Qt patches: Tweak more for Qt 5.4.0

This commit is contained in:
Daniel Molkentin 2015-11-25 12:42:58 +01:00
Родитель 127c107094
Коммит 1cc9070a50
2 изменённых файлов: 31 добавлений и 35 удалений

Просмотреть файл

@ -1,4 +1,4 @@
From aeac76810efc01a94a9102fc8da88c6b9257703a Mon Sep 17 00:00:00 2001
From 06818f6d1c602aa3c4f9356324866432d2dd0195 Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <daniel@molkentin.de>
Date: Mon, 16 Nov 2015 15:02:37 +0100
Subject: [PATCH 1/2] Remove legacy platform code in QSslSocket for OS X < 10.5
@ -21,13 +21,13 @@ Conflicts:
2 files changed, 28 insertions(+), 61 deletions(-)
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 13fc534..9d13301 100644
index 13fc534..7d0fe00 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -69,14 +69,19 @@
#include <QtCore/qvarlengtharray.h>
#include <QLibrary> // for loading the security lib for the CA store
+#include <string.h>
+
+#ifdef Q_OS_DARWIN
@ -39,7 +39,7 @@ index 13fc534..9d13301 100644
+#endif
+
QT_BEGIN_NAMESPACE
-#if defined(Q_OS_MACX)
-#define kSecTrustSettingsDomainSystem 2 // so we do not need to include the header file
- PtrSecCertificateCopyData QSslSocketPrivate::ptrSecCertificateCopyData = 0;
@ -51,7 +51,7 @@ index 13fc534..9d13301 100644
PtrCertFindCertificateInStore QSslSocketPrivate::ptrCertFindCertificateInStore = 0;
PtrCertCloseStore QSslSocketPrivate::ptrCertCloseStore = 0;
@@ -482,23 +487,7 @@ void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
#ifndef QT_NO_LIBRARY
//load symbols needed to receive certificates from system store
-#if defined(Q_OS_MACX)
@ -119,7 +119,7 @@ index 13fc534..9d13301 100644
+ SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
+ QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert);
+ if (derData == NULL) {
+ qCWarning(lcSsl, "error retrieving a CA certificate from the system store");
+ qWarning("error retrieving a CA certificate from the system store");
+ } else {
+ systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der);
}
@ -138,7 +138,7 @@ index 6e7a2c5..c1a6f05 100644
@@ -145,11 +145,7 @@ public:
static bool isMatchingHostname(const QSslCertificate &cert, const QString &peerName);
Q_AUTOTEST_EXPORT static bool isMatchingHostname(const QString &cn, const QString &hostname);
-#if defined(Q_OS_MACX)
- static PtrSecCertificateCopyData ptrSecCertificateCopyData;
- static PtrSecTrustSettingsCopyCertificates ptrSecTrustSettingsCopyCertificates;
@ -148,5 +148,6 @@ index 6e7a2c5..c1a6f05 100644
static PtrCertOpenSystemStoreW ptrCertOpenSystemStoreW;
static PtrCertFindCertificateInStore ptrCertFindCertificateInStore;
static PtrCertCloseStore ptrCertCloseStore;
--
--
1.9.1

