diff options
-rw-r--r-- | src/network/ssl/qdtls.cpp | 36 | ||||
-rw-r--r-- | src/network/ssl/qdtls_openssl.cpp | 8 | ||||
-rw-r--r-- | src/network/ssl/qdtls_p.h | 2 | ||||
-rw-r--r-- | tests/auto/network/ssl/qdtls/tst_qdtls.cpp | 6 |
4 files changed, 24 insertions, 28 deletions
diff --git a/src/network/ssl/qdtls.cpp b/src/network/ssl/qdtls.cpp index 3759662505..e27bca51b9 100644 --- a/src/network/ssl/qdtls.cpp +++ b/src/network/ssl/qdtls.cpp @@ -333,19 +333,6 @@ QT_BEGIN_NAMESPACE -static bool isDtlsProtocol(QSsl::SslProtocol protocol) -{ - switch (protocol) { - case QSsl::DtlsV1_0: - case QSsl::DtlsV1_0OrLater: - case QSsl::DtlsV1_2: - case QSsl::DtlsV1_2OrLater: - return true; - default: - return false; - } -} - QSslConfiguration QDtlsBasePrivate::configuration() const { auto copyPrivate = new QSslConfigurationPrivate(dtlsConfiguration); @@ -368,7 +355,6 @@ void QDtlsBasePrivate::setConfiguration(const QSslConfiguration &configuration) dtlsConfiguration.caCertificates = configuration.caCertificates(); dtlsConfiguration.peerVerifyDepth = configuration.peerVerifyDepth(); dtlsConfiguration.peerVerifyMode = configuration.peerVerifyMode(); - Q_ASSERT(isDtlsProtocol(configuration.protocol())); dtlsConfiguration.protocol = configuration.protocol(); dtlsConfiguration.sslOptions = configuration.d->sslOptions; dtlsConfiguration.sslSession = configuration.sessionTicket(); @@ -398,6 +384,19 @@ bool QDtlsBasePrivate::setCookieGeneratorParameters(QCryptographicHash::Algorith return true; } +bool QDtlsBasePrivate::isDtlsProtocol(QSsl::SslProtocol protocol) +{ + switch (protocol) { + case QSsl::DtlsV1_0: + case QSsl::DtlsV1_0OrLater: + case QSsl::DtlsV1_2: + case QSsl::DtlsV1_2OrLater: + return true; + default: + return false; + } +} + static QString msgUnsupportedMulticastAddress() { return QDtls::tr("Multicast and broadcast addresses are not supported"); @@ -755,13 +754,8 @@ bool QDtls::setDtlsConfiguration(const QSslConfiguration &configuration) return false; } - if (isDtlsProtocol(configuration.protocol())) { - d->setConfiguration(configuration); - return true; - } - - d->setDtlsError(QDtlsError::InvalidInputParameters, tr("Unsupported protocol")); - return false; + d->setConfiguration(configuration); + return true; } /*! diff --git a/src/network/ssl/qdtls_openssl.cpp b/src/network/ssl/qdtls_openssl.cpp index a8f6ebcf7f..9b11f58f2f 100644 --- a/src/network/ssl/qdtls_openssl.cpp +++ b/src/network/ssl/qdtls_openssl.cpp @@ -721,7 +721,13 @@ bool DtlsState::initCtxAndConnection(QDtlsBasePrivate *dtlsBase) return false; } - // create a deep copy of our configuration + if (!QDtlsBasePrivate::isDtlsProtocol(dtlsBase->dtlsConfiguration.protocol)) { + dtlsBase->setDtlsError(QDtlsError::TlsInitializationError, + QDtls::tr("Invalid protocol version, DTLS protocol expected")); + return false; + } + + // Create a deep copy of our configuration auto configurationCopy = new QSslConfigurationPrivate(dtlsBase->dtlsConfiguration); configurationCopy->ref.store(0); // the QSslConfiguration constructor refs up diff --git a/src/network/ssl/qdtls_p.h b/src/network/ssl/qdtls_p.h index ca4af0d129..bdc001502b 100644 --- a/src/network/ssl/qdtls_p.h +++ b/src/network/ssl/qdtls_p.h @@ -96,6 +96,8 @@ public: bool setCookieGeneratorParameters(QCryptographicHash::Algorithm alg, const QByteArray &secret); + static bool isDtlsProtocol(QSsl::SslProtocol protocol); + QHostAddress remoteAddress; quint16 remotePort = 0; quint16 mtuHint = 0; diff --git a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp index 3a2c16ea66..6ca4ca9b92 100644 --- a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp +++ b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp @@ -284,12 +284,6 @@ void tst_QDtls::configuration() QFETCH(const QSslSocket::SslMode, mode); QDtls dtls(mode); QCOMPARE(dtls.dtlsConfiguration(), config); - // Default TLS (no 'D') configuration has a wrong protocol version: - QCOMPARE(dtls.setDtlsConfiguration(QSslConfiguration::defaultConfiguration()), false); - QCOMPARE(dtls.dtlsError(), QDtlsError::InvalidInputParameters); - // The previous failure did not change our default configuration: - QCOMPARE(dtls.dtlsConfiguration(), config); - // Now set a valid (non-default) configuration: config.setProtocol(QSsl::DtlsV1_0OrLater); config.setDtlsCookieVerificationEnabled(false); QCOMPARE(config.dtlsCookieVerificationEnabled(), false); |