diff options
Diffstat (limited to 'src/network/ssl/qsslsocket_mac.cpp')
| -rw-r--r-- | src/network/ssl/qsslsocket_mac.cpp | 97 |
1 files changed, 44 insertions, 53 deletions
diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 4e090f96cb..c164342166 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -1,31 +1,37 @@ /**************************************************************************** ** ** Copyright (C) 2014 Jeremy Lainé <jeremy.laine@m4x.org> -** Contact: http://www.qt.io/licensing/ +** Contact: https://www.qt.io/licensing/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** -** $QT_BEGIN_LICENSE:LGPL21$ +** $QT_BEGIN_LICENSE:LGPL$ ** Commercial License Usage ** Licensees holding valid commercial Qt licenses may use this file in ** accordance with the commercial license agreement provided with the ** Software or, alternatively, in accordance with the terms contained in ** a written agreement between you and The Qt Company. For licensing terms -** and conditions see http://www.qt.io/terms-conditions. For further -** information use the contact form at http://www.qt.io/contact-us. +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. ** ** GNU Lesser General Public License Usage ** Alternatively, this file may be used under the terms of the GNU Lesser -** General Public License version 2.1 or version 3 as published by the Free -** Software Foundation and appearing in the file LICENSE.LGPLv21 and -** LICENSE.LGPLv3 included in the packaging of this file. Please review the -** following information to ensure the GNU Lesser General Public License -** requirements will be met: https://www.gnu.org/licenses/lgpl.html and -** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. +** General Public License version 3 as published by the Free Software +** Foundation and appearing in the file LICENSE.LGPL3 included in the +** packaging of this file. Please review the following information to +** ensure the GNU Lesser General Public License version 3 requirements +** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ** -** As a special exception, The Qt Company gives you certain additional -** rights. These rights are described in The Qt Company LGPL Exception -** version 1.1, included in the file LGPL_EXCEPTION.txt in this package. +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 2.0 or (at your option) the GNU General +** Public license version 3 or any later version approved by the KDE Free +** Qt Foundation. The licenses are as published by the Free Software +** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-2.0.html and +** https://www.gnu.org/licenses/gpl-3.0.html. ** ** $QT_END_LICENSE$ ** @@ -436,7 +442,7 @@ void QSslSocketPrivate::ensureInitialized() SSLGetSupportedCiphers(context, cfCiphers.data(), &numCiphers); for (size_t i = 0; i < size_t(cfCiphers.size()); ++i) { - const QSslCipher ciph(QSslSocketBackendPrivate::QSslCipher_from_SSLCipherSuite(cfCiphers[i])); + const QSslCipher ciph(QSslSocketBackendPrivate::QSslCipher_from_SSLCipherSuite(cfCiphers.at(i))); if (!ciph.isNull()) { ciphers << ciph; if (ciph.usedBits() >= 128) @@ -491,29 +497,6 @@ void QSslSocketPrivate::resetDefaultEllipticCurves() Q_UNIMPLEMENTED(); } - -QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates() -{ - QList<QSslCertificate> systemCerts; -#ifdef Q_OS_OSX - // SecTrustSettingsCopyCertificates is not defined on iOS. - QCFType<CFArrayRef> cfCerts; - OSStatus status = SecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts); - if (status == noErr) { - const CFIndex size = CFArrayGetCount(cfCerts); - for (CFIndex i = 0; i < size; ++i) { - SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i); - QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert); - systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der); - } - } else { - // no detailed error handling here - qCWarning(lcSsl) << "SecTrustSettingsCopyCertificates failed:" << status; - } -#endif - return systemCerts; -} - QSslSocketBackendPrivate::QSslSocketBackendPrivate() : context(Q_NULLPTR) { @@ -663,6 +646,7 @@ void QSslSocketBackendPrivate::transmit() emit q->bytesWritten(totalBytesWritten); emittedBytesWritten = false; } + emit q->channelBytesWritten(0, totalBytesWritten); } } @@ -687,11 +671,11 @@ void QSslSocketBackendPrivate::transmit() } if (readBytes) { - char *const ptr = buffer.reserve(readBytes); - std::copy(data.data(), data.data() + readBytes, ptr); + buffer.append(data.constData(), readBytes); if (readyReadEmittedPointer) *readyReadEmittedPointer = true; emit q->readyRead(); + emit q->channelReadyRead(0); } if (err == errSSLWouldBlock) @@ -867,6 +851,9 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSLCipherSuite(SSLCipherSui