Details
-
Bug
-
Resolution: Unresolved
-
P4: Low
-
None
-
5.12.0
-
None
-
Windows 10
Description
We have code of the following form:
QSslKey key( QByteArray(keyString.toUtf8()), QSsl::Rsa, QSsl::Pem);
if (key.isNull()) return false;
if (key.algorithm() != QSsl::Rsa || key.type() != QSsl::PrivateKey) return false;
return true;
When supplied a private key string of the form
----
BEGIN RSA PRIVATE KEY---\nMIIEowIBAAKCAQEA07/x1AEc2<redacted>jyJ9Utc24jNpRWsAq\n---END RSA PRIVATE KEY----
it returns true.
When supplied the same key, but with a leading space
----
BEGIN RSA PRIVATE KEY---\nMIIEowIBAAKCAQEA07/x1AEc2<redacted>jyJ9Utc24jNpRWsAq\n---END RSA PRIVATE KEY----
The code still succeeds under macOS Mojave.
It fails under Windows with Qt 5.10, with the algorithm/type not being correct.
It fails under Windows with Qt 5.12, with the key being null.
This appeared due to a customer doing a copy/paste of a valid key, and ending up with an invalid key.
Workaround: our code now trims keyString before using it.
Suggested fix: the QSslKey constructor should do the trim (or moral equivalent)
Note: QSslCertificate does not suffer from this, nor does QSslKey appear to suffer with trailing whitespace instead