From 4f1235af805d6ec947730e33d270c30d298e51dc Mon Sep 17 00:00:00 2001 From: Peter Hartmann Date: Tue, 28 Sep 2010 14:56:54 +0200 Subject: QSslSocket speed up loading of system certificates on Unix (not Mac) ... by only reading in a certificate once. Before, we were adding all files from all directories; since they often contained symlinks, the same certificate was added several times. Reviewed-by: Markus Goetz Reviewed-by: Thiago Macieira Task-number: QTBUG-14013 --- src/network/ssl/qsslsocket.cpp | 2 +- src/network/ssl/qsslsocket_openssl.cpp | 37 ++++++++++++++++++++++++++-------- 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index f18c629..c9f421f 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -1354,7 +1354,7 @@ QList QSslSocket::defaultCaCertificates() */ QList QSslSocket::systemCaCertificates() { - QSslSocketPrivate::ensureInitialized(); + // we are calling ensureInitialized() in the method below return QSslSocketPrivate::systemCaCertificates(); } diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 5033393..cd224df 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -772,14 +772,35 @@ QList QSslSocketPrivate::systemCaCertificates() } } #elif defined(Q_OS_UNIX) && !defined(Q_OS_SYMBIAN) - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/var/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // AIX - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Solaris - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/opt/openssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // HP-UX - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // (K)ubuntu, OpenSUSE, Mandriva, ... - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/lib/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Gentoo, Mandrake - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/share/ssl/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Centos, Redhat, SuSE - systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Normal OpenSSL Tarball + QSet certFiles; + QList directories; + directories << "/etc/ssl/certs/"; // (K)ubuntu, OpenSUSE, Mandriva, MeeGo ... + directories << "/usr/lib/ssl/certs/"; // Gentoo, Mandrake + directories << "/usr/share/ssl/"; // Centos, Redhat, SuSE + directories << "/usr/local/ssl/"; // Normal OpenSSL Tarball + directories << "/var/ssl/certs/"; // AIX + directories << "/usr/local/ssl/certs/"; // Solaris + directories << "/opt/openssl/certs/"; // HP-UX + + QDir currentDir; + QStringList nameFilters; + nameFilters << QLatin1String("*.pem") << QLatin1String("*.crt"); + currentDir.setNameFilters(nameFilters); + for (int a = 0; a < directories.count(); a++) { + currentDir.setPath(QLatin1String(directories.at(a))); + QDirIterator it(currentDir); + while(it.hasNext()) { + it.next(); + // use canonical path here to not load the same certificate twice if symlinked + certFiles.insert(it.fileInfo().canonicalFilePath()); + } + } + QSetIterator it(certFiles); + while(it.hasNext()) { + systemCerts.append(QSslCertificate::fromPath(it.next())); + } + systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora, Mandriva + #elif defined(Q_OS_SYMBIAN) QList certs; QScopedPointer retriever(CSymbianCertificateRetriever::NewL()); -- cgit v0.12