diff options
| author | Liang Qi <liang.qi@qt.io> | 2019-09-04 07:03:54 +0200 |
|---|---|---|
| committer | Liang Qi <liang.qi@qt.io> | 2019-09-04 07:03:54 +0200 |
| commit | 6a36fe904c7183aba8e7f1977ff86303d84ff62b (patch) | |
| tree | 6034e7bfdf0d14b72512b36f63d35a936b32e0dc /src/network/ssl | |
| parent | 18088d4706bdd2fefafe7dbb44dc467126f2c795 (diff) | |
| parent | db57af5a0d7aa0687a19fef1cd385bee0f26f7b6 (diff) | |
Merge remote-tracking branch 'origin/5.13' into 5.14
Conflicts:
src/corelib/codecs/qicucodec.cpp
src/dbus/qdbusserver.cpp
src/gui/painting/qbezier.cpp
src/plugins/platforms/eglfs/deviceintegration/eglfs_kms/qeglfskmsgbmscreen.cpp
src/plugins/printsupport/cups/qppdprintdevice.cpp
Change-Id: I2703128bb64baf5580fbc2c2061b55b0f0611d2a
Diffstat (limited to 'src/network/ssl')
| -rw-r--r-- | src/network/ssl/qsslcontext_openssl.cpp | 44 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_mac.cpp | 7 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_schannel.cpp | 8 |
3 files changed, 37 insertions, 22 deletions
diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp index e81e5582f4..8566d78aef 100644 --- a/src/network/ssl/qsslcontext_openssl.cpp +++ b/src/network/ssl/qsslcontext_openssl.cpp @@ -157,32 +157,36 @@ SSL* QSslContext::createSsl() for (int a = 0; a < protocols.count(); ++a) { if (protocols.at(a).size() > 255) { qCWarning(lcSsl) << "TLS NPN extension" << protocols.at(a) - << "is too long and will be truncated to 255 characters."; - protocols[a] = protocols.at(a).left(255); + << "is too long and will be ignored."; + continue; + } else if (protocols.at(a).isEmpty()) { + continue; } m_supportedNPNVersions.append(protocols.at(a).size()).append(protocols.at(a)); } - m_npnContext.data = reinterpret_cast<unsigned char *>(m_supportedNPNVersions.data()); - m_npnContext.len = m_supportedNPNVersions.count(); - m_npnContext.status = QSslConfiguration::NextProtocolNegotiationNone; + if (m_supportedNPNVersions.size()) { + m_npnContext.data = reinterpret_cast<unsigned char *>(m_supportedNPNVersions.data()); + m_npnContext.len = m_supportedNPNVersions.count(); + m_npnContext.status = QSslConfiguration::NextProtocolNegotiationNone; #if OPENSSL_VERSION_NUMBER >= 0x10002000L - if (QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) { - // Callback's type has a parameter 'const unsigned char ** out' - // since it was introduced in 1.0.2. Internally, OpenSSL's own code - // (tests/examples) cast it to unsigned char * (since it's 'out'). - // We just re-use our NPN callback and cast here: - typedef int (*alpn_callback_t) (SSL *, const unsigned char **, unsigned char *, - const unsigned char *, unsigned int, void *); - // With ALPN callback is for a server side only, for a client m_npnContext.status - // will stay in NextProtocolNegotiationNone. - q_SSL_CTX_set_alpn_select_cb(ctx, alpn_callback_t(next_proto_cb), &m_npnContext); - // Client: - q_SSL_set_alpn_protos(ssl, m_npnContext.data, m_npnContext.len); - } + if (QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) { + // Callback's type has a parameter 'const unsigned char ** out' + // since it was introduced in 1.0.2. Internally, OpenSSL's own code + // (tests/examples) cast it to unsigned char * (since it's 'out'). + // We just re-use our NPN callback and cast here: + typedef int (*alpn_callback_t) (SSL *, const unsigned char **, unsigned char *, + const unsigned char *, unsigned int, void *); + // With ALPN callback is for a server side only, for a client m_npnContext.status + // will stay in NextProtocolNegotiationNone. + q_SSL_CTX_set_alpn_select_cb(ctx, alpn_callback_t(next_proto_cb), &m_npnContext); + // Client: + q_SSL_set_alpn_protos(ssl, m_npnContext.data, m_npnContext.len); + } #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... - // And in case our peer does not support ALPN, but supports NPN: - q_SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &m_npnContext); + // And in case our peer does not support ALPN, but supports NPN: + q_SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &m_npnContext); + } } #endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 1725937bc2..e0e065679d 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -928,6 +928,13 @@ bool QSslSocketBackendPrivate::initSslContext() QCFType<CFMutableArrayRef> cfNames(CFArrayCreateMutable(nullptr, 0, &kCFTypeArrayCallBacks)); if (cfNames) { for (const QByteArray &name : protocolNames) { + if (name.size() > 255) { + qCWarning(lcSsl) << "TLS ALPN extension" << name + << "is too long and will be ignored."; + continue; + } else if (name.isEmpty()) { + continue; + } QCFString cfName(QString::fromLatin1(name).toCFString()); CFArrayAppendValue(cfNames, cfName); } diff --git a/src/network/ssl/qsslsocket_schannel.cpp b/src/network/ssl/qsslsocket_schannel.cpp index c254659a33..1db26ee9a1 100644 --- a/src/network/ssl/qsslsocket_schannel.cpp +++ b/src/network/ssl/qsslsocket_schannel.cpp @@ -408,13 +408,17 @@ QByteArray createAlpnString(const QByteArrayList &nextAllowedProtocols) for (QByteArray proto : nextAllowedProtocols) { if (proto.size() > 255) { qCWarning(lcSsl) << "TLS ALPN extension" << proto - << "is too long and will be truncated to 255 characters."; - proto = proto.left(255); + << "is too long and will be ignored."; + continue; + } else if (proto.isEmpty()) { + continue; } protocolString += char(proto.length()) + proto; } return protocolString; }(); + if (names.isEmpty()) + return alpnString; const quint16 namesSize = names.size(); const quint32 alpnId = SecApplicationProtocolNegotiationExt_ALPN; |