Add class QOcspResponse, providing a bit more details

about why a certificate was revoked (if it was) and the responder's
certificate, if we managed to verify a signature, as was previously
shortly discussed in the 'OCSP stapling' patch-set. Auto-test update
will be in a separate patch.

[ChangeLog][QtNetwork][Ssl] Added class QOcspResponse as a part of
 OCSP stapling support.

Change-Id: I4e17fb6fc4c3dae0b8ad04ff2897a4823736d16e
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>

1 files changed, 16 insertions, 0 deletions

diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index a58f0b7e61..8d3ca092ff 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -314,6 +314,7 @@
 #include "qssl_p.h"
 #include "qsslsocket.h"
 #include "qsslcipher.h"
+#include "qocspresponse.h"
 #ifndef QT_NO_OPENSSL
 #include "qsslsocket_openssl_p.h"
 #endif
@@ -1151,6 +1152,20 @@ QSsl::SslProtocol QSslSocket::sessionProtocol() const
     return d->sessionProtocol();
 }
 
+/*!
+    \since 5.13
+
+    This function returns Online Certificate Status Protocol response that
+    a server may send during a TLS handshake using OCSP stapling. If no
+    definitive or no response was received at all, the response is empty.
+
+    \sa QSslConfiguration::setOcspStaplingEnabled(), QOcspResponse::isNull()
+*/
+QOcspResponse QSslSocket::ocspResponse() const
+{
+    Q_D(const QSslSocket);
+    return d->ocspResponse;
+}
 
 /*!
     Sets the socket's private \l {QSslKey} {key} to \a key. The
@@ -2135,6 +2150,7 @@ void QSslSocketPrivate::init()
     shutdown = false;
     pendingClose = false;
     flushTriggered = false;
+    ocspResponse.clear();
 
     // we don't want to clear the ignoreErrorsList, so
     // that it is possible setting it before connecting