Merge remote-tracking branch 'origin/5.9' into dev

Conflicts: examples/examples.pro tests/auto/corelib/tools/qchar/tst_qchar.cpp tests/auto/other/qaccessibility/accessiblewidgets.h Change-Id: I426696c40ab57d14dc295b8103152cede79f244c
author: Liang Qi <liang.qi@qt.io> 2017-03-28 09:23:03 +0200
committer: Liang Qi <liang.qi@qt.io> 2017-03-28 09:28:31 +0200
commit: b48a13fd6843e12b5725aa3ff0d010007e7c43b4 (patch)
tree: 316cfe36fc67906efcd92ff806c7c0da56ed4f8e /tests/auto/network
parent: 3398d9d40cb0dae2dc2a1a4f7dc3b4b9cceae903 (diff)
parent: 15fe60cfdada84ea519f08e905d59cc3fb6d20cd (diff)
2 files changed, 37 insertions, 0 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/certs/xn--schufele-2za.crt b/tests/auto/network/ssl/qsslsocket/certs/xn--schufele-2za.crt
new file mode 100644
index 0000000000..b34847b8d2
--- /dev/null
+++ b/tests/auto/network/ssl/qsslsocket/certs/xn--schufele-2za.crt
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBfTCCASegAwIBAgIJANTX9XvqKXllMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
+BAMMDyouU0NIw4RVRkVMRS5ERTAeFw0xNzAzMDcwOTIwMzZaFw0xNzA0MDYwOTIw
+MzZaMBoxGDAWBgNVBAMMDyouU0NIw4RVRkVMRS5ERTBcMA0GCSqGSIb3DQEBAQUA
+A0sAMEgCQQDZGJFl85dMxps7EryuNyP1apWrBqp7mlwgfbCN9wboyUZBLCWM58UK
+6oJPg0X19IJUv3UTxD8GH7qQteCXPl4bAgMBAAGjUDBOMB0GA1UdDgQWBBSLuHtk
+CfEpYnW5Rw7XcO53P/1+jDAfBgNVHSMEGDAWgBSLuHtkCfEpYnW5Rw7XcO53P/1+
+jDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EAXrGVzhGlekW5Zm78tASr
+5lTF6wn3klqvd2zTqTKuAKWAuBNX46p79g8OGsfY76X9M+/RbUYa7h5BuTL9b45K
+dw==
+-----END CERTIFICATE-----
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index ba02af1d47..f44e5261dd 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -191,6 +191,7 @@ private slots:
     void supportedCiphers();
     void systemCaCertificates();
     void wildcardCertificateNames();
+    void isMatchingHostname();
     void wildcard();
     void setEmptyKey();
     void spontaneousWrite();
@@ -1687,10 +1688,15 @@ void tst_QSslSocket::wildcardCertificateNames()
 {
     // Passing CN matches
     QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("www.example.com"), QString("www.example.com")), true );
+    QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("WWW.EXAMPLE.COM"), QString("www.example.com")), true );
     QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("*.example.com"), QString("www.example.com")), true );
     QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("xxx*.example.com"), QString("xxxwww.example.com")), true );
     QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("f*.example.com"), QString("foo.example.com")), true );
     QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("192.168.0.0"), QString("192.168.0.0")), true );
+    QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("foo.éxample.com"), QString("foo.xn--xample-9ua.com")), true );
+    QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("*.éxample.com"), QString("foo.xn--xample-9ua.com")), true );
+    QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("xn--kcry6tjko.example.org"), QString("xn--kcry6tjko.example.org")), true);
+    QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("*.xn--kcry6tjko.example.org"), QString("xn--kcr.xn--kcry6tjko.example.org")), true);
 
     // Failing CN matches
     QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("xxx.example.com"), QString("www.example.com")), false );
@@ -1705,6 +1711,26 @@ void tst_QSslSocket::wildcardCertificateNames()
     QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString(""), QString("www")), false );
     QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("*"), QString("www")), false );
     QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("*.168.0.0"), QString("192.168.0.0")), false );
+    QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("xn--kcry6tjko*.example.org"), QString("xn--kcry6tjkoanc.example.org")), false );  // RFC 6125 §7.2
+    QCOMPARE( QSslSocketPrivate::isMatchingHostname(QString("å*.example.org"), QString("xn--la-xia.example.org")), false );
+}
+
+void tst_QSslSocket::isMatchingHostname()
+{
+    // with normalization:  (the certificate has *.SCHÄUFELE.DE as a CN)
+    // openssl req -x509 -nodes -subj "/CN=*.SCHÄUFELE.DE" -newkey rsa:512 -keyout /dev/null -out xn--schufele-2za.crt
+    QList<QSslCertificate> certs = QSslCertificate::fromPath(SRCDIR "certs/xn--schufele-2za.crt");
+    QVERIFY(!certs.isEmpty());
+    QSslCertificate cert = certs.first();
+
+    QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("WWW.SCHÄUFELE.DE")), true);
+    QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("www.xn--schufele-2za.de")), true);
+    QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("www.schäufele.de")), true);
+    QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("föo.schäufele.de")), true);
+
+    QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("foo.foo.xn--schufele-2za.de")), false);
+    QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("www.schaufele.de")), false);
+    QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("www.schufele.de")), false);
 }
 
 void tst_QSslSocket::wildcard()
author	Liang Qi <liang.qi@qt.io>	2017-03-28 09:23:03 +0200
committer	Liang Qi <liang.qi@qt.io>	2017-03-28 09:28:31 +0200
commit	b48a13fd6843e12b5725aa3ff0d010007e7c43b4 (patch)
tree	316cfe36fc67906efcd92ff806c7c0da56ed4f8e /tests/auto/network
parent	3398d9d40cb0dae2dc2a1a4f7dc3b4b9cceae903 (diff)
parent	15fe60cfdada84ea519f08e905d59cc3fb6d20cd (diff)