diff options
Diffstat (limited to 'src/network/ssl')
27 files changed, 223 insertions, 141 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp index 7bb68956ee..b68265f1aa 100644 --- a/src/network/ssl/qssl.cpp +++ b/src/network/ssl/qssl.cpp @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h index 7da5a78c56..7387b0214c 100644 --- a/src/network/ssl/qssl.h +++ b/src/network/ssl/qssl.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ @@ -50,7 +50,6 @@ QT_BEGIN_HEADER QT_BEGIN_NAMESPACE -QT_MODULE(Network) namespace QSsl { enum KeyType { diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 5a4702d992..966497be2e 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h index 3aa7075eb3..b15d6e97bb 100644 --- a/src/network/ssl/qsslcertificate.h +++ b/src/network/ssl/qsslcertificate.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ @@ -56,7 +56,6 @@ QT_BEGIN_HEADER QT_BEGIN_NAMESPACE -QT_MODULE(Network) #ifndef QT_NO_SSL @@ -84,8 +83,7 @@ public: }; QSslCertificate(QIODevice *device, QSsl::EncodingFormat format = QSsl::Pem); - QSslCertificate( // ### s/encoded/data (to be consistent with signature in .cpp file) ? - const QByteArray &encoded = QByteArray(), QSsl::EncodingFormat format = QSsl::Pem); + QSslCertificate(const QByteArray &data = QByteArray(), QSsl::EncodingFormat format = QSsl::Pem); QSslCertificate(const QSslCertificate &other); ~QSslCertificate(); QSslCertificate &operator=(const QSslCertificate &other); diff --git a/src/network/ssl/qsslcertificate_p.h b/src/network/ssl/qsslcertificate_p.h index 031165b267..cee0ebe9c0 100644 --- a/src/network/ssl/qsslcertificate_p.h +++ b/src/network/ssl/qsslcertificate_p.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/network/ssl/qsslcertificateextension.cpp b/src/network/ssl/qsslcertificateextension.cpp index b4d002ead1..2b5c57e3f0 100644 --- a/src/network/ssl/qsslcertificateextension.cpp +++ b/src/network/ssl/qsslcertificateextension.cpp @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2011 Richard J. Moore <rich@kde.org> -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/network/ssl/qsslcertificateextension.h b/src/network/ssl/qsslcertificateextension.h index 6c1d219a3b..1ba294ba1b 100644 --- a/src/network/ssl/qsslcertificateextension.h +++ b/src/network/ssl/qsslcertificateextension.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2011 Richard J. Moore <rich@kde.org> -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ @@ -51,7 +51,6 @@ QT_BEGIN_HEADER QT_BEGIN_NAMESPACE -QT_MODULE(Network) #ifndef QT_NO_SSL diff --git a/src/network/ssl/qsslcertificateextension_p.h b/src/network/ssl/qsslcertificateextension_p.h index 877175b666..ccd95655b0 100644 --- a/src/network/ssl/qsslcertificateextension_p.h +++ b/src/network/ssl/qsslcertificateextension_p.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2011 Richard J. Moore <rich@kde.org> -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/network/ssl/qsslcipher.cpp b/src/network/ssl/qsslcipher.cpp index 3c59a8ebf9..ae24e9e3e2 100644 --- a/src/network/ssl/qsslcipher.cpp +++ b/src/network/ssl/qsslcipher.cpp @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/network/ssl/qsslcipher.h b/src/network/ssl/qsslcipher.h index 8d58fa50ba..78989b7cb8 100644 --- a/src/network/ssl/qsslcipher.h +++ b/src/network/ssl/qsslcipher.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ @@ -51,7 +51,6 @@ QT_BEGIN_HEADER QT_BEGIN_NAMESPACE -QT_MODULE(Network) #ifndef QT_NO_SSL diff --git a/src/network/ssl/qsslcipher_p.h b/src/network/ssl/qsslcipher_p.h index d4117abe3a..eadb4eacf3 100644 --- a/src/network/ssl/qsslcipher_p.h +++ b/src/network/ssl/qsslcipher_p.