diff options
Diffstat (limited to 'tests/auto/network/ssl')
35 files changed, 306 insertions, 104 deletions
diff --git a/tests/auto/network/ssl/CMakeLists.txt b/tests/auto/network/ssl/CMakeLists.txt index 34b3a0aef1..b11b15b6ba 100644 --- a/tests/auto/network/ssl/CMakeLists.txt +++ b/tests/auto/network/ssl/CMakeLists.txt @@ -13,7 +13,7 @@ if(QT_FEATURE_private_tests AND QT_FEATURE_ssl) add_subdirectory(qsslsocket) add_subdirectory(qsslsocket_onDemandCertificates_member) add_subdirectory(qsslsocket_onDemandCertificates_static) -# add_subdirectory(qasn1element) + add_subdirectory(qasn1element) add_subdirectory(qssldiffiehellmanparameters) add_subdirectory(qsslserver) endif() diff --git a/tests/auto/network/ssl/qasn1element/CMakeLists.txt b/tests/auto/network/ssl/qasn1element/CMakeLists.txt index 1175802035..7b01a0b22d 100644 --- a/tests/auto/network/ssl/qasn1element/CMakeLists.txt +++ b/tests/auto/network/ssl/qasn1element/CMakeLists.txt @@ -5,10 +5,22 @@ ## tst_qasn1element Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qasn1element LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qasn1element SOURCES tst_qasn1element.cpp + ../../../../../src/plugins/tls/shared/qasn1element_p.h + ../../../../../src/plugins/tls/shared/qasn1element.cpp + INCLUDE_DIRECTORIES + ../../../../../src/plugins/tls/shared LIBRARIES + Qt::Core Qt::Network Qt::NetworkPrivate + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qasn1element/tst_qasn1element.cpp b/tests/auto/network/ssl/qasn1element/tst_qasn1element.cpp index eb614551a9..a54f0bd9d8 100644 --- a/tests/auto/network/ssl/qasn1element/tst_qasn1element.cpp +++ b/tests/auto/network/ssl/qasn1element/tst_qasn1element.cpp @@ -1,7 +1,7 @@ // Copyright (C) 2014 Jeremy Lainé <jeremy.laine@m4x.org> -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only -#include "private/qasn1element_p.h" +#include "qasn1element_p.h" #include <QTest> @@ -121,6 +121,9 @@ void tst_QAsn1Element::dateTime_data() QTest::newRow("UTCTime - year 2000") << QByteArray::fromHex("170d3030313232343035353530305a") << QDateTime(QDate(2000, 12, 24), QTime(5, 55), QTimeZone::UTC); + QTest::newRow("UTCTime - leap day year 2000") + << QByteArray::fromHex("170d3030303232393035353530305a") + << QDateTime(QDate(2000, 2, 29), QTime(5, 55), QTimeZone::UTC); QTest::newRow("UTCTime - year 2049") << QByteArray::fromHex("170d3439313232343035353530305a") << QDateTime(QDate(2049, 12, 24), QTime(5, 55), QTimeZone::UTC); diff --git a/tests/auto/network/ssl/qdtls/CMakeLists.txt b/tests/auto/network/ssl/qdtls/CMakeLists.txt index a3e2237dec..1d5eef094c 100644 --- a/tests/auto/network/ssl/qdtls/CMakeLists.txt +++ b/tests/auto/network/ssl/qdtls/CMakeLists.txt @@ -5,6 +5,12 @@ ## tst_qdtls Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qdtls LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + # Collect test data list(APPEND test_data "certs") @@ -14,4 +20,5 @@ qt_internal_add_test(tst_qdtls LIBRARIES Qt::NetworkPrivate TESTDATA ${test_data} + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp index 5e96c055e3..372ee3a181 100644 --- a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp +++ b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp @@ -1,5 +1,5 @@ // Copyright (C) 2021 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <QTestEventLoop> @@ -581,28 +581,36 @@ void tst_QDtls::protocolVersionMatching_data() QTest::addColumn<QSsl::SslProtocol>("clientProtocol"); QTest::addColumn<bool>("works"); + //OPENSSL_VERSION_NUMBER : + //(OPENSSL_VERSION_MAJOR<<28) | (OPENSSL_VERSION_MINOR<<20) | (OPENSSL_VERSION_PATCH<<4) + const long ossl311 = 0x30100010; + + if (QSslSocket::sslLibraryVersionNumber() < ossl311) { #if QT_DEPRECATED_SINCE(6, 3) QT_WARNING_PUSH QT_WARNING_DISABLE_DEPRECATED - QTest::addRow("DtlsV1_0 <-> DtlsV1_0") << QSsl::DtlsV1_0 << QSsl::DtlsV1_0 << true; - QTest::addRow("DtlsV1_0OrLater <-> DtlsV1_0") << QSsl::DtlsV1_0OrLater << QSsl::DtlsV1_0 << true; - QTest::addRow("DtlsV1_0 <-> DtlsV1_0OrLater") << QSsl::DtlsV1_0 << QSsl::DtlsV1_0OrLater << true; - QTest::addRow("DtlsV1_0OrLater <-> DtlsV1_0OrLater") << QSsl::DtlsV1_0OrLater << QSsl::DtlsV1_0OrLater << true; + QTest::addRow("DtlsV1_0 <-> DtlsV1_0") << QSsl::DtlsV1_0 << QSsl::DtlsV1_0 << true; + QTest::addRow("DtlsV1_0OrLater <-> DtlsV1_0") << QSsl::DtlsV1_0OrLater << QSsl::DtlsV1_0 << true; + QTest::addRow("DtlsV1_0 <-> DtlsV1_0OrLater") << QSsl::DtlsV1_0 << QSsl::DtlsV1_0OrLater << true; + QTest::addRow("DtlsV1_0OrLater <-> DtlsV1_0OrLater") << QSsl::DtlsV1_0OrLater << QSsl::DtlsV1_0OrLater << true; QT_WARNING_POP #endif // QT_DEPRECATED_SINCE(6, 3) + } QTest::addRow("DtlsV1_2 <-> DtlsV1_2") << QSsl::DtlsV1_2 << QSsl::DtlsV1_2 << true; QTest::addRow("DtlsV1_2OrLater <-> DtlsV1_2") << QSsl::DtlsV1_2OrLater << QSsl::DtlsV1_2 << true; QTest::addRow("DtlsV1_2 <-> DtlsV1_2OrLater") << QSsl::DtlsV1_2 << QSsl::DtlsV1_2OrLater << true; QTest::addRow("DtlsV1_2OrLater <-> DtlsV1_2OrLater") << QSsl::DtlsV1_2OrLater << QSsl::DtlsV1_2OrLater << true; + if (QSslSocket::sslLibraryVersionNumber() < ossl311) { #if QT_DEPRECATED_SINCE(6, 3) QT_WARNING_PUSH QT_WARNING_DISABLE_DEPRECATED - QTest::addRow("DtlsV1_0 <-> DtlsV1_2") << QSsl::DtlsV1_0 << QSsl::DtlsV1_2 << false; - QTest::addRow("DtlsV1_0 <-> DtlsV1_2OrLater") << QSsl::DtlsV1_0 << QSsl::DtlsV1_2OrLater << false; - QTest::addRow("DtlsV1_2 <-> DtlsV1_0") << QSsl::DtlsV1_2 << QSsl::DtlsV1_0 << false; - QTest::addRow("DtlsV1_2OrLater <-> DtlsV1_0") << QSsl::DtlsV1_2OrLater << QSsl::DtlsV1_0 << false; + QTest::addRow("DtlsV1_0 <-> DtlsV1_2") << QSsl::DtlsV1_0 << QSsl::DtlsV1_2 << false; + QTest::addRow("DtlsV1_0 <-> DtlsV1_2OrLater") << QSsl::DtlsV1_0 << QSsl::DtlsV1_2OrLater << false; + QTest::addRow("DtlsV1_2 <-> DtlsV1_0") << QSsl::DtlsV1_2 << QSsl::DtlsV1_0 << false; + QTest::addRow("DtlsV1_2OrLater <-> DtlsV1_0") << QSsl::DtlsV1_2OrLater << QSsl::DtlsV1_0 << false; QT_WARNING_POP -#endif // QT_DEPRECATED_SINCE(6, 3) +#endif // QT_DEPRECATED_SINCE(6, 3 + } } void tst_QDtls::protocolVersionMatching() diff --git a/tests/auto/network/ssl/qdtlscookie/CMakeLists.txt b/tests/auto/network/ssl/qdtlscookie/CMakeLists.txt index 8f55a0de20..d965c7efb6 100644 --- a/tests/auto/network/ssl/qdtlscookie/CMakeLists.txt +++ b/tests/auto/network/ssl/qdtlscookie/CMakeLists.txt @@ -5,9 +5,16 @@ ## tst_qdtlscookie Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qdtlscookie LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qdtlscookie SOURCES tst_qdtlscookie.cpp LIBRARIES Qt::NetworkPrivate + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qdtlscookie/tst_qdtlscookie.cpp b/tests/auto/network/ssl/qdtlscookie/tst_qdtlscookie.cpp index 5690a5e04a..167a196104 100644 --- a/tests/auto/network/ssl/qdtlscookie/tst_qdtlscookie.cpp +++ b/tests/auto/network/ssl/qdtlscookie/tst_qdtlscookie.cpp @@ -1,5 +1,5 @@ // Copyright (C) 2021 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <QTestEventLoop> diff --git a/tests/auto/network/ssl/qocsp/CMakeLists.txt b/tests/auto/network/ssl/qocsp/CMakeLists.txt index 337da9a88c..98d38ec1c0 100644 --- a/tests/auto/network/ssl/qocsp/CMakeLists.txt +++ b/tests/auto/network/ssl/qocsp/CMakeLists.txt @@ -5,12 +5,19 @@ ## tst_qocsp Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qocsp LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qocsp SOURCES tst_qocsp.cpp LIBRARIES Qt::Network Qt::NetworkPrivate + BUNDLE_ANDROID_OPENSSL_LIBS ) qt_internal_extend_target(tst_qocsp CONDITION QT_FEATURE_openssl_linked diff --git a/tests/auto/network/ssl/qocsp/tst_qocsp.cpp b/tests/auto/network/ssl/qocsp/tst_qocsp.cpp index 2d64f00de5..81ce030be0 100644 --- a/tests/auto/network/ssl/qocsp/tst_qocsp.cpp +++ b/tests/auto/network/ssl/qocsp/tst_qocsp.cpp @@ -1,5 +1,5 @@ // Copyright (C) 2018 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <QTestEventLoop> diff --git a/tests/auto/network/ssl/qpassworddigestor/CMakeLists.txt b/tests/auto/network/ssl/qpassworddigestor/CMakeLists.txt index a2a065496f..96491eada9 100644 --- a/tests/auto/network/ssl/qpassworddigestor/CMakeLists.txt +++ b/tests/auto/network/ssl/qpassworddigestor/CMakeLists.txt @@ -5,9 +5,16 @@ ## tst_qpassworddigestor Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qpassworddigestor LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qpassworddigestor SOURCES tst_qpassworddigestor.cpp LIBRARIES Qt::Network + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qpassworddigestor/tst_qpassworddigestor.cpp b/tests/auto/network/ssl/qpassworddigestor/tst_qpassworddigestor.cpp index 5047fac2dd..1876c955af 100644 --- a/tests/auto/network/ssl/qpassworddigestor/tst_qpassworddigestor.cpp +++ b/tests/auto/network/ssl/qpassworddigestor/tst_qpassworddigestor.cpp @@ -1,5 +1,5 @@ // Copyright (C) 2018 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <QtNetwork/qpassworddigestor.h> diff --git a/tests/auto/network/ssl/qsslcertificate/CMakeLists.txt b/tests/auto/network/ssl/qsslcertificate/CMakeLists.txt index 633b7d5e39..6f81a5e030 100644 --- a/tests/auto/network/ssl/qsslcertificate/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslcertificate/CMakeLists.txt @@ -5,6 +5,12 @@ ## tst_qsslcertificate Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslcertificate LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + # This test requires private tests to properly build if (NOT QT_FEATURE_private_tests) return() @@ -34,4 +40,5 @@ qt_internal_add_test(tst_qsslcertificate LIBRARIES Qt::Network TESTDATA ${test_data} + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp index 89499e8291..b51053effd 100644 --- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp @@ -1,5 +1,5 @@ // Copyright (C) 2016 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> @@ -102,7 +102,31 @@ private slots: #endif // QT_CONFIG(ssl) private: QString testDataDir; - bool isNonOpenSslTls = false; + + enum class TLSBackend { + OpenSSL, + Schannel, + SecureTransport, + CertOnly, + Unknown, + }; + static TLSBackend currentBackend() + { + static TLSBackend activeBackend = []() { + using namespace Qt::StringLiterals; + const QString active = QSslSocket::activeBackend(); + if (active == "openssl"_L1) + return TLSBackend::OpenSSL; + if (active == "schannel") + return TLSBackend::Schannel; + if (active == "securetransport") + return TLSBackend::SecureTransport; + if (active == "cert-only") + return TLSBackend::CertOnly; + return TLSBackend::Unknown; + }(); + return activeBackend; + } }; void tst_QSslCertificate::initTestCase() @@ -113,16 +137,14 @@ void tst_QSslCertificate::initTestCase() if (!testDataDir.endsWith(QLatin1String("/"))) testDataDir += QLatin1String("/"); - isNonOpenSslTls = QSslSocket::activeBackend() != QStringLiteral("openssl"); - QDir dir(testDataDir + "certificates"); - QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable); + const QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable); QRegularExpression rxCert(QLatin1String("^.