summaryrefslogtreecommitdiffstats
path: root/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp')
-rw-r--r--tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp340
1 files changed, 196 insertions, 144 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index 8af83b3972..b45d6b5d8f 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -1,6 +1,6 @@
// Copyright (C) 2021 The Qt Company Ltd.
// Copyright (C) 2014 Governikus GmbH & Co. KG.
-// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0
+// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only
#include <QtNetwork/private/qtnetworkglobal_p.h>
@@ -19,6 +19,8 @@
#include <QtNetwork/qtcpserver.h>
#include <QtNetwork/qsslpresharedkeyauthenticator.h>
+#include <QtTest/private/qemulationdetector_p.h>
+
#include <QTest>
#include <QNetworkProxy>
#include <QAuthenticator>
@@ -41,6 +43,8 @@
#include "private/qsslsocket_p.h"
#include "private/qsslconfiguration_p.h"
+using namespace std::chrono_literals;
+
QT_WARNING_PUSH
QT_WARNING_DISABLE_DEPRECATED
// make these enum values available without causing deprecation warnings:
@@ -162,9 +166,7 @@ private slots:
void protocol();
void protocolServerSide_data();
void protocolServerSide();
-#if QT_CONFIG(openssl)
void serverCipherPreferences();
-#endif
void setCaCertificates();
void setLocalCertificate();
void localCertificateChain();
@@ -289,6 +291,7 @@ private:
QSslSocket *socket;
QList<QSslError> storedExpectedSslErrors;
bool isTestingOpenSsl = false;
+ bool isSecurityLevel0Required = false;
bool opensslResolved = false;
bool isTestingSecureTransport = false;
bool isTestingSchannel = false;
@@ -408,6 +411,9 @@ void tst_QSslSocket::initTestCase()
flukeCertificateError = QSslError::SelfSignedCertificate;
#if QT_CONFIG(openssl)
opensslResolved = qt_auto_test_resolve_OpenSSL_symbols();
+ // This is where OpenSSL moved several protocols under
+ // non-default (0) security level (the default is 1).
+ isSecurityLevel0Required = OPENSSL_VERSION_NUMBER >= 0x30100010;
#else
opensslResolved = false; // Not 'unused variable' anymore.
#endif
@@ -806,6 +812,10 @@ void tst_QSslSocket::simpleConnect()
if (!QSslSocket::supportsSsl())
return;
+ // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use when connecting) are not available by default.
+ if (isSecurityLevel0Required)
+ QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier");
+
QFETCH_GLOBAL(bool, setProxy);
if (setProxy)
return;
@@ -834,30 +844,30 @@ void tst_QSslSocket::simpleConnect()
// Entered connecting state
QCOMPARE(socket.state(), QAbstractSocket::ConnectingState);
- QCOMPARE(connectedSpy.count(), 0);
- QCOMPARE(hostFoundSpy.count(), 1);
- QCOMPARE(disconnectedSpy.count(), 0);
+ QCOMPARE(connectedSpy.size(), 0);
+ QCOMPARE(hostFoundSpy.size(), 1);
+ QCOMPARE(disconnectedSpy.size(), 0);
enterLoop(10);
// Entered connected state
QCOMPARE(socket.state(), QAbstractSocket::ConnectedState);
QCOMPARE(socket.mode(), QSslSocket::UnencryptedMode);
QVERIFY(!socket.isEncrypted());
- QCOMPARE(connectedSpy.count(), 1);
- QCOMPARE(hostFoundSpy.count(), 1);
- QCOMPARE(disconnectedSpy.count(), 0);
+ QCOMPARE(connectedSpy.size(), 1);
+ QCOMPARE(hostFoundSpy.size(), 1);
+ QCOMPARE(disconnectedSpy.size(), 0);
// Enter encrypted mode
socket.startClientEncryption();
QCOMPARE(socket.mode(), QSslSocket::SslClientMode);
QVERIFY(!socket.isEncrypted());
- QCOMPARE(connectionEncryptedSpy.count(), 0);
- QCOMPARE(sslErrorsSpy.count(), 0);
+ QCOMPARE(connectionEncryptedSpy.size(), 0);
+ QCOMPARE(sslErrorsSpy.size(), 0);
// Starting handshake
enterLoop(10);
- QCOMPARE(sslErrorsSpy.count(), 1);
- QCOMPARE(connectionEncryptedSpy.count(), 0);
+ QCOMPARE(sslErrorsSpy.size(), 1);
+ QCOMPARE(connectionEncryptedSpy.size(), 0);
QVERIFY(!socket.isEncrypted());
QCOMPARE(socket.state(), QAbstractSocket::UnconnectedState);
}
@@ -867,6 +877,10 @@ void tst_QSslSocket::simpleConnectWithIgnore()
if (!QSslSocket::supportsSsl())
return;
+ // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use when connecting) are not available by default.
+ if (isSecurityLevel0Required)
+ QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier");
+
QFETCH_GLOBAL(bool, setProxy);
if (setProxy)
return;
@@ -895,10 +909,10 @@ void tst_QSslSocket::simpleConnectWithIgnore()
enterLoop(10);
// Done; encryption should be enabled.
- QCOMPARE(sslErrorsSpy.count(), 1);
+ QCOMPARE(sslErrorsSpy.size(), 1);
QVERIFY(socket.isEncrypted());
QCOMPARE(socket.state(), QAbstractSocket::ConnectedState);
- QCOMPARE(encryptedSpy.count(), 1);
+ QCOMPARE(encryptedSpy.size(), 1);
// Wait for incoming data
if (!socket.canReadLine())
@@ -911,6 +925,10 @@ void tst_QSslSocket::simpleConnectWithIgnore()
void tst_QSslSocket::sslErrors_data()
{
+ // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use in 'sslErrors' test) are not available by default.
