diff options
Diffstat (limited to 'tests/auto/network/ssl/qsslsocket')
-rw-r--r-- | tests/auto/network/ssl/qsslsocket/BLACKLIST | 5 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslsocket/CMakeLists.txt | 24 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 94 |
3 files changed, 76 insertions, 47 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/BLACKLIST b/tests/auto/network/ssl/qsslsocket/BLACKLIST index 749c59d968..b990516676 100644 --- a/tests/auto/network/ssl/qsslsocket/BLACKLIST +++ b/tests/auto/network/ssl/qsslsocket/BLACKLIST @@ -1,11 +1,6 @@ [deprecatedProtocols] windows -[spontaneousWrite] -windows-7sp1 [connectToHostEncrypted] macos -[setSslConfiguration] -windows-10 msvc-2015 -windows-7sp1 [connectToHostEncryptedWithVerificationPeerName] macos diff --git a/tests/auto/network/ssl/qsslsocket/CMakeLists.txt b/tests/auto/network/ssl/qsslsocket/CMakeLists.txt index cf43cd6c54..456deacb60 100644 --- a/tests/auto/network/ssl/qsslsocket/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslsocket/CMakeLists.txt @@ -1,7 +1,11 @@ # Copyright (C) 2022 The Qt Company Ltd. # SPDX-License-Identifier: BSD-3-Clause -# Generated from qsslsocket.pro. +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslsocket LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() if(NOT QT_FEATURE_private_tests) return() @@ -22,25 +26,11 @@ qt_internal_add_test(tst_qsslsocket Qt::NetworkPrivate Qt::TestPrivate TESTDATA ${test_data} - QT_TEST_SERVER_LIST "squid" "danted" "cyrus" "apache2" "echo" # special case + QT_TEST_SERVER_LIST "squid" "danted" "cyrus" "apache2" "echo" + BUNDLE_ANDROID_OPENSSL_LIBS ) qt_internal_extend_target(tst_qsslsocket CONDITION QT_FEATURE_private_tests AND QT_FEATURE_openssl_linked LIBRARIES WrapOpenSSL::WrapOpenSSL ) - -#### Keys ignored in scope 1:.:.:qsslsocket.pro:<TRUE>: -# _REQUIREMENTS = "qtConfig(private_tests)" - -## Scopes: -##################################################################### - -#### Keys ignored in scope 3:.:.:qsslsocket.pro:(CMAKE_BUILD_TYPE STREQUAL Debug): -# DESTDIR = "debug" - -#### Keys ignored in scope 4:.:.:qsslsocket.pro:else: -# DESTDIR = "release" - -#### Keys ignored in scope 5:.:.:qsslsocket.pro:LINUX: -# QT_TEST_SERVER_LIST = "squid" "danted" "cyrus" "apache2" "echo" diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 4e380bcde1..b45d6b5d8f 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -1,6 +1,6 @@ // Copyright (C) 2021 The Qt Company Ltd. // Copyright (C) 2014 Governikus GmbH & Co. KG. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtNetwork/private/qtnetworkglobal_p.h> @@ -43,6 +43,8 @@ #include "private/qsslsocket_p.h" #include "private/qsslconfiguration_p.h" +using namespace std::chrono_literals; + QT_WARNING_PUSH QT_WARNING_DISABLE_DEPRECATED // make these enum values available without causing deprecation warnings: @@ -164,9 +166,7 @@ private slots: void protocol(); void protocolServerSide_data(); void protocolServerSide(); -#if QT_CONFIG(openssl) void serverCipherPreferences(); -#endif void setCaCertificates(); void setLocalCertificate(); void localCertificateChain(); @@ -291,6 +291,7 @@ private: QSslSocket *socket; QList<QSslError> storedExpectedSslErrors; bool isTestingOpenSsl = false; + bool isSecurityLevel0Required = false; bool opensslResolved = false; bool isTestingSecureTransport = false; bool isTestingSchannel = false; @@ -410,6 +411,9 @@ void tst_QSslSocket::initTestCase() flukeCertificateError = QSslError::SelfSignedCertificate; #if QT_CONFIG(openssl) opensslResolved = qt_auto_test_resolve_OpenSSL_symbols(); + // This is where OpenSSL moved several protocols under + // non-default (0) security level (the default is 1). + isSecurityLevel0Required = OPENSSL_VERSION_NUMBER >= 0x30100010; #else opensslResolved = false; // Not 'unused variable' anymore. #endif @@ -808,6 +812,10 @@ void tst_QSslSocket::simpleConnect() if (!QSslSocket::supportsSsl()) return; + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use when connecting) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QFETCH_GLOBAL(bool, setProxy); if (setProxy) return; @@ -869,6 +877,10 @@ void tst_QSslSocket::simpleConnectWithIgnore() if (!QSslSocket::supportsSsl()) return; + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use when connecting) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QFETCH_GLOBAL(bool, setProxy); if (setProxy) return; @@ -913,6 +925,10 @@ void tst_QSslSocket::simpleConnectWithIgnore() void tst_QSslSocket::sslErrors_data() { + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use in 'sslErrors' test) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QTest::addColumn<QString>("host"); QTest::addColumn<int>("port"); @@ -1294,6 +1310,7 @@ void tst_QSslSocket::privateKey() #if QT_CONFIG(openssl) void tst_QSslSocket::privateKeyOpaque() { +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (!isTestingOpenSsl) QSKIP("The active TLS backend does not support private opaque keys"); @@ -1327,6 +1344,7 @@ void tst_QSslSocket::privateKeyOpaque() QFETCH_GLOBAL(bool, setProxy); if (setProxy && !socket->waitForEncrypted(10000)) QSKIP("Skipping flaky test - See QTBUG-29941"); +#endif // OPENSSL_NO_DEPRECATED_3_0 } #endif // Feature 'openssl'. @@ -1643,8 +1661,6 @@ void tst_QSslSocket::protocolServerSide() QCOMPARE(client.isEncrypted(), works); } -#if QT_CONFIG(openssl) - void tst_QSslSocket::serverCipherPreferences() { if (!isTestingOpenSsl) @@ -1739,8 +1755,6 @@ void tst_QSslSocket::serverCipherPreferences() } } -#endif // Feature 'openssl'. - void tst_QSslSocket::setCaCertificates() { @@ -1965,6 +1979,10 @@ void tst_QSslSocket::waitForConnectedEncryptedReadyRead() if (!QSslSocket::supportsSsl()) return; + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use here) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QSslSocketPtr socket = newSocket(); this->socket = socket.data(); @@ -2818,7 +2836,7 @@ void tst_QSslSocket::closeWhileEmittingSocketError() // Make sure we have some data buffered so that close will try to flush: clientSocket.write(QByteArray(1000000, Qt::Uninitialized)); - QTestEventLoop::instance().enterLoopMSecs(1000); + QTestEventLoop::instance().enterLoop(1s); QVERIFY(!QTestEventLoop::instance().timeout()); QCOMPARE(socketErrorSpy.size(), 1); @@ -3078,7 +3096,14 @@ void tst_QSslSocket::blacklistedCertificates() QList<QSslError> sslErrors = receiver->sslHandshakeErrors(); QVERIFY(sslErrors.size() > 0); // there are more errors (self signed cert and hostname mismatch), but we only care about the blacklist error - QCOMPARE(sslErrors.at(0).error(), QSslError::CertificateBlacklisted); + std::optional<QSslError> blacklistedError; + for (const QSslError &error : sslErrors) { + if (error.error() == QSslError::CertificateBlacklisted) { + blacklistedError = error; + break; + } + } + QVERIFY2(blacklistedError, "CertificateBlacklisted error not found!"); } void tst_QSslSocket::versionAccessors() @@ -3104,6 +3129,10 @@ void tst_QSslSocket::encryptWithoutConnecting() void tst_QSslSocket::resume_data() { + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use in 'resume' test) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QTest::addColumn<bool>("ignoreErrorsAfterPause"); QTest::addColumn<QList<QSslError> >("errorsToIgnore"); QTest::addColumn<bool>("expectSuccess"); @@ -3447,7 +3476,13 @@ void tst_QSslSocket::dhServer() return; SslServer server; - server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")}; + QSslCipher rsaCipher("DHE-RSA-AES256-SHA"); + QSslCipher dssCipher("DHE-DSS-AES256-SHA"); + if (rsaCipher.isNull()) + QSKIP("The current backend doesn't support DHE-RSA-AES256-SHA"); + if (dssCipher.isNull()) + QSKIP("The current backend doesn't support DHE-DSS-AES256-SHA"); + server.ciphers = { rsaCipher, dssCipher }; QVERIFY(server.listen()); QEventLoop loop; @@ -3475,9 +3510,10 @@ void tst_QSslSocket::dhServerCustomParamsNull() if (setProxy) return; + const QSslCipher cipherWithDH("DHE-RSA-AES256-SHA256"); SslServer server; - server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")}; - server.protocol = Test::TlsV1_0; + server.ciphers = {cipherWithDH}; + server.protocol = QSsl::TlsV1_2; QSslConfiguration cfg = server.config; cfg.setDiffieHellmanParameters(QSslDiffieHellmanParameters()); @@ -3490,7 +3526,6 @@ void tst_QSslSocket::dhServerCustomParamsNull() QSslSocket client; QSslConfiguration config = client.sslConfiguration(); - config.setProtocol(Test::TlsV1_0); client.setSslConfiguration(config); socket = &client; connect(socket, SIGNAL(errorOccurred(QAbstractSocket::SocketError)), &loop, SLOT(quit())); @@ -3501,20 +3536,25 @@ void tst_QSslSocket::dhServerCustomParamsNull() loop.exec(); - QVERIFY(client.state() != QAbstractSocket::ConnectedState); + QCOMPARE(client.state(), QAbstractSocket::ConnectedState); + QCOMPARE(client.sessionCipher(), cipherWithDH); } void tst_QSslSocket::dhServerCustomParams() { if (!QSslSocket::supportsSsl()) QSKIP("No SSL support"); + if (!QSslSocket::isClassImplemented(QSsl::ImplementedClass::DiffieHellman)) + QSKIP("The current backend doesn't support diffie hellman parameters"); QFETCH_GLOBAL(bool, setProxy); if (setProxy) return; SslServer server; - server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")}; + const QSslCipher cipherWithDH("DHE-RSA-AES256-SHA256"); + server.ciphers = {cipherWithDH}; + server.protocol = QSsl::TlsV1_2; QSslConfiguration cfg = server.config; @@ -3544,7 +3584,8 @@ void tst_QSslSocket::dhServerCustomParams() loop.exec(); - QVERIFY(client.state() == QAbstractSocket::ConnectedState); + QCOMPARE(client.state(), QAbstractSocket::ConnectedState); + QCOMPARE(client.sessionCipher(), cipherWithDH); } #endif // QT_CONFIG(openssl) @@ -3560,7 +3601,10 @@ void tst_QSslSocket::ecdhServer() return; SslServer server; - server.ciphers = {QSslCipher("ECDHE-RSA-AES128-SHA")}; + QSslCipher cipher("ECDHE-RSA-AES128-SHA"); + if (cipher.isNull()) + QSKIP("The current backend doesn't support ECDHE-RSA-AES128-SHA"); + server.ciphers = {cipher}; QVERIFY(server.listen()); QEventLoop loop; @@ -4549,7 +4593,7 @@ void tst_QSslSocket::unsupportedProtocols() return; QFETCH(const QSsl::SslProtocol, unsupportedProtocol); - const int timeoutMS = 500; + constexpr auto timeout = 500ms; // Test a client socket. { // 0. connectToHostEncrypted: client-side, non-blocking API, error is discovered @@ -4571,7 +4615,7 @@ void tst_QSslSocket::unsupportedProtocols() QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError); socket.connectToHost(QHostAddress::LocalHost, server.serverPort()); - QVERIFY(socket.waitForConnected(timeoutMS)); + QVERIFY(socket.waitForConnected(int(timeout.count()))); socket.setProtocol(unsupportedProtocol); socket.startClientEncryption(); @@ -4596,7 +4640,7 @@ void tst_QSslSocket::unsupportedProtocols() QTcpSocket client; client.connectToHost(QHostAddress::LocalHost, server.serverPort()); - loop.enterLoopMSecs(timeoutMS); + loop.enterLoop(timeout); QVERIFY(!loop.timeout()); QVERIFY(server.socket); QCOMPARE(server.socket->error(), QAbstractSocket::SslInvalidUserDataError); @@ -4703,7 +4747,7 @@ void tst_QSslSocket::alertMissingCertificate() connect(&clientSocket, &QAbstractSocket::errorOccurred, earlyQuitter); connect(&server, &SslServer::socketError, earlyQuitter); - runner.enterLoopMSecs(1000); + runner.enterLoop(1s); if (clientSocket.isEncrypted()) { // When using TLS 1.3 the client side thinks it is connected very @@ -4711,7 +4755,7 @@ void tst_QSslSocket::alertMissingCertificate() // inevitable disconnect. QCOMPARE(clientSocket.sessionProtocol(), QSsl::TlsV1_3); connect(&clientSocket, &QSslSocket::disconnected, &runner, &QTestEventLoop::exitLoop); - runner.enterLoopMSecs(10000); + runner.enterLoop(10s); } QVERIFY(serverSpy.size() > 0); @@ -4766,7 +4810,7 @@ void tst_QSslSocket::alertInvalidCertificate() connect(&clientSocket, &QAbstractSocket::errorOccurred, earlyQuitter); connect(&server, &SslServer::socketError, earlyQuitter); - runner.enterLoopMSecs(1000); + runner.enterLoop(1s); QVERIFY(serverSpy.size() > 0); QVERIFY(clientSpy.size() > 0); @@ -4894,7 +4938,7 @@ void tst_QSslSocket::selfSignedCertificates() connect(&clientSocket, &QAbstractSocket::errorOccurred, earlyQuitter); connect(&server, &SslServer::socketError, earlyQuitter); - runner.enterLoopMSecs(1000); + runner.enterLoop(1s); if (clientKnown) { QCOMPARE(serverSpy.size(), 0); @@ -5032,7 +5076,7 @@ void tst_QSslSocket::pskHandshake() connect(&clientSocket, &QAbstractSocket::errorOccurred, earlyQuitter); connect(&server, &SslServer::socketError, earlyQuitter); - runner.enterLoopMSecs(1000); + runner.enterLoop(1s); if (pskRight) { QCOMPARE(serverSpy.size(), 0); |