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index f29bb02813..dc530dae88 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h index 37df073ae9..0ef6a6b4f3 100644 --- a/src/network/ssl/qsslconfiguration.h +++ b/src/network/ssl/qsslconfiguration.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ @@ -65,7 +65,6 @@ QT_BEGIN_HEADER QT_BEGIN_NAMESPACE -QT_MODULE(Network) #ifndef QT_NO_SSL @@ -87,7 +86,7 @@ public: inline bool operator!=(const QSslConfiguration &other) const { return !(*this == other); } - bool isNull() const; // ### Qt 5: remove; who would need this? + bool isNull() const; QSsl::SslProtocol protocol() const; void setProtocol(QSsl::SslProtocol protocol); diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h index d9f41d6351..eab266d83b 100644 --- a/src/network/ssl/qsslconfiguration_p.h +++ b/src/network/ssl/qsslconfiguration_p.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/network/ssl/qsslerror.cpp b/src/network/ssl/qsslerror.cpp index 39e6d6114e..acb8d70d09 100644 --- a/src/network/ssl/qsslerror.cpp +++ b/src/network/ssl/qsslerror.cpp @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/network/ssl/qsslerror.h b/src/network/ssl/qsslerror.h index 0bdc230b2e..a84010adbe 100644 --- a/src/network/ssl/qsslerror.h +++ b/src/network/ssl/qsslerror.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ @@ -50,7 +50,6 @@ QT_BEGIN_HEADER QT_BEGIN_NAMESPACE -QT_MODULE(Network) #ifndef QT_NO_SSL diff --git a/src/network/ssl/qsslkey.cpp b/src/network/ssl/qsslkey.cpp index cb038d726f..f422952870 100644 --- a/src/network/ssl/qsslkey.cpp +++ b/src/network/ssl/qsslkey.cpp @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/network/ssl/qsslkey.h b/src/network/ssl/qsslkey.h index d7d52fa992..e64df5fce7 100644 --- a/src/network/ssl/qsslkey.h +++ b/src/network/ssl/qsslkey.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ @@ -52,7 +52,6 @@ QT_BEGIN_HEADER QT_BEGIN_NAMESPACE -QT_MODULE(Network) #ifndef QT_NO_SSL diff --git a/src/network/ssl/qsslkey_p.h b/src/network/ssl/qsslkey_p.h index 1beb2a608a..aac5a8c223 100644 --- a/src/network/ssl/qsslkey_p.h +++ b/src/network/ssl/qsslkey_p.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index b428316a77..ffc9f3f9fe 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ @@ -356,6 +356,24 @@ QSslSocket::~QSslSocket() } /*! + \reimp + + \since 5.0 + + Continues data transfer on the socket after it has been paused. If + "setPauseMode(QAbstractSocket::PauseOnNotify);" has been called on + this socket and a sslErrors() signal is received, calling this method + is necessary for the socket to continue. + + \sa QAbstractSocket::pauseMode(), QAbstractSocket::setPauseMode() +*/ +void QSslSocket::resume() +{ + // continuing might emit signals, rather do this through the event loop + QMetaObject::invokeMethod(this, "_q_resumeImplementation", Qt::QueuedConnection); +} + +/*! Starts an encrypted connection to the device \a hostName on \a port, using \a mode as the \l OpenMode. This is equivalent to calling connectToHost() to establish the connection, followed by a @@ -1860,6 +1878,7 @@ QSslSocketPrivate::QSslSocketPrivate() , readyReadEmittedPointer(0) , allowRootCertOnDemandLoading(true) , plainSocket(0) + , paused(false) { QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration); } @@ -1935,7 +1954,6 @@ void QSslSocketPrivate::setDefaultSupportedCiphers(const QList<QSslCipher> &ciph */ QList<QSslCertificate> QSslSocketPrivate::defaultCaCertificates() { - // ### Qt5: rename everything containing "caCertificates" to "rootCertificates" or similar QSslSocketPrivate::ensureInitialized(); QMutexLocker locker(&globalData()->mutex); return globalData()->config->caCertificates; @@ -2114,6 +2132,11 @@ void QSslSocketPrivate::resumeSocketNotifiers(QSslSocket *socket) QAbstractSocketPrivate::resumeSocketNotifiers(socket->d_func()->plainSocket); } +bool QSslSocketPrivate::isPaused() const +{ + return paused; +} + /*! \internal */ @@ -2260,6 +2283,55 @@ void QSslSocketPrivate::_q_flushReadBuffer() /*! \internal */ +void QSslSocketPrivate::_q_resumeImplementation() +{ + Q_Q(QSslSocket); + if (plainSocket) + plainSocket->resume(); + paused = false; + if (!connectionEncrypted) { + if (verifyErrorsHaveBeenIgnored()) { + continueHandshake(); + } else { + q->setErrorString(sslErrors.first().errorString()); + q->setSocketError(QAbstractSocket::SslHandshakeFailedError); + emit q->error(QAbstractSocket::SslHandshakeFailedError); + plainSocket->disconnectFromHost(); + return; + } + } + transmit(); +} + +/*! + \internal +*/ +bool QSslSocketPrivate::verifyErrorsHaveBeenIgnored() +{ + bool doEmitSslError; + if (!ignoreErrorsList.empty()) { + // check whether the errors we got are all in the list of expected errors + // (applies only if the method QSslSocket::ignoreSslErrors(const QList<QSslError> &errors) + // was called) + doEmitSslError = false; + for (int a = 0; a < sslErrors.count(); a++) { + if (!ignoreErrorsList.contains(sslErrors.at(a))) { + doEmitSslError = true; + break; + } + } + } else { + // if QSslSocket::ignoreSslErrors(const QList<QSslError> &errors) was not called and + // we get an SSL error, emit a signal unless we ignored all errors (by calling + // QSslSocket::ignoreSslErrors() ) + doEmitSslError = !ignoreAllSslErrors; + } + return !doEmitSslError; +} + +/*! + \internal +*/ QList<QByteArray> QSslSocketPrivate::unixRootCertDirectories() { return QList<QByteArray>() << "/etc/ssl/certs/" // (K)ubuntu, OpenSUSE, Mandriva, MeeGo ... diff --git a/src/network/ssl/qsslsocket.h b/src/network/ssl/qsslsocket.h index 936f27905a..bdc9c4b4cf 100644 --- a/src/network/ssl/qsslsocket.h +++ b/src/network/ssl/qsslsocket.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ @@ -54,7 +54,6 @@ QT_BEGIN_HEADER QT_BEGIN_NAMESPACE -QT_MODULE(Network) #ifndef QT_NO_SSL @@ -83,6 +82,7 @@ public: QSslSocket(QObject *parent = 0); ~QSslSocket(); + void resume(); // to continue after proxy authentication required, SSL errors etc. // Autostarting the SSL client handshake. void connectToHostEncrypted(const QString &hostName, quint16 port, OpenMode mode = ReadWrite, NetworkLayerProtocol protocol = AnyIPProtocol); @@ -90,12 +90,12 @@ public: bool setSocketDescriptor(qintptr socketDescriptor, SocketState state = ConnectedState, OpenMode openMode = ReadWrite); + using QAbstractSocket::connectToHost; void connectToHost(const QString &hostName, quint16 port, OpenMode openMode = ReadWrite, NetworkLayerProtocol protocol = AnyIPProtocol); void disconnectFromHost(); - // ### Qt 5: Make virtual - void setSocketOption(QAbstractSocket::SocketOption option, const QVariant &value); - QVariant socketOption(QAbstractSocket::SocketOption option); + virtual void setSocketOption(QAbstractSocket::SocketOption option, const QVariant &value); + virtual QVariant socketOption(QAbstractSocket::SocketOption option); SslMode mode() const; bool isEncrypted() const; @@ -212,6 +212,7 @@ private: Q_PRIVATE_SLOT(d_func(), void _q_bytesWrittenSlot(qint64)) Q_PRIVATE_SLOT(d_func(), void _q_flushWriteBuffer()) Q_PRIVATE_SLOT(d_func(), void _q_flushReadBuffer()) + Q_PRIVATE_SLOT(d_func(), void _q_resumeImplementation()) friend class QSslSocketBackendPrivate; }; diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 96b2c8170b..f62f3c1229 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ @@ -172,6 +172,7 @@ QSslSocketBackendPrivate::QSslSocketBackendPrivate() QSslSocketBackendPrivate::~QSslSocketBackendPrivate() { + destroySslContext(); } QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher) @@ -295,6 +296,7 @@ bool QSslSocketBackendPrivate::initSslContext() bool client = (mode == QSslSocket::SslClientMode); bool reinitialized = false; + init_context: switch (configuration.protocol) { case QSsl::SslV2: @@ -326,10 +328,9 @@ init_context: goto init_context; } - // ### Bad error code q->setErrorString(QSslSocket::tr("Error creating SSL context (%1)").arg(getErrorsFromOpenSsl())); - q->setSocketError(QAbstractSocket::UnknownSocketError); - emit q->error(QAbstractSocket::UnknownSocketError); + q->setSocketError(QAbstractSocket::SslInternalError); + emit q->error(QAbstractSocket::SslInternalError); return false; } @@ -352,10 +353,9 @@ init_context: } if (!q_SSL_CTX_set_cipher_list(ctx, cipherString.data())) { - // ### Bad error code q->setErrorString(QSslSocket::tr("Invalid or empty cipher list (%1)").arg(getErrorsFromOpenSsl())); - q->setSocketError(QAbstractSocket::UnknownSocketError); - emit q->error(QAbstractSocket::UnknownSocketError); + q->setSocketError(QAbstractSocket::SslInvalidUserDataError); + emit q->error(QAbstractSocket::SslInvalidUserDataError); return false; } @@ -398,14 +398,16 @@ init_context: // Require a private key as well. if (configuration.privateKey.isNull()) { q->setErrorString(QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(getErrorsFromOpenSsl())); - emit q->error(QAbstractSocket::UnknownSocketError); + q->setSocketError(QAbstractSocket::SslInvalidUserDataError); + emit q->error(QAbstractSocket::SslInvalidUserDataError); return false; } // Load certificate if (!q_SSL_CTX_use_certificate(ctx, reinterpret_cast<X509 *>(configuration.localCertificate.handle()))) { q->setErrorString(QSslSocket::tr("Error loading local certificate, %1").arg(getErrorsFromOpenSsl())); - emit q->error(QAbstractSocket::UnknownSocketError); + q->setSocketError(QAbstractSocket::SslInternalError); + emit q->error(QAbstractSocket::SslInternalError); return false; } @@ -425,7 +427,8 @@ init_context: if (!q_SSL_CTX_use_PrivateKey(ctx, pkey)) { q->setErrorString(QSslSocket::tr("Error loading private key, %1").arg(getErrorsFromOpenSsl())); - emit q->error(QAbstractSocket::UnknownSocketError); + q->setSocketError(QAbstractSocket::SslInternalError); + emit q->error(QAbstractSocket::SslInternalError); return false; } if (configuration.privateKey.algorithm() == QSsl::Opaque) @@ -434,7 +437,8 @@ init_context: // Check if the certificate matches the private key. if (!q_SSL_CTX_check_private_key(ctx)) { q->setErrorString(QSslSocket::tr("Private key does not certify public key, %1").arg(getErrorsFromOpenSsl())); - emit q->error(QAbstractSocket::UnknownSocketError); + q->setSocketError(QAbstractSocket::SslInvalidUserDataError); + emit q->error(QAbstractSocket::SslInvalidUserDataError); return false; } } @@ -454,8 +458,8 @@ init_context: if (!