diff options
Diffstat (limited to 'src/network/access')
27 files changed, 930 insertions, 143 deletions
diff --git a/src/network/access/access.pri b/src/network/access/access.pri index 5806262ac2..e8669dcec8 100644 --- a/src/network/access/access.pri +++ b/src/network/access/access.pri @@ -37,7 +37,8 @@ HEADERS += \ access/qnetworkfile_p.h \ access/qhttp2protocolhandler_p.h \ access/qhsts_p.h \ - access/qhstspolicy.h + access/qhstspolicy.h \ + access/qhstsstore_p.h SOURCES += \ access/qhttpnetworkheader.cpp \ @@ -69,7 +70,8 @@ SOURCES += \ access/qnetworkfile.cpp \ access/qhttp2protocolhandler.cpp \ access/qhsts.cpp \ - access/qhstspolicy.cpp + access/qhstspolicy.cpp \ + access/qhstsstore.cpp qtConfig(ftp) { HEADERS += \ diff --git a/src/network/access/http2/http2frames.cpp b/src/network/access/http2/http2frames.cpp index 5a684c2f41..e695b4dd9e 100644 --- a/src/network/access/http2/http2frames.cpp +++ b/src/network/access/http2/http2frames.cpp @@ -361,6 +361,12 @@ FrameWriter::FrameWriter(FrameType type, FrameFlags flags, quint32 streamID) start(type, flags, streamID); } +void FrameWriter::setOutboundFrame(Frame &&newFrame) +{ + frame = std::move(newFrame); + updatePayloadSize(); +} + void FrameWriter::start(FrameType type, FrameFlags flags, quint32 streamID) { auto &buffer = frame.buffer; diff --git a/src/network/access/http2/http2frames_p.h b/src/network/access/http2/http2frames_p.h index e5f6d46c67..4bdc775806 100644 --- a/src/network/access/http2/http2frames_p.h +++ b/src/network/access/http2/http2frames_p.h @@ -129,6 +129,8 @@ public: return frame; } + void setOutboundFrame(Frame &&newFrame); + // Frame 'builders': void start(FrameType type, FrameFlags flags, quint32 streamID); void setPayloadSize(quint32 size); diff --git a/src/network/access/http2/http2protocol.cpp b/src/network/access/http2/http2protocol.cpp index 7f788a6f42..f51af4be5c 100644 --- a/src/network/access/http2/http2protocol.cpp +++ b/src/network/access/http2/http2protocol.cpp @@ -37,9 +37,14 @@ ** ****************************************************************************/ -#include <QtCore/qstring.h> - #include "http2protocol_p.h" +#include "http2frames_p.h" + +#include "private/qhttpnetworkrequest_p.h" +#include "private/qhttpnetworkreply_p.h" + +#include <QtCore/qbytearray.h> +#include <QtCore/qstring.h> QT_BEGIN_NAMESPACE @@ -57,6 +62,131 @@ const char Http2clientPreface[clientPrefaceLength] = 0x2e, 0x30, 0x0d, 0x0a, 0x0d, 0x0a, 0x53, 0x4d, 0x0d, 0x0a, 0x0d, 0x0a}; +// TODO: (in 5.11) - remove it! +const char *http2ParametersPropertyName = "QT_HTTP2_PARAMETERS_PROPERTY"; + +ProtocolParameters::ProtocolParameters() +{ + settingsFrameData[Settings::INITIAL_WINDOW_SIZE_ID] = qtDefaultStreamReceiveWindowSize; + settingsFrameData[Settings::ENABLE_PUSH_ID] = 0; +} + +bool ProtocolParameters::validate() const +{ + // 0. Huffman/indexing: any values are valid and allowed. + + // 1. Session receive window size (client side): HTTP/2 starts from the + // default value of 64Kb, if a client code tries to set lesser value, + // the delta would become negative, but this is not allowed. + if (maxSessionReceiveWindowSize < qint32(defaultSessionWindowSize)) { + qCWarning(QT_HTTP2, "Session receive window must be at least 65535 bytes"); + return false; + } + + // 2. HEADER_TABLE_SIZE: we do not validate HEADER_TABLE_SIZE, considering + // all values as valid. RFC 7540 and 7541 do not provide any lower/upper + // limits. If it's 0 - we do not index anything, if it's too huge - a user + // who provided such a value can potentially have a huge memory footprint, + // up to them to decide. + + // 3. SETTINGS_ENABLE_PUSH: RFC 7540, 6.5.2, a value other than 0 or 1 will + // be treated by our peer as a PROTOCOL_ERROR. + if (settingsFrameData.contains(Settings::ENABLE_PUSH_ID) + && settingsFrameData[Settings::ENABLE_PUSH_ID] > 1) { + qCWarning(QT_HTTP2, "SETTINGS_ENABLE_PUSH can be only 0 or 1"); + return false; + } + + // 4. SETTINGS_MAX_CONCURRENT_STREAMS : RFC 7540 recommends 100 as the lower + // limit, says nothing about the upper limit. The RFC allows 0, but this makes + // no sense to us at all: there is no way a user can change this later and + // we'll not be able to get any responses on such a connection. + if (settingsFrameData.contains(Settings::MAX_CONCURRENT_STREAMS_ID) + && !settingsFrameData[Settings::MAX_CONCURRENT_STREAMS_ID]) { + qCWarning(QT_HTTP2, "MAX_CONCURRENT_STREAMS must be a positive number"); + return false; + } + + // 5. SETTINGS_INITIAL_WINDOW_SIZE. + if (settingsFrameData.contains(Settings::INITIAL_WINDOW_SIZE_ID)) { + const quint32 value = settingsFrameData[Settings::INITIAL_WINDOW_SIZE_ID]; + // RFC 7540, 6.5.2 (the upper limit). The lower limit is our own - we send + // SETTINGS frame only once and will not be able to change this 0, thus + // we'll suspend all streams. + if (!value || value > quint32(maxSessionReceiveWindowSize)) { + qCWarning(QT_HTTP2, "INITIAL_WINDOW_SIZE must be in the range " + "(0, 2^31-1]"); + return false; + } + } + + // 6. SETTINGS_MAX_FRAME_SIZE: RFC 7540, 6.5.2, a value outside of the range + // [2^14-1, 2^24-1] will be treated by our peer as a PROTOCOL_ERROR. + if (settingsFrameData.contains(Settings::MAX_FRAME_SIZE_ID)) { + const quint32 value = settingsFrameData[Settings::INITIAL_WINDOW_SIZE_ID]; + if (value < maxFrameSize || value > maxPayloadSize) { + qCWarning(QT_HTTP2, "MAX_FRAME_SIZE must be in the range [2^14, 2^24-1]"); + return false; + } + } + + // For SETTINGS_MAX_HEADER_LIST_SIZE RFC 7540 does not provide any specific + // numbers. It's clear, if a value is too small, no header can ever be sent + // by our peer at all. The default value is unlimited and we normally do not + // change this. + // + // Note: the size is calculated as the length of uncompressed (no HPACK) + // name + value + 32 bytes. + + return true; +} + +QByteArray ProtocolParameters::settingsFrameToBase64() const +{ + Frame frame(settingsFrame()); + // SETTINGS frame's payload consists of pairs: + // 2-byte-identifier | 4-byte-value == multiple of 6. + Q_ASSERT(frame.payloadSize() && !(frame.payloadSize() % 6)); + const char *src = reinterpret_cast<const char *>(frame.dataBegin()); + const QByteArray wrapper(QByteArray::fromRawData(src, int(frame.dataSize()))); + // 3.2.1 + // The content of the HTTP2-Settings header field is the payload + // of a SETTINGS frame (Section 6.5), encoded as a base64url string + // (that is, the URL- and filename-safe Base64 encoding described in + // Section 5 of [RFC4648], with any trailing '=' characters omitted). + return wrapper.toBase64(QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals); +} + +Frame ProtocolParameters::settingsFrame() const +{ + // 6.5 SETTINGS + FrameWriter builder(FrameType::SETTINGS, FrameFlag::EMPTY, connectionStreamID); + for (auto it = settingsFrameData.cbegin(), end = settingsFrameData.cend(); + it != end; ++it) { + builder.append(it.key()); + builder.append(it.value()); + } + + return builder.outboundFrame(); +} + +void ProtocolParameters::addProtocolUpgradeHeaders(QHttpNetworkRequest *request) const +{ + Q_ASSERT(request); + // RFC 2616, 14.10 + // RFC 7540, 3.2 + QByteArray value(request->headerField("Connection")); + // We _append_ 'Upgrade': + if (value.size()) + value += ", "; + + value += "Upgrade, HTTP2-Settings"; + request->setHeaderField("Connection", value); + // This we just (re)write. + request->setHeaderField("Upgrade", "h2c"); + // This we just (re)write. + request->setHeaderField("HTTP2-Settings", settingsFrameToBase64()); +} void qt_error(quint32 errorCode, QNetworkReply::NetworkError &error, QString &errorMessage) @@ -151,6 +281,20 @@ QNetworkReply::NetworkError qt_error(quint32 errorCode) return error; } +bool is_protocol_upgraded(const QHttpNetworkReply &reply) +{ + if (reply.statusCode() == 101) { + // Do some minimal checks here - we expect 'Upgrade: h2c' to be found. + const auto &header = reply.header(); + for (const QPair<QByteArray, QByteArray> &field : header) { + if (field.first.toLower() == "upgrade" && field.second.toLower() == "h2c") + return true; + } + } + + return false; } +} // namespace Http2 + QT_END_NAMESPACE diff --git a/src/network/access/http2/http2protocol_p.h b/src/network/access/http2/http2protocol_p.h index 5d730404bb..f7a89859d3 100644 --- a/src/network/access/http2/http2protocol_p.h +++ b/src/network/access/http2/http2protocol_p.h @@ -53,12 +53,16 @@ #include <QtNetwork/qnetworkreply.h> #include <QtCore/qloggingcategory.h> +#include <QtCore/qmetatype.h> #include <QtCore/qglobal.h> // Different HTTP/2 constants/values as defined by RFC 7540. QT_BEGIN_NAMESPACE +class QHttpNetworkRequest; +class QHttpNetworkReply; +class QByteArray; class QString; namespace Http2 @@ -127,10 +131,61 @@ enum Http2PredefinedParameters maxConcurrentStreams = 100 // HTTP/2, 6.5.2 }; -// It's int, it has internal linkage, it's ok to have it in headers - -// no ODR violation is possible. +// These are ints, const, they have internal linkage, it's ok to have them in +// headers - no ODR violation. const quint32 lastValidStreamID((quint32(1) << 31) - 1); // HTTP/2, 5.1.1 +// The default size of 64K is too small and limiting: if we use it, we end up +// sending WINDOW_UPDATE frames on a stream/session all the time, for each +// 2 DATE frames of size 16K (also default) we'll send a WINDOW_UPDATE frame +// for a given stream and have a download speed order of magnitude lower than +// our own HTTP/1.1 protocol handler. We choose a bigger window size: normally, +// HTTP/2 servers are not afraid to immediately set it to the possible max, +// we do the same and split this window size between our concurrent streams. +const qint32 maxSessionReceiveWindowSize((quint32(1) << 31) - 1); +const qint32 qtDefaultStreamReceiveWindowSize = maxSessionReceiveWindowSize / maxConcurrentStreams; + +// The class ProtocolParameters allows client code to customize HTTP/2 protocol +// handler, if needed. Normally, we use our own default parameters (see below). +// In 5.10 we can also use setProperty/property on a QNAM object to pass the +// non-default values to the protocol handler. In 5.11 this will probably become +// a public API. + +using RawSettings = QMap<Settings, quint32>; + +struct Q_AUTOTEST_EXPORT ProtocolParameters +{ + ProtocolParameters(); + + bool validate() const; + QByteArray settingsFrameToBase64() const; + struct Frame settingsFrame() const; + void addProtocolUpgradeHeaders(QHttpNetworkRequest *request) const; + + // HPACK: + // TODO: for now we ignore them (fix it for 5.11, would require changes in HPACK) + bool useHuffman = true; + bool indexStrings = true; + + // This parameter is not negotiated via SETTINGS frames, so we have it + // as a member and will convey it to our peer as a WINDOW_UPDATE frame: + qint32 maxSessionReceiveWindowSize = Http2::maxSessionReceiveWindowSize; + + // This is our default SETTINGS frame: + // + // SETTINGS_INITIAL_WINDOW_SIZE: (2^31 - 1) / 100 + // SETTINGS_ENABLE_PUSH: 0. + // + // Note, whenever we skip some value in our SETTINGS frame, our peer + // will assume the defaults recommended by RFC 7540, which in general + // are good enough, although we (and most browsers) prefer to work + // with larger window sizes. + RawSettings settingsFrameData; +}; + +// TODO: remove in 5.11 +extern const Q_AUTOTEST_EXPORT char *http2ParametersPropertyName; + extern const Q_AUTOTEST_EXPORT char Http2clientPreface[clientPrefaceLength]; enum class FrameStatus @@ -169,11 +224,15 @@ enum Http2Error void qt_error(quint32 errorCode, QNetworkReply::NetworkError &error, QString &errorString); QString qt_error_string(quint32 errorCode); QNetworkReply::NetworkError qt_error(quint32 errorCode); +bool is_protocol_upgraded(const QHttpNetworkReply &reply); -} +} // namespace Http2 Q_DECLARE_LOGGING_CATEGORY(QT_HTTP2) QT_END_NAMESPACE +Q_DECLARE_METATYPE(Http2::Settings) +Q_DECLARE_METATYPE(Http2::ProtocolParameters) + #endif diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp index ca9f3b977b..6a731afc2f 100644 --- a/src/network/access/qhsts.cpp +++ b/src/network/access/qhsts.cpp @@ -37,6 +37,7 @@ ** ****************************************************************************/ +#include "qhstsstore_p.h" #include "qhsts_p.h" #include "QtCore/private/qipaddress_p.h" @@ -80,14 +81,24 @@ void QHstsCache::updateFromHeaders(const QList<QPair<QByteArray, QByteArray>> &h return; QHstsHeaderParser parser; - if (parser.parse(headers)) + if (parser.parse(headers)) { updateKnownHost(url.host(), parser.expirationDate(), parser.includeSubDomains()); + if (hstsStore) + hstsStore->synchronize(); + } } void QHstsCache::updateFromPolicies(const QVector<QHstsPolicy> &policies) { for (const auto &policy : policies) updateKnownHost(policy.host(), policy.expiry(), policy.includesSubDomains()); + + if (hstsStore && policies.size()) { + // These policies are coming either from store or from QNAM's setter + // function. As a result we can notice expired or new policies, time + // to sync ... + hstsStore->synchronize(); + } } void QHstsCache::updateKnownHost(const QUrl &url, const QDateTime &expires, @@ -97,6 +108,8 @@ void QHstsCache::updateKnownHost(const QUrl &url, const QDateTime &expires, return; updateKnownHost(url.host(), expires, includeSubDomains); + if (hstsStore) + hstsStore->synchronize(); } void QHstsCache::updateKnownHost(const QString &host, const QDateTime &expires, @@ -124,13 +137,20 @@ void QHstsCache::updateKnownHost(const QString &host, const QDateTime &expires, } knownHosts.insert(pos, hostName, newPolicy); + if (hstsStore) + hstsStore->addToObserved(newPolicy); return; } if (newPolicy.isExpired()) knownHosts.erase(pos); - else + else if (*pos != newPolicy) *pos = std::move(newPolicy); + else + return; + + if (hstsStore) + hstsStore->addToObserved(newPolicy); } bool QHstsCache::isKnownHost(const QUrl &url) const @@ -165,10 +185,15 @@ bool QHstsCache::isKnownHost(const QUrl &url) const while (nameToTest.fragment.size()) { auto const pos = knownHosts.find(nameToTest); if (pos != knownHosts.end()) { - if (pos.value().isExpired()) + if (pos.value().isExpired()) { knownHosts.erase(pos); - else if (!superDomainMatch || pos.value().includesSubDomains()) + if (hstsStore) { + // Inform our store that this policy has expired. + hstsStore->addToObserved(pos.value()); + } + } else if (!superDomainMatch || pos.value().includesSubDomains()) { return true; + } } const int dot = nameToTest.fragment.indexOf(QLatin1Char('.')); @@ -196,6 +221,34 @@ QVector<QHstsPolicy> QHstsCache::policies() const return values; } +void QHstsCache::setStore(QHstsStore *store) +{ + // Caller retains ownership of store, which must outlive this cache. + if (store != hstsStore) { + hstsStore = store; + + if (!hstsStore) + return; + + // First we augment our store with the policies we already know about + // (and thus the cached policy takes priority over whatever policy we + // had in the store for the same host, if any). + if (knownHosts.size()) { + const QVector<QHstsPolicy> observed(policies()); + for (const auto &policy : observed) + hstsStore->addToObserved(policy); + hstsStore->synchronize(); + } + + // Now we update the cache with anything we have not observed yet, but + // the store knows about (well, it can happen we synchronize again as a + // result if some policies managed to expire or if we add a new one + // from the store to cache): + const QVector<QHstsPolicy> restored(store->readPolicies()); + updateFromPolicies(restored); + } +} + // The parser is quite simple: 'nextToken' knowns exactly what kind of tokens // are valid and it will return false if something else was found; then // we immediately stop parsing. 