Merge remote-tracking branch 'origin/5.13' into 5.14

Change-Id: Idcf8fc1d79bcd84b494d7f43308e6fe82d60e1a4
author: Qt Forward Merge Bot <qt_forward_merge_bot@qt-project.org> 2019-09-13 01:00:13 +0200
committer: Qt Forward Merge Bot <qt_forward_merge_bot@qt-project.org> 2019-09-13 01:00:15 +0200
commit: 104f0535a16542e419ccba11bf9a08fb8cb4a1e2 (patch)
tree: c7d277b202c0542c39a5085c812ab504a8c613e9 /src/network
parent: 3d7207414b07104c1ea03ef341301a7390d7b0ad (diff)
parent: 447ee95d5e050c5db1636c5d3bd0edbf59f26108 (diff)
5 files changed, 18 insertions, 21 deletions
diff --git a/src/network/access/qhttpnetworkconnection.cpp b/src/network/access/qhttpnetworkconnection.cpp
index 13be1aa6b5..21c6359807 100644
--- a/src/network/access/qhttpnetworkconnection.cpp
+++ b/src/network/access/qhttpnetworkconnection.cpp
@@ -1235,7 +1235,8 @@ void QHttpNetworkConnectionPrivate::_q_hostLookupFinished(const QHostInfo &info)
             emitReplyError(channels[0].socket, channels[0].reply, QNetworkReply::HostNotFoundError);
             networkLayerState = QHttpNetworkConnectionPrivate::Unknown;
         } else if (connectionType == QHttpNetworkConnection::ConnectionTypeSPDY
-                   || connectionType == QHttpNetworkConnection::ConnectionTypeHTTP2) {
+                   || connectionType == QHttpNetworkConnection::ConnectionTypeHTTP2
+                   || connectionType == QHttpNetworkConnection::ConnectionTypeHTTP2Direct) {
             for (const HttpMessagePair &spdyPair : qAsConst(channels[0].spdyRequestsToSend)) {
                 // emit error for all replies
                 QHttpNetworkReply *currentReply = spdyPair.second;
diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp
index c5bc3f509f..39f392a79b 100644
--- a/src/network/access/qhttpnetworkconnectionchannel.cpp
+++ b/src/network/access/qhttpnetworkconnectionchannel.cpp
@@ -1108,6 +1108,7 @@ void QHttpNetworkConnectionChannel::_q_error(QAbstractSocket::SocketError socket
              || !connection->d_func()->lowPriorityQueue.isEmpty());
 
     if (connection->connectionType() == QHttpNetworkConnection::ConnectionTypeHTTP2
+        || connection->connectionType() == QHttpNetworkConnection::ConnectionTypeHTTP2Direct
 #ifndef QT_NO_SSL
         || connection->connectionType() == QHttpNetworkConnection::ConnectionTypeSPDY
 #endif
diff --git a/src/network/access/qhttpthreaddelegate.cpp b/src/network/access/qhttpthreaddelegate.cpp
index 1900397eab..63a3c4f204 100644
--- a/src/network/access/qhttpthreaddelegate.cpp
+++ b/src/network/access/qhttpthreaddelegate.cpp
@@ -297,6 +297,11 @@ void QHttpThreadDelegate::startRequest()
         connectionType = QHttpNetworkConnection::ConnectionTypeHTTP2Direct;
     }
 
+#if QT_CONFIG(ssl)
+    // See qnetworkreplyhttpimpl, delegate's initialization code.
+    Q_ASSERT(!ssl || incomingSslConfiguration.data());
+#endif // QT_CONFIG(ssl)
+
     const bool isH2 = httpRequest.isHTTP2Allowed() || httpRequest.isHTTP2Direct();
     if (isH2) {
 #if QT_CONFIG(ssl)
@@ -316,9 +321,6 @@ void QHttpThreadDelegate::startRequest()
     }
 
 #ifndef QT_NO_SSL
-    if (ssl && !incomingSslConfiguration.data())
-        incomingSslConfiguration.reset(new QSslConfiguration);
-
     if (!isH2 && httpRequest.isSPDYAllowed() && ssl) {
         connectionType = QHttpNetworkConnection::ConnectionTypeSPDY;
         urlCopy.setScheme(QStringLiteral("spdy")); // to differentiate SPDY requests from HTTPS requests
diff --git a/src/network/ssl/qsslsocket_schannel.cpp b/src/network/ssl/qsslsocket_schannel.cpp
index 978571e61d..d7fb080b49 100644
--- a/src/network/ssl/qsslsocket_schannel.cpp
+++ b/src/network/ssl/qsslsocket_schannel.cpp
@@ -828,12 +828,17 @@ bool QSslSocketBackendPrivate::acceptContext()
             &expiry // ptsTimeStamp
     );
 
