summaryrefslogtreecommitdiffstats
path: root/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp')
-rw-r--r--tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp138
1 files changed, 52 insertions, 86 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index a40ec30622..5dd5f66eba 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -50,6 +50,7 @@
#include "private/qiodevice_p.h" // for QIODEVICE_BUFFERSIZE
#include "../../../network-settings.h"
+#include "emulationdetector.h"
#ifndef QT_NO_SSL
@@ -237,9 +238,6 @@ private slots:
void writeBigChunk();
void blacklistedCertificates();
void versionAccessors();
-#ifndef QT_NO_OPENSSL
- void sslOptions();
-#endif
void encryptWithoutConnecting();
void resume_data();
void resume();
@@ -1201,7 +1199,7 @@ public:
config(QSslConfiguration::defaultConfiguration()),
ignoreSslErrors(true),
peerVerifyMode(QSslSocket::AutoVerifyPeer),
- protocol(QSsl::TlsV1_0),
+ protocol(QSsl::TlsV1_2),
m_keyFile(keyFile),
m_certFile(certFile),
m_interFile(interFile)
@@ -1292,32 +1290,25 @@ void tst_QSslSocket::protocolServerSide_data()
QTest::addColumn<QSsl::SslProtocol>("clientProtocol");
QTest::addColumn<bool>("works");
- QTest::newRow("tls1.0-tls1.0") << QSsl::TlsV1_0 << QSsl::TlsV1_0 << true;
- QTest::newRow("tls1ssl3-tls1ssl3") << QSsl::TlsV1SslV3 << QSsl::TlsV1SslV3 << true;
QTest::newRow("any-any") << QSsl::AnyProtocol << QSsl::AnyProtocol << true;
QTest::newRow("secure-secure") << QSsl::SecureProtocols << QSsl::SecureProtocols << true;
- QTest::newRow("tls1-tls1ssl3") << QSsl::TlsV1_0 << QSsl::TlsV1SslV3 << true;
- QTest::newRow("tls1.0-secure") << QSsl::TlsV1_0 << QSsl::SecureProtocols << true;
- QTest::newRow("tls1.0-any") << QSsl::TlsV1_0 << QSsl::AnyProtocol << true;
-
- QTest::newRow("tls1ssl3-tls1.0") << QSsl::TlsV1SslV3 << QSsl::TlsV1_0 << true;
- QTest::newRow("tls1ssl3-secure") << QSsl::TlsV1SslV3 << QSsl::SecureProtocols << true;
- QTest::newRow("tls1ssl3-any") << QSsl::TlsV1SslV3 << QSsl::AnyProtocol << true;
+ const bool tls1Works =
+#ifndef QT_NO_OPENSSL
+ QSslSocket::sslLibraryVersionNumber() >> 28 < 3;
+#else
+ true;
+#endif // QT_NO_OPENSSL
- QTest::newRow("secure-tls1.0") << QSsl::SecureProtocols << QSsl::TlsV1_0 << true;
- QTest::newRow("secure-tls1ssl3") << QSsl::SecureProtocols << QSsl::TlsV1SslV3 << true;
+ QTest::newRow("tls1.0-secure") << QSsl::TlsV1_0 << QSsl::SecureProtocols << tls1Works;
+ QTest::newRow("secure-tls1.0") << QSsl::SecureProtocols << QSsl::TlsV1_0 << tls1Works;
QTest::newRow("secure-any") << QSsl::SecureProtocols << QSsl::AnyProtocol << true;
- QTest::newRow("tls1.0orlater-tls1.0") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_0 << true;
- QTest::newRow("tls1.0orlater-tls1.1") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_1 << true;
QTest::newRow("tls1.0orlater-tls1.2") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_2 << true;
#ifdef TLS1_3_VERSION
QTest::newRow("tls1.0orlater-tls1.3") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_3 << true;
#endif
-
QTest::newRow("tls1.1orlater-tls1.0") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_0 << false;
- QTest::newRow("tls1.1orlater-tls1.1") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_1 << true;
QTest::newRow("tls1.1orlater-tls1.2") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_2 << true;
#ifdef TLS1_3_VERSION
@@ -1329,16 +1320,12 @@ void tst_QSslSocket::protocolServerSide_data()
QTest::newRow("tls1.2orlater-tls1.2") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_2 << true;
#ifdef TLS1_3_VERSION
QTest::newRow("tls1.2orlater-tls1.3") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_3 << true;
-#endif
-#ifdef TLS1_3_VERSION
QTest::newRow("tls1.3orlater-tls1.0") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_0 << false;
QTest::newRow("tls1.3orlater-tls1.1") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_1 << false;
QTest::newRow("tls1.3orlater-tls1.2") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_2 << false;
QTest::newRow("tls1.3orlater-tls1.3") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_3 << true;
#endif // TLS1_3_VERSION
- QTest::newRow("any-tls1.0") << QSsl::AnyProtocol << QSsl::TlsV1_0 << true;
- QTest::newRow("any-tls1ssl3") << QSsl::AnyProtocol << QSsl::TlsV1SslV3 << true;
QTest::newRow("any-secure") << QSsl::AnyProtocol << QSsl::SecureProtocols << true;
}
@@ -1411,10 +1398,28 @@ void tst_QSslSocket::serverCipherPreferences()
if (setProxy)
return;
- // First using the default (server preference)
+ QSslCipher testedCiphers[2];
{
+ // First using the default (server preference)
+ const auto supportedCiphers = QSslConfiguration::supportedCiphers();
+ int nSet = 0;
+ for (const auto &cipher : supportedCiphers) {
+ // Ciphersuites from TLS 1.2 and 1.3 are set separately,
+ // let's select 1.3 or above explicitly.