+ if (isSecurityLevel0Required)
+ QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier");
+
QTest::addColumn<QString>("host");
QTest::addColumn<int>("port");
@@ -968,7 +986,7 @@ void tst_QSslSocket::sslErrors()
// check the same errors were emitted by sslErrors
QVERIFY(!sslErrorsSpy.isEmpty());
SslErrorList emittedErrors;
- const auto sslErrorsSpyErrors = qvariant_cast<QList<QSslError> >(qAsConst(sslErrorsSpy).first().first());
+ const auto sslErrorsSpyErrors = qvariant_cast<QList<QSslError> >(std::as_const(sslErrorsSpy).first().first());
for (const QSslError &err : sslErrorsSpyErrors)
emittedErrors << err.error();
std::sort(emittedErrors.begin(), emittedErrors.end());
@@ -1017,7 +1035,7 @@ void tst_QSslSocket::ciphers()
QString ciphersAsString;
const auto &supported = sslConfig.supportedCiphers();
for (const auto &cipher : supported) {
- if (cipher.isNull() || !cipher.name().length())
+ if (cipher.isNull() || !cipher.name().size())
continue;
if (ciphers.size() > 0)
ciphersAsString += QStringLiteral(":");
@@ -1096,8 +1114,6 @@ void tst_QSslSocket::connectToHostEncrypted()
return;
QSslSocketPtr socket = newSocket();
- if (isTestingSchannel) // old certificate not supported with TLS 1.2
- socket->setProtocol(Test::TlsV1_1);
this->socket = socket.data();
auto config = socket->sslConfiguration();
@@ -1135,8 +1151,6 @@ void tst_QSslSocket::connectToHostEncryptedWithVerificationPeerName()
return;
QSslSocketPtr socket = newSocket();
- if (isTestingSchannel) // old certificate not supported with TLS 1.2
- socket->setProtocol(Test::TlsV1_1);
this->socket = socket.data();
@@ -1235,7 +1249,7 @@ void tst_QSslSocket::peerCertificateChain()
QSslSocketPtr socket = newSocket();
this->socket = socket.data();
QList<QSslCertificate> caCertificates = QSslCertificate::fromPath(httpServerCertChainPath());
- QCOMPARE(caCertificates.count(), 1);
+ QCOMPARE(caCertificates.size(), 1);
auto config = socket->sslConfiguration();
config.addCaCertificates(caCertificates);
socket->setSslConfiguration(config);
@@ -1252,7 +1266,7 @@ void tst_QSslSocket::peerCertificateChain()
QSKIP("Skipping flaky test - See QTBUG-29941");
QList<QSslCertificate> certChain = socket->peerCertificateChain();
- QVERIFY(certChain.count() > 0);
+ QVERIFY(certChain.size() > 0);
QCOMPARE(certChain.first(), socket->peerCertificate());
socket->disconnectFromHost();
@@ -1296,6 +1310,7 @@ void tst_QSslSocket::privateKey()
#if QT_CONFIG(openssl)
void tst_QSslSocket::privateKeyOpaque()
{
+#ifndef OPENSSL_NO_DEPRECATED_3_0
if (!isTestingOpenSsl)
QSKIP("The active TLS backend does not support private opaque keys");
@@ -1329,6 +1344,7 @@ void tst_QSslSocket::privateKeyOpaque()
QFETCH_GLOBAL(bool, setProxy);
if (setProxy && !socket->waitForEncrypted(10000))
QSKIP("Skipping flaky test - See QTBUG-29941");
+#endif // OPENSSL_NO_DEPRECATED_3_0
}
#endif // Feature 'openssl'.
@@ -1561,24 +1577,18 @@ void tst_QSslSocket::protocolServerSide_data()
QTest::addColumn<QSsl::SslProtocol>("clientProtocol");
QTest::addColumn<bool>("works");
- QTest::newRow("tls1.0-tls1.0") << Test::TlsV1_0 << Test::TlsV1_0 << true;
QTest::newRow("any-any") << QSsl::AnyProtocol << QSsl::AnyProtocol << true;
QTest::newRow("secure-secure") << QSsl::SecureProtocols << QSsl::SecureProtocols << true;
QTest::newRow("tls1.0-secure") << Test::TlsV1_0 << QSsl::SecureProtocols << false;
- QTest::newRow("tls1.0-any") << Test::TlsV1_0 << QSsl::AnyProtocol << true;
-
QTest::newRow("secure-tls1.0") << QSsl::SecureProtocols << Test::TlsV1_0 << false;
QTest::newRow("secure-any") << QSsl::SecureProtocols << QSsl::AnyProtocol << true;
- QTest::newRow("tls1.0orlater-tls1.0") << Test::TlsV1_0OrLater << Test::TlsV1_0 << true;
- QTest::newRow("tls1.0orlater-tls1.1") << Test::TlsV1_0OrLater << Test::TlsV1_1 << true;
QTest::newRow("tls1.0orlater-tls1.2") << Test::TlsV1_0OrLater << QSsl::TlsV1_2 << true;
if (supportsTls13())
QTest::newRow("tls1.0orlater-tls1.3") << Test::TlsV1_0OrLater << QSsl::TlsV1_3 << true;
QTest::newRow("tls1.1orlater-tls1.0") << Test::TlsV1_1OrLater << Test::TlsV1_0 << false;
- QTest::newRow("tls1.1orlater-tls1.1") << Test::TlsV1_1OrLater << Test::TlsV1_1 << true;
QTest::newRow("tls1.1orlater-tls1.2") << Test::TlsV1_1OrLater << QSsl::TlsV1_2 << true;
if (supportsTls13())
@@ -1595,7 +1605,6 @@ void tst_QSslSocket::protocolServerSide_data()
QTest::newRow("tls1.3orlater-tls1.3") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_3 << true;
}
- QTest::newRow("any-tls1.0") << QSsl::AnyProtocol << Test::TlsV1_0 << true;
QTest::newRow("any-secure") << QSsl::AnyProtocol << QSsl::SecureProtocols << true;
}
@@ -1652,8 +1661,6 @@ void tst_QSslSocket::protocolServerSide()
QCOMPARE(client.isEncrypted(), works);
}
-#if QT_CONFIG(openssl)
-
void tst_QSslSocket::serverCipherPreferences()
{
if (!isTestingOpenSsl)
@@ -1663,11 +1670,28 @@ void tst_QSslSocket::serverCipherPreferences()
if (setProxy)
return;
- // First using the default (server preference)
+ QSslCipher testedCiphers[2];
{
+ // First using the default (server preference)
+ const auto supportedCiphers = QSslConfiguration::supportedCiphers();
+ int nSet = 0;
+ for (const auto &cipher : supportedCiphers) {
+ // Ciphersuites from TLS 1.2 and 1.3 are set separately,
+ // let's select 1.3 or above explicitly.
