nextcloud-desktop/admin/qt/patches/0015-Remove-legacy-platform-code-in-QSslSocket-for-OS-X-1.patch
2015-11-25 12:42:58 +01:00

153 lines
6.6 KiB
Diff

From 06818f6d1c602aa3c4f9356324866432d2dd0195 Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <daniel@molkentin.de>
Date: Mon, 16 Nov 2015 15:02:37 +0100
Subject: [PATCH 1/2] Remove legacy platform code in QSslSocket for OS X < 10.5
This avoids manual symbol lookups and makes the code more readable.
Mark identical code.
Also use smart pointers instead of manual memory management.
(Backport of d42d7781f1cd62c3c7c008859507f24a1ff5bb2a to Qt 5.4)
Change-Id: I62820313dce87de6623cdc87b6e1361200ed7822
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
Conflicts:
src/network/ssl/qsslsocket_openssl.cpp
---
src/network/ssl/qsslsocket_openssl.cpp | 83 +++++++++++-----------------------
src/network/ssl/qsslsocket_p.h | 6 +--
2 files changed, 28 insertions(+), 61 deletions(-)
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 13fc534..7d0fe00 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -69,14 +69,19 @@
#include <QtCore/qvarlengtharray.h>
#include <QLibrary> // for loading the security lib for the CA store
+#include <string.h>
+
+#ifdef Q_OS_DARWIN
+# include <private/qcore_mac_p.h>
+#endif
+
+#ifdef Q_OS_OSX
+# include <Security/Security.h>
+#endif
+
QT_BEGIN_NAMESPACE
-#if defined(Q_OS_MACX)
-#define kSecTrustSettingsDomainSystem 2 // so we do not need to include the header file
- PtrSecCertificateCopyData QSslSocketPrivate::ptrSecCertificateCopyData = 0;
- PtrSecTrustSettingsCopyCertificates QSslSocketPrivate::ptrSecTrustSettingsCopyCertificates = 0;
- PtrSecTrustCopyAnchorCertificates QSslSocketPrivate::ptrSecTrustCopyAnchorCertificates = 0;
-#elif defined(Q_OS_WIN)
+#if defined(Q_OS_WIN)
PtrCertOpenSystemStoreW QSslSocketPrivate::ptrCertOpenSystemStoreW = 0;
PtrCertFindCertificateInStore QSslSocketPrivate::ptrCertFindCertificateInStore = 0;
PtrCertCloseStore QSslSocketPrivate::ptrCertCloseStore = 0;
@@ -482,23 +487,7 @@ void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
#ifndef QT_NO_LIBRARY
//load symbols needed to receive certificates from system store
-#if defined(Q_OS_MACX)
- QLibrary securityLib("/System/Library/Frameworks/Security.framework/Versions/Current/Security");
- if (securityLib.load()) {
- ptrSecCertificateCopyData = (PtrSecCertificateCopyData) securityLib.resolve("SecCertificateCopyData");
- if (!ptrSecCertificateCopyData)
- qWarning("could not resolve symbols in security library"); // should never happen
-
- ptrSecTrustSettingsCopyCertificates = (PtrSecTrustSettingsCopyCertificates) securityLib.resolve("SecTrustSettingsCopyCertificates");
- if (!ptrSecTrustSettingsCopyCertificates) { // method was introduced in Leopard, use legacy method if it's not there
- ptrSecTrustCopyAnchorCertificates = (PtrSecTrustCopyAnchorCertificates) securityLib.resolve("SecTrustCopyAnchorCertificates");
- if (!ptrSecTrustCopyAnchorCertificates)
- qWarning("could not resolve symbols in security library"); // should never happen
- }
- } else {
- qWarning("could not load security library");
- }
-#elif defined(Q_OS_WIN)
+#if defined(Q_OS_WIN)
HINSTANCE hLib = LoadLibraryW(L"Crypt32");
if (hLib) {
#if defined(Q_OS_WINCE)
@@ -635,40 +624,22 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
timer.start();
#endif
QList<QSslCertificate> systemCerts;
-#if defined(Q_OS_MACX)
- CFArrayRef cfCerts;
- OSStatus status = 1;
-
- CFDataRef SecCertificateCopyData (
- SecCertificateRef certificate
- );
-
- if (ptrSecCertificateCopyData) {
- if (ptrSecTrustSettingsCopyCertificates)
- status = ptrSecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts);
- else if (ptrSecTrustCopyAnchorCertificates)
- status = ptrSecTrustCopyAnchorCertificates(&cfCerts);
- if (!status) {
- CFIndex size = CFArrayGetCount(cfCerts);
- for (CFIndex i = 0; i < size; ++i) {
- SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
- CFDataRef data;
-
- data = ptrSecCertificateCopyData(cfCert);
-
- if (data == NULL) {
- qWarning("error retrieving a CA certificate from the system store");
- } else {
- QByteArray rawCert = QByteArray::fromRawData((const char *)CFDataGetBytePtr(data), CFDataGetLength(data));
- systemCerts.append(QSslCertificate::fromData(rawCert, QSsl::Der));
- CFRelease(data);
- }
+ // note: also check implementation in openssl_mac.cpp
+#if defined(Q_OS_OSX)
+ // SecTrustSettingsCopyCertificates is not defined on iOS.
+ QCFType<CFArrayRef> cfCerts;
+
+ OSStatus status = SecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts);
+ if (status == noErr ) {
+ const CFIndex size = CFArrayGetCount(cfCerts);
+ for (CFIndex i = 0; i < size; ++i) {
+ SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
+ QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert);
+ if (derData == NULL) {
+ qWarning("error retrieving a CA certificate from the system store");
+ } else {
+ systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der);
}
- CFRelease(cfCerts);
- }
- else {
- // no detailed error handling here
- qWarning("could not retrieve system CA certificates");
}
}
#elif defined(Q_OS_WIN)
diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
index 6e7a2c5..c1a6f05 100644
--- a/src/network/ssl/qsslsocket_p.h
+++ b/src/network/ssl/qsslsocket_p.h
@@ -145,11 +145,7 @@ public:
static bool isMatchingHostname(const QSslCertificate &cert, const QString &peerName);
Q_AUTOTEST_EXPORT static bool isMatchingHostname(const QString &cn, const QString &hostname);
-#if defined(Q_OS_MACX)
- static PtrSecCertificateCopyData ptrSecCertificateCopyData;
- static PtrSecTrustSettingsCopyCertificates ptrSecTrustSettingsCopyCertificates;
- static PtrSecTrustCopyAnchorCertificates ptrSecTrustCopyAnchorCertificates;
-#elif defined(Q_OS_WIN) && !defined(Q_OS_WINRT)
+#if defined(Q_OS_WIN) && !defined(Q_OS_WINRT)
static PtrCertOpenSystemStoreW ptrCertOpenSystemStoreW;
static PtrCertFindCertificateInStore ptrCertFindCertificateInStore;
static PtrCertCloseStore ptrCertCloseStore;
--
1.9.1