Merge "Merge remote-tracking branch 'origin/5.5' into 5.6" into refs/staging/5.6

author: Liang Qi <liang.qi@theqtcompany.com> 2015-11-27 17:38:42 +0000
committer: The Qt Project <gerrit-noreply@qt-project.org> 2015-11-27 19:24:34 +0000
commit: 37a55e8840e53c78f855f17f2b5f453ed2058099 (patch)
tree: 9d5dcbe6f8b5078fe6a165e3b35b76817374fbd5 /src/network
parent: eddb938c39d03e163ef47c965ea07ab19250eeed (diff)
parent: 8c57e8c012d1045f2bdb30d376625a32c33fdfc4 (diff)
4 files changed, 336 insertions, 113 deletions
diff --git a/src/network/socket/qnativesocketengine.cpp b/src/network/socket/qnativesocketengine.cpp
index c11b889220..e86d3ad76e 100644
--- a/src/network/socket/qnativesocketengine.cpp
+++ b/src/network/socket/qnativesocketengine.cpp
@@ -672,6 +672,24 @@ int QNativeSocketEngine::accept()
     return d->nativeAccept();
 }
 
+/*!
+    Returns the number of bytes that are currently available for
+    reading. On error, -1 is returned.
+
+    For UDP sockets, this function returns the accumulated size of all
+    pending datagrams, and it is therefore more useful for UDP sockets
+    to call hasPendingDatagrams() and pendingDatagramSize().
+*/
+qint64 QNativeSocketEngine::bytesAvailable() const
+{
+    Q_D(const QNativeSocketEngine);
+    Q_CHECK_VALID_SOCKETLAYER(QNativeSocketEngine::bytesAvailable(), -1);
+    Q_CHECK_NOT_STATE(QNativeSocketEngine::bytesAvailable(), QAbstractSocket::UnconnectedState, -1);
+
+    return d->nativeBytesAvailable();
+}
+
+#ifndef QT_NO_UDPSOCKET
 #ifndef QT_NO_NETWORKINTERFACE
 
 /*!
@@ -734,23 +752,6 @@ bool QNativeSocketEngine::setMulticastInterface(const QNetworkInterface &iface)
 #endif // QT_NO_NETWORKINTERFACE
 
 /*!
-    Returns the number of bytes that are currently available for
-    reading. On error, -1 is returned.
-
-    For UDP sockets, this function returns the accumulated size of all
-    pending datagrams, and it is therefore more useful for UDP sockets
-    to call hasPendingDatagrams() and pendingDatagramSize().
-*/
-qint64 QNativeSocketEngine::bytesAvailable() const
-{
-    Q_D(const QNativeSocketEngine);
-    Q_CHECK_VALID_SOCKETLAYER(QNativeSocketEngine::bytesAvailable(), -1);
-    Q_CHECK_NOT_STATE(QNativeSocketEngine::bytesAvailable(), QAbstractSocket::UnconnectedState, -1);
-
-    return d->nativeBytesAvailable();
-}
-
-/*!
     Returns \c true if there is at least one datagram pending. This
     function is only called by UDP sockets, where a datagram can have
     a size of 0. TCP sockets call bytesAvailable().
@@ -834,6 +835,7 @@ qint64 QNativeSocketEngine::writeDatagram(const char *data, qint64 size, const Q
 
     return d->nativeSendDatagram(data, size, header);
 }
+#endif // QT_NO_UDPSOCKET
 
 /*!
     Writes a block of \a size bytes from \a data to the socket.
diff --git a/src/network/socket/qnativesocketengine_p.h b/src/network/socket/qnativesocketengine_p.h
index 0fa1d8f96e..9a76e23013 100644
--- a/src/network/socket/qnativesocketengine_p.h
+++ b/src/network/socket/qnativesocketengine_p.h
@@ -124,6 +124,12 @@ public:
     int accept() Q_DECL_OVERRIDE;
     void close() Q_DECL_OVERRIDE;
 
+    qint64 bytesAvailable() const Q_DECL_OVERRIDE;
+
+    qint64 read(char *data, qint64 maxlen) Q_DECL_OVERRIDE;
+    qint64 write(const char *data, qint64 len) Q_DECL_OVERRIDE;
+
+#ifndef QT_NO_UDPSOCKET
 #ifndef QT_NO_NETWORKINTERFACE
     bool joinMulticastGroup(const QHostAddress &groupAddress,
                             const QNetworkInterface &iface) Q_DECL_OVERRIDE;
@@ -133,16 +139,12 @@ public:
     bool setMulticastInterface(const QNetworkInterface &iface) Q_DECL_OVERRIDE;
 #endif
 