'parseDirective' knows how these tokens can diff --git a/src/network/access/qhsts_p.h b/src/network/access/qhsts_p.h index ab3ca536fb..2feb73b446 100644 --- a/src/network/access/qhsts_p.h +++ b/src/network/access/qhsts_p.h @@ -51,6 +51,8 @@ // We mean it. // +#include <QtNetwork/private/qtnetworkglobal_p.h> + #include <QtNetwork/qhstspolicy.h> #include <QtCore/qbytearray.h> @@ -66,6 +68,8 @@ QT_BEGIN_NAMESPACE template<typename T> class QList; template <typename T> class QVector; +class QHstsStore; + class Q_AUTOTEST_EXPORT QHstsCache { public: @@ -80,6 +84,8 @@ public: QVector<QHstsPolicy> policies() const; + void setStore(QHstsStore *store); + private: void updateKnownHost(const QString &hostName, const QDateTime &expires, @@ -112,6 +118,7 @@ private: }; mutable QMap<HostName, QHstsPolicy> knownHosts; + QHstsStore *hstsStore = nullptr; }; class Q_AUTOTEST_EXPORT QHstsHeaderParser diff --git a/src/network/access/qhstsstore.cpp b/src/network/access/qhstsstore.cpp new file mode 100644 index 0000000000..6d7f60ba8d --- /dev/null +++ b/src/network/access/qhstsstore.cpp @@ -0,0 +1,202 @@ +/**************************************************************************** +** +** Copyright (C) 2017 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ +** +** This file is part of the QtNetwork module of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:LGPL$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and The Qt Company. For licensing terms +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. +** +** GNU Lesser General Public License Usage +** Alternatively, this file may be used under the terms of the GNU Lesser +** General Public License version 3 as published by the Free Software +** Foundation and appearing in the file LICENSE.LGPL3 included in the +** packaging of this file. Please review the following information to +** ensure the GNU Lesser General Public License version 3 requirements +** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 2.0 or (at your option) the GNU General +** Public license version 3 or any later version approved by the KDE Free +** Qt Foundation. The licenses are as published by the Free Software +** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-2.0.html and +** https://www.gnu.org/licenses/gpl-3.0.html. +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + +#include "qhstsstore_p.h" +#include "qhstspolicy.h" + +#include "qstandardpaths.h" +#include "qdatastream.h" +#include "qbytearray.h" +#include "qdatetime.h" +#include "qvariant.h" +#include "qstring.h" +#include "qdir.h" + +#include <utility> + +QT_BEGIN_NAMESPACE + +static QString host_name_to_settings_key(const QString &hostName) +{ + const QByteArray hostNameAsHex(hostName.toUtf8().toHex()); + return QString::fromLatin1(hostNameAsHex); +} + +static QString settings_key_to_host_name(const QString &key) +{ + const QByteArray hostNameAsUtf8(QByteArray::fromHex(key.toLatin1())); + return QString::fromUtf8(hostNameAsUtf8); +} + +QHstsStore::QHstsStore(const QString &dirName) + : store(absoluteFilePath(dirName), QSettings::IniFormat) +{ + // Disable fallbacks, we do not want to use anything but our own ini file. + store.setFallbacksEnabled(false); +} + +QHstsStore::~QHstsStore() +{ + synchronize(); +} + +QVector<QHstsPolicy> QHstsStore::readPolicies() +{ + // This function only attempts to read policies, making no decision about + // expired policies. It's up to a user (QHstsCache) to mark these policies + // for deletion and sync the store later. But we immediately remove keys/values + // (if the store isWritable) for the policies that we fail to read. + QVector<QHstsPolicy> policies; + + beginHstsGroups(); + + const QStringList keys = store.childKeys(); + for (const auto &key : keys) { + QHstsPolicy restoredPolicy; + if (deserializePolicy(key, restoredPolicy)) { + restoredPolicy.setHost(settings_key_to_host_name(key)); + policies.push_back(std::move(restoredPolicy)); + } else if (isWritable()) { + evictPolicy(key); + } + } + + endHstsGroups(); + + return policies; +} + +void QHstsStore::addToObserved(const QHstsPolicy &policy) +{ + observedPolicies.push_back(policy); +} + +void QHstsStore::synchronize() +{ + if (!isWritable()) + return; + + if (observedPolicies.size()) { + beginHstsGroups(); + for (const QHstsPolicy &policy : qAsConst(observedPolicies)) { + const QString key(host_name_to_settings_key(policy.host())); + // If we fail to write a new, updated policy, we also remove the old one. + if (policy.isExpired() || !serializePolicy(key, policy)) + evictPolicy(key); + } + observedPolicies.clear(); + endHstsGroups(); + } + + store.sync(); +} + +bool QHstsStore::isWritable() const +{ + return store.isWritable(); +} + +QString QHstsStore::absoluteFilePath(const QString &dirName) +{ + const QDir dir(dirName.isEmpty() ? QStandardPaths::writableLocation(QStandardPaths::CacheLocation) + : dirName); + return dir.absoluteFilePath(QLatin1String("hstsstore")); +} + +void QHstsStore::beginHstsGroups() +{ + store.beginGroup(QLatin1String("StrictTransportSecurity")); + store.beginGroup(QLatin1String("Policies")); +} + +void QHstsStore::endHstsGroups() +{ + store.endGroup(); + store.endGroup(); +} + +bool QHstsStore::deserializePolicy(const QString &key, QHstsPolicy &policy) +{ + Q_ASSERT(store.contains(key)); + + const QVariant data(store.value(key)); + if (data.isNull() || !data.canConvert<QByteArray>()) + return false; + + const QByteArray serializedData(data.toByteArray()); + QDataStream streamer(serializedData); + qint64 expiryInMS = 0; + streamer >> expiryInMS; + if (streamer.status() != QDataStream::Ok) + return false; + bool includesSubDomains = false; + streamer >> includesSubDomains; + if (streamer.status() != QDataStream::Ok) + return false; + + policy.setExpiry(QDateTime::fromMSecsSinceEpoch(expiryInMS)); + policy.setIncludesSubDomains(includesSubDomains); + + return true; +} + +bool QHstsStore::serializePolicy(const QString &key, const QHstsPolicy &policy) +{ + Q_ASSERT(store.isWritable()); + + QByteArray serializedData; + QDataStream streamer(&serializedData, QIODevice::WriteOnly); + streamer << policy.expiry().toMSecsSinceEpoch(); + streamer << policy.includesSubDomains(); + + if (streamer.status() != QDataStream::Ok) + return false; + + store.setValue(key, serializedData); + return true; +} + +void QHstsStore::evictPolicy(const QString &key) +{ + Q_ASSERT(store.isWritable()); + if (store.contains(key)) + store.remove(key); +} + +QT_END_NAMESPACE diff --git a/src/network/access/qhstsstore_p.h b/src/network/access/qhstsstore_p.h new file mode 100644 index 0000000000..13042839c4 --- /dev/null +++ b/src/network/access/qhstsstore_p.h @@ -0,0 +1,93 @@ +/**************************************************************************** +** +** Copyright (C) 2017 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ +** +** This file is part of the QtNetwork module of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:LGPL$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and The Qt Company. For licensing terms +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. +** +** GNU Lesser General Public License Usage +** Alternatively, this file may be used under the terms of the GNU Lesser +** General Public License version 3 as published by the Free Software +** Foundation and appearing in the file LICENSE.LGPL3 included in the +** packaging of this file. Please review the following information to +** ensure the GNU Lesser General Public License version 3 requirements +** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 2.0 or (at your option) the GNU General +** Public license version 3 or any later version approved by the KDE Free +** Qt Foundation. The licenses are as published by the Free Software +** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-2.0.html and +** https://www.gnu.org/licenses/gpl-3.0.html. +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + +#ifndef QHSTSSTORE_P_H +#define QHSTSSTORE_P_H + +// +// W A R N I N G +// ------------- +// +// This file is not part of the Qt API. It exists for the convenience +// of the Network Access API. This header file may change from +// version to version without notice, or even be removed. +// +// We mean it. +// + +#include <QtNetwork/private/qtnetworkglobal_p.h> + +#include <QtCore/qsettings.h> +#include <QtCore/qvector.h> + +QT_BEGIN_NAMESPACE + +class QHstsPolicy; +class QByteArray; +class QString; + +class Q_AUTOTEST_EXPORT QHstsStore +{ +public: + explicit QHstsStore(const QString &dirName); + ~QHstsStore(); + + QVector<QHstsPolicy> readPolicies(); + void addToObserved(const QHstsPolicy &policy); + void synchronize(); + + bool isWritable() const; + + static QString absoluteFilePath(const QString &dirName); +private: + void beginHstsGroups(); + bool serializePolicy(const QString &key, const QHstsPolicy &policy); + bool deserializePolicy(const QString &key, QHstsPolicy &policy); + void evictPolicy(const QString &key); + void endHstsGroups(); + + QVector<QHstsPolicy> observedPolicies; + QSettings store; + + Q_DISABLE_COPY(QHstsStore) +}; + +QT_END_NAMESPACE + +#endif // QHSTSSTORE_P_H diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp index 9dfcec8311..42f1343c52 100644 --- a/src/network/access/qhttp2protocolhandler.cpp +++ b/src/network/access/qhttp2protocolhandler.cpp @@ -161,8 +161,6 @@ bool sum_will_overflow(qint32 windowSize, qint32 delta) using namespace Http2; const