From 5f2eccbc8a392784868dd9919442642b4a9f9ef8 Mon Sep 17 00:00:00 2001
From: Martin Petersson <martin.petersson@nokia.com>
Date: Mon, 14 Mar 2011 14:25:33 +0100
Subject: SSL: Fix certification loading on Mac OS X 10.5

Do not add the expired certificates on Mac OS X 10.5.

Task-number: QTBUG-14520
Reviewed-by: Markus Goetz
---
 src/network/ssl/qsslsocket_openssl.cpp | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 84e14ff..0866534 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -312,9 +312,18 @@ init_context:
             q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle());
         }
     }
+
+    bool addExpiredCerts = true;
+#if defined(Q_OS_MAC) && (MAC_OS_X_VERSION_MAX_ALLOWED == MAC_OS_X_VERSION_10_5)
+    //On Leopard SSL does not work if we add the expired certificates.
+    if (QSysInfo::MacintoshVersion == QSysInfo::MV_10_5)
+       addExpiredCerts = false;
+#endif
     // now add the expired certs
-    foreach (const QSslCertificate &caCertificate, expiredCerts) {
-        q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle());
+    if (addExpiredCerts) {
+        foreach (const QSslCertificate &caCertificate, expiredCerts) {
+            q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle());
+        }
     }
 
     // Register a custom callback to get all verification errors.
-- 
cgit v0.12