mirror of
https://github.com/nextcloud/desktop.git
synced 2024-11-28 03:49:20 +03:00
Merge pull request #1994 from nextcloud/cleanup_stale_files
Remove now unused Qt patch files
This commit is contained in:
commit
1f402e3482
5 changed files with 0 additions and 494 deletions
|
@ -1,23 +0,0 @@
|
|||
# This DockerFile is used to create the image used for Jenkins, the CI system (see Jenkinsfile)
|
||||
# It is not meant to be used to create the production packages.
|
||||
|
||||
# Distro with Qt 5.6
|
||||
FROM ubuntu:yakkety
|
||||
|
||||
RUN apt-get update -q && DEBIAN_FRONTEND=noninteractive apt-get install -q -y --no-install-recommends \
|
||||
locales \
|
||||
build-essential \
|
||||
clang \
|
||||
ninja-build \
|
||||
cmake \
|
||||
extra-cmake-modules \
|
||||
libsqlite3-dev \
|
||||
libssl-dev \
|
||||
libcmocka-dev \
|
||||
libcloudproviders-dev \
|
||||
qt5-default \
|
||||
qttools5-dev-tools \
|
||||
libqt5webkit5-dev \
|
||||
qt5keychain-dev \
|
||||
kio-dev \
|
||||
&& apt-get clean
|
|
@ -1,20 +0,0 @@
|
|||
## Patches used
|
||||
|
||||
There are our patches on top of Qt 5.6.2, which we are currently
|
||||
using for our binary packages on Windows and macOS. Most of them
|
||||
have been sent upstream and are part of newer Qt releases.
|
||||
|
||||
All changes are designed to be upstream, and all those that are
|
||||
special hacks to Qt will bear a NOUPSTREAM in their name
|
||||
|
||||
You can apply those patches on a git clone using:
|
||||
|
||||
```
|
||||
git am <client>/admin/qt/patches/qtbase/*.patch
|
||||
```
|
||||
|
||||
You can update them using:
|
||||
|
||||
```
|
||||
git format-patch -N --no-signature -o <client>/admin/qt/patches/qtbase/ <v5.x.y>
|
||||
```
|
|
@ -1,27 +0,0 @@
|
|||
From 96c34ce85136cbdc16ef83effa8a13137f7ae4c5 Mon Sep 17 00:00:00 2001
|
||||
From: Jocelyn Turcotte <jturcotte@woboq.com>
|
||||
Date: Fri, 6 Mar 2015 16:12:37 +0100
|
||||
Subject: [PATCH] [NOUPSTREAM] Fix -force-debug-info with macx-clang
|
||||
|
||||
---
|
||||
mkspecs/common/clang.conf | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/mkspecs/common/clang.conf b/mkspecs/common/clang.conf
|
||||
index e003b94..e9b3291 100644
|
||||
--- a/mkspecs/common/clang.conf
|
||||
+++ b/mkspecs/common/clang.conf
|
||||
@@ -21,11 +21,13 @@ QMAKE_CFLAGS_PRECOMPILE = -x c-header -c ${QMAKE_PCH_INPUT} -o ${QMAKE_
|
||||
QMAKE_CFLAGS_USE_PRECOMPILE = -Xclang -include-pch -Xclang ${QMAKE_PCH_OUTPUT}
|
||||
QMAKE_CFLAGS_LTCG = -flto
|
||||
QMAKE_CFLAGS_DISABLE_LTCG = -fno-lto
|
||||
+QMAKE_CFLAGS_RELEASE_WITH_DEBUGINFO = $$QMAKE_CFLAGS_OPTIMIZE -g
|
||||
|
||||
QMAKE_CXXFLAGS_PRECOMPILE = -x c++-header -c ${QMAKE_PCH_INPUT} -o ${QMAKE_PCH_OUTPUT}
|
||||
QMAKE_CXXFLAGS_USE_PRECOMPILE = $$QMAKE_CFLAGS_USE_PRECOMPILE
|
||||
QMAKE_CXXFLAGS_LTCG = $$QMAKE_CFLAGS_LTCG
|
||||
QMAKE_CXXFLAGS_DISABLE_LTCG = $$QMAKE_CFLAGS_DISABLE_LTCG
|
||||
+QMAKE_CXXFLAGS_RELEASE_WITH_DEBUGINFO = $$QMAKE_CFLAGS_RELEASE_WITH_DEBUGINFO
|
||||
QMAKE_CXXFLAGS_CXX11 = -std=c++11
|
||||
QMAKE_CXXFLAGS_CXX14 = -std=c++1y
|
||||
QMAKE_CXXFLAGS_CXX1Z = -std=c++1z
|
|
@ -1,148 +0,0 @@
|
|||
From e6bccb1f0d8ca59acb1ffdac74a823c06346e7f3 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Molkentin <daniel@molkentin.de>
|
||||
Date: Mon, 16 Nov 2015 15:02:37 +0100
|
||||
Subject: [PATCH] Remove legacy platform code in QSslSocket for OS X < 10.5
|
||||
|
||||
This avoids manual symbol lookups and makes the code more readable.