std::deque<quint32>::size_type QHttp2ProtocolHandler::maxRecycledStreams = 10000; -const qint32 QHttp2ProtocolHandler::sessionMaxRecvWindowSize; -const qint32 QHttp2ProtocolHandler::streamInitialRecvWindowSize; const quint32 QHttp2ProtocolHandler::maxAcceptableTableSize; QHttp2ProtocolHandler::QHttp2ProtocolHandler(QHttpNetworkConnectionChannel *channel) @@ -170,10 +168,47 @@ QHttp2ProtocolHandler::QHttp2ProtocolHandler(QHttpNetworkConnectionChannel *chan decoder(HPack::FieldLookupTable::DefaultSize), encoder(HPack::FieldLookupTable::DefaultSize, true) { + Q_ASSERT(channel && m_connection); + continuedFrames.reserve(20); - bool ok = false; - const int env = qEnvironmentVariableIntValue("QT_HTTP2_ENABLE_PUSH_PROMISE", &ok); - pushPromiseEnabled = ok && env; + + const ProtocolParameters params(m_connection->http2Parameters()); + Q_ASSERT(params.validate()); + + maxSessionReceiveWindowSize = params.maxSessionReceiveWindowSize; + + const RawSettings &data = params.settingsFrameData; + for (auto param = data.cbegin(), end = data.cend(); param != end; ++param) { + switch (param.key()) { + case Settings::INITIAL_WINDOW_SIZE_ID: + streamInitialReceiveWindowSize = param.value(); + break; + case Settings::ENABLE_PUSH_ID: + pushPromiseEnabled = param.value(); + break; + case Settings::HEADER_TABLE_SIZE_ID: + case Settings::MAX_CONCURRENT_STREAMS_ID: + case Settings::MAX_FRAME_SIZE_ID: + case Settings::MAX_HEADER_LIST_SIZE_ID: + // These other settings are just recommendations to our peer. We + // only check they are not crazy in ProtocolParameters::validate(). + default: + break; + } + } + + if (!channel->ssl) { + // We upgraded from HTTP/1.1 to HTTP/2. channel->request was already sent + // as HTTP/1.1 request. The response with status code 101 triggered + // protocol switch and now we are waiting for the real response, sent + // as HTTP/2 frames. + Q_ASSERT(channel->reply); + const quint32 initialStreamID = createNewStream(HttpMessagePair(channel->request, channel->reply), + true /* uploaded by HTTP/1.1 */); + Q_ASSERT(initialStreamID == 1); + Stream &stream = activeStreams[initialStreamID]; + stream.state = Stream::halfClosedLocal; + } } void QHttp2ProtocolHandler::_q_uploadDataReadyRead() @@ -350,28 +385,27 @@ bool QHttp2ProtocolHandler::sendClientPreface() if (prefaceSent) return true; - const qint64 written = m_socket->write(Http2clientPreface, + const qint64 written = m_socket->write(Http2::Http2clientPreface, Http2::clientPrefaceLength); if (written != Http2::clientPrefaceLength) return false; // 6.5 SETTINGS - frameWriter.start(FrameType::SETTINGS, FrameFlag::EMPTY, Http2::connectionStreamID); - // MAX frame size (16 kb), enable/disable PUSH - frameWriter.append(Settings::MAX_FRAME_SIZE_ID); - frameWriter.append(quint32(Http2::maxFrameSize)); - frameWriter.append(Settings::ENABLE_PUSH_ID); - frameWriter.append(quint32(pushPromiseEnabled)); + const ProtocolParameters params(m_connection->http2Parameters()); + Q_ASSERT(params.validate()); + frameWriter.setOutboundFrame(params.settingsFrame()); + Q_ASSERT(frameWriter.outboundFrame().payloadSize()); if (!frameWriter.write(*m_socket)) return false; - sessionRecvWindowSize = sessionMaxRecvWindowSize; - if (defaultSessionWindowSize < sessionMaxRecvWindowSize) { - const auto delta = sessionMaxRecvWindowSize - defaultSessionWindowSize; - if (!sendWINDOW_UPDATE(connectionStreamID, delta)) - return false; - } + sessionReceiveWindowSize = maxSessionReceiveWindowSize; + // ProtocolParameters::validate does not allow maxSessionReceiveWindowSize + // to be smaller than defaultSessionWindowSize, so everything is OK here with + // 'delta': + const auto delta = maxSessionReceiveWindowSize - Http2::defaultSessionWindowSize; + if (!sendWINDOW_UPDATE(Http2::connectionStreamID, delta)) + return false; prefaceSent = true; waitingForSettingsACK = true; @@ -519,10 +553,10 @@ void QHttp2ProtocolHandler::handleDATA() if (!activeStreams.contains(streamID) && !streamWasReset(streamID)) return connectionError(ENHANCE_YOUR_CALM, "DATA on invalid stream"); - if (qint32(inboundFrame.payloadSize()) > sessionRecvWindowSize) + if (qint32(inboundFrame.payloadSize()) > sessionReceiveWindowSize) return connectionError(FLOW_CONTROL_ERROR, "Flow control error"); - sessionRecvWindowSize -= inboundFrame.payloadSize(); + sessionReceiveWindowSize -= inboundFrame.payloadSize(); if (activeStreams.contains(streamID)) { auto &stream = activeStreams[streamID]; @@ -541,20 +575,20 @@ void QHttp2ProtocolHandler::handleDATA() if (inboundFrame.flags().testFlag(FrameFlag::END_STREAM)) { finishStream(stream); deleteActiveStream(stream.streamID); - } else if (stream.recvWindow < streamInitialRecvWindowSize / 2) { + } else if (stream.recvWindow < streamInitialReceiveWindowSize / 2) { QMetaObject::invokeMethod(this, "sendWINDOW_UPDATE", Qt::QueuedConnection, Q_ARG(quint32, stream.streamID), - Q_ARG(quint32, streamInitialRecvWindowSize - stream.recvWindow)); - stream.recvWindow = streamInitialRecvWindowSize; + Q_ARG(quint32, streamInitialReceiveWindowSize - stream.recvWindow)); + stream.recvWindow = streamInitialReceiveWindowSize; } } } - if (sessionRecvWindowSize < sessionMaxRecvWindowSize / 2) { + if (sessionReceiveWindowSize < maxSessionReceiveWindowSize / 2) { QMetaObject::invokeMethod(this, "sendWINDOW_UPDATE", Qt::QueuedConnection, Q_ARG(quint32, connectionStreamID), - Q_ARG(quint32, sessionMaxRecvWindowSize - sessionRecvWindowSize)); - sessionRecvWindowSize = sessionMaxRecvWindowSize; + Q_ARG(quint32, maxSessionReceiveWindowSize - sessionReceiveWindowSize)); + sessionReceiveWindowSize = maxSessionReceiveWindowSize; } } @@ -1176,7 +1210,7 @@ void QHttp2ProtocolHandler::finishStreamWithError(Stream &stream, QNetworkReply: << "finished with error:" << message; } -quint32 QHttp2ProtocolHandler::createNewStream(const HttpMessagePair &message) +quint32 QHttp2ProtocolHandler::createNewStream(const HttpMessagePair &message, bool uploadDone) { const qint32 newStreamID = allocateStreamID(); if (!newStreamID) @@ -1195,12 +1229,14 @@ quint32 QHttp2ProtocolHandler::createNewStream(const HttpMessagePair &message) const Stream newStream(message, newStreamID, streamInitialSendWindowSize, - streamInitialRecvWindowSize); + streamInitialReceiveWindowSize); - if (auto src = newStream.data()) { - connect(src, SIGNAL(readyRead()), this, - SLOT(_q_uploadDataReadyRead()), Qt::QueuedConnection); - src->setProperty("HTTP2StreamID", newStreamID); + if (!uploadDone) { + if (auto src = newStream.data()) { + connect(src, SIGNAL(readyRead()), this, + SLOT(_q_uploadDataReadyRead()), Qt::QueuedConnection); + src->setProperty("HTTP2StreamID", newStreamID); + } } activeStreams.insert(newStreamID, newStream); @@ -1388,7 +1424,7 @@ bool QHttp2ProtocolHandler::tryReserveStream(const Http2::Frame &pushPromiseFram promise.reservedID = reservedID; promise.pushHeader = requestHeader; - activeStreams.insert(reservedID, Stream(urlKey, reservedID, streamInitialRecvWindowSize)); + activeStreams.insert(reservedID, Stream(urlKey, reservedID, streamInitialReceiveWindowSize)); return true; } @@ -1422,7 +1458,7 @@ void QHttp2ProtocolHandler::initReplyFromPushPromise(const HttpMessagePair &mess // Let's pretent we're sending a request now: Stream closedStream(message, promise.reservedID, streamInitialSendWindowSize, - streamInitialRecvWindowSize); + streamInitialReceiveWindowSize); closedStream.state = Stream::halfClosedLocal; activeStreams.insert(promise.reservedID, closedStream); promisedStream = &activeStreams[promise.reservedID]; diff --git a/src/network/access/qhttp2protocolhandler_p.h b/src/network/access/qhttp2protocolhandler_p.h index 5e04c79376..dd209bd0ef 100644 --- a/src/network/access/qhttp2protocolhandler_p.h +++ b/src/network/access/qhttp2protocolhandler_p.h @@ -98,7 +98,7 @@ private: using Stream = Http2::Stream; void _q_readyRead() override; - void _q_receiveReply() override; + Q_INVOKABLE void _q_receiveReply() override; Q_INVOKABLE bool sendRequest() override; bool sendClientPreface(); @@ -136,7 +136,7 @@ private: const QString &message); // Stream's lifecycle management: - quint32 createNewStream(const HttpMessagePair &message); + quint32 createNewStream(const HttpMessagePair &message, bool uploadDone = false); void addToSuspended(Stream &stream); void markAsReset(quint32 streamID); quint32 popStreamToResume(); @@ -172,24 +172,38 @@ private: bool