool QSslSocketBackendPrivate::startHandshake() X509 *x509 = q_SSL_get_peer_certificate(ssl); configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509); q_X509_free(x509); - if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) { - q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted")); - q->setSocketError(QAbstractSocket::SslHandshakeFailedError); - emit q->error(QAbstractSocket::SslHandshakeFailedError); - plainSocket->disconnectFromHost(); - return false; - } // Start translating errors. QList<QSslError> errors; + + if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) { + QSslError error(QSslError::CertificateBlacklisted, configuration.peerCertificate); + errors << error; + emit q->peerVerifyError(error); + if (q->state() != QAbstractSocket::ConnectedState) + return false; + } + bool doVerifyPeer = configuration.peerVerifyMode == QSslSocket::VerifyPeer || (configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer && mode == QSslSocket::SslClientMode); |