diff options
author | Liang Qi <liang.qi@theqtcompany.com> | 2015-11-27 17:38:42 +0000 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2015-11-27 19:24:34 +0000 |
commit | 37a55e8840e53c78f855f17f2b5f453ed2058099 (patch) | |
tree | 9d5dcbe6f8b5078fe6a165e3b35b76817374fbd5 /src/network | |
parent | eddb938c39d03e163ef47c965ea07ab19250eeed (diff) | |
parent | 8c57e8c012d1045f2bdb30d376625a32c33fdfc4 (diff) |
Merge "Merge remote-tracking branch 'origin/5.5' into 5.6" into refs/staging/5.6
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/socket/qnativesocketengine.cpp | 36 | ||||
-rw-r--r-- | src/network/socket/qnativesocketengine_p.h | 12 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_mac.cpp | 379 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_mac_p.h | 22 |
4 files changed, 336 insertions, 113 deletions
diff --git a/src/network/socket/qnativesocketengine.cpp b/src/network/socket/qnativesocketengine.cpp index c11b889220..e86d3ad76e 100644 --- a/src/network/socket/qnativesocketengine.cpp +++ b/src/network/socket/qnativesocketengine.cpp @@ -672,6 +672,24 @@ int QNativeSocketEngine::accept() return d->nativeAccept(); } +/*! + Returns the number of bytes that are currently available for + reading. On error, -1 is returned. + + For UDP sockets, this function returns the accumulated size of all + pending datagrams, and it is therefore more useful for UDP sockets + to call hasPendingDatagrams() and pendingDatagramSize(). +*/ +qint64 QNativeSocketEngine::bytesAvailable() const +{ + Q_D(const QNativeSocketEngine); + Q_CHECK_VALID_SOCKETLAYER(QNativeSocketEngine::bytesAvailable(), -1); + Q_CHECK_NOT_STATE(QNativeSocketEngine::bytesAvailable(), QAbstractSocket::UnconnectedState, -1); + + return d->nativeBytesAvailable(); +} + +#ifndef QT_NO_UDPSOCKET #ifndef QT_NO_NETWORKINTERFACE /*! @@ -734,23 +752,6 @@ bool QNativeSocketEngine::setMulticastInterface(const QNetworkInterface &iface) #endif // QT_NO_NETWORKINTERFACE /*! - Returns the number of bytes that are currently available for - reading. On error, -1 is returned. - - For UDP sockets, this function returns the accumulated size of all - pending datagrams, and it is therefore more useful for UDP sockets - to call hasPendingDatagrams() and pendingDatagramSize(). -*/ -qint64 QNativeSocketEngine::bytesAvailable() const -{ - Q_D(const QNativeSocketEngine); - Q_CHECK_VALID_SOCKETLAYER(QNativeSocketEngine::bytesAvailable(), -1); - Q_CHECK_NOT_STATE(QNativeSocketEngine::bytesAvailable(), QAbstractSocket::UnconnectedState, -1); - - return d->nativeBytesAvailable(); -} - -/*! Returns \c true if there is at least one datagram pending. This function is only called by UDP sockets, where a datagram can have a size of 0. TCP sockets call bytesAvailable(). @@ -834,6 +835,7 @@ qint64 QNativeSocketEngine::writeDatagram(const char *data, qint64 size, const Q return d->nativeSendDatagram(data, size, header); } +#endif // QT_NO_UDPSOCKET /*! Writes a block of \a size bytes from \a data to the socket. diff --git a/src/network/socket/qnativesocketengine_p.h b/src/network/socket/qnativesocketengine_p.h index 0fa1d8f96e..9a76e23013 100644 --- a/src/network/socket/qnativesocketengine_p.h +++ b/src/network/socket/qnativesocketengine_p.h @@ -124,6 +124,12 @@ public: int accept() Q_DECL_OVERRIDE; void close() Q_DECL_OVERRIDE; + qint64 bytesAvailable() const Q_DECL_OVERRIDE; + + qint64 read(char *data, qint64 maxlen) Q_DECL_OVERRIDE; + qint64 write(const char *data, qint64 len) Q_DECL_OVERRIDE; + +#ifndef QT_NO_UDPSOCKET #ifndef QT_NO_NETWORKINTERFACE bool joinMulticastGroup(const QHostAddress &groupAddress, const QNetworkInterface &iface) Q_DECL_OVERRIDE; @@ -133,16 +139,12 @@ public: bool setMulticastInterface(const QNetworkInterface &iface) Q_DECL_OVERRIDE; #endif - qint64 bytesAvailable() const Q_DECL_OVERRIDE; - - qint64 read(char *data, qint64 maxlen) Q_DECL_OVERRIDE; - qint64 write(const char *data, qint64 len) Q_DECL_OVERRIDE; - qint64 readDatagram(char *data, qint64 maxlen, QIpPacketHeader * = 