continuationExpected = false; std::vector<Http2::Frame> continuedFrames; - // Peer's max number of streams ... - quint32 maxConcurrentStreams = Http2::maxConcurrentStreams; - // Control flow: - static const qint32 sessionMaxRecvWindowSize = Http2::defaultSessionWindowSize * 10; - // Signed integer, it can become negative (it's still a valid window size): - qint32 sessionRecvWindowSize = sessionMaxRecvWindowSize; - // We do not negotiate this window size - // We have to send WINDOW_UPDATE frames to our peer also. - static const qint32 streamInitialRecvWindowSize = Http2::defaultSessionWindowSize; - - // Updated by SETTINGS and WINDOW_UPDATE. + // This is how many concurrent streams our peer expects from us: + // 100 is the default value, can be updated by the server's SETTINGS + // frame(s): + quint32 maxConcurrentStreams = Http2::maxConcurrentStreams; + // While we allow sending SETTTINGS_MAX_CONCURRENT_STREAMS to limit our peer, + // it's just a hint and we do not actually enforce it (and we can continue + // sending requests and creating streams while maxConcurrentStreams allows). + + // This is the max value, we set it in a ctor from Http2::ProtocolParameters, + // it does not change after that. + qint32 maxSessionReceiveWindowSize = Http2::defaultSessionWindowSize; + + // Our session receive window size, default is 64Kb. We'll update it from QNAM's + // Http2::ProtocolParameters. Signed integer since it can become negative + // (it's still a valid window size). + qint32 sessionReceiveWindowSize = Http2::defaultSessionWindowSize; + // Our per-stream receive window size, default is 64 Kb, will be updated + // from QNAM's Http2::ProtocolParameters. Again, signed - can become negative. + qint32 streamInitialReceiveWindowSize = Http2::defaultSessionWindowSize; + + // These are our peer's receive window sizes, they will be updated by the + // peer's SETTINGS and WINDOW_UPDATE frames. qint32 sessionSendWindowSize = Http2::defaultSessionWindowSize; qint32 streamInitialSendWindowSize = Http2::defaultSessionWindowSize; - // It's unlimited by default, but can be changed via SETTINGS. + // Our peer's header size limitations. It's unlimited by default, but can + // be changed via peer's SETTINGS frame. quint32 maxHeaderListSize = (std::numeric_limits<quint32>::max)(); + // While we can send SETTINGS_MAX_HEADER_LIST_SIZE value (our limit on + // the headers size), we never enforce it, it's just a hint to our peer. Q_INVOKABLE void resumeSuspendedStreams(); // Our stream IDs (all odd), the first valid will be 1. diff --git a/src/network/access/qhttpmultipart.cpp b/src/network/access/qhttpmultipart.cpp index 870e71ba1e..c59df9d8b8 100644 --- a/src/network/access/qhttpmultipart.cpp +++ b/src/network/access/qhttpmultipart.cpp @@ -41,7 +41,7 @@ #include "qhttpmultipart_p.h" #include "QtCore/qdatetime.h" // for initializing the random number generator with QTime #include "QtCore/qmutex.h" -#include "QtCore/qthreadstorage.h" +#include "QtCore/qrandom.h" QT_BEGIN_NAMESPACE @@ -431,23 +431,16 @@ void QHttpPartPrivate::checkHeaderCreated() const } } -Q_GLOBAL_STATIC(QThreadStorage<bool *>, seedCreatedStorage); - QHttpMultiPartPrivate::QHttpMultiPartPrivate() : contentType(QHttpMultiPart::MixedType), device(new QHttpMultiPartIODevice(this)) { - if (!seedCreatedStorage()->hasLocalData()) { - qsrand(QTime(0,0,0).msecsTo(QTime::currentTime()) ^ reinterpret_cast<quintptr>(this)); - seedCreatedStorage()->setLocalData(new bool(true)); - } - - boundary = QByteArray("boundary_.oOo._") - + QByteArray::number(qrand()).toBase64() - + QByteArray::number(qrand()).toBase64() - + QByteArray::number(qrand()).toBase64(); + // 24 random bytes, becomes 32 characters when encoded to Base64 + quint32 random[6]; + QRandomGenerator::global()->fillRange(random); + boundary = "boundary_.oOo._" + + QByteArray::fromRawData(reinterpret_cast<char *>(random), sizeof(random)).toBase64(); // boundary must not be longer than 70 characters, see RFC 2046, section 5.1.1 - if (boundary.count() > 70) - boundary = boundary.left(70); + Q_ASSERT(boundary.count() <= 70); } qint64 QHttpMultiPartIODevice::size() const diff --git a/src/network/access/qhttpnetworkconnection.cpp b/src/network/access/qhttpnetworkconnection.cpp index 5bc5f22fef..8fdcc91efc 100644 --- a/src/network/access/qhttpnetworkconnection.cpp +++ b/src/network/access/qhttpnetworkconnection.cpp @@ -627,7 +627,8 @@ QHttpNetworkReply* QHttpNetworkConnectionPrivate::queueRequest(const QHttpNetwor if (request.isPreConnect()) preConnectRequests++; - if (connectionType == QHttpNetworkConnection::ConnectionTypeHTTP) { + if (connectionType == QHttpNetworkConnection::ConnectionTypeHTTP + || (!encrypt && connectionType == QHttpNetworkConnection::ConnectionTypeHTTP2 && !channels[0].switchedToHttp2)) { switch (request.priority()) { case QHttpNetworkRequest::HighPriority: highPriorityQueue.prepend(pair); @@ -638,12 +639,13 @@ QHttpNetworkReply* QHttpNetworkConnectionPrivate::queueRequest(const QHttpNetwor break; } } - else { // SPDY, HTTP/2 + else { // SPDY, HTTP/2 ('h2' mode) if (!pair.second->d_func()->requestIsPrepared) prepareRequest(pair); channels[0].spdyRequestsToSend.insertMulti(request.priority(), pair); } +#ifndef Q_OS_WINRT // For Happy Eyeballs the networkLayerState is set to Unknown // untill we have started the first connection attempt. So no // request will be started untill we know if IPv4 or IPv6 @@ -651,6 +653,13 @@ QHttpNetworkReply* QHttpNetworkConnectionPrivate::queueRequest(const QHttpNetwor if (networkLayerState == Unknown || networkLayerState == HostLookupPending) { startHostInfoLookup(); } else if ( networkLayerState == IPv4 || networkLayerState == IPv6 ) { +#else // !Q_OS_WINRT + { + // Skip the host lookup part for winrt. Host lookup and proxy handling are done by Windows + // internally and networkLayerPreference is ignored on this platform. Instead of refactoring + // the whole approach we just pretend that everything important is known here. + networkLayerState = IPv4; +#endif // this used to be called via invokeMethod and a QueuedConnection // It is the only place _q_startNextRequest is called directly without going // through the event loop using a QueuedConnection. @@ -664,6 +673,25 @@ QHttpNetworkReply* QHttpNetworkConnectionPrivate::queueRequest(const QHttpNetwor return reply; } +void QHttpNetworkConnectionPrivate::fillHttp2Queue() +{ + for (auto &pair : highPriorityQueue) { + if (!pair.second->d_func()->requestIsPrepared) + prepareRequest(pair); + channels[0].spdyRequestsToSend.insertMulti(QHttpNetworkRequest::HighPriority, pair); + } + + highPriorityQueue.clear(); + + for (auto &pair : lowPriorityQueue) { + if (!pair.second->d_func()->requestIsPrepared) + prepareRequest(pair); + channels[0].spdyRequestsToSend.insertMulti(pair.first.priority(), pair); + } + + lowPriorityQueue.clear(); +} + void QHttpNetworkConnectionPrivate::requeueRequest(const HttpMessagePair &pair) { Q_Q(QHttpNetworkConnection); @@ -1039,8 +1067,7 @@ void QHttpNetworkConnectionPrivate::_q_startNextRequest() } case QHttpNetworkConnection::ConnectionTypeHTTP2: case QHttpNetworkConnection::ConnectionTypeSPDY: { - - if (channels[0].spdyRequestsToSend.isEmpty()) + if (channels[0].spdyRequestsToSend.isEmpty() && channels[0].switchedToHttp2) return; if (networkLayerState == IPv4) @@ -1049,7 +1076,7 @@ void QHttpNetworkConnectionPrivate::_q_startNextRequest() channels[0].networkLayerPreference = QAbstractSocket::IPv6Protocol; channels[0].ensureConnection(); if (channels[0].socket && channels[0].socket->state() == QAbstractSocket::ConnectedState - && !channels[0].pendingEncrypt) + && !channels[0].pendingEncrypt && channels[0].spdyRequestsToSend.size()) channels[0].sendRequest(); break; } @@ -1347,6 +1374,12 @@ QHttpNetworkReply* QHttpNetworkConnection::sendRequest(const QHttpNetworkRequest return d->queueRequest(request); } +void QHttpNetworkConnection::fillHttp2Queue() +{ + Q_D(QHttpNetworkConnection); + d->fillHttp2Queue(); +} + bool QHttpNetworkConnection::isSsl() const { Q_D(const QHttpNetworkConnection); @@ -1404,6 +1437,23 @@ void QHttpNetworkConnection::setConnectionType(ConnectionType type) d->connectionType = type; } +Http2::ProtocolParameters QHttpNetworkConnection::http2Parameters() const +{ + Q_D(const QHttpNetworkConnection); + return d->http2Parameters; +} + +void QHttpNetworkConnection::setHttp2Parameters(const