From 94e7b873ed5c04d4850a9e36970906113f12cd55 Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Mon, 28 Jun 2010 13:00:56 +0200 Subject: Don't load ciphers and system certificates for QSslSocket::supportsSsl() Loading these uses about 1 MB of memory and can be be deferred until it's actually needed. Reviewed-by: Peter Hartmann --- src/network/ssl/qsslsocket.cpp | 2 +- src/network/ssl/qsslsocket_openssl.cpp | 50 +++++++++++++++++++++++++++------- src/network/ssl/qsslsocket_p.h | 10 ++++++- 3 files changed, 50 insertions(+), 12 deletions(-) diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index a8c602a..f85fa84 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -1556,7 +1556,7 @@ QList QSslSocket::sslErrors() const */ bool QSslSocket::supportsSsl() { - return QSslSocketPrivate::ensureInitialized(); + return QSslSocketPrivate::supportsSsl(); } /*! diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 9bd93a2..fa26fe8 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -72,6 +72,9 @@ QT_BEGIN_NAMESPACE +bool QSslSocketPrivate::s_libraryLoaded = false; +bool QSslSocketPrivate::s_loadedCiphersAndCerts = false; + // Useful defines #define SSL_ERRORSTR() QString::fromLocal8Bit(q_ERR_error_string(q_ERR_get_error(), NULL)) @@ -398,19 +401,24 @@ void QSslSocketPrivate::deinitialize() /*! \internal - Declared static in QSslSocketPrivate, makes sure the SSL libraries have - been initialized. + Does the minimum amount of initialization to determine whether SSL + is supported or not. */ -bool QSslSocketPrivate::ensureInitialized() + +bool QSslSocketPrivate::supportsSsl() +{ + return ensureLibraryLoaded(); +} + +bool QSslSocketPrivate::ensureLibraryLoaded() { if (!q_resolveOpenSslSymbols()) return false; // Check if the library itself needs to be initialized. QMutexLocker locker(openssl_locks()->initLock()); - static int q_initialized = false; - if (!q_initialized) { - q_initialized = true; + if (!s_libraryLoaded) { + s_libraryLoaded = true; // Initialize OpenSSL. q_CRYPTO_set_id_callback(id_function); @@ -447,10 +455,33 @@ bool QSslSocketPrivate::ensureInitialized() if (!attempts) return false; } - - resetDefaultCiphers(); - setDefaultCaCertificates(systemCaCertificates()); } + return true; +} + +void QSslSocketPrivate::ensureCiphersAndCertsLoaded() +{ + if (s_loadedCiphersAndCerts) + return; + s_loadedCiphersAndCerts = true; + + resetDefaultCiphers(); + setDefaultCaCertificates(systemCaCertificates()); +} + +/*! + \internal + + Declared static in QSslSocketPrivate, makes sure the SSL libraries have + been initialized. +*/ + +void QSslSocketPrivate::ensureInitialized() +{ + if (!supportsSsl()) + return; + + ensureCiphersAndCertsLoaded(); //load symbols needed to receive certificates from system store #if defined(Q_OS_MAC) @@ -481,7 +512,6 @@ bool QSslSocketPrivate::ensureInitialized() qWarning("could not load crypt32 library"); // should never happen } #endif - return true; } /*! diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h index d3c3858..09775bc 100644 --- a/src/network/ssl/qsslsocket_p.h +++ b/src/network/ssl/qsslsocket_p.h @@ -108,7 +108,8 @@ public: // that was used for connecting to. QString verificationPeerName; - static bool ensureInitialized(); + static bool supportsSsl(); + static void ensureInitialized(); static void deinitialize(); static QList defaultCiphers(); static QList supportedCiphers(); @@ -154,6 +155,13 @@ public: virtual void disconnectFromHost() = 0; virtual void disconnected() = 0; virtual QSslCipher sessionCipher() const = 0; + +private: + static bool ensureLibraryLoaded(); + static void ensureCiphersAndCertsLoaded(); + + static bool s_libraryLoaded; + static bool s_loadedCiphersAndCerts; }; QT_END_NAMESPACE -- cgit v0.12