diff options
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/access/qhttpnetworkrequest.cpp | 2 | ||||
-rw-r--r-- | src/network/configure.json | 3 | ||||
-rw-r--r-- | src/network/ssl/qdtls.cpp | 65 | ||||
-rw-r--r-- | src/network/ssl/qdtls_openssl.cpp | 17 | ||||
-rw-r--r-- | src/network/ssl/qssl.h | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslcertificate.cpp | 54 | ||||
-rw-r--r-- | src/network/ssl/qsslcertificate.h | 3 | ||||
-rw-r--r-- | src/network/ssl/qsslconfiguration.cpp | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslconfiguration.h | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl_symbols.cpp | 2 |
10 files changed, 112 insertions, 40 deletions
diff --git a/src/network/access/qhttpnetworkrequest.cpp b/src/network/access/qhttpnetworkrequest.cpp index cf4be3df95..8de9760710 100644 --- a/src/network/access/qhttpnetworkrequest.cpp +++ b/src/network/access/qhttpnetworkrequest.cpp @@ -133,6 +133,8 @@ QByteArray QHttpNetworkRequest::uri(bool throughProxy) const QUrl copy = d->url; if (copy.path().isEmpty()) copy.setPath(QStringLiteral("/")); + else + format |= QUrl::NormalizePathSegments; QByteArray uri = copy.toEncoded(format); return uri; } diff --git a/src/network/configure.json b/src/network/configure.json index 0215ad73c5..32fcfb499f 100644 --- a/src/network/configure.json +++ b/src/network/configure.json @@ -263,6 +263,7 @@ "label": "HTTP", "purpose": "Provides support for the Hypertext Transfer Protocol in QNetworkAccessManager.", "section": "Networking", + "condition": "features.thread", "output": [ "publicFeature", "feature" ] }, "udpsocket": { @@ -301,7 +302,7 @@ "label": "Bearer management", "purpose": "Provides bearer management for the network stack.", "section": "Networking", - "condition": "features.library && features.networkinterface && features.properties", + "condition": "features.thread && features.library && features.networkinterface && features.properties", "output": [ "publicFeature", "feature" ] }, "localserver": { diff --git a/src/network/ssl/qdtls.cpp b/src/network/ssl/qdtls.cpp index e27bca51b9..da37951de2 100644 --- a/src/network/ssl/qdtls.cpp +++ b/src/network/ssl/qdtls.cpp @@ -277,6 +277,12 @@ */ /*! + \typedef QDtls::GeneratorParameters + + This is a synonym for QDtlsClientVerifier::GeneratorParameters. +*/ + +/*! \fn void QDtls::handshakeTimeout() Packet loss can result in timeouts during the handshake phase. In this case @@ -363,6 +369,7 @@ void QDtlsBasePrivate::setConfiguration(const QSslConfiguration &configuration) dtlsConfiguration.nextNegotiatedProtocol = configuration.nextNegotiatedProtocol(); dtlsConfiguration.nextProtocolNegotiationStatus = configuration.nextProtocolNegotiationStatus(); dtlsConfiguration.dtlsCookieEnabled = configuration.dtlsCookieVerificationEnabled(); + dtlsConfiguration.allowRootCertOnDemandLoading = configuration.d->allowRootCertOnDemandLoading; clearDtlsError(); } @@ -447,9 +454,10 @@ QDtlsClientVerifier::QDtlsClientVerifier(QObject *parent) } /*! - Sets the secret and cryptographic hash algorithm that this QDtlsClientVerifier - will use to generate cookies. If the new secret has size zero, this function - returns \c false and does not change the previous generator parameters. + Sets the secret and the cryptographic hash algorithm from \a params. This + QDtlsClientVerifier will use these to generate cookies. If the new secret + has size zero, this function returns \c false and does not change the + cookie generator parameters. \note The secret is supposed to be a cryptographically secure sequence of bytes. @@ -481,11 +489,12 @@ QDtlsClientVerifier::GeneratorParameters QDtlsClientVerifier::cookieGeneratorPar } /*! - \a socket must be a valid pointer, \a dgram must be a non-empty datagram, - \a address cannot