+ if (cipher.protocol() < QSsl::TlsV1_3)
+ continue;
+
+ testedCiphers[nSet++] = cipher;
+ if (nSet == 2)
+ break;
+ }
+
+ if (nSet != 2)
+ QSKIP("Failed to find two proper ciphersuites to test, bailing out.");
+
SslServer server;
- server.protocol = Test::TlsV1_0;
- server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")};
+ server.protocol = QSsl::TlsV1_2OrLater;
+ server.ciphers = {testedCiphers[0], testedCiphers[1]};
QVERIFY(server.listen());
QEventLoop loop;
@@ -1677,8 +1701,8 @@ void tst_QSslSocket::serverCipherPreferences()
socket = &client;
auto sslConfig = socket->sslConfiguration();
- sslConfig.setProtocol(Test::TlsV1_0OrLater);
- sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")});
+ sslConfig.setProtocol(QSsl::TlsV1_2OrLater);
+ sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]});
socket->setSslConfiguration(sslConfig);
// upon SSL wrong version error, errorOccurred will be triggered, not sslErrors
@@ -1691,17 +1715,19 @@ void tst_QSslSocket::serverCipherPreferences()
loop.exec();
QVERIFY(client.isEncrypted());
- QCOMPARE(client.sessionCipher().name(), QString("AES128-SHA"));
+ QCOMPARE(client.sessionCipher().name(), testedCiphers[0].name());
}
{
+ if (QTestPrivate::isRunningArmOnX86())
+ QSKIP("This test is known to crash on QEMU emulation for no good reason.");
// Now using the client preferences
SslServer server;
QSslConfiguration config = QSslConfiguration::defaultConfiguration();
config.setSslOption(QSsl::SslOptionDisableServerCipherPreference, true);
server.config = config;
- server.protocol = Test::TlsV1_0OrLater;
- server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")};
+ server.protocol = QSsl::TlsV1_2OrLater;
+ server.ciphers = {testedCiphers[0], testedCiphers[1]};
QVERIFY(server.listen());
QEventLoop loop;
@@ -1711,8 +1737,8 @@ void tst_QSslSocket::serverCipherPreferences()
socket = &client;
auto sslConfig = socket->sslConfiguration();
- sslConfig.setProtocol(Test::TlsV1_0);
- sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")});
+ sslConfig.setProtocol(QSsl::TlsV1_2OrLater);
+ sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]});
socket->setSslConfiguration(sslConfig);
// upon SSL wrong version error, errorOccurred will be triggered, not sslErrors
@@ -1725,12 +1751,10 @@ void tst_QSslSocket::serverCipherPreferences()
loop.exec();
QVERIFY(client.isEncrypted());
- QCOMPARE(client.sessionCipher().name(), QString("AES256-SHA"));
+ QCOMPARE(client.sessionCipher().name(), testedCiphers[1].name());
}
}
-#endif // Feature 'openssl'.
-
void tst_QSslSocket::setCaCertificates()
{
@@ -1807,8 +1831,10 @@ void tst_QSslSocket::setLocalCertificateChain()
}
QCOMPARE(chain.size(), 2);
- QCOMPARE(chain[0].serialNumber(), QByteArray("10:a0:ad:77:58:f6:6e:ae:46:93:a3:43:f9:59:8a:9e"));
- QCOMPARE(chain[1].serialNumber(), QByteArray("3b:eb:99:c5:ea:d8:0b:5d:0b:97:5d:4f:06:75:4b:e1"));
+ QCOMPARE(chain[0].serialNumber(),
+ QByteArray("58:df:33:c1:9b:bc:c5:51:7a:00:86:64:43:94:41:e2:26:ef:3f:89"));
+ QCOMPARE(chain[1].serialNumber(),
+ QByteArray("11:72:34:bc:21:e6:ca:04:24:13:f8:35:48:84:a6:e9:de:96:22:15"));
}
void tst_QSslSocket::tlsConfiguration()
@@ -1900,8 +1926,6 @@ void tst_QSslSocket::setSslConfiguration()
QSslSocketPtr socket = newSocket();
QFETCH(QSslConfiguration, configuration);
socket->setSslConfiguration(configuration);
- if (isTestingSchannel) // old certificate not supported with TLS 1.2
- socket->setProtocol(Test::TlsV1_1);
this->socket = socket.data();
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
@@ -1955,6 +1979,10 @@ void tst_QSslSocket::waitForConnectedEncryptedReadyRead()
if (!QSslSocket::supportsSsl())
return;
+ // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use here) are not available by default.