+\\.(pem|der)$")); QRegularExpression rxSan(QLatin1String("^(.+\\.(?:pem|der))\\.san$")); QRegularExpression rxPubKey(QLatin1String("^(.+\\.(?:pem|der))\\.pubkey$")); QRegularExpression rxDigest(QLatin1String("^(.+\\.(?:pem|der))\\.digest-(md5|sha1)$")); QRegularExpressionMatch match; - foreach (QFileInfo fileInfo, fileInfoList) { + for (const QFileInfo &fileInfo : fileInfoList) { if ((match = rxCert.match(fileInfo.fileName())).hasMatch()) certInfoList << CertInfo(fileInfo, @@ -185,7 +207,7 @@ void tst_QSslCertificate::createTestRows() { QTest::addColumn<QString>("absFilePath"); QTest::addColumn<QSsl::EncodingFormat>("format"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QTest::newRow(certInfo.fileInfo.fileName().toLatin1()) << certInfo.fileInfo.absoluteFilePath() << certInfo.format; } @@ -316,7 +338,7 @@ void tst_QSslCertificate::digest_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("absFilePath_digest_md5"); QTest::addColumn<QString>("absFilePath_digest_sha1"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QString certName = certInfo.fileInfo.fileName(); QTest::newRow(certName.toLatin1()) << certInfo.fileInfo.absoluteFilePath() @@ -369,7 +391,7 @@ void tst_QSslCertificate::subjectAlternativeNames_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("subjAltNameFilePath"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QString certName = certInfo.fileInfo.fileName(); if (subjAltNameMap.contains(certName)) QTest::newRow(certName.toLatin1()) @@ -451,7 +473,7 @@ void tst_QSslCertificate::subjectInfoToString() QVERIFY(testInfo(QSslCertificate::DistinguishedNameQualifier, QString())); QVERIFY(testInfo(QSslCertificate::SerialNumber, QString())); // TODO: check why generic code does not handle this! - if (!isNonOpenSslTls) + if (currentBackend() == TLSBackend::OpenSSL) QVERIFY(testInfo(QSslCertificate::EmailAddress, QStringLiteral("ababic@trolltech.com"))); } @@ -463,9 +485,8 @@ void tst_QSslCertificate::subjectIssuerDisplayName_data() QTest::addRow("CommonName") << QStringLiteral("more-certificates/cert-cn.pem") << QStringLiteral("YOUR name"); QTest::addRow("OrganizationName") << QStringLiteral("more-certificates/cert-on.pem") << QStringLiteral("R&D"); QTest::addRow("OrganizationUnitName") << QStringLiteral("more-certificates/cert-oun.pem") << QStringLiteral("Foundations"); -#ifndef QT_NO_OPENSSL - QTest::addRow("NoSubjectName") << QStringLiteral("more-certificates/cert-noname.pem") << QString(); -#endif + if (currentBackend() == TLSBackend::OpenSSL) + QTest::addRow("NoSubjectName") << QStringLiteral("more-certificates/cert-noname.pem") << QString(); } void tst_QSslCertificate::subjectIssuerDisplayName() @@ -508,7 +529,7 @@ void tst_QSslCertificate::publicKey_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("pubkeyFilePath"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QString certName = certInfo.fileInfo.fileName(); if (pubkeyMap.contains(certName)) QTest::newRow(certName.toLatin1()) @@ -875,7 +896,7 @@ void tst_QSslCertificate::task256066toPem() void tst_QSslCertificate::nulInCN() { - if (isNonOpenSslTls) + if (currentBackend() != TLSBackend::OpenSSL) QSKIP("Generic QSslCertificatePrivate fails this test"); QList<QSslCertificate> certList = @@ -895,7 +916,7 @@ void tst_QSslCertificate::nulInCN() void tst_QSslCertificate::nulInSan() { - if (isNonOpenSslTls) + if (currentBackend() != TLSBackend::OpenSSL) QSKIP("Generic QSslCertificatePrivate fails this test"); QList<QSslCertificate> certList = @@ -962,7 +983,7 @@ void tst_QSslCertificate::selfsignedCertificates() void tst_QSslCertificate::toText() { - if (isNonOpenSslTls) + if (currentBackend() != TLSBackend::OpenSSL) QSKIP("QSslCertificate::toText is not implemented on platforms which do not use openssl"); QList<QSslCertificate> certList = @@ -1012,7 +1033,7 @@ void tst_QSslCertificate::subjectAndIssuerAttributes() QByteArray shortName("1.3.6.1.4.1.311.60.2.1.3"); #if !defined(QT_NO_OPENSSL) && defined(SN_jurisdictionCountryName) - if (!isNonOpenSslTls) + if (currentBackend() == TLSBackend::OpenSSL) shortName = SN_jurisdictionCountryName; #endif attributes = certList[0].subjectInfoAttributes(); @@ -1021,8 +1042,8 @@ void tst_QSslCertificate::subjectAndIssuerAttributes() void tst_QSslCertificate::verify() { - if (isNonOpenSslTls) - QSKIP("Not implemented in SecureTransport or Schannel"); + if (currentBackend() != TLSBackend::OpenSSL) + QSKIP("Only implemented for OpenSSL"); QList<QSslError> errors; QList<QSslCertificate> toVerify; @@ -1061,7 +1082,7 @@ void tst_QSslCertificate::verify() toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-addons-mozilla-org-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); errors = QSslCertificate::verify(toVerify); bool foundBlack = false; - foreach (const QSslError &error, errors) { + for (const QSslError &error : std::as_const(errors)) { if (error.error() == QSslError::CertificateBlacklisted) { foundBlack = true; break; @@ -1107,9 +1128,8 @@ QString tst_QSslCertificate::toString(const QList<QSslError>& errors) { QStringList errorStrings; - foreach (const QSslError& error, errors) { + for (const QSslError &error : errors) errorStrings.append(QLatin1Char('"') + error.errorString() + QLatin1Char('"')); - } return