-    qint64 bytesAvailable() const Q_DECL_OVERRIDE;
-
-    qint64 read(char *data, qint64 maxlen) Q_DECL_OVERRIDE;
-    qint64 write(const char *data, qint64 len) Q_DECL_OVERRIDE;
-
     qint64 readDatagram(char *data, qint64 maxlen, QIpPacketHeader * = 0,
                         PacketHeaderOptions = WantNone) Q_DECL_OVERRIDE;
     qint64 writeDatagram(const char *data, qint64 len, const QIpPacketHeader &) Q_DECL_OVERRIDE;
     bool hasPendingDatagrams() const Q_DECL_OVERRIDE;
     qint64 pendingDatagramSize() const Q_DECL_OVERRIDE;
+#endif // QT_NO_UDPSOCKET
 
     qint64 bytesToWrite() const Q_DECL_OVERRIDE;
 
diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp
index 06c707f271..4e090f96cb 100644
--- a/src/network/ssl/qsslsocket_mac.cpp
+++ b/src/network/ssl/qsslsocket_mac.cpp
@@ -51,12 +51,291 @@
 #include <algorithm>
 #include <cstddef>
 
+#include <QtCore/private/qcore_mac_p.h>
+
 #ifdef Q_OS_OSX
 #include <CoreServices/CoreServices.h>
 #endif
 
