diff options
Diffstat (limited to 'src/network/ssl')
| -rw-r--r-- | src/network/ssl/qsslcertificate.cpp | 15 | ||||
| -rw-r--r-- | src/network/ssl/qsslcertificate.h | 1 | ||||
| -rw-r--r-- | src/network/ssl/qsslconfiguration.cpp | 13 | ||||
| -rw-r--r-- | src/network/ssl/qsslconfiguration.h | 1 | ||||
| -rw-r--r-- | src/network/ssl/qsslconfiguration_p.h | 4 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket.cpp | 42 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket.h | 3 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 32 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl_p.h | 1 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl_symbols.cpp | 4 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl_symbols_p.h | 2 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_p.h | 3 |
12 files changed, 120 insertions, 1 deletions
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 3b7fa4da09..2eef37feff 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -265,6 +265,21 @@ bool QSslCertificate::isBlacklisted() const } /*! + Returns \c true if this certificate is self signed; otherwise + returns \c false. + + A certificate is considered self-signed its issuer and subject + are identical. +*/ +bool QSslCertificate::isSelfSigned() const +{ + if (!d->x509) + return false; + + return (q_X509_check_issued(d->x509, d->x509) == X509_V_OK); +} + +/*! Clears the contents of this certificate, making it a null certificate. diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h index 988071eb9d..0ae491e8d5 100644 --- a/src/network/ssl/qsslcertificate.h +++ b/src/network/ssl/qsslcertificate.h @@ -105,6 +105,7 @@ public: } #endif bool isBlacklisted() const; + bool isSelfSigned() const; void clear(); // Certificate info diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index 14881931af..64b75f98ec 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -208,6 +208,7 @@ bool QSslConfiguration::operator==(const QSslConfiguration &other) const d->localCertificateChain == other.d->localCertificateChain && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && + d->sessionProtocol == other.d->sessionProtocol && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && @@ -512,6 +513,18 @@ QSslCipher QSslConfiguration::sessionCipher() const } /*! + Returns the socket's SSL/TLS protocol or UnknownProtocol if the + connection isn't encrypted. The socket's protocol for the session + is set during the handshake phase. + + \sa protocol(), setProtocol() +*/ +QSsl::SslProtocol QSslConfiguration::sessionProtocol() const +{ + return d->sessionProtocol; +} + +/*! Returns the \l {QSslKey} {SSL key} assigned to this connection or a null key if none has been assigned yet. diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h index 587187ca06..4c5799bf28 100644 --- a/src/network/ssl/qsslconfiguration.h +++ b/src/network/ssl/qsslconfiguration.h @@ -109,6 +109,7 @@ public: QSslCertificate peerCertificate() const; QList<QSslCertificate> peerCertificateChain() const; QSslCipher sessionCipher() const; + QSsl::SslProtocol sessionProtocol() const; // Private keys, for server sockets QSslKey privateKey() const; diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h index d183c3335c..29bd4053ad 100644 --- a/src/network/ssl/qsslconfiguration_p.h +++ b/src/network/ssl/qsslconfiguration_p.h @@ -81,7 +81,8 @@ class QSslConfigurationPrivate: public QSharedData { public: QSslConfigurationPrivate() - : protocol(QSsl::SecureProtocols), + : sessionProtocol(QSsl::UnknownProtocol), + protocol(QSsl::SecureProtocols), peerVerifyMode(QSslSocket::AutoVerifyPeer), peerVerifyDepth(0), allowRootCertOnDemandLoading(true), @@ -98,6 +99,7 @@ public: QSslKey privateKey; QSslCipher sessionCipher; + QSsl::SslProtocol sessionProtocol; QList<QSslCipher> ciphers; QList<QSslCertificate> caCertificates; diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index c5ae517fb0..04c0fb0487 