|
||||
Mark identical code.
|
||||
|
||||
Also use smart pointers instead of manual memory management.
|
||||
|
||||
(Backport of d42d7781f1cd62c3c7c008859507f24a1ff5bb2a to Qt 5.4)
|
||||
|
||||
Change-Id: I62820313dce87de6623cdc87b6e1361200ed7822
|
||||
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
|
||||
|
||||
Conflicts:
|
||||
src/network/ssl/qsslsocket_openssl.cpp
|
||||
---
|
||||
src/network/ssl/qsslsocket_openssl.cpp | 81 +++++++++++-----------------------
|
||||
src/network/ssl/qsslsocket_p.h | 6 +--
|
||||
2 files changed, 26 insertions(+), 61 deletions(-)
|
||||
|
||||
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
|
||||
index 82644c1..415f147 100644
|
||||
--- a/src/network/ssl/qsslsocket_openssl.cpp
|
||||
+++ b/src/network/ssl/qsslsocket_openssl.cpp
|
||||
@@ -76,14 +76,17 @@
|
||||
|
||||
#include <string.h>
|
||||
|
||||
+#ifdef Q_OS_DARWIN
|
||||
+# include <private/qcore_mac_p.h>
|
||||
+#endif
|
||||
+
|
||||
+#ifdef Q_OS_OSX
|
||||
+# include <Security/Security.h>
|
||||
+#endif
|
||||
+
|
||||
QT_BEGIN_NAMESPACE
|
||||
|
||||
-#if defined(Q_OS_MACX)
|
||||
-#define kSecTrustSettingsDomainSystem 2 // so we do not need to include the header file
|
||||
- PtrSecCertificateCopyData QSslSocketPrivate::ptrSecCertificateCopyData = 0;
|
||||
- PtrSecTrustSettingsCopyCertificates QSslSocketPrivate::ptrSecTrustSettingsCopyCertificates = 0;
|
||||
- PtrSecTrustCopyAnchorCertificates QSslSocketPrivate::ptrSecTrustCopyAnchorCertificates = 0;
|
||||
-#elif defined(Q_OS_WIN)
|
||||
+#if defined(Q_OS_WIN)
|
||||
PtrCertOpenSystemStoreW QSslSocketPrivate::ptrCertOpenSystemStoreW = 0;
|
||||
PtrCertFindCertificateInStore QSslSocketPrivate::ptrCertFindCertificateInStore = 0;
|
||||
PtrCertCloseStore QSslSocketPrivate::ptrCertCloseStore = 0;
|
||||
@@ -509,23 +512,7 @@ void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
|
||||
|
||||
#ifndef QT_NO_LIBRARY
|
||||
//load symbols needed to receive certificates from system store
|
||||
-#if defined(Q_OS_MACX)
|
||||
- QLibrary securityLib("/System/Library/Frameworks/Security.framework/Versions/Current/Security");
|
||||
- if (securityLib.load()) {
|
||||
- ptrSecCertificateCopyData = (PtrSecCertificateCopyData) securityLib.resolve("SecCertificateCopyData");
|
||||
- if (!ptrSecCertificateCopyData)
|
||||
