diff options
author | Marc Mutz <marc.mutz@qt.io> | 2022-04-05 17:31:05 +0200 |
---|---|---|
committer | Marc Mutz <marc.mutz@qt.io> | 2022-04-12 00:48:17 +0200 |
commit | ba0c2c4b46c937e37ac15360be120cae6d5c01e0 (patch) | |
tree | d511dc0a0ceff5e215c0f70bcf63211a2d8df32e /tests/auto/network/ssl | |
parent | b2233f19c9be9b87f4a49a4169aab6f5e7617563 (diff) |
tst_qsslsocket: remove tons of deprecation warnings
The TLS v1.0 and v1.1 enums are all deprecated since 6.3. At the same
time, the test requires their use, because none of the peers seeem to
implement TLS v1.2, yet (cf. e.g. QTQAINFRA-4499).
Fix by copying the relevant enum values into global variables and
using those. This is a selective way to deal with the issue. The use
of the enums is so widespread in the test that the alternative would
have been to globally suppress deprecation warnings, which, however,
may suppress warnings we may actually want to fix.
Pick-to: 6.3
Change-Id: I4186be72209527fc404f3ba0a5a15f9719c64698
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'tests/auto/network/ssl')
-rw-r--r-- | tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 143 |
1 files changed, 78 insertions, 65 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index a2541d5425..d870a523eb 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -66,6 +66,21 @@ #include "private/qsslsocket_p.h" #include "private/qsslconfiguration_p.h" +QT_WARNING_PUSH +QT_WARNING_DISABLE_DEPRECATED +// make these enum values available without causing deprecation warnings: +namespace Test { +#define COPY(tag, v) \ + constexpr auto tag ## V ## v = QSsl:: tag ## V ## v ; \ + constexpr auto tag ## V ## v ## OrLater = QSsl:: tag ## V ## v ## OrLater ; \ + /* end */ +COPY(Tls, 1_0) +COPY(Dtls, 1_0) +COPY(Tls, 1_1) +#undef COPY +} // namespace Test +QT_WARNING_POP + Q_DECLARE_METATYPE(QSslSocket::SslMode) typedef QList<QSslError::SslError> SslErrorList; Q_DECLARE_METATYPE(SslErrorList) @@ -802,6 +817,15 @@ void tst_QSslSocket::configNoOnDemandLoad() QCOMPARE(customConfig, socket.sslConfiguration()); } +static void downgrade_TLS_QTQAINFRA_4499(QSslSocket &socket) +{ + // Set TLS 1.0 or above because the server doesn't support TLS 1.2 or above + // QTQAINFRA-4499 + QSslConfiguration config = socket.sslConfiguration(); + config.setProtocol(Test::TlsV1_0OrLater); + socket.setSslConfiguration(config); +} + void tst_QSslSocket::simpleConnect() { if (!QSslSocket::supportsSsl()) @@ -813,11 +837,7 @@ void tst_QSslSocket::simpleConnect() QSslSocket socket; - // Set TLS 1.0 or above because the server doesn't support TLS 1.2 or above - // QTQAINFRA-4499 - QSslConfiguration config = socket.sslConfiguration(); - config.setProtocol(QSsl::TlsV1_0OrLater); - socket.setSslConfiguration(config); + downgrade_TLS_QTQAINFRA_4499(socket); QSignalSpy connectedSpy(&socket, SIGNAL(connected())); QSignalSpy hostFoundSpy(&socket, SIGNAL(hostFound())); @@ -881,11 +901,7 @@ void tst_QSslSocket::simpleConnectWithIgnore() QSignalSpy encryptedSpy(&socket, SIGNAL(encrypted())); QSignalSpy sslErrorsSpy(&socket, SIGNAL(sslErrors(QList<QSslError>))); - // Set TLS 1.0 or above because the server doesn't support TLS 1.2 or above - // QTQAINFRA-4499 - QSslConfiguration config = socket.sslConfiguration(); - config.setProtocol(QSsl::TlsV1_0OrLater); - socket.setSslConfiguration(config); + downgrade_TLS_QTQAINFRA_4499(socket); connect(&socket, SIGNAL(readyRead()), this, SLOT(exitLoop())); connect(&socket, SIGNAL(encrypted()), this, SLOT(exitLoop())); @@ -937,11 +953,8 @@ void tst_QSslSocket::sslErrors() QSslSocketPtr socket = newSocket(); - // Set TLS 1.0 or above because the server doesn't support TLS 1.2 or above - // QTQAINFRA-4499 - QSslConfiguration config = socket->sslConfiguration(); - config.setProtocol(QSsl::TlsV1_0OrLater); - socket->setSslConfiguration(config); + QVERIFY(socket); + downgrade_TLS_QTQAINFRA_4499(*socket); QSignalSpy sslErrorsSpy(socket.data(), SIGNAL(sslErrors(QList<QSslError>))); QSignalSpy peerVerifyErrorSpy(socket.data(), SIGNAL(peerVerifyError(QSslError))); @@ -1109,7 +1122,7 @@ void tst_QSslSocket::connectToHostEncrypted() QSslSocketPtr socket = newSocket(); if (isTestingSchannel) // old certificate not supported with TLS 1.2 - socket->setProtocol(QSsl::SslProtocol::TlsV1_1); + socket->setProtocol(Test::TlsV1_1); this->socket = socket.data(); auto config = socket->sslConfiguration(); @@ -1148,7 +1161,7 @@ void tst_QSslSocket::connectToHostEncryptedWithVerificationPeerName() QSslSocketPtr socket = newSocket(); if (isTestingSchannel) // old certificate not supported with TLS 1.2 - socket->setProtocol(QSsl::SslProtocol::TlsV1_1); + socket->setProtocol(Test::TlsV1_1); this->socket = socket.data(); @@ -1366,38 +1379,38 @@ void tst_QSslSocket::protocol() QFETCH_GLOBAL(bool, setProxy); { // qt-test-server allows TLSV1. - socket->setProtocol(QSsl::TlsV1_0); - QCOMPARE(socket->protocol(), QSsl::TlsV1_0); + socket->setProtocol(Test::TlsV1_0); + QCOMPARE(socket->protocol(), Test::TlsV1_0); socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); - QCOMPARE(socket->protocol(), QSsl::TlsV1_0); + QCOMPARE(socket->protocol(), Test::TlsV1_0); socket->abort(); - QCOMPARE(socket->protocol(), QSsl::TlsV1_0); + QCOMPARE(socket->protocol(), Test::TlsV1_0); socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); - QCOMPARE(socket->protocol(), QSsl::TlsV1_0); + QCOMPARE(socket->protocol(), Test::TlsV1_0); socket->abort(); } { // qt-test-server probably doesn't allow TLSV1.1 - socket->setProtocol(QSsl::TlsV1_1); - QCOMPARE(socket->protocol(), QSsl::TlsV1_1); + socket->setProtocol(Test::TlsV1_1); + QCOMPARE(socket->protocol(), Test::TlsV1_1); socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); - QCOMPARE(socket->protocol(), QSsl::TlsV1_1); + QCOMPARE(socket->protocol(), Test::TlsV1_1); socket->abort(); - QCOMPARE(socket->protocol(), QSsl::TlsV1_1); + QCOMPARE(socket->protocol(), Test::TlsV1_1); socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); - QCOMPARE(socket->protocol(), QSsl::TlsV1_1); + QCOMPARE(socket->protocol(), Test::TlsV1_1); socket->abort(); } { @@ -1573,41 +1586,41 @@ void tst_QSslSocket::protocolServerSide_data() QTest::addColumn<QSsl::SslProtocol>("clientProtocol"); QTest::addColumn<bool>("works"); - QTest::newRow("tls1.0-tls1.0") << QSsl::TlsV1_0 << QSsl::TlsV1_0 << true; + QTest::newRow("tls1.0-tls1.0") << Test::TlsV1_0 << Test::TlsV1_0 << true; QTest::newRow("any-any") << QSsl::AnyProtocol << QSsl::AnyProtocol << true; QTest::newRow("secure-secure") << QSsl::SecureProtocols << QSsl::SecureProtocols << true; - QTest::newRow("tls1.0-secure") << QSsl::TlsV1_0 << QSsl::SecureProtocols << false; - QTest::newRow("tls1.0-any") << QSsl::TlsV1_0 << QSsl::AnyProtocol << true; + QTest::newRow("tls1.0-secure") << Test::TlsV1_0 << QSsl::SecureProtocols << false; + QTest::newRow("tls1.0-any") << Test::TlsV1_0 << QSsl::AnyProtocol << true; - QTest::newRow("secure-tls1.0") << QSsl::SecureProtocols << QSsl::TlsV1_0 << false; + QTest::newRow("secure-tls1.0") << QSsl::SecureProtocols << Test::TlsV1_0 << false; QTest::newRow("secure-any") << QSsl::SecureProtocols << QSsl::AnyProtocol << true; - QTest::newRow("tls1.0orlater-tls1.0") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_0 << true; - QTest::newRow("tls1.0orlater-tls1.1") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_1 << true; - QTest::newRow("tls1.0orlater-tls1.2") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_2 << true; + QTest::newRow("tls1.0orlater-tls1.0") << Test::TlsV1_0OrLater << Test::TlsV1_0 << true; + QTest::newRow("tls1.0orlater-tls1.1") << Test::TlsV1_0OrLater << Test::TlsV1_1 << true; + QTest::newRow("tls1.0orlater-tls1.2") << Test::TlsV1_0OrLater << QSsl::TlsV1_2 << true; if (supportsTls13()) - QTest::newRow("tls1.0orlater-tls1.3") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_3 << true; + QTest::newRow("tls1.0orlater-tls1.3") << Test::TlsV1_0OrLater << QSsl::TlsV1_3 << true; - QTest::newRow("tls1.1orlater-tls1.0") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_0 << false; - QTest::newRow("tls1.1orlater-tls1.1") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_1 << true; - QTest::newRow("tls1.1orlater-tls1.2") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_2 << true; + QTest::newRow("tls1.1orlater-tls1.0") << Test::TlsV1_1OrLater << Test::TlsV1_0 << false; + QTest::newRow("tls1.1orlater-tls1.1") << Test::TlsV1_1OrLater << Test::TlsV1_1 << true; + QTest::newRow("tls1.1orlater-tls1.2") << Test::TlsV1_1OrLater << QSsl::TlsV1_2 << true; if (supportsTls13()) - QTest::newRow("tls1.1orlater-tls1.3") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_3 << true; + QTest::newRow("tls1.1orlater-tls1.3") << Test::TlsV1_1OrLater << QSsl::TlsV1_3 << true; - QTest::newRow("tls1.2orlater-tls1.0") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_0 << false; - QTest::newRow("tls1.2orlater-tls1.1") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_1 << false; + QTest::newRow("tls1.2orlater-tls1.0") << QSsl::TlsV1_2OrLater << Test::TlsV1_0 << false; + QTest::newRow("tls1.2orlater-tls1.1") << QSsl::TlsV1_2OrLater << Test::TlsV1_1 << false; QTest::newRow("tls1.2orlater-tls1.2") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_2 << true; if (supportsTls13()) { QTest::newRow("tls1.2orlater-tls1.3") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_3 << true; - QTest::newRow("tls1.3orlater-tls1.0") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_0 << false; - QTest::newRow("tls1.3orlater-tls1.1") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_1 << false; + QTest::newRow("tls1.3orlater-tls1.0") << QSsl::TlsV1_3OrLater << Test::TlsV1_0 << false; + QTest::newRow("tls1.3orlater-tls1.1") << QSsl::TlsV1_3OrLater << Test::TlsV1_1 << false; QTest::newRow("tls1.3orlater-tls1.2") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_2 << false; QTest::newRow("tls1.3orlater-tls1.3") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_3 << true; } - QTest::newRow("any-tls1.0") << QSsl::AnyProtocol << QSsl::TlsV1_0 << true; + QTest::newRow("any-tls1.0") << QSsl::AnyProtocol << Test::TlsV1_0 << true; QTest::newRow("any-secure") << QSsl::AnyProtocol << QSsl::SecureProtocols << true; } @@ -1678,7 +1691,7 @@ void tst_QSslSocket::serverCipherPreferences() // First using the default (server preference) { SslServer server; - server.protocol = QSsl::TlsV1_0; + server.protocol = Test::TlsV1_0; server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")}; QVERIFY(server.listen()); @@ -1689,7 +1702,7 @@ void tst_QSslSocket::serverCipherPreferences() socket = &client; auto sslConfig = socket->sslConfiguration(); - sslConfig.setProtocol(QSsl::TlsV1_0OrLater); + sslConfig.setProtocol(Test::TlsV1_0OrLater); sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")}); socket->setSslConfiguration(sslConfig); @@ -1712,7 +1725,7 @@ void tst_QSslSocket::serverCipherPreferences() QSslConfiguration config = QSslConfiguration::defaultConfiguration(); config.setSslOption(QSsl::SslOptionDisableServerCipherPreference, true); server.config = config; - server.protocol = QSsl::TlsV1_0OrLater; + server.protocol = Test::TlsV1_0OrLater; server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")}; QVERIFY(server.listen()); @@ -1723,7 +1736,7 @@ void tst_QSslSocket::serverCipherPreferences() socket = &client; auto sslConfig = socket->sslConfiguration(); - sslConfig.setProtocol(QSsl::TlsV1_0); + sslConfig.setProtocol(Test::TlsV1_0); sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")}); socket->setSslConfiguration(sslConfig); @@ -1913,7 +1926,7 @@ void tst_QSslSocket::setSslConfiguration() QFETCH(QSslConfiguration, configuration); socket->setSslConfiguration(configuration); if (isTestingSchannel) // old certificate not supported with TLS 1.2 - socket->setProtocol(QSsl::SslProtocol::TlsV1_1); + socket->setProtocol(Test::TlsV1_1); this->socket = socket.data(); socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); @@ -1973,7 +1986,7 @@ void tst_QSslSocket::waitForConnectedEncryptedReadyRead() // Set TLS 1.0 or above because the server doesn't support TLS 1.2 or above // QTQAINFRA-4499 QSslConfiguration config = socket->sslConfiguration(); - config.setProtocol(QSsl::TlsV1_0OrLater); + config.setProtocol(Test::TlsV1_0OrLater); socket->setSslConfiguration(config); connect(this->socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); @@ -2642,7 +2655,7 @@ void tst_QSslSocket::verifyMode() QSslSocket socket; if (isTestingSchannel) // old certificate not supported with TLS 1.2 - socket.setProtocol(QSsl::SslProtocol::TlsV1_1); + socket.setProtocol(Test::TlsV1_1); QCOMPARE(socket.peerVerifyMode(), QSslSocket::AutoVerifyPeer); socket.setPeerVerifyMode(QSslSocket::VerifyNone); @@ -2984,7 +2997,7 @@ void tst_QSslSocket::readFromClosedSocket() { QSslSocketPtr socket = newSocket(); if (isTestingSchannel) // old certificate not supported with TLS 1.2 - socket->setProtocol(QSsl::SslProtocol::TlsV1_1); + socket->setProtocol(Test::TlsV1_1); socket->ignoreSslErrors(); socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); @@ -3148,7 +3161,7 @@ void tst_QSslSocket::resume() // Set TLS 1.0 or above because the server doesn't support TLS 1.2 or above // QTQAINFRA-4499 QSslConfiguration config = socket.sslConfiguration(); - config.setProtocol(QSsl::TlsV1_0OrLater); + config.setProtocol(Test::TlsV1_0OrLater); socket.setSslConfiguration(config); QSignalSpy sslErrorSpy(&socket, SIGNAL(sslErrors(QList<QSslError>))); @@ -3483,7 +3496,7 @@ void tst_QSslSocket::dhServerCustomParamsNull() SslServer server; server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")}; - server.protocol = QSsl::TlsV1_0; + server.protocol = Test::TlsV1_0; QSslConfiguration cfg = server.config; cfg.setDiffieHellmanParameters(QSslDiffieHellmanParameters()); @@ -3496,7 +3509,7 @@ void tst_QSslSocket::dhServerCustomParamsNull() QSslSocket client; QSslConfiguration config = client.sslConfiguration(); - config.setProtocol(QSsl::TlsV1_0); + config.setProtocol(Test::TlsV1_0); client.setSslConfiguration(config); socket = &client; connect(socket, SIGNAL(errorOccurred(QAbstractSocket::SocketError)), &loop, SLOT(quit())); @@ -3679,7 +3692,7 @@ void tst_QSslSocket::verifyClientCertificate() } SslServer server; - server.protocol = QSsl::TlsV1_0; + server.protocol = Test::TlsV1_0; server.addCaCertificates = testDataDir + "certs/bogus-ca.crt"; server.ignoreSslErrors = false; server.peerVerifyMode = peerVerifyMode; @@ -3694,7 +3707,7 @@ void tst_QSslSocket::verifyClientCertificate() client.setLocalCertificateChain(clientCerts); client.setPrivateKey(clientKey); QSslConfiguration config = client.sslConfiguration(); - config.setProtocol(QSsl::TlsV1_0OrLater); + config.setProtocol(Test::TlsV1_0OrLater); client.setSslConfiguration(config); socket = &client; @@ -4452,7 +4465,7 @@ void tst_QSslSocket::signatureAlgorithm_data() // signature algorithms do not match, but are ignored because the tls version is not v1.2 QTest::newRow("client_ignore_TlsV1_1") << QByteArrayList({rsaSha256}) - << QSsl::TlsV1_1 + << Test::TlsV1_1 << QByteArrayList({rsaSha512}) << QSsl::AnyProtocol << QAbstractSocket::ConnectedState; @@ -4460,11 +4473,11 @@ void tst_QSslSocket::signatureAlgorithm_data() << QByteArrayList({rsaSha256}) << QSsl::AnyProtocol << QByteArrayList({rsaSha512}) - << QSsl::TlsV1_1 + << Test::TlsV1_1 << QAbstractSocket::ConnectedState; QTest::newRow("client_ignore_TlsV1_0") << QByteArrayList({rsaSha256}) - << QSsl::TlsV1_0 + << Test::TlsV1_0 << QByteArrayList({rsaSha512}) << QSsl::AnyProtocol << QAbstractSocket::ConnectedState; @@ -4472,7 +4485,7 @@ void tst_QSslSocket::signatureAlgorithm_data() << QByteArrayList({rsaSha256}) << QSsl::AnyProtocol << QByteArrayList({rsaSha512}) - << QSsl::TlsV1_0 + << Test::TlsV1_0 << QAbstractSocket::ConnectedState; } @@ -4541,9 +4554,9 @@ void tst_QSslSocket::forwardReadChannelFinished() void tst_QSslSocket::unsupportedProtocols_data() { QTest::addColumn<QSsl::SslProtocol>("unsupportedProtocol"); - QTest::newRow("DtlsV1_0") << QSsl::DtlsV1_0; + QTest::newRow("DtlsV1_0") << Test::DtlsV1_0; QTest::newRow("DtlsV1_2") << QSsl::DtlsV1_2; - QTest::newRow("DtlsV1_0OrLater") << QSsl::DtlsV1_0OrLater; + QTest::newRow("DtlsV1_0OrLater") << Test::DtlsV1_0OrLater; QTest::newRow("DtlsV1_2OrLater") << QSsl::DtlsV1_2OrLater; QTest::newRow("UnknownProtocol") << QSsl::UnknownProtocol; } @@ -4615,13 +4628,13 @@ void tst_QSslSocket::oldErrorsOnSocketReuse() if (setProxy) return; // not relevant SslServer server; - server.protocol = QSsl::TlsV1_1; + server.protocol = Test::TlsV1_1; server.m_certFile = testDataDir + "certs/fluke.cert"; server.m_keyFile = testDataDir + "certs/fluke.key"; QVERIFY(server.listen(QHostAddress::SpecialAddress::LocalHost)); QSslSocket socket; - socket.setProtocol(QSsl::TlsV1_1); + socket.setProtocol(Test::TlsV1_1); QList<QSslError> errorList; auto connection = connect(&socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), [&socket, &errorList](const QList<QSslError> &errors) { |