be null, broadcast, or multicast. This function returns - \c true if \a dgram contains a ClientHello message with a valid cookie. - If no matching cookie is found, verifyClient() will send a HelloVerifyRequest - message using \a socket and will return \c false. + \a socket must be a valid pointer, \a dgram must be a non-empty + datagram, \a address cannot be null, broadcast, or multicast. + \a port is the remote peer's port. This function returns \c true + if \a dgram contains a ClientHello message with a valid cookie. + If no matching cookie is found, verifyClient() will send a + HelloVerifyRequest message using \a socket and return \c false. The following snippet shows how a server application may check for errors: @@ -556,7 +565,7 @@ QString QDtlsClientVerifier::dtlsErrorString() const \a mode is QSslSocket::SslServerMode for a server-side DTLS connection or QSslSocket::SslClientMode for a client. - \sa sslMode(), QSslSocket::SslSocket + \sa sslMode(), QSslSocket::SslMode */ QDtls::QDtls(QSslSocket::SslMode mode, QObject *parent) : QObject(*new QDtlsPrivateOpenSSL, parent) @@ -568,9 +577,9 @@ QDtls::QDtls(QSslSocket::SslMode mode, QObject *parent) } /*! - Sets the peer's address, \a port, and host name. \a address must not be - null, multicast, or broadcast. \a verificationName is the host name used - for the certificate validation. + Sets the peer's address, \a port, and host name and returns \c true + if successful. \a address must not be null, multicast, or broadcast. + \a verificationName is the host name used for the certificate validation. \sa peerAddress(), peerPort(), peerVerificationName() */ @@ -607,7 +616,9 @@ bool QDtls::setPeer(const QHostAddress &address, quint16 port, } /*! - Sets the host name that will be used for the certificate validation. + Sets the host \a name that will be used for the certificate validation + and returns \c true if successful. + \note This function must be called before the handshake starts. \sa peerVerificationName(), setPeer() @@ -704,8 +715,9 @@ quint16 QDtls::mtuHint() const } /*! - Sets the cryptographic hash algorithm and the secret. This function is only - needed for a server-side QDtls connection. + Sets the cryptographic hash algorithm and the secret from \a params. + This function is only needed for a server-side QDtls connection. + Returns \c true if successful. \note This function must be called before the handshake starts. @@ -738,7 +750,8 @@ QDtls::GeneratorParameters QDtls::cookieGeneratorParameters() const } /*! - Sets the connection's TLS configuration from \a configuration. + Sets the connection's TLS configuration from \a configuration + and returns \c true if successful. \note This function must be called before the handshake starts. @@ -892,8 +905,10 @@ bool QDtls::continueHandshake(QUdpSocket *socket, const QByteArray &datagram) } /*! - If peer verification errors were ignored during the handshake, resumeHandshake() - resumes and completes the handshake. \a socket must be a valid pointer. + If peer verification errors were ignored during the handshake, + resumeHandshake() resumes and completes the handshake and returns + \c true. \a socket must be a valid pointer. Returns \c false if + the handshake could not be resumed. \sa doHandshake(), abortHandshake() peerVerificationErrors(), ignoreVerificationErrors() */ @@ -916,10 +931,10 @@ bool QDtls::resumeHandshake(QUdpSocket *socket) } /*! - Aborts the handshake in case peer verification errors could not be ignored. - \a socket must be a valid pointer. + Aborts the ongoing handshake. Returns true if one was on-going on \a socket; + otherwise, sets a suitable error and returns false. - \sa doHandshake(), resumeHandshakeAfterError() + \sa doHandshake(), resumeHandshake() */ bool