- qCWarning(lcSsl, "could not resolve symbols in security library"); // should never happen
|
||||
-
|
||||
- ptrSecTrustSettingsCopyCertificates = (PtrSecTrustSettingsCopyCertificates) securityLib.resolve("SecTrustSettingsCopyCertificates");
|
||||
- if (!ptrSecTrustSettingsCopyCertificates) { // method was introduced in Leopard, use legacy method if it's not there
|
||||
- ptrSecTrustCopyAnchorCertificates = (PtrSecTrustCopyAnchorCertificates) securityLib.resolve("SecTrustCopyAnchorCertificates");
|
||||
- if (!ptrSecTrustCopyAnchorCertificates)
|
||||
- qCWarning(lcSsl, "could not resolve symbols in security library"); // should never happen
|
||||
- }
|
||||
- } else {
|
||||
- qCWarning(lcSsl, "could not load security library");
|
||||
- }
|
||||
-#elif defined(Q_OS_WIN)
|
||||
+#if defined(Q_OS_WIN)
|
||||
HINSTANCE hLib = LoadLibraryW(L"Crypt32");
|
||||
if (hLib) {
|
||||
#if defined(Q_OS_WINCE)
|
||||
@@ -693,40 +680,22 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
|
||||
timer.start();
|
||||
#endif
|
||||
QList<QSslCertificate> systemCerts;
|
||||
-#if defined(Q_OS_MACX)
|
||||
- CFArrayRef cfCerts;
|
||||
- OSStatus status = 1;
|
||||
-
|
||||
- CFDataRef SecCertificateCopyData (
|
||||
- SecCertificateRef certificate
|
||||
- );
|
||||
-
|
||||
- if (ptrSecCertificateCopyData) {
|
||||
- if (ptrSecTrustSettingsCopyCertificates)
|
||||
- status = ptrSecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts);
|
||||
- else if (ptrSecTrustCopyAnchorCertificates)
|
||||
- status = ptrSecTrustCopyAnchorCertificates(&cfCerts);
|
||||
- if (!status) {
|
||||
- CFIndex size = CFArrayGetCount(cfCerts);
|
||||
- for (CFIndex i = 0; i < size; ++i) {
|
||||
- SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
|
||||
- CFDataRef data;
|
||||
-
|
||||
- data = ptrSecCertificateCopyData(cfCert);
|
||||
-
|
||||
- if (data == NULL) {
|
||||
- qCWarning(lcSsl, "error retrieving a CA certificate from the system store");
|
||||
- } else {
|
||||
- QByteArray rawCert = QByteArray::fromRawData((const char *)CFDataGetBytePtr(data), CFDataGetLength(data));
|
||||
- systemCerts.append(QSslCertificate::fromData(rawCert, QSsl::Der));
|
||||
- CFRelease(data);
|
||||
- }
|
||||
+ // note: also check implementation in openssl_mac.cpp
|
||||
+#if defined(Q_OS_OSX)
|
||||
+ // SecTrustSettingsCopyCertificates is not defined on iOS.
