SSL: add support for the Next Protocol Negotiation extension

... which is needed to negotiate the SPDY protocol. [ChangeLog][QtNetwork][QSslConfiguration] Added support for the Next Protocol Negotiation (NPN) TLS extension. Task-number: QTBUG-33208 Change-Id: I3c945f9b7e2d2ffb0814bfdd3e87de1dae6c20ef Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
author: Peter Hartmann <phartmann@blackberry.com> 2013-08-28 10:56:24 +0200
committer: The Qt Project <gerrit-noreply@qt-project.org> 2014-02-11 15:37:10 +0100
commit: 42cfb5fe4daa586f382bde6936b0ee33b5298f4d (patch)
tree: 8c55a9a461f9ec7d4722e6367103c8ae50982e86 /src/network/ssl/qsslconfiguration.cpp
parent: df62c31807f7b0a8b9bc222b47ccc7016cfaee65 (diff)
1 files changed, 104 insertions, 2 deletions
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index 3d7656262b..1e859ae6e6 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -1,6 +1,7 @@
 /****************************************************************************
 **
 ** Copyright (C) 2013 Digia Plc and/or its subsidiary(-ies).
+** Copyright (C) 2014 BlackBerry Limited. All rights reserved.
 ** Contact: http://www.qt-project.org/legal
 **
 ** This file is part of the QtNetwork module of the Qt Toolkit.
@@ -52,6 +53,9 @@ const QSsl::SslOptions QSslConfigurationPrivate::defaultSslOptions = QSsl::SslOp
                                                                     |QSsl::SslOptionDisableCompression
                                                                     |QSsl::SslOptionDisableSessionPersistence;
 
+const char QSslConfiguration::NextProtocolSpdy3_0[] = "spdy/3";
+const char QSslConfiguration::NextProtocolHttp1_1[] = "http/1.1";
+
 /*!
     \class QSslConfiguration
     \brief The QSslConfiguration class holds the configuration and state of an SSL connection
@@ -113,6 +117,33 @@ const QSsl::SslOptions QSslConfigurationPrivate::defaultSslOptions = QSsl::SslOp
 */
 
 /*!
+    \enum QSslConfiguration::NextProtocolNegotiationStatus
+
+    Describes the status of the Next Protocol Negotiation (NPN).
+
+    \value NextProtocolNegotiationNone No application protocol
+    has been negotiated (yet).
+
+    \value NextProtocolNegotiationNegotiated A next protocol
+    has been negotiated (see nextNegotiatedProtocol()).
+
+    \value NextProtocolNegotiationUnsupported The client and
+    server could not agree on a common next application protocol.
+*/
+
+/*!
+    \variable QSslConfiguration::NextProtocolSpdy3_0
+    \brief The value used for negotiating SPDY 3.0 during the Next
+    Protocol Negotiation.
+*/
+
+/*!
+    \variable QSslConfiguration::NextProtocolHttp1_1
+    \brief The value used for negotiating HTTP 1.1 during the Next
+    Protocol Negotiation.
+*/
+
+/*!
     Constructs an empty SSL configuration. This configuration contains
     no valid settings and the state will be empty. isNull() will
     return true after this constructor is called.
@@ -185,7 +216,10 @@ bool QSslConfiguration::operator==(const QSslConfiguration &other) const
         d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading &&
         d->sslOptions == other.d->sslOptions &&
         d->sslSession == other.d->sslSession &&
-        d->sslSessionTicketLifeTimeHint == other.d->sslSessionTicketLifeTimeHint;
+        d->sslSessionTicketLifeTimeHint == other.d->sslSessionTicketLifeTimeHint &&
+        d->nextAllowedProtocols == other.d->nextAllowedProtocols &&
+        d->nextNegotiatedProtocol == other.d->nextNegotiatedProtocol &&
+        d->nextProtocolNegotiationStatus == other.d->nextProtocolNegotiationStatus;
 }
 
