diff options
Diffstat (limited to 'tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp')
-rw-r--r-- | tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 128 |
1 files changed, 105 insertions, 23 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index b95b72a41e..257df13343 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -170,6 +170,9 @@ private slots: void protocol(); void protocolServerSide_data(); void protocolServerSide(); +#ifndef QT_NO_OPENSSL + void serverCipherPreferences(); +#endif // QT_NO_OPENSSL void setCaCertificates(); void setLocalCertificate(); void localCertificateChain(); @@ -463,7 +466,9 @@ void tst_QSslSocket::constructing() QCOMPARE(socket.peerAddress(), QHostAddress()); QVERIFY(socket.peerName().isEmpty()); QCOMPARE(socket.peerPort(), quint16(0)); +#ifndef QT_NO_NETWORKPROXY QCOMPARE(socket.proxy().type(), QNetworkProxy::DefaultProxy); +#endif QCOMPARE(socket.readBufferSize(), qint64(0)); QCOMPARE(socket.socketDescriptor(), (qintptr)-1); QCOMPARE(socket.socketType(), QAbstractSocket::TcpSocket); @@ -817,7 +822,7 @@ void tst_QSslSocket::peerCertificateChain() this->socket = socket.data(); QList<QSslCertificate> caCertificates = QSslCertificate::fromPath(QLatin1String(SRCDIR "certs/qt-test-server-cacert.pem")); - QVERIFY(caCertificates.count() == 1); + QCOMPARE(caCertificates.count(), 1); socket->addCaCertificates(caCertificates); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), @@ -863,7 +868,7 @@ void tst_QSslSocket::peerCertificateChain() QSKIP("Skipping flaky test - See QTBUG-29941"); QCOMPARE(socket->peerCertificateChain().first(), socket->peerCertificate()); - QVERIFY(socket->peerCertificateChain() == certChain); + QCOMPARE(socket->peerCertificateChain(), certChain); socket->disconnectFromHost(); QVERIFY(socket->waitForDisconnected()); @@ -1063,6 +1068,7 @@ public: const QString &certFile = SRCDIR "certs/fluke.cert", const QString &interFile = QString()) : socket(0), + config(QSslConfiguration::defaultConfiguration()), ignoreSslErrors(true), peerVerifyMode(QSslSocket::AutoVerifyPeer), protocol(QSsl::TlsV1_0), @@ -1071,6 +1077,7 @@ public: m_interFile(interFile) { } QSslSocket *socket; + QSslConfiguration config; QString addCaCertificates; bool ignoreSslErrors; QSslSocket::PeerVerifyMode peerVerifyMode; @@ -1084,6 +1091,7 @@ protected: void incomingConnection(qintptr socketDescriptor) { socket = new QSslSocket(this); + socket->setSslConfiguration(config); socket->setPeerVerifyMode(peerVerifyMode); socket->setProtocol(protocol); if (ignoreSslErrors) @@ -1254,6 +1262,78 @@ void tst_QSslSocket::protocolServerSide() QCOMPARE(client->isEncrypted(), works); } +#ifndef QT_NO_OPENSSL + +void tst_QSslSocket::serverCipherPreferences() +{ + if (!QSslSocket::supportsSsl()) { + qWarning("SSL not supported, skipping test"); + return; + } + + QFETCH_GLOBAL(bool, setProxy); + if (setProxy) + return; + + // First using the default (server preference) + { + SslServer server; + server.ciphers = QString("AES128-SHA:AES256-SHA"); + QVERIFY(server.listen()); + + QEventLoop loop; + QTimer::singleShot(5000, &loop, SLOT(quit())); + + QSslSocketPtr client(new QSslSocket); + socket = client.data(); + socket->setCiphers("AES256-SHA:AES128-SHA"); + + // upon SSL wrong version error, error will be triggered, not sslErrors + connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), &loop, SLOT(quit())); + connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); + connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit())); + + client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); + + loop.exec(); + + QVERIFY(client->isEncrypted()); + QCOMPARE(client->sessionCipher().name(), QString("AES128-SHA")); + } + + { + // Now using the client preferences + SslServer server; + QSslConfiguration config = QSslConfiguration::defaultConfiguration(); + config.setSslOption(QSsl::SslOptionDisableServerCipherPreference, true); + server.config = config; + server.ciphers = QString("AES128-SHA:AES256-SHA"); + QVERIFY(server.listen()); + + QEventLoop loop; + QTimer::singleShot(5000, &loop, SLOT(quit())); + + QSslSocketPtr client(new QSslSocket); + socket = client.data(); + socket->setCiphers("AES256-SHA:AES128-SHA"); + + // upon SSL wrong version error, error will be triggered, not sslErrors + connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), &loop, SLOT(quit())); + connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); + connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit())); + + client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); + + loop.exec(); + + QVERIFY(client->isEncrypted()); + QCOMPARE(client->sessionCipher().name(), QString("AES256-SHA")); + } +} + +#endif // QT_NO_OPENSSL + + void tst_QSslSocket::setCaCertificates() { if (!QSslSocket::supportsSsl()) @@ -1655,7 +1735,7 @@ void tst_QSslSocket::spontaneousWrite() QSslSocket *sender = server.socket; QVERIFY(sender); - QVERIFY(sender->state() == QAbstractSocket::ConnectedState); + QCOMPARE(sender->state(), QAbstractSocket::ConnectedState); receiver->setObjectName("receiver"); sender->setObjectName("sender"); receiver->ignoreSslErrors(); @@ -1700,7 +1780,7 @@ void tst_QSslSocket::setReadBufferSize() QSslSocket *sender = server.socket; QVERIFY(sender); - QVERIFY(sender->state() == QAbstractSocket::ConnectedState); + QCOMPARE(sender->state(), QAbstractSocket::ConnectedState); receiver->setObjectName("receiver"); sender->setObjectName("sender"); receiver->ignoreSslErrors(); @@ -2109,6 +2189,7 @@ void tst_QSslSocket::disconnectFromHostWhenConnected() void tst_QSslSocket::resetProxy() { +#ifndef QT_NO_NETWORKPROXY QFETCH_GLOBAL(bool, setProxy); if (setProxy) return; @@ -2148,6 +2229,7 @@ void tst_QSslSocket::resetProxy() socket2.setProxy(goodProxy); socket2.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); QVERIFY2(socket2.waitForConnected(10000), qPrintable(socket.errorString())); +#endif // QT_NO_NETWORKPROXY } void tst_QSslSocket::ignoreSslErrorsList_data() @@ -2254,7 +2336,7 @@ void tst_QSslSocket::readFromClosedSocket() socket->close(); QVERIFY(!socket->bytesAvailable()); QVERIFY(!socket->bytesToWrite()); - QVERIFY(socket->state() == QAbstractSocket::UnconnectedState); + QCOMPARE(socket->state(), QAbstractSocket::UnconnectedState); } void tst_QSslSocket::writeBigChunk() @@ -2281,7 +2363,7 @@ void tst_QSslSocket::writeBigChunk() QString errorBefore = socket->errorString(); int ret = socket->write(data.constData(), data.size()); - QVERIFY(data.size() == ret); + QCOMPARE(data.size(), ret); // spin the event loop once so QSslSocket::transmit() gets called QCoreApplication::processEvents(); @@ -2298,7 +2380,7 @@ void tst_QSslSocket::writeBigChunk() QByteArray("unexpected error: ").append(qPrintable(errorAfter))); // check that everything has been written to OpenSSL - QVERIFY(socket->bytesToWrite() == 0); + QCOMPARE(socket->bytesToWrite(), 0); socket->close(); } @@ -2322,7 +2404,7 @@ void tst_QSslSocket::blacklistedCertificates() QSslSocket *sender = server.socket; QVERIFY(sender); - QVERIFY(sender->state() == QAbstractSocket::ConnectedState); + QCOMPARE(sender->state(), QAbstractSocket::ConnectedState); receiver->setObjectName("receiver"); sender->setObjectName("sender"); receiver->startClientEncryption(); @@ -2354,28 +2436,28 @@ void tst_QSslSocket::sslOptions() #ifdef SSL_OP_NO_COMPRESSION QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols, QSslConfigurationPrivate::defaultSslOptions), - long(SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION)); + long(SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION|SSL_OP_CIPHER_SERVER_PREFERENCE)); #else QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols, QSslConfigurationPrivate::defaultSslOptions), - long(SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3)); + long(SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_CIPHER_SERVER_PREFERENCE)); #endif QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols, QSsl::SslOptionDisableEmptyFragments |QSsl::SslOptionDisableLegacyRenegotiation), - long(SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3)); + long(SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_CIPHER_SERVER_PREFERENCE)); #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols, QSsl::SslOptionDisableEmptyFragments), - long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))); + long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION|SSL_OP_CIPHER_SERVER_PREFERENCE))); #endif #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols, QSsl::SslOptionDisableLegacyRenegotiation), - long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3) & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)); + long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_CIPHER_SERVER_PREFERENCE) & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)); #endif #ifdef SSL_OP_NO_TICKET @@ -2383,7 +2465,7 @@ void tst_QSslSocket::sslOptions() QSsl::SslOptionDisableEmptyFragments |QSsl::SslOptionDisableLegacyRenegotiation |QSsl::SslOptionDisableSessionTickets), - long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET))); + long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET|SSL_OP_CIPHER_SERVER_PREFERENCE))); #endif #ifdef SSL_OP_NO_TICKET @@ -2393,7 +2475,7 @@ void tst_QSslSocket::sslOptions() |QSsl::SslOptionDisableLegacyRenegotiation |QSsl::SslOptionDisableSessionTickets |QSsl::SslOptionDisableCompression), - long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET|SSL_OP_NO_COMPRESSION))); + long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET|SSL_OP_NO_COMPRESSION|SSL_OP_CIPHER_SERVER_PREFERENCE))); #endif #endif } @@ -2648,9 +2730,9 @@ void tst_QSslSocket::qtbug18498_peek2() while (client->bytesAvailable() < 7 && stopwatch.elapsed() < 5000) QTest::qWait(100); char c; - QVERIFY(client->peek(&c,1) == 1); + QCOMPARE(client->peek(&c,1), 1); QCOMPARE(c, 'H'); - QVERIFY(client->read(&c,1) == 1); + QCOMPARE(client->read(&c,1), 1); QCOMPARE(c, 'H'); QByteArray b = client->peek(2); QCOMPARE(b, QByteArray("EL")); @@ -2686,7 +2768,7 @@ void tst_QSslSocket::qtbug18498_peek2() // ### Qt5 use QTRY_VERIFY while (server->bytesAvailable() < 10 && stopwatch.elapsed() < 5000) QTest::qWait(100); - QVERIFY(server->peek(&c,1) == 1); + QCOMPARE(server->peek(&c,1), 1); QCOMPARE(c, 'S'); b = server->peek(3); QCOMPARE(b, QByteArray("STA")); @@ -2722,9 +2804,9 @@ void tst_QSslSocket::qtbug18498_peek2() while (client->bytesAvailable() < 7 && stopwatch.elapsed() < 5000) QTest::qWait(100); QVERIFY(server->mode() == QSslSocket::SslServerMode && client->mode() == QSslSocket::SslClientMode); - QVERIFY(client->peek(&c,1) == 1); + QCOMPARE(client->peek(&c,1), 1); QCOMPARE(c, 'h'); - QVERIFY(client->read(&c,1) == 1); + QCOMPARE(client->read(&c,1), 1); QCOMPARE(c, 'h'); b = client->peek(2); QCOMPARE(b, QByteArray("el")); @@ -2734,7 +2816,7 @@ void tst_QSslSocket::qtbug18498_peek2() stopwatch.start(); while (server->bytesAvailable() < 9 && stopwatch.elapsed() < 5000) QTest::qWait(100); - QVERIFY(server->peek(&c,1) == 1); + QCOMPARE(server->peek(&c,1), 1); QCOMPARE(c, 'g'); QCOMPARE(server->readAll(), QByteArray("goodbye\r\n")); client->disconnectFromHost(); @@ -2768,7 +2850,7 @@ void tst_QSslSocket::dhServer() client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); loop.exec(); - QVERIFY(client->state() == QAbstractSocket::ConnectedState); + QCOMPARE(client->state(), QAbstractSocket::ConnectedState); } void tst_QSslSocket::ecdhServer() @@ -2798,7 +2880,7 @@ void tst_QSslSocket::ecdhServer() client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); loop.exec(); - QVERIFY(client->state() == QAbstractSocket::ConnectedState); + QCOMPARE(client->state(), QAbstractSocket::ConnectedState); } void tst_QSslSocket::verifyClientCertificate_data() |