diff options
Diffstat (limited to 'tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp')
-rw-r--r-- | tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 102 |
1 files changed, 53 insertions, 49 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 8e2dc13cfc..e0364c7155 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -77,7 +77,7 @@ typedef QSharedPointer<QSslSocket> QSslSocketPtr; // Detect ALPN (Application-Layer Protocol Negotiation) support #undef ALPN_SUPPORTED // Undef the variable first to be safe -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) +#if defined(OPENSSL_VERSION_NUMBER) && !defined(OPENSSL_NO_TLSEXT) #define ALPN_SUPPORTED 1 #endif @@ -94,11 +94,13 @@ typedef QSharedPointer<QSslSocket> QSslSocketPtr; // Use this cipher to force PSK key sharing. // Also, it's a cipher w/o auth, to check that we emit the signals warning // about the identity of the peer. +#ifndef QT_NO_OPENSSL static const QString PSK_CIPHER_WITHOUT_AUTH = QStringLiteral("PSK-AES256-CBC-SHA"); static const quint16 PSK_SERVER_PORT = 4433; static const QByteArray PSK_CLIENT_PRESHAREDKEY = QByteArrayLiteral("\x1a\x2b\x3c\x4d\x5e\x6f"); static const QByteArray PSK_SERVER_IDENTITY_HINT = QByteArrayLiteral("QtTestServerHint"); static const QByteArray PSK_CLIENT_IDENTITY = QByteArrayLiteral("Client_identity"); +#endif // !QT_NO_OPENSSL class tst_QSslSocket : public QObject { @@ -525,7 +527,7 @@ void tst_QSslSocket::constructing() QCOMPARE(socket.write(0, 0), qint64(-1)); QTest::ignoreMessage(QtWarningMsg, writeNotOpenMessage); QCOMPARE(socket.write(QByteArray()), qint64(-1)); - QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError); + QCOMPARE(socket.socketError(), QAbstractSocket::UnknownSocketError); QVERIFY(!socket.flush()); QVERIFY(!socket.isValid()); QCOMPARE(socket.localAddress(), QHostAddress()); @@ -731,7 +733,7 @@ void tst_QSslSocket::sslErrors() // check the SSL errors contain HostNameMismatch and an error due to // the certificate being self-signed SslErrorList sslErrors; - const auto socketSslErrors = socket->sslErrors(); + const auto socketSslErrors = socket->sslHandshakeErrors(); for (const QSslError &err : socketSslErrors) sslErrors << err.error(); std::sort(sslErrors.begin(), sslErrors.end()); @@ -826,7 +828,9 @@ void tst_QSslSocket::connectToHostEncrypted() socket->setProtocol(QSsl::SslProtocol::TlsV1_1); #endif this->socket = socket.data(); - QVERIFY(socket->addCaCertificates(httpServerCertChainPath())); + auto config = socket->sslConfiguration(); + QVERIFY(config.addCaCertificates(httpServerCertChainPath())); + socket->setSslConfiguration(config); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(untrustedWorkaroundSlot(QList<QSslError>))); @@ -863,7 +867,9 @@ void tst_QSslSocket::connectToHostEncryptedWithVerificationPeerName() #endif this->socket = socket.data(); - socket->addCaCertificates(httpServerCertChainPath()); + auto config = socket->sslConfiguration(); + config.addCaCertificates(httpServerCertChainPath()); + socket->setSslConfiguration(config); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(untrustedWorkaroundSlot(QList<QSslError>))); @@ -968,7 +974,9 @@ void tst_QSslSocket::peerCertificateChain() this->socket = socket.data(); QList<QSslCertificate> caCertificates = QSslCertificate::fromPath(httpServerCertChainPath()); QCOMPARE(caCertificates.count(), 1); - socket->addCaCertificates(caCertificates); + auto config = socket->sslConfiguration(); + config.addCaCertificates(caCertificates); + socket->setSslConfiguration(config); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(untrustedWorkaroundSlot(QList<QSslError>))); @@ -1097,7 +1105,6 @@ void tst_QSslSocket::protocol() QCOMPARE(socket->protocol(), QSsl::TlsV1_0); socket->abort(); } -#if