0, PacketHeaderOptions = WantNone) Q_DECL_OVERRIDE; qint64 writeDatagram(const char *data, qint64 len, const QIpPacketHeader &) Q_DECL_OVERRIDE; bool hasPendingDatagrams() const Q_DECL_OVERRIDE; qint64 pendingDatagramSize() const Q_DECL_OVERRIDE; +#endif // QT_NO_UDPSOCKET qint64 bytesToWrite() const Q_DECL_OVERRIDE; diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 06c707f271..4e090f96cb 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -51,12 +51,291 @@ #include <algorithm> #include <cstddef> +#include <QtCore/private/qcore_mac_p.h> + #ifdef Q_OS_OSX #include <CoreServices/CoreServices.h> #endif QT_BEGIN_NAMESPACE +static SSLContextRef qt_createSecureTransportContext(QSslSocket::SslMode mode) +{ + const bool isServer = mode == QSslSocket::SslServerMode; + SSLContextRef context = Q_NULLPTR; + +#ifndef Q_OS_OSX + const SSLProtocolSide side = isServer ? kSSLServerSide : kSSLClientSide; + // We never use kSSLDatagramType, so it's kSSLStreamType unconditionally. + context = SSLCreateContext(Q_NULLPTR, side, kSSLStreamType); + if (!context) + qCWarning(lcSsl) << "SSLCreateContext failed"; +#else // Q_OS_OSX + +#if QT_MAC_PLATFORM_SDK_EQUAL_OR_ABOVE(__MAC_10_8, __IPHONE_NA) + if (QSysInfo::MacintoshVersion >= QSysInfo::MV_10_8) { + const SSLProtocolSide side = isServer ? kSSLServerSide : kSSLClientSide; + // We never use kSSLDatagramType, so it's kSSLStreamType unconditionally. + context = SSLCreateContext(Q_NULLPTR, side, kSSLStreamType); + if (!context) + qCWarning(lcSsl) << "SSLCreateContext failed"; + } else { +#else + { +#endif + const OSStatus errCode = SSLNewContext(isServer, &context); + if (errCode != noErr || !context) + qCWarning(lcSsl) << "SSLNewContext failed with error:" << errCode; + } +#endif // !Q_OS_OSX + + return context; +} + +static void qt_releaseSecureTransportContext(SSLContextRef context) +{ + if (!context) + return; + +#ifndef Q_OS_OSX + CFRelease(context); +#else + +#if QT_MAC_PLATFORM_SDK_EQUAL_OR_ABOVE(__MAC_10_8, __IPHONE_NA) + if (QSysInfo::MacintoshVersion >= QSysInfo::MV_10_8) { + CFRelease(context); + } else { +#else + { +#endif // QT_MAC_PLATFORM_... + const OSStatus errCode = SSLDisposeContext(context); + if (errCode != noErr) + qCWarning(lcSsl) << "SSLDisposeContext failed with error:" << errCode; + } +#endif // !Q_OS_OSX +} + +static bool qt_setSessionProtocol(SSLContextRef context, const QSslConfigurationPrivate &configuration, + QTcpSocket *plainSocket) +{ + Q_ASSERT(context); + +#ifndef QSSLSOCKET_DEBUG + Q_UNUSED(plainSocket) +#endif + + OSStatus err = noErr; + +#if QT_MAC_PLATFORM_SDK_EQUAL_OR_ABOVE(__MAC_10_8, __IPHONE_5_0) + if (configuration.protocol == QSsl::SslV3) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : SSLv3"; + #endif + err = SSLSetProtocolVersionMin(context, kSSLProtocol3); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kSSLProtocol3); + } else if (configuration.protocol == QSsl::TlsV1_0) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.0"; + #endif + err = SSLSetProtocolVersionMin(context, kTLSProtocol1); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol1); + } else if (configuration.protocol == QSsl::TlsV1_1) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1"; + #endif + err = SSLSetProtocolVersionMin(context, kTLSProtocol11); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol11); + } else if (configuration.protocol == QSsl::TlsV1_2) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2"; + #endif + err = SSLSetProtocolVersionMin(context, kTLSProtocol12); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol12); + } else if (configuration.protocol == QSsl::AnyProtocol) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : any"; + #endif + // kSSLProtocol3, since kSSLProtocol2 is disabled: + err = SSLSetProtocolVersionMin(context, kSSLProtocol3); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol12); + } else if (configuration.protocol == QSsl::TlsV1SslV3) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : SSLv3 - TLSv1.2"; + #endif + err = SSLSetProtocolVersionMin(context, kSSLProtocol3); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol12); + } else if (configuration.protocol == QSsl::SecureProtocols) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2"; + #endif + err = SSLSetProtocolVersionMin(context, kTLSProtocol1); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol12); + } else if (configuration.protocol == QSsl::TlsV1_0OrLater) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2"; + #endif + err = SSLSetProtocolVersionMin(context, kTLSProtocol1); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol12); + } else if (configuration.protocol == QSsl::TlsV1_1OrLater) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1 - TLSv1.2"; + #endif + err = SSLSetProtocolVersionMin(context, kTLSProtocol11); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol12); + } else if (configuration.protocol == QSsl::TlsV1_2OrLater) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2"; + #endif + err = SSLSetProtocolVersionMin(context, kTLSProtocol12); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol12); + } else { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "no protocol version found in the configuration"; + #endif + return false; + } +#endif + + return err == noErr; +} + +#ifdef Q_OS_OSX + +static bool qt_setSessionProtocolOSX(SSLContextRef context, const QSslConfigurationPrivate &configuration, + QTcpSocket *plainSocket) +{ + // This function works with (now) deprecated API that does not even exist on + // iOS but is the only API we have on OS X below 10.8 + + // Without SSLSetProtocolVersionMin/Max functions it's quite difficult + // to have the required result: + // If we use SSLSetProtocolVersion - any constant except the ones with 'Only' suffix - + // allows a negotiation and we can not set the lower limit. + // SSLSetProtocolVersionEnabled supports only a limited subset of constants, if you believe their docs: + // kSSLProtocol2 + // kSSLProtocol3 + // kTLSProtocol1 + // kSSLProtocolAll + // Here we can only have a look into the SecureTransport's code and hope that what we see there + // and what we have on 10.7 is similar: + // SSLSetProtocoLVersionEnabled actually accepts other constants also, + // called twice with two different protocols it sets a range, + // called once with a protocol (when all protocols were disabled) + // - only this protocol is enabled (without a lower limit negotiation). + + Q_ASSERT(context); + +#ifndef QSSLSOCKET_DEBUG + Q_UNUSED(plainSocket) +#endif + + OSStatus err = noErr; + + // First, disable ALL: + if (SSLSetProtocolVersionEnabled(context, kSSLProtocolAll, false) != noErr) + return false; + + if (configuration.protocol == QSsl::SslV3) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : SSLv3"; + #endif + err = SSLSetProtocolVersion(context, kSSLProtocol3Only); + } else if (configuration.protocol == QSsl::TlsV1_0) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.0"; + #endif + err = SSLSetProtocolVersion(context, kTLSProtocol1Only); + } else if (configuration.protocol == QSsl::TlsV1_1) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1"; + #endif + err = SSLSetProtocolVersionEnabled(context, kTLSProtocol11, true); + } else if (configuration.protocol == QSsl::TlsV1_2) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2"; + #endif + err = SSLSetProtocolVersionEnabled(context, kTLSProtocol12, true); + } else if (configuration.protocol == QSsl::AnyProtocol) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : any"; + #endif + err = SSLSetProtocolVersionEnabled(context, kSSLProtocolAll, true); + } else if (configuration.protocol == QSsl::TlsV1SslV3) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : SSLv3 - TLSv1.2"; + #endif + err = SSLSetProtocolVersionEnabled(context, kTLSProtocol12, true); + if (err == noErr) + err = SSLSetProtocolVersionEnabled(context, kSSLProtocol3, true); + } else if (configuration.protocol == QSsl::SecureProtocols) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2"; + #endif + err = SSLSetProtocolVersionEnabled(context, kTLSProtocol12, true); + if (err == noErr) + err = SSLSetProtocolVersionEnabled(context, kTLSProtocol1, true); + } else if (configuration.protocol == QSsl::TlsV1_0OrLater) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2"; + #endif + err = SSLSetProtocolVersionEnabled(context, kTLSProtocol12, true); + if (err == noErr) + err = SSLSetProtocolVersionEnabled(context, kTLSProtocol1, true); + } else if (configuration.protocol == QSsl::TlsV1_1OrLater) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1 - TLSv1.2"; + #endif + err = SSLSetProtocolVersionEnabled(context, kTLSProtocol12, true); + if (err == noErr) + err = SSLSetProtocolVersionEnabled(context, kTLSProtocol11, true); + } else if (configuration.protocol == QSsl::TlsV1_2OrLater) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2"; + #endif + err = SSLSetProtocolVersionEnabled(context, kTLSProtocol12, true); + } else { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "no protocol version found in the configuration"; + #endif + return false; + } + + return err == noErr; +} + +#endif // Q_OS_OSX + +QSecureTransportContext::QSecureTransportContext(SSLContextRef c) + : context(c) +{ +} + +QSecureTransportContext::~QSecureTransportContext() +{ + qt_releaseSecureTransportContext(context); +} + +QSecureTransportContext::operator SSLContextRef()const +{ + return context; +} + +void QSecureTransportContext::reset(SSLContextRef newContext) +{ + qt_releaseSecureTransportContext(context); + context = newContext; +} + Q_GLOBAL_STATIC_WITH_ARGS(QMutex, qt_securetransport_mutex, (QMutex::Recursive)) //#define QSSLSOCKET_DEBUG @@ -144,7 +423,7 @@ void QSslSocketPrivate::ensureInitialized() // from QSslCertificatePrivate's ctor. s_loadedCiphersAndCerts = true; - QCFType<SSLContextRef> context(SSLCreateContext(Q_NULLPTR, kSSLClientSide, kSSLStreamType)); + const QSecureTransportContext context(qt_createSecureTransportContext(QSslSocket::SslClientMode)); if (context) { QList<QSslCipher> ciphers; QList<QSslCipher> defaultCiphers; @@ -171,7 +450,6 @@ void QSslSocketPrivate::ensureInitialized() if (!s_loadRootCertsOnDemand) setDefaultCaCertificates(systemCaCertificates()); } else { - qCWarning(lcSsl) << "SSLCreateContext failed"; s_loadedCiphersAndCerts = false; } @@ -656,11 +934,7 @@ bool QSslSocketBackendPrivate::initSslContext() Q_ASSERT_X(!context, Q_FUNC_INFO, "invalid socket state, context is not null"); Q_ASSERT(plainSocket); - SSLProtocolSide side = kSSLClientSide; - if (mode == QSslSocket::SslServerMode) - side = kSSLServerSide; - - context = SSLCreateContext(Q_NULLPTR, side, kSSLStreamType); + context.reset(qt_createSecureTransportContext(mode)); if (!context) { setErrorAndEmit(QAbstractSocket::SslInternalError, "SSLCreateContext failed"); return false; @@ -756,7 +1030,7 @@ bool QSslSocketBackendPrivate::initSslContext() void QSslSocketBackendPrivate::destroySslContext() { - context = Q_NULLPTR; + context.reset(Q_NULLPTR); } static QByteArray _q_makePkcs12(const QList<QSslCertificate> &certs, const QSslKey &key, const QString &passPhrase); @@ -853,8 +1127,6 @@ bool QSslSocketBackendPrivate::setSessionProtocol() { Q_ASSERT_X(context, Q_FUNC_INFO, "invalid SSL context (null)"); - OSStatus err = noErr; - // QSsl::SslV2 == kSSLProtocol2 is disabled in secure transport and // always fails with errSSLIllegalParam: // if (version < MINIMUM_STREAM_VERSION || version > MAXIMUM_STREAM_VERSION) @@ -865,85 +1137,20 @@ bool QSslSocketBackendPrivate::setSessionProtocol() return false; } - if (configuration.protocol == QSsl::SslV3) { -#ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : SSLv3"; -#endif - err = SSLSetProtocolVersionMin(context, kSSLProtocol3); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kSSLProtocol3); - } else if (configuration.protocol == QSsl::TlsV1_0) { -#ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.0"; -#endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol1); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol1); - } else