Details
-
Bug
-
Resolution: Done
-
P3: Somewhat important
-
5.11.1
-
None
-
macOS 10.13.6
-
-
81910b5f3cfb8c8b0c009913d62dacff4e73bc3b
Description
The mitigation for QTBUG-56102 causing unwanted password prompts appears to break after a machine lock/unlock or sleep/wake cycle. I believe macOS calls SecKeychainLockAll() when the machine returns to the lock screen to lock all of the user's active keychains. As a result, Qt's temporary keychain is also locked, causing endless unwanted password prompts when it tries to use keys and prompting the user for a password they could not possibly have (since the QSslSocket's EphemeralSecKeychain object generates it internally).
I believe this issue can be fixed by calling SecKeychainGetStatus() prior to using the temporary keychain and using SecKeychainUnlock() if the temporary keychain is locked. This does leave a little window where a password prompt could still be generated if the keychain is locked at just the right time, but it's certainly better than an endless stream of password prompts which I get now.
For an even more comprehensive solution, SecKeychainSetUserInteractionAllowed() can block all password prompts (turning the race condition into a SecPKCS12Import() failure rather than a blocking password prompt).