QLatin1String("[ ") + errorStrings.join(QLatin1String(", ")) + QLatin1String(" ]"); } @@ -1363,9 +1383,8 @@ void tst_QSslCertificate::pkcs12() return; } -#if !defined(QT_NO_OPENSSL) && OPENSSL_VERSION_MAJOR >= 3 - QSKIP("leaf.p12 is using RC2, which is disabled by default in OpenSSL v >= 3"); -#endif + if (currentBackend() == TLSBackend::OpenSSL && QSslSocket::sslLibraryVersionNumber() >= 0x30000000L) + QSKIP("leaf.p12 is using RC2, which is disabled by default in OpenSSL v >= 3"); QFile f(testDataDir + QLatin1String("pkcs12/leaf.p12")); bool ok = f.open(QIODevice::ReadOnly); @@ -1375,8 +1394,8 @@ void tst_QSslCertificate::pkcs12() QSslCertificate cert; QList<QSslCertificate> caCerts; - if (isNonOpenSslTls) - QEXPECT_FAIL("", "pkcs12 imports are only supported when openssl is used", Abort); // TODO? + if (currentBackend() != TLSBackend::OpenSSL) + QEXPECT_FAIL("", "pkcs12 imports are not available with the current TLS backend", Abort); // TODO? ok = QSslCertificate::importPkcs12(&f, &key, &cert, &caCerts); QVERIFY(ok); @@ -1408,7 +1427,8 @@ void tst_QSslCertificate::pkcs12() QFile nocert(testDataDir + QLatin1String("pkcs12/leaf-nokey.p12")); ok = nocert.open(QIODevice::ReadOnly); QVERIFY(ok); - QTest::ignoreMessage(QtWarningMsg, "Unable to convert private key"); + if (currentBackend() == TLSBackend::OpenSSL) + QTest::ignoreMessage(QtWarningMsg, "Unable to convert private key"); ok = QSslCertificate::importPkcs12(&nocert, &key, &cert, &caCerts); QVERIFY(!ok); nocert.close(); diff --git a/tests/auto/network/ssl/qsslcipher/CMakeLists.txt b/tests/auto/network/ssl/qsslcipher/CMakeLists.txt index b748e5019d..8538f56acd 100644 --- a/tests/auto/network/ssl/qsslcipher/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslcipher/CMakeLists.txt @@ -5,9 +5,16 @@ ## tst_qsslcipher Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslcipher LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qsslcipher SOURCES tst_qsslcipher.cpp LIBRARIES Qt::Network + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qsslcipher/tst_qsslcipher.cpp b/tests/auto/network/ssl/qsslcipher/tst_qsslcipher.cpp index 3b24dd0403..6810149c11 100644 --- a/tests/auto/network/ssl/qsslcipher/tst_qsslcipher.cpp +++ b/tests/auto/network/ssl/qsslcipher/tst_qsslcipher.cpp @@ -1,5 +1,5 @@ // Copyright (C) 2016 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> diff --git a/tests/auto/network/ssl/qssldiffiehellmanparameters/CMakeLists.txt b/tests/auto/network/ssl/qssldiffiehellmanparameters/CMakeLists.txt index 74008ce99a..3ac34b2f6c 100644 --- a/tests/auto/network/ssl/qssldiffiehellmanparameters/CMakeLists.txt +++ b/tests/auto/network/ssl/qssldiffiehellmanparameters/CMakeLists.txt @@ -5,9 +5,16 @@ ## tst_qssldiffiehellmanparameters Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qssldiffiehellmanparameters LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qssldiffiehellmanparameters SOURCES tst_qssldiffiehellmanparameters.cpp LIBRARIES Qt::Network + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qssldiffiehellmanparameters/tst_qssldiffiehellmanparameters.cpp b/tests/auto/network/ssl/qssldiffiehellmanparameters/tst_qssldiffiehellmanparameters.cpp index 8233d8883d..d8c6d9158a 100644 --- a/tests/auto/network/ssl/qssldiffiehellmanparameters/tst_qssldiffiehellmanparameters.cpp +++ b/tests/auto/network/ssl/qssldiffiehellmanparameters/tst_qssldiffiehellmanparameters.cpp @@ -1,5 +1,5 @@ // Copyright (C) 2015 Mikkel Krautz <mikkel@krautz.dk> -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> diff --git a/tests/auto/network/ssl/qsslellipticcurve/CMakeLists.txt b/tests/auto/network/ssl/qsslellipticcurve/CMakeLists.txt index 1be59f5739..dd031a991b 100644 --- a/tests/auto/network/ssl/qsslellipticcurve/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslellipticcurve/CMakeLists.txt @@ -5,9 +5,16 @@ ## tst_qsslellipticcurve Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslellipticcurve LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qsslellipticcurve SOURCES tst_qsslellipticcurve.cpp LIBRARIES Qt::Network + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qsslellipticcurve/tst_qsslellipticcurve.cpp b/tests/auto/network/ssl/qsslellipticcurve/tst_qsslellipticcurve.cpp index ab4b457333..96ef7e9828 100644 --- a/tests/auto/network/ssl/qsslellipticcurve/tst_qsslellipticcurve.cpp +++ b/tests/auto/network/ssl/qsslellipticcurve/tst_qsslellipticcurve.cpp @@ -1,6 +1,5 @@ // Copyright (C) 2014 Governikus GmbH & Co. KG. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 - +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> @@ -66,7 +65,8 @@ void tst_QSslEllipticCurve::fromShortName_data() QTest::newRow("QString()") << QString() << QSslEllipticCurve() << false; QTest::newRow("\"\"") << QString("") << QSslEllipticCurve() << false; QTest::newRow("does-not-exist") << QStringLiteral("does-not-exist") << QSslEllipticCurve() << false; - Q_FOREACH (QSslEllipticCurve ec, QSslConfiguration::supportedEllipticCurves()) { + const auto supported = QSslConfiguration::supportedEllipticCurves(); + for (QSslEllipticCurve ec : supported) { const QString sN = ec.shortName(); QTest::newRow(qPrintable("supported EC \"" + sN + '"')) << sN << ec << true; // At least in the OpenSSL impl, the short name is case-sensitive. That feels odd. @@ -99,7 +99,8 @@ void