Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-72015

QSslSocket::setLocalCertificate silently succeeds with invalid paths

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • P5: Not important
    • Some future release
    • 5.11.2
    • Network: SSL
    • None
    • All

    Description

      The overload of QSslSocket::setLocalCertificate taking a file path will succeed silently in all cases (also applicable to setting a null certificate). Having at least one of the following three things as error reporting is not unreasonable to expect:
      1) The method returns a success status (bool, probably can be added for Qt6).
      2) The method emits a debug warning (qWarning).
      3) The socket emits an SSL error.

      The offending code is here:
      qtbase/src/network/ssl/qsslsocket.cpp

      Attachments

        Issue Links

          relates to

          Suggestion - Public suggestions QTBUG-72016 QSslSocket::setPrivateKey silently succeeds with invalid paths

          • P4: Low - Would be nice to fix, but it's not very important.
          • Open
          For Gerrit Dashboard: QTBUG-72015
          # Subject Branch Project Status CR V
          253794,2 Add input checks for local certificate chains dev qt/qtbase Status: NEW 0 0

          Activity

            People

              kshegunov Konstantin Shegunov
              kshegunov Konstantin Shegunov
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There is 1 open Gerrit change