+ if (isSecurityLevel0Required)
+ QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier");
+
QSslSocketPtr socket = newSocket();
this->socket = socket.data();
@@ -2629,8 +2657,6 @@ void tst_QSslSocket::verifyMode()
return;
QSslSocket socket;
- if (isTestingSchannel) // old certificate not supported with TLS 1.2
- socket.setProtocol(Test::TlsV1_1);
QCOMPARE(socket.peerVerifyMode(), QSslSocket::AutoVerifyPeer);
socket.setPeerVerifyMode(QSslSocket::VerifyNone);
@@ -2810,10 +2836,10 @@ void tst_QSslSocket::closeWhileEmittingSocketError()
// Make sure we have some data buffered so that close will try to flush:
clientSocket.write(QByteArray(1000000, Qt::Uninitialized));
- QTestEventLoop::instance().enterLoopMSecs(1000);
+ QTestEventLoop::instance().enterLoop(1s);
QVERIFY(!QTestEventLoop::instance().timeout());
- QCOMPARE(socketErrorSpy.count(), 1);
+ QCOMPARE(socketErrorSpy.size(), 1);
}
#endif // Feature 'openssl'.
@@ -2910,7 +2936,7 @@ void tst_QSslSocket::ignoreSslErrorsList()
bool expectEncryptionSuccess = (expectedSslErrorSignalCount == 0);
if (socket.waitForEncrypted(10000) != expectEncryptionSuccess)
QSKIP("Skipping flaky test - See QTBUG-29941");
- QCOMPARE(sslErrorsSpy.count(), expectedSslErrorSignalCount);
+ QCOMPARE(sslErrorsSpy.size(), expectedSslErrorSignalCount);
}
void tst_QSslSocket::ignoreSslErrorsListWithSlot_data()
@@ -2971,8 +2997,6 @@ void tst_QSslSocket::abortOnSslErrors()
void tst_QSslSocket::readFromClosedSocket()
{
QSslSocketPtr socket = newSocket();
- if (isTestingSchannel) // old certificate not supported with TLS 1.2
- socket->setProtocol(Test::TlsV1_1);
socket->ignoreSslErrors();
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
@@ -3070,9 +3094,16 @@ void tst_QSslSocket::blacklistedCertificates()
connect(receiver, SIGNAL(encrypted()), SLOT(exitLoop()));
enterLoop(1);
QList<QSslError> sslErrors = receiver->sslHandshakeErrors();
- QVERIFY(sslErrors.count() > 0);
+ QVERIFY(sslErrors.size() > 0);
// there are more errors (self signed cert and hostname mismatch), but we only care about the blacklist error
- QCOMPARE(sslErrors.at(0).error(), QSslError::CertificateBlacklisted);
+ std::optional<QSslError> blacklistedError;
+ for (const QSslError &error : sslErrors) {
+ if (error.error() == QSslError::CertificateBlacklisted) {
+ blacklistedError = error;
+ break;
+ }
+ }
+ QVERIFY2(blacklistedError, "CertificateBlacklisted error not found!");
}
void tst_QSslSocket::versionAccessors()
@@ -3098,6 +3129,10 @@ void tst_QSslSocket::encryptWithoutConnecting()
void tst_QSslSocket::resume_data()
{
+ // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use in 'resume' test) are not available by default.
+ if (isSecurityLevel0Required)
+ QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier");
+
QTest::addColumn<bool>("ignoreErrorsAfterPause");
QTest::addColumn<QList<QSslError> >("errorsToIgnore");
QTest::addColumn<bool>("expectSuccess");
@@ -3154,9 +3189,9 @@ void tst_QSslSocket::resume()
QFETCH_GLOBAL(bool, setProxy);
if (setProxy && QTestEventLoop::instance().timeout())
QSKIP("Skipping flaky test - See QTBUG-29941");
- QCOMPARE(sslErrorSpy.count(), 1);
- QCOMPARE(errorSpy.count(), 0);
- QCOMPARE(encryptedSpy.count(), 0);
+ QCOMPARE(sslErrorSpy.size(), 1);
+ QCOMPARE(errorSpy.size(), 0);
+ QCOMPARE(encryptedSpy.size(), 0);
QVERIFY(!socket.isEncrypted());
if (ignoreErrorsAfterPause) {
if (errorsToIgnore.empty())
@@ -3168,15 +3203,15 @@ void tst_QSslSocket::resume()
QTestEventLoop::instance().enterLoop(10);
QVERIFY(!QTestEventLoop::instance().timeout()); // quit by encrypted() or error() signal
if (expectSuccess) {
- QCOMPARE(encryptedSpy.count(), 1);
+ QCOMPARE(encryptedSpy.size(), 1);
QVERIFY(socket.isEncrypted());
- QCOMPARE(errorSpy.count(), 0);
+ QCOMPARE(errorSpy.size(), 0);
socket.disconnectFromHost();
QVERIFY(socket.waitForDisconnected(10000));
} else {
- QCOMPARE(encryptedSpy.count(), 0);
+ QCOMPARE(encryptedSpy.size(), 0);
QVERIFY(!socket.isEncrypted());
- QCOMPARE(errorSpy.count(), 1);
+ QCOMPARE(errorSpy.size(), 1);
