Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-72016

QSslSocket::setPrivateKey silently succeeds with invalid paths

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • P4: Low
    • None
    • 5.11.2
    • Network: SSL
    • None
    • All

    Description

      The overload of QSslSocket::setPrivateKey taking a file path will succeed silently in all cases (also applicable to setting an invalid key). Having at least one of the following three things as error reporting is not unreasonable to expect:
      1) The method returns a success status (bool, probably can be added for Qt6).
      2) The method emits a debug warning (qWarning).
      3) The socket emits an SSL error.

      The offending code is here:
      qtbase/src/network/ssl/qsslsocket.cpp

      Related to QTBUG-72015.

      Attachments

        Issue Links

          relates to

          Suggestion - Public suggestions QTBUG-72015 QSslSocket::setLocalCertificate silently succeeds with invalid paths

          • P5: Not important - Not relevant and not urgent.
          • Open
          For Gerrit Dashboard: QTBUG-72016
          # Subject Branch Project Status CR V
          254675,2 Introduce means to clear the socket's private key dev qt/qtbase Status: NEW -2 0
          253791,4 Add input check for QSslSocket::setPrivateKey dev qt/qtbase Status: MERGED +2 0

          Activity

            People

              kshegunov Konstantin Shegunov
              kshegunov Konstantin Shegunov
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There is 1 open Gerrit change