diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2017-01-30 10:24:41 +0100 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2017-01-30 11:28:18 +0000 |
commit | 84fa396d84103770a345a06f7cf151ae17c00b67 (patch) | |
tree | 901fafc38fdcc7ece46496bf8f20053f3e6ea4b4 /src/network | |
parent | 5ad191850becd7dc1d61d0975f141a5db64e6373 (diff) |
SecureTransport - remove (now) redundant standalone function
It was first introduced when we had to work-around old macOS SDK (<= 10.7) with
missing API; so we split the original code into two functions, one for
iOS (any supported version) and macOS > 10.7, another function (with all
ifdefs needed and old, deprecated API usage) for macOS <= 10.7. Now that
support for those versions was dropped and the second function gone, having
the remaining code in some external function looks illogical. It can be moved
into the member-function back.
Change-Id: Ib6355f225b5df3d92a70bd7679545cc89c450228
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/ssl/qsslsocket_mac.cpp | 176 |
1 files changed, 82 insertions, 94 deletions
diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 0548aa3909..752640bd46 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -82,98 +82,6 @@ static void qt_releaseSecureTransportContext(SSLContextRef context) CFRelease(context); } -static bool qt_setSessionProtocol(SSLContextRef context, const QSslConfigurationPrivate &configuration, - QTcpSocket *plainSocket) -{ - Q_ASSERT(context); - -#ifndef QSSLSOCKET_DEBUG - Q_UNUSED(plainSocket) -#endif - - OSStatus err = noErr; - - if (configuration.protocol == QSsl::SslV3) { - #ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : SSLv3"; - #endif - err = SSLSetProtocolVersionMin(context, kSSLProtocol3); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kSSLProtocol3); - } else if (configuration.protocol == QSsl::TlsV1_0) { - #ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.0"; - #endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol1); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol1); - } else if (configuration.protocol == QSsl::TlsV1_1) { - #ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1"; - #endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol11); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol11); - } else if (configuration.protocol == QSsl::TlsV1_2) { - #ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2"; - #endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol12); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol12); - } else if (configuration.protocol == QSsl::AnyProtocol) { - #ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : any"; - #endif - // kSSLProtocol3, since kSSLProtocol2 is disabled: - err = SSLSetProtocolVersionMin(context, kSSLProtocol3); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol12); - } else if (configuration.protocol == QSsl::TlsV1SslV3) { - #ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : SSLv3 - TLSv1.2"; - #endif - err = SSLSetProtocolVersionMin(context, kSSLProtocol3); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol12); - } else if (configuration.protocol == QSsl::SecureProtocols) { - #ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2"; - #endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol1); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol12); - } else if (configuration.protocol == QSsl::TlsV1_0OrLater) { - #ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2"; - #endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol1); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol12); - } else if (configuration.protocol == QSsl::TlsV1_1OrLater) { - #ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1 - TLSv1.2"; - #endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol11); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol12); - } else if (configuration.protocol == QSsl::TlsV1_2OrLater) { - #ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2"; - #endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol12); - if (err == noErr) - err = SSLSetProtocolVersionMax(context, kTLSProtocol12); - } else { - #ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "no protocol version found in the configuration"; - #endif - return false; - } - - return err == noErr; -} - QSecureTransportContext::QSecureTransportContext(SSLContextRef c) : context(c) { @@ -956,7 +864,7 @@ bool QSslSocketBackendPrivate::setSessionProtocol() { Q_ASSERT_X(context, Q_FUNC_INFO, "invalid SSL context (null)"); - // QSsl::SslV2 == kSSLProtocol2 is disabled in secure transport and + // QSsl::SslV2 == kSSLProtocol2 is disabled in Secure Transport and // always fails with errSSLIllegalParam: // if (version < MINIMUM_STREAM_VERSION || version > MAXIMUM_STREAM_VERSION) // return errSSLIllegalParam; @@ -966,7 +874,87 @@ bool QSslSocketBackendPrivate::setSessionProtocol() return false; } - return qt_setSessionProtocol(context, configuration, plainSocket); + OSStatus err = noErr; + + if (configuration.protocol == QSsl::SslV3) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : SSLv3"; + #endif + err = SSLSetProtocolVersionMin(context, kSSLProtocol3); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kSSLProtocol3); + } else if (configuration.protocol == QSsl::TlsV1_0) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.0"; + #endif + err = SSLSetProtocolVersionMin(context, kTLSProtocol1); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol1); + } else if (configuration.protocol == QSsl::TlsV1_1) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1"; + #endif + err = SSLSetProtocolVersionMin(context, kTLSProtocol11); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol11); + } else if (configuration.protocol == QSsl::TlsV1_2) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2"; + #endif + err = SSLSetProtocolVersionMin(context, kTLSProtocol12); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol12); + } else if (configuration.protocol == QSsl::AnyProtocol) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : any"; + #endif + // kSSLProtocol3, since kSSLProtocol2 is disabled: + err = SSLSetProtocolVersionMin(context, kSSLProtocol3); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol12); + } else if (configuration.protocol == QSsl::TlsV1SslV3) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : SSLv3 - TLSv1.2"; + #endif + err = SSLSetProtocolVersionMin(context, kSSLProtocol3); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol12); + } else if (configuration.protocol == QSsl::SecureProtocols) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2"; + #endif + err = SSLSetProtocolVersionMin(context, kTLSProtocol1); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol12); + } else if (configuration.protocol == QSsl::TlsV1_0OrLater) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2"; + #endif + err = SSLSetProtocolVersionMin(context, kTLSProtocol1); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol12); + } else if (configuration.protocol == QSsl::TlsV1_1OrLater) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.1 - TLSv1.2"; + #endif + err = SSLSetProtocolVersionMin(context, kTLSProtocol11); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol12); + } else if (configuration.protocol == QSsl::TlsV1_2OrLater) { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "requesting : TLSv1.2"; + #endif + err = SSLSetProtocolVersionMin(context, kTLSProtocol12); + if (err == noErr) + err = SSLSetProtocolVersionMax(context, kTLSProtocol12); + } else { + #ifdef QSSLSOCKET_DEBUG + qCDebug(lcSsl) << plainSocket << "no protocol version found in the configuration"; + #endif + return false; + } + + return err == noErr; } bool QSslSocketBackendPrivate::canIgnoreTrustVerificationFailure() const |