tst_QSslEllipticCurve::fromLongName_data() QTest::newRow("QString()") << QString() << QSslEllipticCurve() << false; QTest::newRow("\"\"") << QString("") << QSslEllipticCurve() << false; QTest::newRow("does-not-exist") << QStringLiteral("does-not-exist") << QSslEllipticCurve() << false; - Q_FOREACH (QSslEllipticCurve ec, QSslConfiguration::supportedEllipticCurves()) { + const auto supported = QSslConfiguration::supportedEllipticCurves(); + for (QSslEllipticCurve ec : supported) { const QString lN = ec.longName(); QTest::newRow(qPrintable("supported EC \"" + lN + '"')) << lN << ec << true; } diff --git a/tests/auto/network/ssl/qsslerror/CMakeLists.txt b/tests/auto/network/ssl/qsslerror/CMakeLists.txt index 77fcf6f832..006bec3ef2 100644 --- a/tests/auto/network/ssl/qsslerror/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslerror/CMakeLists.txt @@ -5,9 +5,16 @@ ## tst_qsslerror Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslerror LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qsslerror SOURCES tst_qsslerror.cpp LIBRARIES Qt::Network + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qsslerror/tst_qsslerror.cpp b/tests/auto/network/ssl/qsslerror/tst_qsslerror.cpp index 6cbcc30beb..981fe3a0d5 100644 --- a/tests/auto/network/ssl/qsslerror/tst_qsslerror.cpp +++ b/tests/auto/network/ssl/qsslerror/tst_qsslerror.cpp @@ -1,5 +1,5 @@ // Copyright (C) 2016 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtNetwork/qtnetworkglobal.h> diff --git a/tests/auto/network/ssl/qsslkey/CMakeLists.txt b/tests/auto/network/ssl/qsslkey/CMakeLists.txt index 60d6adc13c..aae017562a 100644 --- a/tests/auto/network/ssl/qsslkey/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslkey/CMakeLists.txt @@ -5,6 +5,12 @@ ## tst_qsslkey Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslkey LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + # Collect test data file(GLOB_RECURSE test_data_glob RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} @@ -21,9 +27,10 @@ qt_internal_add_test(tst_qsslkey LIBRARIES Qt::Network TESTDATA ${test_data} + BUNDLE_ANDROID_OPENSSL_LIBS ) -qt_internal_extend_target(tst_qsslkey CONDITION QT_FEATURE_private_tests AND QT_FEATURE_openssl_linked +qt_internal_extend_target(tst_qsslkey CONDITION QT_FEATURE_developer_build AND QT_FEATURE_openssl_linked LIBRARIES WrapOpenSSL::WrapOpenSSL ) @@ -31,7 +38,7 @@ qt_internal_extend_target(tst_qsslkey CONDITION QT_FEATURE_private_tests AND QT_ ## Scopes: ##################################################################### -qt_internal_extend_target(tst_qsslkey CONDITION QT_FEATURE_private_tests +qt_internal_extend_target(tst_qsslkey CONDITION QT_FEATURE_developer_build LIBRARIES Qt::CorePrivate Qt::NetworkPrivate diff --git a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp index 12f29bf107..79bae3c270 100644 --- a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp +++ b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp @@ -1,5 +1,5 @@ // Copyright (C) 2016 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <qsslkey.h> @@ -15,6 +15,8 @@ #include <QtCore/qdebug.h> #include <QtCore/qlist.h> +using namespace Qt::StringLiterals; + #ifdef QT_BUILD_INTERNAL #if QT_CONFIG(ssl) #include "private/qsslkey_p.h" @@ -249,7 +251,7 @@ void tst_QSslKey::createPlainTestRows(bool pemOnly) QTest::addColumn<QSsl::KeyType>("type"); QTest::addColumn<int>("length"); QTest::addColumn<QSsl::EncodingFormat>("format"); - foreach (KeyInfo keyInfo, keyInfoList) { + for (const KeyInfo &keyInfo : std::as_const(keyInfoList)) { if (pemOnly && keyInfo.format != QSsl::EncodingFormat::Pem) continue; @@ -467,13 +469,18 @@ void tst_QSslKey::toEncryptedPemOrDer_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("password"); - QStringList passwords; - passwords << " " << "foobar" << "foo bar" - << "aAzZ`1234567890-=~!@#$%^&*()_+[]{}\\|;:'\",.<>/?"; // ### add more (?) - foreach (KeyInfo keyInfo, keyInfoList) { + const QString passwords[] = { + u" "_s, + u"foobar"_s, + u"foo bar"_s, + u"aAzZ`1234567890-=~!@#$%^&*()_+[]{}\\|;:'\",.<>/?"_s, + // ### add more (?) + }; + + for (const KeyInfo &keyInfo : std::as_const(keyInfoList)) { if (keyInfo.fileInfo.fileName().contains("pkcs8")) continue; // pkcs8 keys are encrypted in a different way than the other keys - foreach (QString password, passwords) { + for (const QString &password : passwords) { const QByteArray testName = keyInfo.fileInfo.fileName().toLatin1() + '-' + (keyInfo.algorithm == QSsl::Rsa ? "RSA" : (keyInfo.algorithm == QSsl::Dsa ? "DSA" : "EC")) @@ -573,7 +580,7 @@ void tst_QSslKey::passphraseChecks() QVERIFY(keyFile.exists()); { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); @@ -581,7 +588,7 @@ void tst_QSslKey::passphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); @@ -589,7 +596,7 @@ void tst_QSslKey::passphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "WRONG!"); @@ -597,7 +604,7 @@ void tst_QSslKey::passphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, passphrase); @@ -615,7 +622,7 @@ void tst_QSslKey::noPassphraseChecks() QFile keyFile(fileName); { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); @@ -623,7 +630,7 @@ void tst_QSslKey::noPassphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); @@ -631,7 +638,7 @@ void tst_QSslKey::noPassphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "xxx"); diff --git a/tests/auto/network/ssl/qsslserver/CMakeLists.txt