From 55aa092df247420c71391159d9516400e1772222 Mon Sep 17 00:00:00 2001
From: Felix Geyer <debfx@fobos.de>
Date: Tue, 27 Sep 2011 15:49:04 +0200
Subject: [PATCH] Support intermediate CA certificates.

The server needs to send the intermediate CA certs if the client only
has the root CA in his trusted cert pool.

The .pem cert file needs to look like this:
[key], [server cert], [intermediate CAs], [root CA]
---
 src/core/sslserver.cpp | 15 ++++++++++++++-
 src/core/sslserver.h   |  1 +
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp
index aa5be2c2..4080f814 100644
--- a/src/core/sslserver.cpp
+++ b/src/core/sslserver.cpp
@@ -60,6 +60,7 @@ void SslServer::incomingConnection(int socketDescriptor) {
     if(isCertValid()) {
       serverSocket->setLocalCertificate(_cert);
       serverSocket->setPrivateKey(_key);
+      serverSocket->addCaCertificates(_ca);
     }
     _pendingConnections << serverSocket;
     emit newConnection();
@@ -86,7 +87,19 @@ bool SslServer::setCertificate(const QString &path) {
       << "error:" << certFile.error();
     return false;
   }
-  _cert = QSslCertificate(&certFile);
+
+  QList<QSslCertificate> certList = QSslCertificate::fromDevice(&certFile);
+
+  if (certList.isEmpty()) {
+    quWarning() << "SslServer: Certificate file doesn't contain a certificate";
+    return false;
+  }
+
+  _cert = certList[0];
+  certList.removeFirst(); // remove server cert
+
+  // store CA and intermediates certs
+  _ca = certList;
 
   if(!certFile.reset()) {
     quWarning() << "SslServer: IO error reading certificate file";
diff --git a/src/core/sslserver.h b/src/core/sslserver.h
index 306bd8ef..d0efde21 100644
--- a/src/core/sslserver.h
+++ b/src/core/sslserver.h
@@ -49,6 +49,7 @@ private:
   QLinkedList<QTcpSocket *> _pendingConnections;
   QSslCertificate _cert;
   QSslKey _key;
+  QList<QSslCertificate> _ca;
   bool _isCertValid;
 };
 
-- 
2.20.1