(ssl = q_SSL_new(ctx))) { // ### Bad error code q->setErrorString(QSslSocket::tr("Error creating SSL session, %1").arg(getErrorsFromOpenSsl())); - q->setSocketError(QAbstractSocket::UnknownSocketError); - emit q->error(QAbstractSocket::UnknownSocketError); + q->setSocketError(QAbstractSocket::SslInternalError); + emit q->error(QAbstractSocket::SslInternalError); return false; } @@ -488,10 +492,9 @@ init_context: readBio = q_BIO_new(q_BIO_s_mem()); writeBio = q_BIO_new(q_BIO_s_mem()); if (!readBio || !writeBio) { - // ### Bad error code q->setErrorString(QSslSocket::tr("Error creating SSL session: %1").arg(getErrorsFromOpenSsl())); - q->setSocketError(QAbstractSocket::UnknownSocketError); - emit q->error(QAbstractSocket::UnknownSocketError); + q->setSocketError(QAbstractSocket::SslInternalError); + emit q->error(QAbstractSocket::SslInternalError); return false; } @@ -506,6 +509,22 @@ init_context: return true; } +void QSslSocketBackendPrivate::destroySslContext() +{ + if (ssl) { + q_SSL_free(ssl); + ssl = 0; + } + if (ctx) { + q_SSL_CTX_free(ctx); + ctx = 0; + } + if (pkey) { + q_EVP_PKEY_free(pkey); + pkey = 0; + } +} + /*! \internal */ @@ -804,8 +823,11 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates() void QSslSocketBackendPrivate::startClientEncryption() { + Q_Q(QSslSocket); if (!initSslContext()) { - // ### report error: internal OpenSSL failure + q->setErrorString(QSslSocket::tr("Unable to init Ssl Context: %1").arg(getErrorsFromOpenSsl())); + q->setSocketError(QAbstractSocket::SslInternalError); + emit q->error(QAbstractSocket::SslInternalError); return; } @@ -817,8 +839,11 @@ void QSslSocketBackendPrivate::startClientEncryption() void QSslSocketBackendPrivate::startServerEncryption() { + Q_Q(QSslSocket); if (!initSslContext()) { - // ### report error: internal OpenSSL failure + q->setErrorString(QSslSocket::tr("Unable to init Ssl Context: %1").arg(getErrorsFromOpenSsl())); + q->setSocketError(QAbstractSocket::SslInternalError); + emit q->error(QAbstractSocket::SslInternalError); return; } @@ -855,8 +880,8 @@ void QSslSocketBackendPrivate::transmit() if (writtenBytes <= 0) { // ### Better error handling. q->setErrorString(QSslSocket::tr("Unable to write data: %1").arg(getErrorsFromOpenSsl())); - q->setSocketError(QAbstractSocket::UnknownSocketError); - emit q->error(QAbstractSocket::UnknownSocketError); + q->setSocketError(QAbstractSocket::SslInternalError); + emit q->error(QAbstractSocket::SslInternalError); return; } #ifdef QSSLSOCKET_DEBUG @@ -925,8 +950,8 @@ void QSslSocketBackendPrivate::transmit() } else { // ### Better error handling. q->setErrorString(QSslSocket::tr("Unable to decrypt data: %1").arg(getErrorsFromOpenSsl())); - q->setSocketError(QAbstractSocket::UnknownSocketError); - emit q->error(QAbstractSocket::UnknownSocketError); + q->setSocketError(QAbstractSocket::SslInternalError); + emit q->error(QAbstractSocket::SslInternalError); return; } @@ -950,6 +975,9 @@ void QSslSocketBackendPrivate::transmit() qDebug() << "QSslSocketBackendPrivate::transmit: connection lost"; #endif break; + } else if (paused) { + // just wait until the user continues + return; } else { #ifdef QSSLSOCKET_DEBUG qDebug() << "QSslSocketBackendPrivate::transmit: encryption not done yet"; @@ -1003,8 +1031,8 @@ void QSslSocketBackendPrivate::transmit() // we do not know exactly what the error is, nor whether we can recover from it, // so just return to prevent an endless loop in the outer "while" statement q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(getErrorsFromOpenSsl())); - q->setSocketError(QAbstractSocket::UnknownSocketError); - emit