 QT_BEGIN_NAMESPACE
 
+static SSLContextRef qt_createSecureTransportContext(QSslSocket::SslMode mode)
+{
+    const bool isServer = mode == QSslSocket::SslServerMode;
+    SSLContextRef context = Q_NULLPTR;
+
+#ifndef Q_OS_OSX
+    const SSLProtocolSide side = isServer ? kSSLServerSide : kSSLClientSide;
+    // We never use kSSLDatagramType, so it's kSSLStreamType unconditionally.
+    context = SSLCreateContext(Q_NULLPTR, side, kSSLStreamType);
+    if (!context)
+        qCWarning(lcSsl) << "SSLCreateContext failed";
+#else // Q_OS_OSX
+
+#if QT_MAC_PLATFORM_SDK_EQUAL_OR_ABOVE(__MAC_10_8, __IPHONE_NA)
+    if (QSysInfo::MacintoshVersion >= QSysInfo::MV_10_8) {
+        const SSLProtocolSide side = isServer ? kSSLServerSide : kSSLClientSide;
+        // We never use kSSLDatagramType, so it's kSSLStreamType unconditionally.
+        context = SSLCreateContext(Q_NULLPTR, side, kSSLStreamType);
+        if (!context)
+            qCWarning(lcSsl) << "SSLCreateContext failed";
+    } else {
+#else
+    {
+#endif
+        const OSStatus errCode = SSLNewContext(isServer, &context);
+        if (errCode != noErr || !context)
+            qCWarning(lcSsl) << "SSLNewContext failed with error:" << errCode;
+    }
+#endif // !Q_OS_OSX
+
+    return context;
+}
+
+static void qt_releaseSecureTransportContext(SSLContextRef context)
+{
+    if (!context)
+        return;
+
+#ifndef Q_OS_OSX
+    CFRelease(context);
+#else
+
+#if QT_MAC_PLATFORM_SDK_EQUAL_OR_ABOVE(__MAC_10_8, __IPHONE_NA)
+    if (QSysInfo::MacintoshVersion >= QSysInfo::MV_10_8) {
+        CFRelease(context);
+    } else {
+#else
+    {
+#endif // QT_MAC_PLATFORM_...
+        const OSStatus errCode = SSLDisposeContext(context);
+        if (errCode != noErr)
+            qCWarning(lcSsl) << "SSLDisposeContext failed with error:" << errCode;
+    }
+#endif // !Q_OS_OSX
+}
+
+static bool qt_setSessionProtocol(SSLContextRef context, const QSslConfigurationPrivate &configuration,
+                                  QTcpSocket *plainSocket)
+{
+    Q_ASSERT(context);
+
+#ifndef QSSLSOCKET_DEBUG
+    Q_UNUSED(plainSocket)
+#endif
+
+    OSStatus err = noErr;
+
+#if QT_MAC_PLATFORM_SDK_EQUAL_OR_ABOVE(__MAC_10_8, __IPHONE_5_0)
+    if (configuration.protocol == QSsl::SslV3) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : SSLv3";
+    #endif
+        err = SSLSetProtocolVersionMin(context, kSSLProtocol3);
+        if (err == noErr)
+            err = SSLSetProtocolVersionMax(context, kSSLProtocol3);
+    } else if (configuration.protocol == QSsl::TlsV1_0) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.0";
+    #endif
+        err = SSLSetProtocolVersionMin(context, kTLSProtocol1);
+        if (err == noErr)
+            err = SSLSetProtocolVersionMax(context, kTLSProtocol1);
+    } else if (configuration.protocol == QSsl::TlsV1_1) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1";
+    #endif
+        err = SSLSetProtocolVersionMin(context, kTLSProtocol11);
+        if (err == noErr)
+            err = SSLSetProtocolVersionMax(context, kTLSProtocol11);
+    } else if (configuration.protocol == QSsl::TlsV1_2) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2";
+    #endif
+        err = SSLSetProtocolVersionMin(context, kTLSProtocol12);
+        if (err == noErr)
+            err = SSLSetProtocolVersionMax(context, kTLSProtocol12);
+    } else if (configuration.protocol == QSsl::AnyProtocol) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : any";
+    #endif
+        // kSSLProtocol3, since kSSLProtocol2 is disabled:
+        err = SSLSetProtocolVersionMin(context, kSSLProtocol3);
+        if (err == noErr)
+            err = SSLSetProtocolVersionMax(context, kTLSProtocol12);
+    } else if (configuration.protocol == QSsl::TlsV1SslV3) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : SSLv3 - TLSv1.2";
+    #endif
+        err = SSLSetProtocolVersionMin(context, kSSLProtocol3);
+        if (err == noErr)
+            err = SSLSetProtocolVersionMax(context, kTLSProtocol12);
+    } else if (configuration.protocol == QSsl::SecureProtocols) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2";
+    #endif
+        err = SSLSetProtocolVersionMin(context, kTLSProtocol1);
+        if (err == noErr)
+            err = SSLSetProtocolVersionMax(context, kTLSProtocol12);
+    } else if (configuration.protocol == QSsl::TlsV1_0OrLater) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2";
+    #endif
+        err = SSLSetProtocolVersionMin(context, kTLSProtocol1);
+        if (err == noErr)
+            err = SSLSetProtocolVersionMax(context, kTLSProtocol12);
+    } else if (configuration.protocol == QSsl::TlsV1_1OrLater) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1 - TLSv1.2";
+    #endif
+        err = SSLSetProtocolVersionMin(context, kTLSProtocol11);
+        if (err == noErr)
+            err = SSLSetProtocolVersionMax(context, kTLSProtocol12);
+    } else if (configuration.protocol == QSsl::TlsV1_2OrLater) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2";
+    #endif
