diff options
author | Liang Qi <liang.qi@qt.io> | 2016-05-12 07:31:50 +0200 |
---|---|---|
committer | Liang Qi <liang.qi@qt.io> | 2016-05-12 08:33:08 +0200 |
commit | 990969655c5fb4d03682e96df9b12101f5ee9815 (patch) | |
tree | b8fb5c50285105c8bc5a938fb50f93ff9f24889d /src/network/ssl | |
parent | a213011a53f12f101d08a04afc8fdacd2d54a232 (diff) | |
parent | e64b2234e829cc47872225debcf80d6c06db18f0 (diff) |
Merge remote-tracking branch 'origin/5.7' into dev
Conflicts:
config_help.txt
configure
src/corelib/io/qprocess_wince.cpp
src/plugins/platforms/windows/qwindowstheme.cpp
src/plugins/platforms/xcb/qxcbbackingstore.cpp
tests/auto/corelib/tools/qtimezone/BLACKLIST
tests/auto/network/socket/qudpsocket/tst_qudpsocket.cpp
tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp
Change-Id: I26644d1cb3b78412c8ff285e2a55bea1bd641c01
Diffstat (limited to 'src/network/ssl')
-rw-r--r-- | src/network/ssl/qasn1element.cpp | 6 | ||||
-rw-r--r-- | src/network/ssl/qsslcertificate_openssl.cpp | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslcertificate_qt.cpp | 16 | ||||
-rw-r--r-- | src/network/ssl/qsslcipher.cpp | 6 | ||||
-rw-r--r-- | src/network/ssl/qsslcontext_openssl.cpp | 11 | ||||
-rw-r--r-- | src/network/ssl/qsslkey_qt.cpp | 8 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket.cpp | 5 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_mac.cpp | 10 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 18 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl_symbols.cpp | 14 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_winrt.cpp | 10 |
11 files changed, 57 insertions, 49 deletions
diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp index 7ac3a4b45d..dc59c41d59 100644 --- a/src/network/ssl/qasn1element.cpp +++ b/src/network/ssl/qasn1element.cpp @@ -192,7 +192,7 @@ QAsn1Element QAsn1Element::fromObjectId(const QByteArray &id) { QAsn1Element elem; elem.mType = ObjectIdentifierType; - QList<QByteArray> bits = id.split('.'); + const QList<QByteArray> bits = id.split('.'); Q_ASSERT(bits.size() > 2); elem.mValue += quint8((bits[0].toUInt() * 40 + bits[1].toUInt())); for (int i = 2; i < bits.size(); ++i) { @@ -311,11 +311,11 @@ QByteArray QAsn1Element::toObjectId() const { QByteArray key; if (mType == ObjectIdentifierType && !mValue.isEmpty()) { - quint8 b = mValue[0]; + quint8 b = mValue.at(0); key += QByteArray::number(b / 40) + '.' + QByteArray::number (b % 40); unsigned int val = 0; for (int i = 1; i < mValue.size(); ++i) { - b = mValue[i]; + b = mValue.at(i); val = (val << 7) | (b & 0x7f); if (!(b & 0x80)) { key += '.' + QByteArray::number(val); diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp index a20100505a..28b7eda54a 100644 --- a/src/network/ssl/qsslcertificate_openssl.cpp +++ b/src/network/ssl/qsslcertificate_openssl.cpp @@ -507,7 +507,7 @@ QString QSslCertificate::toText() const void QSslCertificatePrivate::init(const QByteArray &data, QSsl::EncodingFormat format) { if (!data.isEmpty()) { - QList<QSslCertificate> certs = (format == QSsl::Pem) + const QList<QSslCertificate> certs = (format == QSsl::Pem) ? certificatesFromPem(data, 1) : certificatesFromDer(data, 1); if (!certs.isEmpty()) { diff --git a/src/network/ssl/qsslcertificate_qt.cpp b/src/network/ssl/qsslcertificate_qt.cpp index d712fe09b3..5e8f4cfac7 100644 --- a/src/network/ssl/qsslcertificate_qt.cpp +++ b/src/network/ssl/qsslcertificate_qt.cpp @@ -197,7 +197,7 @@ QString QSslCertificate::toText() const void QSslCertificatePrivate::init(const QByteArray &data, QSsl::EncodingFormat format) { if (!data.isEmpty()) { - QList<QSslCertificate> certs = (format == QSsl::Pem) + const QList<QSslCertificate> certs = (format == QSsl::Pem) ? certificatesFromPem(data, 1) : certificatesFromDer(data, 1); if (!certs.isEmpty()) { @@ -309,7 +309,7 @@ bool QSslCertificatePrivate::parse(const QByteArray &data) if (!elem.read(versionStream) || elem.type() != QAsn1Element::IntegerType) return false; - versionString = QByteArray::number(elem.value()[0] + 1); + versionString = QByteArray::number(elem.value().at(0) + 1); if (!elem.read(certStream)) return false; } else { @@ -451,7 +451,8 @@ bool QSslCertificatePrivate::parseExtension(const QByteArray &data, QSslCertific if (!val.read(valElem.value()) || val.type() != QAsn1Element::SequenceType) return false; QVariantMap result; - foreach (const QAsn1Element &el, val.toVector()) { + const auto elems = val.toVector(); + for (const QAsn1Element &el : elems) { QVector<QAsn1Element> items = el.toVector(); if (items.size() != 2) return false; @@ -495,11 +496,14 @@ bool QSslCertificatePrivate::parseExtension(const QByteArray &data, QSslCertific if (!val.read(valElem.value()) || val.type() != QAsn1Element::SequenceType) return false; QVariantMap result; - foreach (const QAsn1Element &el, val.toVector()) { + const auto elems = val.toVector(); + for (const QAsn1Element &el : elems) { if (el.type() == 0x80) { - result[QStringLiteral("keyid")] = el.value().toHex(); + const QString key = QStringLiteral("keyid"); + result[key] = el.value().toHex(); } else if (el.type() == 0x82) { - result[QStringLiteral("serial")] = colonSeparatedHex(el.value()); + const QString serial = QStringLiteral("serial"); + result[serial] = colonSeparatedHex(el.value()); } } value = result; diff --git a/src/network/ssl/qsslcipher.cpp b/src/network/ssl/qsslcipher.cpp index 806a27cd1a..738d521a38 100644 --- a/src/network/ssl/qsslcipher.cpp +++ b/src/network/ssl/qsslcipher.cpp @@ -90,7 +90,8 @@ QSslCipher::QSslCipher() QSslCipher::QSslCipher(const QString &name) : d(new QSslCipherPrivate) { - foreach (const QSslCipher &cipher, QSslConfiguration::supportedCiphers()) { + const auto ciphers = QSslConfiguration::supportedCiphers(); + for (const QSslCipher &cipher : ciphers) { if (cipher.name() == name) { *this = cipher; return; @@ -111,7 +112,8 @@ QSslCipher::QSslCipher(const QString &name) QSslCipher::QSslCipher(const QString &name, QSsl::SslProtocol protocol) : d(new QSslCipherPrivate) { - foreach (const QSslCipher &cipher, QSslConfiguration::supportedCiphers()) { + const auto ciphers = QSslConfiguration::supportedCiphers(); + for (const QSslCipher &cipher : ciphers) { if (cipher.name() == name && cipher.protocol() == protocol) { *this = cipher; return; diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp index 0db7e10409..2c1f87128e 100644 --- a/src/network/ssl/qsslcontext_openssl.cpp +++ b/src/network/ssl/qsslcontext_openssl.cpp @@ -224,7 +224,8 @@ init_context: const QDateTime now = QDateTime::currentDateTimeUtc(); // Add all our CAs to this store. - foreach (const QSslCertificate &caCertificate, sslContext->sslConfiguration.caCertificates()) { + const auto caCertificates = sslContext->sslConfiguration.caCertificates(); + for (const QSslCertificate &caCertificate : caCertificates) { // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: // // If several CA certificates matching the name, key identifier, and @@ -243,9 +244,9 @@ init_context: if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { // tell OpenSSL the directories where to look up the root certs on demand - QList<QByteArray> unixDirs = QSslSocketPrivate::unixRootCertDirectories(); - for (int a = 0; a < unixDirs.count(); ++a) - q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDirs.at(a).constData()); + const QList<QByteArray> unixDirs = QSslSocketPrivate::unixRootCertDirectories(); + for (const QByteArray &unixDir : unixDirs) + q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDir.constData()); } if (!sslContext->sslConfiguration.localCertificate().isNull()) { @@ -298,7 +299,7 @@ init_context: // If we have any intermediate certificates then we need to add them to our chain bool first = true; - foreach (const QSslCertificate &cert, configuration.d->localCertificateChain) { + for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { if (first) { first = false; continue; diff --git a/src/network/ssl/qsslkey_qt.cpp b/src/network/ssl/qsslkey_qt.cpp index 196edb0956..3c5dc830d3 100644 --- a/src/network/ssl/qsslkey_qt.cpp +++ b/src/network/ssl/qsslkey_qt.cpp @@ -169,7 +169,7 @@ void QSslKeyPrivate::decodeDer(const QByteArray &der, bool deepClear) QDataStream keyStream(elem.value()); if (!elem.read(keyStream) || elem.type() != QAsn1Element::SequenceType) return; - QVector<QAsn1Element> infoItems = elem.toVector(); + const QVector<QAsn1Element> infoItems = elem.toVector(); if (infoItems.size() < 2 || infoItems[0].type() != QAsn1Element::ObjectIdentifierType) return; if (algorithm == QSsl::Rsa) { @@ -189,7 +189,7 @@ void QSslKeyPrivate::decodeDer(const QByteArray &der, bool deepClear) if (infoItems[1].type() != QAsn1Element::SequenceType) return; // key params - QVector<QAsn1Element> params = infoItems[1].toVector(); + const QVector<QAsn1Element> params = infoItems[1].toVector(); if (params.isEmpty() || params[0].type() != QAsn1Element::IntegerType) return; keyLength = numberOfBits(params[0].value()); @@ -202,7 +202,7 @@ void QSslKeyPrivate::decodeDer(const QByteArray &der, bool deepClear) } } else { - QVector<QAsn1Element> items = elem.toVector(); + const QVector<QAsn1Element> items = elem.toVector(); if (items.isEmpty()) return; @@ -249,7 +249,7 @@ void QSslKeyPrivate::decodePem(const QByteArray &pem, const QByteArray &passPhra QMap<QByteArray, QByteArray> headers; QByteArray data = derFromPem(pem, &headers); if (headers.value("Proc-Type") == "4,ENCRYPTED") { - QList<QByteArray> dekInfo = headers.value("DEK-Info").split(','); + const QList<QByteArray> dekInfo = headers.value("DEK-Info").split(','); if (dekInfo.size() != 2) { clear(deepClear); return; diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 82df861859..7fd2a361e3 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -1242,7 +1242,8 @@ void QSslSocket::setCiphers(const QString &ciphers) { Q_D(QSslSocket); d->configuration.ciphers.clear(); - foreach (const QString &cipherName, ciphers.split(QLatin1Char(':'), QString::SkipEmptyParts)) { + const auto cipherNames = ciphers.split(QLatin1Char(':'), QString::SkipEmptyParts); + for (const QString &cipherName : cipherNames) { QSslCipher cipher(cipherName); if (!cipher.isNull()) d->configuration.ciphers << cipher; @@ -2519,7 +2520,7 @@ void QSslSocketPrivate::_q_resumeImplementation() if (verifyErrorsHaveBeenIgnored()) { continueHandshake(); } else { - setErrorAndEmit(QAbstractSocket::SslHandshakeFailedError, sslErrors.first().errorString()); + setErrorAndEmit(QAbstractSocket::SslHandshakeFailedError, sslErrors.constFirst().errorString()); plainSocket->disconnectFromHost(); return; } diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 99ae7923f4..c164342166 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -442,7 +442,7 @@ void QSslSocketPrivate::ensureInitialized() SSLGetSupportedCiphers(context, cfCiphers.data(), &numCiphers); for (size_t i = 0; i < size_t(cfCiphers.size()); ++i) { - const QSslCipher ciph(QSslSocketBackendPrivate::QSslCipher_from_SSLCipherSuite(cfCiphers[i])); + const QSslCipher ciph(QSslSocketBackendPrivate::QSslCipher_from_SSLCipherSuite(cfCiphers.at(i))); if (!ciph.isNull()) { ciphers << ciph; if (ciph.usedBits() >= 128) @@ -1033,7 +1033,7 @@ bool QSslSocketBackendPrivate::setSessionCertificate(QString &errorDescription, QSslCertificate localCertificate; if (!configuration.localCertificateChain.isEmpty()) - localCertificate = configuration.localCertificateChain[0]; + localCertificate = configuration.localCertificateChain.at(0); if (!localCertificate.isNull()) { // Require a private key as well. @@ -1227,7 +1227,7 @@ bool QSslSocketBackendPrivate::verifyPeerTrust() } // check the whole chain for blacklisting (including root, as we check for subjectInfo and issuer) - foreach (const QSslCertificate &cert, configuration.peerCertificateChain) { + for (const QSslCertificate &cert : qAsConst(configuration.peerCertificateChain)) { if (QSslCertificatePrivate::isBlacklisted(cert) && !canIgnoreVerify) { const QSslError error(QSslError::CertificateBlacklisted, cert); errors << error; @@ -1271,7 +1271,7 @@ bool QSslSocketBackendPrivate::verifyPeerTrust() // verify certificate chain QCFType<CFMutableArrayRef> certArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); - foreach (const QSslCertificate &cert, configuration.caCertificates) { + for (const QSslCertificate &cert : qAsConst(configuration.caCertificates)) { QCFType<CFDataRef> certData = cert.d->derData.toCFData(); QCFType<SecCertificateRef> certRef = SecCertificateCreateWithData(NULL, certData); CFArrayAppendValue(certArray, certRef); @@ -1327,7 +1327,7 @@ bool QSslSocketBackendPrivate::checkSslErrors() paused = true; } else { setErrorAndEmit(QAbstractSocket::SslHandshakeFailedError, - sslErrors.first().errorString()); + sslErrors.constFirst().errorString()); plainSocket->disconnectFromHost(); } return false; diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 5cbd2af323..c1ea10aefb 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -295,8 +295,8 @@ int q_X509Callback(int ok, X509_STORE_CTX *ctx) qCDebug(lcSsl) << "verification error: dumping bad certificate"; qCDebug(lcSsl) << QSslCertificatePrivate::QSslCertificate_from_X509(q_X509_STORE_CTX_get_current_cert(ctx)).toPem(); qCDebug(lcSsl) << "dumping chain"; - foreach (QSslCertificate cert, QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(q_X509_STORE_CTX_get_chain(ctx))) { - QString certFormat(QStringLiteral("O=%1 CN=%2 L=%3 OU=%4 C=%5 ST=%6")); + const auto certs = QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(q_X509_STORE_CTX_get_chain(ctx)); + for (const QSslCertificate &cert : certs) { qCDebug(lcSsl) << "Issuer:" << "O=" << cert.issuerInfo(QSslCertificate::Organization) << "CN=" << cert.issuerInfo(QSslCertificate::CommonName) << "L=" << cert.issuerInfo(QSslCertificate::LocalityName) @@ -746,9 +746,8 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates() certFiles.insert(it.fileInfo().canonicalFilePath()); } } - QSetIterator<QString> it(certFiles); - while (it.hasNext()) - systemCerts.append(QSslCertificate::fromPath(it.next(), platformEncodingFormat)); + for (const QString& file : qAsConst(certFiles)) + systemCerts.append(QSslCertificate::fromPath(file, platformEncodingFormat)); # ifndef Q_OS_ANDROID systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora, Mandriva systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/share/certs/ca-root-nss.crt"), QSsl::Pem)); // FreeBSD's ca_root_nss @@ -1101,7 +1100,7 @@ bool QSslSocketBackendPrivate::startHandshake() QList<QSslError> errors; // check the whole chain for blacklisting (including root, as we check for subjectInfo and issuer) - foreach (const QSslCertificate &cert, configuration.peerCertificateChain) { + for (const QSslCertificate &cert : qAsConst(configuration.peerCertificateChain)) { if (QSslCertificatePrivate::isBlacklisted(cert)) { QSslError error(QSslError::CertificateBlacklisted, cert); errors << error; @@ -1234,7 +1233,7 @@ bool QSslSocketBackendPrivate::checkSslErrors() pauseSocketNotifiers(q); paused = true; } else { - setErrorAndEmit(QAbstractSocket::SslHandshakeFailedError, sslErrors.first().errorString()); + setErrorAndEmit(QAbstractSocket::SslHandshakeFailedError, sslErrors.constFirst().errorString()); plainSocket->disconnectFromHost(); } return false; @@ -1666,7 +1665,8 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> & } const QDateTime now = QDateTime::currentDateTimeUtc(); - foreach (const QSslCertificate &caCertificate, QSslConfiguration::defaultConfiguration().caCertificates()) { + const auto caCertificates = QSslConfiguration::defaultConfiguration().caCertificates(); + for (const