QCOMPARE(socket.error(), QAbstractSocket::SslHandshakeFailedError);
}
}
@@ -3363,17 +3398,17 @@ void tst_QSslSocket::qtbug18498_peek2()
bigblock.fill('#', QIODEVICE_BUFFERSIZE + 1024);
QVERIFY(client->write(QByteArray("head")));
QVERIFY(client->write(bigblock));
- QTRY_COMPARE(server->bytesAvailable(), bigblock.length() + 4);
+ QTRY_COMPARE(server->bytesAvailable(), bigblock.size() + 4);
QCOMPARE(server->read(4), QByteArray("head"));
- QCOMPARE(server->peek(bigblock.length()), bigblock);
- b.reserve(bigblock.length());
- b.resize(server->peek(b.data(), bigblock.length()));
+ QCOMPARE(server->peek(bigblock.size()), bigblock);
+ b.reserve(bigblock.size());
+ b.resize(server->peek(b.data(), bigblock.size()));
QCOMPARE(b, bigblock);
//check oversized peek
- QCOMPARE(server->peek(bigblock.length() * 3), bigblock);
- b.reserve(bigblock.length() * 3);
- b.resize(server->peek(b.data(), bigblock.length() * 3));
+ QCOMPARE(server->peek(bigblock.size() * 3), bigblock);
+ b.reserve(bigblock.size() * 3);
+ b.resize(server->peek(b.data(), bigblock.size() * 3));
QCOMPARE(b, bigblock);
QCOMPARE(server->readAll(), bigblock);
@@ -3441,7 +3476,13 @@ void tst_QSslSocket::dhServer()
return;
SslServer server;
- server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")};
+ QSslCipher rsaCipher("DHE-RSA-AES256-SHA");
+ QSslCipher dssCipher("DHE-DSS-AES256-SHA");
+ if (rsaCipher.isNull())
+ QSKIP("The current backend doesn't support DHE-RSA-AES256-SHA");
+ if (dssCipher.isNull())
+ QSKIP("The current backend doesn't support DHE-DSS-AES256-SHA");
+ server.ciphers = { rsaCipher, dssCipher };
QVERIFY(server.listen());
QEventLoop loop;
@@ -3469,9 +3510,10 @@ void tst_QSslSocket::dhServerCustomParamsNull()
if (setProxy)
return;
+ const QSslCipher cipherWithDH("DHE-RSA-AES256-SHA256");
SslServer server;
- server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")};
- server.protocol = Test::TlsV1_0;
+ server.ciphers = {cipherWithDH};
+ server.protocol = QSsl::TlsV1_2;
QSslConfiguration cfg = server.config;
cfg.setDiffieHellmanParameters(QSslDiffieHellmanParameters());
@@ -3484,7 +3526,6 @@ void tst_QSslSocket::dhServerCustomParamsNull()
QSslSocket client;
QSslConfiguration config = client.sslConfiguration();
- config.setProtocol(Test::TlsV1_0);
client.setSslConfiguration(config);
socket = &client;
connect(socket, SIGNAL(errorOccurred(QAbstractSocket::SocketError)), &loop, SLOT(quit()));
@@ -3495,20 +3536,25 @@ void tst_QSslSocket::dhServerCustomParamsNull()
loop.exec();
- QVERIFY(client.state() != QAbstractSocket::ConnectedState);
+ QCOMPARE(client.state(), QAbstractSocket::ConnectedState);
+ QCOMPARE(client.sessionCipher(), cipherWithDH);
}
void tst_QSslSocket::dhServerCustomParams()
{
if (!QSslSocket::supportsSsl())
QSKIP("No SSL support");
+ if (!QSslSocket::isClassImplemented(QSsl::ImplementedClass::DiffieHellman))
+ QSKIP("The current backend doesn't support diffie hellman parameters");
QFETCH_GLOBAL(bool, setProxy);
if (setProxy)
return;
SslServer server;
- server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")};
+ const QSslCipher cipherWithDH("DHE-RSA-AES256-SHA256");
+ server.ciphers = {cipherWithDH};
+ server.protocol = QSsl::TlsV1_2;
QSslConfiguration cfg = server.config;
@@ -3538,7 +3584,8 @@ void tst_QSslSocket::dhServerCustomParams()
loop.exec();
- QVERIFY(client.state() == QAbstractSocket::ConnectedState);
+ QCOMPARE(client.state(), QAbstractSocket::ConnectedState);
+ QCOMPARE(client.sessionCipher(), cipherWithDH);
}
#endif // QT_CONFIG(openssl)
@@ -3554,7 +3601,10 @@ void tst_QSslSocket::ecdhServer()
return;
SslServer server;
- server.ciphers = {QSslCipher("ECDHE-RSA-AES128-SHA")};
+ QSslCipher cipher("ECDHE-RSA-AES128-SHA");
+ if (cipher.isNull())
+ QSKIP("The current backend doesn't support ECDHE-RSA-AES128-SHA");
+ server.ciphers = {cipher};
QVERIFY(server.listen());
QEventLoop loop;
@@ -3667,7 +3717,7 @@ void tst_QSslSocket::verifyClientCertificate()
}
SslServer server;
- server.protocol = Test::TlsV1_0;
+ server.protocol = QSsl::TlsV1_2;
server.addCaCertificates = testDataDir + "certs/bogus-ca.crt";
