diff options
Diffstat (limited to 'tests/auto/network/ssl')
68 files changed, 2335 insertions, 1724 deletions
diff --git a/tests/auto/network/ssl/CMakeLists.txt b/tests/auto/network/ssl/CMakeLists.txt index 9c44e5c375..b11b15b6ba 100644 --- a/tests/auto/network/ssl/CMakeLists.txt +++ b/tests/auto/network/ssl/CMakeLists.txt @@ -1,10 +1,11 @@ -# Generated from ssl.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause add_subdirectory(qpassworddigestor) -add_subdirectory(qsslcertificate) -add_subdirectory(qsslcipher) -add_subdirectory(qsslellipticcurve) if(QT_FEATURE_ssl) + add_subdirectory(qsslcertificate) + add_subdirectory(qsslcipher) + add_subdirectory(qsslellipticcurve) add_subdirectory(qsslkey) add_subdirectory(qsslerror) endif() @@ -12,8 +13,9 @@ if(QT_FEATURE_private_tests AND QT_FEATURE_ssl) add_subdirectory(qsslsocket) add_subdirectory(qsslsocket_onDemandCertificates_member) add_subdirectory(qsslsocket_onDemandCertificates_static) -# add_subdirectory(qasn1element) + add_subdirectory(qasn1element) add_subdirectory(qssldiffiehellmanparameters) + add_subdirectory(qsslserver) endif() if(QT_FEATURE_dtls AND QT_FEATURE_private_tests AND QT_FEATURE_ssl) add_subdirectory(qdtlscookie) diff --git a/tests/auto/network/ssl/qasn1element/CMakeLists.txt b/tests/auto/network/ssl/qasn1element/CMakeLists.txt index 4fab2f3e3e..7b01a0b22d 100644 --- a/tests/auto/network/ssl/qasn1element/CMakeLists.txt +++ b/tests/auto/network/ssl/qasn1element/CMakeLists.txt @@ -1,13 +1,26 @@ -# Generated from qasn1element.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause ##################################################################### ## tst_qasn1element Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qasn1element LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qasn1element SOURCES tst_qasn1element.cpp - PUBLIC_LIBRARIES + ../../../../../src/plugins/tls/shared/qasn1element_p.h + ../../../../../src/plugins/tls/shared/qasn1element.cpp + INCLUDE_DIRECTORIES + ../../../../../src/plugins/tls/shared + LIBRARIES + Qt::Core Qt::Network Qt::NetworkPrivate + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qasn1element/tst_qasn1element.cpp b/tests/auto/network/ssl/qasn1element/tst_qasn1element.cpp index 9a4d23f650..a54f0bd9d8 100644 --- a/tests/auto/network/ssl/qasn1element/tst_qasn1element.cpp +++ b/tests/auto/network/ssl/qasn1element/tst_qasn1element.cpp @@ -1,34 +1,12 @@ -/**************************************************************************** -** -** Copyright (C) 2014 Jeremy Lainé <jeremy.laine@m4x.org> -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2014 Jeremy Lainé <jeremy.laine@m4x.org> +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +#include "qasn1element_p.h" #include <QTest> -#include "private/qasn1element_p.h" + +#include <QtCore/QDateTime> +#include <QtCore/QTimeZone> class tst_QAsn1Element : public QObject { @@ -127,7 +105,7 @@ void tst_QAsn1Element::dateTime_data() << QDateTime(); QTest::newRow("UTCTime - 070417074026Z") << QByteArray::fromHex("170d3037303431373037343032365a") - << QDateTime(QDate(2007, 4, 17), QTime(7, 40, 26), Qt::UTC); + << QDateTime(QDate(2007, 4, 17), QTime(7, 40, 26), QTimeZone::UTC); QTest::newRow("UTCTime - bad length") << QByteArray::fromHex("170c30373034313730373430325a") << QDateTime(); @@ -136,16 +114,19 @@ void tst_QAsn1Element::dateTime_data() << QDateTime(); QTest::newRow("UTCTime - year 1950") << QByteArray::fromHex("170d3530313232343035353530305a") - << QDateTime(QDate(1950, 12, 24), QTime(5, 55), Qt::UTC); + << QDateTime(QDate(1950, 12, 24), QTime(5, 55), QTimeZone::UTC); QTest::newRow("UTCTime - year 1999") << QByteArray::fromHex("170d3939313232343035353530305a") - << QDateTime(QDate(1999, 12, 24), QTime(5, 55), Qt::UTC); + << QDateTime(QDate(1999, 12, 24), QTime(5, 55), QTimeZone::UTC); QTest::newRow("UTCTime - year 2000") << QByteArray::fromHex("170d3030313232343035353530305a") - << QDateTime(QDate(2000, 12, 24), QTime(5, 55), Qt::UTC); + << QDateTime(QDate(2000, 12, 24), QTime(5, 55), QTimeZone::UTC); + QTest::newRow("UTCTime - leap day year 2000") + << QByteArray::fromHex("170d3030303232393035353530305a") + << QDateTime(QDate(2000, 2, 29), QTime(5, 55), QTimeZone::UTC); QTest::newRow("UTCTime - year 2049") << QByteArray::fromHex("170d3439313232343035353530305a") - << QDateTime(QDate(2049, 12, 24), QTime(5, 55), Qt::UTC); + << QDateTime(QDate(2049, 12, 24), QTime(5, 55), QTimeZone::UTC); QTest::newRow("UTCTime - invalid year ('-9')") << QByteArray::fromHex("170d2d39313232343035353530305a") << QDateTime(); @@ -163,7 +144,7 @@ void tst_QAsn1Element::dateTime_data() << QDateTime(); QTest::newRow("GeneralizedTime - 20510829095341Z") << QByteArray::fromHex("180f32303531303832393039353334315a") - << QDateTime(QDate(2051, 8, 29), QTime(9, 53, 41), Qt::UTC); + << QDateTime(QDate(2051, 8, 29), QTime(9, 53, 41), QTimeZone::UTC); QTest::newRow("GeneralizedTime - bad length") << QByteArray::fromHex("180e323035313038323930393533345a") << QDateTime(); diff --git a/tests/auto/network/ssl/qdtls/CMakeLists.txt b/tests/auto/network/ssl/qdtls/CMakeLists.txt index 310629370c..1d5eef094c 100644 --- a/tests/auto/network/ssl/qdtls/CMakeLists.txt +++ b/tests/auto/network/ssl/qdtls/CMakeLists.txt @@ -1,25 +1,24 @@ -# Generated from qdtls.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause ##################################################################### ## tst_qdtls Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qdtls LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + # Collect test data list(APPEND test_data "certs") qt_internal_add_test(tst_qdtls SOURCES tst_qdtls.cpp - PUBLIC_LIBRARIES + LIBRARIES Qt::NetworkPrivate TESTDATA ${test_data} + BUNDLE_ANDROID_OPENSSL_LIBS ) - -## Scopes: -##################################################################### - -#### Keys ignored in scope 3:.:.:qdtls.pro:(CMAKE_BUILD_TYPE STREQUAL Debug): -# DESTDIR = "debug" - -#### Keys ignored in scope 4:.:.:qdtls.pro:else: -# DESTDIR = "release" diff --git a/tests/auto/network/ssl/qdtls/certs/fluke.cert b/tests/auto/network/ssl/qdtls/certs/fluke.cert index ace4e4f0eb..4cc4d9a5ea 100644 --- a/tests/auto/network/ssl/qdtls/certs/fluke.cert +++ b/tests/auto/network/ssl/qdtls/certs/fluke.cert @@ -1,75 +1,34 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=NO, ST=Oslo, L=Nydalen, O=Nokia Corporation and/or its subsidiary(-ies), OU=Development, CN=fluke.troll.no/emailAddress=ahanssen@trolltech.com - Validity - Not Before: Dec 4 01:10:32 2007 GMT - Not After : Apr 21 01:10:32 2035 GMT - Subject: C=NO, ST=Oslo, O=Nokia Corporation and/or its subsidiary(-ies), OU=Development, CN=fluke.troll.no - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:a7:c8:a0:4a:c4:19:05:1b:66:ba:32:e2:d2:f1: - 1c:6f:17:82:e4:39:2e:01:51:90:db:04:34:32:11: - 21:c2:0d:6f:59:d8:53:90:54:3f:83:8f:a9:d3:b3: - d5:ee:1a:9b:80:ae:c3:25:c9:5e:a5:af:4b:60:05: - aa:a0:d1:91:01:1f:ca:04:83:e3:58:1c:99:32:45: - 84:70:72:58:03:98:4a:63:8b:41:f5:08:49:d2:91: - 02:60:6b:e4:64:fe:dd:a0:aa:74:08:e9:34:4c:91: - 5f:12:3d:37:4d:54:2c:ad:7f:5b:98:60:36:02:8c: - 3b:f6:45:f3:27:6a:9b:94:9d - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 21:85:04:3D:23:01:66:E5:F7:9F:1A:84:24:8A:AF:0A:79:F4:E5:AC - X509v3 Authority Key Identifier: - DirName:/C=NO/ST=Oslo/L=Nydalen/O=Nokia Corporation and/or its subsidiary(-ies)/OU=Development/CN=fluke.troll.no/emailAddress=ahanssen@trolltech.com - serial:8E:A8:B4:E8:91:B7:54:2E - - Signature Algorithm: sha1WithRSAEncryption - 6d:57:5f:d1:05:43:f0:62:05:ec:2a:71:a5:dc:19:08:f2:c4: - a6:bd:bb:25:d9:ca:89:01:0e:e4:cf:1f:c1:8c:c8:24:18:35: - 53:59:7b:c0:43:b4:32:e6:98:b2:a6:ef:15:05:0b:48:5f:e1: - a0:0c:97:a9:a1:77:d8:35:18:30:bc:a9:8f:d3:b7:54:c7:f1: - a9:9e:5d:e6:19:bf:f6:3c:5b:2b:d8:e4:3e:62:18:88:8b:d3: - 24:e1:40:9b:0c:e6:29:16:62:ab:ea:05:24:70:36:aa:55:93: - ef:02:81:1b:23:10:a2:04:eb:56:95:75:fc:f8:94:b1:5d:42: - c5:3f:36:44:85:5d:3a:2e:90:46:8a:a2:b9:6f:87:ae:0c:15: - 40:19:31:90:fc:3b:25:bb:ae:f1:66:13:0d:85:90:d9:49:34: - 8f:f2:5d:f9:7a:db:4d:5d:27:f6:76:9d:35:8c:06:a6:4c:a3: - b1:b2:b6:6f:1d:d7:a3:00:fd:72:eb:9e:ea:44:a1:af:21:34: - 7d:c7:42:e2:49:91:19:8b:c0:ad:ba:82:80:a8:71:70:f4:35: - 31:91:63:84:20:95:e9:60:af:64:8b:cc:ff:3d:8a:76:74:3d: - c8:55:6d:e4:8e:c3:2b:1c:e8:42:18:ae:9f:e6:6b:9c:34:06: - ec:6a:f2:c3 -----BEGIN CERTIFICATE----- -MIIEEzCCAvugAwIBAgIBADANBgkqhkiG9w0BAQUFADCBnDELMAkGA1UEBhMCTk8x -DTALBgNVBAgTBE9zbG8xEDAOBgNVBAcTB055ZGFsZW4xFjAUBgNVBAoTDVRyb2xs -dGVjaCBBU0ExFDASBgNVBAsTC0RldmVsb3BtZW50MRcwFQYDVQQDEw5mbHVrZS50 -cm9sbC5ubzElMCMGCSqGSIb3DQEJARYWYWhhbnNzZW5AdHJvbGx0ZWNoLmNvbTAe -Fw0wNzEyMDQwMTEwMzJaFw0zNTA0MjEwMTEwMzJaMGMxCzAJBgNVBAYTAk5PMQ0w -CwYDVQQIEwRPc2xvMRYwFAYDVQQKEw1Ucm9sbHRlY2ggQVNBMRQwEgYDVQQLEwtE -ZXZlbG9wbWVudDEXMBUGA1UEAxMOZmx1a2UudHJvbGwubm8wgZ8wDQYJKoZIhvcN -AQEBBQADgY0AMIGJAoGBAKfIoErEGQUbZroy4tLxHG8XguQ5LgFRkNsENDIRIcIN -b1nYU5BUP4OPqdOz1e4am4CuwyXJXqWvS2AFqqDRkQEfygSD41gcmTJFhHByWAOY -SmOLQfUISdKRAmBr5GT+3aCqdAjpNEyRXxI9N01ULK1/W5hgNgKMO/ZF8ydqm5Sd -AgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM -IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUIYUEPSMBZuX3nxqEJIqv -Cnn05awwgbsGA1UdIwSBszCBsKGBoqSBnzCBnDELMAkGA1UEBhMCTk8xDTALBgNV -BAgTBE9zbG8xEDAOBgNVBAcTB055ZGFsZW4xFjAUBgNVBAoTDVRyb2xsdGVjaCBB -U0ExFDASBgNVBAsTC0RldmVsb3BtZW50MRcwFQYDVQQDEw5mbHVrZS50cm9sbC5u -bzElMCMGCSqGSIb3DQEJARYWYWhhbnNzZW5AdHJvbGx0ZWNoLmNvbYIJAI6otOiR -t1QuMA0GCSqGSIb3DQEBBQUAA4IBAQBtV1/RBUPwYgXsKnGl3BkI8sSmvbsl2cqJ -AQ7kzx/BjMgkGDVTWXvAQ7Qy5piypu8VBQtIX+GgDJepoXfYNRgwvKmP07dUx/Gp -nl3mGb/2PFsr2OQ+YhiIi9Mk4UCbDOYpFmKr6gUkcDaqVZPvAoEbIxCiBOtWlXX8 -+JSxXULFPzZEhV06LpBGiqK5b4euDBVAGTGQ/Dslu67xZhMNhZDZSTSP8l35ettN -XSf2dp01jAamTKOxsrZvHdejAP1y657qRKGvITR9x0LiSZEZi8CtuoKAqHFw9DUx -kWOEIJXpYK9ki8z/PYp2dD3IVW3kjsMrHOhCGK6f5mucNAbsavLD +MIIF6zCCA9OgAwIBAgIUfo9amJtJGWqWE6f+SkAO85zkGr4wDQYJKoZIhvcNAQEL +BQAwgYMxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARPc2xvMQ0wCwYDVQQHDARPc2xv +MRcwFQYDVQQKDA5UaGUgUXQgQ29tcGFueTEMMAoGA1UECwwDUiZEMRIwEAYDVQQD +DAlIMiBUZXN0ZXIxGzAZBgkqhkiG9w0BCQEWDG1pbmltaUBxdC5pbzAgFw0yMDEw +MjYxMjAxMzFaGA8yMTIwMTAwMjEyMDEzMVowgYMxCzAJBgNVBAYTAk5PMQ0wCwYD +VQQIDARPc2xvMQ0wCwYDVQQHDARPc2xvMRcwFQYDVQQKDA5UaGUgUXQgQ29tcGFu +eTEMMAoGA1UECwwDUiZEMRIwEAYDVQQDDAlIMiBUZXN0ZXIxGzAZBgkqhkiG9w0B +CQEWDG1pbmltaUBxdC5pbzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AOiUp5+E4blouKH7q+rVNR8NoYX2XkBW+q+rpy1zu5ssRSzbqxAjDx9dkht7Qlnf +VlDT00JvpOWdeuPon5915edQRsY4Unl6mKH29ra3OtUa1/yCJXsGVJTKCj7k4Bxb +5mZzb/fTlZntMLdTIBMfUbw62FKir1WjKIcJ9fCoG8JaGeKVO4Rh5p0ezd4UUUId +r1BXl5Nqdqy2vTMsEDnjOsD3egkv8I2SKN4O6n/C3wWYpMOWYZkGoZiKz7rJs/i/ +ez7bsV7JlwdzTlhpJzkcOSVFBP6JlEOxTNNxZ1wtKy7PtZGmsSSATq2e6+bw38Ae +Op0XnzzqcGjtDDofBmT7OFzZWjS9VZS6+DOOe2QHWle1nCHcHyH4ku6IRlsr9xkR +NAIlOfnvHHxqJUenoeaZ4oQDjCBKS1KXygJO/tL7BLTQVn/xK1EmPvKNnjzWk4tR +PnibUhhs5635qpOU/YPqFBh1JjVruZbsWcDAhRcew0uxONXOa9E+4lttQ9ySYa1A +LvWqJuAX7gu2BsBMLyqfm811YnA7CIFMyO+HlqmkLFfv5L/xIRAXR7l26YGO0VwX +CGjMfz4NVPMMke4nB7qa9NkpXQBQKMms3Qzd5JW0Hy9Ruj5O8GPcFZmV0twjd1uJ +PD/cAjkWLaXjdNsJ16QWc2nghQRS6HYqKRX6j+CXOxupAgMBAAGjUzBRMB0GA1Ud +DgQWBBRSCOU58j9NJZkMamt623qyCrhN3TAfBgNVHSMEGDAWgBRSCOU58j9NJZkM +amt623qyCrhN3TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCq +q4jxsWeNDv5Nq14hJtF9HB+ZL64zcZtRjJP1YgNs0QppKICmjPOL2nIMGmI/jKrs +0eGAL/9XXNVHPxm1OPOncvimMMmU6emZfpMdEtTfKP43+Pg9HgKRjLoQp406vGeQ +8ki/mbBhrItVPgEm3tu2AFA02XTYi+YxCI9kRZLGkM3FbgtOuTLPl0Z9y+kiPc9F +uCSC03anBEqv+vDSI8+wODymQ/IJ3Jyz1lxIRDfp4qAekmy0jU2c91VOHHEmOmqq +kqygGFRdwbe99m9yP63r6q0b5K3X2UnJ6bns0hmTwThYwpVPXLU8jdaTddbMukN2 +/Ef96Tsw8nWOEOPMySHOTIPgwyZRp26b0kA9EmhLwOP401SxXVQCmSRmtwNagmtg +jJKmZoYBN+//D45ibK8z6Q0oOm9P+Whf/uUXehcRxBxyV3xz7k0wKGQbHj/ddwcy +IUoIN4lrAlib+lK170kTKN352PDmrpo2gmIzPEsfurKAIMSelDl6H+kih16BtZ8y +Nz6fh9Soqrg3OSAware8pxV7k51crBMoPLN78KoRV8MFCK4K7Fddq4rRISq6hiXq +r1nsjoEPuKM9huprmZVZe9t5YcDa2I+wb3IiE3uwpZbAdaLDyQ5n6F/qpsiIkZXn +gtcF7oqpG5oYrwCcZ53y/ezUgUg7PlSz2XwAGvQtgg== -----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qdtls/certs/fluke.key b/tests/auto/network/ssl/qdtls/certs/fluke.key index 9d1664d609..337ce541a6 100644 --- a/tests/auto/network/ssl/qdtls/certs/fluke.key +++ b/tests/auto/network/ssl/qdtls/certs/fluke.key @@ -1,15 +1,52 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCnyKBKxBkFG2a6MuLS8RxvF4LkOS4BUZDbBDQyESHCDW9Z2FOQ -VD+Dj6nTs9XuGpuArsMlyV6lr0tgBaqg0ZEBH8oEg+NYHJkyRYRwclgDmEpji0H1 -CEnSkQJga+Rk/t2gqnQI6TRMkV8SPTdNVCytf1uYYDYCjDv2RfMnapuUnQIDAQAB -AoGANFzLkanTeSGNFM0uttBipFT9F4a00dqHz6JnO7zXAT26I5r8sU1pqQBb6uLz -/+Qz5Zwk8RUAQcsMRgJetuPQUb0JZjF6Duv24hNazqXBCu7AZzUenjafwmKC/8ri -KpX3fTwqzfzi//FKGgbXQ80yykSSliDL3kn/drATxsLCgQECQQDXhEFWLJ0vVZ1s -1Ekf+3NITE+DR16X+LQ4W6vyEHAjTbaNWtcTKdAWLA2l6N4WAAPYSi6awm+zMxx4 -VomVTsjdAkEAx0z+e7natLeFcrrq8pbU+wa6SAP1VfhQWKitxL1e7u/QO90NCpxE -oQYKzMkmmpOOFjQwEMAy1dvFMbm4LHlewQJAC/ksDBaUcQHHqjktCtrUb8rVjAyW -A8lscckeB2fEYyG5J6dJVaY4ClNOOs5yMDS2Afk1F6H/xKvtQ/5CzInA/QJATDub -K+BPU8jO9q+gpuIi3VIZdupssVGmCgObVCHLakG4uO04y9IyPhV9lA9tALtoIf4c -VIvv5fWGXBrZ48kZAQJBAJmVCdzQxd9LZI5vxijUCj5EI4e+x5DRqVUvyP8KCZrC -AiNyoDP85T+hBZaSXK3aYGpVwelyj3bvo1GrTNwNWLw= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDolKefhOG5aLih ++6vq1TUfDaGF9l5AVvqvq6ctc7ubLEUs26sQIw8fXZIbe0JZ31ZQ09NCb6TlnXrj +6J+fdeXnUEbGOFJ5epih9va2tzrVGtf8giV7BlSUygo+5OAcW+Zmc2/305WZ7TC3 +UyATH1G8OthSoq9VoyiHCfXwqBvCWhnilTuEYeadHs3eFFFCHa9QV5eTanastr0z +LBA54zrA93oJL/CNkijeDup/wt8FmKTDlmGZBqGYis+6ybP4v3s+27FeyZcHc05Y +aSc5HDklRQT+iZRDsUzTcWdcLSsuz7WRprEkgE6tnuvm8N/AHjqdF5886nBo7Qw6 +HwZk+zhc2Vo0vVWUuvgzjntkB1pXtZwh3B8h+JLuiEZbK/cZETQCJTn57xx8aiVH +p6HmmeKEA4wgSktSl8oCTv7S+wS00FZ/8StRJj7yjZ481pOLUT54m1IYbOet+aqT +lP2D6hQYdSY1a7mW7FnAwIUXHsNLsTjVzmvRPuJbbUPckmGtQC71qibgF+4LtgbA +TC8qn5vNdWJwOwiBTMjvh5appCxX7+S/8SEQF0e5dumBjtFcFwhozH8+DVTzDJHu +Jwe6mvTZKV0AUCjJrN0M3eSVtB8vUbo+TvBj3BWZldLcI3dbiTw/3AI5Fi2l43Tb +CdekFnNp4IUEUuh2KikV+o/glzsbqQIDAQABAoICAFw1q6tr5I48vY7DF+rXsuLn +5ZUWE1IQ6fzB4lr72nJv/9EEGnMgYzt9PpMUsD6vdCpBgS2C0+6RHArFzJtNA+RM +iHLIG7K7702veyr/xBx/MwiSlMeMv/XpkFxVI6E6skMGG2s3AMXxKvJTy5CpRx+I +eQFyLG+Ya1X2lgJes/q+/CpAHkOjCOpcLySQC5NZ74q734V7nSdmn+Zs3tYEh+O/ +eiuwTP/j5b38Te5vVTqDxTciJPmljmXLCwa0N100lWlbcpvw8qbqiTI2Jm3XCbUE +AzHjW9vmrF3cRS1fXxKFGShw3SRqlkbxjfeWoi8qDPUBS4m8LOr8qG9Wo5Nfon0z +zLP4bci3zHDvVcaaZrrsUBs/yZbg+Dgka1DmX7ekmeccr2yTdKDFgPupYUyxVbTl +a9ZLJysjFD7rgBv1ZclHonLp6Vbm+ZoTqvteo4ikAy6L9RtBWJ23XEK34PkP/+c5 +2vWZaOrnjSeBHbFce8cdJSxqWpP+eSCI5I9XbDrYFIsQ/gqKgtzDKy2ihJ2Y8STL +yO4hyFPFjxc+Gg4/P2PpmT5CY2ty44M0BWs+JGW96CJPrrplf2lmQUQJj5LZY66X +Z/4C9L7ZYtKZ+bs5SvU46yWugAvQZX22Xm9xLXWyVXRdx3bj+3M3fDnF9di/zdbh +CgLx7oWPNrXc7FCajnn9AoIBAQD5FMYwRpw9NWT9WDxQwx+cSI4Icbd88ByTW63S +LzeRwZA0J9/SfwO+aBRupzc9GkGXCiZcGMw3AGsCtig8yFlw8E5KnzN7KlftDMnM +9NUxxzlR8VwKyLnZfG7sDTl057ZlUujnqhmt/F8F7dIy7FVO1dE/8nngA+FYTCOG +UZdGjwyBDlDM0JJdUWGY3xslutcpCDN5mzSTKjy9drMvImAshRawxRF6WBpn7vr2 +nC6vciqfx1Mzx1vyk0Jm0ilaydDdLMADjt/iL4Nkr0BEs4k+UzQiKDwp8gu7abQ1 +eBfxd9Iar4htQa2I1Ewl6P01G/q+ZYwgHhJ9RVn4AxQXefILAoIBAQDvCouORdQX +C8wsyp7MwXlF/3NQeNN5/+B2mhbxrBOf7PmMCXLnkRWcjwJtzypWFqJ0sqai/2+0 +bqbMcjX5maT8stT2shl3zXe/Ejt2e3TBYpc1tyuses8Kb5BMU8hu6tTd3G2CMXpD +dT6DVemJZCTtwj9aBNIxSizvlgMolJnCpzhPnlfHSI6E+g3m/LTTo3HwbjMSw/Uq +irgjOpI2wSBB6LZPSgjvfcYPRyWUk16L4A5uSX0cADnovDFLa5/h0wJvN/OoCSQg +rLCXG5E18EyL5Wc58BCY1ZvxmjG3lQtgPxYu2Jwc36R/y/JKlxW5suER5ZNpbbD4 +uOyTt2VxMQ2bAoIBAQC5+MzRFqdo/AjfL5Y5JrbfVTzXCTDa09xCGd16ZU60QTWN ++4ed/r+o1sUKqUcRFB2MzEM/2DQBjQpZB/CbEWvWa1XJWXxypXbowveZU+QqOnmN +uQvj8WLyA3o+PNF9e9QvauwCrHpn8VpxbtPWuaYoKnUFreFZZQxHhPGxRBIS2JOZ +eDrT8ZaWnkCkh1AZp5smQ71LOprSlmKrg4jd1GjCVMxQR5N5KXbtyv0OTCZ/UFqK +2aRBsMPyJgkaBChkZPLRcKwc+/wlQRx1fHQb14DNTApMxoXFO7eOwqmOkpAt9iyl +SBIwoS0UUI5ab88+bBmXNvKcuFdNuQ4nowTJUn9pAoIBADMNkILBXSvS5DeIyuO2 +Sp1tkoZUV+5NfPY3sMDK3KIibaW/+t+EOBZo4L7tKQCb8vRzl21mmsfxfgRaPDbj +3r3tv9g0b4YLxxBy52pFscj/soXRai17SS7UZwA2QK+XzgDYbDcLNC6mIsTQG4Gx +dsWk3/zs3KuUSQaehmwrWK+fIUK38c1pLK8v7LoxrLkqxlHwZ04RthHw8KTthH7X +Pnl1J0LF8CSeOyfWLSuPUfkT0GEzptnNHpEbaHfQM6R6eaGhVJPF6AZme4y6YYgg +m2ihhSt1n0XVEWpHYWjxFy3mK2mz75unFC4LM+NEY2p2zuUQoCw7NjnY3QYrfCnx +rRMCggEAXeXsMSLFjjyuoL7iKbAxo52HD/P0fBoy58LyRcwfNVr0lvYan4pYEx+o +KijIh9K16PqXZXKMA9v003B+ulmF8bJ7SddCZ5NGvnFhUTDe4DdTKgp2RuwQ3Bsc +3skPIDbhVETyOLCtys34USHrq8U/0DlGY3eLRfxw9GnbKxSBGa/KEu/qQLPNUo50 +7xHZDg7GKeC3kqNJeqKM9rkp0VzIGkEnaD9127LeNDmERDfftxJzFoC/THvUBLfU +6Sus2ZYwRE8VFvKC30Q45t/c54X3IuhYvAuiCuTmyfE4ruyzyOwKzhUkeeLq1APX +g0veFbyfzlJ0q8qzD/iffqqIa2ZSmQ== +-----END PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp index dd380923df..372ee3a181 100644 --- a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp +++ b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp @@ -1,30 +1,5 @@ -/**************************************************************************** -** -** Copyright (C) 2021 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2021 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <QTestEventLoop> @@ -51,6 +26,8 @@ #include <algorithm> +using namespace std::chrono_literals; + QT_BEGIN_NAMESPACE namespace @@ -152,8 +129,8 @@ private: DtlsPtr clientCrypto; QTestEventLoop testLoop; - const int handshakeTimeoutMS = 5000; - const int dataExchangeTimeoutMS = 1000; + static constexpr auto HandshakeTimeout = 5s; + static constexpr auto DataExchangeTimeout = 1s; const QByteArray presharedKey = "DEADBEEFDEADBEEF"; QString certDirPath; @@ -169,6 +146,8 @@ Q_DECLARE_METATYPE(QSslKey) QT_BEGIN_NAMESPACE +void qt_ForceTlsSecurityLevel(); + void tst_QDtls::initTestCase() { if (!TlsAux::classImplemented(QSsl::ImplementedClass::Dtls)) @@ -196,7 +175,6 @@ void tst_QDtls::initTestCase() hostName = QStringLiteral("bob.org"); - void qt_ForceTlsSecurityLevel(); qt_ForceTlsSecurityLevel(); } @@ -294,7 +272,7 @@ void tst_QDtls::configuration() QFETCH(const QSslSocket::SslMode, mode); QDtls dtls(mode); QCOMPARE(dtls.dtlsConfiguration(), config); - config.setProtocol(QSsl::DtlsV1_0OrLater); + config.setProtocol(QSsl::DtlsV1_2); config.setDtlsCookieVerificationEnabled(false); QCOMPARE(config.dtlsCookieVerificationEnabled(), false); @@ -437,7 +415,7 @@ void tst_QDtls::handshake() QDTLS_VERIFY_NO_ERROR(clientCrypto); QCOMPARE(clientCrypto->handshakeState(), QDtls::HandshakeInProgress); - testLoop.enterLoopMSecs(handshakeTimeoutMS); + testLoop.enterLoop(HandshakeTimeout); QVERIFY(!testLoop.timeout()); @@ -497,7 +475,7 @@ void tst_QDtls::handshakeWithRetransmission() // client will re-transmit in 1s., the first part of 'ServerHello' to be // dropped, the client then will re-transmit after another 2 s. Thus it's ~3. // We err on safe side and double our (already quite generous) 5s. - testLoop.enterLoopMSecs(handshakeTimeoutMS * 2); + testLoop.enterLoop(HandshakeTimeout * 2); QVERIFY(!testLoop.timeout()); QDTLS_VERIFY_HANDSHAKE_SUCCESS(serverCrypto); @@ -520,7 +498,7 @@ void tst_QDtls::sessionCipher() QVERIFY(clientCrypto->setPeer(serverAddress, serverPort, hostName)); QVERIFY(clientCrypto->doHandshake(&clientSocket)); - testLoop.enterLoopMSecs(handshakeTimeoutMS); + testLoop.enterLoop(HandshakeTimeout); QVERIFY(!testLoop.timeout()); QDTLS_VERIFY_HANDSHAKE_SUCCESS(clientCrypto); @@ -583,7 +561,7 @@ void tst_QDtls::cipherPreferences() QVERIFY(clientCrypto->doHandshake(&clientSocket)); QDTLS_VERIFY_NO_ERROR(clientCrypto); - testLoop.enterLoopMSecs(handshakeTimeoutMS); + testLoop.enterLoop(HandshakeTimeout); QVERIFY(!testLoop.timeout()); QDTLS_VERIFY_HANDSHAKE_SUCCESS(clientCrypto); QDTLS_VERIFY_HANDSHAKE_SUCCESS(serverCrypto); @@ -603,20 +581,36 @@ void tst_QDtls::protocolVersionMatching_data() QTest::addColumn<QSsl::SslProtocol>("clientProtocol"); QTest::addColumn<bool>("works"); - QTest::addRow("DtlsV1_0 <-> DtlsV1_0") << QSsl::DtlsV1_0 << QSsl::DtlsV1_0 << true; - QTest::addRow("DtlsV1_0OrLater <-> DtlsV1_0") << QSsl::DtlsV1_0OrLater << QSsl::DtlsV1_0 << true; - QTest::addRow("DtlsV1_0 <-> DtlsV1_0OrLater") << QSsl::DtlsV1_0 << QSsl::DtlsV1_0OrLater << true; - QTest::addRow("DtlsV1_0OrLater <-> DtlsV1_0OrLater") << QSsl::DtlsV1_0OrLater << QSsl::DtlsV1_0OrLater << true; + //OPENSSL_VERSION_NUMBER : + //(OPENSSL_VERSION_MAJOR<<28) | (OPENSSL_VERSION_MINOR<<20) | (OPENSSL_VERSION_PATCH<<4) + const long ossl311 = 0x30100010; + + if (QSslSocket::sslLibraryVersionNumber() < ossl311) { +#if QT_DEPRECATED_SINCE(6, 3) +QT_WARNING_PUSH QT_WARNING_DISABLE_DEPRECATED + QTest::addRow("DtlsV1_0 <-> DtlsV1_0") << QSsl::DtlsV1_0 << QSsl::DtlsV1_0 << true; + QTest::addRow("DtlsV1_0OrLater <-> DtlsV1_0") << QSsl::DtlsV1_0OrLater << QSsl::DtlsV1_0 << true; + QTest::addRow("DtlsV1_0 <-> DtlsV1_0OrLater") << QSsl::DtlsV1_0 << QSsl::DtlsV1_0OrLater << true; + QTest::addRow("DtlsV1_0OrLater <-> DtlsV1_0OrLater") << QSsl::DtlsV1_0OrLater << QSsl::DtlsV1_0OrLater << true; +QT_WARNING_POP +#endif // QT_DEPRECATED_SINCE(6, 3) + } QTest::addRow("DtlsV1_2 <-> DtlsV1_2") << QSsl::DtlsV1_2 << QSsl::DtlsV1_2 << true; QTest::addRow("DtlsV1_2OrLater <-> DtlsV1_2") << QSsl::DtlsV1_2OrLater << QSsl::DtlsV1_2 << true; QTest::addRow("DtlsV1_2 <-> DtlsV1_2OrLater") << QSsl::DtlsV1_2 << QSsl::DtlsV1_2OrLater << true; QTest::addRow("DtlsV1_2OrLater <-> DtlsV1_2OrLater") << QSsl::DtlsV1_2OrLater << QSsl::DtlsV1_2OrLater << true; - QTest::addRow("DtlsV1_0 <-> DtlsV1_2") << QSsl::DtlsV1_0 << QSsl::DtlsV1_2 << false; - QTest::addRow("DtlsV1_0 <-> DtlsV1_2OrLater") << QSsl::DtlsV1_0 << QSsl::DtlsV1_2OrLater << false; - QTest::addRow("DtlsV1_2 <-> DtlsV1_0") << QSsl::DtlsV1_2 << QSsl::DtlsV1_0 << false; - QTest::addRow("DtlsV1_2OrLater <-> DtlsV1_0") << QSsl::DtlsV1_2OrLater << QSsl::DtlsV1_0 << false; + if (QSslSocket::sslLibraryVersionNumber() < ossl311) { +#if QT_DEPRECATED_SINCE(6, 3) +QT_WARNING_PUSH QT_WARNING_DISABLE_DEPRECATED + QTest::addRow("DtlsV1_0 <-> DtlsV1_2") << QSsl::DtlsV1_0 << QSsl::DtlsV1_2 << false; + QTest::addRow("DtlsV1_0 <-> DtlsV1_2OrLater") << QSsl::DtlsV1_0 << QSsl::DtlsV1_2OrLater << false; + QTest::addRow("DtlsV1_2 <-> DtlsV1_0") << QSsl::DtlsV1_2 << QSsl::DtlsV1_0 << false; + QTest::addRow("DtlsV1_2OrLater <-> DtlsV1_0") << QSsl::DtlsV1_2OrLater << QSsl::DtlsV1_0 << false; +QT_WARNING_POP +#endif // QT_DEPRECATED_SINCE(6, 3 + } } void tst_QDtls::protocolVersionMatching() @@ -642,7 +636,7 @@ void tst_QDtls::protocolVersionMatching() QVERIFY(clientCrypto->setPeer(serverAddress, serverPort)); QVERIFY(clientCrypto->doHandshake(&clientSocket)); - testLoop.enterLoopMSecs(handshakeTimeoutMS); + testLoop.enterLoop(HandshakeTimeout); if (works) { QDTLS_VERIFY_HANDSHAKE_SUCCESS(serverCrypto); @@ -677,7 +671,7 @@ void tst_QDtls::verificationErrors() // Now we are ready for handshake: QVERIFY(clientCrypto->doHandshake(&clientSocket)); - testLoop.enterLoopMSecs(handshakeTimeoutMS); + testLoop.enterLoop(HandshakeTimeout); QVERIFY(!testLoop.timeout()); QDTLS_VERIFY_NO_ERROR(serverCrypto); @@ -747,7 +741,7 @@ void tst_QDtls::presetExpectedErrors() QVERIFY(clientCrypto->setPeer(serverAddress, serverPort)); QVERIFY(clientCrypto->doHandshake(&clientSocket)); - testLoop.enterLoopMSecs(handshakeTimeoutMS); + testLoop.enterLoop(HandshakeTimeout); QVERIFY(!testLoop.timeout()); @@ -834,7 +828,7 @@ void tst_QDtls::verifyServerCertificate() QVERIFY(clientCrypto->doHandshake(&clientSocket)); - testLoop.enterLoopMSecs(handshakeTimeoutMS); + testLoop.enterLoop(HandshakeTimeout); QVERIFY(!testLoop.timeout()); if (serverKey.isNull() && !serverCerts.isEmpty()) { @@ -964,7 +958,7 @@ void tst_QDtls::verifyClientCertificate() QVERIFY(clientCrypto->doHandshake(&clientSocket)); QDTLS_VERIFY_NO_ERROR(clientCrypto); - testLoop.enterLoopMSecs(handshakeTimeoutMS); + testLoop.enterLoop(HandshakeTimeout); serverConfig = serverCrypto->dtlsConfiguration(); @@ -1011,7 +1005,7 @@ void tst_QDtls::blacklistedCerificate() QVERIFY(clientCrypto->setPeer(serverAddress, serverPort, name)); QVERIFY(clientCrypto->doHandshake(&clientSocket)); - testLoop.enterLoopMSecs(handshakeTimeoutMS); + testLoop.enterLoop(HandshakeTimeout); QVERIFY(!testLoop.timeout()); QCOMPARE(clientCrypto->handshakeState(), QDtls::PeerVerificationFailed); QCOMPARE(clientCrypto->dtlsError(), QDtlsError::PeerVerificationError); @@ -1063,7 +1057,7 @@ void tst_QDtls::readWriteEncrypted() QCOMPARE(clientCrypto->dtlsError(), QDtlsError::InvalidOperation); // 1.2 Finish the handshake: - testLoop.enterLoopMSecs(handshakeTimeoutMS); + testLoop.enterLoop(HandshakeTimeout); QVERIFY(!testLoop.timeout()); QDTLS_VERIFY_HANDSHAKE_SUCCESS(clientCrypto); @@ -1081,7 +1075,7 @@ void tst_QDtls::readWriteEncrypted() QVERIFY(clientBytesWritten > 0); // 5. Exchange client/server messages: - testLoop.enterLoopMSecs(dataExchangeTimeoutMS); + testLoop.enterLoop(DataExchangeTimeout); QVERIFY(!testLoop.timeout()); QCOMPARE(serverExpectedPlainText, serverReceivedPlainText); @@ -1099,7 +1093,7 @@ void tst_QDtls::readWriteEncrypted() QCOMPARE(crypto->handshakeState(), QDtls::HandshakeNotStarted); QVERIFY(!crypto->isConnectionEncrypted()); // 8. Receive this read notification and handle it: - testLoop.enterLoopMSecs(dataExchangeTimeoutMS); + testLoop.enterLoop(DataExchangeTimeout); QVERIFY(!testLoop.timeout()); DtlsPtr &peerCrypto = serverSideShutdown ? clientCrypto : serverCrypto; @@ -1124,7 +1118,7 @@ void tst_QDtls::datagramFragmentation() QVERIFY(clientCrypto->doHandshake(&clientSocket)); - testLoop.enterLoopMSecs(handshakeTimeoutMS); + testLoop.enterLoop(HandshakeTimeout); QVERIFY(!testLoop.timeout()); QDTLS_VERIFY_HANDSHAKE_SUCCESS(clientCrypto); diff --git a/tests/auto/network/ssl/qdtlscookie/CMakeLists.txt b/tests/auto/network/ssl/qdtlscookie/CMakeLists.txt index 28b1418173..d965c7efb6 100644 --- a/tests/auto/network/ssl/qdtlscookie/CMakeLists.txt +++ b/tests/auto/network/ssl/qdtlscookie/CMakeLists.txt @@ -1,21 +1,20 @@ -# Generated from qdtlscookie.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause ##################################################################### ## tst_qdtlscookie Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qdtlscookie LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qdtlscookie SOURCES tst_qdtlscookie.cpp - PUBLIC_LIBRARIES + LIBRARIES Qt::NetworkPrivate + BUNDLE_ANDROID_OPENSSL_LIBS ) - -## Scopes: -##################################################################### - -#### Keys ignored in scope 3:.:.:qdtlscookie.pro:(CMAKE_BUILD_TYPE STREQUAL Debug): -# DESTDIR = "debug" - -#### Keys ignored in scope 4:.:.:qdtlscookie.pro:else: -# DESTDIR = "release" diff --git a/tests/auto/network/ssl/qdtlscookie/tst_qdtlscookie.cpp b/tests/auto/network/ssl/qdtlscookie/tst_qdtlscookie.cpp index 42b51ad413..167a196104 100644 --- a/tests/auto/network/ssl/qdtlscookie/tst_qdtlscookie.cpp +++ b/tests/auto/network/ssl/qdtlscookie/tst_qdtlscookie.cpp @@ -1,30 +1,5 @@ -/**************************************************************************** -** -** Copyright (C) 2021 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2021 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <QTestEventLoop> @@ -47,6 +22,8 @@ #include <utility> #include <vector> +using namespace std::chrono_literals; + QT_BEGIN_NAMESPACE #define STOP_ON_FAILURE \ @@ -101,7 +78,7 @@ private: quint16 serverPort = 0; QTestEventLoop testLoop; - int handshakeTimeoutMS = 500; + static constexpr auto HandshakeTimeout = 500ms; QDtlsClientVerifier listener; using HandshakePtr = QSharedPointer<QDtls>; @@ -352,7 +329,7 @@ void tst_QDtlsCookie::verifyMultipleClients() clientsToAdd = clientsToWait = 100; - testLoop.enterLoopMSecs(handshakeTimeoutMS * clientsToWait); + testLoop.enterLoop(HandshakeTimeout * clientsToWait); QVERIFY(!testLoop.timeout()); QVERIFY(clientsToWait == 0); } @@ -376,7 +353,7 @@ void tst_QDtlsCookie::receiveMessage(QUdpSocket *socket, QByteArray *message, Q_ASSERT(socket && message); if (socket->pendingDatagramSize() <= 0) - testLoop.enterLoopMSecs(handshakeTimeoutMS); + testLoop.enterLoop(HandshakeTimeout); QVERIFY(!testLoop.timeout()); QVERIFY(socket->pendingDatagramSize()); diff --git a/tests/auto/network/ssl/qocsp/CMakeLists.txt b/tests/auto/network/ssl/qocsp/CMakeLists.txt index 827c81e9d8..98d38ec1c0 100644 --- a/tests/auto/network/ssl/qocsp/CMakeLists.txt +++ b/tests/auto/network/ssl/qocsp/CMakeLists.txt @@ -1,22 +1,26 @@ -# Generated from qocsp.