Http2::ProtocolParameters ¶ms) +{ + Q_D(QHttpNetworkConnection); + if (params.validate()) { + d->http2Parameters = params; + } else { + qCWarning(QT_HTTP2) + << "invalid HTTP/2 parameters, falling back to defaults instead"; + } +} + // SSL support below #ifndef QT_NO_SSL void QHttpNetworkConnection::setSslConfiguration(const QSslConfiguration &config) diff --git a/src/network/access/qhttpnetworkconnection_p.h b/src/network/access/qhttpnetworkconnection_p.h index 3dd9bde9bd..d3450417aa 100644 --- a/src/network/access/qhttpnetworkconnection_p.h +++ b/src/network/access/qhttpnetworkconnection_p.h @@ -67,6 +67,7 @@ #include <private/qhttpnetworkheader_p.h> #include <private/qhttpnetworkrequest_p.h> #include <private/qhttpnetworkreply_p.h> +#include <private/http2protocol_p.h> #include <private/qhttpnetworkconnectionchannel_p.h> @@ -122,6 +123,7 @@ public: //add a new HTTP request through this connection QHttpNetworkReply* sendRequest(const QHttpNetworkRequest &request); + void fillHttp2Queue(); #ifndef QT_NO_NETWORKPROXY //set the proxy for this connection @@ -138,6 +140,9 @@ public: ConnectionType connectionType(); void setConnectionType(ConnectionType type); + Http2::ProtocolParameters http2Parameters() const; + void setHttp2Parameters(const Http2::ProtocolParameters ¶ms); + #ifndef QT_NO_SSL void setSslConfiguration(const QSslConfiguration &config); void ignoreSslErrors(int channel = -1); @@ -208,6 +213,7 @@ public: QHttpNetworkReply *queueRequest(const QHttpNetworkRequest &request); void requeueRequest(const HttpMessagePair &pair); // e.g. after pipeline broke + void fillHttp2Queue(); bool dequeueRequest(QAbstractSocket *socket); void prepareRequest(HttpMessagePair &request); void updateChannel(int i, const HttpMessagePair &messagePair); @@ -280,6 +286,8 @@ public: QSharedPointer<QNetworkSession> networkSession; #endif + Http2::ProtocolParameters http2Parameters; + friend class QHttpNetworkConnectionChannel; }; diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp index 17520d0f4c..094a48a603 100644 --- a/src/network/access/qhttpnetworkconnectionchannel.cpp +++ b/src/network/access/qhttpnetworkconnectionchannel.cpp @@ -55,7 +55,6 @@ # include <private/qsslsocket_p.h> # include <QtNetwork/qsslkey.h> # include <QtNetwork/qsslcipher.h> -# include <QtNetwork/qsslconfiguration.h> #endif #ifndef QT_NO_BEARERMANAGEMENT @@ -64,6 +63,20 @@ QT_BEGIN_NAMESPACE +namespace +{ + +class ProtocolHandlerDeleter : public QObject +{ +public: + explicit ProtocolHandlerDeleter(QAbstractProtocolHandler *h) : handler(h) {} + ~ProtocolHandlerDeleter() { delete handler; } +private: + QAbstractProtocolHandler *handler = nullptr; +}; + +} + // TODO: Put channel specific stuff here so it does not polute qhttpnetworkconnection.cpp // Because in-flight when sending a request, the server might close our connection (because the persistent HTTP @@ -176,8 +189,8 @@ void QHttpNetworkConnectionChannel::init() if (!ignoreSslErrorsList.isEmpty()) sslSocket->ignoreSslErrors(ignoreSslErrorsList); - if (!sslConfiguration.isNull()) - sslSocket->setSslConfiguration(sslConfiguration); + if (sslConfiguration.data() && !sslConfiguration->isNull()) + sslSocket->setSslConfiguration(*sslConfiguration); } else { #endif // !QT_NO_SSL if (connection->connectionType() != QHttpNetworkConnection::ConnectionTypeHTTP2) @@ -425,6 +438,40 @@ void QHttpNetworkConnectionChannel::allDone() return; } + if (connection->connectionType() == QHttpNetworkConnection::ConnectionTypeHTTP2 + && !ssl && !switchedToHttp2) { + if (Http2::is_protocol_upgraded(*reply)) { + switchedToHttp2 = true; + protocolHandler->setReply(nullptr); + + // As allDone() gets called from the protocol handler, it's not yet + // safe to delete it. There is no 'deleteLater', since + // QAbstractProtocolHandler is not a QObject. Instead we do this + // trick with ProtocolHandlerDeleter, a QObject-derived class. + // These dances below just make it somewhat exception-safe. + // 1. Create a new owner: + QAbstractProtocolHandler *oldHandler = protocolHandler.data(); + QScopedPointer<ProtocolHandlerDeleter> deleter(new ProtocolHandlerDeleter(oldHandler)); + // 2. Retire the old one: + protocolHandler.take(); + // 3. Call 'deleteLater': + deleter->deleteLater(); + // 3. Give up the ownerthip: + deleter.take(); + + connection->fillHttp2Queue(); + protocolHandler.reset(new QHttp2ProtocolHandler(this)); + QHttp2ProtocolHandler *h2c = static_cast<QHttp2ProtocolHandler *>(protocolHandler.data()); + QMetaObject::invokeMethod(h2c, "_q_receiveReply", Qt::QueuedConnection); + QMetaObject::invokeMethod(connection, "_q_startNextRequest", Qt::QueuedConnection); + return; + } else { + // Ok, whatever happened, we do not try HTTP/2 anymore ... + connection->setConnectionType(QHttpNetworkConnection::ConnectionTypeHTTP); + connection->d_func()->activeChannelCount = connection->d_func()->channelCount; + } + } + // while handling 401 & 407, we might reset the status code, so save this. bool emitFinished = reply->d_func()->shouldEmitSignals(); bool connectionCloseEnabled = reply->d_func()->isConnectionCloseEnabled(); @@ -663,7 +710,10 @@ void QHttpNetworkConnectionChannel::setSslConfiguration(const QSslConfiguration if (socket) static_cast<QSslSocket *>(socket)->setSslConfiguration(config); - sslConfiguration = config; + if (sslConfiguration.data()) + *sslConfiguration = config; + else + sslConfiguration.reset(new QSslConfiguration(config)); } #endif @@ -843,19 +893,25 @@ void QHttpNetworkConnectionChannel::_q_connected() #endif } else { state = QHttpNetworkConnectionChannel::IdleState; - if (connection->connectionType() == QHttpNetworkConnection::ConnectionTypeHTTP2) { - // We have to reset QHttp2ProtocolHandler's state machine, it's a new - // connection and the handler's state is unique per connection. - protocolHandler.reset(new QHttp2ProtocolHandler(this)); - if (spdyRequestsToSend.count() > 0) { - // wait for data from the server first (e.g. initial window, max concurrent requests) - QMetaObject::invokeMethod(connection, "_q_startNextRequest", Qt::QueuedConnection); + const bool tryProtocolUpgrade = connection->connectionType() == QHttpNetworkConnection::ConnectionTypeHTTP2; + if (tryProtocolUpgrade) { + // For HTTP/1.1 it's already created and never reset. + protocolHandler.reset(new QHttpProtocolHandler(this)); + } + switchedToHttp2 = false; + + if (!reply) + connection->d_func()->dequeueRequest(socket); + + if (reply) { + if (tryProtocolUpgrade) { + // Let's augment our request with some magic headers and try to + // switch to HTTP/2. + const Http2::ProtocolParameters params(connection->http2Parameters()); + Q_ASSERT(params.validate()); + params.addProtocolUpgradeHeaders(&request); } - } else { - if (!reply) - connection->d_func()->dequeueRequest(socket); - if (reply) - sendRequest(); + sendRequest(); } } } @@ -1083,6 +1139,7 @@ void QHttpNetworkConnectionChannel::_q_encrypted() // has gone to the SPDY queue already break; } else if (nextProtocol == QSslConfiguration::ALPNProtocolHTTP2) { + switchedToHttp2 = true; protocolHandler.reset(new QHttp2ProtocolHandler(this)); connection->setConnectionType(QHttpNetworkConnection::ConnectionTypeHTTP2); break; @@ -1095,8 +1152,15 @@ void QHttpNetworkConnectionChannel::_q_encrypted() Q_FALLTHROUGH(); case QSslConfiguration::NextProtocolNegotiationNone: { protocolHandler.reset(new QHttpProtocolHandler(this)); + if (!sslConfiguration.data()) { + // Our own auto-tests bypass the normal initialization (done by + // QHttpThreadDelegate), this means in the past we'd have here + // the default constructed QSslConfiguration without any protocols + // to negotiate. Let's create it now: + sslConfiguration.reset(new QSslConfiguration); + } - QList<QByteArray> protocols = sslConfiguration.allowedNextProtocols(); + QList<QByteArray> protocols = sslConfiguration->allowedNextProtocols(); const int nProtocols = protocols.size(); // Clear the protocol that we failed to negotiate, so we do not try // it again on other channels that our connection can create/open. @@ -1106,10 +1170,10 @@ void QHttpNetworkConnectionChannel::_q_encrypted() protocols.removeAll(QSslConfiguration::NextProtocolSpdy3_0); if (nProtocols > protocols.size()) { - sslConfiguration.setAllowedNextProtocols(protocols); + sslConfiguration->setAllowedNextProtocols(protocols); const int channelCount = connection->d_func()->channelCount; for (int i = 0; i < channelCount; ++i) - connection->d_func()->channels[i].setSslConfiguration(sslConfiguration); + connection->d_func()->channels[i].setSslConfiguration(*sslConfiguration); } connection->setConnectionType(QHttpNetworkConnection::ConnectionTypeHTTP); diff --git a/src/network/access/qhttpnetworkconnectionchannel_p.h b/src/network/access/qhttpnetworkconnectionchannel_p.h index 61aea9d35d..844a7d5d15 100644 --- a/src/network/access/qhttpnetworkconnectionchannel_p.h +++ b/src/network/access/qhttpnetworkconnectionchannel_p.h @@ -78,6 +78,8 @@ # include <QtNetwork/qtcpsocket.h> #endif +#include <QtCore/qscopedpointer.h> + QT_BEGIN_NAMESPACE class QHttpNetworkRequest; @@ -125,10 +127,11 @@ public: // HTTP/2 can be cleartext also, that's why it's // outside of QT_NO_SSL section. Sorted by priority: QMultiMap<int, HttpMessagePair> spdyRequestsToSend; + bool switchedToHttp2 = false; #ifndef QT_NO_SSL bool ignoreAllSslErrors; QList<QSslError> ignoreSslErrorsList; - QSslConfiguration sslConfiguration; + QScopedPointer<QSslConfiguration> sslConfiguration; void ignoreSslErrors(); void ignoreSslErrors(const QList<QSslError> &errors); void setSslConfiguration(const QSslConfiguration &config); diff --git a/src/network/access/qhttpnetworkheader_p.h b/src/network/access/qhttpnetworkheader_p.h index 89169b9331..46aec1dd8c 100644 --- a/src/network/access/qhttpnetworkheader_p.h +++ b/src/network/access/qhttpnetworkheader_p.h @@ -78,7 +78,7 @@ public: virtual void setHeaderField(const QByteArray &name, const QByteArray &data) = 0; }; -class QHttpNetworkHeaderPrivate : public QSharedData +class Q_AUTOTEST_EXPORT QHttpNetworkHeaderPrivate : public QSharedData { public: QUrl url; diff --git a/src/network/access/qhttpthreaddelegate.cpp b/src/network/access/qhttpthreaddelegate.cpp index 9d874b4d94..3204f8da33 100644 --- a/src/network/access/qhttpthreaddelegate.cpp +++ b/src/network/access/qhttpthreaddelegate.cpp @@ -44,6 +44,7 @@ #include <QTimer> #include <QAuthenticator> #include <QEventLoop> +#include <QCryptographicHash> #include "private/qhttpnetworkreply_p.h" #include "private/qnetworkaccesscache_p.h" @@ -158,7 +159,10 @@ static QByteArray makeCacheKey(QUrl &url, QNetworkProxy *proxy) } if (!key.scheme().isEmpty()) { + const QByteArray obfuscatedPassword = QCryptographicHash::hash(proxy->password().toUtf8(), + QCryptographicHash::Sha1).toHex(); key.setUserName(proxy->user()); + key.setPassword(QString::fromUtf8(obfuscatedPassword)); key.setHost(proxy->hostName()); key.setPort(proxy->port()); key.setQuery(result); @@ -288,20 +292,22 @@ void QHttpThreadDelegate::startRequest() QHttpNetworkConnection::ConnectionType connectionType = httpRequest.isHTTP2Allowed() ? QHttpNetworkConnection::ConnectionTypeHTTP2 : QHttpNetworkConnection::ConnectionTypeHTTP; - #ifndef QT_NO_SSL + if (ssl && !incomingSslConfiguration.data()) + incomingSslConfiguration.reset(new QSslConfiguration); + if (httpRequest.isHTTP2Allowed() && ssl) { QList<QByteArray> protocols; protocols << QSslConfiguration::ALPNProtocolHTTP2 << QSslConfiguration::NextProtocolHttp1_1; - incomingSslConfiguration.setAllowedNextProtocols(protocols); + incomingSslConfiguration->setAllowedNextProtocols(protocols); } else if (httpRequest.isSPDYAllowed() && ssl) { connectionType = QHttpNetworkConnection::ConnectionTypeSPDY; urlCopy.setScheme(QStringLiteral("spdy")); // to differentiate SPDY requests from HTTPS requests QList<QByteArray> nextProtocols; nextProtocols << QSslConfiguration::NextProtocolSpdy3_0 << QSslConfiguration::NextProtocolHttp1_1; - incomingSslConfiguration.setAllowedNextProtocols(nextProtocols); + incomingSslConfiguration->setAllowedNextProtocols(nextProtocols); } #endif // QT_NO_SSL @@ -327,12 +333,15 @@ void QHttpThreadDelegate::startRequest() httpConnection = new QNetworkAccessCachedHttpConnection(urlCopy.host(), urlCopy.port(), ssl, connectionType, networkSession); -#endif +#endif // QT_NO_BEARERMANAGEMENT + if (connectionType == QHttpNetworkConnection::ConnectionTypeHTTP2 + && http2Parameters.validate()) { + httpConnection->setHttp2Parameters(http2Parameters); + } // else we ignore invalid parameters and use our own defaults. #ifndef QT_NO_SSL // Set the QSslConfiguration from this QNetworkRequest. - if (ssl && incomingSslConfiguration != QSslConfiguration::defaultConfiguration()) { - httpConnection->setSslConfiguration(incomingSslConfiguration); - } + if (ssl) + httpConnection->setSslConfiguration(*incomingSslConfiguration); #endif #ifndef QT_NO_NETWORKPROXY @@ -354,7 +363,6 @@ void QHttpThreadDelegate::startRequest() } } - // Send the request to the connection httpReply = httpConnection->sendRequest(httpRequest); httpReply->setParent(this); diff --git a/src/network/access/qhttpthreaddelegate_p.h b/src/network/access/qhttpthreaddelegate_p.h index 6d1ea11f29..da115d6710 100644 --- a/src/network/access/qhttpthreaddelegate_p.h +++ b/src/network/access/qhttpthreaddelegate_p.h @@ -63,9 +63,10 @@ #include "qhttpnetworkrequest_p.h" #include "qhttpnetworkconnection_p.h" #include <QSharedPointer> -#include "qsslconfiguration.h" +#include <QScopedPointer> #include "private/qnoncontiguousbytedevice_p.h" #include "qnetworkaccessauthenticationmanager_p.h" +#include <QtNetwork/private/http2protocol_p.h> #ifndef QT_NO_HTTP @@ -88,7 +89,7 @@ public: // incoming bool ssl; #ifndef QT_NO_SSL - QSslConfiguration incomingSslConfiguration; + QScopedPointer<QSslConfiguration> incomingSslConfiguration; #endif QHttpNetworkRequest httpRequest; qint64 downloadBufferMaximumSize; @@ -115,6 +116,7 @@ public: qint64 removedContentLength; QNetworkReply::NetworkError incomingErrorCode; QString incomingErrorDetail; + Http2::ProtocolParameters http2Parameters; #ifndef QT_NO_BEARERMANAGEMENT QSharedPointer<QNetworkSession> networkSession; #endif diff --git a/src/network/access/qnetworkaccessbackend.cpp b/src/network/access/qnetworkaccessbackend.cpp index 9c223dd32f..272dd22097 100644 --- a/src/network/access/qnetworkaccessbackend.cpp +++ b/src/network/access/qnetworkaccessbackend.cpp @@ -396,30 +396,8 @@ bool QNetworkAccessBackend::start() #endif #ifndef QT_NO_NETWORKPROXY -#ifndef QT_NO_BEARERMANAGEMENT - // Get the proxy settings from the network session (in the case of service networks, - // the proxy settings change depending which AP was activated) - QNetworkSession *session = networkSession.data(); - QNetworkConfiguration config; - if (session) { - QNetworkConfigurationManager configManager; - // The active configuration tells us what IAP is in use - QVariant v = session->sessionProperty(QLatin1String("ActiveConfiguration")); - if (v.isValid()) - config = configManager.configurationFromIdentifier(qvariant_cast<QString>(v)); - // Fallback to using the configuration if no active configuration - if (!config.isValid()) - config = session->configuration(); - // or unspecified configuration if that is no good either - if (!config.isValid()) - config = QNetworkConfiguration(); - } - reply->proxyList = manager->queryProxy(QNetworkProxyQuery(config, url())); -#else // QT_NO_BEARERMANAGEMENT - // Without bearer management, the proxy depends only on the url reply->proxyList = manager->queryProxy(QNetworkProxyQuery(url())); #endif -#endif // now start the request open(); diff --git a/src/network/access/qnetworkaccessmanager.cpp b/src/network/access/qnetworkaccessmanager.cpp index 0ab3760eed..d5a0261f43 100644 --- a/src/network/access/qnetworkaccessmanager.cpp +++ b/src/network/access/qnetworkaccessmanager.cpp @@ -735,9 +735,51 @@ bool QNetworkAccessManager::isStrictTransportSecurityEnabled() const } /*! + \since 5.10 + + If \a enabled is \c true, the internal HSTS cache will use a persistent store + to read and write HSTS policies. \a storeDir defines where this store will be + located. The default location is defined by QStandardPaths::CacheLocation. + If there is no writable QStandartPaths::CacheLocation and \a storeDir is an + empty string, the store will be located in the program's working directory. + + \note If HSTS cache already contains HSTS policies by the time persistent + store is enabled, these policies will be preserved in the store. In case both + cache and store contain the same known hosts, policies from cache are considered + to be more up-to-date (and thus will overwrite the previous values in the store). + If this behavior is undesired, enable HSTS store before enabling