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -878,6 +878,7 @@ QSslConfiguration QSslSocket::sslConfiguration() const QSslConfigurationPrivate *copy = new QSslConfigurationPrivate(d->configuration); copy->ref.store(0); // the QSslConfiguration constructor refs up copy->sessionCipher = d->sessionCipher(); + copy->sessionProtocol = d->sessionProtocol(); return QSslConfiguration(copy); } @@ -1073,6 +1074,20 @@ QSslCipher QSslSocket::sessionCipher() const } /*! + Returns the socket's SSL/TLS protocol or UnknownProtocol if the + connection isn't encrypted. The socket's protocol for the session + is set during the handshake phase. + + \sa protocol(), setProtocol() +*/ +QSsl::SslProtocol QSslSocket::sessionProtocol() const +{ + Q_D(const QSslSocket); + return d->sessionProtocol(); +} + + +/*! Sets the socket's private \l {QSslKey} {key} to \a key. The private key and the local \l {QSslCertificate} {certificate} are used by clients and servers that must prove their identity to @@ -1665,6 +1680,32 @@ QString QSslSocket::sslLibraryVersionString() } /*! + \since 5.4 + Returns the version number of the SSL library in use at compile + time. If no SSL support is available then this will return an + undefined value. + + \sa sslLibraryVersionNumber() +*/ +long QSslSocket::sslLibraryBuildVersionNumber() +{ + return QSslSocketPrivate::sslLibraryBuildVersionNumber(); +} + +/*! + \since 5.4 + Returns the version string of the SSL library in use at compile + time. If no SSL support is available then this will return an + empty value. + + \sa sslLibraryVersionString() +*/ +QString QSslSocket::sslLibraryBuildVersionString() +{ + return QSslSocketPrivate::sslLibraryBuildVersionString(); +} + +/*! Starts a delayed SSL handshake for a client connection. This function can be called when the socket is in the \l ConnectedState but still in the \l UnencryptedMode. If it is not yet connected, @@ -2095,6 +2136,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri ptr->localCertificateChain = global->localCertificateChain; ptr->privateKey = global->privateKey; ptr->sessionCipher = global->sessionCipher; + ptr->sessionProtocol = global->sessionProtocol; ptr->ciphers = global->ciphers; ptr->caCertificates = global->caCertificates; ptr->protocol = global->protocol; diff --git a/src/network/ssl/qsslsocket.h b/src/network/ssl/qsslsocket.h index d89933efda..9cc5e02de3 100644 --- a/src/network/ssl/qsslsocket.h +++ b/src/network/ssl/qsslsocket.h @@ -140,6 +140,7 @@ public: QSslCertificate peerCertificate() const; QList<QSslCertificate> peerCertificateChain() const; QSslCipher sessionCipher() const; + QSsl::SslProtocol sessionProtocol() const; // Private keys, for server sockets. void setPrivateKey(const QSslKey &key); @@ -182,6 +183,8 @@ public: static bool supportsSsl(); static long sslLibraryVersionNumber(); static QString sslLibraryVersionString(); + static long sslLibraryBuildVersionNumber(); + static QString sslLibraryBuildVersionString(); void ignoreSslErrors(const QList<QSslError> &errors); diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index f9f7d0b35d..1b0c5afa00 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -587,6 +587,16 @@ QString QSslSocketPrivate::sslLibraryVersionString() return QString::fromLatin1(versionString); } +long QSslSocketPrivate::sslLibraryBuildVersionNumber() +{ + return OPENSSL_VERSION_NUMBER; +} + +QString QSslSocketPrivate::sslLibraryBuildVersionString() +{ + return QLatin1String(OPENSSL_VERSION_TEXT); +} + /*! \internal @@ -1431,6 +1441,28 @@ QSslCipher QSslSocketBackendPrivate::sessionCipher() const return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher(); } +QSsl::SslProtocol QSslSocketBackendPrivate::sessionProtocol() const +{ + if (!ssl) + return QSsl::UnknownProtocol; + int ver = q_SSL_version(ssl); + + switch (ver) { + case 0x2: + return QSsl::SslV2; + case 0x300: + return QSsl::SslV3; + case 0x301: + return