+        err = SSLSetProtocolVersionMin(context, kTLSProtocol12);
+        if (err == noErr)
+            err = SSLSetProtocolVersionMax(context, kTLSProtocol12);
+    } else {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "no protocol version found in the configuration";
+    #endif
+        return false;
+    }
+#endif
+
+    return err == noErr;
+}
+
+#ifdef Q_OS_OSX
+
+static bool qt_setSessionProtocolOSX(SSLContextRef context, const QSslConfigurationPrivate &configuration,
+                                     QTcpSocket *plainSocket)
+{
+    // This function works with (now) deprecated API that does not even exist on
+    // iOS but is the only API we have on OS X below 10.8
+
+    // Without SSLSetProtocolVersionMin/Max functions it's quite difficult
+    // to have the required result:
+    // If we use SSLSetProtocolVersion - any constant except the ones with 'Only' suffix -
+    // allows a negotiation and we can not set the lower limit.
+    // SSLSetProtocolVersionEnabled supports only a limited subset of constants, if you believe their docs:
+    // kSSLProtocol2
+    // kSSLProtocol3
+    // kTLSProtocol1
+    // kSSLProtocolAll
+    // Here we can only have a look into the SecureTransport's code and hope that what we see there
+    // and what we have on 10.7 is similar:
+    // SSLSetProtocoLVersionEnabled actually accepts other constants also,
+    // called twice with two different protocols it sets a range,
+    // called once with a protocol (when all protocols were disabled)
+    // - only this protocol is enabled (without a lower limit negotiation).
+
+    Q_ASSERT(context);
+
+#ifndef QSSLSOCKET_DEBUG
+    Q_UNUSED(plainSocket)
+#endif
+
+    OSStatus err = noErr;
+
+    // First, disable ALL:
+    if (SSLSetProtocolVersionEnabled(context, kSSLProtocolAll, false) != noErr)
+        return false;
+
+    if (configuration.protocol == QSsl::SslV3) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : SSLv3";
+    #endif
+        err = SSLSetProtocolVersion(context, kSSLProtocol3Only);
+    } else if (configuration.protocol == QSsl::TlsV1_0) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.0";
+    #endif
+        err = SSLSetProtocolVersion(context, kTLSProtocol1Only);
+    } else if (configuration.protocol == QSsl::TlsV1_1) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1";
+    #endif
+        err = SSLSetProtocolVersionEnabled(context, kTLSProtocol11, true);
+    } else if (configuration.protocol == QSsl::TlsV1_2) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2";
+    #endif
+        err = SSLSetProtocolVersionEnabled(context, kTLSProtocol12, true);
+    } else if (configuration.protocol == QSsl::AnyProtocol) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : any";
+    #endif
+        err = SSLSetProtocolVersionEnabled(context, kSSLProtocolAll, true);
+    } else if (configuration.protocol == QSsl::TlsV1SslV3) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : SSLv3 - TLSv1.2";
+    #endif
+        err = SSLSetProtocolVersionEnabled(context, kTLSProtocol12, true);
+        if (err == noErr)
+            err = SSLSetProtocolVersionEnabled(context, kSSLProtocol3, true);
+    } else if (configuration.protocol == QSsl::SecureProtocols) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2";
+    #endif
+        err = SSLSetProtocolVersionEnabled(context, kTLSProtocol12, true);
+        if (err == noErr)
+            err = SSLSetProtocolVersionEnabled(context, kTLSProtocol1, true);
+    } else if (configuration.protocol == QSsl::TlsV1_0OrLater) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2";
+    #endif
+        err = SSLSetProtocolVersionEnabled(context, kTLSProtocol12, true);
+        if (err == noErr)
+            err = SSLSetProtocolVersionEnabled(context, kTLSProtocol1, true);
+    } else if (configuration.protocol == QSsl::TlsV1_1OrLater) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1 - TLSv1.2";
+    #endif
+        err = SSLSetProtocolVersionEnabled(context, kTLSProtocol12, true);
+        if (err == noErr)
+            err = SSLSetProtocolVersionEnabled(context, kTLSProtocol11, true);
+    } else if (configuration.protocol == QSsl::TlsV1_2OrLater) {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2";
+    #endif
+        err = SSLSetProtocolVersionEnabled(context, kTLSProtocol12, true);
+    } else {
+    #ifdef QSSLSOCKET_DEBUG
+        qCDebug(lcSsl) << plainSocket << "no protocol version found in the configuration";
+    #endif
+        return false;
+    }
+
+    return err == noErr;
+}
+
+#endif // Q_OS_OSX
+
+QSecureTransportContext::QSecureTransportContext(SSLContextRef c)
+    : context(c)
+{
+}
+
+QSecureTransportContext::~QSecureTransportContext()
+{
+    qt_releaseSecureTransportContext(context);
+}
+
+QSecureTransportContext::operator SSLContextRef()const
+{
+    return context;
+}
+
+void QSecureTransportContext::reset(SSLContextRef newContext)
+{
+    qt_releaseSecureTransportContext(context);
+    context = newContext;
+}
+
 Q_GLOBAL_STATIC_WITH_ARGS(QMutex, qt_securetransport_mutex, (QMutex::Recursive))
 