server.ignoreSslErrors = false;
server.peerVerifyMode = peerVerifyMode;
@@ -3709,7 +3759,7 @@ void tst_QSslSocket::verifyClientCertificate()
} else {
QCOMPARE(server.socket->peerCertificate(), clientCerts.first());
if (isTestingSchannel) {
- if (clientCerts.count() == 1 && server.socket->peerCertificateChain().count() == 2) {
+ if (clientCerts.size() == 1 && server.socket->peerCertificateChain().size() == 2) {
QEXPECT_FAIL("",
"Schannel includes the entire chain, not just the leaf and intermediates",
Continue);
@@ -4069,14 +4119,14 @@ void tst_QSslSocket::simplePskConnect()
case PskConnectWrongCredentials:
// provide totally wrong credentials
- provider.setIdentity(PSK_CLIENT_IDENTITY.left(PSK_CLIENT_IDENTITY.length() - 1));
- provider.setPreSharedKey(PSK_CLIENT_PRESHAREDKEY.left(PSK_CLIENT_PRESHAREDKEY.length() - 1));
+ provider.setIdentity(PSK_CLIENT_IDENTITY.left(PSK_CLIENT_IDENTITY.size() - 1));
+ provider.setPreSharedKey(PSK_CLIENT_PRESHAREDKEY.left(PSK_CLIENT_PRESHAREDKEY.size() - 1));
connect(&socket, SIGNAL(preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*)), &provider, SLOT(providePsk(QSslPreSharedKeyAuthenticator*)));
break;
case PskConnectWrongIdentity:
// right PSK, wrong identity
- provider.setIdentity(PSK_CLIENT_IDENTITY.left(PSK_CLIENT_IDENTITY.length() - 1));
+ provider.setIdentity(PSK_CLIENT_IDENTITY.left(PSK_CLIENT_IDENTITY.size() - 1));
provider.setPreSharedKey(PSK_CLIENT_PRESHAREDKEY);
connect(&socket, SIGNAL(preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*)), &provider, SLOT(providePsk(QSslPreSharedKeyAuthenticator*)));
break;
@@ -4084,7 +4134,7 @@ void tst_QSslSocket::simplePskConnect()
case PskConnectWrongPreSharedKey:
// right identity, wrong PSK
provider.setIdentity(PSK_CLIENT_IDENTITY);
- provider.setPreSharedKey(PSK_CLIENT_PRESHAREDKEY.left(PSK_CLIENT_PRESHAREDKEY.length() - 1));
+ provider.setPreSharedKey(PSK_CLIENT_PRESHAREDKEY.left(PSK_CLIENT_PRESHAREDKEY.size() - 1));
connect(&socket, SIGNAL(preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*)), &provider, SLOT(providePsk(QSslPreSharedKeyAuthenticator*)));
break;
@@ -4136,32 +4186,32 @@ void tst_QSslSocket::simplePskConnect()
// Entered connecting state
QCOMPARE(socket.state(), QAbstractSocket::ConnectingState);
- QCOMPARE(connectedSpy.count(), 0);
- QCOMPARE(hostFoundSpy.count(), 1);
- QCOMPARE(disconnectedSpy.count(), 0);
+ QCOMPARE(connectedSpy.size(), 0);
+ QCOMPARE(hostFoundSpy.size(), 1);
+ QCOMPARE(disconnectedSpy.size(), 0);
enterLoop(10);
// Entered connected state
QCOMPARE(socket.state(), QAbstractSocket::ConnectedState);
QCOMPARE(socket.mode(), QSslSocket::UnencryptedMode);
QVERIFY(!socket.isEncrypted());
- QCOMPARE(connectedSpy.count(), 1);
- QCOMPARE(hostFoundSpy.count(), 1);
- QCOMPARE(disconnectedSpy.count(), 0);
+ QCOMPARE(connectedSpy.size(), 1);
+ QCOMPARE(hostFoundSpy.size(), 1);
+ QCOMPARE(disconnectedSpy.size(), 0);
// Enter encrypted mode
socket.startClientEncryption();
QCOMPARE(socket.mode(), QSslSocket::SslClientMode);
QVERIFY(!socket.isEncrypted());
- QCOMPARE(connectionEncryptedSpy.count(), 0);
- QCOMPARE(sslErrorsSpy.count(), 0);
- QCOMPARE(peerVerifyErrorSpy.count(), 0);
+ QCOMPARE(connectionEncryptedSpy.size(), 0);
+ QCOMPARE(sslErrorsSpy.size(), 0);
+ QCOMPARE(peerVerifyErrorSpy.size(), 0);
// Start handshake.
enterLoop(10);
// We must get the PSK signal in all cases
- QCOMPARE(pskAuthenticationRequiredSpy.count(), 1);
+ QCOMPARE(pskAuthenticationRequiredSpy.size(), 1);
switch (pskTestType) {
case PskConnectDoNotHandlePsk:
@@ -4170,40 +4220,40 @@ void tst_QSslSocket::simplePskConnect()
case PskConnectWrongIdentity:
case PskConnectWrongPreSharedKey:
// Handshake failure
- QCOMPARE(socketErrorsSpy.count(), 1);
+ QCOMPARE(socketErrorsSpy.size(), 1);
QCOMPARE(qvariant_cast<QAbstractSocket::SocketError>(socketErrorsSpy.at(0).at(0)), QAbstractSocket::SslHandshakeFailedError);
- QCOMPARE(sslErrorsSpy.count(), 0);
- QCOMPARE(peerVerifyErrorSpy.count(), 0);
- QCOMPARE(connectionEncryptedSpy.count(), 0);
+ QCOMPARE(sslErrorsSpy.size(), 0);
+ QCOMPARE(peerVerifyErrorSpy.size(), 0);