|
||||
+ QCFType<CFArrayRef> cfCerts;
|
||||
+
|
||||
+ OSStatus status = SecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts);
|
||||
+ if (status == noErr ) {
|
||||
+ const CFIndex size = CFArrayGetCount(cfCerts);
|
||||
+ for (CFIndex i = 0; i < size; ++i) {
|
||||
+ SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
|
||||
+ QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert);
|
||||
+ if (derData == NULL) {
|
||||
+ qWarning("error retrieving a CA certificate from the system store");
|
||||
+ } else {
|
||||
+ systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der);
|
||||
}
|
||||
- CFRelease(cfCerts);
|
||||
- }
|
||||
- else {
|
||||
- // no detailed error handling here
|
||||
- qCWarning(lcSsl, "could not retrieve system CA certificates");
|
||||
}
|
||||
}
|
||||
#elif defined(Q_OS_WIN)
|
||||
diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
|
||||
index d651971..17cc7b4 100644
|
||||
--- a/src/network/ssl/qsslsocket_p.h
|
||||
+++ b/src/network/ssl/qsslsocket_p.h
|
||||
@@ -151,11 +151,7 @@ public:
|
||||
static bool isMatchingHostname(const QSslCertificate &cert, const QString &peerName);
|
||||
Q_AUTOTEST_EXPORT static bool isMatchingHostname(const QString &cn, const QString &hostname);
|
||||
|
||||
-#if defined(Q_OS_MACX)
|
||||
- static PtrSecCertificateCopyData ptrSecCertificateCopyData;
|
||||
- static PtrSecTrustSettingsCopyCertificates ptrSecTrustSettingsCopyCertificates;
|
||||
- static PtrSecTrustCopyAnchorCertificates ptrSecTrustCopyAnchorCertificates;
|
||||
-#elif defined(Q_OS_WIN) && !defined(Q_OS_WINRT)
|
||||
+#if defined(Q_OS_WIN) && !defined(Q_OS_WINRT)
|
||||
static PtrCertOpenSystemStoreW ptrCertOpenSystemStoreW;
|
||||
static PtrCertFindCertificateInStore ptrCertFindCertificateInStore;
|
||||
static PtrCertCloseStore ptrCertCloseStore;
|
|
@ -1,276 +0,0 @@
|
|||
From 9d1120db0973ea7741b13a6555b20ae61f6d037e Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Molkentin <danimo@owncloud.com>
|
||||
Date: Wed, 25 Nov 2015 12:37:27 +0100
|
||||
Subject: [PATCH] QSslSocket: evaluate CAs in all keychain categories
|
||||
|
||||
This will make sure that certs in the domainUser (login),
|
||||
and domainAdmin (per machine) keychain are being picked up
|
||||
in systemCaCertificates() in addition to the (usually immutable)
|
||||
DomainSystem keychain.
|
||||
|
||||
Also consider the trust settings on OS X: If a certificate
|
||||
is either fully trusted or trusted for the purpose of SSL,
|
||||
it will be accepted.
|
||||
|
||||
[ChangeLog][Platform Specific Changes] OS X now accepts trusted
|
||||
certificates from the login and system keychains.
|
||||
|
||||
(Backport of fe3a84138e266c425f11353f7d8dc28a588af89e)
|
||||
|
||||
Task-number: QTBUG-32898
|
||||
Change-Id: Ia23083d5af74388eeee31ba07239735cbbe64368
|
||||
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
|
||||
---
|
||||
src/network/ssl/qsslsocket.cpp | 4 +
|
||||
src/network/ssl/qsslsocket_mac_shared.cpp | 148 ++++++++++++++++++++++++++++++
|
||||
src/network/ssl/qsslsocket_openssl.cpp | 30 +-----
|
||||
src/network/ssl/ssl.pri | 4 +-
|
||||
4 files changed, 158 insertions(+), 28 deletions(-)
|
||||
create mode 100644 src/network/ssl/qsslsocket_mac_shared.cpp
|
||||
|
||||
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
|
||||
index 549906a..7b202b0 100644
|
||||
--- a/src/network/ssl/qsslsocket.cpp
|
||||
+++ b/src/network/ssl/qsslsocket.cpp
|
||||
@@ -1508,6 +1508,10 @@ QList<QSslCertificate> QSslSocket::defaultCaCertificates()
|
||||
returned by defaultCaCertificates(). You can replace that database
|
||||
with your own with setDefaultCaCertificates().
|
||||
|
||||
+ \note: On OS X, only certificates that are either trusted for all
|
||||
+ purposes or trusted for the purpose of SSL in the keychain will be
|
||||
+ returned.