OPENSSL_VERSION_NUMBER >= 0x10001000L { // qt-test-server probably doesn't allow TLSV1.1 socket->setProtocol(QSsl::TlsV1_1); @@ -1134,7 +1141,7 @@ void tst_QSslSocket::protocol() QCOMPARE(socket->protocol(), QSsl::TlsV1_2); socket->abort(); } -#endif + #ifdef TLS1_3_VERSION { // qt-test-server probably doesn't allow TLSV1.3 @@ -1227,10 +1234,10 @@ signals: protected: void incomingConnection(qintptr socketDescriptor) { + QSslConfiguration configuration = config; socket = new QSslSocket(this); - socket->setSslConfiguration(config); - socket->setPeerVerifyMode(peerVerifyMode); - socket->setProtocol(protocol); + configuration.setPeerVerifyMode(peerVerifyMode); + configuration.setProtocol(protocol); if (ignoreSslErrors) connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SIGNAL(socketError(QAbstractSocket::SocketError))); @@ -1239,14 +1246,14 @@ protected: QVERIFY(file.open(QIODevice::ReadOnly)); QSslKey key(file.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey); QVERIFY(!key.isNull()); - socket->setPrivateKey(key); + configuration.setPrivateKey(key); // Add CA certificates to verify client certificate if (!addCaCertificates.isEmpty()) { QList<QSslCertificate> caCert = QSslCertificate::fromPath(addCaCertificates); QVERIFY(!caCert.isEmpty()); QVERIFY(!caCert.first().isNull()); - socket->addCaCertificates(caCert); + configuration.addCaCertificates(caCert); } // If we have a cert issued directly from the CA @@ -1254,9 +1261,8 @@ protected: QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile); QVERIFY(!localCert.isEmpty()); QVERIFY(!localCert.first().isNull()); - socket->setLocalCertificate(localCert.first()); - } - else { + configuration.setLocalCertificate(localCert.first()); + } else { QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile); QVERIFY(!localCert.isEmpty()); QVERIFY(!localCert.first().isNull()); @@ -1265,14 +1271,12 @@ protected: QVERIFY(!interCert.isEmpty()); QVERIFY(!interCert.first().isNull()); - socket->setLocalCertificateChain(localCert + interCert); + configuration.setLocalCertificateChain(localCert + interCert); } - if (!ciphers.isEmpty()) { - auto sslConfig = socket->sslConfiguration(); - sslConfig.setCiphers(ciphers); - socket->setSslConfiguration(sslConfig); - } + if (!ciphers.isEmpty()) + configuration.setCiphers(ciphers); + socket->setSslConfiguration(configuration); QVERIFY(socket->setSocketDescriptor(socketDescriptor, QAbstractSocket::ConnectedState)); QVERIFY(!socket->peerAddress().isNull()); @@ -1386,16 +1390,16 @@ void tst_QSslSocket::protocolServerSide() QAbstractSocket::SocketState expectedState = (works) ? QAbstractSocket::ConnectedState : QAbstractSocket::UnconnectedState; // Determine whether the client or the server caused the event loop // to quit due to a socket error, and investigate the culprit. - if (client.error() != QAbstractSocket::UnknownSocketError) { + if (client.socketError() != QAbstractSocket::UnknownSocketError) { // It can happen that the client, after TCP connection established, before // incomingConnection() slot fired, hits TLS initialization error and stops // the loop, so the server socket is not created yet. if (server.socket) - QVERIFY(server.socket->error() == QAbstractSocket::UnknownSocketError); + QVERIFY(server.socket->socketError() == QAbstractSocket::UnknownSocketError); QCOMPARE(client.state(), expectedState); - } else if (server.socket->error() != QAbstractSocket::UnknownSocketError) { - QVERIFY(client.error() == QAbstractSocket::UnknownSocketError); + } else if (server.socket->socketError() != QAbstractSocket::UnknownSocketError) { + QVERIFY(client.socketError() == QAbstractSocket::UnknownSocketError); QCOMPARE(server.socket->state(), expectedState); } @@ -1751,7 +1755,8 @@ void