QSsl::TlsV1_0; + case 0x302: + return QSsl::TlsV1_1; + case 0x303: + return QSsl::TlsV1_2; + } + + return QSsl::UnknownProtocol; +} + void QSslSocketBackendPrivate::continueHandshake() { Q_Q(QSslSocket); diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h index c8b23e6cad..0a9d02287d 100644 --- a/src/network/ssl/qsslsocket_openssl_p.h +++ b/src/network/ssl/qsslsocket_openssl_p.h @@ -131,6 +131,7 @@ public: void disconnectFromHost(); void disconnected(); QSslCipher sessionCipher() const; + QSsl::SslProtocol sessionProtocol() const; void continueHandshake(); bool checkSslErrors(); #ifdef Q_OS_WIN diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index 01c0f6f810..b0e14e0de1 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -238,6 +238,7 @@ DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return 0, retu #else DEFINEFUNC(SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return 0, return) #endif +DEFINEFUNC(int, SSL_version, const SSL *a, a, return 0, return) DEFINEFUNC2(int, SSL_get_error, SSL *a, a, int b, b, return -1, return) DEFINEFUNC(STACK_OF(X509) *, SSL_get_peer_cert_chain, SSL *a, a, return 0, return) DEFINEFUNC(X509 *, SSL_get_peer_certificate, SSL *a, a, return 0, return) @@ -315,6 +316,7 @@ DEFINEFUNC2(int, ASN1_STRING_print, BIO *a, a, const ASN1_STRING *b, b, return 0 #else DEFINEFUNC2(int, ASN1_STRING_print, BIO *a, a, ASN1_STRING *b, b, return 0, return) #endif +DEFINEFUNC2(int, X509_check_issued, X509 *a, a, X509 *b, b, return -1, return) DEFINEFUNC(X509_NAME *, X509_get_issuer_name, X509 *a, a, return 0, return) DEFINEFUNC(X509_NAME *, X509_get_subject_name, X509 *a, a, return 0, return) DEFINEFUNC(int, X509_verify_cert, X509_STORE_CTX *a, a, return -1, return) @@ -744,6 +746,7 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(SSL_free) RESOLVEFUNC(SSL_get_ciphers) RESOLVEFUNC(SSL_get_current_cipher) + RESOLVEFUNC(SSL_version) RESOLVEFUNC(SSL_get_error) RESOLVEFUNC(SSL_get_peer_cert_chain) RESOLVEFUNC(SSL_get_peer_certificate) @@ -817,6 +820,7 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(BASIC_CONSTRAINTS_free) RESOLVEFUNC(AUTHORITY_KEYID_free) RESOLVEFUNC(ASN1_STRING_print) + RESOLVEFUNC(X509_check_issued) RESOLVEFUNC(X509_get_issuer_name) RESOLVEFUNC(X509_get_subject_name) RESOLVEFUNC(X509_verify_cert) diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h index 1e68fdd6c2..36e196b072 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols_p.h +++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h @@ -329,6 +329,7 @@ const SSL_CIPHER *q_SSL_get_current_cipher(SSL *a); #else SSL_CIPHER *q_SSL_get_current_cipher(SSL *a); #endif +int q_SSL_version(const SSL *a); int q_SSL_get_error(SSL *a, int b); STACK_OF(X509) *q_SSL_get_peer_cert_chain(SSL *a); X509 *q_SSL_get_peer_certificate(SSL *a); @@ -406,6 +407,7 @@ int q_ASN1_STRING_print(BIO *a, const ASN1_STRING *b); #else int q_ASN1_STRING_print(BIO *a, ASN1_STRING *b); #endif +int q_X509_check_issued(X509 *a, X509 *b); X509_NAME *q_X509_get_issuer_name(X509 *a); X509_NAME *q_X509_get_subject_name(X509 *a); int q_X509_verify_cert(X509_STORE_CTX *ctx); diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h index 6281753225..0033a46d98 100644 --- a/src/network/ssl/qsslsocket_p.h +++ b/src/network/ssl/qsslsocket_p.h @@ -129,6 +129,8 @@ public: static bool supportsSsl(); static long sslLibraryVersionNumber(); static QString sslLibraryVersionString(); + static long sslLibraryBuildVersionNumber(); + static QString sslLibraryBuildVersionString(); static void ensureInitialized(); static void deinitialize(); static QList<QSslCipher> defaultCiphers(); @@ -190,6 +192,7 @@ public: virtual void disconnectFromHost() = 0; virtual void disconnected() = 0; virtual QSslCipher sessionCipher() const = 0; + virtual QSsl::SslProtocol sessionProtocol() const = 0; virtual void continueHandshake() = 0; Q_AUTOTEST_EXPORT static bool rootCertOnDemandLoadingSupported(); |