|
||||
+
|
||||
\sa caCertificates(), defaultCaCertificates(), setDefaultCaCertificates()
|
||||
*/
|
||||
QList<QSslCertificate> QSslSocket::systemCaCertificates()
|
||||
diff --git a/src/network/ssl/qsslsocket_mac_shared.cpp b/src/network/ssl/qsslsocket_mac_shared.cpp
|
||||
new file mode 100644
|
||||
index 0000000..60fea4c
|
||||
--- /dev/null
|
||||
+++ b/src/network/ssl/qsslsocket_mac_shared.cpp
|
||||
@@ -0,0 +1,148 @@
|
||||
+/****************************************************************************
|
||||
+**
|
||||
+** Copyright (C) 2015 The Qt Company Ltd.
|
||||
+** Copyright (C) 2015 ownCloud Inc
|
||||
+** Contact: http://www.qt.io/licensing/
|
||||
+**
|
||||
+** This file is part of the QtNetwork module of the Qt Toolkit.
|
||||
+**
|
||||
+** $QT_BEGIN_LICENSE:LGPL21$
|
||||
+** Commercial License Usage
|
||||
+** Licensees holding valid commercial Qt licenses may use this file in
|
||||
+** accordance with the commercial license agreement provided with the
|
||||
+** Software or, alternatively, in accordance with the terms contained in
|
||||
+** a written agreement between you and The Qt Company. For licensing terms
|
||||
+** and conditions see http://www.qt.io/terms-conditions. For further
|
||||
+** information use the contact form at http://www.qt.io/contact-us.
|
||||
+**
|
||||
+** GNU Lesser General Public License Usage
|
||||
+** Alternatively, this file may be used under the terms of the GNU Lesser
|
||||
+** General Public License version 2.1 or version 3 as published by the Free
|
||||
+** Software Foundation and appearing in the file LICENSE.LGPLv21 and
|
||||
+** LICENSE.LGPLv3 included in the packaging of this file. Please review the
|
||||
+** following information to ensure the GNU Lesser General Public License
|
||||
+** requirements will be met: https://www.gnu.org/licenses/lgpl.html and
|
||||
+** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
|
||||
+**
|
||||
+** As a special exception, The Qt Company gives you certain additional
|
||||
+** rights. These rights are described in The Qt Company LGPL Exception
|
||||
+** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
|
||||
+**
|
||||
+** $QT_END_LICENSE$
|
||||
+**
|
||||
+****************************************************************************/
|
||||
+
|
||||
+//#define QSSLSOCKET_DEBUG
|
||||
+//#define QT_DECRYPT_SSL_TRAFFIC
|
||||
+
|
||||
+#include "qsslsocket.h"
|
||||
+
|
||||
+#ifndef QT_NO_OPENSSL
|
||||
+# include "qsslsocket_openssl_p.h"
|
||||
+# include "qsslsocket_openssl_symbols_p.h"
|
||||
+#endif
|
||||
+
|
||||
+#include "qsslcertificate_p.h"
|
||||
+
|
||||
+#ifdef Q_OS_DARWIN
|
||||
+# include <private/qcore_mac_p.h>
|
||||
+#endif
|
||||
+
|
||||
+#include <QtCore/qdebug.h>
|
||||
+
|