+    if (status == SEC_E_INCOMPLETE_MESSAGE) {
+        // Need more data
+        return true;
+    }
+
     if (inBuffers[1].BufferType == SECBUFFER_EXTRA) {
         // https://docs.microsoft.com/en-us/windows/desktop/secauthn/extra-buffers-returned-by-schannel
         // inBuffers[1].cbBuffer indicates the amount of bytes _NOT_ processed, the rest need to
         // be stored.
         intermediateBuffer = intermediateBuffer.right(int(inBuffers[1].cbBuffer));
-    } else if (status != SEC_E_INCOMPLETE_MESSAGE) {
+    } else { /* No 'extra' data, message not incomplete */
         intermediateBuffer.clear();
     }
 
@@ -1069,7 +1074,6 @@ bool QSslSocketBackendPrivate::verifyHandshake()
     }
 
     schannelState = SchannelState::Done;
-    peerCertVerified = true;
     return true;
 }
 
@@ -1152,7 +1156,6 @@ void QSslSocketBackendPrivate::reset()
 
     connectionEncrypted = false;
     shutdown = false;
-    peerCertVerified = false;
     renegotiating = false;
 }
 
@@ -1315,7 +1318,9 @@ void QSslSocketBackendPrivate::transmit()
 #endif
                     intermediateBuffer = ciphertext.right(int(dataBuffer[3].cbBuffer));
                 }
-            } else if (status == SEC_E_INCOMPLETE_MESSAGE) {
+            }
+
+            if (status == SEC_E_INCOMPLETE_MESSAGE) {
                 // Need more data before we can decrypt.. to the buffer it goes!
 #ifdef QSSLSOCKET_DEBUG
                 qCDebug(lcSsl, "We didn't have enough data to decrypt anything, will try again!");
@@ -1361,17 +1366,6 @@ void QSslSocketBackendPrivate::transmit()
                 schannelState = SchannelState::Renegotiate;
                 renegotiating = true;
 
-                if (dataBuffer[3].BufferType == SECBUFFER_EXTRA) {
-                    // https://docs.microsoft.com/en-us/windows/desktop/secauthn/extra-buffers-returned-by-schannel
-                    // dataBuffer[3].cbBuffer indicates the amount of bytes _NOT_ processed,
-                    // the rest need to be stored.
-#ifdef QSSLSOCKET_DEBUG
-                    qCDebug(lcSsl) << "We've got excess data, moving it to the intermediate buffer:"
-                                   << dataBuffer[3].cbBuffer << "bytes";
-#endif
-                    intermediateBuffer = ciphertext.right(int(dataBuffer[3].cbBuffer));
-                }
-
                 // We need to call 'continueHandshake' or else there's no guarantee it ever gets called
                 continueHandshake();
                 break;
@@ -1537,7 +1531,7 @@ void QSslSocketBackendPrivate::continueHandshake()
     case SchannelState::VerifyHandshake:
         // if we're in shutdown or renegotiating then we might not need to verify
         // (since we already did)
-        if (!peerCertVerified && !verifyHandshake()) {
+        if (!verifyHandshake()) {
             shutdown = true; // Skip sending shutdown alert
             q->abort(); // We don't want to send buffered data
             disconnectFromHost();
diff --git a/src/network/ssl/qsslsocket_schannel_p.h b/src/network/ssl/qsslsocket_schannel_p.h
index 9879e2fc60..6ab200e1f9 100644
--- a/src/network/ssl/qsslsocket_schannel_p.h
+++ b/src/network/ssl/qsslsocket_schannel_p.h
@@ -147,7 +147,6 @@ private:
     ULONG contextAttributes = 0;
 
     bool renegotiating = false;
-    bool peerCertVerified = false;
 };
 
 QT_END_NAMESPACE
author	Qt Forward Merge Bot <qt_forward_merge_bot@qt-project.org>	2019-09-13 01:00:13 +0200
committer	Qt Forward Merge Bot <qt_forward_merge_bot@qt-project.org>	2019-09-13 01:00:15 +0200
commit	104f0535a16542e419ccba11bf9a08fb8cb4a1e2 (patch)
tree	c7d277b202c0542c39a5085c812ab504a8c613e9 /src/network
parent	3d7207414b07104c1ea03ef341301a7390d7b0ad (diff)
parent	447ee95d5e050c5db1636c5d3bd0edbf59f26108 (diff)