+ QCOMPARE(connectionEncryptedSpy.size(), 0);
QVERIFY(!socket.isEncrypted());
break;
case PskConnectRightCredentialsPeerVerifyFailure:
// Peer verification failure
- QCOMPARE(socketErrorsSpy.count(), 1);
+ QCOMPARE(socketErrorsSpy.size(), 1);
QCOMPARE(qvariant_cast<QAbstractSocket::SocketError>(socketErrorsSpy.at(0).at(0)), QAbstractSocket::SslHandshakeFailedError);
- QCOMPARE(sslErrorsSpy.count(), 1);
- QCOMPARE(peerVerifyErrorSpy.count(), 1);
- QCOMPARE(connectionEncryptedSpy.count(), 0);
+ QCOMPARE(sslErrorsSpy.size(), 1);
+ QCOMPARE(peerVerifyErrorSpy.size(), 1);
+ QCOMPARE(connectionEncryptedSpy.size(), 0);
QVERIFY(!socket.isEncrypted());
break;
case PskConnectRightCredentialsVerifyPeer:
// Peer verification failure, but ignore it and keep connecting
- QCOMPARE(socketErrorsSpy.count(), 0);
- QCOMPARE(sslErrorsSpy.count(), 1);
- QCOMPARE(peerVerifyErrorSpy.count(), 1);
- QCOMPARE(connectionEncryptedSpy.count(), 1);
+ QCOMPARE(socketErrorsSpy.size(), 0);
+ QCOMPARE(sslErrorsSpy.size(), 1);
+ QCOMPARE(peerVerifyErrorSpy.size(), 1);
+ QCOMPARE(connectionEncryptedSpy.size(), 1);
QVERIFY(socket.isEncrypted());
QCOMPARE(socket.state(), QAbstractSocket::ConnectedState);
break;
case PskConnectRightCredentialsDoNotVerifyPeer:
// No peer verification => no failure
- QCOMPARE(socketErrorsSpy.count(), 0);
- QCOMPARE(sslErrorsSpy.count(), 0);
- QCOMPARE(peerVerifyErrorSpy.count(), 0);
- QCOMPARE(connectionEncryptedSpy.count(), 1);
+ QCOMPARE(socketErrorsSpy.size(), 0);
+ QCOMPARE(sslErrorsSpy.size(), 0);
+ QCOMPARE(peerVerifyErrorSpy.size(), 0);
+ QCOMPARE(connectionEncryptedSpy.size(), 1);
QVERIFY(socket.isEncrypted());
QCOMPARE(socket.state(), QAbstractSocket::ConnectedState);
break;
@@ -4244,7 +4294,7 @@ void tst_QSslSocket::simplePskConnect()
}
QCOMPARE(socket.state(), QAbstractSocket::UnconnectedState);
- QCOMPARE(disconnectedSpy.count(), 1);
+ QCOMPARE(disconnectedSpy.size(), 1);
}
void tst_QSslSocket::ephemeralServerKey_data()
@@ -4277,7 +4327,7 @@ void tst_QSslSocket::ephemeralServerKey()
client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort());
spy.wait();
- QCOMPARE(spy.count(), 1);
+ QCOMPARE(spy.size(), 1);
QVERIFY(server.config.ephemeralServerKey().isNull());
QCOMPARE(client->sslConfiguration().ephemeralServerKey().isNull(), emptyKey);
}
@@ -4340,22 +4390,22 @@ void tst_QSslSocket::pskServer()
QCOMPARE(socket.state(), QAbstractSocket::ConnectedState);
QCOMPARE(socket.mode(), QSslSocket::UnencryptedMode);
QVERIFY(!socket.isEncrypted());
- QCOMPARE(connectedSpy.count(), 1);
- QCOMPARE(disconnectedSpy.count(), 0);
+ QCOMPARE(connectedSpy.size(), 1);
+ QCOMPARE(disconnectedSpy.size(), 0);
// Enter encrypted mode
socket.startClientEncryption();
QCOMPARE(socket.mode(), QSslSocket::SslClientMode);
QVERIFY(!socket.isEncrypted());
- QCOMPARE(connectionEncryptedSpy.count(), 0);
+ QCOMPARE(connectionEncryptedSpy.size(), 0);
// Start handshake.
enterLoop(10);
// We must get the PSK signal in all cases
- QCOMPARE(pskAuthenticationRequiredSpy.count(), 1);
+ QCOMPARE(pskAuthenticationRequiredSpy.size(), 1);
- QCOMPARE(connectionEncryptedSpy.count(), 1);
+ QCOMPARE(connectionEncryptedSpy.size(), 1);
QVERIFY(socket.isEncrypted());
QCOMPARE(socket.state(), QAbstractSocket::ConnectedState);
@@ -4368,7 +4418,7 @@ void tst_QSslSocket::pskServer()
enterLoop(10);
QCOMPARE(socket.state(), QAbstractSocket::UnconnectedState);
- QCOMPARE(disconnectedSpy.count(), 1);
+ QCOMPARE(disconnectedSpy.size(), 1);
}
void tst_QSslSocket::signatureAlgorithm_data()
@@ -4521,7 +4571,7 @@ void tst_QSslSocket::forwardReadChannelFinished()
&QTestEventLoop::instance(), &QTestEventLoop::exitLoop);
socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
enterLoop(10);
- QVERIFY(readChannelFinishedSpy.count());
+ QVERIFY(readChannelFinishedSpy.size());
}
#endif // QT_CONFIG(openssl)
@@ -4543,7 +4593,7 @@ void tst_QSslSocket::unsupportedProtocols()
return;
QFETCH(const QSsl::SslProtocol, unsupportedProtocol);
- const int timeoutMS = 500;
+ constexpr auto timeout = 500ms;
// Test a client socket.