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause ##################################################################### ## tst_qocsp Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qocsp LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qocsp SOURCES tst_qocsp.cpp - PUBLIC_LIBRARIES + LIBRARIES Qt::Network Qt::NetworkPrivate + BUNDLE_ANDROID_OPENSSL_LIBS ) -## Scopes: -##################################################################### - -#### Keys ignored in scope 3:.:.:qocsp.pro:(CMAKE_BUILD_TYPE STREQUAL Debug): -# DESTDIR = "debug" - -#### Keys ignored in scope 4:.:.:qocsp.pro:else: -# DESTDIR = "release" +qt_internal_extend_target(tst_qocsp CONDITION QT_FEATURE_openssl_linked + LIBRARIES + WrapOpenSSL::WrapOpenSSL +) diff --git a/tests/auto/network/ssl/qocsp/tst_qocsp.cpp b/tests/auto/network/ssl/qocsp/tst_qocsp.cpp index 1b48b59534..81ce030be0 100644 --- a/tests/auto/network/ssl/qocsp/tst_qocsp.cpp +++ b/tests/auto/network/ssl/qocsp/tst_qocsp.cpp @@ -1,30 +1,5 @@ -/**************************************************************************** - ** - ** Copyright (C) 2018 The Qt Company Ltd. - ** Contact: https://www.qt.io/licensing/ - ** - ** This file is part of the test suite of the Qt Toolkit. - ** - ** $QT_BEGIN_LICENSE:GPL-EXCEPT$ - ** Commercial License Usage - ** Licensees holding valid commercial Qt licenses may use this file in - ** accordance with the commercial license agreement provided with the - ** Software or, alternatively, in accordance with the terms contained in - ** a written agreement between you and The Qt Company. For licensing terms - ** and conditions see https://www.qt.io/terms-conditions. For further - ** information use the contact form at https://www.qt.io/contact-us. - ** - ** GNU General Public License Usage - ** Alternatively, this file may be used under the terms of the GNU - ** General Public License version 3 as published by the Free Software - ** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT - ** included in the packaging of this file. Please review the following - ** information to ensure the GNU General Public License requirements will - ** be met: https://www.gnu.org/licenses/gpl-3.0.html. - ** - ** $QT_END_LICENSE$ - ** - ****************************************************************************/ +// Copyright (C) 2018 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <QTestEventLoop> @@ -53,6 +28,8 @@ #include <algorithm> #include <utility> +using namespace std::chrono_literals; + // NOTE: the word 'subject' in the code below means the subject of a status request, // so in general it's our peer's certificate we are asking about. @@ -411,7 +388,7 @@ private: void (QSslSocket::*tlsErrorsSignal)(const QList<QSslError> &) = &QSslSocket::sslErrors; void (QTestEventLoop::*exitLoopSlot)() = &QTestEventLoop::exitLoop; - const int handshakeTimeoutMS = 500; + static constexpr auto HandshakeTimeout = 500ms; QTestEventLoop loop; std::vector<QSslError::SslError> ocspErrorCodes = {QSslError::OcspNoResponseFound, @@ -487,7 +464,7 @@ void tst_QOcsp::connectSelfSigned() auto roots = clientConfig.caCertificates(); setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName()); clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); - loop.enterLoopMSecs(handshakeTimeoutMS); + loop.enterLoop(HandshakeTimeout); QVERIFY(!clientSocket.isEncrypted()); QCOMPARE_SINGLE_ERROR(clientSocket, expectedError); @@ -503,7 +480,7 @@ void tst_QOcsp::connectSelfSigned() QSslSocket clientSocket; setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName()); clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); - loop.enterLoopMSecs(handshakeTimeoutMS); + loop.enterLoop(HandshakeTimeout); QVERIFY_HANDSHAKE_WITHOUT_ERRORS(clientSocket); @@ -568,7 +545,7 @@ void tst_QOcsp::badStatus() QSslSocket clientSocket; setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName()); clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); - loop.enterLoopMSecs(handshakeTimeoutMS); + loop.enterLoop(HandshakeTimeout); QVERIFY(!clientSocket.isEncrypted()); QCOMPARE_SINGLE_ERROR(clientSocket, expectedError.error()); @@ -599,7 +576,7 @@ void tst_QOcsp::multipleSingleResponses() QSslSocket clientSocket; setupOcspClient(clientSocket, issuerToChain(responderChain), server.peerVerifyName()); clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); - loop.enterLoopMSecs(handshakeTimeoutMS); + loop.enterLoop(HandshakeTimeout); QVERIFY(!clientSocket.isEncrypted()); QCOMPARE_SINGLE_ERROR(clientSocket, expectedError); @@ -619,7 +596,7 @@ void tst_QOcsp::malformedResponse() QSslSocket clientSocket; setupOcspClient(clientSocket, issuerToChain(serverChain), server.peerVerifyName()); clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); - loop.enterLoopMSecs(handshakeTimeoutMS); + loop.enterLoop(HandshakeTimeout); QVERIFY(!clientSocket.isEncrypted()); QCOMPARE(clientSocket.error(), QAbstractSocket::SslHandshakeFailedError); @@ -658,7 +635,7 @@ void tst_QOcsp::expiredResponse() QSslSocket clientSocket; setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName()); clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); - loop.enterLoopMSecs(handshakeTimeoutMS); + loop.enterLoop(HandshakeTimeout); QVERIFY(!clientSocket.isEncrypted()); QCOMPARE_SINGLE_ERROR(clientSocket, expectedError); @@ -689,7 +666,7 @@ void tst_QOcsp::noNextUpdate() QSslSocket clientSocket; setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName()); clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); - loop.enterLoopMSecs(handshakeTimeoutMS); + loop.enterLoop(HandshakeTimeout); QVERIFY_HANDSHAKE_WITHOUT_ERRORS(clientSocket); } @@ -735,7 +712,7 @@ void tst_QOcsp::wrongCertificateInResponse() QSslSocket clientSocket; setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName()); clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); - loop.enterLoopMSecs(handshakeTimeoutMS); + loop.enterLoop(HandshakeTimeout); QVERIFY(!clientSocket.isEncrypted()); QVERIFY(containsError(clientSocket.sslHandshakeErrors(), expectedError)); @@ -760,7 +737,7 @@ void tst_QOcsp::untrustedResponder() QSslSocket clientSocket; setupOcspClient(clientSocket, {}, server.peerVerifyName()); clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); - loop.enterLoopMSecs(handshakeTimeoutMS); + loop.enterLoop(HandshakeTimeout); QVERIFY(!clientSocket.isEncrypted()); QVERIFY(containsError(clientSocket.sslHandshakeErrors(), expectedError)); diff --git a/tests/auto/network/ssl/qpassworddigestor/CMakeLists.txt b/tests/auto/network/ssl/qpassworddigestor/CMakeLists.txt index 29eb26e377..96491eada9 100644 --- a/tests/auto/network/ssl/qpassworddigestor/CMakeLists.txt +++ b/tests/auto/network/ssl/qpassworddigestor/CMakeLists.txt @@ -1,12 +1,20 @@ -# Generated from qpassworddigestor.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause ##################################################################### ## tst_qpassworddigestor Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qpassworddigestor LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qpassworddigestor SOURCES tst_qpassworddigestor.cpp - PUBLIC_LIBRARIES + LIBRARIES Qt::Network + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qpassworddigestor/tst_qpassworddigestor.cpp b/tests/auto/network/ssl/qpassworddigestor/tst_qpassworddigestor.cpp index 27201d23d0..1876c955af 100644 --- a/tests/auto/network/ssl/qpassworddigestor/tst_qpassworddigestor.cpp +++ b/tests/auto/network/ssl/qpassworddigestor/tst_qpassworddigestor.cpp @@ -1,30 +1,5 @@ -/**************************************************************************** -** -** Copyright (C) 2018 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2018 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <QtNetwork/qpassworddigestor.h> diff --git a/tests/auto/network/ssl/qsslcertificate/CMakeLists.txt b/tests/auto/network/ssl/qsslcertificate/CMakeLists.txt index caeac8d68a..6f81a5e030 100644 --- a/tests/auto/network/ssl/qsslcertificate/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslcertificate/CMakeLists.txt @@ -1,15 +1,20 @@ -# Generated from qsslcertificate.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause ##################################################################### ## tst_qsslcertificate Test: ##################################################################### -# special case begin +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslcertificate LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + # This test requires private tests to properly build if (NOT QT_FEATURE_private_tests) return() endif() -# special case end # Collect test data file(GLOB_RECURSE test_data_glob @@ -32,7 +37,8 @@ list(APPEND test_data ${test_data_glob}) qt_internal_add_test(tst_qsslcertificate SOURCES tst_qsslcertificate.cpp - PUBLIC_LIBRARIES + LIBRARIES Qt::Network TESTDATA ${test_data} + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh b/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh index 4d68549396..cdc1019dcb 100755 --- a/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh +++ b/tests/auto/network/ssl/qsslcertificate/certificates/gencertificates.sh @@ -1,31 +1,6 @@ #!/bin/sh -############################################################################# -## -## Copyright (C) 2016 The Qt Company Ltd. -## Contact: https://www.qt.io/licensing/ -## -## This file is the build configuration utility of the Qt Toolkit. -## -## $QT_BEGIN_LICENSE:GPL-EXCEPT$ -## Commercial License Usage -## Licensees holding valid commercial Qt licenses may use this file in -## accordance with the commercial license agreement provided with the -## Software or, alternatively, in accordance with the terms contained in -## a written agreement between you and The Qt Company. For licensing terms -## and conditions see https://www.qt.io/terms-conditions. For further -## information use the contact form at https://www.qt.io/contact-us. -## -## GNU General Public License Usage -## Alternatively, this file may be used under the terms of the GNU -## General Public License version 3 as published by the Free Software -## Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -## included in the packaging of this file. Please review the following -## information to ensure the GNU General Public License requirements will -## be met: https://www.gnu.org/licenses/gpl-3.0.html. -## -## $QT_END_LICENSE$ -## -############################################################################# +# Copyright (C) 2016 The Qt Company Ltd. +# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 # This script generates digital certificates of different types. diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.0.9.8 b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.0.9.8 deleted file mode 100644 index 20500b221f..0000000000 --- a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.0.9.8 +++ /dev/null @@ -1,42 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - ce:db:31:28:45:c4:05:40 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd - Validity - Not Before: Aug 4 09:53:41 2010 GMT - Not After : Aug 29 09:53:41 2051 GMT - Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:cd:aa:db:6f:d6:34:c9:a7:f1:c0:be:e4:41:18: - 19:e2:02:c9:22:e6:a7:d5:ba:03:2e:9e:28:7a:f4: - 5f:1a:77:5f:77:a9:11:3b:8f:7e:f0:2e:c6:9e:eb: - 3a:d9:12:d7:c1:0c:51:e8:24:52:3f:23:c3:42:0c: - 11:c6:f2:1c:a1:42:fe:b4:c2:69:83:ad:f7:70:b1: - 18:15:cc:20:28:62:30:f0:2c:15:e6:33:19:af:c3: - eb:1c:c0:91:f7:11:68:94:50:f8:49:37:08:32:d7: - 3e:75:df:a3:bc:69:00:15:de:cd:87:0f:5c:02:6b: - 82:c8:01:7d:6a:f0:1d:dc:73 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 - X509v3 Authority Key Identifier: - keyid:8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - a1:74:8e:5d:36:96:2c:05:7e:ea:66:cc:2e:68:c7:3d:93:dc: - 8c:a3:11:ad:b5:7e:6e:d0:04:c4:09:bd:0a:f9:39:3b:97:d7: - f0:bb:0c:09:7b:83:fe:bf:87:b0:47:e8:94:b7:aa:9c:79:ad: - 71:9e:b7:c4:99:98:6f:1d:38:32:f8:a3:75:38:c4:e5:e7:37: - 37:21:ec:7b:50:8b:15:b0:97:1e:17:9c:50:17:3c:c1:df:94: - 55:fb:60:2e:50:40:d1:ea:23:c6:3c:21:6f:97:8c:06:16:a5: - 82:72:c1:63:14:64:86:eb:d7:ff:72:f6:09:f5:6d:e6:04:13: - 7a:6a diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.1 b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.1 deleted file mode 100644 index 1a7d945b76..0000000000 --- a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.1 +++ /dev/null @@ -1,42 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - ce:db:31:28:45:c4:05:40 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd - Validity - Not Before: Aug 4 09:53:41 2010 GMT - Not After : Aug 29 09:53:41 2051 GMT - Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) - Modulus: - 00:cd:aa:db:6f:d6:34:c9:a7:f1:c0:be:e4:41:18: - 19:e2:02:c9:22:e6:a7:d5:ba:03:2e:9e:28:7a:f4: - 5f:1a:77:5f:77:a9:11:3b:8f:7e:f0:2e:c6:9e:eb: - 3a:d9:12:d7:c1:0c:51:e8:24:52:3f:23:c3:42:0c: - 11:c6:f2:1c:a1:42:fe:b4:c2:69:83:ad:f7:70:b1: - 18:15:cc:20:28:62:30:f0:2c:15:e6:33:19:af:c3: - eb:1c:c0:91:f7:11:68:94:50:f8:49:37:08:32:d7: - 3e:75:df:a3:bc:69:00:15:de:cd:87:0f:5c:02:6b: - 82:c8:01:7d:6a:f0:1d:dc:73 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 - X509v3 Authority Key Identifier: - keyid:8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - a1:74:8e:5d:36:96:2c:05:7e:ea:66:cc:2e:68:c7:3d:93:dc: - 8c:a3:11:ad:b5:7e:6e:d0:04:c4:09:bd:0a:f9:39:3b:97:d7: - f0:bb:0c:09:7b:83:fe:bf:87:b0:47:e8:94:b7:aa:9c:79:ad: - 71:9e:b7:c4:99:98:6f:1d:38:32:f8:a3:75:38:c4:e5:e7:37: - 37:21:ec:7b:50:8b:15:b0:97:1e:17:9c:50:17:3c:c1:df:94: - 55:fb:60:2e:50:40:d1:ea:23:c6:3c:21:6f:97:8c:06:16:a5: - 82:72:c1:63:14:64:86:eb:d7:ff:72:f6:09:f5:6d:e6:04:13: - 7a:6a diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.1c b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.1c deleted file mode 100644 index a45ed864f4..0000000000 --- a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.1c +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 14905561440751715648 (0xcedb312845c40540) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd - Validity - Not Before: Aug 4 09:53:41 2010 GMT - Not After : Aug 29 09:53:41 2051 GMT - Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) - Modulus: - 00:cd:aa:db:6f:d6:34:c9:a7:f1:c0:be:e4:41:18: - 19:e2:02:c9:22:e6:a7:d5:ba:03:2e:9e:28:7a:f4: - 5f:1a:77:5f:77:a9:11:3b:8f:7e:f0:2e:c6:9e:eb: - 3a:d9:12:d7:c1:0c:51:e8:24:52:3f:23:c3:42:0c: - 11:c6:f2:1c:a1:42:fe:b4:c2:69:83:ad:f7:70:b1: - 18:15:cc:20:28:62:30:f0:2c:15:e6:33:19:af:c3: - eb:1c:c0:91:f7:11:68:94:50:f8:49:37:08:32:d7: - 3e:75:df:a3:bc:69:00:15:de:cd:87:0f:5c:02:6b: - 82:c8:01:7d:6a:f0:1d:dc:73 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 - X509v3 Authority Key Identifier: - keyid:8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - a1:74:8e:5d:36:96:2c:05:7e:ea:66:cc:2e:68:c7:3d:93:dc: - 8c:a3:11:ad:b5:7e:6e:d0:04:c4:09:bd:0a:f9:39:3b:97:d7: - f0:bb:0c:09:7b:83:fe:bf:87:b0:47:e8:94:b7:aa:9c:79:ad: - 71:9e:b7:c4:99:98:6f:1d:38:32:f8:a3:75:38:c4:e5:e7:37: - 37:21:ec:7b:50:8b:15:b0:97:1e:17:9c:50:17:3c:c1:df:94: - 55:fb:60:2e:50:40:d1:ea:23:c6:3c:21:6f:97:8c:06:16:a5: - 82:72:c1:63:14:64:86:eb:d7:ff:72:f6:09:f5:6d:e6:04:13: - 7a:6a diff --git a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.0 b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.3.0.5 index b2ccb2751e..a2cf759c10 100644 --- a/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.1.0.0 +++ b/tests/auto/network/ssl/qsslcertificate/more-certificates/cert-large-expiration-date.txt.3.0.5 @@ -27,11 +27,11 @@ Certificate: X509v3 Subject Key Identifier: 8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 X509v3 Authority Key Identifier: - keyid:8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 - + 8A:6E:19:E7:97:9B:8F:D9:7F:B3:BB:01:4F:E8:6A:2F:52:95:0D:D9 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption + Signature Value: a1:74:8e:5d:36:96:2c:05:7e:ea:66:cc:2e:68:c7:3d:93:dc: 8c:a3:11:ad:b5:7e:6e:d0:04:c4:09:bd:0a:f9:39:3b:97:d7: f0:bb:0c:09:7b:83:fe:bf:87:b0:47:e8:94:b7:aa:9c:79:ad: diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp index 1213e99b58..b51053effd 100644 --- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp @@ -1,43 +1,22 @@ -/**************************************************************************** -** -** Copyright (C) 2016 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ - +// Copyright (C) 2016 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <QtNetwork/qtnetworkglobal.h> +#include <QtCore/qdatetime.h> +#include <QtCore/qtimezone.h> +#include <QtCore/qscopeguard.h> +#include <QtCore/qset.h> + #include <qsslcertificate.h> #include <qsslkey.h> #include <qsslsocket.h> #include <qsslcertificateextension.h> -#include <qscopeguard.h> #ifndef QT_NO_OPENSSL +#include <openssl/opensslv.h> #include <openssl/obj_mac.h> #endif @@ -123,7 +102,31 @@ private slots: #endif // QT_CONFIG(ssl) private: QString testDataDir; - bool isNonOpenSslTls = false; + + enum class TLSBackend { + OpenSSL, + Schannel, + SecureTransport, + CertOnly, + Unknown, + }; + static TLSBackend currentBackend() + { + static TLSBackend activeBackend = []() { + using namespace Qt::StringLiterals; + const QString active = QSslSocket::activeBackend(); + if (active == "openssl"_L1) + return TLSBackend::OpenSSL; + if (active == "schannel") + return TLSBackend::Schannel; + if (active == "securetransport") + return TLSBackend::SecureTransport; + if (active == "cert-only") + return TLSBackend::CertOnly; + return TLSBackend::Unknown; + }(); + return activeBackend; + } }; void tst_QSslCertificate::initTestCase() @@ -133,22 +136,15 @@ void tst_QSslCertificate::initTestCase() testDataDir = QCoreApplication::applicationDirPath(); if (!testDataDir.endsWith(QLatin1String("/"))) testDataDir += QLatin1String("/"); -#if QT_CONFIG(opensslv11) - // In the presence of 'openssl' backend, QSslSocket will - // select 'openssl' as the default one. - isNonOpenSslTls = QSslSocket::activeBackend() != QStringLiteral("openssl"); -#else - isNonOpenSslTls = true; -#endif // QT_CONFIG(ssl) QDir dir(testDataDir + "certificates"); - QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable); + const QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable); QRegularExpression rxCert(QLatin1String("^.+\\.(pem|der)$")); QRegularExpression rxSan(QLatin1String("^(.+\\.(?:pem|der))\\.san$")); QRegularExpression rxPubKey(QLatin1String("^(.+\\.(?:pem|der))\\.pubkey$")); QRegularExpression rxDigest(QLatin1String("^(.+\\.(?:pem|der))\\.digest-(md5|sha1)$")); QRegularExpressionMatch match; - foreach (QFileInfo fileInfo, fileInfoList) { + for (const QFileInfo &fileInfo : fileInfoList) { if ((match = rxCert.match(fileInfo.fileName())).hasMatch()) certInfoList << CertInfo(fileInfo, @@ -180,7 +176,7 @@ static QByteArray readFile(const QString &absFilePath) { QFile file(absFilePath); if (!file.open(QIODevice::ReadOnly)) { - QWARN("failed to open file"); + qWarning("failed to open file"); return QByteArray(); } return file.readAll(); @@ -211,7 +207,7 @@ void tst_QSslCertificate::createTestRows() { QTest::addColumn<QString>("absFilePath"); QTest::addColumn<QSsl::EncodingFormat>("format"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QTest::newRow(certInfo.fileInfo.fileName().toLatin1()) << certInfo.fileInfo.absoluteFilePath() << certInfo.format; } @@ -342,7 +338,7 @@ void tst_QSslCertificate::digest_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("absFilePath_digest_md5"); QTest::addColumn<QString>("absFilePath_digest_sha1"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QString certName = certInfo.fileInfo.fileName(); QTest::newRow(certName.toLatin1()) << certInfo.fileInfo.absoluteFilePath() @@ -395,7 +391,7 @@ void tst_QSslCertificate::subjectAlternativeNames_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("subjAltNameFilePath"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QString certName = certInfo.fileInfo.fileName(); if (subjAltNameMap.contains(certName)) QTest::newRow(certName.toLatin1()) @@ -477,7 +473,7 @@ void tst_QSslCertificate::subjectInfoToString() QVERIFY(testInfo(QSslCertificate::DistinguishedNameQualifier, QString())); QVERIFY(testInfo(QSslCertificate::SerialNumber, QString())); // TODO: check why generic code does not handle this! - if (!isNonOpenSslTls) + if (currentBackend() == TLSBackend::OpenSSL) QVERIFY(testInfo(QSslCertificate::EmailAddress, QStringLiteral("ababic@trolltech.com"))); } @@ -489,9 +485,8 @@ void tst_QSslCertificate::subjectIssuerDisplayName_data() QTest::addRow("CommonName") << QStringLiteral("more-certificates/cert-cn.pem") << QStringLiteral("YOUR name"); QTest::addRow("OrganizationName") << QStringLiteral("more-certificates/cert-on.pem") << QStringLiteral("R&D"); QTest::addRow("OrganizationUnitName") << QStringLiteral("more-certificates/cert-oun.pem") << QStringLiteral("Foundations"); -#ifndef QT_NO_OPENSSL - QTest::addRow("NoSubjectName") << QStringLiteral("more-certificates/cert-noname.pem") << QString(); -#endif + if (currentBackend() == TLSBackend::OpenSSL) + QTest::addRow("NoSubjectName") << QStringLiteral("more-certificates/cert-noname.pem") << QString(); } void tst_QSslCertificate::subjectIssuerDisplayName() @@ -521,7 +516,7 @@ void tst_QSslCertificate::utf8SubjectNames() static const char *ou = "\xe3\x88\xa7" "A" "\xe3\x89\x81\xef\xbd\xab" "BC"; // the following two tests should help find "\x"-literal encoding bugs in the test itself - QCOMPARE(cert.subjectInfo("O")[0].length(), QString::fromUtf8(o).length()); + QCOMPARE(cert.subjectInfo("O")[0].size(), QString::fromUtf8(o).size()); QCOMPARE (cert.subjectInfo("O")[0].toUtf8().toHex(), QByteArray(o).toHex()); QCOMPARE(cert.subjectInfo("O")[0], QString::fromUtf8(o)); @@ -534,7 +529,7 @@ void tst_QSslCertificate::publicKey_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("pubkeyFilePath"); - foreach (CertInfo certInfo, certInfoList) { + for (const CertInfo &certInfo : std::as_const(certInfoList)) { QString certName = certInfo.fileInfo.fileName(); if (pubkeyMap.contains(certName)) QTest::newRow(certName.toLatin1()) @@ -836,8 +831,10 @@ void tst_QSslCertificate::certInfo() QCOMPARE(cert.digest(QCryptographicHash::Sha1), QByteArray::fromHex("B6:D1:51:82:E0:29:CA:59:96:38:BD:B6:F9:40:05:91:6D:49:09:60")); - QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2007, 4, 17), QTime(7,40,26), Qt::UTC)); - QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2007, 5, 17), QTime(7,40,26), Qt::UTC)); + QCOMPARE(cert.effectiveDate().toUTC(), + QDateTime(QDate(2007, 4, 17), QTime(7,40,26), QTimeZone::UTC)); + QCOMPARE(cert.expiryDate().toUTC(), + QDateTime(QDate(2007, 5, 17), QTime(7,40,26), QTimeZone::UTC)); QVERIFY(cert.expiryDate() < QDateTime::currentDateTime()); // cert has expired QSslCertificate copy = cert; @@ -899,7 +896,7 @@ void tst_QSslCertificate::task256066toPem() void tst_QSslCertificate::nulInCN() { - if (isNonOpenSslTls) + if (currentBackend() != TLSBackend::OpenSSL) QSKIP("Generic QSslCertificatePrivate fails this test"); QList<QSslCertificate> certList = @@ -919,7 +916,7 @@ void tst_QSslCertificate::nulInCN() void tst_QSslCertificate::nulInSan() { - if (isNonOpenSslTls) + if (currentBackend() != TLSBackend::OpenSSL) QSKIP("Generic QSslCertificatePrivate fails this test"); QList<QSslCertificate> certList = @@ -961,16 +958,18 @@ void tst_QSslCertificate::largeExpirationDate() // QTBUG-12489 const QSslCertificate &cert = certList.at(0); QVERIFY(!cert.isNull()); - QCOMPARE(cert.effectiveDate().toUTC(), QDateTime(QDate(2010, 8, 4), QTime(9, 53, 41), Qt::UTC)); + QCOMPARE(cert.effectiveDate().toUTC(), + QDateTime(QDate(2010, 8, 4), QTime(9, 53, 41), QTimeZone::UTC)); // if the date is larger than 2049, then the generalized time format is used - QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2051, 8, 29), QTime(9, 53, 41), Qt::UTC)); + QCOMPARE(cert.expiryDate().toUTC(), + QDateTime(QDate(2051, 8, 29), QTime(9, 53, 41), QTimeZone::UTC)); } void tst_QSslCertificate::blacklistedCertificates() { QList<QSslCertificate> blacklistedCerts = QSslCertificate::fromPath(testDataDir + "more-certificates/blacklisted*.pem", QSsl::Pem, QSslCertificate::PatternSyntax::Wildcard); - QVERIFY(blacklistedCerts.count() > 0); - for (int a = 0; a < blacklistedCerts.count(); a++) { + QVERIFY(blacklistedCerts.size() > 0); + for (int a = 0; a < blacklistedCerts.size(); a++) { QVERIFY(blacklistedCerts.at(a).isBlacklisted()); } } @@ -984,7 +983,7 @@ void tst_QSslCertificate::selfsignedCertificates() void tst_QSslCertificate::toText() { - if (isNonOpenSslTls) + if (currentBackend() != TLSBackend::OpenSSL) QSKIP("QSslCertificate::toText is not implemented on platforms which do not use openssl"); QList<QSslCertificate> certList = @@ -993,42 +992,26 @@ void tst_QSslCertificate::toText() QCOMPARE(certList.size(), 1); const QSslCertificate &cert = certList.at(0); - // Openssl's cert dump method changed slightly between 0.9.8, 1.0.0 and 1.01 versions, so we want it to match any output - - QFile f098(testDataDir + "more-certificates/cert-large-expiration-date.txt.0.9.8"); - QVERIFY(f098.open(QIODevice::ReadOnly | QFile::Text)); - QByteArray txt098 = f098.readAll(); - - QFile f100(testDataDir + "more-certificates/cert-large-expiration-date.txt.1.0.0"); - QVERIFY(f100.open(QIODevice::ReadOnly | QFile::Text)); - QByteArray txt100 = f100.readAll(); - - QFile f101(testDataDir + "more-certificates/cert-large-expiration-date.txt.1.0.1"); - QVERIFY(f101.open(QIODevice::ReadOnly | QFile::Text)); - QByteArray txt101 = f101.readAll(); - - QFile f101c(testDataDir + "more-certificates/cert-large-expiration-date.txt.1.0.1c"); - QVERIFY(f101c.open(QIODevice::ReadOnly | QFile::Text)); - QByteArray txt101c = f101c.readAll(); - + // Openssl's cert dump method changed slightly between 1.1.1 and 3.0.5 versions, so we want it to match any output QFile f111(testDataDir + "more-certificates/cert-large-expiration-date.txt.1.1.1"); QVERIFY(f111.open(QIODevice::ReadOnly | QFile::Text)); QByteArray txt111 = f111.readAll(); + QFile f305(testDataDir + "more-certificates/cert-large-expiration-date.txt.3.0.5"); + QVERIFY(f305.open(QIODevice::ReadOnly | QFile::Text)); + QByteArray txt305 = f305.readAll(); + QString txtcert = cert.toText(); - QVERIFY(QString::fromLatin1(txt098) == txtcert || - QString::fromLatin1(txt100) == txtcert || - QString::fromLatin1(txt101) == txtcert || - QString::fromLatin1(txt101c) == txtcert || - QString::fromLatin1(txt111) == txtcert ); + QVERIFY(QString::fromLatin1(txt111) == txtcert || + QString::fromLatin1(txt305) == txtcert); } void tst_QSslCertificate::multipleCommonNames() { QList<QSslCertificate> certList = QSslCertificate::fromPath(testDataDir + "more-certificates/test-cn-two-cns-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QStringList commonNames = certList[0].subjectInfo(QSslCertificate::CommonName); QVERIFY(commonNames.contains(QString("www.example.com"))); @@ -1039,18 +1022,18 @@ void tst_QSslCertificate::subjectAndIssuerAttributes() { QList<QSslCertificate> certList = QSslCertificate::fromPath(testDataDir + "more-certificates/test-cn-with-drink-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QList<QByteArray> attributes = certList[0].subjectInfoAttributes(); QVERIFY(attributes.contains(QByteArray("favouriteDrink"))); attributes.clear(); certList = QSslCertificate::fromPath(testDataDir + "more-certificates/natwest-banking.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QByteArray shortName("1.3.6.1.4.1.311.60.2.1.3"); #if !defined(QT_NO_OPENSSL) && defined(SN_jurisdictionCountryName) - if (!isNonOpenSslTls) + if (currentBackend() == TLSBackend::OpenSSL) shortName = SN_jurisdictionCountryName; #endif attributes = certList[0].subjectInfoAttributes(); @@ -1059,8 +1042,8 @@ void tst_QSslCertificate::subjectAndIssuerAttributes() void tst_QSslCertificate::verify() { - if (isNonOpenSslTls) - QSKIP("Not implemented in SecureTransport or Schannel"); + if (currentBackend() != TLSBackend::OpenSSL) + QSKIP("Only implemented for OpenSSL"); QList<QSslError> errors; QList<QSslCertificate> toVerify; @@ -1073,7 +1056,7 @@ void tst_QSslCertificate::verify() // Empty chain is unspecified error errors = QSslCertificate::verify(toVerify); - VERIFY_VERBOSE(errors.count() == 1); + VERIFY_VERBOSE(errors.size() == 1); VERIFY_VERBOSE(errors[0] == QSslError(QSslError::UnspecifiedError)); errors.clear(); @@ -1092,14 +1075,14 @@ void tst_QSslCertificate::verify() toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-ocsp-good-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); errors = QSslCertificate::verify(toVerify); - VERIFY_VERBOSE(errors.count() == 0); + VERIFY_VERBOSE(errors.size() == 0); errors.clear(); // Test a blacklisted certificate toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-addons-mozilla-org-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); errors = QSslCertificate::verify(toVerify); bool foundBlack = false; - foreach (const QSslError &error, errors) { + for (const QSslError &error : std::as_const(errors)) { if (error.error() == QSslError::CertificateBlacklisted) { foundBlack = true; break; @@ -1127,11 +1110,11 @@ void tst_QSslCertificate::verify() toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-is-ca-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString).first(); toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-ca-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString).first(); errors = QSslCertificate::verify(toVerify); - VERIFY_VERBOSE(errors.count() == 0); + VERIFY_VERBOSE(errors.size() == 0); // Recheck the above with hostname validation errors = QSslCertificate::verify(toVerify, QLatin1String("example.com")); - VERIFY_VERBOSE(errors.count() == 0); + VERIFY_VERBOSE(errors.size() == 0); // Recheck the above with a bad hostname errors = QSslCertificate::verify(toVerify, QLatin1String("fail.example.com")); @@ -1145,9 +1128,8 @@ QString tst_QSslCertificate::toString(const QList<QSslError>& errors) { QStringList errorStrings; - foreach (const QSslError& error, errors) { + for (const QSslError &error : errors) errorStrings.append(QLatin1Char('"') + error.errorString() + QLatin1Char('"')); - } return QLatin1String("[ ") + errorStrings.join(QLatin1String(", ")) + QLatin1String(" ]"); } @@ -1156,11 +1138,11 @@ void tst_QSslCertificate::extensions() { QList<QSslCertificate> certList = QSslCertificate::fromPath(testDataDir + "more-certificates/natwest-banking.