Просмотреть файл

@ -1,6 +1,6 @@
From ff10adae4d0e0c1158a2ec582154ce00fbcf10e8 Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <daniel@molkentin.de>
Date: Mon, 16 Nov 2015 15:06:15 +0100
From 6b9366e7748857f14d5b0f92ced70c08ab5235b7 Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <danimo@owncloud.com>
Date: Wed, 25 Nov 2015 12:37:27 +0100
Subject: [PATCH 2/2] QSslSocket: evaluate CAs in all keychain categories
This will make sure that certs in the domainUser (login),
@ -20,17 +20,12 @@ it will be accepted.
Task-number: QTBUG-32898
Change-Id: Ia23083d5af74388eeee31ba07239735cbbe64368
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
Conflicts:
src/network/ssl/qsslsocket_mac.cpp
src/network/ssl/qsslsocket_openssl.cpp
src/network/ssl/ssl.pri
---
src/network/ssl/qsslsocket.cpp | 4 +
src/network/ssl/qsslsocket_mac_shared.cpp | 149 ++++++++++++++++++++++++++++++
src/network/ssl/qsslsocket_mac_shared.cpp | 148 ++++++++++++++++++++++++++++++
src/network/ssl/qsslsocket_openssl.cpp | 30 +-----
src/network/ssl/ssl.pri | 4 +-
4 files changed, 159 insertions(+), 28 deletions(-)
4 files changed, 158 insertions(+), 28 deletions(-)
create mode 100644 src/network/ssl/qsslsocket_mac_shared.cpp
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
@ -40,7 +35,7 @@ index 8887f47..6347c20 100644
@@ -1446,6 +1446,10 @@ QList<QSslCertificate> QSslSocket::defaultCaCertificates()
returned by defaultCaCertificates(). You can replace that database
with your own with setDefaultCaCertificates().
+ \note: On OS X, only certificates that are either trusted for all
+ purposes or trusted for the purpose of SSL in the keychain will be
+ returned.
@ -50,10 +45,10 @@ index 8887f47..6347c20 100644
QList<QSslCertificate> QSslSocket::systemCaCertificates()
diff --git a/src/network/ssl/qsslsocket_mac_shared.cpp b/src/network/ssl/qsslsocket_mac_shared.cpp
new file mode 100644
index 0000000..b9ffd51
index 0000000..60fea4c
--- /dev/null
+++ b/src/network/ssl/qsslsocket_mac_shared.cpp
@@ -0,0 +1,149 @@
@@ -0,0 +1,148 @@
+/****************************************************************************
+**
+** Copyright (C) 2015 The Qt Company Ltd.
@ -91,7 +86,6 @@ index 0000000..b9ffd51
+//#define QSSLSOCKET_DEBUG
+//#define QT_DECRYPT_SSL_TRAFFIC
+
+#include "qssl_p.h"
+#include "qsslsocket.h"
+
+#ifndef QT_NO_OPENSSL
@ -163,7 +157,7 @@ index 0000000..b9ffd51
+ }
+ }
+ } else {
+ qCWarning(lcSsl, "Error receiving trust for a CA certificate");
+ qWarning("Error receiving trust for a CA certificate");
+ }
+ return false;
+}
@ -190,7 +184,7 @@ index 0000000..b9ffd51
+ QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert);
+ if (::isCaCertificateTrusted(cfCert, dom)) {
+ if (derData == NULL) {
+ qCWarning(lcSsl, "Error retrieving a CA certificate from the system store");
+ qWarning("Error retrieving a CA certificate from the system store");
+ } else {
+ systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der);
+ }
@ -204,13 +198,13 @@ index 0000000..b9ffd51
+
+QT_END_NAMESPACE
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 9d13301..7415e32 100644
index 7d0fe00..7415e32 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -71,14 +71,6 @@
#include <string.h>
-#ifdef Q_OS_DARWIN
-# include <private/qcore_mac_p.h>
-#endif
@ -220,12 +214,12 @@ index 9d13301..7415e32 100644
-#endif
-
QT_BEGIN_NAMESPACE
#if defined(Q_OS_WIN)
@@ -616,6 +608,7 @@ void QSslSocketPrivate::resetDefaultCiphers()
setDefaultCiphers(defaultCiphers);
}
+#ifndef Q_OS_DARWIN // Apple implementation in qsslsocket_mac_shared.cpp
QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
{
@ -246,7 +240,7 @@ index 9d13301..7415e32 100644
- SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
- QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert);
- if (derData == NULL) {
- qCWarning(lcSsl, "error retrieving a CA certificate from the system store");
- qWarning("error retrieving a CA certificate from the system store");
- } else {
- systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der);
- }
@ -258,11 +252,11 @@ index 9d13301..7415e32 100644
HCERTSTORE hSystemStore;
#if defined(Q_OS_WINCE)
@@ -719,6 +694,7 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
return systemCerts;
}
+#endif // Q_OS_DARWIN
void QSslSocketBackendPrivate::startClientEncryption()
{
diff --git a/src/network/ssl/ssl.pri b/src/network/ssl/ssl.pri
@ -272,13 +266,14 @@ index 384e149..9546f18 100644
@@ -45,7 +45,9 @@ contains(QT_CONFIG, openssl) | contains(QT_CONFIG, openssl-linked) {
ssl/qsslsocket_openssl.cpp \
ssl/qsslsocket_openssl_symbols.cpp
-android:!android-no-sdk: SOURCES += ssl/qsslsocket_openssl_android.cpp
+ darwin:SOURCES += ssl/qsslsocket_mac_shared.cpp
+
+ android:!android-no-sdk: SOURCES += ssl/qsslsocket_openssl_android.cpp
# Add optional SSL libs
# Static linking of OpenSSL with msvc:
--
--
1.9.1