if (configuration.protocol == QSsl::TlsV1_1) { -#ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1"; -#endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol11); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol11); - } else if (configuration.protocol == QSsl::TlsV1_2) { -#ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2"; -#endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol12); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol12); - } else if (configuration.protocol == QSsl::AnyProtocol) { -#ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : any"; -#endif - // kSSLProtocol3, since kSSLProtocol2 is disabled: - err = SSLSetProtocolVersionMin(context, kSSLProtocol3); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol12); - } else if (configuration.protocol == QSsl::TlsV1SslV3) { -#ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : SSLv3 - TLSv1.2"; -#endif - err = SSLSetProtocolVersionMin(context, kSSLProtocol3); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol12); - } else if (configuration.protocol == QSsl::SecureProtocols) { -#ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2"; -#endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol1); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol12); - } else if (configuration.protocol == QSsl::TlsV1_0OrLater) { -#ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2"; -#endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol1); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol12); - } else if (configuration.protocol == QSsl::TlsV1_1OrLater) { -#ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1 - TLSv1.2"; -#endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol11); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol12); - } else if (configuration.protocol == QSsl::TlsV1_2OrLater) { -#ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2"; -#endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol12); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol12); +#ifndef Q_OS_OSX + return qt_setSessionProtocol(context, configuration, plainSocket); +#else + +#if QT_MAC_PLATFORM_SDK_EQUAL_OR_ABOVE(__MAC_10_8, __IPHONE_NA) + if (QSysInfo::MacintoshVersion >= QSysInfo::MV_10_8) { + return qt_setSessionProtocol(context, configuration, plainSocket); } else { -#ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "no protocol version found in the configuration"; +#else + { #endif - return false; + return qt_setSessionProtocolOSX(context, configuration, plainSocket); } - - return err == noErr; +#endif } bool QSslSocketBackendPrivate::canIgnoreTrustVerificationFailure() const diff --git a/src/network/ssl/qsslsocket_mac_p.h b/src/network/ssl/qsslsocket_mac_p.h index 414c155882..7a622db185 100644 --- a/src/network/ssl/qsslsocket_mac_p.h +++ b/src/network/ssl/qsslsocket_mac_p.h @@ -45,8 +45,6 @@ // We mean it. // -#include <QtCore/private/qcore_mac_p.h> - #include <QtCore/qstring.h> #include <QtCore/qglobal.h> #include <QtCore/qlist.h> @@ -59,6 +57,20 @@ QT_BEGIN_NAMESPACE +class QSecureTransportContext +{ +public: + explicit QSecureTransportContext(SSLContextRef context); + ~QSecureTransportContext(); + + operator SSLContextRef () const; + void reset(SSLContextRef newContext); +private: + SSLContextRef context; + + Q_DISABLE_COPY(QSecureTransportContext); +}; + class QSslSocketBackendPrivate : public QSslSocketPrivate { Q_DECLARE_PUBLIC(QSslSocket) @@ -76,8 +88,8 @@ public: void startServerEncryption() Q_DECL_OVERRIDE; void transmit() Q_DECL_OVERRIDE; - static QList<QSslError> (verify)(QList<QSslCertificate> certificateChain, - const QString &hostName); + static QList<QSslError> verify(QList<QSslCertificate> certificateChain, + const QString &hostName); static bool importPkcs12(QIODevice *device, QSslKey *key, QSslCertificate *cert, @@ -101,7 +113,7 @@ private: bool checkSslErrors(); bool startHandshake(); - mutable QCFType<SSLContextRef> context; + QSecureTransportContext context; Q_DISABLE_COPY(QSslSocketBackendPrivate); }; |