Merge remote branch 'origin/4.7' into qt-master-from-4.7

Conflicts:
	src/gui/kernel/qapplication.h

8 files changed, 343 insertions, 85 deletions

diff --git a/src/network/access/access.pri b/src/network/access/access.pri
index 173a087..6a0cd32 100644
--- a/src/network/access/access.pri
+++ b/src/network/access/access.pri
@@ -1,67 +1,62 @@
 # Qt network access module
 
-HEADERS += access/qftp.h \
-           access/qhttp.h \
-           access/qhttpnetworkheader_p.h \
-           access/qhttpnetworkrequest_p.h \
-           access/qhttpnetworkreply_p.h \
-	   access/qhttpnetworkconnection_p.h \
-           access/qhttpnetworkconnectionchannel_p.h \
-           access/qfilenetworkreply_p.h \
-           access/qnetworkaccessmanager.h \
-           access/qnetworkaccessmanager_p.h \
-	   access/qnetworkaccesscache_p.h \
-           access/qnetworkaccessbackend_p.h \
-           access/qnetworkaccessdatabackend_p.h \
-	   access/qnetworkaccessdebugpipebackend_p.h \
-	   access/qnetworkaccesshttpbackend_p.h \
-           access/qnetworkaccessfilebackend_p.h \
-           access/qnetworkaccesscachebackend_p.h \
-	   access/qnetworkaccessftpbackend_p.h \
-	   access/qnetworkcookie.h \
-	   access/qnetworkcookie_p.h \
-           access/qnetworkcookiejar.h \
-           access/qnetworkcookiejar_p.h \
-           access/qnetworkrequest.h \
-           access/qnetworkrequest_p.h \
-           access/qnetworkreply.h \
-           access/qnetworkreply_p.h \
-	   access/qnetworkreplyimpl_p.h \
-           access/qabstractnetworkcache_p.h \
-           access/qabstractnetworkcache.h \
-           access/qnetworkdiskcache_p.h \
-           access/qnetworkdiskcache.h
+HEADERS += \
+    access/qftp.h \
+    access/qhttp.h \
+    access/qhttpnetworkheader_p.h \
+    access/qhttpnetworkrequest_p.h \
+    access/qhttpnetworkreply_p.h \
+    access/qhttpnetworkconnection_p.h \
+    access/qhttpnetworkconnectionchannel_p.h \
+    access/qfilenetworkreply_p.h \
+    access/qnetworkaccessmanager.h \
+    access/qnetworkaccessmanager_p.h \
+    access/qnetworkaccesscache_p.h \
+    access/qnetworkaccessbackend_p.h \
+    access/qnetworkaccessdatabackend_p.h \
+    access/qnetworkaccessdebugpipebackend_p.h \
+    access/qnetworkaccesshttpbackend_p.h \
+    access/qnetworkaccessfilebackend_p.h \
+    access/qnetworkaccesscachebackend_p.h \
+    access/qnetworkaccessftpbackend_p.h \
+    access/qnetworkcookie.h \
+    access/qnetworkcookie_p.h \
+    access/qnetworkcookiejar.h \
+    access/qnetworkcookiejar_p.h \
+    access/qnetworkrequest.h \
+    access/qnetworkrequest_p.h \
+    access/qnetworkreply.h \
+    access/qnetworkreply_p.h \
+    access/qnetworkreplyimpl_p.h \
+    access/qabstractnetworkcache_p.h \
+    access/qabstractnetworkcache.h \
+    access/qnetworkdiskcache_p.h \
+    access/qnetworkdiskcache.h
 