b/tests/auto/network/ssl/qsslserver/CMakeLists.txt index 584a031622..5957b2720e 100644 --- a/tests/auto/network/ssl/qsslserver/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslserver/CMakeLists.txt @@ -1,6 +1,12 @@ # Copyright (C) 2022 The Qt Company Ltd. # SPDX-License-Identifier: BSD-3-Clause +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslserver LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + if(NOT QT_FEATURE_private_tests) return() endif() @@ -19,4 +25,5 @@ qt_internal_add_test(tst_qsslserver Qt::CorePrivate Qt::NetworkPrivate TESTDATA ${test_data} + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qsslserver/tst_qsslserver.cpp b/tests/auto/network/ssl/qsslserver/tst_qsslserver.cpp index 13a3201345..26d3a50a5b 100644 --- a/tests/auto/network/ssl/qsslserver/tst_qsslserver.cpp +++ b/tests/auto/network/ssl/qsslserver/tst_qsslserver.cpp @@ -1,5 +1,5 @@ // Copyright (C) 2022 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <QDebug> diff --git a/tests/auto/network/ssl/qsslsocket/BLACKLIST b/tests/auto/network/ssl/qsslsocket/BLACKLIST index 749c59d968..b990516676 100644 --- a/tests/auto/network/ssl/qsslsocket/BLACKLIST +++ b/tests/auto/network/ssl/qsslsocket/BLACKLIST @@ -1,11 +1,6 @@ [deprecatedProtocols] windows -[spontaneousWrite] -windows-7sp1 [connectToHostEncrypted] macos -[setSslConfiguration] -windows-10 msvc-2015 -windows-7sp1 [connectToHostEncryptedWithVerificationPeerName] macos diff --git a/tests/auto/network/ssl/qsslsocket/CMakeLists.txt b/tests/auto/network/ssl/qsslsocket/CMakeLists.txt index df644e79c4..456deacb60 100644 --- a/tests/auto/network/ssl/qsslsocket/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslsocket/CMakeLists.txt @@ -1,6 +1,12 @@ # Copyright (C) 2022 The Qt Company Ltd. # SPDX-License-Identifier: BSD-3-Clause +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslsocket LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + if(NOT QT_FEATURE_private_tests) return() endif() @@ -21,6 +27,7 @@ qt_internal_add_test(tst_qsslsocket Qt::TestPrivate TESTDATA ${test_data} QT_TEST_SERVER_LIST "squid" "danted" "cyrus" "apache2" "echo" + BUNDLE_ANDROID_OPENSSL_LIBS ) qt_internal_extend_target(tst_qsslsocket CONDITION QT_FEATURE_private_tests AND QT_FEATURE_openssl_linked diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 8e7e1b463b..b45d6b5d8f 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -1,6 +1,6 @@ // Copyright (C) 2021 The Qt Company Ltd. // Copyright (C) 2014 Governikus GmbH & Co. KG. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtNetwork/private/qtnetworkglobal_p.h> @@ -166,9 +166,7 @@ private slots: void protocol(); void protocolServerSide_data(); void protocolServerSide(); -#if QT_CONFIG(openssl) void serverCipherPreferences(); -#endif void setCaCertificates(); void setLocalCertificate(); void localCertificateChain(); @@ -293,6 +291,7 @@ private: QSslSocket *socket; QList<QSslError> storedExpectedSslErrors; bool isTestingOpenSsl = false; + bool isSecurityLevel0Required = false; bool opensslResolved = false; bool isTestingSecureTransport = false; bool isTestingSchannel = false; @@ -412,6 +411,9 @@ void tst_QSslSocket::initTestCase() flukeCertificateError = QSslError::SelfSignedCertificate; #if QT_CONFIG(openssl) opensslResolved = qt_auto_test_resolve_OpenSSL_symbols(); + // This is where OpenSSL moved several protocols under + // non-default (0) security level (the default is 1). + isSecurityLevel0Required = OPENSSL_VERSION_NUMBER >= 0x30100010; #else opensslResolved = false; // Not 'unused variable' anymore. #endif @@ -810,6 +812,10 @@ void tst_QSslSocket::simpleConnect() if (!QSslSocket::supportsSsl()) return; + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use when connecting) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QFETCH_GLOBAL(bool, setProxy); if (setProxy) return; @@ -871,6 +877,10 @@ void tst_QSslSocket::simpleConnectWithIgnore() if (!QSslSocket::supportsSsl()) return; + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use when connecting) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QFETCH_GLOBAL(bool, setProxy); if (setProxy) return; @@ -915,6 +925,10 @@ void tst_QSslSocket::simpleConnectWithIgnore() void tst_QSslSocket::sslErrors_data() { + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use in 'sslErrors' test) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QTest::addColumn<QString>("host"); QTest::addColumn<int>("port"); @@ -1296,6 +1310,7 @@ void tst_QSslSocket::privateKey() #if QT_CONFIG(openssl) void tst_QSslSocket::privateKeyOpaque() { +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (!isTestingOpenSsl) QSKIP("The active TLS backend does not support private opaque keys"); @@ -1329,6 +1344,7 @@ void tst_QSslSocket::privateKeyOpaque() QFETCH_GLOBAL(bool, setProxy); if (setProxy && !socket->waitForEncrypted(10000)) QSKIP("Skipping flaky test - See QTBUG-29941"); +#endif // OPENSSL_NO_DEPRECATED_3_0 } #endif // Feature 'openssl'. @@ -1645,8 +1661,6 @@ void tst_QSslSocket::protocolServerSide() QCOMPARE(client.isEncrypted(), works); } -#if QT_CONFIG(openssl) - void tst_QSslSocket::serverCipherPreferences() { if (!isTestingOpenSsl) @@ -1741,8 +1755,6 @@ void tst_QSslSocket::serverCipherPreferences() } } -#endif // Feature 'openssl'. - void tst_QSslSocket::setCaCertificates() { @@ -1967,6 +1979,10 @@ void tst_QSslSocket::waitForConnectedEncryptedReadyRead() if (!QSslSocket::supportsSsl()) return; + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use here) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QSslSocketPtr socket = newSocket(); this->socket = socket.data(); @@ -3080,7 +3096,14 @@ void tst_QSslSocket::blacklistedCertificates() QList<QSslError> sslErrors = receiver->sslHandshakeErrors(); QVERIFY(sslErrors.size() > 0); // there are more errors (self signed cert and hostname mismatch), but we only care about the blacklist error - QCOMPARE(sslErrors.at(0).error(), QSslError::CertificateBlacklisted); + std::optional<QSslError> blacklistedError; + for (const QSslError &error : sslErrors) { + if (error.error() == QSslError::CertificateBlacklisted) { + blacklistedError = error; + break; + } + } + QVERIFY2(blacklistedError, "CertificateBlacklisted error not found!"); } void tst_QSslSocket::versionAccessors() @@ -3106,6 +3129,10 @@ void tst_QSslSocket::encryptWithoutConnecting() void tst_QSslSocket::resume_data() { + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use in 'resume' test) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QTest::addColumn<bool>("ignoreErrorsAfterPause"); QTest::addColumn<QList<QSslError> >("errorsToIgnore"); QTest::addColumn<bool>("expectSuccess"); @@ -3449,7 +3476,13 @@ void tst_QSslSocket::dhServer() return; SslServer server; - server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")}; + QSslCipher rsaCipher("DHE-RSA-AES256-SHA"); + QSslCipher dssCipher("DHE-DSS-AES256-SHA"); + if (rsaCipher.isNull()) + QSKIP("The current backend doesn't support DHE-RSA-AES256-SHA"); + if (dssCipher.isNull()) + QSKIP("The current backend doesn't support DHE-DSS-AES256-SHA"); + server.ciphers = { rsaCipher, dssCipher }; QVERIFY(server.listen()); QEventLoop loop; @@ -3477,9 +3510,10 @@ void tst_QSslSocket::dhServerCustomParamsNull() if (setProxy) return; + const QSslCipher cipherWithDH("DHE-RSA-AES256-SHA256"); SslServer server; - server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")}; - server.protocol = Test::TlsV1_0; + server.ciphers = {cipherWithDH}; + server.protocol = QSsl::TlsV1_2; QSslConfiguration cfg = server.config; cfg.setDiffieHellmanParameters(QSslDiffieHellmanParameters()); @@ -3492,7 +3526,6 @@ void tst_QSslSocket::dhServerCustomParamsNull() QSslSocket client; QSslConfiguration config = client.sslConfiguration(); - config.setProtocol(Test::TlsV1_0); client.setSslConfiguration(config); socket = &client; connect(socket, SIGNAL(errorOccurred(QAbstractSocket::SocketError)), &loop, SLOT(quit())); @@ -3503,20 +3536,25 @@ void tst_QSslSocket::dhServerCustomParamsNull() loop.exec(); - QVERIFY(client.state() != QAbstractSocket::ConnectedState); + QCOMPARE(client.state(), QAbstractSocket::ConnectedState); + QCOMPARE(client.sessionCipher(), cipherWithDH); } void tst_QSslSocket::dhServerCustomParams() { if (!QSslSocket::supportsSsl()) QSKIP("No SSL support"); + if (!QSslSocket::isClassImplemented(QSsl::ImplementedClass::DiffieHellman)) + QSKIP("The current backend doesn't support diffie hellman parameters"); QFETCH_GLOBAL(bool, setProxy); if (setProxy) return; SslServer server; - server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")}; + const QSslCipher cipherWithDH("DHE-RSA-AES256-SHA256"); + server.ciphers = {cipherWithDH}; + server.protocol = QSsl::TlsV1_2; QSslConfiguration cfg = server.config; @@ -3546,7 +3584,8 @@ void tst_QSslSocket::dhServerCustomParams() loop.exec(); - QVERIFY(client.state() == QAbstractSocket::ConnectedState); + QCOMPARE(client.state(), QAbstractSocket::ConnectedState); + QCOMPARE(client.sessionCipher(), cipherWithDH); } #endif // QT_CONFIG(openssl) @@ -3562,7 +3601,10 @@ void tst_QSslSocket::ecdhServer() return; SslServer server; - server.ciphers = {QSslCipher("ECDHE-RSA-AES128-SHA")}; + QSslCipher cipher("ECDHE-RSA-AES128-SHA"); + if (cipher.isNull()) + QSKIP("The current backend doesn't support ECDHE-RSA-AES128-SHA"); + server.ciphers = {cipher}; QVERIFY(server.listen()); QEventLoop loop; diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/BLACKLIST b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/BLACKLIST index 4eea966b13..96d94bd935 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/BLACKLIST +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/BLACKLIST @@ -1,3 +1,7 @@ # QTBUG-101274 -[onDemandRootCertLoadingMemberMethods:WithoutProxy] -qnx ci +# [onDemandRootCertLoadingMemberMethods:WithoutProxy] +# qnx ci + +# QTBUG-63481 +[onDemandRootCertLoadingMemberMethods] +* diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/CMakeLists.txt b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/CMakeLists.txt index 2201f38fd7..34e026cb8b 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/CMakeLists.txt @@ -1,6 +1,12 @@ # Copyright (C) 2022 The Qt Company Ltd. # SPDX-License-Identifier: BSD-3-Clause +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslsocket_onDemandCertificates_member LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + if(NOT QT_FEATURE_private_tests) return() endif() @@ -16,4 +22,5 @@ qt_internal_add_test(tst_qsslsocket_onDemandCertificates_member Qt::CorePrivate Qt::NetworkPrivate QT_TEST_SERVER_LIST "squid" "danted" + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp index 95901e7f1e..119891c916 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp @@ -1,5 +1,5 @@ // Copyright (C) 2016 