Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-72016

QSslSocket::setPrivateKey silently succeeds with invalid paths

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • Icon: P4: Low P4: Low
    • None
    • 5.11.2
    • Network: SSL
    • None
    • All

      The overload of QSslSocket::setPrivateKey taking a file path will succeed silently in all cases (also applicable to setting an invalid key). Having at least one of the following three things as error reporting is not unreasonable to expect:
      1) The method returns a success status (bool, probably can be added for Qt6).
      2) The method emits a debug warning (qWarning).
      3) The socket emits an SSL error.

      The offending code is here:
      qtbase/src/network/ssl/qsslsocket.cpp

      Related to QTBUG-72015.

        For Gerrit Dashboard: QTBUG-72016
        # Subject Branch Project Status CR V
        254675,2 Introduce means to clear the socket's private key dev qt/qtbase Status: NEW -2 0

            kshegunov Konstantin Shegunov
            kshegunov Konstantin Shegunov
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:

                There is 1 open Gerrit change