diff options
Diffstat (limited to 'src/network')
| -rw-r--r-- | src/network/bearer/qnetworksession.cpp | 2 | ||||
| -rw-r--r-- | src/network/socket/qabstractsocket.cpp | 4 | ||||
| -rw-r--r-- | src/network/socket/qlocalserver.cpp | 2 | ||||
| -rw-r--r-- | src/network/socket/qnativesocketengine_winrt.cpp | 53 | ||||
| -rw-r--r-- | src/network/socket/qnativesocketengine_winrt_p.h | 2 | ||||
| -rw-r--r-- | src/network/socket/socket.pri | 4 | ||||
| -rw-r--r-- | src/network/ssl/qsslcipher.cpp | 5 | ||||
| -rw-r--r-- | src/network/ssl/qsslconfiguration.cpp | 45 | ||||
| -rw-r--r-- | src/network/ssl/qsslconfiguration.h | 3 | ||||
| -rw-r--r-- | src/network/ssl/qsslpresharedkeyauthenticator.h | 24 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket.cpp | 180 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket.h | 35 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 2 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_p.h | 2 |
14 files changed, 159 insertions, 204 deletions
diff --git a/src/network/bearer/qnetworksession.cpp b/src/network/bearer/qnetworksession.cpp index 35aa3cd2c9..6f83fd25ca 100644 --- a/src/network/bearer/qnetworksession.cpp +++ b/src/network/bearer/qnetworksession.cpp @@ -468,7 +468,7 @@ QString QNetworkSession::errorString() const The following property keys are guaranteed to be specified on all platforms: - \table + \table 80% \header \li Key \li Description \row diff --git a/src/network/socket/qabstractsocket.cpp b/src/network/socket/qabstractsocket.cpp index d6a3822422..35b541d739 100644 --- a/src/network/socket/qabstractsocket.cpp +++ b/src/network/socket/qabstractsocket.cpp @@ -420,7 +420,7 @@ allowed to rebind, even if they pass ReuseAddressHint. This option provides more security than ShareAddress, but on certain operating systems, it requires you to run the server with administrator privileges. - On Unix and Mac OS X, not sharing is the default behavior for binding + On Unix and OS X, not sharing is the default behavior for binding an address and port, so this option is ignored. On Windows, this option uses the SO_EXCLUSIVEADDRUSE socket option. @@ -430,7 +430,7 @@ socket option. On Unix, this option is ignored. \value DefaultForPlatform The default option for the current platform. - On Unix and Mac OS X, this is equivalent to (DontShareAddress + On Unix and OS X, this is equivalent to (DontShareAddress + ReuseAddressHint), and on Windows, its equivalent to ShareAddress. */ diff --git a/src/network/socket/qlocalserver.cpp b/src/network/socket/qlocalserver.cpp index 5854466704..0f49cb986e 100644 --- a/src/network/socket/qlocalserver.cpp +++ b/src/network/socket/qlocalserver.cpp @@ -141,7 +141,7 @@ QLocalServer::~QLocalServer() and are created based on the umask. Setting the access flags will overide this and will restrict or permit access as specified. - Other Unix-based operating systems, such as Mac OS X, do not + Other Unix-based operating systems, such as OS X, do not honor file permissions for Unix domain sockets and by default have WorldAccess and these permission flags will have no effect. diff --git a/src/network/socket/qnativesocketengine_winrt.cpp b/src/network/socket/qnativesocketengine_winrt.cpp index 5c615034fc..5e58ee3895 100644 --- a/src/network/socket/qnativesocketengine_winrt.cpp +++ b/src/network/socket/qnativesocketengine_winrt.cpp @@ -285,11 +285,23 @@ bool QNativeSocketEngine::connectToHostByName(const QString &name, quint16 port) return false; } d->socketState = QAbstractSocket::ConnectingState; - hr = d->connectOp->put_Completed(Callback<IAsyncActionCompletedHandler>( - d, &QNativeSocketEnginePrivate::handleConnectToHost).Get()); - Q_ASSERT_SUCCEEDED(hr); + hr = QWinRTFunctions::await(d->connectOp); + RETURN_FALSE_IF_FAILED("Connection could not be established"); + bool connectionErrors = false; + d->handleConnectionErrors(d->connectOp.Get(), &connectionErrors); + if (connectionErrors) + return false; + d->connectOp.Reset(); + + d->socketState = QAbstractSocket::ConnectedState; + emit connectionReady(); - return d->socketState == QAbstractSocket::ConnectedState; + // Delay the reader so that the SSL socket can upgrade + if (d->sslSocket) + connect(d->sslSocket, SIGNAL(encrypted()), SLOT(establishRead())); + else + establishRead(); + return true; } bool QNativeSocketEngine::bind(const QHostAddress &address, quint16 port) @@ -1104,47 +1116,34 @@ HRESULT QNativeSocketEnginePrivate::handleClientConnection(IStreamSocketListener return S_OK; } -HRESULT QNativeSocketEnginePrivate::handleConnectToHost(IAsyncAction *action, AsyncStatus) +void QNativeSocketEnginePrivate::handleConnectionErrors(IAsyncAction *connectAction, bool *errorsOccured) { - Q_Q(QNativeSocketEngine); - - HRESULT hr = action->GetResults(); - if (wasDeleted || !connectOp) // Protect against a late callback - return S_OK; - - connectOp.Reset(); + bool error = true; + HRESULT hr = connectAction->GetResults(); switch (hr) { case 0x8007274c: // A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. setError(QAbstractSocket::NetworkError, ConnectionTimeOutErrorString); socketState = QAbstractSocket::UnconnectedState; - return S_OK; + break; case 0x80072751: // A socket operation was attempted to an unreachable host. setError(QAbstractSocket::HostNotFoundError, HostUnreachableErrorString); socketState = QAbstractSocket::UnconnectedState; - return S_OK; + break; case 0x8007274d: // No connection could be made because the target machine actively refused it. setError(QAbstractSocket::ConnectionRefusedError, ConnectionRefusedErrorString); socketState = QAbstractSocket::UnconnectedState; - return S_OK; + break; default: if (FAILED(hr)) { setError(QAbstractSocket::UnknownSocketError, UnknownSocketErrorString); socketState = QAbstractSocket::UnconnectedState; - return S_OK; + } else { + error = false; } break; } - - socketState = QAbstractSocket::ConnectedState; - emit q->connectionReady(); - - // Delay the reader so that the SSL socket can upgrade - if (sslSocket) - q->connect(sslSocket, SIGNAL(encrypted()), SLOT(establishRead())); - else - q->establishRead(); - - return S_OK; + if (errorsOccured) + *errorsOccured = error; } HRESULT QNativeSocketEnginePrivate::handleReadyRead(IAsyncBufferOperation *asyncInfo, AsyncStatus status) diff --git a/src/network/socket/qnativesocketengine_winrt_p.h b/src/network/socket/qnativesocketengine_winrt_p.h index 42920c96f2..eb032bc977 100644 --- a/src/network/socket/qnativesocketengine_winrt_p.h +++ b/src/network/socket/qnativesocketengine_winrt_p.h @@ -216,7 +216,7 @@ private: ABI::Windows::Networking::Sockets::IDatagramSocketMessageReceivedEventArgs *args); HRESULT handleClientConnection(ABI::Windows::Networking::Sockets::IStreamSocketListener *tcpListener, ABI::Windows::Networking::Sockets::IStreamSocketListenerConnectionReceivedEventArgs *args); - HRESULT handleConnectToHost(ABI::Windows::Foundation::IAsyncAction *, ABI::Windows::Foundation::AsyncStatus); + void handleConnectionErrors(ABI::Windows::Foundation::IAsyncAction *connectAction, bool *errorsOccured); HRESULT handleReadyRead(ABI::Windows::Foundation::IAsyncOperationWithProgress<ABI::Windows::Storage::Streams::IBuffer *, UINT32> *asyncInfo, ABI::Windows::Foundation::AsyncStatus); }; diff --git a/src/network/socket/socket.pri b/src/network/socket/socket.pri index 3fb85160ea..f50a7b1229 100644 --- a/src/network/socket/socket.pri +++ b/src/network/socket/socket.pri @@ -43,7 +43,7 @@ win32:!winrt:SOURCES += socket/qnativesocketengine_win.cpp \ socket/qlocalsocket_win.cpp \ socket/qlocalserver_win.cpp -win32:!wince*:!winrt:LIBS_PRIVATE += -ladvapi32 +win32:!wince:!winrt:LIBS_PRIVATE += -ladvapi32 winrt { SOURCES += socket/qnativesocketengine_winrt.cpp \ @@ -54,7 +54,7 @@ winrt { DEFINES += QT_LOCALSOCKET_TCP } -wince*: { +wince { SOURCES -= socket/qlocalsocket_win.cpp \ socket/qlocalserver_win.cpp SOURCES += socket/qlocalsocket_tcp.cpp \ diff --git a/src/network/ssl/qsslcipher.cpp b/src/network/ssl/qsslcipher.cpp index 8f2b8b54ad..c480b79371 100644 --- a/src/network/ssl/qsslcipher.cpp +++ b/src/network/ssl/qsslcipher.cpp @@ -54,6 +54,7 @@ #include "qsslcipher.h" #include "qsslcipher_p.h" #include "qsslsocket.h" +#include "qsslconfiguration.h" #ifndef QT_NO_DEBUG_STREAM #include <QtCore/qdebug.h> @@ -81,7 +82,7 @@ QSslCipher::QSslCipher() QSslCipher::QSslCipher(const QString &name) : d(new QSslCipherPrivate) { - foreach (const QSslCipher &cipher, QSslSocket::supportedCiphers()) { + foreach (const QSslCipher &cipher, QSslConfiguration::supportedCiphers()) { if (cipher.name() == name) { *this = cipher; return; @@ -102,7 +103,7 @@ QSslCipher::QSslCipher(const QString &name) QSslCipher::QSslCipher(const QString &name, QSsl::SslProtocol protocol) : d(new QSslCipherPrivate) { - foreach (const QSslCipher &cipher, QSslSocket::supportedCiphers()) { + foreach (const QSslCipher &cipher, QSslConfiguration::supportedCiphers()) { if (cipher.name() == name && cipher.protocol() == protocol) { *this = cipher; return; diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index 5c95c9f544..4803e47224 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -36,6 +36,7 @@ #include "qsslconfiguration.h" #include "qsslconfiguration_p.h" #include "qsslsocket.h" +#include "qsslsocket_p.h" #include "qmutex.h" #include "qdebug.h" @@ -590,6 +591,20 @@ void QSslConfiguration::setCiphers(const QList<QSslCipher> &ciphers) } /*! + \since 5.5 + + Returns the list of cryptographic ciphers supported by this + system. This list is set by the system's SSL libraries and may + vary from system to system. + + \sa ciphers(), setCiphers() +*/ +QList<QSslCipher> QSslConfiguration::supportedCiphers() +{ + return QSslSocketPrivate::supportedCiphers(); +} + +/*! Returns this connection's CA certificate database. The CA certificate database is used by the socket during the handshake phase to validate the peer's certificate. It can be modified prior to the @@ -619,6 +634,22 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific } /*! + \since 5.5 + + This function provides the CA certificate database + provided by the operating system. The CA certificate database + returned by this function is used to initialize the database + returned by caCertificates() on the default QSslConfiguration. + + \sa caCertificates(), setCaCertificates(), defaultConfiguration() +*/ +QList<QSslCertificate> QSslConfiguration::systemCaCertificates() +{ + // we are calling ensureInitialized() in the method below + return QSslSocketPrivate::systemCaCertificates(); +} + +/*! Enables or disables an SSL compatibility \a option. If \a on is true, the \a option is enabled. If \a on is false, the \a option is disabled. @@ -744,6 +775,20 @@ void QSslConfiguration::setEllipticCurves(const QVector<QSslEllipticCurve> &curv } /*! + \since 