q->error(QAbstractSocket::UnknownSocketError); + q->setSocketError(QAbstractSocket::SslInternalError); + emit q->error(QAbstractSocket::SslInternalError); return; default: // SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT: can only happen with a @@ -1013,8 +1041,8 @@ void QSslSocketBackendPrivate::transmit() // SSL_CTX_set_client_cert_cb(), which we do not call. // So this default case should never be triggered. q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(getErrorsFromOpenSsl())); - q->setSocketError(QAbstractSocket::UnknownSocketError); - emit q->error(QAbstractSocket::UnknownSocketError); + q->setSocketError(QAbstractSocket::SslInternalError); + emit q->error(QAbstractSocket::SslInternalError); break; } } while (ssl && readBytes > 0); @@ -1188,46 +1216,25 @@ bool QSslSocketBackendPrivate::startHandshake() sslErrors = errors; emit q->sslErrors(errors); - bool doEmitSslError; - if (!ignoreErrorsList.empty()) { - // check whether the errors we got are all in the list of expected errors - // (applies only if the method QSslSocket::ignoreSslErrors(const QList<QSslError> &errors) - // was called) - doEmitSslError = false; - for (int a = 0; a < errors.count(); a++) { - if (!ignoreErrorsList.contains(errors.at(a))) { - doEmitSslError = true; - break; - } - } - } else { - // if QSslSocket::ignoreSslErrors(const QList<QSslError> &errors) was not called and - // we get an SSL error, emit a signal unless we ignored all errors (by calling - // QSslSocket::ignoreSslErrors() ) - doEmitSslError = !ignoreAllSslErrors; - } + bool doEmitSslError = !verifyErrorsHaveBeenIgnored(); // check whether we need to emit an SSL handshake error if (doVerifyPeer && doEmitSslError) { - q->setErrorString(sslErrors.first().errorString()); - q->setSocketError(QAbstractSocket::SslHandshakeFailedError); - emit q->error(QAbstractSocket::SslHandshakeFailedError); - plainSocket->disconnectFromHost(); + if (q->pauseMode() & QAbstractSocket::PauseOnNotify) { + pauseSocketNotifiers(q); + paused = true; + } else { + q->setErrorString(sslErrors.first().errorString()); + q->setSocketError(QAbstractSocket::SslHandshakeFailedError); + emit q->error(QAbstractSocket::SslHandshakeFailedError); + plainSocket->disconnectFromHost(); + } return false; } } else { sslErrors.clear(); } - // if we have a max read buffer size, reset the plain socket's to 1k - if (readBufferMaxSize) - plainSocket->setReadBufferSize(1024); - - connectionEncrypted = true; - emit q->encrypted(); - if (autoStartHandshake && pendingClose) { - pendingClose = false; - q->disconnectFromHost(); - } + continueHandshake(); return true; } @@ -1242,18 +1249,10 @@ void QSslSocketBackendPrivate::disconnectFromHost() void QSslSocketBackendPrivate::disconnected() { - if (ssl) { - q_SSL_free(ssl); - ssl = 0; - } - if (ctx) { - q_SSL_CTX_free(ctx); - ctx = 0; - } - if (pkey) { - q_EVP_PKEY_free(pkey); - pkey = 0; - } + if (plainSocket->bytesAvailable() <= 0) + destroySslContext(); + //if there is still buffered data in the plain socket, don't destroy the ssl context yet. + //it will be destroyed when the socket is deleted. } QSslCipher QSslSocketBackendPrivate::sessionCipher() const @@ -1271,6 +1270,21 @@ QSslCipher QSslSocketBackendPrivate::sessionCipher() const return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher(); } +void QSslSocketBackendPrivate::continueHandshake() +{ + Q_Q(QSslSocket); + // if we have a max read buffer size, reset the plain socket's to match + if (readBufferMaxSize) + plainSocket->setReadBufferSize(readBufferMaxSize); + + connectionEncrypted = true; + emit q->encrypted(); + if (autoStartHandshake && pendingClose) { + pendingClose = false; + q->disconnectFromHost(); + } +} + QList<QSslCertificate> QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509) { ensureInitialized(); diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h index 4d1ed9e681..b31eae9c97 100644 --- a/src/network/ssl/qsslsocket_openssl_p.h +++ b/src/network/ssl/qsslsocket_openssl_p.