||||
+#ifdef Q_OS_OSX
|
||||
+# include <Security/Security.h>
|
||||
+#endif
|
||||
+
|
||||
+
|
||||
+QT_BEGIN_NAMESPACE
|
||||
+
|
||||
+#ifdef Q_OS_OSX
|
||||
+namespace {
|
||||
+
|
||||
+bool hasTrustedSslServerPolicy(SecPolicyRef policy, CFDictionaryRef props) {
|
||||
+ QCFType<CFDictionaryRef> policyProps = SecPolicyCopyProperties(policy);
|
||||
+ // only accept certificates with policies for SSL server validation for now
|
||||
+ if (CFEqual(CFDictionaryGetValue(policyProps, kSecPolicyOid), kSecPolicyAppleSSL)) {
|
||||
+ CFBooleanRef policyClient;
|
||||
+ if (CFDictionaryGetValueIfPresent(policyProps, kSecPolicyClient, reinterpret_cast<const void**>(&policyClient)) &&
|
||||
+ CFEqual(policyClient, kCFBooleanTrue)) {
|
||||
+ return false; // no client certs
|
||||
+ }
|
||||
+ if (!CFDictionaryContainsKey(props, kSecTrustSettingsResult)) {
|
||||
+ // as per the docs, no trust settings result implies full trust
|
||||
+ return true;
|
||||
+ }
|
||||
+ CFNumberRef number = static_cast<CFNumberRef>(CFDictionaryGetValue(props, kSecTrustSettingsResult));
|
||||
+ SecTrustSettingsResult settingsResult;
|
||||
+ CFNumberGetValue(number, kCFNumberSInt32Type, &settingsResult);
|
||||
+ switch (settingsResult) {
|
||||
+ case kSecTrustSettingsResultTrustRoot:
|
||||
+ case kSecTrustSettingsResultTrustAsRoot:
|
||||
+ return true;
|
||||
+ default:
|
||||
+ return false;
|
||||
+ }
|
||||
+ }
|
||||
+ return false;
|
||||
+}
|
||||
+
|
||||
+bool isCaCertificateTrusted(SecCertificateRef cfCert, int domain)
|
||||
+{
|
||||
+ QCFType<CFArrayRef> cfTrustSettings;
|
||||
+ OSStatus status = SecTrustSettingsCopyTrustSettings(cfCert, domain, &cfTrustSettings);
|
||||
+ if (status == noErr) {
|
||||
+ CFIndex size = CFArrayGetCount(cfTrustSettings);
|
||||
+ // if empty, trust for everything (as per the Security Framework documentation)
|
||||
+ if (size == 0) {
|
||||
+ return true;
|
||||
+ } else {
|
||||
+ for (CFIndex i = 0; i < size; ++i) {
|
||||
+ CFDictionaryRef props = static_cast<CFDictionaryRef>(CFArrayGetValueAtIndex(cfTrustSettings, i));
|
||||
+ if (CFDictionaryContainsKey(props, kSecTrustSettingsPolicy)) {
|
||||
+ if (hasTrustedSslServerPolicy((SecPolicyRef)CFDictionaryGetValue(props, kSecTrustSettingsPolicy), props))
|
||||
+ return true;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ } else {
|
||||
+ qWarning("Error receiving trust for a CA certificate");
|
||||
+ }
|
||||
+ return false;
|
||||
+}
|
||||
+
|
||||
+} // anon namespace
|
||||
+#endif // Q_OS_OSX
|
||||
+
|
||||
+QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
|
||||
+{
|
||||
+ ensureInitialized();
|
||||
+
|
||||
+ QList<QSslCertificate> systemCerts;
|
||||
+ // SecTrustSettingsCopyCertificates is not defined on iOS.