+ if (cipher.protocol() < QSsl::TlsV1_3)
+ continue;
+
+ testedCiphers[nSet++] = cipher;
+ if (nSet == 2)
+ break;
+ }
+
+ if (nSet != 2)
+ QSKIP("Failed to find two proper ciphersuites to test, bailing out.");
+
SslServer server;
- server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")};
+ server.protocol = QSsl::TlsV1_2OrLater;
+ server.ciphers = {testedCiphers[0], testedCiphers[1]};
QVERIFY(server.listen());
QEventLoop loop;
@@ -1424,7 +1429,8 @@ void tst_QSslSocket::serverCipherPreferences()
socket = &client;
auto sslConfig = socket->sslConfiguration();
- sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")});
+ sslConfig.setProtocol(QSsl::TlsV1_2OrLater);
+ sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]});
socket->setSslConfiguration(sslConfig);
// upon SSL wrong version error, errorOccurred will be triggered, not sslErrors
@@ -1437,16 +1443,19 @@ void tst_QSslSocket::serverCipherPreferences()
loop.exec();
QVERIFY(client.isEncrypted());
- QCOMPARE(client.sessionCipher().name(), QString("AES128-SHA"));
+ QCOMPARE(client.sessionCipher().name(), testedCiphers[0].name());
}
{
+ if (EmulationDetector::isRunningArmOnX86())
+ QSKIP("This test is known to crash on QEMU emulation for no good reason.");
// Now using the client preferences
SslServer server;
QSslConfiguration config = QSslConfiguration::defaultConfiguration();
config.setSslOption(QSsl::SslOptionDisableServerCipherPreference, true);
server.config = config;
- server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")};
+ server.protocol = QSsl::TlsV1_2OrLater;
+ server.ciphers = {testedCiphers[0], testedCiphers[1]};
QVERIFY(server.listen());
QEventLoop loop;
@@ -1456,7 +1465,8 @@ void tst_QSslSocket::serverCipherPreferences()
socket = &client;
auto sslConfig = socket->sslConfiguration();
- sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")});
+ sslConfig.setProtocol(QSsl::TlsV1_2OrLater);
+ sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]});
socket->setSslConfiguration(sslConfig);
// upon SSL wrong version error, errorOccurred will be triggered, not sslErrors
@@ -1469,7 +1479,7 @@ void tst_QSslSocket::serverCipherPreferences()
loop.exec();
QVERIFY(client.isEncrypted());
- QCOMPARE(client.sessionCipher().name(), QString("AES256-SHA"));
+ QCOMPARE(client.sessionCipher().name(), testedCiphers[1].name());
}
}
@@ -1553,8 +1563,10 @@ void tst_QSslSocket::setLocalCertificateChain()
Abort);
#endif
QCOMPARE(chain.size(), 2);
- QCOMPARE(chain[0].serialNumber(), QByteArray("10:a0:ad:77:58:f6:6e:ae:46:93:a3:43:f9:59:8a:9e"));
- QCOMPARE(chain[1].serialNumber(), QByteArray("3b:eb:99:c5:ea:d8:0b:5d:0b:97:5d:4f:06:75:4b:e1"));
+ QCOMPARE(chain[0].serialNumber(),
+ QByteArray("58:df:33:c1:9b:bc:c5:51:7a:00:86:64:43:94:41:e2:26:ef:3f:89"));
+ QCOMPARE(chain[1].serialNumber(),
+ QByteArray("11:72:34:bc:21:e6:ca:04:24:13:f8:35:48:84:a6:e9:de:96:22:15"));
}
void tst_QSslSocket::tlsConfiguration()
@@ -1623,6 +1635,9 @@ void tst_QSslSocket::setSocketDescriptor()
void tst_QSslSocket::setSslConfiguration_data()
{
+#if QT_CONFIG(securetransport)
+ QSKIP("Skipping the cases with certificate, SecureTransport does not like old certificate on the test server");
+#endif // securetransport
QTest::addColumn<QSslConfiguration>("configuration");
QTest::addColumn<bool>("works");
