Qt applications want to use crypto functionality to
- manage keys and certificates
- Key generation support
- Certificate Signing Request generation support
- optional: Certificate signing
- optional: Certificate Revocation List generation support
- encrypt/decrypt data
- streaming support
A separate set of classes that provide access this functionality and abstracts the underlying libraries (like OpenSSL, mbedTLS, WolfSSL, NSS, BoringSSL, gcrypt, Botan) and OS sevices (like SecureTransport, SecureChannel) could then be used by QtNetwork as well to implement SSL/TLS support.
An architecture that defines an interface that allows the implementation of different might be possible, and gives users or 3rd parties the opportunity to develop their own backends.
Possible alternative to extending QSsl (aka. X509) is to use an external dependecy library (https://userbase.kde.org/QCA), which already has a Qt API.
The certificate management API is already worked on by QtOpcUa team because it requires CSR generation. (https://codereview.qt-project.org/c/qt/qtopcua/+/263819)