 //#define QSSLSOCKET_DEBUG
@@ -144,7 +423,7 @@ void QSslSocketPrivate::ensureInitialized()
     // from QSslCertificatePrivate's ctor.
     s_loadedCiphersAndCerts = true;
 
-    QCFType<SSLContextRef> context(SSLCreateContext(Q_NULLPTR, kSSLClientSide, kSSLStreamType));
+    const QSecureTransportContext context(qt_createSecureTransportContext(QSslSocket::SslClientMode));
     if (context) {
         QList<QSslCipher> ciphers;
         QList<QSslCipher> defaultCiphers;
@@ -171,7 +450,6 @@ void QSslSocketPrivate::ensureInitialized()
         if (!s_loadRootCertsOnDemand)
             setDefaultCaCertificates(systemCaCertificates());
     } else {
-        qCWarning(lcSsl) << "SSLCreateContext failed";
         s_loadedCiphersAndCerts = false;
     }
 
@@ -656,11 +934,7 @@ bool QSslSocketBackendPrivate::initSslContext()
     Q_ASSERT_X(!context, Q_FUNC_INFO, "invalid socket state, context is not null");
     Q_ASSERT(plainSocket);
 
-    SSLProtocolSide side = kSSLClientSide;
-    if (mode == QSslSocket::SslServerMode)
-        side = kSSLServerSide;
-
-    context = SSLCreateContext(Q_NULLPTR, side, kSSLStreamType);
+    context.reset(qt_createSecureTransportContext(mode));
     if (!context) {
         setErrorAndEmit(QAbstractSocket::SslInternalError, "SSLCreateContext failed");
         return false;
@@ -756,7 +1030,7 @@ bool QSslSocketBackendPrivate::initSslContext()
 
 void QSslSocketBackendPrivate::destroySslContext()
 {
-    context = Q_NULLPTR;
+    context.reset(Q_NULLPTR);
 }
 
 static QByteArray _q_makePkcs12(const QList<QSslCertificate> &certs, const QSslKey &key, const QString &passPhrase);
@@ -853,8 +1127,6 @@ bool QSslSocketBackendPrivate::setSessionProtocol()
 {
     Q_ASSERT_X(context, Q_FUNC_INFO, "invalid SSL context (null)");
 
-    OSStatus err = noErr;
-
     // QSsl::SslV2 == kSSLProtocol2 is disabled in secure transport and
     // always fails with errSSLIllegalParam:
     // if (version < MINIMUM_STREAM_VERSION || version > MAXIMUM_STREAM_VERSION)
@@ -865,85 +1137,20 @@ bool QSslSocketBackendPrivate::setSessionProtocol()
         return false;
     }
 
-    if (configuration.protocol == QSsl::SslV3) {
-#ifdef QSSLSOCKET_DEBUG
-        qCDebug(lcSsl) << plainSocket << "requesting : SSLv3";
-#endif
-        err = SSLSetProtocolVersionMin(context, kSSLProtocol3);
-        if (err == noErr)
-            err = SSLSetProtocolVersionMax(context, kSSLProtocol3);
-    } else if (configuration.protocol == QSsl::TlsV1_0) {
-#ifdef QSSLSOCKET_DEBUG
-        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.0";
-#endif
-        err = SSLSetProtocolVersionMin(context, kTLSProtocol1);
-        if (err == noErr)
-            err = SSLSetProtocolVersionMax(context, kTLSProtocol1);
-    } else if (configuration.protocol == QSsl::TlsV1_1) {
-#ifdef QSSLSOCKET_DEBUG
-        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1";
-#endif
-        err = SSLSetProtocolVersionMin(context, kTLSProtocol11);
-        if (err == noErr)
-            err = SSLSetProtocolVersionMax(context, kTLSProtocol11);
-    } else if (configuration.protocol == QSsl::TlsV1_2) {
-#ifdef QSSLSOCKET_DEBUG
-        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2";
-#endif
-        err = SSLSetProtocolVersionMin(context, kTLSProtocol12);
-        if (err == noErr)
-            err = SSLSetProtocolVersionMax(context, kTLSProtocol12);
-    } else if (configuration.protocol == QSsl::AnyProtocol) {
-#ifdef QSSLSOCKET_DEBUG
-        qCDebug(lcSsl) << plainSocket << "requesting : any";
-#endif
-        // kSSLProtocol3, since kSSLProtocol2 is disabled:
-        err = SSLSetProtocolVersionMin(context, kSSLProtocol3);
-        if (err == noErr)
-            err = SSLSetProtocolVersionMax(context, kTLSProtocol12);
-    } else if (configuration.protocol == QSsl::TlsV1SslV3) {
-#ifdef QSSLSOCKET_DEBUG
-        qCDebug(lcSsl) << plainSocket << "requesting : SSLv3 - TLSv1.2";
-#endif
-        err = SSLSetProtocolVersionMin(context, kSSLProtocol3);
-        if (err == noErr)
-            err = SSLSetProtocolVersionMax(context, kTLSProtocol12);
-    } else if (configuration.protocol == QSsl::SecureProtocols) {
-#ifdef QSSLSOCKET_DEBUG
-        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2";
-#endif
-        err = SSLSetProtocolVersionMin(context, kTLSProtocol1);
-        if (err == noErr)
-            err = SSLSetProtocolVersionMax(context, kTLSProtocol12);
-    } else if (configuration.protocol == QSsl::TlsV1_0OrLater) {
-#ifdef QSSLSOCKET_DEBUG
-        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2";
-#endif
-        err = SSLSetProtocolVersionMin(context, kTLSProtocol1);
-        if (err == noErr)
-            err = SSLSetProtocolVersionMax(context, kTLSProtocol12);
-    } else if (configuration.protocol == QSsl::TlsV1_1OrLater) {
-#ifdef QSSLSOCKET_DEBUG
-        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1 - TLSv1.2";
-#endif
-        err = SSLSetProtocolVersionMin(context, kTLSProtocol11);
-        if (err == noErr)
-            err = SSLSetProtocolVersionMax(context, kTLSProtocol12);
-    } else if (configuration.protocol == QSsl::TlsV1_2OrLater) {
-#ifdef QSSLSOCKET_DEBUG
-        qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2";
-#endif
-        err = SSLSetProtocolVersionMin(context, kTLSProtocol12);
-        if (err == noErr)
-            err = SSLSetProtocolVersionMax(context, kTLSProtocol12);
+#ifndef Q_OS_OSX
+    return qt_setSessionProtocol(context, configuration, plainSocket);
+#else
+
+#if QT_MAC_PLATFORM_SDK_EQUAL_OR_ABOVE(__MAC_10_8, __IPHONE_NA)
+    if (QSysInfo::MacintoshVersion >= QSysInfo::MV_10_8) {
+        return qt_setSessionProtocol(context, configuration, plainSocket);
     } else {
-#ifdef QSSLSOCKET_DEBUG
-        qCDebug(lcSsl) << plainSocket << "no protocol version found in the configuration";
+#else
+    {
 #endif
-        return false;
+        return qt_setSessionProtocolOSX(context, configuration, plainSocket);
     }
-
-    return err == noErr;
+#endif
 }
 
