diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2021-03-25 12:41:08 +0100 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2021-04-22 22:51:54 +0200 |
commit | d385158d5213ef568b7629e2aa4a818016bbffac (patch) | |
tree | 2c111b462fe39dffacb3c7f5cdd8db269f87ed6c /src/plugins/tls/openssl/qx509_openssl_p.h | |
parent | 6b1a7341fed4b9456ea6bfa2de7412d45ef56c65 (diff) |
Move plugin code from QtNetwork to qtbase/plugins
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/plugins/tls/openssl/qx509_openssl_p.h')
-rw-r--r-- | src/plugins/tls/openssl/qx509_openssl_p.h | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/src/plugins/tls/openssl/qx509_openssl_p.h b/src/plugins/tls/openssl/qx509_openssl_p.h new file mode 100644 index 0000000000..19f2f7614e --- /dev/null +++ b/src/plugins/tls/openssl/qx509_openssl_p.h @@ -0,0 +1,124 @@ +/**************************************************************************** +** +** Copyright (C) 2021 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ +** +** This file is part of the QtNetwork module of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:LGPL$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and The Qt Company. For licensing terms +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. +** +** GNU Lesser General Public License Usage +** Alternatively, this file may be used under the terms of the GNU Lesser +** General Public License version 3 as published by the Free Software +** Foundation and appearing in the file LICENSE.LGPL3 included in the +** packaging of this file. Please review the following information to +** ensure the GNU Lesser General Public License version 3 requirements +** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 2.0 or (at your option) the GNU General +** Public license version 3 or any later version approved by the KDE Free +** Qt Foundation. The licenses are as published by the Free Software +** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-2.0.html and +** https://www.gnu.org/licenses/gpl-3.0.html. +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + +#ifndef QX509_OPENSSL_P_H +#define QX509_OPENSSL_P_H + +// +// W A R N I N G +// ------------- +// +// This file is not part of the Qt API. It exists purely as an +// implementation detail. This header file may change from version to +// version without notice, or even be removed. +// +// We mean it. +// + +#include <QtNetwork/private/qtnetworkglobal_p.h> + +#include "../shared/qx509_base_p.h" + +#include <QtNetwork/private/qtlsbackend_p.h> + +#include <QtCore/qvariant.h> +#include <QtCore/qglobal.h> +#include <QtCore/qstring.h> + +#include "qopenssl_p.h" + +#include <algorithm> + +QT_BEGIN_NAMESPACE + +namespace QTlsPrivate { + +class X509CertificateOpenSSL final : public X509CertificateBase +{ +public: + X509CertificateOpenSSL(); + ~X509CertificateOpenSSL(); + + // TLSTODO: in future may become movable/copyable (ref-counted based + // OpenSSL's X509 implementation). + + bool isEqual(const X509Certificate &rhs) const override; + bool isSelfSigned() const override; + QMultiMap<QSsl::AlternativeNameEntryType, QString> subjectAlternativeNames() const override; + TlsKey *publicKey() const override; + + QByteArray toPem() const override; + QByteArray toDer() const override; + QString toText() const override; + Qt::HANDLE handle() const override; + + size_t hash(size_t seed) const noexcept override; + + static QSslCertificate certificateFromX509(X509 *x); + static QList<QSslCertificate> stackOfX509ToQSslCertificates(STACK_OF(X509) *x509); + static QSslErrorEntry errorEntryFromStoreContext(X509_STORE_CTX *ctx); + + static QList<QSslError> verify(const QList<QSslCertificate> &chain, const QString &hostName); + static QList<QSslError> verify(const QList<QSslCertificate> &caCertificates, + const QList<QSslCertificate> &certificateChain, + const QString &hostName); + + static QList<QSslCertificate> certificatesFromPem(const QByteArray &pem, int count); + static QList<QSslCertificate> certificatesFromDer(const QByteArray &der, int count); + static bool importPkcs12(QIODevice *device, QSslKey *key, QSslCertificate *cert, + QList<QSslCertificate> *caCertificates, + const QByteArray &passPhrase); + + static QSslError openSSLErrorToQSslError(int errorCode, const QSslCertificate &cert); +private: + void parseExtensions(); + static X509CertificateExtension convertExtension(X509_EXTENSION *ext); + + X509 *x509 = nullptr; + + Q_DISABLE_COPY_MOVE(X509CertificateOpenSSL) +}; + +extern "C" int qt_X509Callback(int ok, X509_STORE_CTX *ctx); + +} // namespace QTlsPrivate + +QT_END_NAMESPACE + +#endif // QX509_OPENSSL_P_H |