tst_QSslSocket::addDefaultCaCertificate() QCOMPARE(flukeCerts.size(), 1); QList<QSslCertificate> globalCerts = QSslConfiguration::defaultConfiguration().caCertificates(); QVERIFY(!globalCerts.contains(flukeCerts.first())); - QSslSocket::addDefaultCaCertificate(flukeCerts.first()); + sslConfig.addCaCertificate(flukeCerts.first()); + QSslConfiguration::setDefaultConfiguration(sslConfig); QCOMPARE(QSslConfiguration::defaultConfiguration().caCertificates().size(), globalCerts.size() + 1); QVERIFY(QSslConfiguration::defaultConfiguration().caCertificates() @@ -1944,7 +1949,9 @@ void tst_QSslSocket::wildcard() // responds with the wildcard, and QSslSocket should accept that as a // valid connection. This was broken in 4.3.0. QSslSocketPtr socket = newSocket(); - socket->addCaCertificates(QLatin1String("certs/aspiriniks.ca.crt")); + auto config = socket->sslConfiguration(); + config.addCaCertificates(QLatin1String("certs/aspiriniks.ca.crt")); + socket->setSslConfiguration(config); this->socket = socket.data(); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket, SIGNAL(sslErrors(QList<QSslError>)), @@ -2004,7 +2011,7 @@ void tst_QSslSocket::setEmptyKey() QTestEventLoop::instance().enterLoop(2); QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); - QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError); + QCOMPARE(socket.socketError(), QAbstractSocket::UnknownSocketError); } void tst_QSslSocket::spontaneousWrite() @@ -2426,7 +2433,7 @@ void tst_QSslSocket::verifyMode() QList<QSslError> expectedErrors = QList<QSslError>() << QSslError(FLUKE_CERTIFICATE_ERROR, socket.peerCertificate()); - QCOMPARE(socket.sslErrors(), expectedErrors); + QCOMPARE(socket.sslHandshakeErrors(), expectedErrors); socket.abort(); VerifyServer server; @@ -2442,7 +2449,7 @@ void tst_QSslSocket::verifyMode() loop.exec(); QVERIFY(clientSocket.isEncrypted()); - QVERIFY(server.socket->sslErrors().isEmpty()); + QVERIFY(server.socket->sslHandshakeErrors().isEmpty()); } void tst_QSslSocket::verifyDepth() @@ -2575,7 +2582,9 @@ void tst_QSslSocket::resetProxy() // make sure the connection works, and then set a nonsense proxy, and then // make sure it does not work anymore QSslSocket socket; - socket.addCaCertificates(httpServerCertChainPath()); + auto config = socket.sslConfiguration(); + config.addCaCertificates(httpServerCertChainPath()); + socket.setSslConfiguration(config); socket.setProxy(goodProxy); socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket.waitForConnected(10000), qPrintable(socket.errorString())); @@ -2594,7 +2603,9 @@ void tst_QSslSocket::resetProxy() // set the nonsense proxy and make sure the connection does not work, // and then set the right proxy and make sure it works QSslSocket socket2; - socket2.addCaCertificates(httpServerCertChainPath()); + auto config2 = socket.sslConfiguration(); + config2.addCaCertificates(httpServerCertChainPath()); + socket2.setSslConfiguration(config2); socket2.setProxy(badProxy); socket2.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QVERIFY(! socket2.waitForConnected(10000)); @@ -2635,7 +2646,6 @@ void tst_QSslSocket::ignoreSslErrorsList() connect(&socket, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)), this, SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*))); -// this->socket = &socket; QSslCertificate cert; QFETCH(QList<QSslError>, expectedSslErrors); @@ -2773,11 +2783,11 @@ void tst_QSslSocket::writeBigChunk() // no better way to do this right now since the error is the same as the default error. if (socket->errorString().startsWith(QLatin1String("Unable to write data"))) { - qWarning() << socket->error() << socket->errorString(); + qWarning() << socket->socketError() << socket->errorString(); QFAIL("Error while writing! Check if the OpenSSL BIO size is