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QSslCertificate cert = certList[0]; QList<QSslCertificateExtension> extensions = cert.extensions(); - QCOMPARE(extensions.count(), 9); + QCOMPARE(extensions.size(), 9); int unknown_idx = -1; int authority_info_idx = -1; @@ -1168,7 +1150,7 @@ void tst_QSslCertificate::extensions() int subject_key_idx = -1; int auth_key_idx = -1; - for (int i=0; i < extensions.length(); ++i) { + for (int i=0; i < extensions.size(); ++i) { QSslCertificateExtension ext = extensions[i]; //qDebug() << i << ":" << ext.name() << ext.oid(); @@ -1254,16 +1236,16 @@ void tst_QSslCertificate::extensionsCritical() { QList<QSslCertificate> certList = QSslCertificate::fromPath(testDataDir + "verify-certs/test-addons-mozilla-org-cert.pem", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString); - QVERIFY(certList.count() > 0); + QVERIFY(certList.size() > 0); QSslCertificate cert = certList[0]; QList<QSslCertificateExtension> extensions = cert.extensions(); - QCOMPARE(extensions.count(), 9); + QCOMPARE(extensions.size(), 9); int basic_constraints_idx = -1; int key_usage_idx = -1; - for (int i=0; i < extensions.length(); ++i) { + for (int i=0; i < extensions.size(); ++i) { QSslCertificateExtension ext = extensions[i]; if (ext.name() == QStringLiteral("basicConstraints")) @@ -1401,6 +1383,9 @@ void tst_QSslCertificate::pkcs12() return; } + if (currentBackend() == TLSBackend::OpenSSL && QSslSocket::sslLibraryVersionNumber() >= 0x30000000L) + QSKIP("leaf.p12 is using RC2, which is disabled by default in OpenSSL v >= 3"); + QFile f(testDataDir + QLatin1String("pkcs12/leaf.p12")); bool ok = f.open(QIODevice::ReadOnly); QVERIFY(ok); @@ -1409,8 +1394,8 @@ void tst_QSslCertificate::pkcs12() QSslCertificate cert; QList<QSslCertificate> caCerts; - if (isNonOpenSslTls) - QEXPECT_FAIL("", "pkcs12 imports are only supported when openssl is used", Abort); // TODO? + if (currentBackend() != TLSBackend::OpenSSL) + QEXPECT_FAIL("", "pkcs12 imports are not available with the current TLS backend", Abort); // TODO? ok = QSslCertificate::importPkcs12(&f, &key, &cert, &caCerts); QVERIFY(ok); @@ -1442,7 +1427,8 @@ void tst_QSslCertificate::pkcs12() QFile nocert(testDataDir + QLatin1String("pkcs12/leaf-nokey.p12")); ok = nocert.open(QIODevice::ReadOnly); QVERIFY(ok); - QTest::ignoreMessage(QtWarningMsg, "Unable to convert private key"); + if (currentBackend() == TLSBackend::OpenSSL) + QTest::ignoreMessage(QtWarningMsg, "Unable to convert private key"); ok = QSslCertificate::importPkcs12(&nocert, &key, &cert, &caCerts); QVERIFY(!ok); nocert.close(); diff --git a/tests/auto/network/ssl/qsslcertificate/verify-certs/README b/tests/auto/network/ssl/qsslcertificate/verify-certs/README index 87cb293ef6..f4317331b6 100644 --- a/tests/auto/network/ssl/qsslcertificate/verify-certs/README +++ b/tests/auto/network/ssl/qsslcertificate/verify-certs/README @@ -1,2 +1,9 @@ openssl verify -CAfile cacert.pem -untrusted test-intermediate-ca-cert.pem test-intermediate-is-ca-cert.pem openssl verify -CAfile cacert.pem -untrusted test-ocsp-good-cert.pem test-intermediate-not-ca-cert.pem + +1. cacert.pem is, obviously, a root CA certificate. +2. test-intermediate-ca-cert.pem is a certificate, signed by the root CA, an intermediate CA. +3. test-intermediate-is-ca-cert.pem is a certificate, signed by test-intermediate-ca-cert.pem. +4. test-ocsp-good-cert.pem is signed by root CA, it has CA:FALSE but keyUsage allowing to sign + CSRs - this is how OpenSSL would report us 'invalid CA certificate' instead of 'No issuer found'. +5. test-intermediate-not-ca-cert.pem is signed by test-ocsp-good-cert.pem. diff --git a/tests/auto/network/ssl/qsslcertificate/verify-certs/cacert.pem b/tests/auto/network/ssl/qsslcertificate/verify-certs/cacert.pem index 8c75c54bcb..5b9b570479 100644 --- a/tests/auto/network/ssl/qsslcertificate/verify-certs/cacert.pem +++ b/tests/auto/network/ssl/qsslcertificate/verify-certs/cacert.pem @@ -1,23 +1,25 @@ -----BEGIN CERTIFICATE----- -MIID6zCCAtOgAwIBAgIJAP4bjANFSx0BMA0GCSqGSIb3DQEBBQUAMIGrMSYwJAYD -VQQDEx1XZXN0cG9pbnQgQ2VydGlmaWNhdGUgVGVzdCBDQTETMBEGA1UECBMKTGFu -Y2FzaGlyZTELMAkGA1UEBhMCVUsxHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUu -Y29tMUAwPgYDVQQKEzdXZXN0cG9pbnQgQ2VydGlmaWNhdGUgVGVzdCBSb290IENl -cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTExMDczMTIxMDExNloXDTIxMDcyODIx -MDExNlowgasxJjAkBgNVBAMTHVdlc3Rwb2ludCBDZXJ0aWZpY2F0ZSBUZXN0IENB -MRMwEQYDVQQIEwpMYW5jYXNoaXJlMQswCQYDVQQGEwJVSzEdMBsGCSqGSIb3DQEJ -ARYOY2FAZXhhbXBsZS5jb20xQDA+BgNVBAoTN1dlc3Rwb2ludCBDZXJ0aWZpY2F0 -ZSBUZXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQC5xMKXviXuxFO67WzFIImO5RY3Y+dqt7maTB+p -JiHkn98rJoBB4J1cDnEUIs5ErO+kqOjW7JwF50fePNJ5K+I6SbRVn9gxAI59ZA6O -9UvOPZOw4/6GM24UY4B4mUcp8oXg9fhwgtjVhfXiMD2GvKQq3RazIiCoSW4aJWEq -L58Q+sIo+jL72qwk648xIwIhuC3XzcOOE/+rCOtZmu812/NN08UfsL2qup0aaaGv -aL36n6OIx5AYFcCD5uOxXAmUy14mhwQyDHAl6K42ghSm5b43VMMSQ+N9AQpentWl -RH6Vt1eY52YTxjNxpRlj88GBnYxdr8WgjKOV7v8OPGXP6zWlAgMBAAGjEDAOMAwG -A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADptDEfvsh8aq/tTc7ciGkHG -jh7WFELVTcdWBTyveZ24298Hl9UOfsAfLqjMGMs3delAaZocchba9Og2xSZyRstH -GUtlJXd4PnSJSx/TksPf2DCANo5sxBWBITs1Iprm3Nlm3/xPZM2QLIamRYi2J6Ed -JTfWvMpoaW1umJX49jKqk1gfdcS6eUSaXetgYP2FQV7DstqPLYfQ731nEXZ1LXFM -PO7IoPccqk4YJ0KOV7hFb7NCq4a6cz/Gf0S0qJ44vqHz6iRZpmWIo5UFivwtLw9r -iMbdJ1mCCMR0oN5om3muKc7Sz+l2ItxdYMcLkZ1/3ouvQqOX+qIOrYEUN1RZCzI= +MIIENzCCAx+gAwIBAgIUdn+WSglXIMBvW46H1+kauM81p1UwDQYJKoZIhvcNAQEL +BQAwgaIxCzAJBgNVBAYTAk5PMQ8wDQYDVQQIDAZOb3J3YXkxDTALBgNVBAcMBE9z +bG8xDTALBgNVBAoMBFRRdEMxLzAtBgNVBAsMJlRRdEMgVGVzdCBSb290IEF1dGhv +cml6YXRpb24gQXV0aG9yaXR5MRowGAYDVQQDDBFUUXRDIHRlc3Qgcm9vdCBDQTEX +MBUGCSqGSIb3DQEJARYIY2FAcXQuaW8wHhcNMjEwNzI5MTIzNDM5WhcNMzEwNzI3 +MTIzNDM5WjCBojELMAkGA1UEBhMCTk8xDzANBgNVBAgMBk5vcndheTENMAsGA1UE +BwwET3NsbzENMAsGA1UECgwEVFF0QzEvMC0GA1UECwwmVFF0QyBUZXN0IFJvb3Qg +QXV0aG9yaXphdGlvbiBBdXRob3JpdHkxGjAYBgNVBAMMEVRRdEMgdGVzdCByb290 +IENBMRcwFQYJKoZIhvcNAQkBFghjYUBxdC5pbzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOXrt0DU0NCmvB/vsw3d5Ztn3Ab77AmnVSNSkWKOyei7bQ55 +Qx2FR+ihcPL3+HRQ+UAZsV/ryurkrCdFOOpkBC8a1Kq1ErXM9RbBdX9kyX7IG1KD +iwnFuci/2cDgounfxNDLPCWImukKfWGUfWlpnbbF4nYdaeP/S+LvsCklgphGdtLE +uO+bNLUNFT61X3d0eg/NQ0tMFFgjTQkKYueYpoAtS8zsHfJxLKzNVjdkUaqEsN1x +AmE6LLVhMwf7EHwlgCMb3H59R9N+kz8bjCNQrErctF0crvdZjlX9AudZGz6e6xso +Mmw6epkGSGF6eMjK62mQX4Y/15ruNIvuLla1dzcCAwEAAaNjMGEwHQYDVR0OBBYE +FFpvgro1qjV/QzO+gq/hScIGw7CpMB8GA1UdIwQYMBaAFFpvgro1qjV/QzO+gq/h +ScIGw7CpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 +DQEBCwUAA4IBAQC+Xbv1f2r2YBXTM7/Uc48DFjdCb4dOKOF8anIGmsG5IfcG77DW +PkyVvPVBVQYw11GtyEwdl5nYyM5VMUT2Jv0kL3sRjQASaQLQCJa3KpYKUV6/7+0W +h8oUSb6FyP8Ks/GTVgHGlSSWU6TixG2k85kKSDNinUDHqrjyS+EYXR4FZHY68lu1 +JSSDBrdEEMmBcChj7Yze9LcdcEUbsALori4363rJCsDmfE6M5nZCFGSn1oUAB8LS +XJ62DI16XbKjwSSFsvJA87n3Ujivytjgdq0e1EgpeNjFvcq5lJ83pQHK/G6+hIna +toLOSqYHUzZv5+NalkbfTUOLSuecUMDTz+KG -----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-ca-cert.pem b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-ca-cert.pem index d00490caba..4e850907ad 100644 --- a/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-ca-cert.pem +++ b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-ca-cert.pem @@ -1,66 +1,26 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 28 (0x1c) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=Westpoint Certificate Test CA, ST=Lancashire, C=UK/emailAddress=ca@example.com, O=Westpoint Certificate Test Root Certification Authority - Validity - Not Before: Jul 31 21:01:18 2011 GMT - Not After : Jul 28 21:01:18 2021 GMT - Subject: ST=Lancashire, C=UK/emailAddress=test@example.com, O=Test intermediate CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) - Modulus: - 00:bc:bd:83:c1:bc:36:d8:9c:74:68:5a:46:48:25: - 83:59:f8:35:1e:8f:dc:2c:52:3b:7c:2e:ea:40:c4: - 93:b6:39:31:df:f5:a6:f8:01:17:67:93:21:59:9b: - 89:7f:ed:2a:19:7b:25:a5:e1:71:12:99:e5:14:28: - df:75:b5:17:1c:3b:1d:3d:74:48:4f:b7:42:f4:3a: - ab:56:05:2b:fc:d3:27:97:01:08:5b:ad:26:9b:f2: - 87:51:9c:7e:e1:f1:ef:1c:bf:ad:7e:38:d9:76:89: - 30:a6:8c:2f:6f:87:9f:9e:57:13:14:b4:45:30:f3: - be:58:df:8a:d2:ee:7b:1d:89 - Exponent: 65537 (0x10001) - X509v3 extensions: - Authority Information Access: - OCSP - URI:http://ocsp.example.com:8888/ - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 33:84:9d:0e:b2:59:04:dc:ef:e3:04:8b:00:6c:64:ea:58:9e: - 36:59:76:27:59:a0:b8:ee:0d:86:83:ff:db:65:eb:6c:1f:16: - 47:e7:f5:e6:c3:88:81:73:7e:ed:12:8d:7e:fd:5e:b1:5c:68: - 47:f8:f9:ca:e3:e0:c0:f3:12:b2:24:3b:77:2c:98:de:05:6d: - a8:ec:27:b8:af:ab:84:25:26:73:b4:58:4c:7c:c1:74:97:98: - ab:0e:e6:99:70:bc:38:b0:9a:e3:d9:5c:75:fa:46:d2:87:55: - 09:86:8f:ef:4a:e4:ef:3e:32:c6:ac:9d:27:86:29:b8:78:38: - 7b:87:6c:57:72:bd:57:99:73:36:db:fa:52:bd:7b:a7:05:cd: - 28:b8:85:fc:11:47:5e:c6:77:72:6a:fb:73:3e:8b:a4:6d:f8: - 17:f4:12:d5:36:e0:ef:5c:f8:b2:a1:69:3e:4c:cf:86:5f:63: - f6:02:60:95:7f:61:e8:cb:7f:14:66:da:36:2e:78:13:3e:68: - ae:3f:13:c1:79:88:18:18:3f:23:f3:9a:e1:e7:7e:ae:50:e4: - b7:80:76:31:92:74:79:2c:de:d0:74:fe:81:7c:f6:01:14:6a: - 1f:5f:88:85:6a:11:1d:50:af:f1:97:4d:67:40:c3:e9:ae:6f: - 60:e2:bc:e2 -----BEGIN CERTIFICATE----- -MIIDUDCCAjigAwIBAgIBHDANBgkqhkiG9w0BAQUFADCBqzEmMCQGA1UEAxMdV2Vz -dHBvaW50IENlcnRpZmljYXRlIFRlc3QgQ0ExEzARBgNVBAgTCkxhbmNhc2hpcmUx -CzAJBgNVBAYTAlVLMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTFAMD4G -A1UEChM3V2VzdHBvaW50IENlcnRpZmljYXRlIFRlc3QgUm9vdCBDZXJ0aWZpY2F0 -aW9uIEF1dGhvcml0eTAeFw0xMTA3MzEyMTAxMThaFw0yMTA3MjgyMTAxMThaMGIx -EzARBgNVBAgTCkxhbmNhc2hpcmUxCzAJBgNVBAYTAlVLMR8wHQYJKoZIhvcNAQkB -FhB0ZXN0QGV4YW1wbGUuY29tMR0wGwYDVQQKExRUZXN0IGludGVybWVkaWF0ZSBD -QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvL2Dwbw22Jx0aFpGSCWDWfg1 -Ho/cLFI7fC7qQMSTtjkx3/Wm+AEXZ5MhWZuJf+0qGXslpeFxEpnlFCjfdbUXHDsd -PXRIT7dC9DqrVgUr/NMnlwEIW60mm/KHUZx+4fHvHL+tfjjZdokwpowvb4efnlcT -FLRFMPO+WN+K0u57HYkCAwEAAaNLMEkwOQYIKwYBBQUHAQEELTArMCkGCCsGAQUF -BzABhh1odHRwOi8vb2NzcC5leGFtcGxlLmNvbTo4ODg4LzAMBgNVHRMEBTADAQH/ -MA0GCSqGSIb3DQEBBQUAA4IBAQAzhJ0OslkE3O/jBIsAbGTqWJ42WXYnWaC47g2G -g//bZetsHxZH5/Xmw4iBc37tEo1+/V6xXGhH+PnK4+DA8xKyJDt3LJjeBW2o7Ce4 -r6uEJSZztFhMfMF0l5irDuaZcLw4sJrj2Vx1+kbSh1UJho/vSuTvPjLGrJ0nhim4 -eDh7h2xXcr1XmXM22/pSvXunBc0ouIX8EUdexndyavtzPoukbfgX9BLVNuDvXPiy -oWk+TM+GX2P2AmCVf2Hoy38UZto2LngTPmiuPxPBeYgYGD8j85rh536uUOS3gHYx -knR5LN7QdP6BfPYBFGofX4iFahEdUK/xl01nQMPprm9g4rzi +MIIEbTCCA1WgAwIBAgICEAcwDQYJKoZIhvcNAQELBQAwgaIxCzAJBgNVBAYTAk5P +MQ8wDQYDVQQIDAZOb3J3YXkxDTALBgNVBAcMBE9zbG8xDTALBgNVBAoMBFRRdEMx +LzAtBgNVBAsMJlRRdEMgVGVzdCBSb290IEF1dGhvcml6YXRpb24gQXV0aG9yaXR5 +MRowGAYDVQQDDBFUUXRDIHRlc3Qgcm9vdCBDQTEXMBUGCSqGSIb3DQEJARYIY2FA +cXQuaW8wHhcNMjEwNzI5MTcxNjA3WhcNMzEwNjA3MTcxNjA3WjCBqzELMAkGA1UE +BhMCTk8xDzANBgNVBAgMBk5vcndheTENMAsGA1UECgwEVFF0QzEwMC4GA1UECwwn +VFF0QyBJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MTAwLgYDVQQD +DCdUUXRDIEludGVybWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxGDAWBgkq +hkiG9w0BCQEWCWljYUBxdC5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAK1zsW+VafypIPdVrDavxgPJ8LIdYyIJtijHNvWmGDl9fgK8EZWm6uIsvHOL +D2ZtHmBRXCGXOuXFonZh2vpuPUzBdD8E4CQVE31QHHb2eoalpNgiIRODJEfOwMJZ +V5FP/iE5g5TJmbiqMwui2v4g4AWoQpsiSYnlgLd/XbZePpSSAqyZYsxGmzbcf2Vq +v5Tv8SbjLjuRZdwHsrXi/7S4qyybiPHLLoLD7+woDRo8wy+z0wQ8v2XsRzjqvBUn +QvuOvk5MXKHQzXheClMizcDDOcjaK0AKzVopQa6s0+Pmg+DW162DOrK4SGqpeBlp +OujEtiQk9+1hycAadbntYQ+/kHcCAwEAAaOBoTCBnjAdBgNVHQ4EFgQUemD1HaWM +WxNLlSONkvAiFhlmtVowHwYDVR0jBBgwFoAUWm+CujWqNX9DM76Cr+FJwgbDsKkw +EgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwOAYIKwYBBQUHAQEE +LDAqMCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFtcGxlLmNvbTo4ODg4MA0G +CSqGSIb3DQEBCwUAA4IBAQBxfeQrh/xnjL8vLLQB0PrPawCUB4X0RHheNAB8BZh/ +5t96StDZspB1p14iW1b9ziiN+w8hghdLO+UbEmbnfK9m0sxXPxGdO/dK5PeKkEZA +1Clbu1qPEwmbCeuPDHpcXMzYUEm/vHTJFNxfvLgiLYwZpxhYZiHeMMEUYxQRrmI1 +DJbcpZT4nYyaVKinvMmw5KG85cLsyjIgzhUwLGSAfB+p4pIX+R8GQZtdn26+FN9c +U+ZDfAUJ0hrPmd89KuSXm96tarx/EYnGzwletTL2IJWS1zxpGFlpyFgWq3m054iD +UAWX8IPCQRMwhoKmSqNbhtYIKLXyDe3Xg6yD0ySDKjlB -----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-is-ca-cert.pem b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-is-ca-cert.pem index 396cad86cb..3f13c93473 100644 --- a/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-is-ca-cert.pem +++ b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-is-ca-cert.pem @@ -1,53 +1,25 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 29 (0x1d) - Signature Algorithm: sha1WithRSAEncryption - Issuer: ST=Lancashire, C=UK/emailAddress=test@example.com, O=Test intermediate CA - Validity - Not Before: Jul 31 21:01:18 2011 GMT - Not After : Jul 28 21:01:18 2021 GMT - Subject: CN=example.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) - Modulus: - 00:c9:bb:98:5b:27:cd:b1:8a:a9:38:fc:aa:bb:ad: - a1:ed:cb:94:94:3e:79:90:ae:35:f3:87:b1:2a:4e: - d5:ff:55:93:e0:1a:68:2a:36:94:05:38:a7:72:64: - a3:31:0f:61:5c:ec:76:41:f1:35:4a:5e:bc:ef:51: - 90:9e:33:b4:08:7a:3f:f0:04:a8:46:99:96:25:b3: - 03:c8:cd:8c:33:42:76:82:b9:db:61:c6:91:ed:76: - 86:ae:04:38:d7:e5:5c:a9:a9:f9:b6:13:f4:90:40: - 6d:ec:2f:ba:ed:bc:ff:88:05:f0:7b:c8:ac:bd:d0: - 72:3a:91:64:86:06:89:66:0d - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Authority Information Access: - OCSP - URI:http://ocsp.example.com:8888/ - - Signature Algorithm: sha1WithRSAEncryption - 22:30:97:01:ea:d0:a8:d8:b5:32:97:c8:c9:8b:7d:01:02:53: - 74:f8:0a:10:dc:fc:73:b2:50:bb:59:47:f3:e4:9f:44:94:d5: - ca:c0:64:da:83:00:95:43:15:a5:e3:30:ce:66:ca:55:8c:16: - 03:1e:55:02:8b:c7:ad:ed:2e:ae:ee:31:59:53:37:ff:26:86: - 93:9d:e2:69:2e:c0:2a:66:38:a5:b5:54:a1:02:0a:83:67:e0: - 91:cf:fc:09:c3:70:71:b6:cf:fc:d3:e9:9f:f5:1c:4d:55:ec: - 66:f7:07:71:fc:d6:17:de:e1:ab:e6:f2:7b:83:46:1e:b9:96: - 95:8f -----BEGIN CERTIFICATE----- -MIICNjCCAZ+gAwIBAgIBHTANBgkqhkiG9w0BAQUFADBiMRMwEQYDVQQIEwpMYW5j -YXNoaXJlMQswCQYDVQQGEwJVSzEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxl -LmNvbTEdMBsGA1UEChMUVGVzdCBpbnRlcm1lZGlhdGUgQ0EwHhcNMTEwNzMxMjEw -MTE4WhcNMjEwNzI4MjEwMTE4WjAWMRQwEgYDVQQDEwtleGFtcGxlLmNvbTCBnzAN -BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAybuYWyfNsYqpOPyqu62h7cuUlD55kK41 -84exKk7V/1WT4BpoKjaUBTincmSjMQ9hXOx2QfE1Sl6871GQnjO0CHo/8ASoRpmW -JbMDyM2MM0J2grnbYcaR7XaGrgQ41+Vcqan5thP0kEBt7C+67bz/iAXwe8isvdBy -OpFkhgaJZg0CAwEAAaNIMEYwCQYDVR0TBAIwADA5BggrBgEFBQcBAQQtMCswKQYI -KwYBBQUHMAGGHWh0dHA6Ly9vY3NwLmV4YW1wbGUuY29tOjg4ODgvMA0GCSqGSIb3 -DQEBBQUAA4GBACIwlwHq0KjYtTKXyMmLfQECU3T4ChDc/HOyULtZR/Pkn0SU1crA -ZNqDAJVDFaXjMM5mylWMFgMeVQKLx63tLq7uMVlTN/8mhpOd4mkuwCpmOKW1VKEC -CoNn4JHP/AnDcHG2z/zT6Z/1HE1V7Gb3B3H81hfe4avm8nuDRh65lpWP +MIIEMjCCAxqgAwIBAgIUaR2Q0yCxxvaNVph0ASc+zhzQj2wwDQYJKoZIhvcNAQEL +BQAwgasxCzAJBgNVBAYTAk5PMQ8wDQYDVQQIDAZOb3J3YXkxDTALBgNVBAoMBFRR +dEMxMDAuBgNVBAsMJ1RRdEMgSW50ZXJtZWRpYXRlIENlcnRpZmljYXRlIEF1dGhv +cml0eTEwMC4GA1UEAwwnVFF0QyBJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0 +aG9yaXR5MRgwFgYJKoZIhvcNAQkBFglpY2FAcXQuaW8wHhcNMjEwNzI5MTcyODQy +WhcNMzEwNjA3MTcyODQyWjCBjDELMAkGA1UEBhMCTk8xDzANBgNVBAgMBk5vcndh +eTENMAsGA1UEBwwET3NsbzENMAsGA1UECgwEVFF0QzEXMBUGA1UECwwOUXQgRm91 +bmRhdGlvbnMxFDASBgNVBAMMC2V4YW1wbGUuY29tMR8wHQYJKoZIhvcNAQkBFhB0 +ZXN0QGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +4oQJn7Q5RC3suFgq+mDXbheEG8CQWlCgRoiX4s6ZYVvkwAyh+AfKz6bF6uAkGhSU +BqRGfrTnU46V+IHZT3mxa9KUThhQKzGwEACAoZK1IivDRxA6y/BK3LfJc/hcFqA1 +kVWAs949fOgmJpai8LHXlGMdVnoWJE9jL4OnfHDloVzFLXqUzcvJWOFiEHnGvD8J +S+VmYbMc5Yyw73hrqVgpe302TdGr5x4vgeQwk99r37v1dmHKWiI9PcQyy/Qp576Y +V6pdL164D4cD6OgohSzqd0d3BwAvC8lO9MCJiL5l2TiaJpcEMxS8ycQCwaUp6HC1 +y+HHtfSYu9DRu4PXKccWlQIDAQABo2swaTAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0l +BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMDgGCCsGAQUFBwEBBCwwKjAoBggrBgEF +BQcwAYYcaHR0cDovL29jc3AuZXhhbXBsZS5jb206ODg4ODANBgkqhkiG9w0BAQsF +AAOCAQEAcMAO6aZesrll+VnceYD2A77Uckqu7UaJ+Cno/aXxaZuBVmfyhdUyK9DF +bqLNGooR2DGbCjnoOpAaNGngfEkLH/aiDOaGgF9hPOfeUo2Axw7ElfVvwoyEy4zy +h7GLaA491mjg3XF5ZB56wxbWiBO7nvnHP2ln6x8L5A9RZIofxmChwNuDulB5aog5 +xfoZn8nqM+HQZNUNx5gX/QgPaVu3ytcVy0t8KYQesATc4hu3kaUPP372Unm4qOyA +WjX8g4zgCs4aVhjNqWEuX4FPyZQeY0IE5BK+H50z0m+rfH02Amlvq7TYpN50A9wL +qLirP+moVzEWJKJP0HWT/jo7Ze53FA== -----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-not-ca-cert.pem b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-not-ca-cert.pem index 34ad2b10a8..836afd85d3 100644 --- a/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-not-ca-cert.pem +++ b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-intermediate-not-ca-cert.pem @@ -1,54 +1,24 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 27 (0x1b) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=example.com, ST=Lancashire, C=UK/emailAddress=test@example.com, O=Some organisation - Validity - Not Before: Jul 31 21:01:18 2011 GMT - Not After : Jul 28 21:01:18 2021 GMT - Subject: CN=example.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) - Modulus: - 00:ea:d6:97:b5:3c:f4:37:8a:58:b4:7a:49:31:55: - dd:c8:84:ee:36:f6:72:3a:31:99:d1:df:af:bb:f9: - 17:e9:d8:47:d2:20:4b:94:ce:ea:c1:6b:23:9a:da: - 02:41:29:51:34:05:13:c0:98:4d:87:f8:91:a8:85: - 81:e4:ab:26:3d:26:59:29:16:7d:04:db:57:7b:f0: - b6:2b:5d:cf:e7:82:ba:83:a7:bc:63:43:03:2a:2b: - 18:40:89:4c:1e:90:bc:bf:10:24:81:50:0d:2e:e8: - 8e:a9:0a:fc:f8:cd:97:98:3c:cc:55:b7:f2:b2:0d: - 0e:36:53:3a:b2:d0:45:90:8b - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Authority Information Access: - OCSP - URI:http://ocsp.example.com:8888/ - - Signature Algorithm: sha1WithRSAEncryption - 82:d8:53:9c:d8:0b:0a:b3:9d:b4:0a:9f:93:ec:96:a6:31:6b: - 79:c9:d2:1c:76:0b:b7:f3:9f:b9:7a:dd:d7:b7:7b:26:ba:0a: - 54:2a:a3:ad:89:8e:3c:b8:8e:ea:09:53:58:73:9a:b3:a0:40: - 90:02:f2:60:04:b8:f0:2a:61:bd:91:9b:5e:81:5f:bf:cc:f2: - 33:33:8a:70:07:f5:ea:c0:05:38:34:f7:dc:ea:0c:74:01:5d: - dd:92:ab:f2:87:64:1b:7c:be:ae:37:c1:6c:ae:99:73:a5:aa: - 45:20:32:57:19:cb:30:45:61:2c:3b:23:52:ee:f0:cc:12:80: - 97:34 -----BEGIN CERTIFICATE----- -MIICSTCCAbKgAwIBAgIBGzANBgkqhkiG9w0BAQUFADB1MRQwEgYDVQQDEwtleGFt -cGxlLmNvbTETMBEGA1UECBMKTGFuY2FzaGlyZTELMAkGA1UEBhMCVUsxHzAdBgkq -hkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5jb20xGjAYBgNVBAoTEVNvbWUgb3JnYW5p -c2F0aW9uMB4XDTExMDczMTIxMDExOFoXDTIxMDcyODIxMDExOFowFjEUMBIGA1UE -AxMLZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOrWl7U8 -9DeKWLR6STFV3ciE7jb2cjoxmdHfr7v5F+nYR9IgS5TO6sFrI5raAkEpUTQFE8CY -TYf4kaiFgeSrJj0mWSkWfQTbV3vwtitdz+eCuoOnvGNDAyorGECJTB6QvL8QJIFQ -DS7ojqkK/PjNl5g8zFW38rINDjZTOrLQRZCLAgMBAAGjSDBGMAkGA1UdEwQCMAAw -OQYIKwYBBQUHAQEELTArMCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC5leGFtcGxl -LmNvbTo4ODg4LzANBgkqhkiG9w0BAQUFAAOBgQCC2FOc2AsKs520Cp+T7JamMWt5 -ydIcdgu385+5et3Xt3smugpUKqOtiY48uI7qCVNYc5qzoECQAvJgBLjwKmG9kZte -gV+/zPIzM4pwB/XqwAU4NPfc6gx0AV3dkqvyh2QbfL6uN8FsrplzpapFIDJXGcsw -RWEsOyNS7vDMEoCXNA== +MIID+jCCAuKgAwIBAgIUM3pG/f45Mn2QOCxAjTxuzXfIYj4wDQYJKoZIhvcNAQEL +BQAwgYcxCzAJBgNVBAYTAk5PMQ8wDQYDVQQIDAZOb3J3YXkxDTALBgNVBAcMBE9z +bG8xDTALBgNVBAoMBFRRdEMxEjAQBgNVBAsMCVNvbWUgVW5pdDEUMBIGA1UEAwwL +ZXhhbXBsZS5jb20xHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5jb20wHhcN +MjEwODA2MDQ0MjE1WhcNMzEwNjE1MDQ0MjE1WjCBjDELMAkGA1UEBhMCTk8xDzAN +BgNVBAgMBk5vcndheTENMAsGA1UEBwwET3NsbzENMAsGA1UECgwEVFF0QzEUMBIG +A1UECwwLRm91bmRhdGlvbnMxFDASBgNVBAMMC2V4YW1wbGUuY29tMSIwIAYJKoZI +hvcNAQkBFhNzaWduZWRieW5vbmNhQHF0LmlvMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEApXDPgUmyVw89XB1o+9yPepTyXOUnY4/4JHu333l3IQcEsK17 +tmOftWOa2TGzScrN0sbi73IhCx48/hYI3skHNiocXhHlrNI8tHkwHKWf5k957tMN +xeSIgddRXMegMc4Xxo9IMxFmvAi1q7gnIkEpBg+6NWRGhB3N2Iw8nUtyOc+wx6Us +EzRi/HpITzNsmeuwHPzlKe8HQsL5VeM9oo7HdH7Bb2M7t4+oizZe8jbvhbUWbylb +HDkD1ZoxDRyYAPYkYyvsIodDBSFOQmon7kZtshrmZO+VGPEDisaDJFYppyZNOmmA +g65IUf+0oJW73uuG5dZWwmjEhHlKhkmvqXBoUQIDAQABo1cwVTAOBgNVHQ8BAf8E +BAMCBeAwOAYIKwYBBQUHAQEELDAqMCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5l +eGFtcGxlLmNvbTo4ODg4MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBACBb +ERwLEJ9zGMk4lpnSK4hr2v8JZdVRbozKHUo0Vky3yyVoaFfKZqha9JpP0Ig71lSv +h8tmM41uFmIWCBc+JEu3PIGvZcs45/Py7NHHY5bua3/szRhkz0FbsEYbrCCE/Fom +rYxOd21q9+Aj0/ZGFccpc5v47SW8UFFjn5rhDKXqX7IZjFY/O6ILD/MnDePK963C +pGltAzKw1RRTQoXQWWWOQZx6jT+JFRQ1cc+QlY106461/qg1m1AhBG6/S6tjkcdI +h1jq4yMhfPP9BhxquZB4/mrBUY2rvUO40973m50trszjXSsdRgyScmEJKWco4MAZ +ZccSsplcBjL5ksfejH4= -----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcertificate/verify-certs/test-ocsp-good-cert.pem b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-ocsp-good-cert.pem index 34b26c6d5e..d4cd3e1f92 100644 --- a/tests/auto/network/ssl/qsslcertificate/verify-certs/test-ocsp-good-cert.pem +++ b/tests/auto/network/ssl/qsslcertificate/verify-certs/test-ocsp-good-cert.pem @@ -1,67 +1,24 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=Westpoint Certificate Test CA, ST=Lancashire, C=UK/emailAddress=ca@example.com, O=Westpoint Certificate Test Root Certification Authority - Validity - Not Before: Jul 31 21:01:16 2011 GMT - Not After : Jul 28 21:01:16 2021 GMT - Subject: CN=example.com, ST=Lancashire, C=UK/emailAddress=test@example.com, O=Some organisation - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) - Modulus: - 00:97:c9:92:27:81:a7:4c:64:82:a2:30:d6:07:b7: - 57:e0:9c:ea:cd:eb:53:be:ea:b6:b5:47:66:d0:68: - 54:25:a7:ed:21:5c:dc:fd:da:41:f6:c7:c0:35:ae: - 97:72:fd:8b:af:29:3d:38:5a:67:8b:39:8a:ce:86: - 25:0f:38:a7:b5:38:b3:8e:81:f0:ea:79:99:cb:f5: - 23:64:55:f3:4b:a4:b6:23:64:29:ea:ba:f3:29:52: - a7:7f:32:dc:0d:b6:d9:d4:e6:13:de:01:41:86:9a: - 2d:8f:bb:0c:18:88:09:ac:d4:6a:e9:cb:8a:17:8a: - 85:09:a6:ae:a6:1c:05:e9:55 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Authority Information Access: - OCSP - URI:http://ocsp.example.com:8888/ - - Signature Algorithm: sha1WithRSAEncryption - 8b:9b:96:fb:8e:1b:77:f5:70:39:fe:76:51:ac:a9:6b:80:a5: - b7:95:8b:c3:1a:9c:1f:bb:d1:d1:68:43:40:96:62:d6:a6:da: - d9:fd:9d:9a:9e:8a:84:fa:f5:54:ce:a8:d7:37:c7:0c:95:fc: - 11:8b:e9:32:53:e5:59:61:0a:53:70:f3:d6:ed:3f:b1:f4:49: - bf:86:c1:77:0d:b1:ac:65:7e:62:d2:f2:5a:31:50:a7:ed:28: - bb:63:d5:f3:4f:43:3a:3f:bf:3b:d0:94:aa:a1:74:95:be:a4: - 0f:8b:e0:6f:d8:33:84:76:71:b2:da:f4:0e:1e:d2:eb:f0:c3: - 1e:33:79:21:35:93:18:05:38:db:63:85:1a:e4:84:41:0a:c3: - fb:fd:5c:69:3d:18:0a:38:b8:16:18:d3:23:b9:51:47:2e:54: - 08:d1:fc:2e:b6:63:62:78:9c:26:59:c2:5e:5a:38:76:47:e7: - f0:f8:7b:b7:00:46:34:b0:44:28:a9:33:d7:e5:1d:52:c8:fb: - 32:a5:25:86:21:0c:80:f0:4b:37:60:a0:45:69:9f:6b:b0:34: - 91:5e:4c:62:45:99:83:1d:80:48:78:bb:ee:d4:83:39:76:c3: - e6:fb:31:e9:20:f0:64:90:24:4e:c6:07:75:40:1f:7e:97:77: - 1f:bf:a2:ef -----BEGIN CERTIFICATE----- -MIIDYDCCAkigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBqzEmMCQGA1UEAxMdV2Vz -dHBvaW50IENlcnRpZmljYXRlIFRlc3QgQ0ExEzARBgNVBAgTCkxhbmNhc2hpcmUx -CzAJBgNVBAYTAlVLMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTFAMD4G -A1UEChM3V2VzdHBvaW50IENlcnRpZmljYXRlIFRlc3QgUm9vdCBDZXJ0aWZpY2F0 -aW9uIEF1dGhvcml0eTAeFw0xMTA3MzEyMTAxMTZaFw0yMTA3MjgyMTAxMTZaMHUx -FDASBgNVBAMTC2V4YW1wbGUuY29tMRMwEQYDVQQIEwpMYW5jYXNoaXJlMQswCQYD -VQQGEwJVSzEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxlLmNvbTEaMBgGA1UE -ChMRU29tZSBvcmdhbmlzYXRpb24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -AJfJkieBp0xkgqIw1ge3V+Cc6s3rU77qtrVHZtBoVCWn7SFc3P3aQfbHwDWul3L9 -i68pPThaZ4s5is6GJQ84p7U4s46B8Op5mcv1I2RV80uktiNkKeq68ylSp38y3A22 -2dTmE94BQYaaLY+7DBiICazUaunLiheKhQmmrqYcBelVAgMBAAGjSDBGMAkGA1Ud -EwQCMAAwOQYIKwYBBQUHAQEELTArMCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC5l -eGFtcGxlLmNvbTo4ODg4LzANBgkqhkiG9w0BAQUFAAOCAQEAi5uW+44bd/VwOf52 -Uaypa4Clt5WLwxqcH7vR0WhDQJZi1qba2f2dmp6KhPr1VM6o1zfHDJX8EYvpMlPl -WWEKU3Dz1u0/sfRJv4bBdw2xrGV+YtLyWjFQp+0ou2PV809DOj+/O9CUqqF0lb6k -D4vgb9gzhHZxstr0Dh7S6/DDHjN5ITWTGAU422OFGuSEQQrD+/1caT0YCji4FhjT -I7lRRy5UCNH8LrZjYnicJlnCXlo4dkfn8Ph7twBGNLBEKKkz1+UdUsj7MqUlhiEM -gPBLN2CgRWmfa7A0kV5MYkWZgx2ASHi77tSDOXbD5vsx6SDwZJAkTsYHdUAffpd3 -H7+i7w== +MIIEEDCCAvigAwIBAgIUQrpDlYwLae3IBtw7fjH/oCSCWMYwDQYJKoZIhvcNAQEL +BQAwgaIxCzAJBgNVBAYTAk5PMQ8wDQYDVQQIDAZOb3J3YXkxDTALBgNVBAcMBE9z +bG8xDTALBgNVBAoMBFRRdEMxLzAtBgNVBAsMJlRRdEMgVGVzdCBSb290IEF1dGhv +cml6YXRpb24gQXV0aG9yaXR5MRowGAYDVQQDDBFUUXRDIHRlc3Qgcm9vdCBDQTEX +MBUGCSqGSIb3DQEJARYIY2FAcXQuaW8wHhcNMjEwODA2MDQzNzIyWhcNMzEwNjE1 +MDQzNzIyWjCBhzELMAkGA1UEBhMCTk8xDzANBgNVBAgMBk5vcndheTENMAsGA1UE +BwwET3NsbzENMAsGA1UECgwEVFF0QzESMBAGA1UECwwJU29tZSBVbml0MRQwEgYD +VQQDDAtleGFtcGxlLmNvbTEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxlLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEmu/GCuiQwbQf8qluK +5UovaQ4L3MHScVFbHlHu1Nyc12wmhhpzC3jC+OikxdCPpvxdNmdsOHonhNkO55sL +YygX4c4sCNM4B6VbJTfdOKHRBV6ySxFVS4jjBwB88Ouz9KieGiOAA6Lf6nqIBitU +eYQtBPye1lSqX4dAFHx7Il6Ad8Z3U9hUkqEpcW3AGSxFS6GebfTNleN85lXyLhHm +v66vEcHOGM7YSjWjUDto4C5LpYQHMvKe4/oZylQkRwevy8pZ+dK6ZiJuxzKVu2M2 ++LuYFeCRnFry5NBUBhpeLSOgJO2BYJZroRWygjBNUD6yToZFOX77ctL0+lXIgqZ8 +vT0CAwEAAaNXMFUwDgYDVR0PAQH/BAQDAgLkMDgGCCsGAQUFBwEBBCwwKjAoBggr +BgEFBQcwAYYcaHR0cDovL29jc3AuZXhhbXBsZS5jb206ODg4ODAJBgNVHRMEAjAA +MA0GCSqGSIb3DQEBCwUAA4IBAQAReaLhTl0k8+pmVNvnqkPg7UvwmZ1EStWyz0hn +Ar+NZSIdHUWqGqvoQVzcH5ODW3yfkNadhwfm8BJcFuy0ioTqhGuho3cI8Qr9MRQl +s0NNIjeENYbBElBXmJup4OdgCSy0GL3DeCoe3xR+IwHYeER/oH6VDBZrpVovHAk9 +6FlL6eBXgWu1YzXhKU4/enVIJ0A4LRF9WnyhQSucLwo3+bOvPxLBtmP+lWtXyKap +wMMNPu6EULAQ2IYcTgafCW9BWR1UWDXHBRO5ytBV4KFrhXiPoPmA4x0ACxnclH41 +b3Pj0pBur9cQuvap/FSz1uEfJdsYISw6srTfD4zNUuXXhSbz -----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslcipher/CMakeLists.txt b/tests/auto/network/ssl/qsslcipher/CMakeLists.txt index b8e8ba47d6..8538f56acd 100644 --- a/tests/auto/network/ssl/qsslcipher/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslcipher/CMakeLists.txt @@ -1,21 +1,20 @@ -# Generated from qsslcipher.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause ##################################################################### ## tst_qsslcipher Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslcipher LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qsslcipher SOURCES tst_qsslcipher.cpp - PUBLIC_LIBRARIES + LIBRARIES Qt::Network + BUNDLE_ANDROID_OPENSSL_LIBS ) - -## Scopes: -##################################################################### - -#### Keys ignored in scope 3:.:.:qsslcipher.pro:(CMAKE_BUILD_TYPE STREQUAL Debug): -# DESTDIR = "debug" - -#### Keys ignored in scope 4:.:.:qsslcipher.pro:else: -# DESTDIR = "release" diff --git a/tests/auto/network/ssl/qsslcipher/tst_qsslcipher.cpp b/tests/auto/network/ssl/qsslcipher/tst_qsslcipher.cpp index 3d415bcd19..6810149c11 100644 --- a/tests/auto/network/ssl/qsslcipher/tst_qsslcipher.cpp +++ b/tests/auto/network/ssl/qsslcipher/tst_qsslcipher.cpp @@ -1,30 +1,5 @@ -/**************************************************************************** -** -** Copyright (C) 2016 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2016 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> diff --git a/tests/auto/network/ssl/qssldiffiehellmanparameters/CMakeLists.txt b/tests/auto/network/ssl/qssldiffiehellmanparameters/CMakeLists.txt index 0ef55a7b55..3ac34b2f6c 100644 --- a/tests/auto/network/ssl/qssldiffiehellmanparameters/CMakeLists.txt +++ b/tests/auto/network/ssl/qssldiffiehellmanparameters/CMakeLists.txt @@ -1,12 +1,20 @@ -# Generated from qssldiffiehellmanparameters.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause ##################################################################### ## tst_qssldiffiehellmanparameters Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qssldiffiehellmanparameters LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qssldiffiehellmanparameters SOURCES tst_qssldiffiehellmanparameters.cpp - PUBLIC_LIBRARIES + LIBRARIES Qt::Network + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qssldiffiehellmanparameters/tst_qssldiffiehellmanparameters.cpp b/tests/auto/network/ssl/qssldiffiehellmanparameters/tst_qssldiffiehellmanparameters.cpp index 3bf3c75dce..d8c6d9158a 100644 --- a/tests/auto/network/ssl/qssldiffiehellmanparameters/tst_qssldiffiehellmanparameters.cpp +++ b/tests/auto/network/ssl/qssldiffiehellmanparameters/tst_qssldiffiehellmanparameters.cpp @@ -1,30 +1,5 @@ -/**************************************************************************** -** -** Copyright (C) 2015 Mikkel Krautz <mikkel@krautz.dk> -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2015 Mikkel Krautz <mikkel@krautz.dk> +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> diff --git a/tests/auto/network/ssl/qsslellipticcurve/CMakeLists.txt b/tests/auto/network/ssl/qsslellipticcurve/CMakeLists.txt index bf4d255d19..dd031a991b 100644 --- a/tests/auto/network/ssl/qsslellipticcurve/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslellipticcurve/CMakeLists.txt @@ -1,12 +1,20 @@ -# Generated from qsslellipticcurve.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause ##################################################################### ## tst_qsslellipticcurve Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslellipticcurve LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qsslellipticcurve SOURCES tst_qsslellipticcurve.cpp - PUBLIC_LIBRARIES + LIBRARIES Qt::Network + BUNDLE_ANDROID_OPENSSL_LIBS ) diff --git a/tests/auto/network/ssl/qsslellipticcurve/tst_qsslellipticcurve.cpp b/tests/auto/network/ssl/qsslellipticcurve/tst_qsslellipticcurve.cpp index 35b7082fad..96ef7e9828 100644 --- a/tests/auto/network/ssl/qsslellipticcurve/tst_qsslellipticcurve.cpp +++ b/tests/auto/network/ssl/qsslellipticcurve/tst_qsslellipticcurve.cpp @@ -1,31 +1,5 @@ -/**************************************************************************** -** -** Copyright (C) 2014 Governikus GmbH & Co. KG. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ - +// Copyright (C) 2014 Governikus GmbH & Co. KG. