diff options
Diffstat (limited to 'tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp')
-rw-r--r-- | tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 66 |
1 files changed, 35 insertions, 31 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index e599ebf199..5a643c11a2 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -77,7 +77,7 @@ typedef QSharedPointer<QSslSocket> QSslSocketPtr; // Detect ALPN (Application-Layer Protocol Negotiation) support #undef ALPN_SUPPORTED // Undef the variable first to be safe -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) +#if defined(OPENSSL_VERSION_NUMBER) && !defined(OPENSSL_NO_TLSEXT) #define ALPN_SUPPORTED 1 #endif @@ -94,11 +94,13 @@ typedef QSharedPointer<QSslSocket> QSslSocketPtr; // Use this cipher to force PSK key sharing. // Also, it's a cipher w/o auth, to check that we emit the signals warning // about the identity of the peer. +#ifndef QT_NO_OPENSSL static const QString PSK_CIPHER_WITHOUT_AUTH = QStringLiteral("PSK-AES256-CBC-SHA"); static const quint16 PSK_SERVER_PORT = 4433; static const QByteArray PSK_CLIENT_PRESHAREDKEY = QByteArrayLiteral("\x1a\x2b\x3c\x4d\x5e\x6f"); static const QByteArray PSK_SERVER_IDENTITY_HINT = QByteArrayLiteral("QtTestServerHint"); static const QByteArray PSK_CLIENT_IDENTITY = QByteArrayLiteral("Client_identity"); +#endif // !QT_NO_OPENSSL class tst_QSslSocket : public QObject { @@ -825,7 +827,9 @@ void tst_QSslSocket::connectToHostEncrypted() socket->setProtocol(QSsl::SslProtocol::TlsV1_1); #endif this->socket = socket.data(); - QVERIFY(socket->addCaCertificates(httpServerCertChainPath())); + auto config = socket->sslConfiguration(); + QVERIFY(config.addCaCertificates(httpServerCertChainPath())); + socket->setSslConfiguration(config); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(untrustedWorkaroundSlot(QList<QSslError>))); @@ -862,7 +866,9 @@ void tst_QSslSocket::connectToHostEncryptedWithVerificationPeerName() #endif this->socket = socket.data(); - socket->addCaCertificates(httpServerCertChainPath()); + auto config = socket->sslConfiguration(); + config.addCaCertificates(httpServerCertChainPath()); + socket->setSslConfiguration(config); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(untrustedWorkaroundSlot(QList<QSslError>))); @@ -967,7 +973,9 @@ void tst_QSslSocket::peerCertificateChain() this->socket = socket.data(); QList<QSslCertificate> caCertificates = QSslCertificate::fromPath(httpServerCertChainPath()); QCOMPARE(caCertificates.count(), 1); - socket->addCaCertificates(caCertificates); + auto config = socket->sslConfiguration(); + config.addCaCertificates(caCertificates); + socket->setSslConfiguration(config); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(untrustedWorkaroundSlot(QList<QSslError>))); @@ -1096,7 +1104,6 @@ void tst_QSslSocket::protocol() QCOMPARE(socket->protocol(), QSsl::TlsV1_0); socket->abort(); } -#if OPENSSL_VERSION_NUMBER >= 0x10001000L { // qt-test-server probably doesn't allow TLSV1.1 socket->setProtocol(QSsl::TlsV1_1); @@ -1133,7 +1140,7 @@ void tst_QSslSocket::protocol() QCOMPARE(socket->protocol(), QSsl::TlsV1_2); socket->abort(); } -#endif + #ifdef TLS1_3_VERSION { // qt-test-server probably doesn't allow TLSV1.3 @@ -1226,10 +1233,10 @@ signals: protected: void incomingConnection(qintptr socketDescriptor) { + QSslConfiguration configuration = config; socket = new QSslSocket(this); - socket->setSslConfiguration(config); - socket->setPeerVerifyMode(peerVerifyMode); - socket->setProtocol(protocol); + configuration.setPeerVerifyMode(peerVerifyMode); + configuration.setProtocol(protocol); if (ignoreSslErrors) connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SIGNAL(socketError(QAbstractSocket::SocketError))); @@ -1238,14 +1245,14 @@ protected: QVERIFY(file.open(QIODevice::ReadOnly)); QSslKey key(file.