5.5 + + Returns the list of elliptic curves supported by this + system. This list is set by the system's SSL libraries and may + vary from system to system. + + \sa ellipticCurves(), setEllipticCurves() +*/ +QVector<QSslEllipticCurve> QSslConfiguration::supportedEllipticCurves() +{ + return QSslSocketPrivate::supportedEllipticCurves(); +} + +/*! \since 5.3 This function returns the protocol negotiated with the server diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h index 8d7378f8ea..2cbc31b032 100644 --- a/src/network/ssl/qsslconfiguration.h +++ b/src/network/ssl/qsslconfiguration.h @@ -114,10 +114,12 @@ public: // Cipher settings QList<QSslCipher> ciphers() const; void setCiphers(const QList<QSslCipher> &ciphers); + static QList<QSslCipher> supportedCiphers(); // Certificate Authority (CA) settings QList<QSslCertificate> caCertificates() const; void setCaCertificates(const QList<QSslCertificate> &certificates); + static QList<QSslCertificate> systemCaCertificates(); void setSslOption(QSsl::SslOption option, bool on); bool testSslOption(QSsl::SslOption option) const; @@ -129,6 +131,7 @@ public: // EC settings QVector<QSslEllipticCurve> ellipticCurves() const; void setEllipticCurves(const QVector<QSslEllipticCurve> &curves); + static QVector<QSslEllipticCurve> supportedEllipticCurves(); static QSslConfiguration defaultConfiguration(); static void setDefaultConfiguration(const QSslConfiguration &configuration); diff --git a/src/network/ssl/qsslpresharedkeyauthenticator.h b/src/network/ssl/qsslpresharedkeyauthenticator.h index d5b9b34f28..34e5d6fd50 100644 --- a/src/network/ssl/qsslpresharedkeyauthenticator.h +++ b/src/network/ssl/qsslpresharedkeyauthenticator.h @@ -43,13 +43,13 @@ QT_BEGIN_NAMESPACE class QSslPreSharedKeyAuthenticatorPrivate; -class Q_NETWORK_EXPORT QSslPreSharedKeyAuthenticator +class QSslPreSharedKeyAuthenticator { public: - QSslPreSharedKeyAuthenticator(); - ~QSslPreSharedKeyAuthenticator(); - QSslPreSharedKeyAuthenticator(const QSslPreSharedKeyAuthenticator &authenticator); - QSslPreSharedKeyAuthenticator &operator=(const QSslPreSharedKeyAuthenticator &authenticator); + Q_NETWORK_EXPORT QSslPreSharedKeyAuthenticator(); + Q_NETWORK_EXPORT ~QSslPreSharedKeyAuthenticator(); + Q_NETWORK_EXPORT QSslPreSharedKeyAuthenticator(const QSslPreSharedKeyAuthenticator &authenticator); + Q_NETWORK_EXPORT QSslPreSharedKeyAuthenticator &operator=(const QSslPreSharedKeyAuthenticator &authenticator); #ifdef Q_COMPILER_RVALUE_REFS QSslPreSharedKeyAuthenticator &operator=(QSslPreSharedKeyAuthenticator &&other) Q_DECL_NOTHROW { swap(other); return *this; } @@ -57,15 +57,15 @@ public: void swap(QSslPreSharedKeyAuthenticator &other) Q_DECL_NOTHROW { qSwap(d, other.d); } - QByteArray identityHint() const; + Q_NETWORK_EXPORT QByteArray identityHint() const; - void setIdentity(const QByteArray &identity); - QByteArray identity() const; - int maximumIdentityLength() const; + Q_NETWORK_EXPORT void setIdentity(const QByteArray &identity); + Q_NETWORK_EXPORT QByteArray identity() const; + Q_NETWORK_EXPORT int maximumIdentityLength() const; - void setPreSharedKey(const QByteArray &preSharedKey); - QByteArray preSharedKey() const; - int maximumPreSharedKeyLength() const; + Q_NETWORK_EXPORT void setPreSharedKey(const QByteArray &preSharedKey); + Q_NETWORK_EXPORT QByteArray preSharedKey() const; + Q_NETWORK_EXPORT int maximumPreSharedKeyLength() const; private: friend Q_NETWORK_EXPORT bool operator==(const QSslPreSharedKeyAuthenticator &lhs, const QSslPreSharedKeyAuthenticator &rhs); diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 