case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: ciph.d->name = QLatin1String("ECDHE-RSA-AES256-SHA384"); break; + case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: + ciph.d->name = QLatin1String("ECDHE-RSA-AES256-GCM-SHA384"); + break; default: return ciph; } @@ -880,13 +867,13 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSLCipherSuite(SSLCipherSui ciph.d->protocolString = QLatin1String("TLSv1.2"); } - const QStringList bits = ciph.d->name.split('-'); + const auto bits = ciph.d->name.splitRef(QLatin1Char('-')); if (bits.size() >= 2) { if (bits.size() == 2 || bits.size() == 3) { ciph.d->keyExchangeMethod = QLatin1String("RSA"); - } else if (ciph.d->name.startsWith("DH-") || ciph.d->name.startsWith("DHE-")) { + } else if (bits.front() == QLatin1String("DH") || bits.front() == QLatin1String("DHE")) { ciph.d->keyExchangeMethod = QLatin1String("DH"); - } else if (ciph.d->name.startsWith("ECDH-") || ciph.d->name.startsWith("ECDHE-")) { + } else if (bits.front() == QLatin1String("ECDH") || bits.front() == QLatin1String("ECDHE")) { ciph.d->keyExchangeMethod = QLatin1String("ECDH"); } else { qCWarning(lcSsl) << "Unknown Kx" << ciph.d->name; @@ -894,31 +881,35 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSLCipherSuite(SSLCipherSui if (bits.size() == 2 || bits.size() == 3) { ciph.d->authenticationMethod = QLatin1String("RSA"); - } else if (ciph.d->name.contains("-ECDSA-")) { + } else if (ciph.d->name.contains(QLatin1String("-ECDSA-"))) { ciph.d->authenticationMethod = QLatin1String("ECDSA"); - } else if (ciph.d->name.contains("-RSA-")) { + } else if (ciph.d->name.contains(QLatin1String("-RSA-"))) { ciph.d->authenticationMethod = QLatin1String("RSA"); } else { qCWarning(lcSsl) << "Unknown Au" << ciph.d->name; } - if (ciph.d->name.contains("RC4-")) { + if (ciph.d->name.contains(QLatin1String("RC4-"))) { ciph.d->encryptionMethod = QLatin1String("RC4(128)"); ciph.d->bits = 128; ciph.d->supportedBits = 128; - } else if (ciph.d->name.contains("DES-CBC3-")) { + } else if (ciph.d->name.contains(QLatin1String("DES-CBC3-"))) { ciph.d->encryptionMethod = QLatin1String("3DES(168)"); ciph.d->bits = 168; ciph.d->supportedBits = 168; - } else if (ciph.d->name.contains("AES128-")) { + } else if (ciph.d->name.contains(QLatin1String("AES128-"))) { ciph.d->encryptionMethod = QLatin1String("AES(128)"); ciph.d->bits = 128; ciph.d->supportedBits = 128; - } else if (ciph.d->name.contains("AES256-")) { + } else if (ciph.d->name.contains(QLatin1String("AES256-GCM"))) { + ciph.d->encryptionMethod = QLatin1String("AESGCM(256)"); + ciph.d->bits = 256; + ciph.d->supportedBits = 256; + } else if (ciph.d->name.contains(QLatin1String("AES256-"))) { ciph.d->encryptionMethod = QLatin1String("AES(256)"); ciph.d->bits = 256; ciph.d->supportedBits = 256; - } else if (ciph.d->name.contains("NULL-")) { + } else if (ciph.d->name.contains(QLatin1String("NULL-"))) { ciph.d->encryptionMethod = QLatin1String("NULL"); } else { qCWarning(lcSsl) << "Unknown Enc" << ciph.d->name; @@ -1042,7 +1033,7 @@ bool QSslSocketBackendPrivate::setSessionCertificate(QString &errorDescription, QSslCertificate localCertificate; if (!configuration.localCertificateChain.isEmpty()) - localCertificate = configuration.localCertificateChain[0]; + localCertificate = configuration.localCertificateChain.at(0); if (!localCertificate.isNull()) { // Require a private key as well. @@ -1236,7 +1227,7 @@ bool QSslSocketBackendPrivate::verifyPeerTrust() } // check the whole chain for blacklisting (including root, as we check for subjectInfo and issuer) - foreach (const QSslCertificate &cert, configuration.peerCertificateChain) { + for (const QSslCertificate &cert : qAsConst(configuration.peerCertificateChain)) { if (QSslCertificatePrivate::isBlacklisted(cert) && !canIgnoreVerify) { const QSslError error(QSslError::CertificateBlacklisted, cert); errors << error; @@ -1280,7 +1271,7 @@ bool QSslSocketBackendPrivate::verifyPeerTrust() // verify certificate chain QCFType<CFMutableArrayRef> certArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); - foreach (const QSslCertificate &cert, configuration.caCertificates) { + for (const QSslCertificate &cert : qAsConst(configuration.caCertificates)) { QCFType<CFDataRef> certData = cert.d->derData.toCFData(); QCFType<SecCertificateRef> certRef = SecCertificateCreateWithData(NULL, certData); CFArrayAppendValue(certArray, certRef); @@ -1336,7 +1327,7 @@ bool QSslSocketBackendPrivate::checkSslErrors() paused = true; } else { setErrorAndEmit(QAbstractSocket::SslHandshakeFailedError, - sslErrors.first().errorString()); + sslErrors.constFirst().errorString()); plainSocket->disconnectFromHost(); } return false; |