diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-02-19 13:46:21 +0100 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-04-06 05:13:37 +0000 |
commit | 30978dc1a50368e45c3764d7efc283c4e660a9b9 (patch) | |
tree | de5385a867c326f574f33db6dc7a5262dbc6a52b /src/network/ssl/qsslsocket.cpp | |
parent | 061fbceb777c41b23bc2b8180b2af85d9b35b246 (diff) |
Add a new (D)TLS configuration
Namespace QSsl: introduce DtlsV1_0/DtlsV1_2/DtlsV1_2OrLater enumerators
into SslProtocol. Implement QSslConfiguration::defaultDtlsConfiguration.
Make some functions shared - now not only QSslSocket needs them,
but also DTLS-related code. This patch-set also enables
protocol-specific set of ciphers (so for DTLS we are using
the correct method - 'DTLS_method').
Change-Id: I828fc898674aa3c0a471e8e5b94575bb50538601
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/network/ssl/qsslsocket.cpp')
-rw-r--r-- | src/network/ssl/qsslsocket.cpp | 61 |
1 files changed, 60 insertions, 1 deletions
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 4273904c12..2a415ace44 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -336,12 +336,18 @@ QT_BEGIN_NAMESPACE class QSslSocketGlobalData { public: - QSslSocketGlobalData() : config(new QSslConfigurationPrivate) {} + QSslSocketGlobalData() + : config(new QSslConfigurationPrivate), + dtlsConfig(new QSslConfigurationPrivate) + { + dtlsConfig->protocol = QSsl::DtlsV1_2OrLater; + } QMutex mutex; QList<QSslCipher> supportedCiphers; QVector<QSslEllipticCurve> supportedEllipticCurves; QExplicitlySharedDataPointer<QSslConfigurationPrivate> config; + QExplicitlySharedDataPointer<QSslConfigurationPrivate> dtlsConfig; }; Q_GLOBAL_STATIC(QSslSocketGlobalData, globalData) @@ -2128,6 +2134,26 @@ void QSslSocketPrivate::setDefaultSupportedCiphers(const QList<QSslCipher> &ciph /*! \internal */ +void q_setDefaultDtlsCiphers(const QList<QSslCipher> &ciphers) +{ + QMutexLocker locker(&globalData()->mutex); + globalData()->dtlsConfig.detach(); + globalData()->dtlsConfig->ciphers = ciphers; +} + +/*! + \internal +*/ +QList<QSslCipher> q_getDefaultDtlsCiphers() +{ + QSslSocketPrivate::ensureInitialized(); + QMutexLocker locker(&globalData()->mutex); + return globalData()->dtlsConfig->ciphers; +} + +/*! + \internal +*/ QVector<QSslEllipticCurve> QSslSocketPrivate::supportedEllipticCurves() { QSslSocketPrivate::ensureInitialized(); @@ -2142,6 +2168,7 @@ void QSslSocketPrivate::setDefaultSupportedEllipticCurves(const QVector<QSslElli { const QMutexLocker locker(&globalData()->mutex); globalData()->config.detach(); + globalData()->dtlsConfig.detach(); globalData()->supportedEllipticCurves = curves; } @@ -2164,6 +2191,8 @@ void QSslSocketPrivate::setDefaultCaCertificates(const QList<QSslCertificate> &c QMutexLocker locker(&globalData()->mutex); globalData()->config.detach(); globalData()->config->caCertificates = certs; + globalData()->dtlsConfig.detach(); + globalData()->dtlsConfig->caCertificates = certs; // when the certificates are set explicitly, we do not want to // load the system certificates on demand s_loadRootCertsOnDemand = false; @@ -2183,6 +2212,8 @@ bool QSslSocketPrivate::addDefaultCaCertificates(const QString &path, QSsl::Enco QMutexLocker locker(&globalData()->mutex); globalData()->config.detach(); globalData()->config->caCertificates += certs; + globalData()->dtlsConfig.detach(); + globalData()->dtlsConfig->caCertificates += certs; return true; } @@ -2195,6 +2226,8 @@ void QSslSocketPrivate::addDefaultCaCertificate(const QSslCertificate &cert) QMutexLocker locker(&globalData()->mutex); globalData()->config.detach(); globalData()->config->caCertificates += cert; + globalData()->dtlsConfig.detach(); + globalData()->dtlsConfig->caCertificates += cert; } /*! @@ -2206,6 +2239,8 @@ void QSslSocketPrivate::addDefaultCaCertificates(const QList<QSslCertificate> &c QMutexLocker locker(&globalData()->mutex); globalData()->config.detach(); globalData()->config->caCertificates += certs; + globalData()->dtlsConfig.detach(); + globalData()->dtlsConfig->caCertificates += certs; } /*! @@ -2263,6 +2298,30 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri /*! \internal */ +QSslConfiguration QSslConfigurationPrivate::defaultDtlsConfiguration() +{ + QSslSocketPrivate::ensureInitialized(); + QMutexLocker locker(&globalData()->mutex); + + return QSslConfiguration(globalData()->dtlsConfig.data()); +} + +/*! + \internal +*/ +void QSslConfigurationPrivate::setDefaultDtlsConfiguration(const QSslConfiguration &configuration) +{ + QSslSocketPrivate::ensureInitialized(); + QMutexLocker locker(&globalData()->mutex); + if (globalData()->dtlsConfig == configuration.d) + return; // nothing to do + + globalData()->dtlsConfig = const_cast<QSslConfigurationPrivate*>(configuration.d.constData()); +} + +/*! + \internal +*/ void QSslSocketPrivate::createPlainSocket(QIODevice::OpenMode openMode) { Q_Q(QSslSocket); |