513cc51620..b9b49ac26e 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -136,7 +136,7 @@ setDefaultCaCertificates(). \endlist - \note If available, root certificates on Unix (excluding Mac OS X) will be + \note If available, root certificates on Unix (excluding OS X) will be loaded on demand from the standard certificate directories. If you do not want to load root certificates on demand, you need to call either the static function setDefaultCaCertificates() before the first SSL handshake @@ -1166,6 +1166,10 @@ QSslKey QSslSocket::privateKey() const } /*! + \deprecated + + Use QSslConfiguration::ciphers() instead. + Returns this socket's current cryptographic cipher suite. This list is used during the socket's handshake phase for choosing a session cipher. The returned list of ciphers is ordered by @@ -1197,6 +1201,10 @@ QList<QSslCipher> QSslSocket::ciphers() const } /*! + \deprecated + + USe QSslConfiguration::setCiphers() instead. + Sets the cryptographic cipher suite for this socket to \a ciphers, which must contain a subset of the ciphers in the list returned by supportedCiphers(). @@ -1213,6 +1221,10 @@ void QSslSocket::setCiphers(const QList<QSslCipher> &ciphers) } /*! + \deprecated + + Use QSslConfiguration::setCiphers() instead. + Sets the cryptographic cipher suite for this socket to \a ciphers, which is a colon-separated list of cipher suite names. The ciphers are listed in order of preference, starting with the most preferred cipher. For example: @@ -1238,6 +1250,10 @@ void QSslSocket::setCiphers(const QString &ciphers) } /*! + \deprecated + + Use QSslConfiguration::setCiphers() on the default QSslConfiguration instead. + Sets the default cryptographic cipher suite for all sockets in this application to \a ciphers, which must contain a subset of the ciphers in the list returned by supportedCiphers(). @@ -1254,6 +1270,10 @@ void QSslSocket::setDefaultCiphers(const QList<QSslCipher> &ciphers) } /*! + \deprecated + + Use QSslConfiguration::ciphers() on the default QSslConfiguration instead. + Returns the default cryptographic cipher suite for all sockets in this application. This list is used during the socket's handshake phase when negotiating with the peer to choose a session cipher. @@ -1273,6 +1293,10 @@ QList<QSslCipher> QSslSocket::defaultCiphers() } /*! + \deprecated + + Use QSslConfiguration::supportedCiphers() instead. + Returns the list of cryptographic ciphers supported by this system. This list is set by the system's SSL libraries and may vary from system to system. @@ -1285,120 +1309,6 @@ QList<QSslCipher> QSslSocket::supportedCiphers() } /*! - \since 5.5 - - Returns this socket's current list of elliptic curves. This - list is used during the socket's handshake phase for choosing an - elliptic curve (when using an elliptic curve cipher). - The returned list of curves is ordered by descending preference - (i.e., the first curve in the list is the most preferred one). - - By default, this list is empty. An empty default list means that the - handshake phase can choose any of the curves supported by this system's SSL - libraries (which may vary from system to system). The list of curves - supported by this system's SSL libraries is returned by - supportedEllipticCurves(). - - You can restrict the list of curves used for choosing the session cipher - for this socket by calling setEllipticCurves() with a subset of the - supported ciphers. You can revert to using the entire set by calling - setEllipticCurves() with the list returned by supportedEllipticCurves(). - - \sa