-SOURCES += access/qftp.cpp \
-           access/qhttp.cpp \
-	   access/qhttpnetworkheader.cpp \
-	   access/qhttpnetworkrequest.cpp \
-	   access/qhttpnetworkreply.cpp \
-	   access/qhttpnetworkconnection.cpp \
-           access/qhttpnetworkconnectionchannel.cpp \
-           access/qfilenetworkreply.cpp \
-           access/qnetworkaccessmanager.cpp \
-	   access/qnetworkaccesscache.cpp \
-           access/qnetworkaccessbackend.cpp \
-           access/qnetworkaccessdatabackend.cpp \
-	   access/qnetworkaccessdebugpipebackend.cpp \
-           access/qnetworkaccessfilebackend.cpp \
-           access/qnetworkaccesscachebackend.cpp \
-	   access/qnetworkaccessftpbackend.cpp \
-	   access/qnetworkaccesshttpbackend.cpp \
-	   access/qnetworkcookie.cpp \
-           access/qnetworkcookiejar.cpp \
-           access/qnetworkrequest.cpp \
-           access/qnetworkreply.cpp \
-           access/qnetworkreplyimpl.cpp \
-           access/qabstractnetworkcache.cpp \
-           access/qnetworkdiskcache.cpp
+SOURCES += \
+    access/qftp.cpp \
+    access/qhttp.cpp \
+    access/qhttpnetworkheader.cpp \
+    access/qhttpnetworkrequest.cpp \
+    access/qhttpnetworkreply.cpp \
+    access/qhttpnetworkconnection.cpp \
+    access/qhttpnetworkconnectionchannel.cpp \
+    access/qfilenetworkreply.cpp \
+    access/qnetworkaccessmanager.cpp \
+    access/qnetworkaccesscache.cpp \
+    access/qnetworkaccessbackend.cpp \
+    access/qnetworkaccessdatabackend.cpp \
+    access/qnetworkaccessdebugpipebackend.cpp \
+    access/qnetworkaccessfilebackend.cpp \
+    access/qnetworkaccesscachebackend.cpp \
+    access/qnetworkaccessftpbackend.cpp \
+    access/qnetworkaccesshttpbackend.cpp \
+    access/qnetworkcookie.cpp \
+    access/qnetworkcookiejar.cpp \
+    access/qnetworkrequest.cpp \
+    access/qnetworkreply.cpp \
+    access/qnetworkreplyimpl.cpp \
+    access/qabstractnetworkcache.cpp \
+    access/qnetworkdiskcache.cpp
 
-#zlib support
-contains(QT_CONFIG, zlib) {
-    INCLUDEPATH += ../3rdparty/zlib
-} else:!contains(QT_CONFIG, no-zlib) {
-    symbian:LIBS_PRIVATE += -llibz
-    else:if(unix|win32-g++*):LIBS_PRIVATE += -lz
-    else:LIBS += zdll.lib
-}
+include($$PWD/../../3rdparty/zlib_dependency.pri)
diff --git a/src/network/access/qnetworkrequest.cpp b/src/network/access/qnetworkrequest.cpp
index 911eadc..bccfec1 100644
--- a/src/network/access/qnetworkrequest.cpp
+++ b/src/network/access/qnetworkrequest.cpp
@@ -215,7 +215,7 @@ QT_BEGIN_NAMESPACE
 
         \since 4.7
 
-     \value AuthenticationReuseControlAttribute
+     \value AuthenticationReuseAttribute
         Requests only, type: QVariant::Int (default: QNetworkRequest::Automatic)
         Indicates whether to use cached authorization credentials in the request,
         if available. If this is set to QNetworkRequest::Manual and the authentication
diff --git a/src/network/kernel/qhostaddress.cpp b/src/network/kernel/qhostaddress.cpp
index 5ae3acc..0bacf90 100644
--- a/src/network/kernel/qhostaddress.cpp
+++ b/src/network/kernel/qhostaddress.cpp
@@ -428,9 +428,9 @@ void QNetmaskAddress::setPrefixLength(QAbstractSocket::NetworkLayerProtocol prot
     QHostAddress is normally used with the QTcpSocket, QTcpServer,
     and QUdpSocket to connect to a host or to set up a server.
 
-    A host address is set with setAddress(), checked for its type
-    using isIPv4Address() or isIPv6Address(), and retrieved with
-    toIPv4Address(), toIPv6Address(), or toString().
+    A host address is set with setAddress(), and retrieved with
+    toIPv4Address(), toIPv6Address(), or toString(). You can check the
+    type with protocol().
 
     \note Please note that QHostAddress does not do DNS lookups.
     QHostInfo is needed for that.
@@ -679,7 +679,8 @@ void QHostAddress::setAddress(const struct sockaddr *sockaddr)
     For example, if the address is 127.0.0.1, the returned value is
     2130706433 (i.e. 0x7f000001).
 
-    This value is only valid if isIp4Addr() returns true.
+    This value is only valid if the Protocol() is
+    \l{QAbstractSocket::}{IPv4Protocol}.
 