 bool QSslSocketBackendPrivate::canIgnoreTrustVerificationFailure() const
diff --git a/src/network/ssl/qsslsocket_mac_p.h b/src/network/ssl/qsslsocket_mac_p.h
index 414c155882..7a622db185 100644
--- a/src/network/ssl/qsslsocket_mac_p.h
+++ b/src/network/ssl/qsslsocket_mac_p.h
@@ -45,8 +45,6 @@
 // We mean it.
 //
 
-#include <QtCore/private/qcore_mac_p.h>
-
 #include <QtCore/qstring.h>
 #include <QtCore/qglobal.h>
 #include <QtCore/qlist.h>
@@ -59,6 +57,20 @@
 
 QT_BEGIN_NAMESPACE
 
+class QSecureTransportContext
+{
+public:
+    explicit QSecureTransportContext(SSLContextRef context);
+    ~QSecureTransportContext();
+
+    operator SSLContextRef () const;
+    void reset(SSLContextRef newContext);
+private:
+    SSLContextRef context;
+
+    Q_DISABLE_COPY(QSecureTransportContext);
+};
+
 class QSslSocketBackendPrivate : public QSslSocketPrivate
 {
     Q_DECLARE_PUBLIC(QSslSocket)
@@ -76,8 +88,8 @@ public:
     void startServerEncryption() Q_DECL_OVERRIDE;
     void transmit() Q_DECL_OVERRIDE;
 
-    static QList<QSslError> (verify)(QList<QSslCertificate> certificateChain,
-                                     const QString &hostName);
+    static QList<QSslError> verify(QList<QSslCertificate> certificateChain,
+                                   const QString &hostName);
 
     static bool importPkcs12(QIODevice *device,
                              QSslKey *key, QSslCertificate *cert,
@@ -101,7 +113,7 @@ private:
     bool checkSslErrors();
     bool startHandshake();
 
-    mutable QCFType<SSLContextRef> context;
+    QSecureTransportContext context;
 
     Q_DISABLE_COPY(QSslSocketBackendPrivate);
 };
author	Liang Qi <liang.qi@theqtcompany.com>	2015-11-27 17:38:42 +0000
committer	The Qt Project <gerrit-noreply@qt-project.org>	2015-11-27 19:24:34 +0000
commit	37a55e8840e53c78f855f17f2b5f453ed2058099 (patch)
tree	9d5dcbe6f8b5078fe6a165e3b35b76817374fbd5 /src/network
parent	eddb938c39d03e163ef47c965ea07ab19250eeed (diff)
parent	8c57e8c012d1045f2bdb30d376625a32c33fdfc4 (diff)