setEllipticCurves(), defaultEllipticCurves(), setDefaultEllipticCurves(), supportedEllipticCurves() -*/ -QVector<QSslEllipticCurve> QSslSocket::ellipticCurves() const -{ - Q_D(const QSslSocket); - return d->configuration.ellipticCurves; -} - -/*! - \since 5.5 - - Sets the list of elliptic curves to be used by this socket to \a curves, - which must contain a subset of the curves in the list returned by - supportedEllipticCurves(). - - Restricting the elliptic curves must be done before the handshake - phase, where the session cipher is chosen. - - If an empty list is set, then the handshake phase can choose any of the - curves supported by this system's SSL libraries (which may vary from system - to system). The list of curves supported by this system's SSL libraries is - returned by supportedEllipticCurves(). - - Use setCipher() in order to disable the usage of elliptic curve ciphers. - - \sa ellipticCurves(), setDefaultEllipticCurves(), supportedEllipticCurves() -*/ -void QSslSocket::setEllipticCurves(const QVector<QSslEllipticCurve> &curves) -{ - Q_D(QSslSocket); - d->configuration.ellipticCurves = curves; -} - -/*! - \since 5.5 - - Sets the list of elliptic curves to be used by all sockets in this - application to \a curves, which must contain a subset of the curves in the - list returned by supportedEllipticCurves(). - - Restricting the default elliptic curves only affects SSL sockets - that perform their handshake phase after the default list has been changed. - - If an empty list is set, then the handshake phase can choose any of the - curves supported by this system's SSL libraries (which may vary from system - to system). The list of curves supported by this system's SSL libraries is - returned by supportedEllipticCurves(). - - Use setDefaultCiphers() in order to disable the usage of elliptic curve ciphers. - - \sa setEllipticCurves(), defaultEllipticCurves(), supportedEllipticCurves() -*/ -void QSslSocket::setDefaultEllipticCurves(const QVector<QSslEllipticCurve> &curves) -{ - QSslSocketPrivate::setDefaultEllipticCurves(curves); -} - - -/*! - \since 5.5 - - Returns the default elliptic curves list for all sockets in - this application. This list is used during the socket's handshake - phase when negotiating with the peer to choose a session cipher. - The list is ordered by preference (i.e., the first curve in the - list is the most preferred one). - - By default, this list is empty. An empty default list means that the - handshake phase can choose any of the curves supported by this system's SSL - libraries (which may vary from system to system). The list of curves - supported by this system's SSL libraries is returned by - supportedEllipticCurves(). - - \sa setDefaultEllipticCurves(), supportedEllipticCurves() -*/ -QVector<QSslEllipticCurve> QSslSocket::defaultEllipticCurves() -{ - return QSslSocketPrivate::defaultEllipticCurves(); -} - -/*! - \since 5.5 - - Returns the list of elliptic curves supported by this - system. This list is set by the system's SSL libraries and may - vary from system to system. - - \sa ellipticCurves(), setEllipticCurves(), defaultEllipticCurves() -*/ -QVector<QSslEllipticCurve> QSslSocket::supportedEllipticCurves() -{ - return QSslSocketPrivate::supportedEllipticCurves(); -} - -/*! Searches all files in the \a path for certificates encoded in the specified \a format and adds them to this socket's CA certificate database. \a path can be explicit, or it can contain wildcards in @@ -1456,6 +1366,10 @@ void QSslSocket::addCaCertificates(const QList<QSslCertificate> &certificates) } /*! + \deprecated + + Use QSslConfiguration::setCaCertificates() instead. + Sets this socket's CA certificate database to be \a certificates. The certificate database must be set prior to the SSL handshake. The CA certificate database is used by the socket during the @@ -1475,6 +1389,10 @@ void QSslSocket::setCaCertificates(const QList<QSslCertificate> &certificates) } /*! + \deprecated + + Use QSslConfiguration::caCertificates() instead. + Returns this socket's CA certificate database. The CA certificate database is used by the socket during the handshake phase to validate the peer's certificate. It can be moodified prior to the @@ -1535,6 +1453,10 @@ void QSslSocket::addDefaultCaCertificates(const QList<QSslCertificate> &certific } /*! + \deprecated + + Use QSslConfiguration::setCaCertificates() on the default QSslConfiguration instead. + Sets the default CA certificate database to \a certificates. The default CA certificate database is originally set to your system's default CA certificate database. You can override the default CA @@ -1552,6 +1474,10 @@ void QSslSocket::setDefaultCaCertificates(const QList<QSslCertificate> &certific } /*! + \deprecated + + Use QSslConfiguration::caCertificates() on the default QSslConfiguration instead. + Returns the current default CA certificate database. This database is originally set to your system's default CA certificate database. If no system default database is found, an empty database will be @@ -1572,6 +1498,10 @@ QList<QSslCertificate> QSslSocket::defaultCaCertificates() } /*! + \deprecated + + Use QSslConfiguration::systemDefaultCaCertificates instead. + This function provides the CA certificate database provided by the operating system. The CA certificate database returned by this function is used to initialize the database @@ -2166,16 +2096,6 @@ void QSslSocketPrivate::setDefaultSupportedCiphers(const QList<QSslCipher> &ciph /*! \internal */ -QVector<QSslEllipticCurve> QSslSocketPrivate::defaultEllipticCurves() -{ - QSslSocketPrivate::ensureInitialized(); - const QMutexLocker locker(&globalData()->mutex); - return globalData()->config->ellipticCurves; -} - -/*! - \internal -*/ QVector<QSslEllipticCurve> QSslSocketPrivate::supportedEllipticCurves() { QSslSocketPrivate::ensureInitialized(); @@ -2186,16 +2106,6 @@ QVector<QSslEllipticCurve> QSslSocketPrivate::supportedEllipticCurves() /*! \internal */ -void QSslSocketPrivate::setDefaultEllipticCurves(const QVector<QSslEllipticCurve> &curves) -{ - const QMutexLocker locker(&globalData()->mutex); - globalData()->config.detach(); - globalData()->config->ellipticCurves = curves; -} - -/*! - \internal -*/ void QSslSocketPrivate::setDefaultSupportedEllipticCurves(const QVector<QSslEllipticCurve> &curves) { const QMutexLocker locker(&globalData()->mutex); diff --git a/src/network/ssl/qsslsocket.h b/src/network/ssl/qsslsocket.h index 8ad6d033a7..4124f5b7e5 100644 --- a/src/network/ssl/qsslsocket.h +++ b/src/network/ssl/qsslsocket.h @@ -144,34 +144,33 @@ public: QSslKey privateKey() const; // Cipher settings. - QList<QSslCipher> ciphers() const; - void setCiphers(const QList<QSslCipher> &ciphers); - void setCiphers(const QString &ciphers); - static void setDefaultCiphers(const QList<QSslCipher> &ciphers); - static QList<QSslCipher> defaultCiphers(); - static QList<QSslCipher> supportedCiphers(); - - // EC settings. - QVector<QSslEllipticCurve> ellipticCurves() const; - void setEllipticCurves(const QVector<QSslEllipticCurve> &curves); - static void setDefaultEllipticCurves(const QVector<QSslEllipticCurve> &curves); - static