     \sa toString()
 */
@@ -704,7 +705,8 @@ QAbstractSocket::NetworkLayerProtocol QHostAddress::protocol() const
 
     \snippet doc/src/snippets/code/src_network_kernel_qhostaddress.cpp 0
 
-    This value is only valid if isIPv6Address() returns true.
+    This value is only valid if the protocol() is
+    \l{QAbstractSocket::}{IPv6Protocol}.
 
     \sa toString()
 */
diff --git a/src/network/kernel/qnetworkproxy_win.cpp b/src/network/kernel/qnetworkproxy_win.cpp
index e801738..537107e 100644
--- a/src/network/kernel/qnetworkproxy_win.cpp
+++ b/src/network/kernel/qnetworkproxy_win.cpp
@@ -100,6 +100,10 @@ typedef struct {
 #define WINHTTP_NO_PROXY_NAME     NULL
 #define WINHTTP_NO_PROXY_BYPASS   NULL
 
+#define WINHTTP_ERROR_BASE                      12000
+#define ERROR_WINHTTP_LOGIN_FAILURE             (WINHTTP_ERROR_BASE + 15)
+#define ERROR_WINHTTP_AUTODETECTION_FAILED      (WINHTTP_ERROR_BASE + 180)
+
 QT_BEGIN_NAMESPACE
 
 typedef BOOL (WINAPI * PtrWinHttpGetProxyForUrl)(HINTERNET, LPCWSTR, WINHTTP_AUTOPROXY_OPTIONS*, WINHTTP_PROXY_INFO*);
@@ -320,7 +324,7 @@ void QWindowsSystemProxy::init()
 
         isAutoConfig = true;
         memset(&autoProxyOptions, 0, sizeof autoProxyOptions);
-        autoProxyOptions.fAutoLogonIfChallenged = true;
+        autoProxyOptions.fAutoLogonIfChallenged = false;
         if (ieProxyConfig.fAutoDetect) {
             autoProxyOptions.dwFlags = WINHTTP_AUTOPROXY_AUTO_DETECT;
             autoProxyOptions.dwAutoDetectFlags = WINHTTP_AUTO_DETECT_TYPE_DHCP |
@@ -377,10 +381,26 @@ QList<QNetworkProxy> QNetworkProxyFactory::systemProxyForQuery(const QNetworkPro
             // change the scheme to https, maybe it'll work
             url.setScheme(QLatin1String("https"));
         }
-        if (ptrWinHttpGetProxyForUrl(sp->hHttpSession,
-                                     (LPCWSTR)url.toString().utf16(),
-                                     &sp->autoProxyOptions,
-                                     &proxyInfo)) {
+
+        bool getProxySucceeded = ptrWinHttpGetProxyForUrl(sp->hHttpSession,
+                                                (LPCWSTR)url.toString().utf16(),
+                                                &sp->autoProxyOptions,
+                                                &proxyInfo);
+        DWORD getProxyError = GetLastError();
+
+        if (!getProxySucceeded
+            && (ERROR_WINHTTP_LOGIN_FAILURE == getProxyError)) {
+            // We first tried without AutoLogon, because this might prevent caching the result.
+            // But now we've to enable it (http://msdn.microsoft.com/en-us/library/aa383153%28v=VS.85%29.aspx)
+            sp->autoProxyOptions.fAutoLogonIfChallenged = TRUE;
+            getProxySucceeded = ptrWinHttpGetProxyForUrl(sp->hHttpSession,
+                                               (LPCWSTR)url.toString().utf16(),
+                                                &sp->autoProxyOptions,
+                                                &proxyInfo);
+            getProxyError = GetLastError();
+        }
+
+        if (getProxySucceeded) {
             // yes, we got a config for this URL
             QString proxyBypass = QString::fromWCharArray(proxyInfo.lpszProxyBypass);
             QStringList proxyServerList = splitSpaceSemicolon(QString::fromWCharArray(proxyInfo.lpszProxy));
@@ -395,6 +415,13 @@ QList<QNetworkProxy> QNetworkProxyFactory::systemProxyForQuery(const QNetworkPro
         }
 
