diff options
author | Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> | 2014-09-03 11:12:12 +0200 |
---|---|---|
committer | Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> | 2014-11-26 22:07:56 +0100 |
commit | ffbfd8eda691be9e6814187015d87dffc2b0d58f (patch) | |
tree | 812f64a370cd4e30771201d821a0d12668b232ee /src/network/ssl/qsslconfiguration.cpp | |
parent | 153463ea956794053af755c22f6562fff4ed520a (diff) |
SSL: Add support for selecting which curves should be used by an elliptic cipher
[ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic
curves should be used by an elliptic curve cipher.
Change-Id: If5d0d58922768b6f1375836489180e576f5a015a
Done-with: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src/network/ssl/qsslconfiguration.cpp')
-rw-r--r-- | src/network/ssl/qsslconfiguration.cpp | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index 2aa59e5d18..9430e81fd3 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -202,6 +202,7 @@ bool QSslConfiguration::operator==(const QSslConfiguration &other) const d->sessionCipher == other.d->sessionCipher && d->sessionProtocol == other.d->sessionProtocol && d->ciphers == other.d->ciphers && + d->ellipticCurves == other.d->ellipticCurves && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && @@ -242,6 +243,7 @@ bool QSslConfiguration::isNull() const d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && + d->ellipticCurves.isEmpty() && d->localCertificateChain.isEmpty() && d->privateKey.isNull() && d->peerCertificate.isNull() && @@ -695,6 +697,50 @@ int QSslConfiguration::sessionTicketLifeTimeHint() const } /*! + \since 5.5 + + Returns this connection's current list of elliptic curves. This + list is used during the handshake phase for choosing an + elliptic curve (when using an elliptic curve cipher). + The returned list of curves is ordered by descending preference + (i.e., the first curve in the list is the most preferred one). + + By default, the handshake phase can choose any of the curves + supported by this system's SSL libraries, which may vary from + system to system. The list of curves supported by this system's + SSL libraries is returned by QSslSocket::supportedEllipticCurves(). + + You can restrict the list of curves used for choosing the session cipher + for this socket by calling setEllipticCurves() with a subset of the + supported ciphers. You can revert to using the entire set by calling + setEllipticCurves() with the list returned by + QSslSocket::supportedEllipticCurves(). + + \sa setEllipticCurves + */ +QVector<QSslEllipticCurve> QSslConfiguration::ellipticCurves() const +{ + return d->ellipticCurves; +} + +/*! + \since 5.5 + + Sets the list of elliptic curves to be used by this socket to \a curves, + which must contain a subset of the curves in the list returned by + supportedEllipticCurves(). + + Restricting the elliptic curves must be done before the handshake + phase, where the session cipher is chosen. + + \sa ellipticCurves + */ +void QSslConfiguration::setEllipticCurves(const QVector<QSslEllipticCurve> &curves) +{ + d->ellipticCurves = curves; +} + +/*! \since 5.3 This function returns the protocol negotiated with the server |