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtNetwork> @@ -194,6 +194,7 @@ static bool waitForEncrypted(QSslSocket *socket) void tst_QSslSocket_onDemandCertificates_member::onDemandRootCertLoadingMemberMethods() { +#define ERR(socket) socket->errorString().toLatin1() const QString host("www.qt.io"); // not using any root certs -> should not work @@ -203,13 +204,13 @@ void tst_QSslSocket_onDemandCertificates_member::onDemandRootCertLoadingMemberMe sslConfig.setCaCertificates(QList<QSslCertificate>()); socket2->setSslConfiguration(sslConfig); socket2->connectToHostEncrypted(host, 443); - QVERIFY(!waitForEncrypted(socket2.data())); + QVERIFY2(!waitForEncrypted(socket2.data()), ERR(socket2)); // default: using on demand loading -> should work QSslSocketPtr socket = newSocket(); this->socket = socket.data(); socket->connectToHostEncrypted(host, 443); - QVERIFY2(waitForEncrypted(socket.data()), qPrintable(socket->errorString())); + QVERIFY2(waitForEncrypted(socket.data()), ERR(socket)); // not using any root certs again -> should not work QSslSocketPtr socket3 = newSocket(); @@ -218,7 +219,7 @@ void tst_QSslSocket_onDemandCertificates_member::onDemandRootCertLoadingMemberMe sslConfig.setCaCertificates(QList<QSslCertificate>()); socket3->setSslConfiguration(sslConfig); socket3->connectToHostEncrypted(host, 443); - QVERIFY(!waitForEncrypted(socket3.data())); + QVERIFY2(!waitForEncrypted(socket3.data()), ERR(socket3)); // setting empty SSL configuration explicitly -> depends on on-demand loading QSslSocketPtr socket4 = newSocket(); @@ -229,16 +230,20 @@ void tst_QSslSocket_onDemandCertificates_member::onDemandRootCertLoadingMemberMe #ifdef QT_BUILD_INTERNAL const bool works = QSslSocketPrivate::rootCertOnDemandLoadingSupported(); #if defined(Q_OS_LINUX) || defined(Q_OS_WIN) - QCOMPARE(works, true); + QVERIFY2(works, ERR(socket4)); #elif defined(Q_OS_MAC) - QCOMPARE(works, false); + QVERIFY2(!works, ERR(socket4)); #endif // other platforms: undecided. // When we *allow* on-demand loading, we enable it by default; so, on Unix, // it will work without setting any certificates. Otherwise, the configuration // contains an empty set of certificates, so on-demand loading shall fail. - QCOMPARE(waitForEncrypted(socket4.data()), works); + const bool result = waitForEncrypted(socket4.data()); + if (result != works) + qDebug() << socket4->errorString(); + QCOMPARE(waitForEncrypted(socket4.data()), works); #endif // QT_BUILD_INTERNAL } +#undef ERR #endif // QT_NO_OPENSSL diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/CMakeLists.txt b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/CMakeLists.txt index d338237532..696eec98ee 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/CMakeLists.txt @@ -1,6 +1,12 @@ # Copyright (C) 2022 The Qt Company Ltd. # SPDX-License-Identifier: BSD-3-Clause +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslsocket_onDemandCertificates_static LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + if(NOT QT_FEATURE_private_tests) return() endif() @@ -16,4 +22,5 @@ qt_internal_add_test(tst_qsslsocket_onDemandCertificates_static Qt::CorePrivate Qt::NetworkPrivate QT_TEST_SERVER_LIST "squid" "danted" + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/tst_qsslsocket_onDemandCertificates_static.cpp b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/tst_qsslsocket_onDemandCertificates_static.cpp index 95aba0b29c..c5475da581 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/tst_qsslsocket_onDemandCertificates_static.cpp +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/tst_qsslsocket_onDemandCertificates_static.cpp @@ -1,5 +1,5 @@ // Copyright (C) 2016 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtNetwork> diff --git a/tests/auto/network/ssl/shared/qopenssl_symbols.h b/tests/auto/network/ssl/shared/qopenssl_symbols.h index 7f1f6c8285..c98e90d424 100644 --- a/tests/auto/network/ssl/shared/qopenssl_symbols.h +++ b/tests/auto/network/ssl/shared/qopenssl_symbols.h @@ -1,6 +1,6 @@ // Copyright (C) 2021 The Qt Company Ltd. // Copyright (C) 2014 BlackBerry Limited. All rights reserved. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only /**************************************************************************** ** @@ -502,6 +502,12 @@ QStringList findAllLibCrypto() #ifdef Q_OS_WIN +#if (OPENSSL_VERSION_NUMBER >> 28) < 3 +#define QT_OPENSSL_VERSION "1_1" +#elif OPENSSL_VERSION_MAJOR == 3 // Starting with 3.0 this define is available +#define QT_OPENSSL_VERSION "3" +#endif // > 3 intentionally left undefined + struct LoadedOpenSsl { std::unique_ptr<QSystemLibrary> ssl, crypto; }; @@ -540,8 +546,9 @@ static LoadedOpenSsl loadOpenSsl() #define QT_SSL_SUFFIX #endif - tryToLoadOpenSslWin32Library(QLatin1String("libssl-1_1" QT_SSL_SUFFIX), - QLatin1String("libcrypto-1_1" QT_SSL_SUFFIX), result); + tryToLoadOpenSslWin32Library(QLatin1String("libssl-" QT_OPENSSL_VERSION QT_SSL_SUFFIX), + QLatin1String("libcrypto-" QT_OPENSSL_VERSION QT_SSL_SUFFIX), + result); #undef QT_SSL_SUFFIX return result; diff --git a/tests/auto/network/ssl/shared/tlshelpers.h b/tests/auto/network/ssl/shared/tlshelpers.h index 71db837d4b..de3c2ea51a 100644 --- a/tests/auto/network/ssl/shared/tlshelpers.h +++ b/tests/auto/network/ssl/shared/tlshelpers.h @@ -1,5 +1,5 @@ // Copyright (C) 2021 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtNetwork/qtnetworkglobal.h> |