Add QSsl::Dtls1_0OrLater enumerator

... to make DTLS protocols work more like TLS protocol versions. Also, handle (as 'unsupported' for now) those new constants in a switch statement, when creating SSL_CTX (fixing build errors). Change-Id: Ia444184ca191d8665e37046b0b9120e43ec5893a Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2018-04-16 11:38:46 +0200
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2018-04-17 17:10:12 +0000
commit: c555c8b9f5c5bb1f390d94cf43d249e74ecb86f6 (patch)
tree: 467b82e7d4347a114697f06d08fe787b923eb0fe /src
parent: 3ac029f674edea1cc91014345f445a9a8d1fc89f (diff)
4 files changed, 16 insertions, 0 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
index ee6e64706a..3a0983e8b5 100644
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@@ -126,6 +126,7 @@ Q_LOGGING_CATEGORY(lcSsl, "qt.network.ssl");
     \value TlsV1_2 TLSv1.2. When using the WinRT backend this option will also enable TLSv1.0 and TLSv1.1.
     \value TlsV1_2OrLater TLSv1.2 and later versions. This option is not available when using the WinRT backend due to platform limitations.
     \value DtlsV1_0 DTLSv1.0
+    \value DtlsV1_0OrLater DTLSv1.0 and later versions.
     \value DtlsV1_2 DTLSv1.2
     \value DtlsV1_2OrLater DTLSv1.2 and later versions.
     \value UnknownProtocol The cipher's protocol cannot be determined.
diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h
index 7d688e27fc..0f091b181a 100644
--- a/src/network/ssl/qssl.h
+++ b/src/network/ssl/qssl.h
@@ -92,6 +92,7 @@ namespace QSsl {
         TlsV1_2OrLater,
 
         DtlsV1_0,
+        DtlsV1_0OrLater,
         DtlsV1_2,
         DtlsV1_2OrLater,
 
diff --git a/src/network/ssl/qsslcontext_openssl11.cpp b/src/network/ssl/qsslcontext_openssl11.cpp
index 5c68ed41db..0f4878c98d 100644
--- a/src/network/ssl/qsslcontext_openssl11.cpp
+++ b/src/network/ssl/qsslcontext_openssl11.cpp
@@ -139,6 +139,13 @@ init_context:
         minVersion = TLS1_2_VERSION;
         maxVersion = TLS_MAX_VERSION;
         break;
+    case QSsl::DtlsV1_0:
+    case QSsl::DtlsV1_0OrLater:
+    case QSsl::DtlsV1_2:
+    case QSsl::DtlsV1_2OrLater:
+        sslContext->errorStr = QSslSocket::tr("unsupported protocol");
+        sslContext->errorCode = QSslError::UnspecifiedError;
+        return;
     case QSsl::SslV2:
         // This protocol is not supported by OpenSSL 1.1 and we handle
         // it as an error (see the code above).
diff --git a/src/network/ssl/qsslcontext_opensslpre11.cpp b/src/network/ssl/qsslcontext_opensslpre11.cpp
index eea821804f..7994892cfc 100644
--- a/src/network/ssl/qsslcontext_opensslpre11.cpp
+++ b/src/network/ssl/qsslcontext_opensslpre11.cpp
@@ -73,6 +73,13 @@ void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mo
     bool unsupportedProtocol = false;
 init_context:
     switch (sslContext->sslConfiguration.protocol()) {
+    case QSsl::DtlsV1_0:
+    case QSsl::DtlsV1_0OrLater:
+    case QSsl::DtlsV1_2:
+    case QSsl::DtlsV1_2OrLater:
+        sslContext->ctx = 0;
+        unsupportedProtocol = true;
+        break;
     case QSsl::SslV2:
 #ifndef OPENSSL_NO_SSL2
         sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method());
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2018-04-16 11:38:46 +0200
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2018-04-17 17:10:12 +0000
commit	c555c8b9f5c5bb1f390d94cf43d249e74ecb86f6 (patch)
tree	467b82e7d4347a114697f06d08fe787b923eb0fe /src
parent	3ac029f674edea1cc91014345f445a9a8d1fc89f (diff)