Fix certificate errors when Schannel TLS backend is used

* Unify code paths for compiling expected SSL errors so in any case the
  expected errors are including the error types emitted by the Schannel
  backend
* See https://github.com/Martchus/syncthingtray/issues/223

syncthingconnector/syncthingconnection.cpp

@@ -802,14 +802,11 @@ bool SyncthingConnection::loadSelfSignedCertificate(const QUrl &url)
     }
     // add exception
     const QList<QSslCertificate> certs = QSslCertificate::fromPath(certPath);
-    if (certs.isEmpty()) {
+    if (certs.isEmpty() || certs.at(0).isNull()) {
         emit error(tr("Unable to load certificate used by Syncthing."), SyncthingErrorCategory::OverallConnection, QNetworkReply::NoError);
         return false;
     }
-    const QSslCertificate &cert = certs.at(0);
+    m_expectedSslErrors = SyncthingConnectionSettings::compileSslErrors(certs.at(0));
-    m_expectedSslErrors.reserve(4);
-    m_expectedSslErrors << QSslError(QSslError::UnableToGetLocalIssuerCertificate, cert) << QSslError(QSslError::UnableToVerifyFirstCertificate, cert)
-                        << QSslError(QSslError::SelfSignedCertificate, cert) << QSslError(QSslError::HostNameMismatch, cert);
     return true;
 }
 

syncthingconnector/syncthingconnectionsettings.cpp

@@ -2,6 +2,20 @@
 
 namespace Data {
 
+QList<QSslError> SyncthingConnectionSettings::compileSslErrors(const QSslCertificate &trustedCert)
+{
+    // clang-format off
+    return QList<QSslError>{
+        QSslError(QSslError::UnableToGetLocalIssuerCertificate, trustedCert),
+        QSslError(QSslError::UnableToVerifyFirstCertificate, trustedCert),
+        QSslError(QSslError::SelfSignedCertificate, trustedCert),
+        QSslError(QSslError::HostNameMismatch, trustedCert),
+        QSslError(QSslError::CertificateUntrusted, trustedCert),
+        QSslError(QSslError::CertificateRejected, trustedCert)
+    };
+    // clang-format on
+}
+
 bool SyncthingConnectionSettings::loadHttpsCert()
 {
     expectedSslErrors.clear();
@@ -9,23 +23,11 @@ bool SyncthingConnectionSettings::loadHttpsCert()
         return true;
     }
     const auto certs(QSslCertificate::fromPath(httpsCertPath));
-    if (certs.isEmpty()) {
+    if (certs.isEmpty() || certs.at(0).isNull()) {
         return false;
     }
-    const auto &cert(certs.front());
+
-    if (cert.isNull()) {
+    expectedSslErrors = compileSslErrors(certs.at(0));
-        return false;
-    }
-    // clang-format off
-    expectedSslErrors = {
-        QSslError(QSslError::UnableToGetLocalIssuerCertificate, cert),
-        QSslError(QSslError::UnableToVerifyFirstCertificate, cert),
-        QSslError(QSslError::SelfSignedCertificate, cert),
-        QSslError(QSslError::HostNameMismatch, cert),
-        QSslError(QSslError::CertificateUntrusted, cert),
-        QSslError(QSslError::CertificateRejected, cert)
-    };
-    // clang-format on
     return true;
 }
 } // namespace Data

syncthingconnector/syncthingconnectionsettings.h

@@ -10,6 +10,8 @@
 #include <QSslError>
 #include <QString>
 
+QT_FORWARD_DECLARE_CLASS(QSslCertificate)
+
 namespace Data {
 
 /*!
@@ -49,6 +51,7 @@ struct LIB_SYNCTHING_CONNECTOR_EXPORT SyncthingConnectionSettings {
     QList<QSslError> expectedSslErrors;
     SyncthingStatusComputionFlags statusComputionFlags = SyncthingStatusComputionFlags::Default;
     bool autoConnect = false;
+    static QList<QSslError> compileSslErrors(const QSslCertificate &trustedCert);
     bool loadHttpsCert();
 
     static constexpr int defaultTrafficPollInterval = 5000;