         // GetProxyForUrl failed
+
+        if (ERROR_WINHTTP_AUTODETECTION_FAILED == getProxyError) {
+            //No config file could be retrieved on the network.
+            //Don't search for it next time again.
+            sp->isAutoConfig = false;
+        }
+
         return sp->defaultResult;
     }
 
diff --git a/src/network/network.pro b/src/network/network.pro
index 8582d8a..5e33080 100644
--- a/src/network/network.pro
+++ b/src/network/network.pro
@@ -27,5 +27,20 @@ QMAKE_LIBS += $$QMAKE_LIBS_NETWORK
 
 symbian {
    TARGET.UID3=0x2001B2DE
-   LIBS += -lesock -linsock
+   LIBS += -lesock -linsock -lcertstore -lefsrv -lctframework
+
+    # Partial upgrade SIS file
+    vendorinfo = \
+        "; Localised Vendor name" \
+        "%{\"Nokia, Qt\"}" \
+        " " \
+        "; Unique Vendor name" \
+        ":\"Nokia, Qt\"" \
+        " "
+    pu_header = "; Partial upgrade package for testing QtGui changes without reinstalling everything" \
+                "$${LITERAL_HASH}{\"Qt network\"}, (0x2001E61C), $${QT_MAJOR_VERSION},$${QT_MINOR_VERSION},$${QT_PATCH_VERSION}, TYPE=PU"
+    partial_upgrade.pkg_prerules = pu_header vendorinfo
+    partial_upgrade.sources = $$QMAKE_LIBDIR_QT/QtNetwork.dll
+    partial_upgrade.path = c:/sys/bin
+    DEPLOYMENT = partial_upgrade $$DEPLOYMENT
 }
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 30428ff..1d794ae 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -68,6 +68,8 @@
     PtrCertOpenSystemStoreW QSslSocketPrivate::ptrCertOpenSystemStoreW = 0;
     PtrCertFindCertificateInStore QSslSocketPrivate::ptrCertFindCertificateInStore = 0;
     PtrCertCloseStore QSslSocketPrivate::ptrCertCloseStore = 0;
+#elif defined(Q_OS_SYMBIAN)
+#include <QtCore/private/qcore_symbian_p.h>
 #endif
 
 QT_BEGIN_NAMESPACE
@@ -197,7 +199,7 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *ciph
             ciph.d->protocol = QSsl::SslV2;
         else if (protoString == QLatin1String("TLSv1"))
             ciph.d->protocol = QSsl::TlsV1;
-        
+
         if (descriptionList.at(2).startsWith(QLatin1String("Kx=")))
             ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3);
         if (descriptionList.at(3).startsWith(QLatin1String("Au=")))
@@ -365,7 +367,7 @@ init_context:
     // Set verification depth.
     if (configuration.peerVerifyDepth != 0)
         q_SSL_CTX_set_verify_depth(ctx, configuration.peerVerifyDepth);
-    
+
     // Create and initialize SSL session
     if (!(ssl = q_SSL_new(ctx))) {
         // ### Bad error code
@@ -515,9 +517,15 @@ void QSslSocketPrivate::ensureInitialized()
 #elif defined(Q_OS_WIN)
     HINSTANCE hLib = LoadLibraryW(L"Crypt32");
     if (hLib) {
+#if defined(Q_OS_WINCE)
+        ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, L"CertOpenStore");
+        ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, L"CertFindCertificateInStore");
+        ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, L"CertCloseStore");
+#else
         ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW");
         ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore");
         ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore");
+#endif
         if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore)
             qWarning("could not resolve symbols in crypt32 library"); // should never happen
     } else {
@@ -559,6 +567,124 @@ void QSslSocketPrivate::resetDefaultCiphers()
     setDefaultCiphers(ciphers);
 }
 