 /*!
@@ -221,7 +255,10 @@ bool QSslConfiguration::isNull() const
             d->peerCertificateChain.count() == 0 &&
             d->sslOptions == QSslConfigurationPrivate::defaultSslOptions &&
             d->sslSession.isNull() &&
-            d->sslSessionTicketLifeTimeHint == -1);
+            d->sslSessionTicketLifeTimeHint == -1 &&
+            d->nextAllowedProtocols.isEmpty() &&
+            d->nextNegotiatedProtocol.isNull() &&
+            d->nextProtocolNegotiationStatus == QSslConfiguration::NextProtocolNegotiationNone);
 }
 
 /*!
@@ -653,6 +690,71 @@ int QSslConfiguration::sessionTicketLifeTimeHint() const
 }
 
 /*!
+  \since 5.3
+
+  This function returns the protocol negotiated with the server
+  if the Next Protocol Negotiation (NPN) TLS extension was enabled.
+  In order for the NPN extension to be enabled, setAllowedNextProtocols()
+  needs to be called explicitly before connecting to the server.
+
+  If no protocol could be negotiated or the extension was not enabled,
+  this function returns a QByteArray which is null.
+
+  \sa setAllowedNextProtocols(), nextProtocolNegotiationStatus()
+ */
+QByteArray QSslConfiguration::nextNegotiatedProtocol() const
+{
+    return d->nextNegotiatedProtocol;
+}
+
+/*!
+  \since 5.3
+
+  This function sets the allowed \a protocols to be negotiated with the
+  server through the Next Protocol Negotiation (NPN) TLS extension; each
+  element in \a protocols must define one allowed protocol.
+  The function must be called explicitly before connecting to send the NPN
+  extension in the SSL handshake.
+  Whether or not the negotiation succeeded can be queried through
+  nextProtocolNegotiationStatus().
+
+  \sa nextNegotiatedProtocol(), nextProtocolNegotiationStatus(), allowedNextProtocols(), QSslConfiguration::NextProtocolSpdy3_0, QSslConfiguration::NextProtocolHttp1_1
+ */
+void QSslConfiguration::setAllowedNextProtocols(QList<QByteArray> protocols)
+{
+    d->nextAllowedProtocols = protocols;
+}
+
+/*!
+  \since 5.3
+
+  This function returns the allowed protocols to be negotiated with the
+  server through the Next Protocol Negotiation (NPN) TLS extension, as set
+  by setAllowedNextProtocols().
+
+  \sa nextNegotiatedProtocol(), nextProtocolNegotiationStatus(), setAllowedNextProtocols(), QSslConfiguration::NextProtocolSpdy3_0, QSslConfiguration::NextProtocolHttp1_1
+ */
+QList<QByteArray> QSslConfiguration::allowedNextProtocols() const
+{
+    return d->nextAllowedProtocols;
+}
+
+/*!
+  \since 5.3
+
+  This function returns the status of the Next Protocol Negotiation (NPN).
+  If the feature has not been enabled through setAllowedNextProtocols(),
+  this function returns NextProtocolNegotiationNone.
+  The status will be set before emitting the encrypted() signal.
+
+  \sa setAllowedNextProtocols(), allowedNextProtocols(), nextNegotiatedProtocol(), QSslConfiguration::NextProtocolNegotiationStatus
+ */
+QSslConfiguration::NextProtocolNegotiationStatus QSslConfiguration::nextProtocolNegotiationStatus() const
+{
+    return d->nextProtocolNegotiationStatus;
+}
+
+/*!
     Returns the default SSL configuration to be used in new SSL
     connections.
author	Peter Hartmann <phartmann@blackberry.com>	2013-08-28 10:56:24 +0200
committer	The Qt Project <gerrit-noreply@qt-project.org>	2014-02-11 15:37:10 +0100
commit	42cfb5fe4daa586f382bde6936b0ee33b5298f4d (patch)
tree	8c55a9a461f9ec7d4722e6367103c8ae50982e86 /src/network/ssl/qsslconfiguration.cpp
parent	df62c31807f7b0a8b9bc222b47ccc7016cfaee65 (diff)