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> @@ -91,7 +65,8 @@ void tst_QSslEllipticCurve::fromShortName_data() QTest::newRow("QString()") << QString() << QSslEllipticCurve() << false; QTest::newRow("\"\"") << QString("") << QSslEllipticCurve() << false; QTest::newRow("does-not-exist") << QStringLiteral("does-not-exist") << QSslEllipticCurve() << false; - Q_FOREACH (QSslEllipticCurve ec, QSslConfiguration::supportedEllipticCurves()) { + const auto supported = QSslConfiguration::supportedEllipticCurves(); + for (QSslEllipticCurve ec : supported) { const QString sN = ec.shortName(); QTest::newRow(qPrintable("supported EC \"" + sN + '"')) << sN << ec << true; // At least in the OpenSSL impl, the short name is case-sensitive. That feels odd. @@ -124,7 +99,8 @@ void tst_QSslEllipticCurve::fromLongName_data() QTest::newRow("QString()") << QString() << QSslEllipticCurve() << false; QTest::newRow("\"\"") << QString("") << QSslEllipticCurve() << false; QTest::newRow("does-not-exist") << QStringLiteral("does-not-exist") << QSslEllipticCurve() << false; - Q_FOREACH (QSslEllipticCurve ec, QSslConfiguration::supportedEllipticCurves()) { + const auto supported = QSslConfiguration::supportedEllipticCurves(); + for (QSslEllipticCurve ec : supported) { const QString lN = ec.longName(); QTest::newRow(qPrintable("supported EC \"" + lN + '"')) << lN << ec << true; } diff --git a/tests/auto/network/ssl/qsslerror/CMakeLists.txt b/tests/auto/network/ssl/qsslerror/CMakeLists.txt index e9dd0953ba..006bec3ef2 100644 --- a/tests/auto/network/ssl/qsslerror/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslerror/CMakeLists.txt @@ -1,21 +1,20 @@ -# Generated from qsslerror.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause ##################################################################### ## tst_qsslerror Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslerror LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qsslerror SOURCES tst_qsslerror.cpp - PUBLIC_LIBRARIES + LIBRARIES Qt::Network + BUNDLE_ANDROID_OPENSSL_LIBS ) - -## Scopes: -##################################################################### - -#### Keys ignored in scope 3:.:.:qsslerror.pro:(CMAKE_BUILD_TYPE STREQUAL Debug): -# DESTDIR = "debug" - -#### Keys ignored in scope 4:.:.:qsslerror.pro:else: -# DESTDIR = "release" diff --git a/tests/auto/network/ssl/qsslerror/tst_qsslerror.cpp b/tests/auto/network/ssl/qsslerror/tst_qsslerror.cpp index cb82edd556..981fe3a0d5 100644 --- a/tests/auto/network/ssl/qsslerror/tst_qsslerror.cpp +++ b/tests/auto/network/ssl/qsslerror/tst_qsslerror.cpp @@ -1,30 +1,5 @@ -/**************************************************************************** -** -** Copyright (C) 2016 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2016 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtNetwork/qtnetworkglobal.h> diff --git a/tests/auto/network/ssl/qsslkey/BLACKLIST b/tests/auto/network/ssl/qsslkey/BLACKLIST deleted file mode 100644 index 5705a1982d..0000000000 --- a/tests/auto/network/ssl/qsslkey/BLACKLIST +++ /dev/null @@ -1,8 +0,0 @@ -[constructor] -rhel -[length] -rhel -[toEncryptedPemOrDer] -rhel -[toPemOrDer] -rhel diff --git a/tests/auto/network/ssl/qsslkey/CMakeLists.txt b/tests/auto/network/ssl/qsslkey/CMakeLists.txt index 8bf450f8fd..aae017562a 100644 --- a/tests/auto/network/ssl/qsslkey/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslkey/CMakeLists.txt @@ -1,9 +1,16 @@ -# Generated from qsslkey.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause ##################################################################### ## tst_qsslkey Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslkey LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + # Collect test data file(GLOB_RECURSE test_data_glob RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} @@ -17,16 +24,22 @@ list(APPEND test_data ${test_data_glob}) qt_internal_add_test(tst_qsslkey SOURCES tst_qsslkey.cpp - PUBLIC_LIBRARIES + LIBRARIES Qt::Network TESTDATA ${test_data} + BUNDLE_ANDROID_OPENSSL_LIBS +) + +qt_internal_extend_target(tst_qsslkey CONDITION QT_FEATURE_developer_build AND QT_FEATURE_openssl_linked + LIBRARIES + WrapOpenSSL::WrapOpenSSL ) ## Scopes: ##################################################################### -qt_internal_extend_target(tst_qsslkey CONDITION QT_FEATURE_private_tests - PUBLIC_LIBRARIES +qt_internal_extend_target(tst_qsslkey CONDITION QT_FEATURE_developer_build + LIBRARIES Qt::CorePrivate Qt::NetworkPrivate ) diff --git a/tests/auto/network/ssl/qsslkey/keys/genkeys.sh b/tests/auto/network/ssl/qsslkey/keys/genkeys.sh index 0106953bff..afa4b7fe84 100755 --- a/tests/auto/network/ssl/qsslkey/keys/genkeys.sh +++ b/tests/auto/network/ssl/qsslkey/keys/genkeys.sh @@ -1,31 +1,6 @@ #!/bin/sh -############################################################################# -## -## Copyright (C) 2016 The Qt Company Ltd. -## Contact: https://www.qt.io/licensing/ -## -## This file is the build configuration utility of the Qt Toolkit. -## -## $QT_BEGIN_LICENSE:GPL-EXCEPT$ -## Commercial License Usage -## Licensees holding valid commercial Qt licenses may use this file in -## accordance with the commercial license agreement provided with the -## Software or, alternatively, in accordance with the terms contained in -## a written agreement between you and The Qt Company. For licensing terms -## and conditions see https://www.qt.io/terms-conditions. For further -## information use the contact form at https://www.qt.io/contact-us. -## -## GNU General Public License Usage -## Alternatively, this file may be used under the terms of the GNU -## General Public License version 3 as published by the Free Software -## Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -## included in the packaging of this file. Please review the following -## information to ensure the GNU General Public License requirements will -## be met: https://www.gnu.org/licenses/gpl-3.0.html. -## -## $QT_END_LICENSE$ -## -############################################################################# +# Copyright (C) 2016 The Qt Company Ltd. +# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 # This script generates cryptographic keys of different types. diff --git a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp index cea49350f1..79bae3c270 100644 --- a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp +++ b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp @@ -1,30 +1,5 @@ -/**************************************************************************** -** -** Copyright (C) 2016 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2016 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <qsslkey.h> @@ -40,6 +15,8 @@ #include <QtCore/qdebug.h> #include <QtCore/qlist.h> +using namespace Qt::StringLiterals; + #ifdef QT_BUILD_INTERNAL #if QT_CONFIG(ssl) #include "private/qsslkey_p.h" @@ -115,6 +92,7 @@ private: QString testDataDir; bool fileContainsUnsupportedEllipticCurve(const QString &fileName) const; + bool algorithmsSupported(const QString &fileName) const; QVector<QString> unsupportedCurves; bool isOpenSsl = false; @@ -178,6 +156,37 @@ bool tst_QSslKey::fileContainsUnsupportedEllipticCurve(const QString &fileName) return false; } +bool tst_QSslKey::algorithmsSupported(const QString &fileName) const +{ +#if QT_CONFIG(ssl) + if (isSchannel && fileName.contains("RC2-64")) // Schannel treats RC2 as 128 bit + return false; + + if (isSchannel || isSecureTransport) { + // No AES support in the generic back-end, PKCS#12 algorithms not supported either. + return !(fileName.contains(QRegularExpression("-aes\\d\\d\\d-")) || fileName.contains("pkcs8-pkcs12")); + } + + if (!isOpenSsl || QSslSocket::sslLibraryVersionNumber() >> 28 < 3) + return true; + + // OpenSSL v3 first introduced the notion of 'providers'. Many algorithms + // were moved into the 'legacy' provider. While they are still supported in theory, + // the 'legacy' provider is NOT loaded by default and we are not loading it either. + // Thus, some of the keys we are using in tst_QSslKey would fail the test. We + // have to filter them out. + const auto name = fileName.toLower(); + if (name.contains("-des.")) + return false; + + return !name.contains("-rc2-") && !name.contains("-rc4-"); +#else + Q_UNUSED(fileName); + return false; +#endif // QT_CONFIG(ssl) +} + + void tst_QSslKey::initTestCase() { testDataDir = QFileInfo(QFINDTESTDATA("rsa-without-passphrase.pem")).absolutePath(); @@ -212,7 +221,7 @@ static QByteArray readFile(const QString &absFilePath) { QFile file(absFilePath); if (!file.open(QIODevice::ReadOnly)) { - QWARN("failed to open file"); + qWarning("failed to open file"); return QByteArray(); } return file.readAll(); @@ -242,21 +251,12 @@ void tst_QSslKey::createPlainTestRows(bool pemOnly) QTest::addColumn<QSsl::KeyType>("type"); QTest::addColumn<int>("length"); QTest::addColumn<QSsl::EncodingFormat>("format"); - foreach (KeyInfo keyInfo, keyInfoList) { + for (const KeyInfo &keyInfo : std::as_const(keyInfoList)) { if (pemOnly && keyInfo.format != QSsl::EncodingFormat::Pem) continue; - if (isSchannel) { - if (keyInfo.fileInfo.fileName().contains("RC2-64")) - continue; // Schannel treats RC2 as 128 bit - } - - if (isSchannel || isSecureTransport) { - if (keyInfo.fileInfo.fileName().contains(QRegularExpression("-aes\\d\\d\\d-"))) - continue; // No AES support in the generic back-end - if (keyInfo.fileInfo.fileName().contains("pkcs8-pkcs12")) - continue; // The generic back-end doesn't support PKCS#12 algorithms - } + if (!algorithmsSupported(keyInfo.fileInfo.fileName())) + continue; QTest::newRow(keyInfo.fileInfo.fileName().toLatin1()) << keyInfo.fileInfo.absoluteFilePath() << keyInfo.algorithm << keyInfo.type @@ -317,7 +317,7 @@ void tst_QSslKey::constructorHandle() passphrase = "1234"; BIO* bio = q_BIO_new(q_BIO_s_mem()); - q_BIO_write(bio, pem.constData(), pem.length()); + q_BIO_write(bio, pem.constData(), pem.size()); EVP_PKEY *origin = func(bio, nullptr, nullptr, static_cast<void *>(passphrase.data())); Q_ASSERT(origin); q_EVP_PKEY_up_ref(origin); @@ -469,13 +469,18 @@ void tst_QSslKey::toEncryptedPemOrDer_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("password"); - QStringList passwords; - passwords << " " << "foobar" << "foo bar" - << "aAzZ`1234567890-=~!@#$%^&*()_+[]{}\\|;:'\",.<>/?"; // ### add more (?) - foreach (KeyInfo keyInfo, keyInfoList) { + const QString passwords[] = { + u" "_s, + u"foobar"_s, + u"foo bar"_s, + u"aAzZ`1234567890-=~!@#$%^&*()_+[]{}\\|;:'\",.<>/?"_s, + // ### add more (?) + }; + + for (const KeyInfo &keyInfo : std::as_const(keyInfoList)) { if (keyInfo.fileInfo.fileName().contains("pkcs8")) continue; // pkcs8 keys are encrypted in a different way than the other keys - foreach (QString password, passwords) { + for (const QString &password : passwords) { const QByteArray testName = keyInfo.fileInfo.fileName().toLatin1() + '-' + (keyInfo.algorithm == QSsl::Rsa ? "RSA" : (keyInfo.algorithm == QSsl::Dsa ? "DSA" : "EC")) @@ -550,9 +555,15 @@ void tst_QSslKey::passphraseChecks_data() const QByteArray pass("123"); const QByteArray aesPass("1234"); - QTest::newRow("DES") << QString(testDataDir + "rsa-with-passphrase-des.pem") << pass; + if (!isOpenSsl || QSslSocket::sslLibraryVersionNumber() >> 28 < 3) { + // DES and RC2 are not provided by default in OpenSSL v3. + // This part is for either non-OpenSSL build, or OpenSSL v < 3.x. + QTest::newRow("DES") << QString(testDataDir + "rsa-with-passphrase-des.pem") << pass; + QTest::newRow("RC2") << QString(testDataDir + "rsa-with-passphrase-rc2.pem") << pass; + } + QTest::newRow("3DES") << QString(testDataDir + "rsa-with-passphrase-3des.pem") << pass; - QTest::newRow("RC2") << QString(testDataDir + "rsa-with-passphrase-rc2.pem") << pass; + #if defined(QT_NO_OPENSSL) || !defined(OPENSSL_NO_AES) QTest::newRow("AES128") << QString(testDataDir + "rsa-with-passphrase-aes128.pem") << aesPass; QTest::newRow("AES192") << QString(testDataDir + "rsa-with-passphrase-aes192.pem") << aesPass; @@ -569,7 +580,7 @@ void tst_QSslKey::passphraseChecks() QVERIFY(keyFile.exists()); { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); @@ -577,7 +588,7 @@ void tst_QSslKey::passphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); @@ -585,7 +596,7 @@ void tst_QSslKey::passphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "WRONG!"); @@ -593,7 +604,7 @@ void tst_QSslKey::passphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, passphrase); @@ -611,7 +622,7 @@ void tst_QSslKey::noPassphraseChecks() QFile keyFile(fileName); { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); @@ -619,7 +630,7 @@ void tst_QSslKey::noPassphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); @@ -627,7 +638,7 @@ void tst_QSslKey::noPassphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "xxx"); @@ -649,6 +660,9 @@ void tst_QSslKey::encrypt_data() QTest::addColumn<QByteArray>("iv"); QByteArray iv("abcdefgh"); +#if OPENSSL_VERSION_MAJOR < 3 + // Either non-OpenSSL build, or OpenSSL v < 3 + // (with DES and other legacy algorithms available by default) QTest::newRow("DES-CBC, length 0") << Cipher::DesCbc << QByteArray("01234567") << QByteArray() @@ -738,6 +752,7 @@ void tst_QSslKey::encrypt_data() << QByteArray(8, 'a') << QByteArray::fromHex("5AEC1A5B295660B02613454232F7DECE") << iv; +#endif // OPENSSL_VERSION_MAJOR #if defined(QT_NO_OPENSSL) || !defined(OPENSSL_NO_AES) // AES needs a longer IV diff --git a/tests/auto/network/ssl/qsslserver/CMakeLists.txt b/tests/auto/network/ssl/qsslserver/CMakeLists.txt new file mode 100644 index 0000000000..5957b2720e --- /dev/null +++ b/tests/auto/network/ssl/qsslserver/CMakeLists.txt @@ -0,0 +1,29 @@ +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause + +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslserver LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + +if(NOT QT_FEATURE_private_tests) + return() +endif() + +##################################################################### +## tst_qsslserver Test: +##################################################################### + +# Collect test data +list(APPEND test_data "certs") + +qt_internal_add_test(tst_qsslserver + SOURCES + tst_qsslserver.cpp + LIBRARIES + Qt::CorePrivate + Qt::NetworkPrivate + TESTDATA ${test_data} + BUNDLE_ANDROID_OPENSSL_LIBS +) diff --git a/tests/auto/network/ssl/qsslserver/certs/selfsigned-client.crt b/tests/auto/network/ssl/qsslserver/certs/selfsigned-client.crt new file mode 100644 index 0000000000..88da2db920 --- /dev/null +++ b/tests/auto/network/ssl/qsslserver/certs/selfsigned-client.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6TCCAdECCC/r9KvmbWTKMA0GCSqGSIb3DQEBCwUAMDUxFDASBgNVBAMMC0F1 +c3dlaXNBcHAyMR0wGwYDVQQFExQxODIzNTE0MTY0NzI5NDg5NDM3MTAiGA8xOTcw +MDEwMTAwMDAwMFoYDzk5OTkxMjMxMjM1OTU5WjA1MRQwEgYDVQQDDAtBdXN3ZWlz +QXBwMjEdMBsGA1UEBRMUMTgyMzUxNDE2NDcyOTQ4OTQzNzEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCahBpcZyr+PJBCpolzQeFVvDKABwlpdRKGZ8qq +jD4sq2L7VlBJslgJGv5vsB5oJbnX1FFEu4Uw2kYb/LhnFCEXEFtGKRpWOEZOOqWb +4l4q2MCa82ZCoIDt8yoAt0sSShbtR6pjW+l0lwAOEpfGvMaMVo5JUyspRxhl1dSu +sS2Wf65zliqF5VSM2r4xMfJ6LVytxDZsGfTe/HFT2OYYrF+UQZg0mNL39rYWOK4R +xoOz8eLl3K5hKuHNfn5zPt5QtMhaIvebijBg23xJpl+BeoS37WzaK1f+NyWZKPFb +rttvSnFxpkyRHqJJ5piNGH6pkQ1+zhd7uh7eOIwxktjYBOFzAgMBAAEwDQYJKoZI +hvcNAQELBQADggEBADw3MYPft+X78OK/2HAltzsKjfxv/D5qVizm9hcyG1GYe5pS +qgFn0trCyJopYdbRr+hP7CuHwMmv62CZiHSog3CBPoUh19JENUDGbHXxTEFleB0i +Fd8I2+WvRjbQ+ehaeTJPx88v5kkJnB2tZUNZuhEws8emCwr1G0TQv1tRYCR1Lp9i +8/I3FSFpL1zyk47WfM/THa279MPw9WtrFGA6oi36gH9mYxek7n/zQTVi54xDx9GT +KigBYqavjFdNXryjLTCCtJpMTDePgP66NAUnxn0D/amI2vSbIN++PSTsBm+n4Ti5 +QW/ShFQDNb4bDiwjtTKCeKwvAp2/6GSHVkYy28M= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslserver/certs/selfsigned-client.key b/tests/auto/network/ssl/qsslserver/certs/selfsigned-client.key new file mode 100644 index 0000000000..9e59342963 --- /dev/null +++ b/tests/auto/network/ssl/qsslserver/certs/selfsigned-client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAmoQaXGcq/jyQQqaJc0HhVbwygAcJaXUShmfKqow+LKti+1ZQ +SbJYCRr+b7AeaCW519RRRLuFMNpGG/y4ZxQhFxBbRikaVjhGTjqlm+JeKtjAmvNm +QqCA7fMqALdLEkoW7UeqY1vpdJcADhKXxrzGjFaOSVMrKUcYZdXUrrEtln+uc5Yq +heVUjNq+MTHyei1crcQ2bBn03vxxU9jmGKxflEGYNJjS9/a2FjiuEcaDs/Hi5dyu +YSrhzX5+cz7eULTIWiL3m4owYNt8SaZfgXqEt+1s2itX/jclmSjxW67bb0pxcaZM +kR6iSeaYjRh+qZENfs4Xe7oe3jiMMZLY2AThcwIDAQABAoIBAFjgvc0C5t8AdTZx +VsS+U2Aedang4lAPsE0xbIj3TFgjaTcLKfmKJUtvhIU39/WOJbz4+pofhvhXxVYZ +4vQfxvzeQrIzuFt52S7sWxA0gFgC/57hfKO8cQzt/u4UgJEPnupze5XVa47NwJFX +rof5U/erXgLdXQlMRMNm4QRvE7rp58E2MkSYNur0Xgy9L7cRcUQJ8iuMaxBpOzhS +fbNFi5zT7RCGcQSIDcb1JFlgs5tMUs6jzLoDSVD2+vvsN4i4LAAPkJSGTGed5vY1 +xn4G8KPR4HHrnBYEb0SGu4ZTznOnQ+JSKhQrbnvEzXM4RTfjqn0YvF8x70+pWSMi +Fb4mlBECgYEAzW82O79HAlMm8LD7J4byPfVc/1M5/JOnE9H+RR5Vt4jZQGyjCmJu +cj4UeZyVim0xg30sSYrJ2Urd27CtHp+sMgHkvJt3/ZgcfMZJbMKNGq/OUtV8s/cA +nkU++/LgeW8r7wpaDjT7bfnOdcf16mYoXrmk0rTJvRqGXCBvCxtt5bsCgYEAwIxu +vZjPV4Vu/VX6sH2d31D9EFZuZKjGhqukFVtRqLbeosqT9mA+LhQ/wP5qoR2gLQbe +EwxJLJwGFjUhyhbHNlo6oHv3fWkzmHIMPwDRRI3Ktwi/50SwNSnyERUQcLaiwqKx +BqaxPYNnspUt0nKE0LFZsSlrfEyxajqAlUEgm6kCgYAV+uQumFScpxDvh8AXhpS8 +lFgS6XC22YVy1XEDLC+3p2i3P+hh4A45IvNF378QRIabrvTiGXtnSF9cdhbPw/3E +i/dRRsEb3P6PSxfoDxjR1iWZL0Zcav0h8f6/LkleNMralJz2EC0moye36mEhZzTC +jdJYyQccuI3PpZi7839aqQKBgGezOnEiO4kHdB88jyc+gCglliWWZx4PR9x/1H8s +D26uDnneYJHwg4yNm0h1vTfInNujNzdLBp3f6edL9kbAvcmoDqsgGMqSPhd8VNwZ +tJsXQnYRYElN1RjM3nIUxiXuNvpcZLsQS6S1gMPNVEBjLOS4n3WquRjYtTRhDZ9U +1BsBAoGAUFrIatOLFhcgaqENHyUbMx5uSx0lIfF6Xd5KIAgi+btdmugHe+NK8Cd2 +Rc2bQLQ9K1SvKFX6nFuEsGxnXkKuyhL/j0Kgm8nZin4uAcrtFnNdFumvCL6YgYSc +IvvM+uVfGEdbqm4pTuiLBfzOXIIy3kVlLGo402QG1pBzOtmsRMs= +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslserver/certs/selfsigned-server.crt b/tests/auto/network/ssl/qsslserver/certs/selfsigned-server.crt new file mode 100644 index 0000000000..c97d27721c --- /dev/null +++ b/tests/auto/network/ssl/qsslserver/certs/selfsigned-server.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5TCCAc0CCAO22gNi0v20MA0GCSqGSIb3DQEBCwUAMDMxFDASBgNVBAMMC0F1 +c3dlaXNBcHAyMRswGQYDVQQFExIyNTIxMTE1NjY3NjM2MjExODgwIhgPMTk3MDAx +MDEwMDAwMDBaGA85OTk5MTIzMTIzNTk1OVowMzEUMBIGA1UEAwwLQXVzd2Vpc0Fw +cDIxGzAZBgNVBAUTEjI1MjExMTU2Njc2MzYyMTE4ODCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAL+Fl6v5dcU7qk7vbINclWOhvCe/uklKnXV2QU382x7g +qpbYxJiJvz24C6tgDMmE0pwEz6PiCbh1dkc8+9cdp37eBcFLCOXYQb27gqVVyVtu +xO0LLVXPCv48bGSwljOz0FRC3FolzWxzrZogM/i2b/lmehHJ3D4ejmINmIgtFJ9P +JNNCH4Oh5YEbaFFlNf2m7lCoSuQkOlLZcGeLoipK2XvhZJff6c1uxValh/Mx5dNB +5Mgd5cOZSSEhwf7mcE8C3SHVfjeNfZGIqlkwdY8lvAOjirAtj6Yl88sJOUID/Q/N +hU9D8IZy6+Bk2cJQwI/Gzr590VYvlSTI+6lXr//oBBECAwEAATANBgkqhkiG9w0B +AQsFAAOCAQEArSMO88AYT+9tPCl5lXtSRa0OycqKNlW58GujxIDuR8WX1eFmGSHQ +uijo5KPYUnqydZzAewGC8NvC9WcLwFltNZ9igXikUHiAHc1JLfW7+7SgKpwOUb02 +rJkUkpPA/SmwkLSKYiR1prt5wgSulU1HPBESep05DfR8MCU5+KHkLyXDqtrbudJ4 +lQd9dSKJFn+cSjUC5JNxCPHoIISe7hfGFMLkd0/tVfSIXLVOAZG4K6zExUdjyPi8 +qEuPq6QCRyIJbYQc5HfnARgwK6GXHqkyLWlqK946Yz8VOba7Nan5uQ6xCjUMHw8Z +z/673o/3DCaQ9N6dWahNQ09a9ZH8U1X4iA== +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslserver/certs/selfsigned-server.key b/tests/auto/network/ssl/qsslserver/certs/selfsigned-server.key new file mode 100644 index 0000000000..b7be118cb9 --- /dev/null +++ b/tests/auto/network/ssl/qsslserver/certs/selfsigned-server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAv4WXq/l1xTuqTu9sg1yVY6G8J7+6SUqddXZBTfzbHuCqltjE +mIm/PbgLq2AMyYTSnATPo+IJuHV2Rzz71x2nft4FwUsI5dhBvbuCpVXJW27E7Qst +Vc8K/jxsZLCWM7PQVELcWiXNbHOtmiAz+LZv+WZ6EcncPh6OYg2YiC0Un08k00If +g6HlgRtoUWU1/abuUKhK5CQ6UtlwZ4uiKkrZe+Fkl9/pzW7FVqWH8zHl00HkyB3l +w5lJISHB/uZwTwLdIdV+N419kYiqWTB1jyW8A6OKsC2PpiXzywk5QgP9D82FT0Pw +hnLr4GTZwlDAj8bOvn3RVi+VJMj7qVev/+gEEQIDAQABAoIBADdoXsjSEtBMwqiz +e6FFV7LLR7P4M9ygSY2B+MKnNH1qYe/iJn4626jvZfDeiNSEKKoaejffXRCQaveR +HQrO+XYqpV+WZayZM+vAI7vRZb+d/DrX0PXSQEvtDy7SJ6Itk0fNUBKEfTmy/bZp +Op/pp9tvWkFrNNyD2o1jgY1j/WNY8g605m0oURJ9WQsMUu/Kzu+NMoaKTIoQGb3d +dP71F4KaTXHYxj3B0c+y0NedKbrvnBsP6XbEpgJBaXjtD9z+z/aMF6dmuvpkx7uY +qzwPMRw05QPyJ9x+1V/v4TytY5f596NgW2niVj77BunkZasTYIEX7bjByrlTeLdx +xvPRpAECgYEA5KkM/ORbhN1oaw9+tQxA48oG2DFqChBr+vc4NU4j5SNFn9ks5nHI +xdJNZ9k+bjVUkBP4m88Wd07SW9zXCL8Q5lczb+p5SWl/Pp7ltqaxpH17uzamsaIv +KIBkeJTOU5TuWdXiV5FY+ofK9ojyEaqX1tmylWnoVe4bIMRWXE5bMSkCgYEA1mvJ +snkNzPFG0RK7ikjsNxrhzE07+7RSnoM9WeW8y2lvQ9MjdR6eOgqnnlcdk2A7OVbf +culNgLc0qx/PxZ4BV+8yLLb1EBBGvuVG+x4a6H2mLHdFCJekByZHaQNs9ogVLvdv +3z8D59KknBUjtj9dCw90Z41yMM4kpWMG9yfSEKkCgYEAvuCvytwF2d/JrrV8nD3i +XUTkecymLEiRGysMbNMR+9F56XotlSEe7KQloa8kAnPaZ3uEaOxyYJ4X1D+B8fct +cFsSwTYGkVXTtr6GG/cDC8EEbL+uX1J382Nae54croEAh1WYYGkg0eJRd4PSLxUt +M1j/TuLd4/2j/7JmNR/j2CECgYBdB3MBHghgzKXe+/OmMbFazyz8SN4nfLsDzwkF +QenBj0MY+DhADkK0B/9lcYKBeJT5cbmMz7AykkolnK22nbETh9ILGG4GxCkNlchQ +F2WxTSKV1EF9Ut11xKPi6fuSksQuFmjRQTPelsOYfIt7/M3PiKsGapYKmsXHg8l3 +3i0D0QKBgQCi+HNOaYqduxwjrj8h4eUbiwjID8DCNJ+jXsuGVa6jcsfFpdpivx2c +ytYSXuTXLRq0I3c1ChUOGQQeztJ5GtCPnXjLHHMf3f6yr7Pk56AUmUsaIlR1Q2Zo +gqpFD8zYD5UFc2KM7Y38YTh4j82uDzDvHBBFpli7dEmSn2WpcmzFag== +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslserver/tst_qsslserver.cpp b/tests/auto/network/ssl/qsslserver/tst_qsslserver.cpp new file mode 100644 index 0000000000..26d3a50a5b --- /dev/null +++ b/tests/auto/network/ssl/qsslserver/tst_qsslserver.cpp @@ -0,0 +1,531 @@ +// Copyright (C) 2022 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only + +#include <QTest> +#include <QDebug> +#include <QSignalSpy> +#include <QTimer> + +#include <QtNetwork/QSslServer> +#include <QtNetwork/QSslKey> +#include "private/qtlsbackend_p.h" + +class tst_QSslServer : public QObject +{ + Q_OBJECT + +private slots: + void initTestCase(); + void testOneSuccessfulConnection(); + void testSelfSignedCertificateRejectedByServer(); + void testSelfSignedCertificateRejectedByClient(); +#if QT_CONFIG(openssl) + void testHandshakeInterruptedOnError(); + void testPreSharedKeyAuthenticationRequired(); +#endif + void plaintextClient(); + void quietClient(); + void twoGoodAndManyBadClients(); + +private: + QString testDataDir; + bool isTestingOpenSsl = false; + QSslConfiguration selfSignedClientQSslConfiguration(); + QSslConfiguration selfSignedServerQSslConfiguration(); + QSslConfiguration createQSslConfiguration(QString keyFileName, QString certificateFileName); +}; + +class SslServerSpy : public QObject +{ + Q_OBJECT + +public: + SslServerSpy(QSslConfiguration &configuration); + + QSslServer server; + QSignalSpy sslErrorsSpy; + QSignalSpy peerVerifyErrorSpy; + QSignalSpy errorOccurredSpy; + QSignalSpy pendingConnectionAvailableSpy; + QSignalSpy preSharedKeyAuthenticationRequiredSpy; + QSignalSpy alertSentSpy; + QSignalSpy alertReceivedSpy; + QSignalSpy handshakeInterruptedOnErrorSpy; + QSignalSpy startedEncryptionHandshakeSpy; +}; + +SslServerSpy::SslServerSpy(QSslConfiguration &configuration) + : server(), + sslErrorsSpy(&server, &QSslServer::sslErrors), + peerVerifyErrorSpy(&server, &QSslServer::peerVerifyError), + errorOccurredSpy(&server, &QSslServer::errorOccurred), + pendingConnectionAvailableSpy(&server, &QSslServer::pendingConnectionAvailable), + preSharedKeyAuthenticationRequiredSpy(&server, + &QSslServer::preSharedKeyAuthenticationRequired), + alertSentSpy(&server, &QSslServer::alertSent), + alertReceivedSpy(&server, &QSslServer::alertReceived), + handshakeInterruptedOnErrorSpy(&server, &QSslServer::handshakeInterruptedOnError), + startedEncryptionHandshakeSpy(&server, &QSslServer::startedEncryptionHandshake) +{ + server.setSslConfiguration(configuration); +} + +void tst_QSslServer::initTestCase() +{ + testDataDir = QFileInfo(QFINDTESTDATA("certs")).absolutePath(); + if (testDataDir.isEmpty()) + testDataDir = QCoreApplication::applicationDirPath(); + if (!testDataDir.endsWith(QLatin1String("/"))) + testDataDir += QLatin1String("/"); + + const QString openSslBackend = QTlsBackend::builtinBackendNames[QTlsBackend::nameIndexOpenSSL]; + const auto &tlsBackends = QSslSocket::availableBackends(); + if (tlsBackends.contains(openSslBackend)) { + isTestingOpenSsl = true; + } +} + +QSslConfiguration tst_QSslServer::selfSignedClientQSslConfiguration() +{ + return createQSslConfiguration(testDataDir + "certs/selfsigned-client.key", + testDataDir + "certs/selfsigned-client.crt"); +} + +QSslConfiguration tst_QSslServer::selfSignedServerQSslConfiguration() +{ + return createQSslConfiguration(testDataDir + "certs/selfsigned-server.key", + testDataDir + "certs/selfsigned-server.crt"); +} + +QSslConfiguration tst_QSslServer::createQSslConfiguration(QString keyFileName, + QString certificateFileName) +{ + QSslConfiguration configuration(QSslConfiguration::defaultConfiguration()); + + QFile keyFile(keyFileName); + if (keyFile.open(QIODevice::ReadOnly)) { + QSslKey key(keyFile.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey); + if (!key.isNull()) { + configuration.setPrivateKey(key); + } else { + qCritical() << "Could not parse key: " << keyFileName; + } + } else { + qCritical() << "Could not find key: " << keyFileName; + } + + QList<QSslCertificate> localCert = QSslCertificate::fromPath(certificateFileName); + if (!localCert.isEmpty() && !localCert.first().isNull()) { + configuration.setLocalCertificate(localCert.first()); + } else { + qCritical() << "Could not find certificate: " << certificateFileName; + } + return configuration; +} + +void tst_QSslServer::testOneSuccessfulConnection() +{ + // Setup server + QSslConfiguration serverConfiguration = selfSignedServerQSslConfiguration(); + SslServerSpy server(serverConfiguration); + QVERIFY(server.server.listen()); + + // Check that all signal spys are valid + QVERIFY(server.sslErrorsSpy.isValid()); + QVERIFY(server.peerVerifyErrorSpy.isValid()); + QVERIFY(server.errorOccurredSpy.isValid()); + QVERIFY(server.pendingConnectionAvailableSpy.isValid()); + QVERIFY(server.preSharedKeyAuthenticationRequiredSpy.isValid()); + QVERIFY(server.alertSentSpy.isValid()); + QVERIFY(server.alertReceivedSpy.isValid()); + QVERIFY(server.handshakeInterruptedOnErrorSpy.isValid()); + QVERIFY(server.startedEncryptionHandshakeSpy.isValid()); + + // Check that no connections has occurred + QCOMPARE(server.sslErrorsSpy.size(), 0); + QCOMPARE(server.peerVerifyErrorSpy.size(), 0); + QCOMPARE(server.errorOccurredSpy.size(), 0); + QCOMPARE(server.pendingConnectionAvailableSpy.size(), 0); + QCOMPARE(server.preSharedKeyAuthenticationRequiredSpy.size(), 0); + QCOMPARE(server.alertSentSpy.size(), 0); + QCOMPARE(server.alertReceivedSpy.size(), 0); + QCOMPARE(server.handshakeInterruptedOnErrorSpy.size(), 0); + QCOMPARE(server.startedEncryptionHandshakeSpy.size(), 0); + + // Connect client + QSslSocket client; + QSslConfiguration clientConfiguration = QSslConfiguration::defaultConfiguration(); + client.setSslConfiguration(clientConfiguration); + client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), + server.server.serverPort()); + + // Type of certificate error to expect + const auto certificateError = + isTestingOpenSsl ? QSslError::SelfSignedCertificate : QSslError::CertificateUntrusted; + // Expected errors + connect(&client, &QSslSocket::sslErrors, + [&certificateError, &client](const QList<QSslError> &errors) { + QCOMPARE(errors.size(), 2); + for (auto error : errors) { + QVERIFY(error.error() == certificateError + || error.error() == QSslError::HostNameMismatch); + } + client.ignoreSslErrors(); + }); + + QEventLoop loop; + int waitFor = 2; + connect(&client, &QSslSocket::encrypted, [&loop, &waitFor]() { + if (!--waitFor) + loop.quit(); + }); + connect(&server.server, &QTcpServer::pendingConnectionAvailable, [&loop, &waitFor]() { + if (!--waitFor) + loop.quit(); + }); + QTimer::singleShot(5000, &loop, SLOT(quit())); + loop.exec(); + + // Check that one encrypted connection has occurred without error + QCOMPARE(server.sslErrorsSpy.size(), 0); + QCOMPARE(server.peerVerifyErrorSpy.size(), 0); + QCOMPARE(server.errorOccurredSpy.size(), 0); + QCOMPARE(server.pendingConnectionAvailableSpy.size(), 1); + QCOMPARE(server.preSharedKeyAuthenticationRequiredSpy.size(), 0); + QCOMPARE(server.alertSentSpy.size(), 0); + QCOMPARE(server.alertReceivedSpy.size(), 0); + QCOMPARE(server.handshakeInterruptedOnErrorSpy.size(), 0); + QCOMPARE(server.startedEncryptionHandshakeSpy.size(), 1); + + // Check client socket + QVERIFY(client.isEncrypted()); + QCOMPARE(client.state(), QAbstractSocket::ConnectedState); +} + +void tst_QSslServer::testSelfSignedCertificateRejectedByServer() +{ + // Set up server that verifies client + QSslConfiguration serverConfiguration = selfSignedServerQSslConfiguration(); + serverConfiguration.setPeerVerifyMode(QSslSocket::VerifyPeer); + SslServerSpy server(serverConfiguration); + QVERIFY(server.server.listen()); + + // Connect client + QSslSocket client; + QSslConfiguration clientConfiguration = selfSignedClientQSslConfiguration(); + clientConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone); + client.setSslConfiguration(clientConfiguration); + client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), + server.server.serverPort()); + + QEventLoop loop; + QObject::connect(&client, SIGNAL(disconnected()), &loop, SLOT(quit())); + QTimer::singleShot(5000, &loop, SLOT(quit())); + loop.exec(); + + // Check that one encrypted connection has failed + QCOMPARE(server.sslErrorsSpy.size(), 1); + QCOMPARE(server.peerVerifyErrorSpy.size(), 1); + QCOMPARE(server.errorOccurredSpy.size(), 1); + QCOMPARE(server.pendingConnectionAvailableSpy.size(), 0); + QCOMPARE(server.preSharedKeyAuthenticationRequiredSpy.size(), 0); + QCOMPARE(server.alertSentSpy.size(), + isTestingOpenSsl ? 