+#if defined(Q_OS_SYMBIAN)
+
+QCertificateRetriever::QCertificateRetriever(QCertificateConsumer* parent)
+    : CActive(EPriorityStandard)
+    , certStore(0)
+    , certFilter(0)
+    , consumer(parent)
+    , currentCertificateIndex(0)
+    , certDescriptor(0, 0)
+{
+    CActiveScheduler::Add(this);
+    QT_TRAP_THROWING(certStore = CUnifiedCertStore::NewL(qt_s60GetRFs(), EFalse));
+    QT_TRAP_THROWING(certFilter = CCertAttributeFilter::NewL());
+    certFilter->SetFormat(EX509Certificate);
+}
+
+QCertificateRetriever::~QCertificateRetriever()
+{
+    delete certFilter;
+    delete certStore;
+    Cancel();
+}
+
+void QCertificateRetriever::fetch()
+{
+    certStore->Initialize(iStatus);
+    state = Initializing;
+    SetActive();
+}
+
+void QCertificateRetriever::list()
+{
+    certStore->List(certs, *certFilter, iStatus);
+    state = Listing;
+    SetActive();
+}
+
+void QCertificateRetriever::retrieveNextCertificate()
+{
+    CCTCertInfo* cert = certs[currentCertificateIndex];
+    currentCertificate.resize(cert->Size());
+    certDescriptor.Set((TUint8*)currentCertificate.data(), 0, currentCertificate.size());
+    certStore->Retrieve(*cert, certDescriptor, iStatus);
+    state = RetrievingCertificates;
+    SetActive();
+}
+
+void QCertificateRetriever::RunL()
+{
+    QT_TRYCATCH_LEAVING(run());
+}
+
+void QCertificateRetriever::run()
+{
+    switch (state) {
+    case Initializing:
+        list();
+        break;
+    case Listing:
+        currentCertificateIndex = 0;
+        retrieveNextCertificate();
+        break;
+    case RetrievingCertificates:
+        consumer->addEncodedCertificate(currentCertificate);
+        currentCertificate = QByteArray();
+
+        currentCertificateIndex++;
+
+        if (currentCertificateIndex < certs.Count())
+            retrieveNextCertificate();
+        else
+            consumer->finish();
+        break;
+    }
+}
+
+void QCertificateRetriever::DoCancel()
+{
+    switch (state) {
+    case Initializing:
+        certStore->CancelInitialize();
+        break;
+    case Listing:
+        certStore->CancelList();
+        break;
+    case RetrievingCertificates:
+        certStore->CancelRetrieve();
+        break;
+    }
+}
+
+QCertificateConsumer::QCertificateConsumer(QObject* parent)
+    : QObject(parent)
+    , retriever(0)
+{
+}
+
+QCertificateConsumer::~QCertificateConsumer()
+{
+    delete retriever;
+}
+
+void QCertificateConsumer::finish()
+{
+    delete retriever;
+    retriever = 0;
+    emit finished();
+}
+
+void QCertificateConsumer::start()
+{
+    retriever = new QCertificateRetriever(this);
+    Q_CHECK_PTR(retriever);
+    retriever->fetch();
+}
+
+#endif // defined(Q_OS_SYMBIAN)
+
 QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
 {
     ensureInitialized();
@@ -601,7 +727,15 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
 #elif defined(Q_OS_WIN)
     if (ptrCertOpenSystemStoreW && ptrCertFindCertificateInStore && ptrCertCloseStore) {
         HCERTSTORE hSystemStore;
+#if defined(Q_OS_WINCE)
+        hSystemStore = ptrCertOpenSystemStoreW(CERT_STORE_PROV_SYSTEM_W,
+                                               0,
+                                               0,
+                                               CERT_STORE_NO_CRYPT_RELEASE_FLAG|CERT_SYSTEM_STORE_CURRENT_USER,
+                                               L"ROOT");
+#else
         hSystemStore = ptrCertOpenSystemStoreW(0, L"ROOT");
+#endif
         if(hSystemStore) {
             PCCERT_CONTEXT pc = NULL;
             while(1) {
@@ -615,19 +749,35 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
             ptrCertCloseStore(hSystemStore, 0);
         }
     }
-#elif defined(Q_OS_AIX)
-    systemCerts.append(QSslCertificate::fromPath(QLatin1String("/var/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard));
-#elif defined(Q_OS_SOLARIS)
-    systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard));
-#elif defined(Q_OS_HPUX)
-    systemCerts.append(QSslCertificate::fromPath(QLatin1String("/opt/openssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard));
-#elif defined(Q_OS_LINUX)
+#elif defined(Q_OS_UNIX)
+    systemCerts.append(QSslCertificate::fromPath(QLatin1String("/var/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // AIX
+    systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Solaris
+    systemCerts.append(QSslCertificate::fromPath(QLatin1String("/opt/openssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // HP-UX
     systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // (K)ubuntu, OpenSUSE, Mandriva, ...
     systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora
     systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/lib/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Gentoo, Mandrake
     systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/share/ssl/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Centos, Redhat, SuSE
     systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Normal OpenSSL Tarball
+#elif defined(Q_OS_SYMBIAN)
+    QThread* certThread = new QThread;
+
+    QCertificateConsumer *consumer = new QCertificateConsumer();
+    consumer->moveToThread(certThread);
+    QObject::connect(certThread, SIGNAL(started()), consumer, SLOT(start()));
+    QObject::connect(consumer, SIGNAL(finished()), certThread, SLOT(quit()), Qt::DirectConnection);
+
+    certThread->start();
+    certThread->wait();
+    foreach (const QByteArray &encodedCert, consumer->encodedCertificates()) {
+        QSslCertificate cert(encodedCert, QSsl::Der);
+        if (!cert.isNull())
+            systemCerts.append(cert);
+    }
+
+    delete consumer;
+    delete certThread;
 #endif
+
     return systemCerts;
 }
 