|
||||
+#ifdef Q_OS_OSX
|
||||
+ QCFType<CFArrayRef> cfCerts;
|
||||
+ // iterate through all enum members, order:
|
||||
+ // kSecTrustSettingsDomainUser, kSecTrustSettingsDomainAdmin, kSecTrustSettingsDomainSystem
|
||||
+ for (int dom = kSecTrustSettingsDomainUser; dom <= kSecTrustSettingsDomainSystem; dom++) {
|
||||
+ OSStatus status = SecTrustSettingsCopyCertificates(dom, &cfCerts);
|
||||
+ if (status == noErr) {
|
||||
+ const CFIndex size = CFArrayGetCount(cfCerts);
|
||||
+ for (CFIndex i = 0; i < size; ++i) {
|
||||
+ SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
|
||||
+ QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert);
|
||||
+ if (::isCaCertificateTrusted(cfCert, dom)) {
|
||||
+ if (derData == NULL) {
|
||||
+ qWarning("Error retrieving a CA certificate from the system store");
|
||||
+ } else {
|
||||
+ systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+ return systemCerts;
|
||||
+}
|
||||
+
|
||||
+QT_END_NAMESPACE
|
||||
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
|
||||
index 415f147..7a3cb42 100644
|
||||
--- a/src/network/ssl/qsslsocket_openssl.cpp
|
||||
+++ b/src/network/ssl/qsslsocket_openssl.cpp
|
||||
@@ -76,14 +76,6 @@
|
||||
|
||||
#include <string.h>
|
||||
|
||||
-#ifdef Q_OS_DARWIN
|
||||
-# include <private/qcore_mac_p.h>
|
||||
-#endif
|
||||
-
|
||||
-#ifdef Q_OS_OSX
|
||||
-# include <Security/Security.h>
|
||||
-#endif
|
||||
-
|
||||
QT_BEGIN_NAMESPACE
|
||||
|
||||
#if defined(Q_OS_WIN)
|
||||
@@ -672,6 +664,7 @@ void QSslSocketPrivate::resetDefaultEllipticCurves()
|
||||
setDefaultSupportedEllipticCurves(curves);
|
||||
}
|
||||
|
||||
+#ifndef Q_OS_DARWIN // Apple implementation in qsslsocket_mac_shared.cpp
|
||||
QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
|
||||
{
|
||||
ensureInitialized();
|
||||
@@ -680,25 +673,7 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
|
||||
timer.start();
|
||||
#endif
|
||||
QList<QSslCertificate> systemCerts;
|
||||
- // note: also check implementation in openssl_mac.cpp
|
||||
-#if defined(Q_OS_OSX)
|
||||
- // SecTrustSettingsCopyCertificates is not defined on iOS.
|
||||
- QCFType<CFArrayRef> cfCerts;
|
||||
-
|
||||
- OSStatus status = SecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts);
|
||||
- if (status == noErr ) {
|
||||
- const CFIndex size = CFArrayGetCount(cfCerts);
|
||||
- for (CFIndex i = 0; i < size; ++i) {
|
||||
- SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
|
||||
- QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert);
|
||||
- if (derData == NULL) {
|
||||
- qWarning("error retrieving a CA certificate from the system store");
|
||||
- } else {
|
||||
- systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der);
|
||||
- }
|
||||
- }
|
||||
- }
|
||||
-#elif defined(Q_OS_WIN)
|
||||
+#if defined(Q_OS_WIN)
|
||||
if (ptrCertOpenSystemStoreW && ptrCertFindCertificateInStore && ptrCertCloseStore) {
|
||||
HCERTSTORE hSystemStore;
|
||||
#if defined(Q_OS_WINCE)
|
||||
@@ -775,6 +750,7 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
|
||||
|
||||
return systemCerts;
|
||||
}
|
||||
+#endif // Q_OS_DARWIN
|
||||
|
||||
void QSslSocketBackendPrivate::startClientEncryption()
|
||||
{
|
||||
diff --git a/src/network/ssl/ssl.pri b/src/network/ssl/ssl.pri
|
||||
index 29c47cd..8eb605b 100644
|
||||
--- a/src/network/ssl/ssl.pri
|
||||
+++ b/src/network/ssl/ssl.pri
|
||||
@@ -62,7 +62,9 @@ contains(QT_CONFIG, openssl) | contains(QT_CONFIG, openssl-linked) {
|
||||
ssl/qsslsocket_openssl.cpp \
|
||||
ssl/qsslsocket_openssl_symbols.cpp
|
||||
|
||||
-android:!android-no-sdk: SOURCES += ssl/qsslsocket_openssl_android.cpp
|
||||
+ darwin:SOURCES += ssl/qsslsocket_mac_shared.cpp
|
||||
+
|
||||
+ android:!android-no-sdk: SOURCES += ssl/qsslsocket_openssl_android.cpp
|
||||
|
||||
# Add optional SSL libs
|
||||
# Static linking of OpenSSL with msvc:
|
Loading…
Reference in a new issue