QSslCertificate &caCertificate : caCertificates) { // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: // // If several CA certificates matching the name, key identifier, and @@ -1700,7 +1700,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> & } bool first = true; - foreach (const QSslCertificate &cert, certificateChain) { + for (const QSslCertificate &cert : certificateChain) { if (first) { first = false; continue; diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index f625fd3e96..66654e2a0d 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -563,16 +563,16 @@ static QStringList libraryPathList() Q_NEVER_INLINE static QStringList findAllLibs(QLatin1String filter) { - QStringList paths = libraryPathList(); + const QStringList paths = libraryPathList(); QStringList found; const QStringList filters((QString(filter))); - foreach (const QString &path, paths) { + for (const QString &path : paths) { QDir dir(path); QStringList entryList = dir.entryList(filters, QDir::Files); std::sort(entryList.begin(), entryList.end(), LibGreaterThan()); - foreach (const QString &entry, entryList) + for (const QString &entry : qAsConst(entryList)) found << path + QLatin1Char('/') + entry; } @@ -702,16 +702,16 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl() #endif // third attempt: loop on the most common library paths and find libssl - QStringList sslList = findAllLibSsl(); - QStringList cryptoList = findAllLibCrypto(); + const QStringList sslList = findAllLibSsl(); + const QStringList cryptoList = findAllLibCrypto(); - foreach (const QString &crypto, cryptoList) { + for (const QString &crypto : cryptoList) { libcrypto->setFileNameAndVersion(crypto, -1); if (libcrypto->load()) { QFileInfo fi(crypto); QString version = fi.completeSuffix(); - foreach (const QString &ssl, sslList) { + for (const QString &ssl : sslList) { if (!ssl.endsWith(version)) continue; diff --git a/src/network/ssl/qsslsocket_winrt.cpp b/src/network/ssl/qsslsocket_winrt.cpp index 5704d6b151..f5dc9fcdcd 100644 --- a/src/network/ssl/qsslsocket_winrt.cpp +++ b/src/network/ssl/qsslsocket_winrt.cpp @@ -105,7 +105,7 @@ struct SslSocketGlobal void syncCaCertificates(const QSet<QSslCertificate> &add, const QSet<QSslCertificate> &remove) { QMutexLocker locker(&certificateMutex); - foreach (const QSslCertificate &certificate, add) { + for (const QSslCertificate &certificate : add) { QHash<QSslCertificate, QAtomicInt>::iterator it = additionalCertificates.find(certificate); if (it != additionalCertificates.end()) { it.value().ref(); // Add a reference @@ -117,7 +117,7 @@ struct SslSocketGlobal additionalCertificates.insert(certificate, 1); } } - foreach (const QSslCertificate &certificate, remove) { + for (const QSslCertificate &certificate : remove) { QHash<QSslCertificate, QAtomicInt>::iterator it = additionalCertificates.find(certificate); if (it != additionalCertificates.end() && !it.value().deref()) { // no more references, remove certificate @@ -617,7 +617,7 @@ HRESULT QSslSocketBackendPrivate::onSslUpgrade(IAsyncAction *action, AsyncStatus } // Peer chain validation - foreach (const QSslCertificate &certificate, peerCertificateChain) { + for (const QSslCertificate &certificate : qAsConst(peerCertificateChain)) { if (!QSslCertificatePrivate::isBlacklisted(certificate)) continue; @@ -628,10 +628,10 @@ HRESULT QSslSocketBackendPrivate::onSslUpgrade(IAsyncAction *action, AsyncStatus if (!sslErrors.isEmpty()) { emit q->sslErrors(sslErrors); - setErrorAndEmit(QAbstractSocket::SslHandshakeFailedError, sslErrors.first().errorString()); + setErrorAndEmit(QAbstractSocket::SslHandshakeFailedError, sslErrors.constFirst().errorString()); // Disconnect if there are any non-ignorable errors - foreach (const QSslError &error, sslErrors) { + for (const QSslError &error : qAsConst(sslErrors)) { if (ignoreErrorsList.contains(error)) continue; q->disconnectFromHost(); |