diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-11-13 15:25:25 +0100 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-12-06 05:14:45 +0000 |
commit | 6a28f6767754f427eb29a266f38252bdf23123c6 (patch) | |
tree | cc45c99369385859defed024192ceea41a0a02c4 /src/network/ssl/qsslcontext_openssl.cpp | |
parent | a8dae3ad0bc6377c695326e48d3c0db9f73107db (diff) |
Add tst_QOcsp auto-test
This patch introduces a private 'API' to enable server-side OCSP responses
and implements a simple OCSP responder, tests OCSP status on a client
side (the test is pretty basic, but for now should suffice).
Change-Id: I4c6cacd4a1b949dd0ef5e6b59322fb0967d02120
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/network/ssl/qsslcontext_openssl.cpp')
-rw-r--r-- | src/network/ssl/qsslcontext_openssl.cpp | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp index 35cca9f01a..e81e5582f4 100644 --- a/src/network/ssl/qsslcontext_openssl.cpp +++ b/src/network/ssl/qsslcontext_openssl.cpp @@ -243,12 +243,28 @@ QString QSslContext::errorString() const return errorStr; } +#if QT_CONFIG(ocsp) +extern "C" int qt_OCSP_status_server_callback(SSL *ssl, void *); // Defined in qsslsocket_openssl.cpp. +#endif // ocsp // static void QSslContext::applyBackendConfig(QSslContext *sslContext) { - if (sslContext->sslConfiguration.backendConfiguration().isEmpty()) + const QMap<QByteArray, QVariant> &conf = sslContext->sslConfiguration.backendConfiguration(); + if (conf.isEmpty()) return; +#if QT_CONFIG(ocsp) + auto ocspResponsePos = conf.find("Qt-OCSP-response"); + if (ocspResponsePos != conf.end()) { + // This is our private, undocumented configuration option, existing only for + // the purpose of testing OCSP status responses. We don't even check this + // callback was set. If no - the test must fail. + q_SSL_CTX_set_tlsext_status_cb(sslContext->ctx, qt_OCSP_status_server_callback); + if (conf.size() == 1) + return; + } +#endif // ocsp + #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) { QSharedPointer<SSL_CONF_CTX> cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free); @@ -256,8 +272,10 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext) q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx); q_SSL_CONF_CTX_set_flags(cctx.data(), SSL_CONF_FLAG_FILE); - const auto &backendConfig = sslContext->sslConfiguration.backendConfiguration(); - for (auto i = backendConfig.constBegin(); i != backendConfig.constEnd(); ++i) { + for (auto i = conf.constBegin(); i != conf.constEnd(); ++i) { + if (i.key() == "Qt-OCSP-response") // This never goes to SSL_CONF_cmd(). + continue; + if (!i.value().canConvert(QMetaType::QByteArray)) { sslContext->errorCode = QSslError::UnspecifiedError; sslContext->errorStr = msgErrorSettingBackendConfig( |