limited?!"); } // also check the error string. If another error (than UnknownError) occurred, it should be different than before - QVERIFY2(errorBefore == errorAfter || socket->error() == QAbstractSocket::RemoteHostClosedError, + QVERIFY2(errorBefore == errorAfter || socket->socketError() == QAbstractSocket::RemoteHostClosedError, QByteArray("unexpected error: ").append(qPrintable(errorAfter))); // check that everything has been written to OpenSSL @@ -2816,7 +2826,7 @@ void tst_QSslSocket::blacklistedCertificates() connect(receiver, SIGNAL(sslErrors(QList<QSslError>)), SLOT(exitLoop())); connect(receiver, SIGNAL(encrypted()), SLOT(exitLoop())); enterLoop(1); - QList<QSslError> sslErrors = receiver->sslErrors(); + QList<QSslError> sslErrors = receiver->sslHandshakeErrors(); QVERIFY(sslErrors.count() > 0); // there are more errors (self signed cert and hostname mismatch), but we only care about the blacklist error QCOMPARE(sslErrors.at(0).error(), QSslError::CertificateBlacklisted); @@ -2972,7 +2982,7 @@ void tst_QSslSocket::resume() QCOMPARE(encryptedSpy.count(), 0); QVERIFY(!socket.isEncrypted()); QCOMPARE(errorSpy.count(), 1); - QCOMPARE(socket.error(), QAbstractSocket::SslHandshakeFailedError); + QCOMPARE(socket.socketError(), QAbstractSocket::SslHandshakeFailedError); } } @@ -4043,9 +4053,6 @@ void tst_QSslSocket::ephemeralServerKey_data() QTest::addColumn<QString>("cipher"); QTest::addColumn<bool>("emptyKey"); -#if !QT_CONFIG(opensslv11) // 1.1 drops support for RC4-SHA - QTest::newRow("NonForwardSecrecyCipher") << "RC4-SHA" << true; -#endif // !opensslv11 QTest::newRow("ForwardSecrecyCipher") << "ECDHE-RSA-AES256-SHA" << (QSslSocket::sslLibraryVersionNumber() < 0x10002000L); } @@ -4170,9 +4177,6 @@ void tst_QSslSocket::signatureAlgorithm_data() if (!QSslSocket::supportsSsl()) QSKIP("Signature algorithms cannot be tested without SSL support"); - if (QSslSocket::sslLibraryVersionNumber() < 0x10002000L) - QSKIP("Signature algorithms cannot be tested with OpenSSL < 1.0.2"); - if (QSslSocket::sslLibraryVersionNumber() >= 0x10101000L) { // FIXME: investigate if this test makes any sense with TLS 1.3. QSKIP("Test is not valid for TLS 1.3/OpenSSL 1.1.1"); @@ -4343,9 +4347,9 @@ void tst_QSslSocket::disabledProtocols() // early, preventing any real connection from ever starting. QSslSocket socket; socket.setProtocol(disabledProtocol); - QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError); + QCOMPARE(socket.socketError(), QAbstractSocket::UnknownSocketError); socket.connectToHostEncrypted(QStringLiteral("doesnotmatter.org"), 1010); - QCOMPARE(socket.error(), QAbstractSocket::SslInvalidUserDataError); + QCOMPARE(socket.socketError(), QAbstractSocket::SslInvalidUserDataError); QCOMPARE(socket.state(), QAbstractSocket::UnconnectedState); } { @@ -4355,14 +4359,14 @@ void tst_QSslSocket::disabledProtocols() QVERIFY(server.listen()); QSslSocket socket; - QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError); + QCOMPARE(socket.socketError(), QAbstractSocket::UnknownSocketError); socket.connectToHost(QHostAddress::LocalHost, server.serverPort()); QVERIFY(socket.waitForConnected(timeoutMS)); socket.setProtocol(disabledProtocol); socket.startClientEncryption(); - QCOMPARE(socket.error(), QAbstractSocket::SslInvalidUserDataError); + QCOMPARE(socket.socketError(), QAbstractSocket::SslInvalidUserDataError); } { // 2. waitForEncrypted: client-side, blocking API plus requires from us @@ -4386,7 +4390,7 @@ void tst_QSslSocket::disabledProtocols() loop.enterLoopMSecs(timeoutMS); QVERIFY(!loop.timeout()); QVERIFY(server.socket); - QCOMPARE(server.socket->error(), QAbstractSocket::SslInvalidUserDataError); + QCOMPARE(server.socket->socketError(), QAbstractSocket::SslInvalidUserDataError); } } |