QSslSocket (OpenSSL) improve alert messages handling

1. Add a new verification callback. This gives an option
to report errors directly from this callback (by emitting
handshakeInterruptedOnError()). This allows an application
to explain to its peer why the handshake was interrupted (by
sending a corresponding alert message).
2. This also means we want to notice such alerts (in Qt,
from the application's point of view, they are mostly
informational only, no interaction is required). So we
also introduce a new 'info callback', that can notice alert
messages read or written. We also introduce two new enums
describing the level and type of an alert message. QSslSocket
gets three new signals (for incoming/outgoing alerts and
verification errors found early).
3. In case we requested a certificate, but the peer provided
none, we would previously abruptly close the connection without
a proper alert message (and such a situation is not handled
by any verification callbacks, since there is no certificate(s)
to verify essentially). So we now introduce a new verification
option that maps to what OpenSSL calls 'SSL_VERIFY_FAIL_IF_NO_PEER_CERT'.
This way, the proper alert will be generated.

Fixes: QTBUG-68419
Change-Id: I5d1e9298b4040a2d4f867f5b1a3567a2253927b8
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>

1 files changed, 135 insertions, 1 deletions

diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index 86937fc6c1..99329d3f4a 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -228,6 +228,74 @@
 */
 
 /*!
+    \enum QAlertLevel
+    \brief Describes the level of an alert message
+    \relates QSslSocket
+    \since 6.0
+
+    \ingroup network
+    \ingroup ssl
+    \inmodule QtNetwork
+
+    This enum describes the level of an alert message that was sent
+    or received.
+
+    \value Warning Non-fatal alert message
+    \value Fatal Fatal alert message, the underlying backend will
+           handle such an alert properly and close the connection.
+    \value Unknown An alert of unknown level of severity.
+*/
+
+/*!
+    \enum QAlertType
+    \brief Enumerates possible codes that an alert message can have
+    \relates QSslSocket
+    \since 6.0
+
+    \ingroup network
+    \ingroup ssl
+    \inmodule QtNetwork
+
+    See \l{https://tools.ietf.org/html/rfc8446#page-85}{RFC 8446, section 6}
+    for the possible values and their meaning.
+
+    \value CloseNotify,
+    \value UnexpectedMessage
+    \value BadRecordMac
+    \value RecordOverflow
+    \value DecompressionFailure
+    \value HandshakeFailure
+    \value NoCertificate
+    \value BadCertificate
+    \value UnsupportedCertificate
+    \value CertificateRevoked
+    \value CertificateExpired
+    \value CertificateUnknown
+    \value IllegalParameter
+    \value UnknownCa
+    \value AccessDenied
+    \value DecodeError
+    \value DecryptError
+    \value ExportRestriction
+    \value ProtocolVersion
+    \value InsufficientSecurity
+    \value InternalError
+    \value InappropriateFallback
+    \value UserCancelled
+    \value NoRenegotiation
+    \value MissingExtension
+    \value UnsupportedExtension
+    \value CertificateUnobtainable
+    \value UnrecognizedName
+    \value BadCertificateStatusResponse
+    \value BadCertificateHashValue
+    \value UnknownPskIdentity
+    \value CertificateRequired
+    \value NoApplicationProtocol
+    \value UnknownAlertMessage
+*/
+
+/*!
     \fn void QSslSocket::encrypted()
 
     This signal is emitted when QSslSocket enters encrypted mode. After this
@@ -322,6 +390,48 @@
     \sa QSslPreSharedKeyAuthenticator
 */
 
+/*!
+    \fn void QSslSocket::alertSent(QAlertLevel level, QAlertType type, const QString &description)
+
+    QSslSocket emits this signal if an alert message was sent to a peer. \a level
+    describes if it was a warning or a fatal error. \a type gives the code
+    of the alert message. When a textual description of the alert message is
+    available, it is supplied in \a description.
+
+    \note This signal is mostly informational and can be used for debugging
+    purposes, normally it does not require any actions from the application.
+    \note Not all backends support this functionality.
+
+    \sa alertReceived(), QAlertLevel, QAlertType
+*/
+
+/*!
+    \fn void QSslSocket::alertReceived(QAlertLevel level, QAlertType type, const QString &description)
+
+    QSslSocket emits this signal if an alert message was received from a peer.
+    \a level tells if the alert was fatal or it was a warning. \a type is the
+    code explaining why the alert was sent. When a textual description of
+    the alert message is available, it is supplied in \a description.
+
+    \note The signal is mostly for informational and debugging purposes and does not
+    require any handling in the application. If the alert was fatal, underlying
+    backend will handle it and close the connection.
+    \note Not all backends support this functionality.
+
+    \sa alertSent(), QAlertLevel, QAlertType
+*/
+
+/*!
+    \fn void QSslSocket::handshakeInterruptedOnError(const QSslError &error)
+
+    QSslSocket emits this signal if a certificate verification error was
+    found and if early error reporting was enabled in QSslConfiguration.
+    An application is expected to inspect the \a error and decide if
+    it wants to continue the handshake, or abort it and send an alert message
+    to the peer. The signal-slot connection must be direct.
+
+    \sa continueInterruptedHandshake(), sslErrors(), QSslConfiguration::setHandshakeMustInterruptOnError()
+*/
 #include "qssl_p.h"
 #include "qsslsocket.h"
 #include "qsslcipher.h"
@@ -977,7 +1087,10 @@ void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration)
 #if QT_CONFIG(ocsp)
     d->configuration.ocspStaplingEnabled = configuration.ocspStaplingEnabled();
 #endif
-
+#if QT_CONFIG(openssl)
+    d->configuration.reportFromCallback = configuration.handshakeMustInterruptOnError();
+    d->configuration.missingCertIsFatal = configuration.missingCertificateIsFatal();
+#endif // openssl
     // if the CA certificates were set explicitly (either via
     // QSslConfiguration::setCaCertificates() or QSslSocket::setCaCertificates(),
     // we cannot load the certificates on demand
@@ -2043,6 +2156,23 @@ void QSslSocket::ignoreSslErrors(const QList<QSslError> &errors)
     d->ignoreErrorsList = errors;
 }
 
+
+/*!
+    \since 6.0
+
+    If an application wants to conclude a handshake even after receiving
+    handshakeInterruptedOnError() signal, it must call this function.
+    This call must be done from a slot function attached to the signal.
+    The signal-slot connection must be direct.
+
+    \sa handshakeInterruptedOnError(), QSslConfiguration::setHandshakeMustInterruptOnError()
+*/
+void QSslSocket::continueInterruptedHandshake()
+{
+    Q_D(QSslSocket);
+    d->handshakeInterrupted = false;
+}
+
 /*!
     \internal
 */
@@ -2445,6 +2575,10 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
 #if QT_CONFIG(ocsp)
     ptr->ocspStaplingEnabled = global->ocspStaplingEnabled;
 #endif
+#if QT_CONFIG(openssl)
+    ptr->reportFromCallback = global->reportFromCallback;
+    ptr->missingCertIsFatal = global->missingCertIsFatal;
+#endif
 }
 
 /*!