{
// 0. connectToHostEncrypted: client-side, non-blocking API, error is discovered
@@ -4565,7 +4615,7 @@ void tst_QSslSocket::unsupportedProtocols()
QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError);
socket.connectToHost(QHostAddress::LocalHost, server.serverPort());
- QVERIFY(socket.waitForConnected(timeoutMS));
+ QVERIFY(socket.waitForConnected(int(timeout.count())));
socket.setProtocol(unsupportedProtocol);
socket.startClientEncryption();
@@ -4590,7 +4640,7 @@ void tst_QSslSocket::unsupportedProtocols()
QTcpSocket client;
client.connectToHost(QHostAddress::LocalHost, server.serverPort());
- loop.enterLoopMSecs(timeoutMS);
+ loop.enterLoop(timeout);
QVERIFY(!loop.timeout());
QVERIFY(server.socket);
QCOMPARE(server.socket->error(), QAbstractSocket::SslInvalidUserDataError);
@@ -4603,13 +4653,15 @@ void tst_QSslSocket::oldErrorsOnSocketReuse()
if (setProxy)
return; // not relevant
SslServer server;
- server.protocol = Test::TlsV1_1;
+ if (!isTestingOpenSsl)
+ server.protocol = Test::TlsV1_1;
server.m_certFile = testDataDir + "certs/fluke.cert";
server.m_keyFile = testDataDir + "certs/fluke.key";
QVERIFY(server.listen(QHostAddress::SpecialAddress::LocalHost));
QSslSocket socket;
- socket.setProtocol(Test::TlsV1_1);
+ if (!isTestingOpenSsl)
+ socket.setProtocol(Test::TlsV1_1);
QList<QSslError> errorList;
auto connection = connect(&socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors),
[&socket, &errorList](const QList<QSslError> &errors) {
@@ -4695,7 +4747,7 @@ void tst_QSslSocket::alertMissingCertificate()
connect(&clientSocket, &QAbstractSocket::errorOccurred, earlyQuitter);
connect(&server, &SslServer::socketError, earlyQuitter);
- runner.enterLoopMSecs(1000);
+ runner.enterLoop(1s);
if (clientSocket.isEncrypted()) {
// When using TLS 1.3 the client side thinks it is connected very
@@ -4703,11 +4755,11 @@ void tst_QSslSocket::alertMissingCertificate()
// inevitable disconnect.
QCOMPARE(clientSocket.sessionProtocol(), QSsl::TlsV1_3);
connect(&clientSocket, &QSslSocket::disconnected, &runner, &QTestEventLoop::exitLoop);
- runner.enterLoopMSecs(10000);
+ runner.enterLoop(10s);
}
- QVERIFY(serverSpy.count() > 0);
- QVERIFY(clientSpy.count() > 0);
+ QVERIFY(serverSpy.size() > 0);
+ QVERIFY(clientSpy.size() > 0);
QVERIFY(server.socket && !server.socket->isEncrypted());
QVERIFY(!clientSocket.isEncrypted());
}
@@ -4758,11 +4810,11 @@ void tst_QSslSocket::alertInvalidCertificate()
connect(&clientSocket, &QAbstractSocket::errorOccurred, earlyQuitter);
connect(&server, &SslServer::socketError, earlyQuitter);
- runner.enterLoopMSecs(1000);
+ runner.enterLoop(1s);
- QVERIFY(serverSpy.count() > 0);
- QVERIFY(clientSpy.count() > 0);
- QVERIFY(interruptedSpy.count() > 0);
+ QVERIFY(serverSpy.size() > 0);
+ QVERIFY(clientSpy.size() > 0);
+ QVERIFY(interruptedSpy.size() > 0);
QVERIFY(server.socket && !server.socket->isEncrypted());
QVERIFY(!clientSocket.isEncrypted());
}
@@ -4886,17 +4938,17 @@ void tst_QSslSocket::selfSignedCertificates()
connect(&clientSocket, &QAbstractSocket::errorOccurred, earlyQuitter);
connect(&server, &SslServer::socketError, earlyQuitter);
- runner.enterLoopMSecs(1000);
+ runner.enterLoop(1s);
if (clientKnown) {
- QCOMPARE(serverSpy.count(), 0);
- QCOMPARE(clientSpy.count(), 0);
+ QCOMPARE(serverSpy.size(), 0);
+ QCOMPARE(clientSpy.size(), 0);
QVERIFY(server.socket && server.socket->isEncrypted());
QVERIFY(clientSocket.isEncrypted());
} else {
- QVERIFY(serverSpy.count() > 0);
+ QVERIFY(serverSpy.size() > 0);
QEXPECT_FAIL("", "Failing to trigger signal, QTBUG-81661", Continue);
- QVERIFY(clientSpy.count() > 0);
+ QVERIFY(clientSpy.size() > 0);
QVERIFY(server.socket && !server.socket->isEncrypted());
QVERIFY(!clientSocket.isEncrypted());
}
@@ -5024,18 +5076,18 @@ void tst_QSslSocket::pskHandshake()
connect(&clientSocket, &QAbstractSocket::errorOccurred, earlyQuitter);
connect(&server, &SslServer::socketError, earlyQuitter);
- runner.enterLoopMSecs(1000);
+ runner.enterLoop(1s);
if (pskRight) {
- QCOMPARE(serverSpy.count(), 0);
- QCOMPARE(clientSpy.count(), 0);
+ QCOMPARE(serverSpy.size(), 0);
+ QCOMPARE(clientSpy.size(), 0);
QVERIFY(server.socket && server.socket->isEncrypted());
QVERIFY(clientSocket.isEncrypted());
} else {
- QVERIFY(serverSpy.count() > 0);
+ QVERIFY(serverSpy.size() > 0);
QCOMPARE(serverSpy.first().at(0).toInt(), static_cast<int>(QSsl::AlertLevel::Fatal));
QCOMPARE(serverSpy.first().at(1).toInt(), static_cast<int>(QSsl::AlertType::BadRecordMac));
- QVERIFY(clientSpy.count() > 0);
+ QVERIFY(clientSpy.size() > 0);
QCOMPARE(clientSpy.first().at(0).toInt(), static_cast<int>(QSsl::AlertLevel::Fatal));
QCOMPARE(clientSpy.first().at(1).toInt(), static_cast<int>(QSsl::AlertType::BadRecordMac));
QVERIFY(server.socket && !server.socket->isEncrypted());
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-09 21:11:48 +0000