1 : 0); // OpenSSL only signal + QCOMPARE(server.alertReceivedSpy.size(), 0); + QCOMPARE(server.handshakeInterruptedOnErrorSpy.size(), 0); + QCOMPARE(server.startedEncryptionHandshakeSpy.size(), 1); + + // Type of certificate error to expect + const auto certificateError = + isTestingOpenSsl ? QSslError::SelfSignedCertificate : QSslError::CertificateUntrusted; + + // Check the sslErrorsSpy + const auto sslErrorsSpyErrors = + qvariant_cast<QList<QSslError>>(std::as_const(server.sslErrorsSpy).first()[1]); + QCOMPARE(sslErrorsSpyErrors.size(), 1); + QCOMPARE(sslErrorsSpyErrors.first().error(), certificateError); + + // Check the peerVerifyErrorSpy + const auto peerVerifyErrorSpyError = + qvariant_cast<QSslError>(std::as_const(server.peerVerifyErrorSpy).first()[1]); + QCOMPARE(peerVerifyErrorSpyError.error(), certificateError); + + // Check client socket + QVERIFY(!client.isEncrypted()); + QCOMPARE(client.state(), QAbstractSocket::UnconnectedState); +} + +void tst_QSslServer::testSelfSignedCertificateRejectedByClient() +{ + // Set up server without verification of client + QSslConfiguration serverConfiguration = selfSignedServerQSslConfiguration(); + SslServerSpy server(serverConfiguration); + QVERIFY(server.server.listen()); + + // Connect client that authenticates server + QSslSocket client; + QSslConfiguration clientConfiguration = selfSignedClientQSslConfiguration(); + if (isTestingOpenSsl) { + clientConfiguration.setHandshakeMustInterruptOnError(true); + QVERIFY(clientConfiguration.handshakeMustInterruptOnError()); + } + client.setSslConfiguration(clientConfiguration); + QSignalSpy clientConnectedSpy(&client, SIGNAL(connected())); + QSignalSpy clientHostFoundSpy(&client, SIGNAL(hostFound())); + QSignalSpy clientDisconnectedSpy(&client, SIGNAL(disconnected())); + QSignalSpy clientConnectionEncryptedSpy(&client, SIGNAL(encrypted())); + QSignalSpy clientSslErrorsSpy(&client, SIGNAL(sslErrors(QList<QSslError>))); + QSignalSpy clientErrorOccurredSpy(&client, SIGNAL(errorOccurred(QAbstractSocket::SocketError))); + client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), + server.server.serverPort()); + QEventLoop loop; + QTimer::singleShot(1000, &loop, SLOT(quit())); + loop.exec(); + + // Type of socket error to expect + const auto socketError = isTestingOpenSsl + ? QAbstractSocket::SocketError::SslHandshakeFailedError + : QAbstractSocket::SocketError::RemoteHostClosedError; + + QTcpSocket *connection = server.server.nextPendingConnection(); + if (connection == nullptr) { + // Client disconnected before connection accepted by server + QCOMPARE(server.sslErrorsSpy.size(), 0); + QCOMPARE(server.peerVerifyErrorSpy.size(), 0); + QCOMPARE(server.errorOccurredSpy.size(), 1); // Client rejected first + QCOMPARE(server.pendingConnectionAvailableSpy.size(), 0); + QCOMPARE(server.preSharedKeyAuthenticationRequiredSpy.size(), 0); + QCOMPARE(server.alertSentSpy.size(), 0); + QCOMPARE(server.alertReceivedSpy.size(), + isTestingOpenSsl ? 1 : 0); // OpenSSL only signal + QCOMPARE(server.handshakeInterruptedOnErrorSpy.size(), 0); + QCOMPARE(server.startedEncryptionHandshakeSpy.size(), 1); + + const auto errrOccuredSpyError = qvariant_cast<QAbstractSocket::SocketError>( + std::as_const(server.errorOccurredSpy).first()[1]); + QCOMPARE(errrOccuredSpyError, socketError); + } else { + // Client disconnected after connection accepted by server + QCOMPARE(server.sslErrorsSpy.size(), 0); + QCOMPARE(server.peerVerifyErrorSpy.size(), 0); + QCOMPARE(server.errorOccurredSpy.size(), 0); // Server accepted first + QCOMPARE(server.pendingConnectionAvailableSpy.size(), 1); + QCOMPARE(server.preSharedKeyAuthenticationRequiredSpy.size(), 0); + QCOMPARE(server.alertSentSpy.size(), 0); + QCOMPARE(server.alertReceivedSpy.size(), + isTestingOpenSsl ? 1 : 0); // OpenSSL only signal + QCOMPARE(server.handshakeInterruptedOnErrorSpy.size(), 0); + QCOMPARE(server.startedEncryptionHandshakeSpy.size(), 1); + + QCOMPARE(connection->state(), QAbstractSocket::UnconnectedState); + QCOMPARE(connection->error(), socketError); + auto sslConnection = qobject_cast<QSslSocket *>(connection); + QVERIFY(sslConnection); + QVERIFY(!sslConnection->isEncrypted()); + } + + // Check that client has rejected server + QCOMPARE(clientConnectedSpy.size(), 1); + QCOMPARE(clientHostFoundSpy.size(), 1); + QCOMPARE(clientDisconnectedSpy.size(), 1); + QCOMPARE(clientConnectionEncryptedSpy.size(), 0); + QCOMPARE(clientSslErrorsSpy.size(), isTestingOpenSsl ? 0 : 1); + QCOMPARE(clientErrorOccurredSpy.size(), 1); + + // Check client socket + QVERIFY(!client.isEncrypted()); + QCOMPARE(client.state(), QAbstractSocket::UnconnectedState); +} + +#if QT_CONFIG(openssl) + +void tst_QSslServer::testHandshakeInterruptedOnError() +{ + if (!isTestingOpenSsl) + QSKIP("This test requires OpenSSL as the active TLS backend"); + + auto serverConfiguration = selfSignedServerQSslConfiguration(); + serverConfiguration.setHandshakeMustInterruptOnError(true); + QVERIFY(serverConfiguration.handshakeMustInterruptOnError()); + serverConfiguration.setPeerVerifyMode(QSslSocket::VerifyPeer); + SslServerSpy server(serverConfiguration); + server.server.listen(); + + QSslSocket client; + auto clientConfiguration = selfSignedClientQSslConfiguration(); + clientConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone); + client.setSslConfiguration(clientConfiguration); + client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), + server.server.serverPort()); + + QEventLoop loop; + QObject::connect(&client, SIGNAL(disconnected()), &loop, SLOT(quit())); + QTimer::singleShot(5000, &loop, SLOT(quit())); + loop.exec(); + + // Check that client certificate causes handshake interrupted signal to be emitted + QCOMPARE(server.sslErrorsSpy.size(), 0); + QCOMPARE(server.peerVerifyErrorSpy.size(), 0); + QCOMPARE(server.errorOccurredSpy.size(), 1); + QCOMPARE(server.pendingConnectionAvailableSpy.size(), 0); + QCOMPARE(server.preSharedKeyAuthenticationRequiredSpy.size(), 0); + QCOMPARE(server.alertSentSpy.size(), 1); + QCOMPARE(server.alertReceivedSpy.size(), 0); + QCOMPARE(server.handshakeInterruptedOnErrorSpy.size(), 1); + QCOMPARE(server.startedEncryptionHandshakeSpy.size(), 1); +} + +void tst_QSslServer::testPreSharedKeyAuthenticationRequired() +{ + if (!isTestingOpenSsl) + QSKIP("This test requires OpenSSL as the active TLS backend"); + + auto serverConfiguration = QSslConfiguration::defaultConfiguration(); + serverConfiguration.setPeerVerifyMode(QSslSocket::VerifyPeer); + serverConfiguration.setProtocol(QSsl::TlsV1_2); + serverConfiguration.setCiphers({ QSslCipher("PSK-AES256-CBC-SHA") }); + serverConfiguration.setPreSharedKeyIdentityHint("Server Y"); + SslServerSpy server(serverConfiguration); + connect(&server.server, &QSslServer::preSharedKeyAuthenticationRequired, + [](QSslSocket *, QSslPreSharedKeyAuthenticator *authenticator) { + QCOMPARE(authenticator->identity(), QByteArray("Client X")); + authenticator->setPreSharedKey("123456"); + }); + server.server.listen(); + + QSslSocket client; + auto clientConfiguration = QSslConfiguration::defaultConfiguration(); + clientConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone); + clientConfiguration.setProtocol(QSsl::TlsV1_2); + clientConfiguration.setCiphers({ QSslCipher("PSK-AES256-CBC-SHA") }); + client.setSslConfiguration(clientConfiguration); + connect(&client, &QSslSocket::preSharedKeyAuthenticationRequired, + [](QSslPreSharedKeyAuthenticator *authenticator) { + QCOMPARE(authenticator->identityHint(), QByteArray("Server Y")); + authenticator->setPreSharedKey("123456"); + authenticator->setIdentity("Client X"); + }); + client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), + server.server.serverPort()); + + connect(&server.server, &QSslServer::sslErrors, + [](QSslSocket *socket, const QList<QSslError> &errors) { + for (auto error : errors) { + QCOMPARE(error.error(), QSslError::NoPeerCertificate); + } + socket->ignoreSslErrors(); + }); + + QEventLoop loop; + QObject::connect(&client, SIGNAL(encrypted()), &loop, SLOT(quit())); + QTimer::singleShot(5000, &loop, SLOT(quit())); + loop.exec(); + + // Check that server is connected + QCOMPARE(server.sslErrorsSpy.size(), 1); + QCOMPARE(server.peerVerifyErrorSpy.size(), 1); + QCOMPARE(server.errorOccurredSpy.size(), 0); + QCOMPARE(server.pendingConnectionAvailableSpy.size(), 1); + QCOMPARE(server.preSharedKeyAuthenticationRequiredSpy.size(), 1); + QCOMPARE(server.alertSentSpy.size(), 0); + QCOMPARE(server.alertReceivedSpy.size(), 0); + QCOMPARE(server.handshakeInterruptedOnErrorSpy.size(), 0); + QCOMPARE(server.startedEncryptionHandshakeSpy.size(), 1); + + // Check client socket + QVERIFY(client.isEncrypted()); + QCOMPARE(client.state(), QAbstractSocket::ConnectedState); +} + +#endif + +void tst_QSslServer::plaintextClient() +{ + QSslConfiguration serverConfiguration = selfSignedServerQSslConfiguration(); + SslServerSpy server(serverConfiguration); + QVERIFY(server.server.listen()); + + QTcpSocket socket; + QSignalSpy socketDisconnectedSpy(&socket, &QTcpSocket::disconnected); + socket.connectToHost(QHostAddress::LocalHost, server.server.serverPort()); + QVERIFY(socket.waitForConnected()); + QTest::qWait(100); + // No disconnect from short break...: + QCOMPARE(socket.state(), QAbstractSocket::SocketState::ConnectedState); + + // ... but we write some plaintext data...: + socket.write("Hello World!"); + socket.waitForBytesWritten(); + // ... and quickly get disconnected: + QTRY_COMPARE_GT(socketDisconnectedSpy.size(), 0); + QCOMPARE(socket.state(), QAbstractSocket::SocketState::UnconnectedState); +} + +void tst_QSslServer::quietClient() +{ + QSslConfiguration serverConfiguration = selfSignedServerQSslConfiguration(); + SslServerSpy server(serverConfiguration); + server.server.setHandshakeTimeout(1'000); + QVERIFY(server.server.listen()); + + quint16 serverPeerPort = 0; + auto grabServerPeerPort = [&serverPeerPort](QSslSocket *socket) { + serverPeerPort = socket->peerPort(); + }; + QObject::connect(&server.server, &QSslServer::errorOccurred, &server.server, + grabServerPeerPort); + + QTcpSocket socket; + QSignalSpy socketDisconnectedSpy(&socket, &QTcpSocket::disconnected); + socket.connectToHost(QHostAddress::LocalHost, server.server.serverPort()); + quint16 clientLocalPort = socket.localPort(); + QVERIFY(socket.waitForConnected()); + // Disconnects after overlong break: + QVERIFY(socketDisconnectedSpy.wait(5'000)); + QCOMPARE(socket.state(), QAbstractSocket::SocketState::UnconnectedState); + + QCOMPARE_GT(server.errorOccurredSpy.size(), 0); + QCOMPARE(serverPeerPort, clientLocalPort); +} + +void tst_QSslServer::twoGoodAndManyBadClients() +{ + QSslConfiguration serverConfiguration = selfSignedServerQSslConfiguration(); + SslServerSpy server(serverConfiguration); + server.server.setHandshakeTimeout(750); + constexpr qsizetype ExpectedConnections = 5; + server.server.setMaxPendingConnections(ExpectedConnections); + QVERIFY(server.server.listen()); + + auto connectGoodClient = [&server](QSslSocket *socket) { + QObject::connect(socket, &QSslSocket::sslErrors, socket, + qOverload<const QList<QSslError> &>(&QSslSocket::ignoreSslErrors)); + socket->connectToHostEncrypted("127.0.0.1", server.server.serverPort()); + }; + // Connect one socket encrypted so we have a socket in the regular queue + QSslSocket tlsSocket; + connectGoodClient(&tlsSocket); + + // Then we connect a bunch of TCP sockets who will not send any data at all + std::array<QTcpSocket, size_t(ExpectedConnections) * 2> sockets; + for (QTcpSocket &socket : sockets) + socket.connectToHost(QHostAddress::LocalHost, server.server.serverPort()); + QTest::qWait(500); // some leeway to let connections try to connect... + + // I happen to know the sockets are all children of the server, so let's see + // how many are created: + qsizetype connectedCount = server.server.findChildren<QSslSocket *>().size(); + QCOMPARE(connectedCount, ExpectedConnections); + // 1 socket is ready and pending + QCOMPARE(server.pendingConnectionAvailableSpy.size(), 1); + + // Connect another client to make sure that the server is accepting connections again even after + // all the bad actors tried to connect: + QSslSocket goodClient; + connectGoodClient(&goodClient); + QTRY_COMPARE(server.pendingConnectionAvailableSpy.size(), 2); +} + +QTEST_MAIN(tst_QSslServer) + +#include "tst_qsslserver.moc" diff --git a/tests/auto/network/ssl/qsslsocket/BLACKLIST b/tests/auto/network/ssl/qsslsocket/BLACKLIST index 749c59d968..b990516676 100644 --- a/tests/auto/network/ssl/qsslsocket/BLACKLIST +++ b/tests/auto/network/ssl/qsslsocket/BLACKLIST @@ -1,11 +1,6 @@ [deprecatedProtocols] windows -[spontaneousWrite] -windows-7sp1 [connectToHostEncrypted] macos -[setSslConfiguration] -windows-10 msvc-2015 -windows-7sp1 [connectToHostEncryptedWithVerificationPeerName] macos diff --git a/tests/auto/network/ssl/qsslsocket/CMakeLists.txt b/tests/auto/network/ssl/qsslsocket/CMakeLists.txt index 3d973fcde0..456deacb60 100644 --- a/tests/auto/network/ssl/qsslsocket/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslsocket/CMakeLists.txt @@ -1,4 +1,11 @@ -# Generated from qsslsocket.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause + +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslsocket LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() if(NOT QT_FEATURE_private_tests) return() @@ -14,26 +21,16 @@ list(APPEND test_data "certs") qt_internal_add_test(tst_qsslsocket SOURCES tst_qsslsocket.cpp - DEFINES - SRCDIR=\\\"${CMAKE_CURRENT_SOURCE_DIR}/\\\" - PUBLIC_LIBRARIES + LIBRARIES Qt::CorePrivate Qt::NetworkPrivate + Qt::TestPrivate TESTDATA ${test_data} - QT_TEST_SERVER_LIST "squid" "danted" "cyrus" "apache2" "echo" # special case + QT_TEST_SERVER_LIST "squid" "danted" "cyrus" "apache2" "echo" + BUNDLE_ANDROID_OPENSSL_LIBS ) -#### Keys ignored in scope 1:.:.:qsslsocket.pro:<TRUE>: -# _REQUIREMENTS = "qtConfig(private_tests)" - -## Scopes: -##################################################################### - -#### Keys ignored in scope 3:.:.:qsslsocket.pro:(CMAKE_BUILD_TYPE STREQUAL Debug): -# DESTDIR = "debug" - -#### Keys ignored in scope 4:.:.:qsslsocket.pro:else: -# DESTDIR = "release" - -#### Keys ignored in scope 5:.:.:qsslsocket.pro:LINUX: -# QT_TEST_SERVER_LIST = "squid" "danted" "cyrus" "apache2" "echo" +qt_internal_extend_target(tst_qsslsocket CONDITION QT_FEATURE_private_tests AND QT_FEATURE_openssl_linked + LIBRARIES + WrapOpenSSL::WrapOpenSSL +) diff --git a/tests/auto/network/ssl/qsslsocket/certs/ca-generate.sh b/tests/auto/network/ssl/qsslsocket/certs/ca-generate.sh new file mode 100644 index 0000000000..10aea0905e --- /dev/null +++ b/tests/auto/network/ssl/qsslsocket/certs/ca-generate.sh @@ -0,0 +1,21 @@ +#!/bin/sh +# Copyright (C) 2016 The Qt Company Ltd. +# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 + +# generate ca.crt +openssl genrsa -out ca.key 8192 +openssl req -x509 -new -sha512 -nodes -key ca.key -days 10000 -out ca.crt -config ca.conf + +# generate inter.crt +openssl genrsa -out inter.key 8192 +openssl req -new -sha512 -nodes -key inter.key -out inter.csr -config inter.conf +openssl x509 -req -sha512 -days 45 -in inter.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out inter.crt +rm inter.csr +rm ca.srl + +# generate leaf.crt +openssl genrsa -out leaf.key 8192 +openssl req -new -sha512 -nodes -key leaf.key -out leaf.csr -config leaf.conf +openssl x509 -req -sha512 -days 45 -in leaf.csr -CA inter.crt -CAkey inter.key -CAcreateserial -out leaf.crt +rm leaf.csr +rm inter.srl diff --git a/tests/auto/network/ssl/qsslsocket/certs/ca.conf b/tests/auto/network/ssl/qsslsocket/certs/ca.conf new file mode 100644 index 0000000000..1f94247a2f --- /dev/null +++ b/tests/auto/network/ssl/qsslsocket/certs/ca.conf @@ -0,0 +1,10 @@ +basicConstraints = CA:TRUE +keyUsage = cRLSign, keyCertSign +[req] +distinguished_name = network-tests.qt-project.org +prompt = no +[network-tests.qt-project.org] +C = NO +ST = Oslo +L = Oslo +CN = Fake Qt Project Certificate Authority diff --git a/tests/auto/network/ssl/qsslsocket/certs/ca.crt b/tests/auto/network/ssl/qsslsocket/certs/ca.crt index 5cbe8ef726..8e6c6e255c 100644 --- a/tests/auto/network/ssl/qsslsocket/certs/ca.crt +++ b/tests/auto/network/ssl/qsslsocket/certs/ca.crt @@ -1,22 +1,52 @@ -----BEGIN CERTIFICATE----- -MIIDpTCCAl2gAwIBAgIQAKraD9BoqaSa75qOqcP7ZTANBgkqhkiG9w0BAQUFADA8 -MQswCQYDVQQGEwJHQjEZMBcGA1UEChMQV2VzdHBvaW50IENBIEtleTESMBAGA1UE -ChMJV2VzdHBvaW50MB4XDTEzMDIxNjE2NTMwOFoXDTIzMDIxNjE2NTMwOFowPDEL -MAkGA1UEBhMCR0IxGTAXBgNVBAoTEFdlc3Rwb2ludCBDQSBLZXkxEjAQBgNVBAoT -CVdlc3Rwb2ludDCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExAJv0H92j -WjDB9h1DmSQzt772IPSirpE82sN9ls5J19TJcPnw49LdUUqkELJkpS1ty2hYPdUw -7q3n00D+nzS+rt1QIDSKwDVoqeIyFZw4h0ULbASErfy51xBjVIr6NNoiqazp59wQ -RDvqps7of+b/NcbOh73MsiYi8T5OoI4Quv9rMBefQTAI3d2NRQ4GUzS6Hzh2INOc -4twApTDYY+yrU8IalXttIOVdKJZTHeTCdIXD3HMfHCkzyELz8rCI1/wDEp8zyoqF -/tpBStZ5LUSrlRRM7PegqcnM+aojXyrEiXBvPuqO7tabU3nsfix9+8+7GDweDXsP -OUHv+ahGNTUya7hBDaQmVk3/5hbig9kQlNiOcvcdnYYyJqiXhvjPPzOBbRaFNvBT -uG/ehHNHYsdhEBkCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8E -BQMDBwYAMB0GA1UdDgQWBBSUJzi1uYQUxqb3Nr33LOLCaUUTyTANBgkqhkiG9w0B -AQUFAAOCATEAPeGh2GiIhT3cii3DU8ihd5TmnEstuHKz2FwHDChmen0zxE8lf08/ -onL1yIeaxbDA8KwZnv71/zZHJv02sPtIMUfuXQc0wOIFjDf0ngc6xIBuU7FUpLxF -2dK7g9OsiNeC7L/ZemRXgpJURdNF2Ujge9/H9yfpHFBXZztmaWir+TXc5g3PKIu6 -97t75Og+stPhTcSlph8ZHYep08b2uthCfcnuIRGeDW9LkfR8VugnuUf7GoIlqSTs -SR6bNuyTnnCHQMJzbsQ472+ag3aZS5HzoR8wyGiPmpc43lQM5ZEDrWGu8bub2gKa -/+KeqHd0wnl7Y5cxnmAptQjxvzBXX/pl4sWczesiGcYm5z5mabp4CY09Y8JtrJZT -IJodXy9ykRmEurgtRoRVc1aSp+xfV725bQ== +MIIJPzCCBScCFEE7H06QrHfL4z31/1+EDVDhQUAeMA0GCSqGSIb3DQEBDQUAMFsx +CzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARPc2xvMQ0wCwYDVQQHDARPc2xvMS4wLAYD +VQQDDCVGYWtlIFF0IFByb2plY3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCAXDTIy +MDkwMjE1MDIyMFoYDzIwNTAwMTE4MTUwMjIwWjBbMQswCQYDVQQGEwJOTzENMAsG +A1UECAwET3NsbzENMAsGA1UEBwwET3NsbzEuMCwGA1UEAwwlRmFrZSBRdCBQcm9q +ZWN0IENlcnRpZmljYXRlIEF1dGhvcml0eTCCBCIwDQYJKoZIhvcNAQEBBQADggQP +ADCCBAoCggQBAOMlzl5JB31G5CmRRKltbua0LtM0U7mh/yeK7jNaRAY5VKmmh4mg +N/Ib7Rn4jCY5ccGaOdxtHdPE6WN4v4GZJ23dr+AofJnZHj+wiYjE+KKpoiuPDqhP +F231zg16WGlc2HWbpX93InnxnO7KRwHumn0Xxn50BfKgyvmdDQBtAkYU868GWwqR +cy+K4c+tB46XGS1URv/PDYy15IbcOwpDUSpXQBrHZHyje2iwZR6AKESGZRkSttyY +oSJAmfIhDST41g+9uV9zA9u1XAVYb3kAstSU1nWEYZ7oBQEhh6LIR34YjCE/ThQy +djWlc9afnFxA8r+q/mjAOTsH/Pml6Z/DQKW9Bfjw9ne0Oeiz+Z1J8Goj/YzGsKeI +u2XPU8bbjxv32IkhZmH/g22a9Jl41nAYGmAzP7yfOCSRTDTn5JybInxaEdrPrgS2 +A66+NiFWIu/QKnBrKwVlINOdi0z533Aejmc3ybtyJeHPeG0deNbfJbEavfq4yb4P +DlWpWA4yMbZCqazP/Yku9DkJoT8kAKOaGK2Swjt3NvnT4LaKIPXLCwz/HUjWcppx +54acMDOUz2ch/yIXx/m/jnl1hMHnv2KPoxgQYeRs0iX4lwd79zaRydMmLYceY64H +Ek4b+vSsuEnOTThx9jv358aFI7f9fL0Qbqknf9EUo5X4OTCFIkdtLEYsU5+uzmqC +LgB6musrIaMgNLef7VbKPgtqZDEvWbm0tqdh5dk/wpyFimc8x9V9MSBNAqGE/dm4 +KCtRGBiyQ1KRB+RRqAKMHaR8dFBuHtDvSq20logNTab6eTE79zNMyo0W61GrriQt +94a0ahTSKaySXRgTKhElAp3n5v5YDTO1DEYtMy0hI/wx1d2bkJsO8gSr+aBzVZUc +QsWFK3qgmDfC9ZF5CsvLEPy7I5pf2TcaQjTrr4XcTPSHEyN2WI7bj9sU6+tkLi/Y +OI3z0NsXOZM2OJPZ523TJbnhCRX9wEvh+sts5cbMgAbZVYWHImjmkdnssAChhrCh +DPaq20KVma00ZvbbfICG/1QiSY9FVX/AVID8yDc49ZfLiLWTLoEFoYH0lqGj0817 +4LwWswNlH86EeY1KPxmNPCF0bzj39hnYN1kd5qTxg5hwPTZehw5JR6w1eQ0VamV1 +Al1u8XqBkrk48iWeOBQr0u6HiNNElCjH+j/hC8Ms4Ykmh8iaJhlpwKt6pGoROX6l ++T98AvrzFUmh+NJu+bGWATBrGmaSjW8AUYwVSbHDL2jk41uVGQdgFTCHwhh6/OV8 +VuladbVA5aA33Jky6SKUNeUh+WcVuwMa1Y/ZKX8Klo7p8ZmxCeAOmcd8fbTfQVu5 +fqu1Oz4Ai6cMQmPpOi9tMzr86ig9NlZPxA8CAwEAATANBgkqhkiG9w0BAQ0FAAOC +BAEAsYfgbpxN2SzVk8FWs+fHnMkMVX4KUPSKHCea6YoaPJN3glH0Y8I7uYpbwmWf +AqaXmZhY4YFGG77uao533hS7gapnkuoH+e4LZ0G1QrlCDhl69iNgL/HG/yq1eCDu +M3Oc8ujpkFoGkDQUVqVSqFvSOGm/KKVazQDF9VhUrlmfHapMYlrSZssbibzfjoKp +DKMQHYN5OiX6WZ7PVCvGn53ufO1dtENbBRHCD/ck7dMM/bzANXDd+Yw2rHAuXnRX +Lyp7XoqD/coB+Nn23mKtn+HLOYp1MkaONO/JruFV+HYd9kP+yoICTOWDU6Nx/Knz +0pnGktQwySha6cDKB8V/rLLrnyZGRLbmajtlGQNnYeeJdQFjFP8dnCjHS78KxURe +zqKAcO79hzZNqcsGxHVfS49+j8NOvUzKfj6Rda4x1Yb7Cnm0VAs1lo+rtQbRdB2z +KVNVed7ns4eO2jM/UYRse66RHsIY4+45fQH4OwshJNU2Rn8nDUikrCo7G2MDeTq3 +4M0y0W8tr4NbnTGNVQLnY+HX5AWoB12E++rfv7CACKDxvJ519Ai/uxZSLWcmPM05 +g/JDKi6Rn1EbAZlru+9GV19QAq60elaLMDUVGZ4EYhjunF2syewqCkeyXWC3zMDL +pNdq8t0IM5Q9x1Vfj9XAecO5QftS54K5RAxiMTPBwYSWA3yduEPfSQSRYovVarLd +gsOWWSNwJ16wxEibCgueo6njB+9yfbFTtYLTpQKDVAgV7IBiATW6LcR2WgF4g9zq +vduJYu5uQFSC0g9/2uZ7wqihEVdNEecOHz/uidpK8K4vlJ5oPKUo/YS4ok5rOPFd +BocpE8stbr6seRmkQcjrjqjLkzdi/lag2giuWglgjyL18MG6lBKFD9I/0iade3J+ +H7GaWZkLhsng2vG9ix+fQkq68yZwq8sx91nE1RJPeLaNkgX9oUtSg6e7I5ks6lS5 +UxBPouki7wH/kHY/xG+YVhm499s9KRdv7ZUGB/OhwdiBJW1DduPBIklMA8YHnWGG +2om0dCno+K/g88JzEI29Ob3AwIbtMI5vbWI8hWAfHEH0zEyfl9rB6/TcsHY8hjqj +cSCFT2rdno/S8gbBTuTLK8RhgmXKpZxVmLMz1rSRpMby5HAJ4Sh11bYzu4x1SuUo +HHiypXjIjBvwnX5/so2q4mw2TNZR0QQ9dQ8bcG74h6cJxSv2pXQTwQRP5PkMpmOF +JIgv+Pa0UOG+ejcKc94PhLAZmpxwdjlyfdCHT+RW6znqsCDHVvace/gHUY0bkUaD +rQSwaeiNTc5l7MP8Xb1k6DwsEnuaAGTua/fX41Qk/XE3acUz0kmr2As/IlABqyJ6 +i+VYGJPNrI6E/LMy1lq/iCVQJQ== -----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslsocket/certs/ca.key b/tests/auto/network/ssl/qsslsocket/certs/ca.key new file mode 100644 index 0000000000..eb2c48dbac --- /dev/null +++ b/tests/auto/network/ssl/qsslsocket/certs/ca.key @@ -0,0 +1,99 @@ +-----BEGIN RSA PRIVATE KEY----- +MIISKgIBAAKCBAEA4yXOXkkHfUbkKZFEqW1u5rQu0zRTuaH/J4ruM1pEBjlUqaaH +iaA38hvtGfiMJjlxwZo53G0d08TpY3i/gZknbd2v4Ch8mdkeP7CJiMT4oqmiK48O +qE8XbfXODXpYaVzYdZulf3ciefGc7spHAe6afRfGfnQF8qDK+Z0NAG0CRhTzrwZb +CpFzL4rhz60HjpcZLVRG/88NjLXkhtw7CkNRKldAGsdkfKN7aLBlHoAoRIZlGRK2 +3JihIkCZ8iENJPjWD725X3MD27VcBVhveQCy1JTWdYRhnugFASGHoshHfhiMIT9O +FDJ2NaVz1p+cXEDyv6r+aMA5Owf8+aXpn8NApb0F+PD2d7Q56LP5nUnwaiP9jMaw +p4i7Zc9TxtuPG/fYiSFmYf+DbZr0mXjWcBgaYDM/vJ84JJFMNOfknJsifFoR2s+u +BLYDrr42IVYi79AqcGsrBWUg052LTPnfcB6OZzfJu3Il4c94bR141t8lsRq9+rjJ +vg8OValYDjIxtkKprM/9iS70OQmhPyQAo5oYrZLCO3c2+dPgtoog9csLDP8dSNZy +mnHnhpwwM5TPZyH/IhfH+b+OeXWEwee/Yo+jGBBh5GzSJfiXB3v3NpHJ0yYthx5j +rgcSThv69Ky4Sc5NOHH2O/fnxoUjt/18vRBuqSd/0RSjlfg5MIUiR20sRixTn67O +aoIuAHqa6yshoyA0t5/tVso+C2pkMS9ZubS2p2Hl2T/CnIWKZzzH1X0xIE0CoYT9 +2bgoK1EYGLJDUpEH5FGoAowdpHx0UG4e0O9KrbSWiA1Npvp5MTv3M0zKjRbrUauu +JC33hrRqFNIprJJdGBMqESUCnefm/lgNM7UMRi0zLSEj/DHV3ZuQmw7yBKv5oHNV +lRxCxYUreqCYN8L1kXkKy8sQ/Lsjml/ZNxpCNOuvhdxM9IcTI3ZYjtuP2xTr62Qu +L9g4jfPQ2xc5kzY4k9nnbdMlueEJFf3AS+H6y2zlxsyABtlVhYciaOaR2eywAKGG +sKEM9qrbQpWZrTRm9tt8gIb/VCJJj0VVf8BUgPzINzj1l8uItZMugQWhgfSWoaPT +zXvgvBazA2UfzoR5jUo/GY08IXRvOPf2Gdg3WR3mpPGDmHA9Nl6HDklHrDV5DRVq +ZXUCXW7xeoGSuTjyJZ44FCvS7oeI00SUKMf6P+ELwyzhiSaHyJomGWnAq3qkahE5 +fqX5P3wC+vMVSaH40m75sZYBMGsaZpKNbwBRjBVJscMvaOTjW5UZB2AVMIfCGHr8 +5XxW6Vp1tUDloDfcmTLpIpQ15SH5ZxW7AxrVj9kpfwqWjunxmbEJ4A6Zx3x9tN9B +W7l+q7U7PgCLpwxCY+k6L20zOvzqKD02Vk/EDwIDAQABAoIEAQDUCUGYIAHevuNT +rihzJBVnRIGFZI5XddJSHk13IGbpjHDsoOha33X6CnmNScfCEtOOzyH+EtnKCkF3 +OotCNi5pT4zS6dhOYS/sciYgxwX2CfW5RaSAFryfR9peGHwZdrMVLgMSdqp3PMSq +36XjNtF9vkjrV/EJaXGwCxvM7vU1aG+FTaCEv/vPQIzEKRgp0gCNoONZ/fT/CfhW +r5RpYyeMJ8BOfxzdgFo+ApOSIj30oaQUALU0PUIFUFqkfJfhkGt6bDdz01Chsq1A +zCnawX0uFfYP41ChXqL1SFBt8xlRqyZ8DrUbA3P3Zgg5K+tw7qvroXo1XGLQKQfM +H0VzfneFf2ro1D6uxU1dXUvAuPm0iv4vgHX9HhUY162zrtbrW7QFZmlFR5hvIzv7 +W6KJJubQMGbp85McB4okxOdSDTrm68lJAZ7HBQVxBFxRSC/6vs4u/Ms/EQTQpXsY +kxQxfESgM6Kb2NVl8h7PdLiNk+aCaZ04Q3EHetR9wEPTlKV1Jstu5wUcHvmZmNSt +tTTng3xP4vRvQDzQfymAHHbiGvSo4Ch9CroWVAe1T21raRkmg8S/FYX2LAuac8pG +m8e7AKxVVU2cRrzw9xo8wUqm5PaKpVPQktyn4jADO/lKl0S8mNjavP8HQcZZOYV7 +RiQ/9Ovn+VhGW0bNQtZX5Z93H4E5ynrYZ+Bu4E6KBzApeG1wiSCGhyo2q8hMBLPy +52YcPEj7LYeoBCjExgHUmE4FEKq6+zC067jjLB65D9vouoni4lPnH4SEYQudumU9 +ywUG88Wg3p4wTekaFdObadL+hEVY96PqwLHj03YxlPzVZc2hYTYbTR5HG0X+wyeQ +pHhZ3O93bOq8i3IP1yBue6P3t7zp/iKNi4LZos043RWF2n9Q9RTMVNaRpdbaEMm4 +/JckhjjF6OgqYs7/ju5m8Oi8bEvi3+XETzHzGEaiYKfadrIaR+NpuGla61lCvKo8 +G2Uq/WwJxUICiDvAy3y5Z/FoXe0r87KF9LdC6MhRJvQ8dAEZWVCNs9HaLb+t/G1Y +H2vLmTtUJUXkuLtNpQdQZnAN7HQ8Y/qRXslLcoGC733L81PQcm3rojAUInyoc5M9 +JJWWk0DLP3BpFCo2cOrsjYzBO4ZC/PNNeJY938JXpvSIz+y+fuXV/Vd/EWNaQylb +6chCI7Pyz2HZhaKLI7+KPkEBprKbNBQDX4/uZuHtsccPguKF8yrLxk29u/Zy02Lp +TAGKB3gk8xsDSOKtTalEEHW2aXKvo3tkdRUqjJ4Q5vBO/mmiOZHhmYneumT9SIH7 +jt4wJS56Kh5utHT3RXgmrZn/XX7PoNGkW29HdHive7q/L8WnNar8Yloarn01wE04 +CE+x5vL5AoICAQDzIRy/LzkKOOz8Pz7qO66yLa/dxdiNud0IIYtB705RZduQ7wdD +oO0J8VOzrgy048EdOKf7mP2zma+xXPCfWHKMXRxIH+ewtNo5mxMxxPSkaUy25pK7 +vB6bOAIYvIZU/eMGtE5GTTMeJvyWC+uKVY4HUlzPaFmzz6KEJiTTVxwCi6SYikKB +EpJdaZ3S03Gxky4Nlr6ILk1lPKCdWIN/9EeFdjvgN/Cx21wI+9untNfIRKRLbNAe +dD4jC8mvx/Cb07Yzq+apkYWA7S2i30nocfWE3Wl0nk7nPTiIubetqNn15AjdOt+l +AyG8ZuaRbcemfQ+slLZ9jkvHCSlUVpYAo+iiztYtViLIWTzGk+VeJhvjdZq7K1+7 +5iph2G9gt2WFaaK4/Ikkz3Uq+SMSlW3iAb1Zj60qzzx1+ZlNMq/MvqJNAzPBxoFY +33ZySKnQSCOjVSr1K+PUO1m2Jisz6Fhj8lquCttZUrIudPaDVNmVXPXExxnnMu8x +ms9oOQPozgcUYW9MLv8NVRg5bIqvEb/j/cVnQm4l7eSj8WvkDi+xGEpO5AFJSb/A +rO9f61JamuHU2RwH2wq7ATMyG3chOu1b1jIuUFIt8cgAbUuTLbIuFQrTzXOMVch1 +dNVIPq8/vuLiNtXW3KhQFiM7AsvUQtsXbGuL8R4w4QM/DOkUK90gXXjlbQKCAgEA +7ywcQpTjEmuj2xo+FGiZo8hV1cT7yUjbTCtyMReVOFY0+/LP+XldOpi1d73GoUE4 +keXDSXh70AjeHH4KVRzYk2qBNG7ejscX7MhLIlVV6rp6EE1MFPDX1Z2tnwHwz9lb +kUgGs+Allg1dY6+B2Wmo7vWQ9EHwaGteLanfWsJtHpVEsRwSMSl3XUeydXf9x2nz +eRJ23V+e07XzeLvL4kn7vPZ8v0qRF+WLy9IBngO1RlrPrI+b//Vsk/2Mf3pfkm1M +g50Owm+fTOftcUvWkiIcUYCRVbOIBrTGEu4zLaNo3wHshuNmDWNr84lKEmVoXnoS +fpZ1IUwlLchzTD+Iv88kIVwBE4kMXlU8qZlffVCxAQWOOSS178v7iwc/ApU6aln5 +lXr8JmxjD0Wi1PpHRK4ogtnhikkkN67++aHJKBEYELKeashdxB04kokBl32ywJRf +oekeqCB/s5xlck7d4hFK3wfawxXqkNaN1q0q39BaaqOPRZFPaJ06umLb2Dy+raMX +7lNVv30rtiwEUYQiXcEF0j1XNABP14Qkwvk6rDUhM6s1B9c17ZOONeUt03kHjRg8 +tZ3FDAIqHeF67ZROK8WDuVxNCNarS0zn48YZo6xN8+lAn7kNsIVmmio0ChMDJIOk +hlvlBtO5wd7/9u0+MrcfMej21qbehRltuqi9eFRlLesCggIBAOaoMFyU0XmIPhSl +b+vKiVcTDvjIPUVf4nlXUYVRIi0JBEBA9NRNNPSs1aruYbGvLUOqv3trTq14DX2n +3cRepfXSVAV891LmkO372D7sSug72gLfRrACrcq2XQ7YtFynrR1sK6J4lRlzBUjY +sDJCLod1tQU0S33Sa60RfvhdeP5VOudYq/VGCEPE8mzUGtXL+vH7ZHFP9C8qUHpW +QhM/Tico3289wwUJRgxj3KUDZX/i1zeTWPK7d0PKaCJy/irntMDawe93Vn/VA+m0 +CqsSikntwKFZmyO4Kg1UnBSNz5J/L4Wq2Af1q6jQuseXrcSeeyNQxrzhJbUDVQll +R9P9rLPgpMLIKCGIv6bpIr6qSuUFarFNWfqqRuUi76+C7jae3DjBpN6eTtthFswH +pgK3gcsZCsFFcGfAT5c0kiIdbV7AvfaFe6sz/Ww40Zn/BohrQWDtraxoThkHpw8M +y+auQydAt47LbK20WzaHZhFU6vkvprx3zwNxinmnNbVE2OSV94AASgp9A4lfF0c2 +AKWs2P24wUUMp1B9tszaRJavo7eqiincZKXHqyWF3FCHBd7nxrcRMOHvJoHQGroU +7KCm2l6j5wMdkZAOIJfVz2f2oJoGHSwzKgV8vOdYSOyiDR9txHueRbQM/Il8gqGy +d6aGPpW6P9lBb9H+TpXLc3LEGvEVAoICAF6cf21jQlQ2GnKA9g/StPxSMopGyyd7 +16xQ/3ImFxRbHciQ6+6PMO8OG7MLcni1uTAVyOPWcnwAFgUFYwb6Sz49gnEAbq/i +WDeFoBsr0LnzHHg4a6FZCLhrEJR3CxDdtdhJusULJTMvhEL72YzsvDQTFk1ZjEVy +O6Yqrb1UbiAMAklhhlzGP3657wGC/vQUmIjLYhP+UHEFaBPZjjSs+ZVtmDl/wNfI +KT3ujE86vknfgImNobNmHZaJVTvUZ9wfuoXR6lXGHCkrEgWgb3gNYFBpYJSbWXL1 +rektKzehjcmyFCPj7qnbK4gCRjfyv4+oEIrc7+bFHWv4AIwoEet2gJ9lqtNUgn0K +kN2yW1DSS8LQtMssF4CNm6sKqcVWzO3nO9EC/p4ggCs5a8l+XBTyI/pnQE4Y0ufo +JNsRQebEpFVuozYwns8GlCt7YRLRWZXO2+nLsyHlAT9G3eaTBjj4iDqj+8jycYDs +Lt2+UNiKrknC+9kUO2px0BqNItRuayt6+euAMcp3NIRy8x5f+8xEoA3j0Aw1F2B0 +2Kn8N1aKCeFLl8XLP30EwtvVFgSyuub4sINTrvAqJwj8+kjjQu0TzCDWP28ApHA8 +MvsqkVfqwEd9fN/yL1Ul4EmZ6k4V6UdXgAzaa0YBGVl04qKGhPVA9Wkj9AlDp4DV +Z0/Qkmr4T7ITAoICAQDntedF62qFLmlgum58QBAbZiEDNiwUlSPUlk6o0Cs/bsSA +4xIYoxGfQP3T9caKSKGS+JGfiONYgemLWW0V4U5/v+YlJMXctl/TJmi7v43m0tPD +frjspJjfl3DGOWOb7lVAMOWL0b0MyOV9oBdL+WSBR7+ZiHo6FABqOdJBomO6wrHB +rKe8DnxE62d9fu1YRL0XVTcJQcSPFhd0JxY8fV9OKPtDLNR6+Q19b3B8MoIrAugp +M9DLyQwsObCa22A7MP9uLBBTJa2ubJfusW6V11Hf/48rFg6t1ahCYa3gyn6MHxji +aKIrXH2J8l2pOcf2aAuF1SgeSqnvtnFBgI1vebK+crXVDNYW7GvLaTfEdWRHpNc/ +9/ajew5rRS2HHO907Zub7dNckNeOInpSY7mBoSh1EG/IkdUYZ4hMWlxJzNSu3WWl +YprvHghpt2uyVMM1fsd39DLTtGv51NJJ5od9GKFWFBI/DRc6iwenKDGIpFi23jie +c9qb2J2oBiBH9Nt+0hpkqAt61U+306GgrIIUOHbdLWwXy8LOzaZxxVQ4KyVYvDJj +4zPT6SLaKCqHe8SWSXZyfa3zRIe8pBbAw3+L26yHI7X3aXJGHq6Yy7TbLFypDDoa +9DNXth8P3qxQq0AckCajAx4ka1glU9vuCAmsetHkgXybSJ1Wire2/zbqQRpWtQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslsocket/certs/fluke.cert b/tests/auto/network/ssl/qsslsocket/certs/fluke.cert index 069fa6b341..4cc4d9a5ea 100644 --- a/tests/auto/network/ssl/qsslsocket/certs/fluke.cert +++ b/tests/auto/network/ssl/qsslsocket/certs/fluke.cert @@ -1,75 +1,34 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=NO, ST=Oslo, L=Nydalen, O=Nokia Corporation and/or its subsidiary(-ies), OU=Development, CN=fluke.troll.no/emailAddress=ahanssen@trolltech.com - Validity - Not Before: Dec 4 01:10:32 2007 GMT - Not After : Apr 21 01:10:32 2035 GMT - Subject: C=NO, ST=Oslo, O=Nokia Corporation and/or its subsidiary(-ies), OU=Development, CN=fluke.troll.no - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:a7:c8:a0:4a:c4:19:05:1b:66:ba:32:e2:d2:f1: - 1c:6f:17:82:e4:39:2e:01:51:90:db:04:34:32:11: - 21:c2:0d:6f:59:d8:53:90:54:3f:83:8f:a9:d3:b3: - d5:ee:1a:9b:80:ae:c3:25:c9:5e:a5:af:4b:60:05: - aa:a0:d1:91:01:1f:ca:04:83:e3:58:1c:99:32:45: - 84:70:72:58:03:98:4a:63:8b:41:f5:08:49:d2:91: - 02:60:6b:e4:64:fe:dd:a0:aa:74:08:e9:34:4c:91: - 5f:12:3d:37:4d:54:2c:ad:7f:5b:98:60:36:02:8c: - 3b:f6:45:f3:27:6a:9b:94:9d - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 21:85:04:3D:23:01:66:E5:F7:9F:1A:84:24:8A:AF:0A:79:F4:E5:AC - X509v3 Authority Key Identifier: - DirName:/C=NO/ST=Oslo/L=Nydalen/O=Nokia Corporation and/or its subsidiary(-ies)/OU=Development/CN=fluke.troll.no/emailAddress=ahanssen@trolltech.com - serial:8E:A8:B4:E8:91:B7:54:2E - - Signature Algorithm: sha1WithRSAEncryption - 6d:57:5f:d1:05:43:f0:62:05:ec:2a:71:a5:dc:19:08:f2:c4: - a6:bd:bb:25:d9:ca:89:01:0e:e4:cf:1f:c1:8c:c8:24:18:35: - 53:59:7b:c0:43:b4:32:e6:98:b2:a6:ef:15:05:0b:48:5f:e1: - a0:0c:97:a9:a1:77:d8:35:18:30:bc:a9:8f:d3:b7:54:c7:f1: - a9:9e:5d:e6:19:bf:f6:3c:5b:2b:d8:e4:3e:62:18:88:8b:d3: - 24:e1:40:9b:0c:e6:29:16:62:ab:ea:05:24:70:36:aa:55:93: - ef:02:81:1b:23:10:a2:04:eb:56:95:75:fc:f8:94:b1:5d:42: - c5:3f:36:44:85:5d:3a:2e:90:46:8a:a2:b9:6f:87:ae:0c:15: - 40:19:31:90:fc:3b:25:bb:ae:f1:66:13:0d:85:90:d9:49:34: - 8f:f2:5d:f9:7a:db:4d:5d:27:f6:76:9d:35:8c:06:a6:4c:a3: - b1:b2:b6:6f:1d:d7:a3:00:fd:72:eb:9e:ea:44:a1:af:21:34: - 7d:c7:42:e2:49:91:19:8b:c0:ad:ba:82:80:a8:71:70:f4:35: - 31:91:63:84:20:95:e9:60:af:64:8b:cc:ff:3d:8a:76:74:3d: - c8:55:6d:e4:8e:c3:2b:1c:e8:42:18:ae:9f:e6:6b:9c:34:06: - ec:6a:f2:c3 -----BEGIN CERTIFICATE----- -MIIEEzCCAvugAwIBAgIBADANBgkqhkiG9w0BAQUFADCBnDELMAkGA1UEBhMCTk8x -DTALBgNVBAgTBE9zbG8xEDAOBgNVBAcTB055ZGFsZW4xFjAUBgNVBAoTDVRyb2xs -dGVjaCBBU0ExFDASBgNVBAsTC0RldmVsb3BtZW50MRcwFQYDVQQDEw5mbHVrZS50 -cm9sbC5ubzElMCMGCSqGSIb3DQEJARYWYWhhbnNzZW5AdHJvbGx0ZWNoLmNvbTAe -Fw0wNzEyMDQwMTEwMzJaFw0zNTA0MjEwMTEwMzJaMGMxCzAJBgNVBAYTAk5PMQ0w -CwYDVQQIEwRPc2xvMRYwFAYDVQQKEw1Ucm9sbHRlY2ggQVNBMRQwEgYDVQQLEwtE -ZXZlbG9wbWVudDEXMBUGA1UEAxMOZmx1a2UudHJvbGwubm8wgZ8wDQYJKoZIhvcN -AQEBBQADgY0AMIGJAoGBAKfIoErEGQUbZroy4tLxHG8XguQ5LgFRkNsENDIRIcIN -b1nYU5BUP4OPqdOz1e4am4CuwyXJXqWvS2AFqqDRkQEfygSD41gcmTJFhHByWAOY -SmOLQfUISdKRAmBr5GT+3aCqdAjpNEyRXxI9N01ULK1/W5hgNgKMO/ZF8ydqm5Sd -AgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM -IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUIYUEPSMBZuX3nxqEJIqv -Cnn05awwgbsGA1UdIwSBszCBsKGBoqSBnzCBnDELMAkGA1UEBhMCTk8xDTALBgNV -BAgTBE9zbG8xEDAOBgNVBAcTB055ZGFsZW4xFjAUBgNVBAoTDVRyb2xsdGVjaCBB -U0ExFDASBgNVBAsTC0RldmVsb3BtZW50MRcwFQYDVQQDEw5mbHVrZS50cm9sbC5u -bzElMCMGCSqGSIb3DQEJARYWYWhhbnNzZW5AdHJvbGx0ZWNoLmNvbYIJAI6otOiR -t1QuMA0GCSqGSIb3DQEBBQUAA4IBAQBtV1/RBUPwYgXsKnGl3BkI8sSmvbsl2cqJ -AQ7kzx/BjMgkGDVTWXvAQ7Qy5piypu8VBQtIX+GgDJepoXfYNRgwvKmP07dUx/Gp -nl3mGb/2PFsr2OQ+YhiIi9Mk4UCbDOYpFmKr6gUkcDaqVZPvAoEbIxCiBOtWlXX8 -+JSxXULFPzZEhV06LpBGiqK5b4euDBVAGTGQ/Dslu67xZhMNhZDZSTSP8l35ettN -XSf2dp01jAamTKOxsrZvHdejAP1y657qRKGvITR9x0LiSZEZi8CtuoKAqHFw9DUx -kWOEIJXpYK9ki8z/PYp2dD3IVW3kjsMrHOhCGK6f5mucNAbsavLD +MIIF6zCCA9OgAwIBAgIUfo9amJtJGWqWE6f+SkAO85zkGr4wDQYJKoZIhvcNAQEL +BQAwgYMxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARPc2xvMQ0wCwYDVQQHDARPc2xv +MRcwFQYDVQQKDA5UaGUgUXQgQ29tcGFueTEMMAoGA1UECwwDUiZEMRIwEAYDVQQD +DAlIMiBUZXN0ZXIxGzAZBgkqhkiG9w0BCQEWDG1pbmltaUBxdC5pbzAgFw0yMDEw +MjYxMjAxMzFaGA8yMTIwMTAwMjEyMDEzMVowgYMxCzAJBgNVBAYTAk5PMQ0wCwYD +VQQIDARPc2xvMQ0wCwYDVQQHDARPc2xvMRcwFQYDVQQKDA5UaGUgUXQgQ29tcGFu +eTEMMAoGA1UECwwDUiZEMRIwEAYDVQQDDAlIMiBUZXN0ZXIxGzAZBgkqhkiG9w0B +CQEWDG1pbmltaUBxdC5pbzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AOiUp5+E4blouKH7q+rVNR8NoYX2XkBW+q+rpy1zu5ssRSzbqxAjDx9dkht7Qlnf +VlDT00JvpOWdeuPon5915edQRsY4Unl6mKH29ra3OtUa1/yCJXsGVJTKCj7k4Bxb +5mZzb/fTlZntMLdTIBMfUbw62FKir1WjKIcJ9fCoG8JaGeKVO4Rh5p0ezd4UUUId +r1BXl5Nqdqy2vTMsEDnjOsD3egkv8I2SKN4O6n/C3wWYpMOWYZkGoZiKz7rJs/i/ +ez7bsV7JlwdzTlhpJzkcOSVFBP6JlEOxTNNxZ1wtKy7PtZGmsSSATq2e6+bw38Ae +Op0XnzzqcGjtDDofBmT7OFzZWjS9VZS6+DOOe2QHWle1nCHcHyH4ku6IRlsr9xkR +NAIlOfnvHHxqJUenoeaZ4oQDjCBKS1KXygJO/tL7BLTQVn/xK1EmPvKNnjzWk4tR +PnibUhhs5635qpOU/YPqFBh1JjVruZbsWcDAhRcew0uxONXOa9E+4lttQ9ySYa1A +LvWqJuAX7gu2BsBMLyqfm811YnA7CIFMyO+HlqmkLFfv5L/xIRAXR7l26YGO0VwX +CGjMfz4NVPMMke4nB7qa9NkpXQBQKMms3Qzd5JW0Hy9Ruj5O8GPcFZmV0twjd1uJ +PD/cAjkWLaXjdNsJ16QWc2nghQRS6HYqKRX6j+CXOxupAgMBAAGjUzBRMB0GA1Ud +DgQWBBRSCOU58j9NJZkMamt623qyCrhN3TAfBgNVHSMEGDAWgBRSCOU58j9NJZkM +amt623qyCrhN3TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCq +q4jxsWeNDv5Nq14hJtF9HB+ZL64zcZtRjJP1YgNs0QppKICmjPOL2nIMGmI/jKrs +0eGAL/9XXNVHPxm1OPOncvimMMmU6emZfpMdEtTfKP43+Pg9HgKRjLoQp406vGeQ +8ki/mbBhrItVPgEm3tu2AFA02XTYi+YxCI9kRZLGkM3FbgtOuTLPl0Z9y+kiPc9F +uCSC03anBEqv+vDSI8+wODymQ/IJ3Jyz1lxIRDfp4qAekmy0jU2c91VOHHEmOmqq +kqygGFRdwbe99m9yP63r6q0b5K3X2UnJ6bns0hmTwThYwpVPXLU8jdaTddbMukN2 +/Ef96Tsw8nWOEOPMySHOTIPgwyZRp26b0kA9EmhLwOP401SxXVQCmSRmtwNagmtg +jJKmZoYBN+//D45ibK8z6Q0oOm9P+Whf/uUXehcRxBxyV3xz7k0wKGQbHj/ddwcy +IUoIN4lrAlib+lK170kTKN352PDmrpo2gmIzPEsfurKAIMSelDl6H+kih16BtZ8y +Nz6fh9Soqrg3OSAware8pxV7k51crBMoPLN78KoRV8MFCK4K7Fddq4rRISq6hiXq +r1nsjoEPuKM9huprmZVZe9t5YcDa2I+wb3IiE3uwpZbAdaLDyQ5n6F/qpsiIkZXn +gtcF7oqpG5oYrwCcZ53y/ezUgUg7PlSz2XwAGvQtgg== -----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslsocket/certs/fluke.key b/tests/auto/network/ssl/qsslsocket/certs/fluke.key index 9d1664d609..337ce541a6 100644 --- a/tests/auto/network/ssl/qsslsocket/certs/fluke.key +++ b/tests/auto/network/ssl/qsslsocket/certs/fluke.key @@ -1,15 +1,52 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCnyKBKxBkFG2a6MuLS8RxvF4LkOS4BUZDbBDQyESHCDW9Z2FOQ -VD+Dj6nTs9XuGpuArsMlyV6lr0tgBaqg0ZEBH8oEg+NYHJkyRYRwclgDmEpji0H1 -CEnSkQJga+Rk/t2gqnQI6TRMkV8SPTdNVCytf1uYYDYCjDv2RfMnapuUnQIDAQAB -AoGANFzLkanTeSGNFM0uttBipFT9F4a00dqHz6JnO7zXAT26I5r8sU1pqQBb6uLz -/+Qz5Zwk8RUAQcsMRgJetuPQUb0JZjF6Duv24hNazqXBCu7AZzUenjafwmKC/8ri -KpX3fTwqzfzi//FKGgbXQ80yykSSliDL3kn/drATxsLCgQECQQDXhEFWLJ0vVZ1s -1Ekf+3NITE+DR16X+LQ4W6vyEHAjTbaNWtcTKdAWLA2l6N4WAAPYSi6awm+zMxx4 -VomVTsjdAkEAx0z+e7natLeFcrrq8pbU+wa6SAP1VfhQWKitxL1e7u/QO90NCpxE -oQYKzMkmmpOOFjQwEMAy1dvFMbm4LHlewQJAC/ksDBaUcQHHqjktCtrUb8rVjAyW -A8lscckeB2fEYyG5J6dJVaY4ClNOOs5yMDS2Afk1F6H/xKvtQ/5CzInA/QJATDub -K+BPU8jO9q+gpuIi3VIZdupssVGmCgObVCHLakG4uO04y9IyPhV9lA9tALtoIf4c -VIvv5fWGXBrZ48kZAQJBAJmVCdzQxd9LZI5vxijUCj5EI4e+x5DRqVUvyP8KCZrC -AiNyoDP85T+hBZaSXK3aYGpVwelyj3bvo1GrTNwNWLw= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDolKefhOG5aLih ++6vq1TUfDaGF9l5AVvqvq6ctc7ubLEUs26sQIw8fXZIbe0JZ31ZQ09NCb6TlnXrj +6J+fdeXnUEbGOFJ5epih9va2tzrVGtf8giV7BlSUygo+5OAcW+Zmc2/305WZ7TC3 +UyATH1G8OthSoq9VoyiHCfXwqBvCWhnilTuEYeadHs3eFFFCHa9QV5eTanastr0z +LBA54zrA93oJL/CNkijeDup/wt8FmKTDlmGZBqGYis+6ybP4v3s+27FeyZcHc05Y +aSc5HDklRQT+iZRDsUzTcWdcLSsuz7WRprEkgE6tnuvm8N/AHjqdF5886nBo7Qw6 +HwZk+zhc2Vo0vVWUuvgzjntkB1pXtZwh3B8h+JLuiEZbK/cZETQCJTn57xx8aiVH +p6HmmeKEA4wgSktSl8oCTv7S+wS00FZ/8StRJj7yjZ481pOLUT54m1IYbOet+aqT +lP2D6hQYdSY1a7mW7FnAwIUXHsNLsTjVzmvRPuJbbUPckmGtQC71qibgF+4LtgbA +TC8qn5vNdWJwOwiBTMjvh5appCxX7+S/8SEQF0e5dumBjtFcFwhozH8+DVTzDJHu +Jwe6mvTZKV0AUCjJrN0M3eSVtB8vUbo+TvBj3BWZldLcI3dbiTw/3AI5Fi2l43Tb +CdekFnNp4IUEUuh2KikV+o/glzsbqQIDAQABAoICAFw1q6tr5I48vY7DF+rXsuLn +5ZUWE1IQ6fzB4lr72nJv/9EEGnMgYzt9PpMUsD6vdCpBgS2C0+6RHArFzJtNA+RM +iHLIG7K7702veyr/xBx/MwiSlMeMv/XpkFxVI6E6skMGG2s3AMXxKvJTy5CpRx+I +eQFyLG+Ya1X2lgJes/q+/CpAHkOjCOpcLySQC5NZ74q734V7nSdmn+Zs3tYEh+O/ +eiuwTP/j5b38Te5vVTqDxTciJPmljmXLCwa0N100lWlbcpvw8qbqiTI2Jm3XCbUE +AzHjW9vmrF3cRS1fXxKFGShw3SRqlkbxjfeWoi8qDPUBS4m8LOr8qG9Wo5Nfon0z +zLP4bci3zHDvVcaaZrrsUBs/yZbg+Dgka1DmX7ekmeccr2yTdKDFgPupYUyxVbTl +a9ZLJysjFD7rgBv1ZclHonLp6Vbm+ZoTqvteo4ikAy6L9RtBWJ23XEK34PkP/+c5 +2vWZaOrnjSeBHbFce8cdJSxqWpP+eSCI5I9XbDrYFIsQ/gqKgtzDKy2ihJ2Y8STL +yO4hyFPFjxc+Gg4/P2PpmT5CY2ty44M0BWs+JGW96CJPrrplf2lmQUQJj5LZY66X +Z/4C9L7ZYtKZ+bs5SvU46yWugAvQZX22Xm9xLXWyVXRdx3bj+3M3fDnF9di/zdbh +CgLx7oWPNrXc7FCajnn9AoIBAQD5FMYwRpw9NWT9WDxQwx+cSI4Icbd88ByTW63S +LzeRwZA0J9/SfwO+aBRupzc9GkGXCiZcGMw3AGsCtig8yFlw8E5KnzN7KlftDMnM +9NUxxzlR8VwKyLnZfG7sDTl057ZlUujnqhmt/F8F7dIy7FVO1dE/8nngA+FYTCOG +UZdGjwyBDlDM0JJdUWGY3xslutcpCDN5mzSTKjy9drMvImAshRawxRF6WBpn7vr2 +nC6vciqfx1Mzx1vyk0Jm0ilaydDdLMADjt/iL4Nkr0BEs4k+UzQiKDwp8gu7abQ1 +eBfxd9Iar4htQa2I1Ewl6P01G/q+ZYwgHhJ9RVn4AxQXefILAoIBAQDvCouORdQX +C8wsyp7MwXlF/3NQeNN5/+B2mhbxrBOf7PmMCXLnkRWcjwJtzypWFqJ0sqai/2+0 +bqbMcjX5maT8stT2shl3zXe/Ejt2e3TBYpc1tyuses8Kb5BMU8hu6tTd3G2CMXpD +dT6DVemJZCTtwj9aBNIxSizvlgMolJnCpzhPnlfHSI6E+g3m/LTTo3HwbjMSw/Uq +irgjOpI2wSBB6LZPSgjvfcYPRyWUk16L4A5uSX0cADnovDFLa5/h0wJvN/OoCSQg +rLCXG5E18EyL5Wc58BCY1ZvxmjG3lQtgPxYu2Jwc36R/y/JKlxW5suER5ZNpbbD4 +uOyTt2VxMQ2bAoIBAQC5+MzRFqdo/AjfL5Y5JrbfVTzXCTDa09xCGd16ZU60QTWN ++4ed/r+o1sUKqUcRFB2MzEM/2DQBjQpZB/CbEWvWa1XJWXxypXbowveZU+QqOnmN +uQvj8WLyA3o+PNF9e9QvauwCrHpn8VpxbtPWuaYoKnUFreFZZQxHhPGxRBIS2JOZ +eDrT8ZaWnkCkh1AZp5smQ71LOprSlmKrg4jd1GjCVMxQR5N5KXbtyv0OTCZ/UFqK +2aRBsMPyJgkaBChkZPLRcKwc+/wlQRx1fHQb14DNTApMxoXFO7eOwqmOkpAt9iyl +SBIwoS0UUI5ab88+bBmXNvKcuFdNuQ4nowTJUn9pAoIBADMNkILBXSvS5DeIyuO2 +Sp1tkoZUV+5NfPY3sMDK3KIibaW/+t+EOBZo4L7tKQCb8vRzl21mmsfxfgRaPDbj +3r3tv9g0b4YLxxBy52pFscj/soXRai17SS7UZwA2QK+XzgDYbDcLNC6mIsTQG4Gx +dsWk3/zs3KuUSQaehmwrWK+fIUK38c1pLK8v7LoxrLkqxlHwZ04RthHw8KTthH7X +Pnl1J0LF8CSeOyfWLSuPUfkT0GEzptnNHpEbaHfQM6R6eaGhVJPF6AZme4y6YYgg +m2ihhSt1n0XVEWpHYWjxFy3mK2mz75unFC4LM+NEY2p2zuUQoCw7NjnY3QYrfCnx +rRMCggEAXeXsMSLFjjyuoL7iKbAxo52HD/P0fBoy58LyRcwfNVr0lvYan4pYEx+o +KijIh9K16PqXZXKMA9v003B+ulmF8bJ7SddCZ5NGvnFhUTDe4DdTKgp2RuwQ3Bsc +3skPIDbhVETyOLCtys34USHrq8U/0DlGY3eLRfxw9GnbKxSBGa/KEu/qQLPNUo50 +7xHZDg7GKeC3kqNJeqKM9rkp0VzIGkEnaD9127LeNDmERDfftxJzFoC/THvUBLfU +6Sus2ZYwRE8VFvKC30Q45t/c54X3IuhYvAuiCuTmyfE4ruyzyOwKzhUkeeLq1APX +g0veFbyfzlJ0q8qzD/iffqqIa2ZSmQ== +-----END PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslsocket/certs/inter.conf b/tests/auto/network/ssl/qsslsocket/certs/inter.conf new file mode 100644 index 0000000000..ed350da8ea --- /dev/null +++ b/tests/auto/network/ssl/qsslsocket/certs/inter.conf @@ -0,0 +1,14 @@ +[req] +default_md = sha512 +basicConstraints = CA:TRUE +keyUsage = cRLSign, keyCertSign +[req] +distinguished_name = intermediate_authority +prompt = no +[intermediate_authority] +C = NO +ST = Oslo +L = Oslo +O = The Qt Project +OU = The Qt Project +CN = Fake Qt Project Intermediate Certificate diff --git a/tests/auto/network/ssl/qsslsocket/certs/inter.crt b/tests/auto/network/ssl/qsslsocket/certs/inter.crt index 4e1d67c3e0..2d924f3a96 100644 --- a/tests/auto/network/ssl/qsslsocket/certs/inter.crt +++ b/tests/auto/network/ssl/qsslsocket/certs/inter.crt @@ -1,22 +1,53 @@ -----BEGIN CERTIFICATE----- -MIIDvDCCAnSgAwIBAgIQO+uZxerYC10Ll11PBnVL4TANBgkqhkiG9w0BAQUFADA8 -MQswCQYDVQQGEwJHQjEZMBcGA1UEChMQV2VzdHBvaW50IENBIEtleTESMBAGA1UE -ChMJV2VzdHBvaW50MB4XDTEzMDIxNjE2NTMwOFoXDTIzMDIxNjE2NTMwOFowMjEL -MAkGA1UEBhMCR0IxIzAhBgNVBAoTGldlc3Rwb2ludCBJbnRlcm1lZGlhdGUgS2V5 -MIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAsR4tRskg2IFfQFMfGBJ1 -eqlrNejANw0oM6k5HlEB8uFA9qeyAzmflwQUPoJ55KRQ/gVHTOBdWrtgGgPMiekF -1Q36Ry1elwbAl4a+LZ6qsc9ASipvk8HirKpt1v5L9hG+aI4yDxyvjNztFtg5R4P5 -zqsh/WwhCgsYmEVfcSDbhUjqoqxGRLaZxPKO+IMCNFrjZqi0yxc8f6Un4G5SQzHA -4szi/ezcITnAFYWxHG2yaed4hawpxNS1WXabk2rzCi0pWeIcHuIczaCfZ7ElRcqV -VNNXbGTtUDlfIsh6FAVI5kTUDcPV27uf6BmHuFOu/R9Tjni25+vBFvohwQh7ZwCX -5COXnfkJLPkJQQEFVQv8nS27ht/vmyoKjERUeiuMd+hFcN5zl7bS5A2JCgi7erlP -ZQIDAQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYD -VR0OBBYEFGn5shQ0SeTcc3x/cNu6TkoV0bPmMB8GA1UdIwQYMBaAFJQnOLW5hBTG -pvc2vfcs4sJpRRPJMA0GCSqGSIb3DQEBBQUAA4IBMQAVDS0enQQ1FL0d92xOFfwx -mjcNPz9oO7jMyEVxAs2eR2QD+xZ3Xj4gAiUEp40aGieDcLv+dg+cmuBFWF61IYSR -UyuoakVm08VDcLAwUzU+xtSvJiSSROb0GsAnVsYZj4TYlvKDplqfapOYaiIkwF+c -iE4n7G0hQW9fzqO+n3FGtBD8YUjghRqLggeRVJ2+8S3Bm8cfx8xPpRIO3ksA6opn -CORRGuzetDHihbks59mkoY3GqKFgBOyrC3kG07nv5wtKjdKDtmD/kS/SAc4fIXKy -Uruq2uXNf/1BUgF5gFGRyj22yB2D0763fJJpl5nqcLrL5RmnVObQKZGhE2VsRTV0 -untj+AmiJivhiAjjkHfw3XDf8tuL7D4pTmEkGgl5xl23fyeTIuygDCLT8fRD3ZqQ +MIIJczCCBVsCFBFyNLwh5soEJBP4NUiEpuneliIVMA0GCSqGSIb3DQEBDQUAMFsx +CzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARPc2xvMQ0wCwYDVQQHDARPc2xvMS4wLAYD +VQQDDCVGYWtlIFF0IFByb2plY3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTIy +MDkwMjE1MDIyMVoXDTIyMTAxNzE1MDIyMVowgZAxCzAJBgNVBAYTAk5PMQ0wCwYD +VQQIDARPc2xvMQ0wCwYDVQQHDARPc2xvMRcwFQYDVQQKDA5UaGUgUXQgUHJvamVj +dDEXMBUGA1UECwwOVGhlIFF0IFByb2plY3QxMTAvBgNVBAMMKEZha2UgUXQgUHJv +amVjdCBJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUwggQiMA0GCSqGSIb3DQEBAQUA +A4IEDwAwggQKAoIEAQDf31Hd+5tMLrBf966j4BiTBP7yIS7BJ7jBSUWVStd8F1Pc +hxB/h8hKj8T8M8Fq2prmxkkjg4epxmgqYeGqYnBqPY0Gke0RXC506WGW8B4IQ+qk +szVHJyNC2dnZ7byaqj1/vleQESmaQhXRxSvaw3Qu54/SbXuEOot8tiBZ90oVvHHt +yn1nQYpGGDszTATKMaaqaE+D/lsNzxJGGzndbg9yjrvLRKBRbFIhT7L7ME4d2NLm +AcXvFHHjV2bEBCvQrShXE0t11qAUrT48rDcBA0OsMW6YwxCBoFXvnpg5iuCfbQGf +zRVgGIhb8Bo1dV2nTBTMpz9ssupTOmlS1/WJ99w4nPHUHBtYe8QBaWigHbIqyxlP +hm6NBe4i1EoqY7fsfI6uH9eo0l8ZvB/tLCgFRE5OqHQZXPUHutnlhSoouj7gA7Lp +VPYundGY8mauVV9YFVDECh8oiJI9/dqq4i6QhLHFXFUG6P95yqgzv9fsy2HKKr06 +2deBjOGMoQv7CRgRr9/JOAYOdk8SeQ1eWRA2O2Vx9N2davIczvuODqP2Y2IqJ9/x +xvYVZNlnLIrtJvTCh4ROe3+ecdLeg/hFT/J2BmG6oHeNm0TJPnI1bK6TDJYb/Nqi +EIuDDpbNs4IZn70DCU+Fg1FiV+evAziQ67utijyOg/xooUKVvXH4c5s7jUcFmYJd +Zf/3GwwLVoTpeBpAKyuZ/ffUZkXUi4GhBS5g+3P+O5LASKiA+785qk/FtY7tYo/H +VfH+3n1hQK4xdw8VA81LSanhZMYkwpKSh4Per0jeGz5GeYfCbBuxlfZovmUHcq2s +1seIcxRzcI4f+uAsjdAh5dAn3OFqComcbGls9iWn+mGs41tLgNf+J357N66234DQ +K0FXrRGyjmlYNPibS3DkCJCmEslNjSh/ObvMSTiJkpVYEXP5lo6Rq67C0iaF8yxs +jsMfzINqQX0gQj8QYbxmy3M89dTwNoiJ/XJuDKwAGdsfJZV7clUY2cLcCue/XiXM +xOmGvSU/Bkq6vb2ij7TPeMoV7gNVhNfVyM+h09q1CesTjAauRMp4/ZYYETPkdII0 +Hkd7J9QQP/aUHX56vl+R6kEBE+IMfEIXpsmnKjwxdfbYfiJZP0wewkM0LfdI9T00 +DVc9NI2xqZLPx8N2WxnvmDHrz2kpITBdiseddNK/L6X/sZdxFf+2YQiA3o+nvifd +iq9/2MyVnghcGOazlmzTB366OS6vbePWObm2+9t4h1yJMOIoXr69XkMzsmNCHyR3 +q84/VmDACRfoeA0h68wpeMphKKjlJhGWD4e3k4hIvbKW5/HvtIJfaW1RBXtpiS+3 +tJwjpHdIZGKW9CKheupACkARHO2udeJRYFi29RMNAgMBAAEwDQYJKoZIhvcNAQEN +BQADggQBAEMvISwrzGYljSkM/04Iym9m1nLZ8teOLxar0bULGIAVGZ01uBwSwapm +C5lvsNU+IY3O4TgjhMMq/cLXM0KUyhNK/oD0oEjNKuk10uoqs2sRU6+t+iFtf/74 +xPYImmDCqEfVu2Eew0SMKclPlPOBGHXVm4oOcbCp7xFTTg2YIrRDa0cKekaDDtsy +gQqMKNk/wGHI9SQVjVerzsqg31x4rvVaI31Ss/KosZWi0La/QjvJzhFF+UJ+AGkX +0p0iOKzGbMgi9tSLrLTK87n+x48XayW/P1+BKdvXUGXQUskCaEdhRvUHTi5LKFyP +mZ6xkyCxNig5fuwUnfrb/976VzQCucR5kIVh52WBusgEnCj8mvdlHQov5Vy8dwxF +4tO51lb92R5Gu0e7XuKK3LMANQO1HNFDASPyI2AQXXCVgrxOqnNSyk9sAFsyRWDx +9m0v4KjOezukbJ5OssBNVj/aQrvYq+L88Z8NFq9q0DoM2fVzxfbSixpRh3wbMm4c +Ttv7zXgLFhA/jrrUCiQVzgp0KSnM2Fchi/IxaVH34+8JCC+tKX4EK6vaIif8Omzb +iEsPUUbINcoIHgfVEYmmk6Z4KcHBKOz/iiTgaPiQJyymGlgXRLKjpkbifbRIm31M +UxCpv+KyTmjDeDFRXX+Yl/b1/sRNg4TfGTVySsb56vzRMghRPJlnHfMxJRroBo6L +FZfimQUcJxbNpavPdj29Vg3Y6bXGdUATx1YDHFSCynOnwXE4kgDvQGyoWHHN1zWm +Fl6JyVor9vb6viBB5HCerZsQ5HDpmQ9UqVs0iWJqYfgyFThW6mZGbBY2inw4hjtT +oVxVzW8gTTaeYLlrY7BqSpjtWQduSzSgaIiCGuvM3Yg2N6jiHzlN0h0pI+uHbvNW +F5ZMfVMU8IcheMilj1a7lgmQQas4xy0emo1H1GH9Lcw6+yW7yN77grKOgWhimvMX +UvoHaxE/T67jpK+SLyyzhfsGwOWhx91BzAFpyDqrYd5ERR8EUUUEVKLYofmDh5Ey +FqMqQEwXOBQxB1Y/1UcSbycu+Zr6raKJ0G6eCS7O6dlCpIZwpggqqnKZYFnunskE +lNw5ZpsSHADp8rwRVJGlLxgqM0TEvQa07+wb85sR8Hl47Y5QSq0E/Hn8a2ZcGERR +chsW89yr7qpUNPoTQUDQ3ZGByzeXMYSvNWvsChomy6GqSmFtnuI6Ta07CNdcbqQ+ +8Pmo8Mi3UUNZueP2VNIdHXeYEabjwl7v8KjyT4bc0/SKk/4L7ADvLxV4Fe1Na73Z +2hrMwmHCWJ+4sdVFF/3t0yDg9GQMGCTXkbd8ofJwIkM72NAUYAkMvOBx8+NaSDBW +wvnYOPu8PDnRWerAdoRZUNlKigb6oUA= -----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslsocket/certs/inter.key b/tests/auto/network/ssl/qsslsocket/certs/inter.key new file mode 100644 index 0000000000..8d282647e5 --- /dev/null +++ b/tests/auto/network/ssl/qsslsocket/certs/inter.key @@ -0,0 +1,99 @@ +-----BEGIN RSA PRIVATE KEY----- +MIISKQIBAAKCBAEA399R3fubTC6wX/euo+AYkwT+8iEuwSe4wUlFlUrXfBdT3IcQ +f4fISo/E/DPBatqa5sZJI4OHqcZoKmHhqmJwaj2NBpHtEVwudOlhlvAeCEPqpLM1 +RycjQtnZ2e28mqo9f75XkBEpmkIV0cUr2sN0LueP0m17hDqLfLYgWfdKFbxx7cp9 +Z0GKRhg7M0wEyjGmqmhPg/5bDc8SRhs53W4Pco67y0SgUWxSIU+y+zBOHdjS5gHF +7xRx41dmxAQr0K0oVxNLddagFK0+PKw3AQNDrDFumMMQgaBV756YOYrgn20Bn80V +YBiIW/AaNXVdp0wUzKc/bLLqUzppUtf1iffcOJzx1BwbWHvEAWlooB2yKssZT4Zu +jQXuItRKKmO37HyOrh/XqNJfGbwf7SwoBUROTqh0GVz1B7rZ5YUqKLo+4AOy6VT2 +Lp3RmPJmrlVfWBVQxAofKIiSPf3aquIukISxxVxVBuj/ecqoM7/X7Mthyiq9OtnX +gYzhjKEL+wkYEa/fyTgGDnZPEnkNXlkQNjtlcfTdnWryHM77jg6j9mNiKiff8cb2 +FWTZZyyK7Sb0woeETnt/nnHS3oP4RU/ydgZhuqB3jZtEyT5yNWyukwyWG/zaohCL +gw6WzbOCGZ+9AwlPhYNRYlfnrwM4kOu7rYo8joP8aKFClb1x+HObO41HBZmCXWX/ +9xsMC1aE6XgaQCsrmf331GZF1IuBoQUuYPtz/juSwEiogPu/OapPxbWO7WKPx1Xx +/t59YUCuMXcPFQPNS0mp4WTGJMKSkoeD3q9I3hs+RnmHwmwbsZX2aL5lB3KtrNbH +iHMUc3COH/rgLI3QIeXQJ9zhagqJnGxpbPYlp/phrONbS4DX/id+ezeutt+A0CtB +V60Rso5pWDT4m0tw5AiQphLJTY0ofzm7zEk4iZKVWBFz+ZaOkauuwtImhfMsbI7D +H8yDakF9IEI/EGG8ZstzPPXU8DaIif1ybgysABnbHyWVe3JVGNnC3Arnv14lzMTp +hr0lPwZKur29oo+0z3jKFe4DVYTX1cjPodPatQnrE4wGrkTKeP2WGBEz5HSCNB5H +eyfUED/2lB1+er5fkepBARPiDHxCF6bJpyo8MXX22H4iWT9MHsJDNC33SPU9NA1X +PTSNsamSz8fDdlsZ75gx689pKSEwXYrHnXTSvy+l/7GXcRX/tmEIgN6Pp74n3Yqv +f9jMlZ4IXBjms5Zs0wd+ujkur23j1jm5tvvbeIdciTDiKF6+vV5DM7JjQh8kd6vO +P1ZgwAkX6HgNIevMKXjKYSio5SYRlg+Ht5OISL2ylufx77SCX2ltUQV7aYkvt7Sc +I6R3SGRilvQioXrqQApAERztrnXiUWBYtvUTDQIDAQABAoIEABn2G9hSRUAgafO3 +FVmLs03ZVnddwb5EjPhdNuSJOVP6oI8CWrdvV5rN8VoN5nAtyajZdcHYjvLxP0Mq +9rB7me24FZKdeZB50ClepyKJ1fG/boaLAbKupzgpa0oKd8S32UnnGOBsHRb2cvFQ +nDVSVTbbQ6Jzb891updLx5SnSMAcilm5EbHXt+FJDhR0zFlmSJ2aWx5DcOu5B7V5 +ksxK5x+xzbVU0AKhPST/yRG4GFb9vfdOXVXMWSi0CgbRNQOOEQ+H/Ug9C3NaY81F +a1uCtWZSlTDB7jgaD90p1x1VLZdPXNDbR49NSQLgZSmt4p50BDV3b7N7TBE6xNwG +j0Lgq3klOiYO3Fz2fVRslOV8jBzKULUYMdnIxkTjuXYQ+lNCXolyx9+cBctGNa2b +YUi7ExmsD0qhrQiocnxbZPg0IPZ5d1X3tFTTmGrUMXQmElh0oFkbk2Fv9QWbWrBW +am/382Wfv3x9qKLHDZpytOeQ7lYzfp5EhOlRHRbh1jHWbCQg8SK0jH9A2QqbXyGB +0o93c9wzOT/4FvugRSvEJt97xvZ8iUvQdtkkSNHeKH439kpYzM8NI0+Mg5eqVjAz +hTqKouqxkSuqxd9Qjo4DfHsxCndUa0ZABO29018nYf72t0SS39Xr1JRC/WseRIEJ +1UnargsY4zx+9unGfmEBhw7w4zuSyiMARmEmigdKvofTj7V4nIBWmy64Pvp9U3iQ ++lx9mtqcybdNLA5VOrzF03W8snO3xxSBC2If9Vr9uelRtBecTYa2pRVAhfwrLlVR +fexDIzOTHrm7kwZnFAfVf5y6pz7m2b7kMZxjRvZZ+WQVGGwafwPAaCeHR3txKd1L +ixHRUwvoseef3hqDPzA/0CtcuSfk+IPSrCGbymWMpRYtSDkHectI6o2BolUzjY95 +dpzILDlCHewAWJbP11Hugi+NZOFXluom0vCVYgs8Y61S62xFqHifzF/usHmQ4laP +zHQkoIaZlTHA3gxKDpYpyJw5/x7WQ4UAtXW/GzS0Bec5FOEv5NtyEW4s/jYkX8J4 +DlmI/iW/q/LG+G7EL+AnOqnnoBhY045mUFjXO7OpWH2Kjt7XG6zXMSAsDKm8Wp0o +Ily9FgfPxsHOw6i3NrOWNVmURVyCqY1Ut8F/T1vQ2e8b8O4FlaIMQN/tjgSpkaDa +8ziPehQEZqZZKkmq6InZlY1MlqXrXivZYkDJCqzhGKxIPt0C3sfTBQxCzJwIO9ma +STOxdgj1HfczNyaTwRYtbdtkroOKWclmB3lbQrZmT5DVKCtLvwFAG1LYGGy4w8gf +6/IEsV3uRGLMbnY+qvl2eI2wwI0FYYaxdydiNDYHyiK/Wea8QCsbU48QlBB7W1Of +zzNv+gECggIBAPvP57PPQaeDKZRb/lbVjw8IIPN36Vb2ZSRBoYuvSb+a+62czrYI +ZNbadBb9VCx99VlDaxthE/9m5Xa5JhfHckf0dSYuXzX/fnzXlT+J/SKLhGVXsqG/ +HBhXu75wn6cvxV8D0WQ+C7I8xIXHeQsyC5u/HFHtOiAZjjg/BInBIenCdtDLehBL +axBN363U7hmd/u0wDiiKKSKTDZwBcnfQUdEmdDT7VvnYdQVwsBmYXR0XNS2bROGH +NaJWxIUUPS3Sv5KIkNSzGCgD/FDGa2w1tRfKalMXZ9ttzCzmKGcHNLtLSeC0Be5Z +mG6Jc1dTKbhD29VLTJgidnNne6VkZjQoLXJEeWWQeRqpCqOx8AUp0b1d9Zhdf52b +FYazIyoD2ARMyj6S16xalSS6mYYMzvXI+LXMjS3WEM6Vxxk1is9LhQdD7voszCVI +SOIZheub+ifssPvbw2fdR9V+euT/Gx8IAnYYFPtW8BLvAAvp7Rgximbp5bs8SdkV +9ciPCJAC7DRgBUT3CI3Img5c53ZONoWUJVjTBh3BULBdsk5QFLUxj4WXv+ckoq4T +2qCWMXdFF6EFbh31dfz1S+97snOIkaJDlo+nNvUIPYeNuPMwFaNLcg4XebVFw2in +24C5l7V+jAE123seJLquupQETAOGCkEYwPcQPRw+jDnyAfIsLFKc5G3VAoICAQDj +mHXltSg9zQACyk5ky+EHyc8nwJ3i6zWGIlaaJ/6G1t2pLXv9ZsLLvYI0nuBM3Qb8 ++SJajT2TKsH9kLd0BmoBMgqM/+cA5aGCCrdpmAdSSkrHQOOSaNVSEu3oqz5n0/ft +/sh4Sj07n7w1rsorK3RbP8ZltYjrQriATiIRV9/tTayZfi9uwpl+0ByvZbfqGGbC +wbDFHyskbwe4OZOrKDkf6sKCyzLsVI8mujmqE6BZ6pskbrXIGbUPvau9azpHbcvY +WY8Bk8Rv29BCHt8m9Qvgfet3dxoWVaMV3W13DvVs0zEhYTfphL6WP+STNt8vuU5/ +A8C5MOwelLzzGxeIl915rC3Y7PzYZlO9V1KQv3DhBTub7Ow8Jilhzsan3Sx0CikO +B+HdcjzW2YWxglqC/QX7jtVUIfHvssQajNzv9C+feXU//Fn0uudX3xMUxbBXsBJ3 +x17IXHP3a8PGEbBp454KhhFlmTyk1rUkGboctakepV+nkl4FZs7ClK4u9plMGuvy +02QDuy0cVn9pLrqpKimKNUzv0Uz6UQfZXphCB31BDA7nxhCvK1LQv79BIBon0jhk +KMBMMJ4/FsNO+vU0a2fApu99ZkbpIPPWsDnj0W5uyULVZiJWh4pHb+Azo8/EptA/ +PdcYIZm7pT2NmXyWalaNE+2Fj5iuT5riKsGr/P1UWQKCAgEAo83y470G8HkaKzBM +myABF74p8TcnyzItSRCIjd1RFBs1bRJ8RV3gewNQUUQp5Wdqms6Idh8IazP8QObg +KMfNR5F2Q4gW14GEPqHerJ6O1FH9pg8OXLl9BTjNIG0S7ibdNZm+NH9IDIILNRs1 +WlsLwhznx0OSdB8rrNsRkKrZ7L5bnCdBGCh3VPvTbbj9yhxFIPYJv8VgTOVsDPfE +Bry0/GEPZwe45H4yYX+UjpHWwH3AUhKXFD5oXVokLI2l3pEhnajIzhRSunUdRU5N +wu6NBxTdZX/sR4l9MBfoYF0HqG6peEqjMRGHXyB6r2uh0AQUlQOOp8iDVT8T59sP +wQ4BwjtY3QDGRtl/2kx93l392jms8Zig0112+1C8pzAo7WMmjN3o/m1OZ74a8GCU +oL5DS7/sdsyx0jEMexGhYoe12awPYR6TDg2fm7UOsN2eNSp7Vtr2mjIP8Il+WEi6 +08zaDQhNXdKICUj/tsBNQ1e2uIuerdXiFB187SJeZ4//J3Lu+pXYMqMz0/QLfaIT +RYHBaa6cY+7FFnVc8CSX0+aRfk3gv/PM/4Baz+vj8bo4TL7DiymJvyuyYe8Nfqpw +UiW1Y21bCrp5jBxdG5VD/h2t7AzJV2oyW3oWB/6y+ZWAbakjRUuuiOHw7Sh+aixf +r0jy/cTKe/0UKv2K1oZ1rqfw0KECggIBAOHCKbBhsjkbUBd0da6mTeFb3ZChD/w3 +NDCJfz4Kzf8Sw209IPCLLk7K/I0Vy4hy9quYtOr9j0ab8zGCi3cbparp6G1Uqd/J +6BsGZkjn9Ns7tlFPnG1ub6up+zQAKTb0m8oIIPKxMWwjVp4pc4C+6fxZloLtP5Od +60XaOxDZCdZqZfsboBFOFtQju1CApZ4f9k7Zsm7WLAVH3XBwLHpqu79dLvRue2TR +u+2+a9S5AyYuARZyev6yAVhL3D9YTcbssnc43xHBcelDMaFk3hXWnKFiRl+KVOYy +rELUEfE3dVstYl6qALwyYJrJZgJhO6IrPiHfpxwL2yu6fnLnPMDRY299yzySV3yQ +hCAcrlnGjEGo3ygcK3i+oe3THlsEmUPBkFfKmdD/sDmuK1+Y3g9wzK5rUFDUGxiZ +SszLTZz3qwWVhSijONf5TeFr9ZF1Rya0EJ2ftfUpQB79VoTypvtiPTJTKo6NIgqg +r63Plz1DNS6g+/FMztas1AtPUDhlhEppqgKEjYDl+ilR47CCGcYTfIELvfVkt+bU +2eRUYNOeejA7tc1SOtqHLu7CRQRkw40cibNQeO8ait4pxjJh3TjSEWiYLpdFDLHT +bgxXYhUJeXGLUjA7z3PlntSdtNeEdmOq1Ibm4KWfLs9jaVs8FMlfUds/GSyS8/B0 +Jj6SCup/WQqBAoICAEkNfMe4BOR5jm3l625O2w28b37tzl/MIpvofXX/pIw3E7Bb +KL5Djv/rQNx5FmwEdE/1iR5fqQtY17nhxVQEoAPUrdJxaPR6rWnnDLI7tg+Vme27 +x+KDaonj0mMqVopBCs+G7+E8SDDeFnDyOgJEd32q/m4Mwujv7AuKH7uDl2cER2gc +5xnYyJexlk42DW7X+6fdYZxyMoGFz+Qxylj4kO9UpEXk6Yb09uFZaX1yGJZhuCWs +NgEXYYfTHV47XTF7hOrs+KlYQt33TY+zfOV+ySn0B1PFJ5fpCC1n4qoysdfjquwJ +Q1FmNCRYfA/SS8rnzZVTY4zh5//cryvzhiVNWDEoXx4PDEkH/xgvag/KVKDZahCr +lwXG8Ipqn8WUZWy/fq6ItOKPQOIECk/hctf9awBYU97G1Qk4LoCNOzbcnBY4BvKo +roxcm3N3uaGPiDuapmnCfKNrvGmlQvWWtI39paXRWezARHBFQVFzp3w69/MnVDD8 +zmeNrOLCxCxmMxCrE+nARSHANUG5VXLbAK0dfPm5+3eLnvuD0GxkDhUwQS7r8kcP +xalXLIa5oul8gBwQf1YV/FPNzTxsB9EyaTAWJzaLOYwq/ugtzr6yHvDIUvOxhnHr +r0sXSrqOWhl6uMaMoExTTmVsEXgzCFiXBufo7CwT1DFyS10nNNvA/kxh3rDc +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslsocket/certs/leaf.conf b/tests/auto/network/ssl/qsslsocket/certs/leaf.conf new file mode 100644 index 0000000000..5ecbd31b55 --- /dev/null +++ b/tests/auto/network/ssl/qsslsocket/certs/leaf.conf @@ -0,0 +1,14 @@ +[req] +default_md = sha512 +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +[req] +distinguished_name = leaf_cert +prompt = no +[leaf_cert] +C = NO +ST = Oslo +L = Oslo +O = The Qt Project +OU = The Qt Project +CN = networking-tests.qt-project.org diff --git a/tests/auto/network/ssl/qsslsocket/certs/leaf.crt b/tests/auto/network/ssl/qsslsocket/certs/leaf.crt index 4a7dc40540..b9af13b896 100644 --- a/tests/auto/network/ssl/qsslsocket/certs/leaf.crt +++ b/tests/auto/network/ssl/qsslsocket/certs/leaf.crt @@ -1,23 +1,54 @@ -----BEGIN CERTIFICATE----- -MIID3zCCApegAwIBAgIQEKCtd1j2bq5Gk6ND+VmKnjANBgkqhkiG9w0BAQUFADAy -MQswCQYDVQQGEwJHQjEjMCEGA1UEChMaV2VzdHBvaW50IEludGVybWVkaWF0ZSBL -ZXkwHhcNMTMwMjE2MTY1MzA4WhcNMjMwMjE2MTY1MzA4WjA1MQswCQYDVQQGEwJH -QjESMBAGA1UEChMJV2VzdHBvaW50MRIwEAYDVQQDEwkxMjcuMC4wLjEwggFSMA0G -CSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC7EIWIzb7XCfmQQ1KFdZ5E9f49eNK/ -KvsXYfq/iV29K1cz2hUyvfdKgyU5F/+BOPQKQ5zdWn1CraZosFv/ibuO3mhRpMfB -SfNn3rfdrE7WtA0wgT2YNIN0L4aCe+C15j2ESdmyMaFLUaUIS47JS66UtaYxp5ia -mJFO1hSNaoI0pGHyPFTTtfOza9z/01qkBbHB4htzauqs/fX5ZrnyCDSrfpVipXke -zkPKg4MkkytEkjRKw6tSXLpWIgF3ee2N/jBdefqlw8YPW08K0wmwF5qGuX6PZ8vB -sOZeWeCfVr136BopkbfP3TkGWw2BrD8xSzOUez9HVc0v4SZ/7pe5w3L4V/mzYQLt -O+1AHevCjX8+M58HYGBaWCAjxYUPGcGKcj0LLtgZgL6wY88N7RtfeOY3AgMBAAGj -gY0wgYowFAYDVR0RBA0wC4IJMTI3LjAuMC4xMAwGA1UdEwEB/wQCMAAwEwYDVR0l -BAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwcoADAdBgNVHQ4EFgQUKKuyJSrT -Y+dnm1do7l0sVMX96SYwHwYDVR0jBBgwFoAUafmyFDRJ5NxzfH9w27pOShXRs+Yw -DQYJKoZIhvcNAQEFBQADggExAHELijlIFdcncP3B+vxEp0SGKl0arIaCXahivb2F -VxeM3WajN6O+oDRLFltzMeDKA9RVkao7fgITzXQgCGzeNhKv0vc9iDyvR9/67vuS -W8xEEJrYowtw3VK5H1y0ewqZaxJhvKUjm4TBRWe8FGKD3s64lEsfbjOaI5VPidVc -DXmdAlXsj0Hk+v4Ej8mshPQAnVSyJ3D0ZMgTjk8Di28N0qROFIYJaTObK1rCb1nQ -GaCcmbZU6JnkYvVZ+iUe5U0GXFbb+LRNTUT8/fw1zADeHnv/G+WWVrfND+sov5Oc -33fkNE6z+n6ayABVnGLuCYhbzD38sv0dnxeh8vbykNBPzYdzPg6nw3Czv2vlhKpJ -8Yj/maoXuAyTXVf30K1/fAWyU45noq57MjQpU6UxIX1D7qw= +MIIJoDCCBYgCFFjfM8GbvMVRegCGZEOUQeIm7z+JMA0GCSqGSIb3DQEBDQUAMIGQ +MQswCQYDVQQGEwJOTzENMAsGA1UECAwET3NsbzENMAsGA1UEBwwET3NsbzEXMBUG +A1UECgwOVGhlIFF0IFByb2plY3QxFzAVBgNVBAsMDlRoZSBRdCBQcm9qZWN0MTEw +LwYDVQQDDChGYWtlIFF0IFByb2plY3QgSW50ZXJtZWRpYXRlIENlcnRpZmljYXRl +MB4XDTIyMDkwMjE1MDIzMFoXDTIyMTAxNzE1MDIzMFowgYcxCzAJBgNVBAYTAk5P +MQ0wCwYDVQQIDARPc2xvMQ0wCwYDVQQHDARPc2xvMRcwFQYDVQQKDA5UaGUgUXQg +UHJvamVjdDEXMBUGA1UECwwOVGhlIFF0IFByb2plY3QxKDAmBgNVBAMMH25ldHdv +cmtpbmctdGVzdHMucXQtcHJvamVjdC5vcmcwggQiMA0GCSqGSIb3DQEBAQUAA4IE +DwAwggQKAoIEAQCjQsmsZpATuLv54ERkqSdjWZYuulm5gZwzz9fS7R/K1CoSFQza +T+rY7Kauv1zpalfZGNs4zmEiHDsJ/hhVxCC0L6L2PqmkZjFT9psAkPHENRMIvBYl +QsrJbSNj09UeBfAR+ux2vktreyZc3UFyq74iQbHeXFuzDnH17BZMR8nMs72wDD5J +QMaRmvtEvOlNuiT6X7YluO7L3f4EAGbLh3s4OxDHOIqtSXkFjMlgmqU3fKBsZ89F +YlYH/v0X6ItK7tMbwJjXea1gPomO7pIH2H7CzTQ2DNL6fGRvqCFjZeseZudgRhwN +LYz67yDKtZ0TvjqD3ShEboh5CxjL+8kskmofBf4WcF0z8xg2GtopAwFQU6ZI+FKY +rNbUvTWcew4Q/Q0Ya01obeTXsOKZ7IVAo5SxOFSdBa+wS4Igekl7A0C9d9QTduxA +4fnD+Rhw0dvZqL3lBnSisIsCIo/WK6g2L/gYvgRG/3ChRibfeW81rU8q6+MJIx4P +Ad3f1wvEWGAWiYYnHfF0qpxhd3UYUN/31w3idaA4LAuQCOSfQHKnGEhp0hVng68H +seclzMWNHSGoJ+BpOfyYBCA75qIGWjM9RLam2J1qh6ODYVs8XWBdbnoWgWjBluCd +MQyWSjaJB0m2loe+NGSnBdatEadsq4+axBuiKrSrz7KSiISdozEFq2Ua8HXAntII +GLEOP4rtep10w/VLxF5y/3LV/8p1I0betPvrL226/zZJQep1bttodL9Yh2xNLk2J +h9GdxIw1CGJYQmLWxwUYpYyq05WSZyjC8e10xE4po/f4Os89Nj9LG2IdW2VKdOsn +kRqeTJaCGtJOpcebzBSbHQ2YWcQLhLS/CmmxEAaWLZuQUOMx85dGTonqvmdmLwgm +KSNQMRvvEKt8lwqCuw5nPmFyHpnK/l6B9OA96FO9RbSwYOEmHK0EJM4tY8swYCsG +aYdb13MzHW1g1bnsyZbXbOOn3DbyudIWpIvMhJxjBXapDKb3oGMacLfAtlWK2GvY +wD3UrQhxqvwPcDngqOWKkNtGoRKrqhxbp6CnoUxMEn9Lzw9TlSCcGlXQo1m4CF1K +0yP7CzTgkBSemAs8VIOh0zNBCI6VKV148r4+j/eMrt25WawAAFddNsPQMFxxd3kk +wkVi+/YAISLeArR55vsg+FaspD4o/IXIsFYnU/FfNPkz02BaUR/Rz99dv7doM3m7 +dT0kTuZiyGbwXxeY5NYhHfhkEk/1wMfoHRBFSjXwDmIU7CULfWE5HKlfcE9FBS4V +R4LL9b7b6z1Yj+rNHVeQfIlTSTeX7694rB51zn2FRBr85c6TxfpbZu6j00d5qS0n +hr16guvSxKdWFmhghJmZmWDkkMcOakY5MG3RAgMBAAEwDQYJKoZIhvcNAQENBQAD +ggQBAN43Kko2uq+2tejqyRQS+oUQkM4zshCTP3E4pXKZZrsx2j1gqHqA+2ltrCji +YUIDNuLgQa/gvww1wfmLWOgRdq7cNXZJnXbyOog005aiwlShLGwD3JdEcjjc0nBD +oGiym83piLuuoEiM/z/v/4lXzWdjOUalnmkYGLs4BonKCjCNuM6skompycMw/DOu +Ou0QW7VVWsn2yR5VT1+BIEgjFNjk94mTkEDo2R7CqZhxMnqb+dNQ17J55YI13IsB +DFNbSPdABi8ve5jJg3fvgC/u7+DKQP97D9Rc6RNw4zHzmpBYWvlEzygc1GQb5R5l +rki2cDz88W0VD7d0lZEeZV2w7ZcGTNDVDAAuQYC75Gyb0/69/5aiV4LlfyayZFgB +hQBlgKffD3CpcH/YzWeDjsspzpR656jAZhdbeRNhKX9ifdwh97Xf4fapJ1YFLdZG +dNqz8Y3SrT09k9tORP2Tpsx9spA5hT4I+PAVEJzJP01MSOqm/wNcd15NEtGFrbhq +eru4GKmMZFmfQIA6pnP4t1C/pTSYCESLnXvXmGYBX2Co6Os8vmAok1BQTyWBbOxE +nCm8lChE1/i4qjBiiPIZU8w6J+PwADfRU2wRiSVRWmL5hmTqtb/4yNkytNw0HyKe +98hnrrwd6B+ZnzvNk3NTGLJbebhHalDR4gSNrh4cgn09VWxH5gSsDsZI0US9q4i/ +yLiHJ0Ol1T7kilURO4+8qxNK411wNW8AW23tVa82uprpB5IYciQkLLyoK1XfdMRf +aGoGT1lZQl6da/20iihQCWAENdiaoCC6/h9hZF3Jwj0tEPB83qGuriQflP9MxS+D +2/IeTtSLfpbBOo5O5kJ2okKGOrp5X8+QWMS99Wk+jpFdmg/t2D3cS3JsrwPGlBU8 ++PiW1SklS9pbt08o5O7jT2dwJd1oPk8woeJl5uft2EoPwaiF1rCYaEi7tWMQPxt4 +10SlaDQ8GyLCOz5NFyyn/ilOmwy7L1FDOhnnTu2JO+K8MSi/x1a8YXSEifCGQbvr +niHxP0g1SQQB8yOyo6booHuJI1kl1h8J5mDotl8XZ04jtjvg4Bcdi+CsfBkS6nJq +2FwY82yFQyVRw8j24DExDKyZO/0yDY/9olkI06W/HcOhdm/zVwDBDJRDILPrdoI1 +29KIs7acAsdVNLMf8a9Eljl847+sFlKiCQ93AmobcmNN7QcjPVF3e7IF6XMoY05H +JmYjbHfoUIbv0N6BKIAuPF/dGO0BFLuE7QLQ1d4Gyg00QI/9QV7yKP1LCTy4yano +WTmoSRsgChQ7BcfNNV9ucHrZlbtgXQf59A7CDY/z6tUajtjkmOrDEVpkE96he+fe +y7Sk5pZgg67qgXybVQfxbPwEK6A= -----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslsocket/certs/leaf.key b/tests/auto/network/ssl/qsslsocket/certs/leaf.key index 54327925d8..738d5ea8b9 100644 --- a/tests/auto/network/ssl/qsslsocket/certs/leaf.key +++ b/tests/auto/network/ssl/qsslsocket/certs/leaf.key @@ -1,32 +1,99 @@ -----BEGIN RSA PRIVATE KEY----- -MIIFfAIBAAKCATEAuxCFiM2+1wn5kENShXWeRPX+PXjSvyr7F2H6v4ldvStXM9oV -Mr33SoMlORf/gTj0CkOc3Vp9Qq2maLBb/4m7jt5oUaTHwUnzZ9633axO1rQNMIE9 -mDSDdC+GgnvgteY9hEnZsjGhS1GlCEuOyUuulLWmMaeYmpiRTtYUjWqCNKRh8jxU -07Xzs2vc/9NapAWxweIbc2rqrP31+Wa58gg0q36VYqV5Hs5DyoODJJMrRJI0SsOr -Uly6ViIBd3ntjf4wXXn6pcPGD1tPCtMJsBeahrl+j2fLwbDmXlngn1a9d+gaKZG3 -z905BlsNgaw/MUszlHs/R1XNL+Emf+6XucNy+Ff5s2EC7TvtQB3rwo1/PjOfB2Bg -WlggI8WFDxnBinI9Cy7YGYC+sGPPDe0bX3jmNwIDAQABAoIBMQCczBNyAStGqjjC -oHuKHHWmTh9mPWFBFfDTv6/jXmvxRWPZtaHxH2Qp09Wejqv/D9MWy2ev7spx2oZS -2Ai1ICjTbz83uAwryyW4Wen6aBTJSLCJiLstWk8ZU0DHHLjVH4FO4mwUPh95t5zC -YDr2JXbXdY8xrc5vPxUFZNJjWvR61ZK37bQYpTn5mZ7r3KfsNk2yOylRTDwa9XFo -ZZ+B82NKdrrz0UvGOnXZa5qd1ap7V+67FIAS2Mt8AMzSCG8TW0JXRUk89ISgAd8r -NQTPtX9XCnMZSbBzDKdznXfHS9ZlJcSrpsbQCPcvMVNrdBfCF0eNnsRJffJGdaXI -MsN6PvbcXWD08lXNGyeLjon03RdJnTAamNM3YQEIcjFmu5Y0o0CCJkZSCJPKJGMG -0d/1tN/5AoGZANOcOgQZ9Wiu0ej3YoQ3aSHu3y8ZBJH4B3ViX8i+2x/6UnG7KNaa -4Ygid1upnX6hk4CW5WZcoxGFacrFRpInKh5Ng8lEIHGp0VSzOBVDR0L5sAxutFuX -6N9C0CuH80vD101mOloNnfT5KHZMI5RXqP6sDGUFlwak2XybDL1qOAza3gZAy25H -vS/ll1BneBavikR5j+zxoTztAoGZAOJOJ5RyOrqpNuhiWZylah5LIFT9N1lCF4Hl -ZbFIjUZ4jcApJ7JxkMXNQ4RU/3AiKCC1xr5ib7dd/qyjKXhdMo4SnLoKhapx5R9G -3XOsQMahiCD/Zcymv9tmk8MxxzbLxhZYhEPzIP/NFkua3CHiX+d1e6fkzFLF/EiX -ZGQOgRcFKrlzUeBputRQRXAkKJH+kMClgAWvy28zAoGYKyaMXhG9DV+4xjzMBhIW -iijfsgbz+6AMRU+OIK1qmZa+ARsdNMXYf54noLVxvETOg0ZB+SGizwvZitO3lE4Q -NKWx3fTaeNMcMJ1rLkrN2UZ5M8/PT24muoAxWu8aGbURzmKuO3bTYwT7z0OvbayC -dYw36tG8/knXX6Vub6GdVGG9LKFB2nceiQnUVT0EK/wXwebYBoUvT/ECgZgF9qdG -Wyg/CPyAbS8NWLKOL86fTrjpqjsyWhgu7smCROT/XlZEdoepHrqbvx2oF85U5lVh -aPimrVxrsjUCjfoqEkV9BY/2KOAvzc9CIBTo5xLOQ8yr8uz1XCOiriogwIfsyNJb -dAm3k/D1dxQ79FowoEDs8LONrtfyFcM4e8VdFO7GSkqrDj41IBRkWx+SkVHBMdtI -yxQiTwKBmQCWym2iDCJg1ZZq4/lVwRudMhVmHoD0yoCAwADYHjjAi8QBplM0vfdd -CESKsnBhlcrPGB279BKVJyZHehKZG+/dfnFs+to14l6A3IqU2d6+pu3EyFNX34HS -xo+64QxMeF0akWnSaIPfUJfk36phjCvLBr4eLXN1i4jW3RdGFwF1THXt29VSSGmU -q/hM51H0bsQ13AIVUSdNHA== +MIISKgIBAAKCBAEAo0LJrGaQE7i7+eBEZKknY1mWLrpZuYGcM8/X0u0fytQqEhUM +2k/q2Oymrr9c6WpX2RjbOM5hIhw7Cf4YVcQgtC+i9j6ppGYxU/abAJDxxDUTCLwW +JULKyW0jY9PVHgXwEfrsdr5La3smXN1Bcqu+IkGx3lxbsw5x9ewWTEfJzLO9sAw+ +SUDGkZr7RLzpTbok+l+2Jbjuy93+BABmy4d7ODsQxziKrUl5BYzJYJqlN3ygbGfP +RWJWB/79F+iLSu7TG8CY13mtYD6Jju6SB9h+ws00NgzS+nxkb6ghY2XrHmbnYEYc +DS2M+u8gyrWdE746g90oRG6IeQsYy/vJLJJqHwX+FnBdM/MYNhraKQMBUFOmSPhS +mKzW1L01nHsOEP0NGGtNaG3k17DimeyFQKOUsThUnQWvsEuCIHpJewNAvXfUE3bs +QOH5w/kYcNHb2ai95QZ0orCLAiKP1iuoNi/4GL4ERv9woUYm33lvNa1PKuvjCSMe +DwHd39cLxFhgFomGJx3xdKqcYXd1GFDf99cN4nWgOCwLkAjkn0BypxhIadIVZ4Ov +B7HnJczFjR0hqCfgaTn8mAQgO+aiBlozPUS2ptidaoejg2FbPF1gXW56FoFowZbg +nTEMlko2iQdJtpaHvjRkpwXWrRGnbKuPmsQboiq0q8+ykoiEnaMxBatlGvB1wJ7S +CBixDj+K7XqddMP1S8Recv9y1f/KdSNG3rT76y9tuv82SUHqdW7baHS/WIdsTS5N +iYfRncSMNQhiWEJi1scFGKWMqtOVkmcowvHtdMROKaP3+DrPPTY/SxtiHVtlSnTr +J5EankyWghrSTqXHm8wUmx0NmFnEC4S0vwppsRAGli2bkFDjMfOXRk6J6r5nZi8I +JikjUDEb7xCrfJcKgrsOZz5hch6Zyv5egfTgPehTvUW0sGDhJhytBCTOLWPLMGAr +BmmHW9dzMx1tYNW57MmW12zjp9w28rnSFqSLzIScYwV2qQym96BjGnC3wLZVithr +2MA91K0Icar8D3A54KjlipDbRqESq6ocW6egp6FMTBJ/S88PU5UgnBpV0KNZuAhd +StMj+ws04JAUnpgLPFSDodMzQQiOlSldePK+Po/3jK7duVmsAABXXTbD0DBccXd5 +JMJFYvv2ACEi3gK0eeb7IPhWrKQ+KPyFyLBWJ1PxXzT5M9NgWlEf0c/fXb+3aDN5 +u3U9JE7mYshm8F8XmOTWIR34ZBJP9cDH6B0QRUo18A5iFOwlC31hORypX3BPRQUu +FUeCy/W+2+s9WI/qzR1XkHyJU0k3l++veKwedc59hUQa/OXOk8X6W2buo9NHeakt +J4a9eoLr0sSnVhZoYISZmZlg5JDHDmpGOTBt0QIDAQABAoIEAG4O1A2YhoAFBROK +EBEbxyW+evO9REc+DKMQ9hmHKOt+422VKzjwrwzVW/hpoKTpv5bmnsJIvkpUZahy +1szajoFpq5382DevfIlxsURMce8nKFG3Gea8hCANptHhN8YpkpFMaqQR3J30QwRP +U5OOG3rUdqfD8z1d+40hPlbl/jA06ycG2eZf+Hyn0cOg5lYzqkHuy8faR4C/gkII +U0PZbUOW7dSfVT1EToVjR04MclxZc3wg7yWDCSQSzWOUrHIzVbVbvK1lpW9AOVNV +mLQZSjrgQtY9Bu09diefXAK57ipsjIXmPXrUvjlbguukSuPIVYIXUNHxAac3x9ub +PR8DBO8tBwDxdqNSuXuf1nnXQMd53JtMa8Hoolp/wuhePDlPnchcba58hsywvdGu +FJZisBZYNxIzhyB9hpeGWIrIwpf3c8w7W0DSFaH7BnLnxiGRE5KVK4ORJ+Skj/p9 +K8R7yfBECHYkNTVDKWl1X3b8AmaY5lB+kADl7UC8o34VZZFL3Ff6Y4+WhB1gfluK +CbH2E7IaQYwchR7wH88Ljz79q7NKoItLxm6Vi5F73aEnhkzptOq64IFKJsC61Xca +z3f6HneTh2sNTTmAJBUpjZDurPcG/iujHoBZVHbsSJ9Pfm3MRG4Au+mske/R+t/T +N9fJZCeKSomYVnVZ+qyaGq4LwPjLFaliBb0C45RD/Eg3z081jwdhvNQr53ChgeX0 +FxJNEVYes0P2WxcGUPm613qCNY3q9LZR+eYtdCFVu4ZRcU789zMTE22h6UJPNyN/ +d6UcxVexuAFFR/vE16+1SvKlLvDnlMzydAoBSz+zyTopdvlvvWLTp5QUWMwpgvJn +VNDq0mpYedS23qFHfjXvX/1JWfYHQJWBkH37E56d3+dtIeDWiPv9r0/96Mx2ivxy +dlxKaCHgMiArbh86B8vFZGtoY/QCzSgeGIZhfUYP7Uq0JD+ohdaRjr1p4SHbEBlb +9MqzbPDl80S0ebQftssxUhcu85CY1u/c/pm5Cw/SEM/86cFjqB+nPuGet48EZv0S +Ck9QOfXvvmOX/EcR+mjCY0cCV+DMQFsQbO9F5aBNj23JNy3wMV8NNLdp7Gbp6Pw/ +qoUNWdK9cGH8myrSLyq+ckzJlSqIlu9GKA5FqhrQ1t84KC1F3KUhKEMsBSM5S6ay +XYZup7czit7dsIkJXjyFMyspufg3ECMJWItjCzDJ/N97itFCI6nrlrVMyrRYxxmx +Le0X4d2ie8IbVUp2YsJAsm2f88NV7N2lVkH88W6xbZamyYNuXom8IiPLScNqQahe +xMysKBAUF58ilB2p/3TCrLhkISF5xve9USYpTuNSKh9mvxGdAsyjEOrqPrqidQ4A +4fpJmAECggIBAM/raykBAvw0xn5NnMMuhX+F4eXOQtFlCEjyN/wCVh0K5W10ZFh8 +Rio/DNdJKE81TxdLs7Hp4tQ8yxV9fjTa7WooHWlQWeUOBZNCFyvlCG5f0C/netp/ +NFIqUCLurZ04Hmlh1QdS/CZ+s6Sh/qZoLZc1LnCfUu5zcpGNVnarlLtgr1ha2GdG +f8l9KRE9HTTrSYZmhxZFt5m+tgtcqd2BBh2tKcgH2cOngoqQEhynmu7ygM+CDX2I +4xAEuQh1cu/fptr3anS9PE5eG5H2rGPy3yQjePE1sqxtRUM9k0UVAlAyGdW1Zd9J +QKBZfrcRXGAJlDg1ZOu1XIQBZFc+p+0KESjvZbYE2vN1lLPpjtfae591RRnA2UjL +5zvZfJEliKVAopK3sAlZteJEfWkp9AyoNR3q9bNdCqT41APIAn5631AVSPPcKLwH +kgwBQWlJjfpM3A8dw2FPw30O4anxoNz32CRYRWJgLLfmHPXK0aCx1/D6MI2Qb89v +bm0qH0Q3fheJEVLG1OcK0JvMeiXwXJqpiV2L7zkl9fJeP1B06voffkXf+iOCwdzf +DR2fxCheL3K2plBb5lO3pzFsuPeftHIbtzOdUCpxwWSHXqGIldDTQOcID5ufGts6 +0pA2heeISoiAKloOXY+M8wESygRDfXYnvj9YRX9DPNiZ1D0DShlwzQOhAoICAQDJ +A6EEy2vVBnyjgvCnFH/JHYQRAQbrBy1nLzZQOWfpfw66Ja7T/QvWF5SbQfCVaCve +yoIvkTtI/f53Fma9p1cdQbyB15u9p0dEeI6wYFreVyHHyZrXhAeybRoDj6DGRidT +cta5IlAVs9Nk5Wb1w1bXxt4biWgwngpo3mbwrvxNVLH26Sm/3WbDXDgY+uJYmBN4 +XoLBgc+Dt7cyYYNr+Z3k6ntOZ9iMNXatPWT/dJiLK8msymFpmOB9rfTT/3lLeCM9 +J/93WuVlcvAIq26n1BqSXH+NL10wI1FiPZk+7YOX/QunKf9fJCD6qgtYIOZ7FmRi +B29KgxHtLrzJYpYQ6IG1WOruwhpaDOrGE6nihhInZ5EWaOIcbhGVh5qidgDhbTBm +uWqFxq6rcB715qFhLdrUkXcsxKQBWwMmkU1+GstItIjYQenKOW6oGhwNgq6jzUej +bwYfo/bIslO44GfktLFayBuS7vzBbkyaTUJZgdtNnecvUacO+xs5qU126nama5A8 +kRcGdZyAx3L0W2E9GiRvAA283mU8geYHw3JlYJBtJGmhD3TyNKr23jm9WY6R8CTg +CkZ83rVpwd2zaupUOrzv4RjUZTreQCFZbzxPpEcOAicjbXAVyBDlaiXlqASt3Zlx +J1AbZLKIh4QqmrMj97C+bW4w/m3oAviGhIskHnk8MQKCAgEAyRreqml1FraBKxcs +wkjUDRVU+u73CAvd6JiH9/PWkP7CDI1gpYmGYERdyjnTiFF6r4CkTTh5Emm+0Ily +MfNzYZNtZzi1ymw2jkmFmgpMjl2UQ1F1LbONys9sdW1Adeoa2DktUIk+pIk2fs3F +PfVT64Yf5gTktQjrTsdTUzMAiACreR1dZP72iM/LkgX3owDVO+8dSDikrkudTv4Q +utOaM8gSuoyFX8484IMbUaX3oJjkaFFVdQ+a+BppUjovsr4zaGWZDVMf6njx18us +0HvQwuagi0YyDL8gGDqNoGsCssjS3jc3UrJKlQ4bFzzuiWGagId8ltPzqSajhBNx +Xz+2e06apWSq1oLrEt2cMUH9Aq3t6UvznorCnMvuxYF1Wslateh/l3uzBijS2I4g +pMFppwdlIVij/A9FGmcxql50csQzrNNMfxofdAce2pSvg+MlkmVqXkxFPEfRk4vH +2RLMd9L9QXrepf0oE8FZ40FBKa8EmViUHSKdv27XkSbPijokjFkPAm4eeiNcHigP +mfTTjazU9QS3j/cC7HI5+TXO8A0Ep6ZIlrcTu4yVsanv4Nezo9RPwrfHOnH7sl9B +rIEMQRsut+8RbIfWyw0OQ06h3xSX7CEHW/bYRW7HM7xKwx6cWEC+1CMzw90Fkvwo +dMlaJXDev4osZyDa/SyaVmMZmSECggIBAJhqJAEarNyNWpwwgIBvTqUTuDucZ751 +ZrvCVJBntp6ZNHV4dSNPz1W583f1e5INtpXrPuMKX8VssTFizuwmoisQ2PoqnXAk +Eimcr7SUmtHTh02RU9LtzVhA2WSx1tn//3mKrb0ag1axTyxFtNfMEWDy7R48BcA3 +VPVHDQ6Z37xS582r5XgRTAX9OpvWPyGlzb2LC+Hlp47cEhAlWBza3BnioTRGES/e +qemZj6cSpUeBIB3gJhSHUlB5QhYss6/BnBaW6WF6jk1p5Q7tza17adpoQF6w9xu0 +69RtmHDabtkjiV5qvbNKFad6n7dm2tuhkuOxd3UsBL+unH6mPdr8ML1selYm3wxA +lxMxfbLArasrIBu50xhzbOnQNDPS/b/vpq99D4P3riFXlmIlSWACANcEpTRQtXpB +pBXuPq/LaS/rk4dGExq+iWT0xyiHWhvhXtxRJnd/P3PVox2fKaeESqXm7OFwTD3u +gC7PPevYRoyHme+LHfyB8Za7BH2SMfzluivyZ18CdnQ+xq75SrWlyNJRXBlFF8XV +SLHCRE8R9PCMl3sD2Ux9GtSsk2M7MJr/VzZ5FBFCXJOf55ZPDvZmwzOvncAOMaCr +R54kdbp9eVLp1vtJ057wX79TyQBlcYbTa7EceeULaUOUXWZgfkxbVqxNFSwY/wTY +m9CDV20/nfVBAoICAQDMfQKuLGK/d43i5twBsk2H+6jZah19ZA4ffYRjKcWfXbd6 +TxbNjGW23mfW49VD+/lNp8OdplL+ztqG+4kz+2k4npj+c0cVMFDbPpD0daMMFs+c +AKVTc2g03a18Q+Q+5IFEY7VvCUfbYlHeqOBBNXtVQphtgjc8ZCTAYGXuytHKkhMg +l5hYdicrimOK+7LZCe1vuUzxKTO1YTcrBlYerwbn95/JO7Rv3bWUbYXRGbGiQs9n ++MKsPY9qCSz2KihTNDotHgx1HENWK2HvlQOn65MU91LYcB3VGLibQaKUiXXV4BEA +WVOTr+XKEJYD24J3v6cH+Ol0JNT+gYHO1CX1dhFL9AkgGBTtwDf8KcQCKfNU5384 +cUyT05BrXg4oWTOxdYFTGTQU95G10cPcAVyltPvPmiMCE0D+njsNWl3fDaRGhlku +j4ogCD2UcnFQRbUtYhHffkbqohSpzRYYxlh0M0XhN6aPmOwm7RgjgCxch04HFgsE +SSoW2zQ61YdR6NXXnMq0eyxTPejH/ycZLfb3EstmXYhsMftJebwwM3Ni+L8qqfg+ +7aJMGqq6CP+tXCjN88oaweZJbkhl14SmFA3TumqHmYSO4wFDA2Hf9c06fmXMewon +lksq5bd72R9VfzBw44UyLoy3ae8MuQZTNoVkSKzedCxFtc/RBOm980Tnu/lp4Q== -----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslsocket/certs/qt-test-server-cacert.pem b/tests/auto/network/ssl/qsslsocket/certs/qt-test-server-cacert.pem index c5aea0d7c9..29fd755de7 100644 --- a/tests/auto/network/ssl/qsslsocket/certs/qt-test-server-cacert.pem +++ b/tests/auto/network/ssl/qsslsocket/certs/qt-test-server-cacert.pem @@ -1,17 +1,17 @@ -----BEGIN CERTIFICATE----- -MIICpzCCAhACCQCzAF1hyRVzAjANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UEBhMC -Tk8xDTALBgNVBAgTBE9zbG8xDTALBgNVBAcTBE9zbG8xDjAMBgNVBAoTBU5va2lh -MTUwMwYDVQQLFCxRdCBTb2Z0d2FyZS9lbWFpbEFkZHJlc3M9bm9ib2R5QG5vZG9t -YWluLm9yZzEjMCEGA1UEAxMacXQtdGVzdC1zZXJ2ZXIucXQtdGVzdC1uZXQwHhcN -MTkwNjI0MTI0OTIxWhcNMjIwNjIzMTI0OTIxWjCBlzELMAkGA1UEBhMCTk8xDTAL -BgNVBAgTBE9zbG8xDTALBgNVBAcTBE9zbG8xDjAMBgNVBAoTBU5va2lhMTUwMwYD -VQQLFCxRdCBTb2Z0d2FyZS9lbWFpbEFkZHJlc3M9bm9ib2R5QG5vZG9tYWluLm9y -ZzEjMCEGA1UEAxMacXQtdGVzdC1zZXJ2ZXIucXQtdGVzdC1uZXQwgZ8wDQYJKoZI -hvcNAQEBBQADgY0AMIGJAoGBAM2q22/WNMmn8cC+5EEYGeICySLmp9W6Ay6eKHr0 -Xxp3X3epETuPfvAuxp7rOtkS18EMUegkUj8jw0IMEcbyHKFC/rTCaYOt93CxGBXM -IChiMPAsFeYzGa/D6xzAkfcRaJRQ+Ek3CDLXPnXfo7xpABXezYcPXAJrgsgBfWrw -HdxzAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEASCKbqEX5ysC549mq90ydk4jyDW3m -PUyet01fKpcRqVs+OJxdExFBTra3gho6WzzpTSPsuX2ZKOLF5k6KkCvdCGvhC1Kv -HHPIExurfzvdlSRzj6HbKyPuSfxyOloH0bBp7/Gg5RIuBPKlbmfbnTLtwEjhhbMU -SoYI8HZd3HfY87c= +MIICyjCCAjMCFHPGDqJR+klHni4XbETMk6GLn/UEMA0GCSqGSIb3DQEBDQUAMIGj +MRcwFQYDVQQKEw5UaGUgUXQgQ29tcGFueTEUMBIGA1UECxMLUXQgU29mdHdhcmUx +IjAgBgkqhkiG9w0BCQEWE25vYm9keUBub2RvbWFpbi5vcmcxDTALBgNVBAcTBE9z +bG8xDTALBgNVBAgTBE9zbG8xCzAJBgNVBAYTAk5PMSMwIQYDVQQDExpxdC10ZXN0 +LXNlcnZlci5xdC10ZXN0LW5ldDAeFw0yMjA2MjQxMTU4NDlaFw0zMjA2MjExMTU4 +NDlaMIGjMRcwFQYDVQQKEw5UaGUgUXQgQ29tcGFueTEUMBIGA1UECxMLUXQgU29m +dHdhcmUxIjAgBgkqhkiG9w0BCQEWE25vYm9keUBub2RvbWFpbi5vcmcxDTALBgNV +BAcTBE9zbG8xDTALBgNVBAgTBE9zbG8xCzAJBgNVBAYTAk5PMSMwIQYDVQQDExpx +dC10ZXN0LXNlcnZlci5xdC10ZXN0LW5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAzarbb9Y0yafxwL7kQRgZ4gLJIuan1boDLp4oevRfGndfd6kRO49+8C7G +nus62RLXwQxR6CRSPyPDQgwRxvIcoUL+tMJpg633cLEYFcwgKGIw8CwV5jMZr8Pr +HMCR9xFolFD4STcIMtc+dd+jvGkAFd7Nhw9cAmuCyAF9avAd3HMCAwEAATANBgkq +hkiG9w0BAQ0FAAOBgQCZyRe25WqOjrNS6BKPs7ep7eyCON3NKdWnfABZrSjGJQ87 +PoFKl6+9YBSlSpl8qk7c29ic+wA4qFQzPJkrbYIXjwVMAr+cC1kVrlUVqcwmvnKo +5vj57/v8S0Uc4/GesIsxZR7QM+3diPDyk7Bsc3IkpINb31Dl0mlg25nztg8NxA== -----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 21edf8874e..b45d6b5d8f 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -1,31 +1,6 @@ -/**************************************************************************** -** -** Copyright (C) 2021 The Qt Company Ltd. -** Copyright (C) 2014 Governikus GmbH & Co. KG. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2021 The Qt Company Ltd. +// Copyright (C) 2014 Governikus GmbH & Co. KG. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtNetwork/private/qtnetworkglobal_p.h> @@ -44,6 +19,8 @@ #include <QtNetwork/qtcpserver.h> #include <QtNetwork/qsslpresharedkeyauthenticator.h> +#include <QtTest/private/qemulationdetector_p.h> + #include <QTest> #include <QNetworkProxy> #include <QAuthenticator> @@ -66,6 +43,23 @@ #include "private/qsslsocket_p.h" #include "private/qsslconfiguration_p.h" +using namespace std::chrono_literals; + +QT_WARNING_PUSH +QT_WARNING_DISABLE_DEPRECATED +// make these enum values available without causing deprecation warnings: +namespace Test { +#define COPY(tag, v) \ + constexpr auto tag ## V ## v = QSsl:: tag ## V ## v ; \ + constexpr auto tag ## V ## v ## OrLater = QSsl:: tag ## V ## v ## OrLater ; \ + /* end */ +COPY(Tls, 1_0) +COPY(Dtls, 1_0) +COPY(Tls, 1_1) +#undef COPY +} // namespace Test +QT_WARNING_POP + Q_DECLARE_METATYPE(QSslSocket::SslMode) typedef QList<QSslError::SslError> SslErrorList; Q_DECLARE_METATYPE(SslErrorList) @@ -75,19 +69,6 @@ Q_DECLARE_METATYPE(QSsl::SslProtocol) Q_DECLARE_METATYPE(QSslSocket::PeerVerifyMode); typedef QSharedPointer<QSslSocket> QSslSocketPtr; -// Detect ALPN (Application-Layer Protocol Negotiation) support -// AUTOTESTTODO: fix the way we identify ALPN support, it now depends on -// what TLS backend we managed to load, not compile time macros. -#undef ALPN_SUPPORTED // Undef the variable first to be safe -#if defined(OPENSSL_VERSION_NUMBER) && !defined(OPENSSL_NO_TLSEXT) -#define ALPN_SUPPORTED 1 -#endif - -#if QT_CONFIG(schannel) && !defined(Q_CC_MINGW) -// TLSTODO: move this check into Schannel plugin. -#define ALPN_SUPPORTED 1 -#endif - #if defined Q_OS_HPUX && defined Q_CC_GNU // This error is delivered every time we try to use the fluke CA // certificate. For now we work around this bug. Task 202317. @@ -168,11 +149,12 @@ private slots: void sslErrors_data(); void sslErrors(); void ciphers(); +#if QT_CONFIG(securetransport) + void tls13Ciphers(); +#endif // QT_CONFIG(securetransport) void connectToHostEncrypted(); void connectToHostEncryptedWithVerificationPeerName(); void sessionCipher(); - void flush(); - void isEncrypted(); void localCertificate(); void mode(); void peerCertificate(); @@ -184,9 +166,7 @@ private slots: void protocol(); void protocolServerSide_data(); void protocolServerSide(); -#if QT_CONFIG(openssl) void serverCipherPreferences(); -#endif void setCaCertificates(); void setLocalCertificate(); void localCertificateChain(); @@ -218,9 +198,7 @@ private slots: void waitForMinusOne(); void verifyMode(); void verifyDepth(); -#if QT_CONFIG(openssl) void verifyAndDefaultConfiguration(); -#endif void disconnectFromHostWhenConnecting(); void disconnectFromHostWhenConnected(); #if QT_CONFIG(openssl) @@ -313,10 +291,12 @@ private: QSslSocket *socket; QList<QSslError> storedExpectedSslErrors; bool isTestingOpenSsl = false; + bool isSecurityLevel0Required = false; bool opensslResolved = false; bool isTestingSecureTransport = false; bool isTestingSchannel = false; QSslError::SslError flukeCertificateError = QSslError::CertificateUntrusted; + bool hasServerAlpn = false; #endif // QT_CONFIG(ssl) private: static int loopLevel; @@ -421,6 +401,7 @@ void tst_QSslSocket::initTestCase() if (!testDataDir.endsWith(QLatin1String("/"))) testDataDir += QLatin1String("/"); + hasServerAlpn = QSslSocket::supportedFeatures().contains(QSsl::SupportedFeature::ServerSideAlpn); // Several plugins (TLS-backends) can co-exist. QSslSocket would implicitly // select 'openssl' if available, and if not: 'securetransport' (Darwin) or // 'schannel' (Windows). Check what we actually have: @@ -430,6 +411,9 @@ void tst_QSslSocket::initTestCase() flukeCertificateError = QSslError::SelfSignedCertificate; #if QT_CONFIG(openssl) opensslResolved = qt_auto_test_resolve_OpenSSL_symbols(); + // This is where OpenSSL moved several protocols under + // non-default (0) security level (the default is 1). + isSecurityLevel0Required = OPENSSL_VERSION_NUMBER >= 0x30100010; #else opensslResolved = false; // Not 'unused variable' anymore. #endif @@ -730,7 +714,7 @@ void tst_QSslSocket::constructing() QVERIFY(!socket.isTextModeEnabled()); QVERIFY(!socket.isWritable()); QCOMPARE(socket.openMode(), QIODevice::NotOpen); - QTest::ignoreMessage(QtWarningMsg, readNotOpenMessage); + QTest::ignoreMessage(QtWarningMsg, "QIODevice::peek (QSslSocket): device not open"); QVERIFY(socket.peek(2).isEmpty()); QCOMPARE(socket.pos(), qint64(0)); QTest::ignoreMessage(QtWarningMsg, writeNotOpenMessage); @@ -741,8 +725,7 @@ void tst_QSslSocket::constructing() QCOMPARE(socket.read(0, 0), qint64(-1)); QTest::ignoreMessage(QtWarningMsg, readNotOpenMessage); QVERIFY(socket.readAll().isEmpty()); - QTest::ignoreMessage(QtWarningMsg, "QIODevice::readLine (QSslSocket): Called with maxSize < 2"); - QCOMPARE(socket.readLine(0, 0), qint64(-1)); + QTest::ignoreMessage(QtWarningMsg, "QIODevice::readLine (QSslSocket): device not open"); char buf[10]; QCOMPARE(socket.readLine(buf, sizeof(buf)), qint64(-1)); QTest::ignoreMessage(QtWarningMsg, "QIODevice::seek (QSslSocket): Cannot call seek on a sequential device"); @@ -815,16 +798,32 @@ void tst_QSslSocket::configNoOnDemandLoad() QCOMPARE(customConfig, socket.sslConfiguration()); } +static void downgrade_TLS_QTQAINFRA_4499(QSslSocket &socket) +{ + // Set TLS 1.0 or above because the server doesn't support TLS 1.2 or above + // QTQAINFRA-4499 + QSslConfiguration config = socket.sslConfiguration(); + config.setProtocol(Test::TlsV1_0OrLater); + socket.setSslConfiguration(config); +} + void tst_QSslSocket::simpleConnect() { if (!QSslSocket::supportsSsl()) return; + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use when connecting) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QFETCH_GLOBAL(bool, setProxy); if (setProxy) return; QSslSocket socket; + + downgrade_TLS_QTQAINFRA_4499(socket); + QSignalSpy connectedSpy(&socket, SIGNAL(connected())); QSignalSpy hostFoundSpy(&socket, SIGNAL(hostFound())); QSignalSpy disconnectedSpy(&socket, SIGNAL(disconnected())); @@ -845,30 +844,30 @@ void tst_QSslSocket::simpleConnect() // Entered connecting state QCOMPARE(socket.state(), QAbstractSocket::ConnectingState); - QCOMPARE(connectedSpy.count(), 0); - QCOMPARE(hostFoundSpy.count(), 1); - QCOMPARE(disconnectedSpy.count(), 0); + QCOMPARE(connectedSpy.size(), 0); + QCOMPARE(hostFoundSpy.size(), 1); + QCOMPARE(disconnectedSpy.size(), 0); enterLoop(10); // Entered connected state QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); QCOMPARE(socket.mode(), QSslSocket::UnencryptedMode); QVERIFY(!socket.isEncrypted()); - QCOMPARE(connectedSpy.count(), 1); - QCOMPARE(hostFoundSpy.count(), 1); - QCOMPARE(disconnectedSpy.count(), 0); + QCOMPARE(connectedSpy.size(), 1); + QCOMPARE(hostFoundSpy.size(), 1); + QCOMPARE(disconnectedSpy.size(), 0); // Enter encrypted mode socket.startClientEncryption(); QCOMPARE(socket.mode(), QSslSocket::SslClientMode); QVERIFY(!socket.isEncrypted()); - QCOMPARE(connectionEncryptedSpy.count(), 0); - QCOMPARE(sslErrorsSpy.count(), 0); + QCOMPARE(connectionEncryptedSpy.size(), 0); + QCOMPARE(sslErrorsSpy.size(), 0); // Starting handshake enterLoop(10); - QCOMPARE(sslErrorsSpy.count(), 1); - QCOMPARE(connectionEncryptedSpy.count(), 0); + QCOMPARE(sslErrorsSpy.size(), 1); + QCOMPARE(connectionEncryptedSpy.size(), 0); QVERIFY(!socket.isEncrypted()); QCOMPARE(socket.state(), QAbstractSocket::UnconnectedState); } @@ -878,6 +877,10 @@ void tst_QSslSocket::simpleConnectWithIgnore() if (!QSslSocket::supportsSsl()) return; + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use when connecting) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QFETCH_GLOBAL(bool, setProxy); if (setProxy) return; @@ -887,6 +890,8 @@ void tst_QSslSocket::simpleConnectWithIgnore() QSignalSpy encryptedSpy(&socket, SIGNAL(encrypted())); QSignalSpy sslErrorsSpy(&socket, SIGNAL(sslErrors(QList<QSslError>))); + downgrade_TLS_QTQAINFRA_4499(socket); + connect(&socket, SIGNAL(readyRead()), this, SLOT(exitLoop())); connect(&socket, SIGNAL(encrypted()), this, SLOT(exitLoop())); connect(&socket, SIGNAL(connected()), this, SLOT(exitLoop())); @@ -904,10 +909,10 @@ void tst_QSslSocket::simpleConnectWithIgnore() enterLoop(10); // Done; encryption should be enabled. - QCOMPARE(sslErrorsSpy.count(), 1); + QCOMPARE(sslErrorsSpy.size(), 1); QVERIFY(socket.isEncrypted()); QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); - QCOMPARE(encryptedSpy.count(), 1); + QCOMPARE(encryptedSpy.size(), 1); // Wait for incoming data if (!socket.canReadLine()) @@ -920,6 +925,10 @@ void tst_QSslSocket::simpleConnectWithIgnore() void tst_QSslSocket::sslErrors_data() { + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use in 'sslErrors' test) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QTest::addColumn<QString>("host"); QTest::addColumn<int>("port"); @@ -936,10 +945,9 @@ void tst_QSslSocket::sslErrors() QFETCH(int, port); QSslSocketPtr socket = newSocket(); - if (isTestingSchannel) { - // Needs to be < 1.2 because of the old certificate and <= 1.0 because of the mail server - socket->setProtocol(QSsl::SslProtocol::TlsV1_0); - } + + QVERIFY(socket); + downgrade_TLS_QTQAINFRA_4499(*socket); QSignalSpy sslErrorsSpy(socket.data(), SIGNAL(sslErrors(QList<QSslError>))); QSignalSpy peerVerifyErrorSpy(socket.data(), SIGNAL(peerVerifyError(QSslError))); @@ -978,7 +986,7 @@ void tst_QSslSocket::sslErrors() // check the same errors were emitted by sslErrors QVERIFY(!sslErrorsSpy.isEmpty()); SslErrorList emittedErrors; - const auto sslErrorsSpyErrors = qvariant_cast<QList<QSslError> >(qAsConst(sslErrorsSpy).first().first()); + const auto sslErrorsSpyErrors = qvariant_cast<QList<QSslError> >(std::as_const(sslErrorsSpy).first().first()); for (const QSslError &err : sslErrorsSpyErrors) emittedErrors << err.error(); std::sort(emittedErrors.begin(), emittedErrors.end()); @@ -1027,7 +1035,7 @@ void tst_QSslSocket::ciphers() QString ciphersAsString; const auto &supported = sslConfig.supportedCiphers(); for (const auto &cipher : supported) { - if (cipher.isNull() || !cipher.name().length()) + if (cipher.isNull() || !cipher.name().size()) continue; if (ciphers.size() > 0) ciphersAsString += QStringLiteral(":"); @@ -1064,14 +1072,48 @@ void tst_QSslSocket::ciphers() } } +#if QT_CONFIG(securetransport) +void tst_QSslSocket::tls13Ciphers() +{ + // SecureTransport introduced several new ciphers under + // "TLS 1.3 ciphersuites" section. Since Qt 6 we respect + // the ciphers from QSslConfiguration. In case of default + // configuration, these are the same we report and we + // were failing (for historical reasons) to report those + // TLS 1.3 suites when creating default QSslConfiguration. + // Check we now have them. + if (!isTestingSecureTransport) + QSKIP("The feature 'securetransport' was enabled, but active backend is not \"securetransport\""); + + QFETCH_GLOBAL(const bool, setProxy); + if (setProxy) + return; + + const auto suites = QSslConfiguration::defaultConfiguration().ciphers(); + QSslCipher ciph; + // Check the one of reported and previously missed: + for (const auto &suite : suites) { + if (suite.encryptionMethod() == QStringLiteral("CHACHA20")) { + // There are several ciphesuites using CHACHA20, the first one + // is sufficient for the purpose of this test: + ciph = suite; + break; + } + } + + QVERIFY(!ciph.isNull()); + QCOMPARE(ciph.encryptionMethod(), QStringLiteral("CHACHA20")); + QCOMPARE(ciph.supportedBits(), 256); + QCOMPARE(ciph.usedBits(), 256); +} +#endif // QT_CONFIG(securetransport) + void tst_QSslSocket::connectToHostEncrypted() { if (!QSslSocket::supportsSsl()) return; QSslSocketPtr socket = newSocket(); - if (isTestingSchannel) // old certificate not supported with TLS 1.2 - socket->setProtocol(QSsl::SslProtocol::TlsV1_1); this->socket = socket.data(); auto config = socket->sslConfiguration(); @@ -1092,6 +1134,7 @@ void tst_QSslSocket::connectToHostEncrypted() socket->disconnectFromHost(); QVERIFY(socket->waitForDisconnected()); + QVERIFY(!socket->isEncrypted()); QCOMPARE(socket->mode(), QSslSocket::SslClientMode); @@ -1108,8 +1151,6 @@ void tst_QSslSocket::connectToHostEncryptedWithVerificationPeerName() return; QSslSocketPtr socket = newSocket(); - if (isTestingSchannel) // old certificate not supported with TLS 1.2 - socket->setProtocol(QSsl::SslProtocol::TlsV1_1); this->socket = socket.data(); @@ -1165,14 +1206,6 @@ void tst_QSslSocket::sessionCipher() QVERIFY(socket->waitForDisconnected()); } -void tst_QSslSocket::flush() -{ -} - -void tst_QSslSocket::isEncrypted() -{ -} - void tst_QSslSocket::localCertificate() { if (!QSslSocket::supportsSsl()) @@ -1216,7 +1249,7 @@ void tst_QSslSocket::peerCertificateChain() QSslSocketPtr socket = newSocket(); this->socket = socket.data(); QList<QSslCertificate> caCertificates = QSslCertificate::fromPath(httpServerCertChainPath()); - QCOMPARE(caCertificates.count(), 1); + QCOMPARE(caCertificates.size(), 1); auto config = socket->sslConfiguration(); config.addCaCertificates(caCertificates); socket->setSslConfiguration(config); @@ -1233,7 +1266,7 @@ void tst_QSslSocket::peerCertificateChain() QSKIP("Skipping flaky test - See QTBUG-29941"); QList<QSslCertificate> certChain = socket->peerCertificateChain(); - QVERIFY(certChain.count() > 0); + QVERIFY(certChain.size() > 0); QCOMPARE(certChain.first(), socket->peerCertificate()); socket->disconnectFromHost(); @@ -1277,6 +1310,7 @@ void tst_QSslSocket::privateKey() #if QT_CONFIG(openssl) void tst_QSslSocket::privateKeyOpaque() { +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (!isTestingOpenSsl) QSKIP("The active TLS backend does not support private opaque keys"); @@ -1310,6 +1344,7 @@ void tst_QSslSocket::privateKeyOpaque() QFETCH_GLOBAL(bool, setProxy); if (setProxy && !socket->waitForEncrypted(10000)) QSKIP("Skipping flaky test - See QTBUG-29941"); +#endif // OPENSSL_NO_DEPRECATED_3_0 } #endif // Feature 'openssl'. @@ -1335,38 +1370,38 @@ void tst_QSslSocket::protocol() QFETCH_GLOBAL(bool, setProxy); { // qt-test-server allows TLSV1. - socket->setProtocol(QSsl::TlsV1_0); - QCOMPARE(socket->protocol(), QSsl::TlsV1_0); + socket->setProtocol(Test::TlsV1_0); + QCOMPARE(socket->protocol(), Test::TlsV1_0); socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); - QCOMPARE(socket->protocol(), QSsl::TlsV1_0); + QCOMPARE(socket->protocol(), Test::TlsV1_0); socket->abort(); - QCOMPARE(socket->protocol(), QSsl::TlsV1_0); + QCOMPARE(socket->protocol(), Test::TlsV1_0); socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); - QCOMPARE(socket->protocol(), QSsl::TlsV1_0); + QCOMPARE(socket->protocol(), Test::TlsV1_0); socket->abort(); } { // qt-test-server probably doesn't allow TLSV1.1 - socket->setProtocol(QSsl::TlsV1_1); - QCOMPARE(socket->protocol(), QSsl::TlsV1_1); + socket->setProtocol(Test::TlsV1_1); + QCOMPARE(socket->protocol(), Test::TlsV1_1); socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); - QCOMPARE(socket->protocol(), QSsl::TlsV1_1); + QCOMPARE(socket->protocol(), Test::TlsV1_1); socket->abort(); - QCOMPARE(socket->protocol(), QSsl::TlsV1_1); + QCOMPARE(socket->protocol(), Test::TlsV1_1); socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); - QCOMPARE(socket->protocol(), QSsl::TlsV1_1); + QCOMPARE(socket->protocol(), Test::TlsV1_1); socket->abort(); } { @@ -1437,7 +1472,7 @@ public: config(QSslConfiguration::defaultConfiguration()), ignoreSslErrors(true), peerVerifyMode(QSslSocket::AutoVerifyPeer), - protocol(QSsl::TlsV1_0), + protocol(QSsl::SecureProtocols), m_keyFile(keyFile), m_certFile(certFile), m_interFile(interFile) @@ -1459,6 +1494,7 @@ signals: void handshakeInterruptedOnError(const QSslError& rrror); void gotAlert(QSsl::AlertLevel level, QSsl::AlertType type, const QString &message); void alertSent(QSsl::AlertLevel level, QSsl::AlertType type, const QString &message); + void socketEncrypted(QSslSocket *); protected: void incomingConnection(qintptr socketDescriptor) override @@ -1476,6 +1512,7 @@ protected: connect(socket, &QSslSocket::alertReceived, this, &SslServer::gotAlert); connect(socket, &QSslSocket::alertSent, this, &SslServer::alertSent); connect(socket, &QSslSocket::preSharedKeyAuthenticationRequired, this, &SslServer::preSharedKeyAuthenticationRequired); + connect(socket, &QSslSocket::encrypted, this, [this](){ emit socketEncrypted(socket); }); QFile file(m_keyFile); QVERIFY(file.open(QIODevice::ReadOnly)); @@ -1540,41 +1577,34 @@ void tst_QSslSocket::protocolServerSide_data() QTest::addColumn<QSsl::SslProtocol>("clientProtocol"); QTest::addColumn<bool>("works"); - QTest::newRow("tls1.0-tls1.0") << QSsl::TlsV1_0 << QSsl::TlsV1_0 << true; QTest::newRow("any-any") << QSsl::AnyProtocol << QSsl::AnyProtocol << true; QTest::newRow("secure-secure") << QSsl::SecureProtocols << QSsl::SecureProtocols << true; - QTest::newRow("tls1.0-secure") << QSsl::TlsV1_0 << QSsl::SecureProtocols << true; - QTest::newRow("tls1.0-any") << QSsl::TlsV1_0 << QSsl::AnyProtocol << true; - - QTest::newRow("secure-tls1.0") << QSsl::SecureProtocols << QSsl::TlsV1_0 << true; + QTest::newRow("tls1.0-secure") << Test::TlsV1_0 << QSsl::SecureProtocols << false; + QTest::newRow("secure-tls1.0") << QSsl::SecureProtocols << Test::TlsV1_0 << false; QTest::newRow("secure-any") << QSsl::SecureProtocols << QSsl::AnyProtocol << true; - QTest::newRow("tls1.0orlater-tls1.0") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_0 << true; - QTest::newRow("tls1.0orlater-tls1.1") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_1 << true; - QTest::newRow("tls1.0orlater-tls1.2") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_2 << true; + QTest::newRow("tls1.0orlater-tls1.2") << Test::TlsV1_0OrLater << QSsl::TlsV1_2 << true; if (supportsTls13()) - QTest::newRow("tls1.0orlater-tls1.3") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_3 << true; + QTest::newRow("tls1.0orlater-tls1.3") << Test::TlsV1_0OrLater << QSsl::TlsV1_3 << true; - QTest::newRow("tls1.1orlater-tls1.0") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_0 << false; - QTest::newRow("tls1.1orlater-tls1.1") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_1 << true; - QTest::newRow("tls1.1orlater-tls1.2") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_2 << true; + QTest::newRow("tls1.1orlater-tls1.0") << Test::TlsV1_1OrLater << Test::TlsV1_0 << false; + QTest::newRow("tls1.1orlater-tls1.2") << Test::TlsV1_1OrLater << QSsl::TlsV1_2 << true; if (supportsTls13()) - QTest::newRow("tls1.1orlater-tls1.3") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_3 << true; + QTest::newRow("tls1.1orlater-tls1.3") << Test::TlsV1_1OrLater << QSsl::TlsV1_3 << true; - QTest::newRow("tls1.2orlater-tls1.0") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_0 << false; - QTest::newRow("tls1.2orlater-tls1.1") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_1 << false; + QTest::newRow("tls1.2orlater-tls1.0") << QSsl::TlsV1_2OrLater << Test::TlsV1_0 << false; + QTest::newRow("tls1.2orlater-tls1.1") << QSsl::TlsV1_2OrLater << Test::TlsV1_1 << false; QTest::newRow("tls1.2orlater-tls1.2") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_2 << true; if (supportsTls13()) { QTest::newRow("tls1.2orlater-tls1.3") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_3 << true; - QTest::newRow("tls1.3orlater-tls1.0") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_0 << false; - QTest::newRow("tls1.3orlater-tls1.1") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_1 << false; + QTest::newRow("tls1.3orlater-tls1.0") << QSsl::TlsV1_3OrLater << Test::TlsV1_0 << false; + QTest::newRow("tls1.3orlater-tls1.1") << QSsl::TlsV1_3OrLater << Test::TlsV1_1 << false; QTest::newRow("tls1.3orlater-tls1.2") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_2 << false; QTest::newRow("tls1.3orlater-tls1.3") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_3 << true; } - QTest::newRow("any-tls1.0") << QSsl::AnyProtocol << QSsl::TlsV1_0 << true; QTest::newRow("any-secure") << QSsl::AnyProtocol << QSsl::SecureProtocols << true; } @@ -1631,8 +1661,6 @@ void tst_QSslSocket::protocolServerSide() QCOMPARE(client.isEncrypted(), works); } -#if QT_CONFIG(openssl) - void tst_QSslSocket::serverCipherPreferences() { if (!isTestingOpenSsl) @@ -1642,10 +1670,28 @@ void tst_QSslSocket::serverCipherPreferences() if (setProxy) return; - // First