diff options
author | Peter Hartmann <peter.hartmann@nokia.com> | 2011-03-14 14:05:03 (GMT) |
---|---|---|
committer | Peter Hartmann <peter.hartmann@nokia.com> | 2011-03-14 16:48:03 (GMT) |
commit | 1992cdb292d1961d6b210a3c1d2532556d2c9195 (patch) | |
tree | 3b91f7db73b3f8fdd63ab64abb735725b27c0ef9 /src/network/ssl | |
parent | f8f6e15ee3ec0b7aec8421cb5ddaab0ff871e733 (diff) | |
download | Qt-1992cdb292d1961d6b210a3c1d2532556d2c9195.zip Qt-1992cdb292d1961d6b210a3c1d2532556d2c9195.tar.gz Qt-1992cdb292d1961d6b210a3c1d2532556d2c9195.tar.bz2 |
SSL backend: avoid setting SNI hostname for old SSL versions
With this patch, we only use SNI functionality when the SSL version
supports it (meaning when using TLS), otherwise the function call
would trigger a warning.
Reviewed-by: Markus Goetz
Diffstat (limited to 'src/network/ssl')
-rw-r--r-- | src/network/ssl/qssl.h | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 5 |
2 files changed, 5 insertions, 2 deletions
diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h index 7c47361..1980659 100644 --- a/src/network/ssl/qssl.h +++ b/src/network/ssl/qssl.h @@ -75,7 +75,7 @@ namespace QSsl { enum SslProtocol { SslV3, SslV2, - TlsV1, + TlsV1, // ### Qt 5: rename to TlsV1_0 or so AnyProtocol, TlsV1SslV3, SecureProtocols = TlsV1SslV3, diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 8da3bb7..664fce2 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -398,7 +398,10 @@ init_context: } #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) - if (client && q_SSLeay() >= 0x00090806fL) { + if ((configuration.protocol == QSsl::TlsV1SslV3 || + configuration.protocol == QSsl::TlsV1 || + configuration.protocol == QSsl::AnyProtocol) && + client && q_SSLeay() >= 0x00090806fL) { // Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format. QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName; if (tlsHostName.isEmpty()) |