QDtls::abortHandshake(QUdpSocket *socket) { @@ -930,9 +945,9 @@ bool QDtls::abortHandshake(QUdpSocket *socket) return false; } - if (d->handshakeState != PeerVerificationFailed) { + if (d->handshakeState != PeerVerificationFailed && d->handshakeState != HandshakeInProgress) { d->setDtlsError(QDtlsError::InvalidOperation, - tr("Not in VerificationError state, nothing to abort")); + tr("No handshake in progress, nothing to abort")); return false; } @@ -1021,7 +1036,7 @@ QSsl::SslProtocol QDtls::sessionProtocol() const before writing encrypted data. \a socket must be a valid pointer. - \sa doHandshake(), handshakeState(), connectionEncrypted(), dtlsError() + \sa doHandshake(), handshakeState(), isConnectionEncrypted(), dtlsError() */ qint64 QDtls::writeDatagramEncrypted(QUdpSocket *socket, const QByteArray &dgram) { @@ -1107,7 +1122,7 @@ QVector<QSslError> QDtls::peerVerificationErrors() const } /*! - This method tells QDtls to ignore only the errors given in \a errors. + This method tells QDtls to ignore only the errors given in \a errorsToIgnore. If, for instance, you want to connect to a server that uses a self-signed certificate, consider the following snippet: diff --git a/src/network/ssl/qdtls_openssl.cpp b/src/network/ssl/qdtls_openssl.cpp index 9b11f58f2f..8be53df24f 100644 --- a/src/network/ssl/qdtls_openssl.cpp +++ b/src/network/ssl/qdtls_openssl.cpp @@ -732,11 +732,9 @@ bool DtlsState::initCtxAndConnection(QDtlsBasePrivate *dtlsBase) configurationCopy->ref.store(0); // the QSslConfiguration constructor refs up // DTLSTODO: check we do not set something DTLS-incompatible there ... - // 'true' - means load root certs on-demand loading - double check how this - // expected to be done (QSslSocket). TlsContext newContext(QSslContext::sharedFromConfiguration(dtlsBase->mode, configurationCopy, - true)); + dtlsBase->dtlsConfiguration.allowRootCertOnDemandLoading)); if (newContext->error() != QSslError::NoError) { dtlsBase->setDtlsError(QDtlsError::TlsInitializationError, newContext->errorString()); @@ -1115,13 +1113,18 @@ bool QDtlsPrivateOpenSSL::resumeHandshake(QUdpSocket *socket) void QDtlsPrivateOpenSSL::abortHandshake(QUdpSocket *socket) { Q_ASSERT(socket); - Q_ASSERT(handshakeState == QDtls::PeerVerificationFailed); + Q_ASSERT(handshakeState == QDtls::PeerVerificationFailed + || handshakeState == QDtls::HandshakeInProgress); clearDtlsError(); - // Yes, while peer verification failed, we were actually encrypted. - // Let's play it nice - inform our peer about connection shut down. - sendShutdownAlert(socket); + if (handshakeState == QDtls::PeerVerificationFailed) { + // Yes, while peer verification failed, we were actually encrypted. + // Let's play it nice - inform our peer about connection shut down. + sendShutdownAlert(socket); + } else { + resetDtls(); + } } void QDtlsPrivateOpenSSL::sendShutdownAlert(QUdpSocket *socket) diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h index 8ab24d89e1..dd268cd86d 100644 --- a/src/network/ssl/qssl.h +++ b/src/network/ssl/qssl.h @@ -91,7 +91,7 @@ namespace QSsl { TlsV1_1OrLater, TlsV1_2OrLater, -#if QT_CONFIG(dtls) +#if QT_CONFIG(dtls) || defined(Q_CLANG_QDOC) DtlsV1_0, DtlsV1_0OrLater, DtlsV1_2, diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 6cb07c46e1..31ff296480 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -692,6 +692,56 @@ QByteArray QSslCertificatePrivate::subjectInfoToString(QSslCertificate::SubjectI } /*! + \since 5.12 + + Returns a name that describes the issuer. It returns the QSslCertificate::CommonName + if available, otherwise falls back to the first QSslCertificate::Organization or the + first QSslCertificate::OrganizationalUnitName. + + \sa issuerInfo() +*/ +QString QSslCertificate::issuerDisplayName() const +{ + QStringList names; + names = issuerInfo(QSslCertificate::CommonName); + if (!names.isEmpty()) + return names.first(); + names = issuerInfo(QSslCertificate::Organization); + if (!names.isEmpty()) + return names.first(); + names = issuerInfo(QSslCertificate::OrganizationalUnitName); + if (!names.isEmpty()) + return names.first(); + + return QString(); +} + +/*! + \since 5.12 + + Returns a name that describes the subject. It returns the QSslCertificate::CommonName + if available, otherwise falls back to the first QSslCertificate::Organization or the + first QSslCertificate::OrganizationalUnitName. + + \sa subjectInfo() +*/ +QString QSslCertificate::subjectDisplayName() const +{ + QStringList names; + names = subjectInfo(QSslCertificate::CommonName); + if (!names.isEmpty()) + return names.first(); + names = subjectInfo(QSslCertificate::Organization); + if (!names.isEmpty()) + return names.first(); + names = subjectInfo(QSslCertificate::OrganizationalUnitName); + if (!names.isEmpty()) + return names.first(); + + return QString(); +} + +/*! \fn uint qHash(const QSslCertificate &key, uint seed) Returns the hash value for the \a key, using \a seed to seed the calculation. @@ -708,8 +758,8 @@ QDebug operator<<(QDebug debug, const QSslCertificate &certificate) << certificate.version() << ", " << certificate.serialNumber() << ", " << certificate.digest().toBase64() - << ", " << certificate.issuerInfo(QSslCertificate::Organization) - << ", " << certificate.subjectInfo(QSslCertificate::Organization) + << ", " << certificate.issuerDisplayName() + << ", " << certificate.subjectDisplayName() << ", " << certificate.subjectAlternativeNames() #ifndef QT_NO_DATESTRING << ", " << certificate.effectiveDate() diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h index 553fb8884d..266fcdacb4 100644 --- a/src/network/ssl/qsslcertificate.h +++ b/src/network/ssl/qsslcertificate.h @@ -120,6 +120,9 @@ public: QStringList issuerInfo(const QByteArray &attribute) const; QStringList subjectInfo(SubjectInfo info) const; QStringList subjectInfo(const QByteArray &attribute) const; + QString issuerDisplayName() const; + QString subjectDisplayName() const; + QList<QByteArray> subjectInfoAttributes() const; QList<QByteArray> issuerInfoAttributes() const; #if QT_DEPRECATED_SINCE(5,0) diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index 12fbb9a8e4..df5660d4c3 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -1031,7 +1031,7 @@ void QSslConfiguration::setDefaultConfiguration(const QSslConfiguration &configu QSslConfigurationPrivate::setDefaultConfiguration(configuration); } -#if QT_CONFIG(dtls) +#if QT_CONFIG(dtls) || defined(Q_CLANG_QDOC) /*! This function returns true if DTLS cookie verification was enabled on a diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h index 7f6028db27..454ac0cee3 100644 --- a/src/network/ssl/qsslconfiguration.h +++ b/src/network/ssl/qsslconfiguration.h @@ -162,7 +162,7 @@ public: static QSslConfiguration defaultConfiguration(); static void setDefaultConfiguration(const QSslConfiguration &configuration); -#if QT_CONFIG(dtls) +#if QT_CONFIG(dtls) || defined(Q_CLANG_QDOC) bool dtlsCookieVerificationEnabled() const; void setDtlsCookieVerificationEnabled(bool enable); diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index 8812912c18..63cb276d54 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -903,13 +903,11 @@ bool q_resolveOpenSslSymbols() { static bool symbolsResolved = false; static bool triedToResolveSymbols = false; -#ifndef QT_NO_THREAD #if QT_CONFIG(opensslv11) QMutexLocker locker(QMutexPool::globalInstanceGet((void *)&q_OPENSSL_init_ssl)); #else QMutexLocker locker(QMutexPool::globalInstanceGet((void *)&q_SSL_library_init)); #endif -#endif if (symbolsResolved) return true; if (triedToResolveSymbols) |