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ @@ -99,6 +99,7 @@ public: // SSL context bool initSslContext(); + void destroySslContext(); SSL *ssl; SSL_CTX *ctx; EVP_PKEY *pkey; @@ -115,6 +116,7 @@ public: void disconnectFromHost(); void disconnected(); QSslCipher sessionCipher() const; + void continueHandshake(); Q_AUTOTEST_EXPORT static long setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions); static QSslCipher QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher); diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index c3bee3edd2..aa25215755 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h index 1f1e842c13..758763523f 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols_p.h +++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h index 6fa443d0c7..44114481df 100644 --- a/src/network/ssl/qsslsocket_p.h +++ b/src/network/ssl/qsslsocket_p.h @@ -1,8 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies). -** All rights reserved. -** Contact: Nokia Corporation (qt-info@nokia.com) +** Contact: http://www.qt-project.org/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** @@ -35,6 +34,7 @@ ** ** ** +** ** $QT_END_LICENSE$ ** ****************************************************************************/ @@ -73,7 +73,7 @@ QT_BEGIN_NAMESPACE typedef OSStatus (*PtrSecTrustSettingsCopyCertificates)(int, CFArrayRef*); typedef OSStatus (*PtrSecTrustCopyAnchorCertificates)(CFArrayRef*); #elif defined(Q_OS_WIN) -#include <windows.h> +#include <QtCore/qt_windows.h> #include <wincrypt.h> #ifndef HCRYPTPROV_LEGACY #define HCRYPTPROV_LEGACY HCRYPTPROV @@ -149,6 +149,7 @@ public: void createPlainSocket(QIODevice::OpenMode openMode); static void pauseSocketNotifiers(QSslSocket*); static void resumeSocketNotifiers(QSslSocket*); + bool isPaused() const; void _q_connectedSlot(); void _q_hostFoundSlot(); void _q_disconnectedSlot(); @@ -158,6 +159,7 @@ public: void _q_bytesWrittenSlot(qint64); void _q_flushWriteBuffer(); void _q_flushReadBuffer(); + void _q_resumeImplementation(); // Platform specific functions virtual void startClientEncryption() = 0; @@ -166,6 +168,7 @@ public: virtual void disconnectFromHost() = 0; virtual void disconnected() = 0; virtual QSslCipher sessionCipher() const = 0; + virtual void continueHandshake() = 0; private: static bool ensureLibraryLoaded(); @@ -174,8 +177,10 @@ private: static bool s_libraryLoaded; static bool s_loadedCiphersAndCerts; protected: + bool verifyErrorsHaveBeenIgnored(); static bool s_loadRootCertsOnDemand; static QList<QByteArray> unixRootCertDirectories(); + bool paused; }; QT_END_NAMESPACE diff --git a/src/network/ssl/ssl.pri b/src/network/ssl/ssl.pri index 7a8694ca62..87bcc9378a 100644 --- a/src/network/ssl/ssl.pri +++ b/src/network/ssl/ssl.pri @@ -1,9 +1,5 @@ # OpenSSL support; compile in QSslSocket. contains(QT_CONFIG, openssl) | contains(QT_CONFIG, openssl-linked) { - - -include($$QT_SOURCE_TREE/config.tests/unix/openssl/openssl.pri) - HEADERS += ssl/qssl.h \ ssl/qsslcertificate.h \ ssl/qsslcertificate_p.h \ |