diff options
author | Frederik Gladhorn <frederik.gladhorn@theqtcompany.com> | 2015-02-10 09:32:16 +0100 |
---|---|---|
committer | Frederik Gladhorn <frederik.gladhorn@theqtcompany.com> | 2015-02-10 09:42:25 +0100 |
commit | fc35f714340d5361231506dfbead132122f59460 (patch) | |
tree | fd80498d9417c87b386a011f5849f1e4e48ad3fa /src/network/ssl | |
parent | 6389160f04322449c34bd1ecfe53983e3b588943 (diff) | |
parent | 0d990b9ca117514fe83f53b39f25d6272304f2fb (diff) |
Merge remote-tracking branch 'origin/5.4' into dev
Conflicts:
src/3rdparty/harfbuzz-ng/harfbuzz-ng.pro
src/gui/image/qimage_conversions.cpp
src/gui/opengl/qopenglextensions_p.h
src/gui/text/qtextengine.cpp
src/network/ssl/qsslsocket_openssl.cpp
src/plugins/platforms/eglfs/qeglfshooks_stub.cpp
src/plugins/platforms/eglfs/qeglfsscreen.cpp
src/plugins/platforms/eglfs/qeglfswindow.cpp
src/plugins/platforms/windows/qwindowsfontdatabase.cpp
src/plugins/platforms/windows/qwindowsfontdatabase_ft.cpp
src/plugins/platforms/windows/qwindowsnativeinterface.cpp
src/plugins/platforms/windows/qwindowsscreen.cpp
src/plugins/platforms/windows/qwindowswindow.cpp
src/plugins/platforms/windows/qwindowswindow.h
src/plugins/platforms/xcb/qxcbdrag.h
src/widgets/itemviews/qabstractitemview.cpp
src/widgets/kernel/qwidget.cpp
src/widgets/util/qsystemtrayicon_p.h
tests/auto/corelib/itemmodels/qsortfilterproxymodel/tst_qsortfilterproxymodel.cpp
Thanks to Friedemann Kleint for resolving the qwindowsfontdatabase.cpp
conflicts.
Change-Id: I937232c30523d5121c195d947d92aec6f129b03e
Diffstat (limited to 'src/network/ssl')
-rw-r--r-- | src/network/ssl/qsslconfiguration.cpp | 1 | ||||
-rw-r--r-- | src/network/ssl/qsslcontext_openssl.cpp | 6 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket.cpp | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 20 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl_symbols.cpp | 12 |
5 files changed, 34 insertions, 7 deletions
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index 1686d9e635..715e592595 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -514,6 +514,7 @@ QSslCipher QSslConfiguration::sessionCipher() const is set during the handshake phase. \sa protocol(), setProtocol() + \since 5.4 */ QSsl::SslProtocol QSslConfiguration::sessionProtocol() const { diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp index b21732c88c..fc291e9d60 100644 --- a/src/network/ssl/qsslcontext_openssl.cpp +++ b/src/network/ssl/qsslcontext_openssl.cpp @@ -139,7 +139,13 @@ init_context: #endif break; case QSsl::SslV3: +#ifndef OPENSSL_NO_SSL3_METHOD sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); +#else + // SSL 3 not supported by the system, but chosen deliberately -> error + sslContext->ctx = 0; + unsupportedProtocol = true; +#endif break; case QSsl::SecureProtocols: // SSLv2 and SSLv3 will be disabled by SSL options diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index e12ae33ac2..5c76f327d0 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -1108,6 +1108,7 @@ QSslCipher QSslSocket::sessionCipher() const is set during the handshake phase. \sa protocol(), setProtocol() + \since 5.4 */ QSsl::SslProtocol QSslSocket::sessionProtocol() const { @@ -2123,6 +2124,7 @@ void QSslSocketPrivate::init() connectionEncrypted = false; ignoreAllSslErrors = false; shutdown = false; + pendingClose = false; // we don't want to clear the ignoreErrorsList, so // that it is possible setting it before connecting diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 7cadf3e0a6..83473e8822 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1616,14 +1616,20 @@ void QSslSocketBackendPrivate::continueHandshake() } #if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) - const unsigned char *proto = 0; - unsigned int proto_len = 0; - q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); - if (proto_len) - configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast<const char *>(proto), proto_len); - else - configuration.nextNegotiatedProtocol.clear(); + configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; + if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { + // we could not agree -> be conservative and use HTTP/1.1 + configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); + } else { + const unsigned char *proto = 0; + unsigned int proto_len = 0; + q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); + if (proto_len) + configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast<const char *>(proto), proto_len); + else + configuration.nextNegotiatedProtocol.clear(); + } #endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... connectionEncrypted = true; diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index 61c703eb2c..7c07285a06 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -287,7 +287,9 @@ DEFINEFUNC2(void, SSL_set_psk_client_callback, SSL* ssl, ssl, q_psk_client_callb #ifndef OPENSSL_NO_SSL2 DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) #endif +#ifndef OPENSSL_NO_SSL3_METHOD DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) +#endif DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) #if OPENSSL_VERSION_NUMBER >= 0x10001000L @@ -297,7 +299,9 @@ DEFINEFUNC(const SSL_METHOD *, TLSv1_2_client_method, DUMMYARG, DUMMYARG, return #ifndef OPENSSL_NO_SSL2 DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) #endif +#ifndef OPENSSL_NO_SSL3_METHOD DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) +#endif DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) #if OPENSSL_VERSION_NUMBER >= 0x10001000L @@ -306,11 +310,15 @@ DEFINEFUNC(const SSL_METHOD *, TLSv1_2_server_method, DUMMYARG, DUMMYARG, return #endif #else DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) +#ifndef OPENSSL_NO_SSL3_METHOD DEFINEFUNC(SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) +#endif DEFINEFUNC(SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) DEFINEFUNC(SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) DEFINEFUNC(SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) +#ifndef OPENSSL_NO_SSL3_METHOD DEFINEFUNC(SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) +#endif DEFINEFUNC(SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) DEFINEFUNC(SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) #endif @@ -858,7 +866,9 @@ bool q_resolveOpenSslSymbols() #ifndef OPENSSL_NO_SSL2 RESOLVEFUNC(SSLv2_client_method) #endif +#ifndef OPENSSL_NO_SSL3_METHOD RESOLVEFUNC(SSLv3_client_method) +#endif RESOLVEFUNC(SSLv23_client_method) RESOLVEFUNC(TLSv1_client_method) #if OPENSSL_VERSION_NUMBER >= 0x10001000L @@ -868,7 +878,9 @@ bool q_resolveOpenSslSymbols() #ifndef OPENSSL_NO_SSL2 RESOLVEFUNC(SSLv2_server_method) #endif +#ifndef OPENSSL_NO_SSL3_METHOD RESOLVEFUNC(SSLv3_server_method) +#endif RESOLVEFUNC(SSLv23_server_method) RESOLVEFUNC(TLSv1_server_method) #if OPENSSL_VERSION_NUMBER >= 0x10001000L |