@@ -673,7 +823,7 @@ void QSslSocketBackendPrivate::transmit()
     bool transmitting;
     do {
         transmitting = false;
-        
+
         // If the connection is secure, we can transfer data from the write
         // buffer (in plain text) to the write BIO through SSL_write.
         if (connectionEncrypted && !writeBuffer.isEmpty()) {
diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h
index 3c08757..987dfae 100644
--- a/src/network/ssl/qsslsocket_openssl_p.h
+++ b/src/network/ssl/qsslsocket_openssl_p.h
@@ -118,6 +118,71 @@ public:
     static QList<QSslCertificate> STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509);
 };
 
+#if defined(Q_OS_SYMBIAN)
+#include <unifiedcertstore.h>     // link against certstore.lib
+#include <ccertattributefilter.h> // link against ctframework.lib
+
+class QCertificateRetriever;
+
+class QCertificateConsumer : public QObject
+{
+    Q_OBJECT
+public:
+    QCertificateConsumer(QObject* parent = 0);
+    ~QCertificateConsumer();
+
+    void finish();
+
+    void addEncodedCertificate(const QByteArray& certificate)
+    { certificates.append(certificate); }
+    QList<QByteArray> encodedCertificates() const { return certificates; }
+
+public slots:
+    void start();
+
+signals:
+    void finished();
+
+private:
+    QList<QByteArray> certificates;
+    QCertificateRetriever *retriever;
+};
+
+
+class QCertificateRetriever : public CActive
+{
+public:
+    QCertificateRetriever(QCertificateConsumer* consumer);
+    ~QCertificateRetriever();
+
+    void fetch();
+
+private:
+    virtual void RunL();
+    virtual void DoCancel();
+
+    void run();
+    void list();
+    void retrieveNextCertificate();
+
+    enum {
+        Initializing,
+        Listing,
+        RetrievingCertificates
+    } state;
+
+    CUnifiedCertStore* certStore;
+    RMPointerArray<CCTCertInfo> certs;
+    CCertAttributeFilter* certFilter;
+    QCertificateConsumer* consumer;
+    int currentCertificateIndex;
+    QByteArray currentCertificate;
+    TPtr8 certDescriptor;
+};
+
+#endif
+
+
 QT_END_NAMESPACE
 
 #endif
diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
index 09775bc..72b3ef7 100644
--- a/src/network/ssl/qsslsocket_p.h
+++ b/src/network/ssl/qsslsocket_p.h
@@ -77,7 +77,11 @@ QT_BEGIN_NAMESPACE
 #ifndef HCRYPTPROV_LEGACY
 #define HCRYPTPROV_LEGACY HCRYPTPROV
 #endif
+#if defined(Q_OS_WINCE)
+    typedef HCERTSTORE (WINAPI *PtrCertOpenSystemStoreW)(LPCSTR, DWORD, HCRYPTPROV_LEGACY, DWORD, const void*);
+#else
     typedef HCERTSTORE (WINAPI *PtrCertOpenSystemStoreW)(HCRYPTPROV_LEGACY, LPCWSTR);
+#endif
     typedef PCCERT_CONTEXT (WINAPI *PtrCertFindCertificateInStore)(HCERTSTORE, DWORD, DWORD, DWORD, const void*, PCCERT_CONTEXT);
     typedef BOOL (WINAPI *PtrCertCloseStore)(HCERTSTORE, DWORD);
 #endif