QVector<QSslEllipticCurve> defaultEllipticCurves(); - static QVector<QSslEllipticCurve> supportedEllipticCurves(); +#if QT_DEPRECATED_SINCE(5, 5) + QT_DEPRECATED_X("Use QSslConfiguration::ciphers()") QList<QSslCipher> ciphers() const; + QT_DEPRECATED_X("Use QSslConfiguration::setCiphers()") void setCiphers(const QList<QSslCipher> &ciphers); + QT_DEPRECATED void setCiphers(const QString &ciphers); + QT_DEPRECATED static void setDefaultCiphers(const QList<QSslCipher> &ciphers); + QT_DEPRECATED static QList<QSslCipher> defaultCiphers(); + QT_DEPRECATED_X("Use QSslConfiguration::supportedCiphers()") static QList<QSslCipher> supportedCiphers(); +#endif // QT_DEPRECATED_SINCE(5, 5) // CA settings. bool addCaCertificates(const QString &path, QSsl::EncodingFormat format = QSsl::Pem, QRegExp::PatternSyntax syntax = QRegExp::FixedString); void addCaCertificate(const QSslCertificate &certificate); void addCaCertificates(const QList<QSslCertificate> &certificates); - void setCaCertificates(const QList<QSslCertificate> &certificates); - QList<QSslCertificate> caCertificates() const; +#if QT_DEPRECATED_SINCE(5, 5) + QT_DEPRECATED_X("Use QSslConfiguration::setCaCertificates()") void setCaCertificates(const QList<QSslCertificate> &certificates); + QT_DEPRECATED_X("Use QSslConfiguration::caCertificates()") QList<QSslCertificate> caCertificates() const; +#endif // QT_DEPRECATED_SINCE(5, 5) static bool addDefaultCaCertificates(const QString &path, QSsl::EncodingFormat format = QSsl::Pem, QRegExp::PatternSyntax syntax = QRegExp::FixedString); static void addDefaultCaCertificate(const QSslCertificate &certificate); static void addDefaultCaCertificates(const QList<QSslCertificate> &certificates); - static void setDefaultCaCertificates(const QList<QSslCertificate> &certificates); - static QList<QSslCertificate> defaultCaCertificates(); - static QList<QSslCertificate> systemCaCertificates(); +#if QT_DEPRECATED_SINCE(5, 5) + QT_DEPRECATED static void setDefaultCaCertificates(const QList<QSslCertificate> &certificates); + QT_DEPRECATED static QList<QSslCertificate> defaultCaCertificates(); + QT_DEPRECATED_X("Use QSslConfiguration::systemCaCertificates()") static QList<QSslCertificate> systemCaCertificates(); +#endif // QT_DEPRECATED_SINCE(5, 5) bool waitForConnected(int msecs = 30000) Q_DECL_OVERRIDE; bool waitForEncrypted(int msecs = 30000); diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index a11599d772..3bcb8925c1 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1671,7 +1671,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> & setDefaultCaCertificates(defaultCaCertificates() + systemCaCertificates()); } - foreach (const QSslCertificate &caCertificate, QSslSocket::defaultCaCertificates()) { + foreach (const QSslCertificate &caCertificate, QSslConfiguration::defaultConfiguration().caCertificates()) { // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: // // If several CA certificates matching the name, key identifier, and diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h index 5f726f2371..d6519718d9 100644 --- a/src/network/ssl/qsslsocket_p.h +++ b/src/network/ssl/qsslsocket_p.h @@ -137,9 +137,7 @@ public: static void setDefaultSupportedCiphers(const QList<QSslCipher> &ciphers); static void resetDefaultCiphers(); - static QVector<QSslEllipticCurve> defaultEllipticCurves(); static QVector<QSslEllipticCurve> supportedEllipticCurves(); - static void setDefaultEllipticCurves(const QVector<QSslEllipticCurve> &curves); static void setDefaultSupportedEllipticCurves(const QVector<QSslEllipticCurve> &curves); static void resetDefaultEllipticCurves(); |