QSsl - delete all mentions of SslV2 and SslV3

Also, change the notion of 'unsupported protocol' for QSslSocket, previously it was SslV2 and SslV3, now instead it's all versions of DTLS and UnknownProtocol: - makes no sense at all to connect using TCP socket and then suddenly start using DTLS_client/server_method - UnknownProtocol is not to be set in a configuration, unknown means that some ciphersuite's protocol version cannot be established. - 'disabledProtocols' auto-test becomes 'unsupportedProtocols' and tests that QSslSocket fails to start encryption if the protocol version is wrong. Handling these enumerators (SslV2 and SslV2) as errors not needed anymore. Removed from QSslContext and our existing backends (qsslsocket_whatever). TlsV1SslV3 enumerator is not making any sense at all (previously was [SSL v3, TLS 1.0], then became "the same as TLS v. 1.0", but now this name is very confusing. Removed. Task-number: QTBUG-75638 Task-number: QTBUG-76501 Change-Id: I2781ba1c3051a7791b476266d4561d956948974a Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2019-11-13 10:37:36 +0100
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2019-11-28 14:25:36 +0100
commit: cd200ad7aef1884a5c36528d5c3933c46c86510f (patch)
tree: c55083b1fddd18f069faddd31c8ab964aa691785 /src/network/ssl/qsslsocket_openssl.cpp
parent: 43f341a13745473cf181cfe6a6ef4725aa2f88eb (diff)
1 files changed, 18 insertions, 26 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 8cd0724d83..2a23742bdf 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -249,11 +249,7 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(const SSL_CIPHER
         QString protoString = descriptionList.at(1).toString();
         ciph.d->protocolString = protoString;
         ciph.d->protocol = QSsl::UnknownProtocol;
-        if (protoString == QLatin1String("SSLv3"))
-            ciph.d->protocol = QSsl::SslV3;
-        else if (protoString == QLatin1String("SSLv2"))
-            ciph.d->protocol = QSsl::SslV2;
-        else if (protoString == QLatin1String("TLSv1"))
+        if (protoString == QLatin1String("TLSv1"))
             ciph.d->protocol = QSsl::TlsV1_0;
         else if (protoString == QLatin1String("TLSv1.1"))
             ciph.d->protocol = QSsl::TlsV1_1;
@@ -459,20 +455,23 @@ void q_setDefaultDtlsCiphers(const QList<QSslCipher> &ciphers);
 long QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions)
 {
     long options;
-    if (protocol == QSsl::TlsV1SslV3)
-        options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
-    else if (protocol == QSsl::SecureProtocols)
-        options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
-    else if (protocol == QSsl::TlsV1_0OrLater)
-        options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
-    else if (protocol == QSsl::TlsV1_1OrLater)
-        options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1;
-    else if (protocol == QSsl::TlsV1_2OrLater)
-        options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1;
-    else if (protocol == QSsl::TlsV1_3OrLater)
-        options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2;
-    else
+    switch (protocol) {
+    case QSsl::SecureProtocols:
+    case QSsl::TlsV1_0OrLater:
+        options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+        break;
+    case QSsl::TlsV1_1OrLater:
+        options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1;
+        break;
+    case QSsl::TlsV1_2OrLater:
+        options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
+        break;
+    case QSsl::TlsV1_3OrLater:
+        options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
+        break;
+    default:
         options = SSL_OP_ALL;
+    }
 
     // This option is disabled by default, so we need to be able to clear it
     if (sslOptions & QSsl::SslOptionDisableEmptyFragments)
@@ -530,10 +529,7 @@ bool QSslSocketBackendPrivate::initSslContext()
         return false;
     }
 
-    if (configuration.protocol != QSsl::SslV2 &&
-        configuration.protocol != QSsl::SslV3 &&
-        configuration.protocol != QSsl::UnknownProtocol &&
-        mode == QSslSocket::SslClientMode) {
+    if (configuration.protocol != QSsl::UnknownProtocol && mode == QSslSocket::SslClientMode) {
         // Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format.
         QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName;
         if (tlsHostName.isEmpty())
@@ -1746,10 +1742,6 @@ QSsl::SslProtocol QSslSocketBackendPrivate::sessionProtocol() const
     int ver = q_SSL_version(ssl);
 
     switch (ver) {
-    case 0x2:
-        return QSsl::SslV2;
-    case 0x300:
-        return QSsl::SslV3;
     case 0x301:
         return QSsl::TlsV1_0;
     case 0x302:
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2019-11-13 10:37:36 +0100
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2019-11-28 14:25:36 +0100
commit	cd200ad7aef1884a5c36528d5c3933c46c86510f (patch)
tree	c55083b1fddd18f069faddd31c8ab964aa691785 /src/network/ssl/qsslsocket_openssl.cpp
parent	43f341a13745473cf181cfe6a6ef4725aa2f88eb (diff)