4 files changed, 36 insertions, 1 deletions

diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index ea64042..39ac5da 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -397,6 +397,36 @@ void QSslSocket::connectToHostEncrypted(const QString &hostName, quint16 port, O
 }
 
 /*!
+    \since 4.6
+    \overload
+
+    In addition to the original behaviour of connectToHostEncrypted,
+    this overloaded method enables the usage of a different hostname 
+    (\a sslPeerName) for the certificate validation instead of
+    the one used for the TCP connection (\a hostName).
+
+    \sa connectToHostEncrypted()
+*/
+void QSslSocket::connectToHostEncrypted(const QString &hostName, quint16 port,
+                                        const QString &sslPeerName, OpenMode mode)
+{
+    Q_D(QSslSocket);
+    if (d->state == ConnectedState || d->state == ConnectingState) {
+        qWarning("QSslSocket::connectToHostEncrypted() called when already connecting/connected");
+        return;
+    }
+
+    d->init();
+    d->autoStartHandshake = true;
+    d->initialized = true;
+    d->verificationPeerName = sslPeerName;
+
+    // Note: When connecting to localhost, some platforms (e.g., HP-UX and some BSDs)
+    // establish the connection immediately (i.e., first attempt).
+    connectToHost(hostName, port, mode);
+}
+
+/*!
     Initializes QSslSocket with the native socket descriptor \a
     socketDescriptor. Returns true if \a socketDescriptor is accepted
     as a valid socket descriptor; otherwise returns false.
diff --git a/src/network/ssl/qsslsocket.h b/src/network/ssl/qsslsocket.h
index b8db654..e4c683a 100644
--- a/src/network/ssl/qsslsocket.h
+++ b/src/network/ssl/qsslsocket.h
@@ -86,6 +86,7 @@ public:
 
     // Autostarting the SSL client handshake.
     void connectToHostEncrypted(const QString &hostName, quint16 port, OpenMode mode = ReadWrite);
+    void connectToHostEncrypted(const QString &hostName, quint16 port, const QString &sslPeerName, OpenMode mode = ReadWrite);
     bool setSocketDescriptor(int socketDescriptor, SocketState state = ConnectedState,
                              OpenMode openMode = ReadWrite);
 
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 6f8cf42..827f461 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -815,7 +815,7 @@ bool QSslSocketBackendPrivate::testConnection()
         // but only if we're a client connecting to a server
         // if we're the server, don't check CN
         if (mode == QSslSocket::SslClientMode) {
-            QString peerName = q->peerName();
+            QString peerName = (verificationPeerName.isEmpty () ? q->peerName() : verificationPeerName);
             QString commonName = configuration.peerCertificate.subjectInfo(QSslCertificate::CommonName);
 
             QRegExp regexp(commonName, Qt::CaseInsensitive, QRegExp::Wildcard);
diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
index 825df46..69d3cf3 100644
--- a/src/network/ssl/qsslsocket_p.h
+++ b/src/network/ssl/qsslsocket_p.h
@@ -88,6 +88,10 @@ public:
     QSslConfigurationPrivate configuration;
     QList<QSslError> sslErrors;
 
+    // if set, this hostname is used for certificate validation instead of the hostname
+    // that was used for connecting to.
+    QString verificationPeerName;
+
     static bool ensureInitialized();
     static void deinitialize();
     static QList<QSslCipher> defaultCiphers();