@@ -2819,60 +2834,6 @@ void tst_QSslSocket::versionAccessors()
qDebug() << QString::number(QSslSocket::sslLibraryVersionNumber(), 16);
}
-#ifndef QT_NO_OPENSSL
-void tst_QSslSocket::sslOptions()
-{
- if (!QSslSocket::supportsSsl())
- return;
-
-#ifdef SSL_OP_NO_COMPRESSION
- QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols,
- QSslConfigurationPrivate::defaultSslOptions),
- long(SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION|SSL_OP_CIPHER_SERVER_PREFERENCE));
-#else
- QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols,
- QSslConfigurationPrivate::defaultSslOptions),
- long(SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_CIPHER_SERVER_PREFERENCE));
-#endif
-
- QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols,
- QSsl::SslOptionDisableEmptyFragments
- |QSsl::SslOptionDisableLegacyRenegotiation),
- long(SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_CIPHER_SERVER_PREFERENCE));
-
-#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
- QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols,
- QSsl::SslOptionDisableEmptyFragments),
- long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION|SSL_OP_CIPHER_SERVER_PREFERENCE)));
-#endif
-
-#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
- QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols,
- QSsl::SslOptionDisableLegacyRenegotiation),
- long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_CIPHER_SERVER_PREFERENCE) & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS));
-#endif
-
-#ifdef SSL_OP_NO_TICKET
- QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols,
- QSsl::SslOptionDisableEmptyFragments
- |QSsl::SslOptionDisableLegacyRenegotiation
- |QSsl::SslOptionDisableSessionTickets),
- long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET|SSL_OP_CIPHER_SERVER_PREFERENCE)));
-#endif
-
-#ifdef SSL_OP_NO_TICKET
-#ifdef SSL_OP_NO_COMPRESSION
- QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols,
- QSsl::SslOptionDisableEmptyFragments
- |QSsl::SslOptionDisableLegacyRenegotiation
- |QSsl::SslOptionDisableSessionTickets
- |QSsl::SslOptionDisableCompression),
- long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET|SSL_OP_NO_COMPRESSION|SSL_OP_CIPHER_SERVER_PREFERENCE)));
-#endif
-#endif
-}
-#endif
-
void tst_QSslSocket::encryptWithoutConnecting()
{
if (!QSslSocket::supportsSsl())
@@ -3462,6 +3423,7 @@ void tst_QSslSocket::verifyClientCertificate()
#endif
SslServer server;
+ server.protocol = QSsl::TlsV1_2;
server.addCaCertificates = testDataDir + "certs/bogus-ca.crt";
server.ignoreSslErrors = false;
server.peerVerifyMode = peerVerifyMode;
@@ -4370,13 +4332,17 @@ void tst_QSslSocket::oldErrorsOnSocketReuse()
if (setProxy)
return; // not relevant
SslServer server;
+#ifdef QT_NO_OPENSSL
server.protocol = QSsl::TlsV1_1;
+#endif
server.m_certFile = testDataDir + "certs/fluke.cert";
server.m_keyFile = testDataDir + "certs/fluke.key";
QVERIFY(server.listen(QHostAddress::SpecialAddress::LocalHost));
QSslSocket socket;
+#ifdef QT_NO_OPENSSL
socket.setProtocol(QSsl::TlsV1_1);
+#endif
QList<QSslError> errorList;
auto connection = connect(&socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors),
[&socket, &errorList](const QList<QSslError> &errors) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 07:14:51 +0000