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey); QVERIFY(!key.isNull()); - socket->setPrivateKey(key); + configuration.setPrivateKey(key); // Add CA certificates to verify client certificate if (!addCaCertificates.isEmpty()) { QList<QSslCertificate> caCert = QSslCertificate::fromPath(addCaCertificates); QVERIFY(!caCert.isEmpty()); QVERIFY(!caCert.first().isNull()); - socket->addCaCertificates(caCert); + configuration.addCaCertificates(caCert); } // If we have a cert issued directly from the CA @@ -1253,9 +1260,8 @@ protected: QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile); QVERIFY(!localCert.isEmpty()); QVERIFY(!localCert.first().isNull()); - socket->setLocalCertificate(localCert.first()); - } - else { + configuration.setLocalCertificate(localCert.first()); + } else { QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile); QVERIFY(!localCert.isEmpty()); QVERIFY(!localCert.first().isNull()); @@ -1264,14 +1270,12 @@ protected: QVERIFY(!interCert.isEmpty()); QVERIFY(!interCert.first().isNull()); - socket->setLocalCertificateChain(localCert + interCert); + configuration.setLocalCertificateChain(localCert + interCert); } - if (!ciphers.isEmpty()) { - auto sslConfig = socket->sslConfiguration(); - sslConfig.setCiphers(ciphers); - socket->setSslConfiguration(sslConfig); - } + if (!ciphers.isEmpty()) + configuration.setCiphers(ciphers); + socket->setSslConfiguration(configuration); QVERIFY(socket->setSocketDescriptor(socketDescriptor, QAbstractSocket::ConnectedState)); QVERIFY(!socket->peerAddress().isNull()); @@ -1750,7 +1754,8 @@ void tst_QSslSocket::addDefaultCaCertificate() QCOMPARE(flukeCerts.size(), 1); QList<QSslCertificate> globalCerts = QSslConfiguration::defaultConfiguration().caCertificates(); QVERIFY(!globalCerts.contains(flukeCerts.first())); - QSslSocket::addDefaultCaCertificate(flukeCerts.first()); + sslConfig.addCaCertificate(flukeCerts.first()); + QSslConfiguration::setDefaultConfiguration(sslConfig); QCOMPARE(QSslConfiguration::defaultConfiguration().caCertificates().size(), globalCerts.size() + 1); QVERIFY(QSslConfiguration::defaultConfiguration().caCertificates() @@ -1943,7 +1948,9 @@ void tst_QSslSocket::wildcard() // responds with the wildcard, and QSslSocket should accept that as a // valid connection. This was broken in 4.3.0. QSslSocketPtr socket = newSocket(); - socket->addCaCertificates(QLatin1String("certs/aspiriniks.ca.crt")); + auto config = socket->sslConfiguration(); + config.addCaCertificates(QLatin1String("certs/aspiriniks.ca.crt")); + socket->setSslConfiguration(config); this->socket = socket.data(); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket, SIGNAL(sslErrors(QList<QSslError>)), @@ -2574,7 +2581,9 @@ void tst_QSslSocket::resetProxy() // make sure the connection works, and then set a nonsense proxy, and then // make sure it does not work anymore QSslSocket socket; - socket.addCaCertificates(httpServerCertChainPath()); + auto config = socket.sslConfiguration(); + config.addCaCertificates(httpServerCertChainPath()); + socket.setSslConfiguration(config); socket.setProxy(goodProxy); socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket.waitForConnected(10000), qPrintable(socket.errorString())); @@ -2593,7 +2602,9 @@ void tst_QSslSocket::resetProxy() // set the nonsense proxy and make sure the connection does not work, // and then set the right proxy and make sure it works QSslSocket socket2; - socket2.addCaCertificates(httpServerCertChainPath()); + auto config2 = socket.sslConfiguration(); + config2.addCaCertificates(httpServerCertChainPath()); + socket2.setSslConfiguration(config2); socket2.setProxy(badProxy); socket2.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QVERIFY(! socket2.waitForConnected(10000)); @@ -2634,7 +2645,6 @@ void tst_QSslSocket::ignoreSslErrorsList() connect(&socket, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)), this, SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*))); -// this->socket = &socket; QSslCertificate cert; QFETCH(QList<QSslError>, expectedSslErrors); @@ -4042,9 +4052,6 @@ void tst_QSslSocket::ephemeralServerKey_data() QTest::addColumn<QString>("cipher"); QTest::addColumn<bool>("emptyKey"); -#if !QT_CONFIG(opensslv11) // 1.1 drops support for RC4-SHA - QTest::newRow("NonForwardSecrecyCipher") << "RC4-SHA" << true; -#endif // !opensslv11 QTest::newRow("ForwardSecrecyCipher") << "ECDHE-RSA-AES256-SHA" << (QSslSocket::sslLibraryVersionNumber() < 0x10002000L); } @@ -4169,9 +4176,6 @@ void tst_QSslSocket::signatureAlgorithm_data() if (!QSslSocket::supportsSsl()) QSKIP("Signature algorithms cannot be tested without SSL support"); - if (QSslSocket::sslLibraryVersionNumber() < 0x10002000L) - QSKIP("Signature algorithms cannot be tested with OpenSSL < 1.0.2"); - if (QSslSocket::sslLibraryVersionNumber() >= 0x10101000L) { // FIXME: investigate if this test makes any sense with TLS 1.3. QSKIP("Test is not valid for TLS 1.3/OpenSSL 1.1.1"); |