Strict Tranport + Security. By default, the persistent store of HSTS policies is disabled. + + \sa isStrictTransportSecurityStoreEnabled(), setStrictTransportSecurityEnabled(), + QStandardPaths::standardLocations() +*/ + +void QNetworkAccessManager::enableStrictTransportSecurityStore(bool enabled, const QString &storeDir) +{ + Q_D(QNetworkAccessManager); + d->stsStore.reset(enabled ? new QHstsStore(storeDir) : nullptr); + d->stsCache.setStore(d->stsStore.data()); +} + +/*! + \since 5.10 + + Returns true if HSTS cache uses a permanent store to load and store HSTS + policies. + + \sa enableStrictTransportSecurityStore() +*/ + +bool QNetworkAccessManager::isStrictTransportSecurityStoreEnabled() const +{ + Q_D(const QNetworkAccessManager); + return bool(d->stsStore.data()); +} + +/*! \since 5.9 - Adds HTTP Strict Transport Security policies into HSTS cache. + Adds HTTP Strict Transport Security policies contained in \a knownHosts into HSTS cache. \note An expired policy will remove a known host from the cache, if previously present. @@ -749,7 +791,7 @@ bool QNetworkAccessManager::isStrictTransportSecurityEnabled() const policies, but this information can be overridden by "Strict-Transport-Security" response headers. - \sa addStrictTransportSecurityHosts(), QHstsPolicy + \sa addStrictTransportSecurityHosts(), enableStrictTransportSecurityStore(), QHstsPolicy */ void QNetworkAccessManager::addStrictTransportSecurityHosts(const QVector<QHstsPolicy> &knownHosts) diff --git a/src/network/access/qnetworkaccessmanager.h b/src/network/access/qnetworkaccessmanager.h index f035ac5b00..4806ec0475 100644 --- a/src/network/access/qnetworkaccessmanager.h +++ b/src/network/access/qnetworkaccessmanager.h @@ -42,6 +42,7 @@ #include <QtNetwork/qtnetworkglobal.h> #include <QtNetwork/qnetworkrequest.h> +#include <QtCore/QString> #include <QtCore/QVector> #include <QtCore/QObject> #ifndef QT_NO_SSL @@ -124,6 +125,8 @@ public: void setStrictTransportSecurityEnabled(bool enabled); bool isStrictTransportSecurityEnabled() const; + void enableStrictTransportSecurityStore(bool enabled, const QString &storeDir = QString()); + bool isStrictTransportSecurityStoreEnabled() const; void addStrictTransportSecurityHosts(const QVector<QHstsPolicy> &knownHosts); QVector<QHstsPolicy> strictTransportSecurityHosts() const; diff --git a/src/network/access/qnetworkaccessmanager_p.h b/src/network/access/qnetworkaccessmanager_p.h index 13a26a54f1..e5257251a4 100644 --- a/src/network/access/qnetworkaccessmanager_p.h +++ b/src/network/access/qnetworkaccessmanager_p.h @@ -56,6 +56,7 @@ #include "qnetworkaccesscache_p.h" #include "qnetworkaccessbackend_p.h" #include "qnetworkrequest.h" +#include "qhstsstore_p.h" #include "qhsts_p.h" #include "private/qobject_p.h" #include "QtNetwork/qnetworkproxy.h" @@ -211,6 +212,7 @@ public: Q_AUTOTEST_EXPORT static void clearConnectionCache(QNetworkAccessManager *manager); QHstsCache stsCache; + QScopedPointer<QHstsStore> stsStore; bool stsEnabled = false; #ifndef QT_NO_BEARERMANAGEMENT diff --git a/src/network/access/qnetworkdiskcache.cpp b/src/network/access/qnetworkdiskcache.cpp index fca880d9b3..c9d658225e 100644 --- a/src/network/access/qnetworkdiskcache.cpp +++ b/src/network/access/qnetworkdiskcache.cpp @@ -537,7 +537,9 @@ qint64 QNetworkDiskCache::expire() QFileInfo info = it.fileInfo(); QString fileName = info.fileName(); if (fileName.endsWith(CACHE_POSTFIX)) { - cacheItems.insert(info.created(), path); + const QDateTime birthTime = info.fileTime(QFile::FileBirthTime); + cacheItems.insert(birthTime.isValid() ? birthTime + : info.fileTime(QFile::FileMetadataChangeTime), path); totalSize += info.size(); } } diff --git a/src/network/access/qnetworkreply.cpp b/src/network/access/qnetworkreply.cpp index abe952cd08..11d8f0e3f7 100644 --- a/src/network/access/qnetworkreply.cpp +++ b/src/network/access/qnetworkreply.cpp @@ -311,9 +311,11 @@ QNetworkReplyPrivate::QNetworkReplyPrivate() When client code handling the redirected() signal has verified the new URL, it emits this signal to allow the redirect to go ahead. This protocol applies to network requests whose redirects policy is set to - QNetworkRequest::UserVerifiedRedirectsPolicy. + QNetworkRequest::UserVerifiedRedirectPolicy - \sa QNetworkRequest::UserVerifiedRedirectPolicy, QNetworkAccessManager::setRedirectPolicy(), QNetworkRequest::RedirectPolicyAttribute + \sa QNetworkRequest::UserVerifiedRedirectPolicy, + QNetworkAccessManager::setRedirectPolicy(), + QNetworkRequest::RedirectPolicyAttribute */ /*! diff --git a/src/network/access/qnetworkreplyhttpimpl.cpp b/src/network/access/qnetworkreplyhttpimpl.cpp index 73f88025ac..382da0db5a 100644 --- a/src/network/access/qnetworkreplyhttpimpl.cpp +++ b/src/network/access/qnetworkreplyhttpimpl.cpp @@ -191,7 +191,8 @@ QNetworkReplyHttpImpl::QNetworkReplyHttpImpl(QNetworkAccessManager* const manage d->outgoingData = outgoingData; d->url = request.url(); #ifndef QT_NO_SSL - d->sslConfiguration = request.sslConfiguration(); + if (request.url().scheme() == QLatin1String("https")) + d->sslConfiguration.reset(new QSslConfiguration(request.sslConfiguration())); #endif // FIXME Later maybe set to Unbuffered, especially if it is zerocopy or from cache? @@ -430,7 +431,10 @@ void QNetworkReplyHttpImpl::setSslConfigurationImplementation(const QSslConfigur void QNetworkReplyHttpImpl::sslConfigurationImplementation(QSslConfiguration &configuration) const { Q_D(const QNetworkReplyHttpImpl); - configuration = d->sslConfiguration; + if (d->sslConfiguration.data()) + configuration = *d->sslConfiguration; + else + configuration = request().sslConfiguration(); } #endif @@ -780,6 +784,10 @@ void QNetworkReplyHttpImplPrivate::postRequest(const QNetworkRequest &newHttpReq // Create the HTTP thread delegate QHttpThreadDelegate *delegate = new QHttpThreadDelegate; + // Propagate Http/2 settings if any + const QVariant blob(manager->property(Http2::http2ParametersPropertyName)); + if (blob.isValid() && blob.canConvert<Http2::ProtocolParameters>()) + delegate->http2Parameters = blob.value<Http2::ProtocolParameters>(); #ifndef QT_NO_BEARERMANAGEMENT delegate->networkSession = managerPrivate->getNetworkSession(); #endif @@ -797,7 +805,7 @@ void QNetworkReplyHttpImplPrivate::postRequest(const QNetworkRequest &newHttpReq delegate->ssl = ssl; #ifndef QT_NO_SSL if (ssl) - delegate->incomingSslConfiguration = newHttpRequest.sslConfiguration(); + delegate->incomingSslConfiguration.reset(new QSslConfiguration(newHttpRequest.sslConfiguration())); #endif // Do we use synchronous HTTP? @@ -1456,10 +1464,13 @@ void QNetworkReplyHttpImplPrivate::replySslErrors( *toBeIgnored = pendingIgnoreSslErrorsList; } -void QNetworkReplyHttpImplPrivate::replySslConfigurationChanged(const QSslConfiguration &sslConfiguration) +void QNetworkReplyHttpImplPrivate::replySslConfigurationChanged(const QSslConfiguration &newSslConfiguration) { // Receiving the used SSL configuration from the HTTP thread - this->sslConfiguration = sslConfiguration; + if (sslConfiguration.data()) + *sslConfiguration = newSslConfiguration; + else + sslConfiguration.reset(new QSslConfiguration(newSslConfiguration)); } void QNetworkReplyHttpImplPrivate::replyPreSharedKeyAuthenticationRequiredSlot(QSslPreSharedKeyAuthenticator *authenticator) diff --git a/src/network/access/qnetworkreplyhttpimpl_p.h b/src/network/access/qnetworkreplyhttpimpl_p.h index 1eedfa5a5d..9d47f65ce7 100644 --- a/src/network/access/qnetworkreplyhttpimpl_p.h +++ b/src/network/access/qnetworkreplyhttpimpl_p.h @@ -58,6 +58,7 @@ #include "QtCore/qpointer.h" #include "QtCore/qdatetime.h" #include "QtCore/qsharedpointer.h" +#include "QtCore/qscopedpointer.h" #include "qatomic.h" #include <QtNetwork/QNetworkCacheMetaData> @@ -264,7 +265,7 @@ public: #ifndef QT_NO_SSL - QSslConfiguration sslConfiguration; + QScopedPointer<QSslConfiguration> sslConfiguration; bool pendingIgnoreAllSslErrors; QList<QSslError> pendingIgnoreSslErrorsList; #endif @@ -294,7 +295,7 @@ public: #ifndef QT_NO_SSL void replyEncrypted(); void replySslErrors(const QList<QSslError> &, bool *, QList<QSslError> *); - void replySslConfigurationChanged(const QSslConfiguration&); + void replySslConfigurationChanged(const QSslConfiguration &newSslConfiguration); void replyPreSharedKeyAuthenticationRequiredSlot(QSslPreSharedKeyAuthenticator *); #endif #ifndef QT_NO_NETWORKPROXY |