using the default (server preference) + QSslCipher testedCiphers[2]; { + // First using the default (server preference) + const auto supportedCiphers = QSslConfiguration::supportedCiphers(); + int nSet = 0; + for (const auto &cipher : supportedCiphers) { + // Ciphersuites from TLS 1.2 and 1.3 are set separately, + // let's select 1.3 or above explicitly. + if (cipher.protocol() < QSsl::TlsV1_3) + continue; + + testedCiphers[nSet++] = cipher; + if (nSet == 2) + break; + } + + if (nSet != 2) + QSKIP("Failed to find two proper ciphersuites to test, bailing out."); + SslServer server; - server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")}; + server.protocol = QSsl::TlsV1_2OrLater; + server.ciphers = {testedCiphers[0], testedCiphers[1]}; QVERIFY(server.listen()); QEventLoop loop; @@ -1655,7 +1701,8 @@ void tst_QSslSocket::serverCipherPreferences() socket = &client; auto sslConfig = socket->sslConfiguration(); - sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")}); + sslConfig.setProtocol(QSsl::TlsV1_2OrLater); + sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]}); socket->setSslConfiguration(sslConfig); // upon SSL wrong version error, errorOccurred will be triggered, not sslErrors @@ -1668,16 +1715,19 @@ void tst_QSslSocket::serverCipherPreferences() loop.exec(); QVERIFY(client.isEncrypted()); - QCOMPARE(client.sessionCipher().name(), QString("AES128-SHA")); + QCOMPARE(client.sessionCipher().name(), testedCiphers[0].name()); } { + if (QTestPrivate::isRunningArmOnX86()) + QSKIP("This test is known to crash on QEMU emulation for no good reason."); // Now using the client preferences SslServer server; QSslConfiguration config = QSslConfiguration::defaultConfiguration(); config.setSslOption(QSsl::SslOptionDisableServerCipherPreference, true); server.config = config; - server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")}; + server.protocol = QSsl::TlsV1_2OrLater; + server.ciphers = {testedCiphers[0], testedCiphers[1]}; QVERIFY(server.listen()); QEventLoop loop; @@ -1687,7 +1737,8 @@ void tst_QSslSocket::serverCipherPreferences() socket = &client; auto sslConfig = socket->sslConfiguration(); - sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")}); + sslConfig.setProtocol(QSsl::TlsV1_2OrLater); + sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]}); socket->setSslConfiguration(sslConfig); // upon SSL wrong version error, errorOccurred will be triggered, not sslErrors @@ -1700,12 +1751,10 @@ void tst_QSslSocket::serverCipherPreferences() loop.exec(); QVERIFY(client.isEncrypted()); - QCOMPARE(client.sessionCipher().name(), QString("AES256-SHA")); + QCOMPARE(client.sessionCipher().name(), testedCiphers[1].name()); } } -#endif // Feature 'openssl'. - void tst_QSslSocket::setCaCertificates() { @@ -1782,8 +1831,10 @@ void tst_QSslSocket::setLocalCertificateChain() } QCOMPARE(chain.size(), 2); - QCOMPARE(chain[0].serialNumber(), QByteArray("10:a0:ad:77:58:f6:6e:ae:46:93:a3:43:f9:59:8a:9e")); - QCOMPARE(chain[1].serialNumber(), QByteArray("3b:eb:99:c5:ea:d8:0b:5d:0b:97:5d:4f:06:75:4b:e1")); + QCOMPARE(chain[0].serialNumber(), + QByteArray("58:df:33:c1:9b:bc:c5:51:7a:00:86:64:43:94:41:e2:26:ef:3f:89")); + QCOMPARE(chain[1].serialNumber(), + QByteArray("11:72:34:bc:21:e6:ca:04:24:13:f8:35:48:84:a6:e9:de:96:22:15")); } void tst_QSslSocket::tlsConfiguration() @@ -1875,8 +1926,6 @@ void tst_QSslSocket::setSslConfiguration() QSslSocketPtr socket = newSocket(); QFETCH(QSslConfiguration, configuration); socket->setSslConfiguration(configuration); - if (isTestingSchannel) // old certificate not supported with TLS 1.2 - socket->setProtocol(QSsl::SslProtocol::TlsV1_1); this->socket = socket.data(); socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); @@ -1930,9 +1979,19 @@ void tst_QSslSocket::waitForConnectedEncryptedReadyRead() if (!QSslSocket::supportsSsl()) return; + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use here) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QSslSocketPtr socket = newSocket(); this->socket = socket.data(); + // Set TLS 1.0 or above because the server doesn't support TLS 1.2 or above + // QTQAINFRA-4499 + QSslConfiguration config = socket->sslConfiguration(); + config.setProtocol(Test::TlsV1_0OrLater); + socket->setSslConfiguration(config); + connect(this->socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); socket->connectToHostEncrypted(QtNetworkSettings::imapServerName(), 993); @@ -2211,8 +2270,17 @@ void tst_QSslSocket::spontaneousWrite() receiver->startClientEncryption(); // SSL handshake: - connect(receiver, SIGNAL(encrypted()), SLOT(exitLoop())); + // Need to wait for both sides to emit encrypted as the ordering of which + // ones emits encrypted() changes depending on whether we use TLS 1.2 or 1.3 + int waitFor = 2; + auto earlyQuitter = [&waitFor]() { + if (!--waitFor) + exitLoop(); + }; + connect(receiver, &QSslSocket::encrypted, this, earlyQuitter); + connect(sender, &QSslSocket::encrypted, this, earlyQuitter); enterLoop(1); + QVERIFY(!timeout()); QVERIFY(sender->isEncrypted()); QVERIFY(receiver->isEncrypted()); @@ -2255,9 +2323,21 @@ void tst_QSslSocket::setReadBufferSize() receiver->ignoreSslErrors(); receiver->startClientEncryption(); - // SSL handshake: - connect(receiver, SIGNAL(encrypted()), SLOT(exitLoop())); + // Need to wait for both sides to emit encrypted as the ordering of which + // ones emits encrypted() changes depending on whether we use TLS 1.2 or 1.3 + int waitFor = 2; + auto earlyQuitter = [&waitFor]() { + if (!--waitFor) + exitLoop(); + }; + connect(receiver, &QSslSocket::encrypted, this, earlyQuitter); + connect(sender, &QSslSocket::encrypted, this, earlyQuitter); + enterLoop(1); + if (!sender->isEncrypted()) { + connect(sender, &QSslSocket::encrypted, this, &tst_QSslSocket::exitLoop); + enterLoop(1); + } QVERIFY(!timeout()); QVERIFY(sender->isEncrypted()); QVERIFY(receiver->isEncrypted()); @@ -2577,8 +2657,6 @@ void tst_QSslSocket::verifyMode() return; QSslSocket socket; - if (isTestingSchannel) // old certificate not supported with TLS 1.2 - socket.setProtocol(QSsl::SslProtocol::TlsV1_1); QCOMPARE(socket.peerVerifyMode(), QSslSocket::AutoVerifyPeer); socket.setPeerVerifyMode(QSslSocket::VerifyNone); @@ -2623,12 +2701,13 @@ void tst_QSslSocket::verifyDepth() QCOMPARE(socket.peerVerifyDepth(), 1); } -#if QT_CONFIG(openssl) void tst_QSslSocket::verifyAndDefaultConfiguration() { QFETCH_GLOBAL(const bool, setProxy); if (setProxy) return; + if (!QSslSocket::supportedFeatures().contains(QSsl::SupportedFeature::CertificateVerification)) + QSKIP("This backend doesn't support manual certificate verification"); const auto defaultCACertificates = QSslConfiguration::defaultConfiguration().caCertificates(); const auto chainGuard = qScopeGuard([&defaultCACertificates]{ auto conf = QSslConfiguration::defaultConfiguration(); @@ -2658,7 +2737,6 @@ void tst_QSslSocket::verifyAndDefaultConfiguration() QCOMPARE(QSslConfiguration::defaultConfiguration().caCertificates(), QList{caCert}); #endif } -#endif // QT_CONFIG(openssl) void tst_QSslSocket::disconnectFromHostWhenConnecting() { @@ -2758,10 +2836,10 @@ void tst_QSslSocket::closeWhileEmittingSocketError() // Make sure we have some data buffered so that close will try to flush: clientSocket.write(QByteArray(1000000, Qt::Uninitialized)); - QTestEventLoop::instance().enterLoopMSecs(1000); + QTestEventLoop::instance().enterLoop(1s); QVERIFY(!QTestEventLoop::instance().timeout()); - QCOMPARE(socketErrorSpy.count(), 1); + QCOMPARE(socketErrorSpy.size(), 1); } #endif // Feature 'openssl'. @@ -2858,7 +2936,7 @@ void tst_QSslSocket::ignoreSslErrorsList() bool expectEncryptionSuccess = (expectedSslErrorSignalCount == 0); if (socket.waitForEncrypted(10000) != expectEncryptionSuccess) QSKIP("Skipping flaky test - See QTBUG-29941"); - QCOMPARE(sslErrorsSpy.count(), expectedSslErrorSignalCount); + QCOMPARE(sslErrorsSpy.size(), expectedSslErrorSignalCount); } void tst_QSslSocket::ignoreSslErrorsListWithSlot_data() @@ -2919,8 +2997,6 @@ void tst_QSslSocket::abortOnSslErrors() void tst_QSslSocket::readFromClosedSocket() { QSslSocketPtr socket = newSocket(); - if (isTestingSchannel) // old certificate not supported with TLS 1.2 - socket->setProtocol(QSsl::SslProtocol::TlsV1_1); socket->ignoreSslErrors(); socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); @@ -3018,9 +3094,16 @@ void tst_QSslSocket::blacklistedCertificates() connect(receiver, SIGNAL(encrypted()), SLOT(exitLoop())); enterLoop(1); QList<QSslError> sslErrors = receiver->sslHandshakeErrors(); - QVERIFY(sslErrors.count() > 0); + QVERIFY(sslErrors.size() > 0); // there are more errors (self signed cert and hostname mismatch), but we only care about the blacklist error - QCOMPARE(sslErrors.at(0).error(), QSslError::CertificateBlacklisted); + std::optional<QSslError> blacklistedError; + for (const QSslError &error : sslErrors) { + if (error.error() == QSslError::CertificateBlacklisted) { + blacklistedError = error; + break; + } + } + QVERIFY2(blacklistedError, "CertificateBlacklisted error not found!"); } void tst_QSslSocket::versionAccessors() @@ -3046,6 +3129,10 @@ void tst_QSslSocket::encryptWithoutConnecting() void tst_QSslSocket::resume_data() { + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use in 'resume' test) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QTest::addColumn<bool>("ignoreErrorsAfterPause"); QTest::addColumn<QList<QSslError> >("errorsToIgnore"); QTest::addColumn<bool>("expectSuccess"); @@ -3081,6 +3168,12 @@ void tst_QSslSocket::resume() QSslSocket socket; socket.setPauseMode(QAbstractSocket::PauseOnSslErrors); + // Set TLS 1.0 or above because the server doesn't support TLS 1.2 or above + // QTQAINFRA-4499 + QSslConfiguration config = socket.sslConfiguration(); + config.setProtocol(Test::TlsV1_0OrLater); + socket.setSslConfiguration(config); + QSignalSpy sslErrorSpy(&socket, SIGNAL(sslErrors(QList<QSslError>))); QSignalSpy encryptedSpy(&socket, SIGNAL(encrypted())); QSignalSpy errorSpy(&socket, SIGNAL(errorOccurred(QAbstractSocket::SocketError))); @@ -3096,9 +3189,9 @@ void tst_QSslSocket::resume() QFETCH_GLOBAL(bool, setProxy); if (setProxy && QTestEventLoop::instance().timeout()) QSKIP("Skipping flaky test - See QTBUG-29941"); - QCOMPARE(sslErrorSpy.count(), 1); - QCOMPARE(errorSpy.count(), 0); - QCOMPARE(encryptedSpy.count(), 0); + QCOMPARE(sslErrorSpy.size(), 1); + QCOMPARE(errorSpy.size(), 0); + QCOMPARE(encryptedSpy.size(), 0); QVERIFY(!socket.isEncrypted()); if (ignoreErrorsAfterPause) { if (errorsToIgnore.empty()) @@ -3110,15 +3203,15 @@ void tst_QSslSocket::resume() QTestEventLoop::instance().enterLoop(10); QVERIFY(!QTestEventLoop::instance().timeout()); // quit by encrypted() or error() signal if (expectSuccess) { - QCOMPARE(encryptedSpy.count(), 1); + QCOMPARE(encryptedSpy.size(), 1); QVERIFY(socket.isEncrypted()); - QCOMPARE(errorSpy.count(), 0); + QCOMPARE(errorSpy.size(), 0); socket.disconnectFromHost(); QVERIFY(socket.waitForDisconnected(10000)); } else { - QCOMPARE(encryptedSpy.count(), 0); + QCOMPARE(encryptedSpy.size(), 0); QVERIFY(!socket.isEncrypted()); - QCOMPARE(errorSpy.count(), 1); + QCOMPARE(errorSpy.size(), 1); QCOMPARE(socket.error(), QAbstractSocket::SslHandshakeFailedError); } } @@ -3305,17 +3398,17 @@ void tst_QSslSocket::qtbug18498_peek2() bigblock.fill('#', QIODEVICE_BUFFERSIZE + 1024); QVERIFY(client->write(QByteArray("head"))); QVERIFY(client->write(bigblock)); - QTRY_COMPARE(server->bytesAvailable(), bigblock.length() + 4); + QTRY_COMPARE(server->bytesAvailable(), bigblock.size() + 4); QCOMPARE(server->read(4), QByteArray("head")); - QCOMPARE(server->peek(bigblock.length()), bigblock); - b.reserve(bigblock.length()); - b.resize(server->peek(b.data(), bigblock.length())); + QCOMPARE(server->peek(bigblock.size()), bigblock); + b.reserve(bigblock.size()); + b.resize(server->peek(b.data(), bigblock.size())); QCOMPARE(b, bigblock); //check oversized peek - QCOMPARE(server->peek(bigblock.length() * 3), bigblock); - b.reserve(bigblock.length() * 3); - b.resize(server->peek(b.data(), bigblock.length() * 3)); + QCOMPARE(server->peek(bigblock.size() * 3), bigblock); + b.reserve(bigblock.size() * 3); + b.resize(server->peek(b.data(), bigblock.size() * 3)); QCOMPARE(b, bigblock); QCOMPARE(server->readAll(), bigblock); @@ -3383,7 +3476,13 @@ void tst_QSslSocket::dhServer() return; SslServer server; - server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")}; + QSslCipher rsaCipher("DHE-RSA-AES256-SHA"); + QSslCipher dssCipher("DHE-DSS-AES256-SHA"); + if (rsaCipher.isNull()) + QSKIP("The current backend doesn't support DHE-RSA-AES256-SHA"); + if (dssCipher.isNull()) + QSKIP("The current backend doesn't support DHE-DSS-AES256-SHA"); + server.ciphers = { rsaCipher, dssCipher }; QVERIFY(server.listen()); QEventLoop loop; @@ -3411,8 +3510,10 @@ void tst_QSslSocket::dhServerCustomParamsNull() if (setProxy) return; + const QSslCipher cipherWithDH("DHE-RSA-AES256-SHA256"); SslServer server; - server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")}; + server.ciphers = {cipherWithDH}; + server.protocol = QSsl::TlsV1_2; QSslConfiguration cfg = server.config; cfg.setDiffieHellmanParameters(QSslDiffieHellmanParameters()); @@ -3424,6 +3525,8 @@ void tst_QSslSocket::dhServerCustomParamsNull() QTimer::singleShot(5000, &loop, SLOT(quit())); QSslSocket client; + QSslConfiguration config = client.sslConfiguration(); + client.setSslConfiguration(config); socket = &client; connect(socket, SIGNAL(errorOccurred(QAbstractSocket::SocketError)), &loop, SLOT(quit())); connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); @@ -3433,20 +3536,25 @@ void tst_QSslSocket::dhServerCustomParamsNull() loop.exec(); - QVERIFY(client.state() != QAbstractSocket::ConnectedState); + QCOMPARE(client.state(), QAbstractSocket::ConnectedState); + QCOMPARE(client.sessionCipher(), cipherWithDH); } void tst_QSslSocket::dhServerCustomParams() { if (!QSslSocket::supportsSsl()) QSKIP("No SSL support"); + if (!QSslSocket::isClassImplemented(QSsl::ImplementedClass::DiffieHellman)) + QSKIP("The current backend doesn't support diffie hellman parameters"); QFETCH_GLOBAL(bool, setProxy); if (setProxy) return; SslServer server; - server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")}; + const QSslCipher cipherWithDH("DHE-RSA-AES256-SHA256"); + server.ciphers = {cipherWithDH}; + server.protocol = QSsl::TlsV1_2; QSslConfiguration cfg = server.config; @@ -3476,7 +3584,8 @@ void tst_QSslSocket::dhServerCustomParams() loop.exec(); - QVERIFY(client.state() == QAbstractSocket::ConnectedState); + QCOMPARE(client.state(), QAbstractSocket::ConnectedState); + QCOMPARE(client.sessionCipher(), cipherWithDH); } #endif // QT_CONFIG(openssl) @@ -3492,7 +3601,10 @@ void tst_QSslSocket::ecdhServer() return; SslServer server; - server.ciphers = {QSslCipher("ECDHE-RSA-AES128-SHA")}; + QSslCipher cipher("ECDHE-RSA-AES128-SHA"); + if (cipher.isNull()) + QSKIP("The current backend doesn't support ECDHE-RSA-AES128-SHA"); + server.ciphers = {cipher}; QVERIFY(server.listen()); QEventLoop loop; @@ -3605,6 +3717,7 @@ void tst_QSslSocket::verifyClientCertificate() } SslServer server; + server.protocol = QSsl::TlsV1_2; server.addCaCertificates = testDataDir + "certs/bogus-ca.crt"; server.ignoreSslErrors = false; server.peerVerifyMode = peerVerifyMode; @@ -3618,6 +3731,9 @@ void tst_QSslSocket::verifyClientCertificate() QSslSocket client; client.setLocalCertificateChain(clientCerts); client.setPrivateKey(clientKey); + QSslConfiguration config = client.sslConfiguration(); + config.setProtocol(Test::TlsV1_0OrLater); + client.setSslConfiguration(config); socket = &client; connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); @@ -3643,7 +3759,7 @@ void tst_QSslSocket::verifyClientCertificate() } else { QCOMPARE(server.socket->peerCertificate(), clientCerts.first()); if (isTestingSchannel) { - if (clientCerts.count() == 1 && server.socket->peerCertificateChain().count() == 2) { + if (clientCerts.size() == 1 && server.socket->peerCertificateChain().size() == 2) { QEXPECT_FAIL("", "Schannel includes the entire chain, not just the leaf and intermediates", Continue); @@ -3695,11 +3811,19 @@ void tst_QSslSocket::readBufferMaxSize() socket = client.data(); connect(socket, SIGNAL(errorOccurred(QAbstractSocket::SocketError)), &loop, SLOT(quit())); connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); - connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit())); client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); + int waitFor = 2; + auto earlyQuitter = [&loop, &waitFor]() { + if (!--waitFor) + loop.exit(); + }; + + connect(socket, &QSslSocket::encrypted, &loop, earlyQuitter); + connect(&server, &SslServer::socketEncrypted, &loop, earlyQuitter); + // Wait for 'encrypted' first: QTimer::singleShot(5000, &loop, SLOT(quit())); loop.exec(); @@ -3749,16 +3873,8 @@ void tst_QSslSocket::setEmptyDefaultConfiguration() // this test should be last, void tst_QSslSocket::allowedProtocolNegotiation() { - // TLSTODO: check feature Cleint/ServerSideAlpn supported insted! -#ifndef ALPN_SUPPORTED - QSKIP("ALPN is unsupported, skipping test"); -#endif - - if (isTestingSchannel) { - // TODO: move this check into the plugin (not to report ALPN as supported). - if (QOperatingSystemVersion::current() < QOperatingSystemVersion::Windows8_1) - QSKIP("ALPN is not supported on this version of Windows using Schannel."); - } + if (!hasServerAlpn) + QSKIP("Server-side ALPN is unsupported, skipping test"); QFETCH_GLOBAL(bool, setProxy); if (setProxy) @@ -3785,12 +3901,22 @@ void tst_QSslSocket::allowedProtocolNegotiation() QEventLoop loop; QTimer::singleShot(5000, &loop, SLOT(quit())); - connect(&clientSocket, SIGNAL(encrypted()), &loop, SLOT(quit())); + + // Need to wait for both sides to emit encrypted as the ordering of which + // ones emits encrypted() changes depending on whether we use TLS 1.2 or 1.3 + int waitFor = 2; + auto earlyQuitter = [&loop, &waitFor]() { + if (!--waitFor) + loop.exit(); + }; + connect(&clientSocket, &QSslSocket::encrypted, &loop, earlyQuitter); + connect(&server, &SslServer::socketEncrypted, &loop, earlyQuitter); + loop.exec(); - QVERIFY(server.socket->sslConfiguration().nextNegotiatedProtocol() == - clientSocket.sslConfiguration().nextNegotiatedProtocol()); - QVERIFY(server.socket->sslConfiguration().nextNegotiatedProtocol() == expectedNegotiated); + QCOMPARE(server.socket->sslConfiguration().nextNegotiatedProtocol(), + clientSocket.sslConfiguration().nextNegotiatedProtocol()); + QCOMPARE(server.socket->sslConfiguration().nextNegotiatedProtocol(), expectedNegotiated); } #if QT_CONFIG(openssl) @@ -3851,7 +3977,7 @@ public: config(QSslConfiguration::defaultConfiguration()), ignoreSslErrors(true), peerVerifyMode(QSslSocket::AutoVerifyPeer), - protocol(QSsl::TlsV1_0), + protocol(QSsl::TlsV1_2), m_pskProvider() { m_pskProvider.m_server = true; @@ -3993,14 +4119,14 @@ void tst_QSslSocket::simplePskConnect() case PskConnectWrongCredentials: // provide totally wrong credentials - provider.setIdentity(PSK_CLIENT_IDENTITY.left(PSK_CLIENT_IDENTITY.length() - 1)); - provider.setPreSharedKey(PSK_CLIENT_PRESHAREDKEY.left(PSK_CLIENT_PRESHAREDKEY.length() - 1)); + provider.setIdentity(PSK_CLIENT_IDENTITY.left(PSK_CLIENT_IDENTITY.size() - 1)); + provider.setPreSharedKey(PSK_CLIENT_PRESHAREDKEY.left(PSK_CLIENT_PRESHAREDKEY.size() - 1)); connect(&socket, SIGNAL(preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*)), &provider, SLOT(providePsk(QSslPreSharedKeyAuthenticator*))); break; case PskConnectWrongIdentity: // right PSK, wrong identity - provider.setIdentity(PSK_CLIENT_IDENTITY.left(PSK_CLIENT_IDENTITY.length() - 1)); + provider.setIdentity(PSK_CLIENT_IDENTITY.left(PSK_CLIENT_IDENTITY.size() - 1)); provider.setPreSharedKey(PSK_CLIENT_PRESHAREDKEY); connect(&socket, SIGNAL(preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*)), &provider, SLOT(providePsk(QSslPreSharedKeyAuthenticator*))); break; @@ -4008,7 +4134,7 @@ void tst_QSslSocket::simplePskConnect() case PskConnectWrongPreSharedKey: // right identity, wrong PSK provider.setIdentity(PSK_CLIENT_IDENTITY); - provider.setPreSharedKey(PSK_CLIENT_PRESHAREDKEY.left(PSK_CLIENT_PRESHAREDKEY.length() - 1)); + provider.setPreSharedKey(PSK_CLIENT_PRESHAREDKEY.left(PSK_CLIENT_PRESHAREDKEY.size() - 1)); connect(&socket, SIGNAL(preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*)), &provider, SLOT(providePsk(QSslPreSharedKeyAuthenticator*))); break; @@ -4060,32 +4186,32 @@ void tst_QSslSocket::simplePskConnect() // Entered connecting state QCOMPARE(socket.state(), QAbstractSocket::ConnectingState); - QCOMPARE(connectedSpy.count(), 0); - QCOMPARE(hostFoundSpy.count(), 1); - QCOMPARE(disconnectedSpy.count(), 0); + QCOMPARE(connectedSpy.size(), 0); + QCOMPARE(hostFoundSpy.size(), 1); + QCOMPARE(disconnectedSpy.size(), 0); enterLoop(10); // Entered connected state QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); QCOMPARE(socket.mode(), QSslSocket::UnencryptedMode); QVERIFY(!socket.isEncrypted()); - QCOMPARE(connectedSpy.count(), 1); - QCOMPARE(hostFoundSpy.count(), 1); - QCOMPARE(disconnectedSpy.count(), 0); + QCOMPARE(connectedSpy.size(), 1); + QCOMPARE(hostFoundSpy.size(), 1); + QCOMPARE(disconnectedSpy.size(), 0); // Enter encrypted mode socket.startClientEncryption(); QCOMPARE(socket.mode(), QSslSocket::SslClientMode); QVERIFY(!socket.isEncrypted()); - QCOMPARE(connectionEncryptedSpy.count(), 0); - QCOMPARE(sslErrorsSpy.count(), 0); - QCOMPARE(peerVerifyErrorSpy.count(), 0); + QCOMPARE(connectionEncryptedSpy.size(), 0); + QCOMPARE(sslErrorsSpy.size(), 0); + QCOMPARE(peerVerifyErrorSpy.size(), 0); // Start handshake. enterLoop(10); // We must get the PSK signal in all cases - QCOMPARE(pskAuthenticationRequiredSpy.count(), 1); + QCOMPARE(pskAuthenticationRequiredSpy.size(), 1); switch (pskTestType) { case PskConnectDoNotHandlePsk: @@ -4094,40 +4220,40 @@ void tst_QSslSocket::simplePskConnect() case PskConnectWrongIdentity: case PskConnectWrongPreSharedKey: // Handshake failure - QCOMPARE(socketErrorsSpy.count(), 1); + QCOMPARE(socketErrorsSpy.size(), 1); QCOMPARE(qvariant_cast<QAbstractSocket::SocketError>(socketErrorsSpy.at(0).at(0)), QAbstractSocket::SslHandshakeFailedError); - QCOMPARE(sslErrorsSpy.count(), 0); - QCOMPARE(peerVerifyErrorSpy.count(), 0); - QCOMPARE(connectionEncryptedSpy.count(), 0); + QCOMPARE(sslErrorsSpy.size(), 0); + QCOMPARE(peerVerifyErrorSpy.size(), 0); + QCOMPARE(connectionEncryptedSpy.size(), 0); QVERIFY(!socket.isEncrypted()); break; case PskConnectRightCredentialsPeerVerifyFailure: // Peer verification failure - QCOMPARE(socketErrorsSpy.count(), 1); + QCOMPARE(socketErrorsSpy.size(), 1); QCOMPARE(qvariant_cast<QAbstractSocket::SocketError>(socketErrorsSpy.at(0).at(0)), QAbstractSocket::SslHandshakeFailedError); - QCOMPARE(sslErrorsSpy.count(), 1); - QCOMPARE(peerVerifyErrorSpy.count(), 1); - QCOMPARE(connectionEncryptedSpy.count(), 0); + QCOMPARE(sslErrorsSpy.size(), 1); + QCOMPARE(peerVerifyErrorSpy.size(), 1); + QCOMPARE(connectionEncryptedSpy.size(), 0); QVERIFY(!socket.isEncrypted()); break; case PskConnectRightCredentialsVerifyPeer: // Peer verification failure, but ignore it and keep connecting - QCOMPARE(socketErrorsSpy.count(), 0); - QCOMPARE(sslErrorsSpy.count(), 1); - QCOMPARE(peerVerifyErrorSpy.count(), 1); - QCOMPARE(connectionEncryptedSpy.count(), 1); + QCOMPARE(socketErrorsSpy.size(), 0); + QCOMPARE(sslErrorsSpy.size(), 1); + QCOMPARE(peerVerifyErrorSpy.size(), 1); + QCOMPARE(connectionEncryptedSpy.size(), 1); QVERIFY(socket.isEncrypted()); QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); break; case PskConnectRightCredentialsDoNotVerifyPeer: // No peer verification => no failure - QCOMPARE(socketErrorsSpy.count(), 0); - QCOMPARE(sslErrorsSpy.count(), 0); - QCOMPARE(peerVerifyErrorSpy.count(), 0); - QCOMPARE(connectionEncryptedSpy.count(), 1); + QCOMPARE(socketErrorsSpy.size(), 0); + QCOMPARE(sslErrorsSpy.size(), 0); + QCOMPARE(peerVerifyErrorSpy.size(), 0); + QCOMPARE(connectionEncryptedSpy.size(), 1); QVERIFY(socket.isEncrypted()); QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); break; @@ -4168,7 +4294,7 @@ void tst_QSslSocket::simplePskConnect() } QCOMPARE(socket.state(), QAbstractSocket::UnconnectedState); - QCOMPARE(disconnectedSpy.count(), 1); + QCOMPARE(disconnectedSpy.size(), 1); } void tst_QSslSocket::ephemeralServerKey_data() @@ -4201,7 +4327,7 @@ void tst_QSslSocket::ephemeralServerKey() client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); spy.wait(); - QCOMPARE(spy.count(), 1); + QCOMPARE(spy.size(), 1); QVERIFY(server.config.ephemeralServerKey().isNull()); QCOMPARE(client->sslConfiguration().ephemeralServerKey().isNull(), emptyKey); } @@ -4264,22 +4390,22 @@ void tst_QSslSocket::pskServer() QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); QCOMPARE(socket.mode(), QSslSocket::UnencryptedMode); QVERIFY(!socket.isEncrypted()); - QCOMPARE(connectedSpy.count(), 1); - QCOMPARE(disconnectedSpy.count(), 0); + QCOMPARE(connectedSpy.size(), 1); + QCOMPARE(disconnectedSpy.size(), 0); // Enter encrypted mode socket.startClientEncryption(); QCOMPARE(socket.mode(), QSslSocket::SslClientMode); QVERIFY(!socket.isEncrypted()); - QCOMPARE(connectionEncryptedSpy.count(), 0); + QCOMPARE(connectionEncryptedSpy.size(), 0); // Start handshake. enterLoop(10); // We must get the PSK signal in all cases - QCOMPARE(pskAuthenticationRequiredSpy.count(), 1); + QCOMPARE(pskAuthenticationRequiredSpy.size(), 1); - QCOMPARE(connectionEncryptedSpy.count(), 1); + QCOMPARE(connectionEncryptedSpy.size(), 1); QVERIFY(socket.isEncrypted()); QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); @@ -4292,7 +4418,7 @@ void tst_QSslSocket::pskServer() enterLoop(10); QCOMPARE(socket.state(), QAbstractSocket::UnconnectedState); - QCOMPARE(disconnectedSpy.count(), 1); + QCOMPARE(disconnectedSpy.size(), 1); } void tst_QSslSocket::signatureAlgorithm_data() @@ -4364,7 +4490,7 @@ void tst_QSslSocket::signatureAlgorithm_data() // signature algorithms do not match, but are ignored because the tls version is not v1.2 QTest::newRow("client_ignore_TlsV1_1") << QByteArrayList({rsaSha256}) - << QSsl::TlsV1_1 + << Test::TlsV1_1 << QByteArrayList({rsaSha512}) << QSsl::AnyProtocol << QAbstractSocket::ConnectedState; @@ -4372,11 +4498,11 @@ void tst_QSslSocket::signatureAlgorithm_data() << QByteArrayList({rsaSha256}) << QSsl::AnyProtocol << QByteArrayList({rsaSha512}) - << QSsl::TlsV1_1 + << Test::TlsV1_1 << QAbstractSocket::ConnectedState; QTest::newRow("client_ignore_TlsV1_0") << QByteArrayList({rsaSha256}) - << QSsl::TlsV1_0 + << Test::TlsV1_0 << QByteArrayList({rsaSha512}) << QSsl::AnyProtocol << QAbstractSocket::ConnectedState; @@ -4384,7 +4510,7 @@ void tst_QSslSocket::signatureAlgorithm_data() << QByteArrayList({rsaSha256}) << QSsl::AnyProtocol << QByteArrayList({rsaSha512}) - << QSsl::TlsV1_0 + << Test::TlsV1_0 << QAbstractSocket::ConnectedState; } @@ -4445,7 +4571,7 @@ void tst_QSslSocket::forwardReadChannelFinished() &QTestEventLoop::instance(), &QTestEventLoop::exitLoop); socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); enterLoop(10); - QVERIFY(readChannelFinishedSpy.count()); + QVERIFY(readChannelFinishedSpy.size()); } #endif // QT_CONFIG(openssl) @@ -4453,9 +4579,9 @@ void tst_QSslSocket::forwardReadChannelFinished() void tst_QSslSocket::unsupportedProtocols_data() { QTest::addColumn<QSsl::SslProtocol>("unsupportedProtocol"); - QTest::newRow("DtlsV1_0") << QSsl::DtlsV1_0; + QTest::newRow("DtlsV1_0") << Test::DtlsV1_0; QTest::newRow("DtlsV1_2") << QSsl::DtlsV1_2; - QTest::newRow("DtlsV1_0OrLater") << QSsl::DtlsV1_0OrLater; + QTest::newRow("DtlsV1_0OrLater") << Test::DtlsV1_0OrLater; QTest::newRow("DtlsV1_2OrLater") << QSsl::DtlsV1_2OrLater; QTest::newRow("UnknownProtocol") << QSsl::UnknownProtocol; } @@ -4467,7 +4593,7 @@ void tst_QSslSocket::unsupportedProtocols() return; QFETCH(const QSsl::SslProtocol, unsupportedProtocol); - const int timeoutMS = 500; + constexpr auto timeout = 500ms; // Test a client socket. { // 0. connectToHostEncrypted: client-side, non-blocking API, error is discovered @@ -4489,7 +4615,7 @@ void tst_QSslSocket::unsupportedProtocols() QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError); socket.connectToHost(QHostAddress::LocalHost, server.serverPort()); - QVERIFY(socket.waitForConnected(timeoutMS)); + QVERIFY(socket.waitForConnected(int(timeout.count()))); socket.setProtocol(unsupportedProtocol); socket.startClientEncryption(); @@ -4514,7 +4640,7 @@ void tst_QSslSocket::unsupportedProtocols() QTcpSocket client; client.connectToHost(QHostAddress::LocalHost, server.serverPort()); - loop.enterLoopMSecs(timeoutMS); + loop.enterLoop(timeout); QVERIFY(!loop.timeout()); QVERIFY(server.socket); QCOMPARE(server.socket->error(), QAbstractSocket::SslInvalidUserDataError); @@ -4527,13 +4653,15 @@ void tst_QSslSocket::oldErrorsOnSocketReuse() if (setProxy) return; // not relevant SslServer server; - server.protocol = QSsl::TlsV1_1; + if (!isTestingOpenSsl) + server.protocol = Test::TlsV1_1; server.m_certFile = testDataDir + "certs/fluke.cert"; server.m_keyFile = testDataDir + "certs/fluke.key"; QVERIFY(server.listen(QHostAddress::SpecialAddress::LocalHost)); QSslSocket socket; - socket.setProtocol(QSsl::TlsV1_1); + if (!isTestingOpenSsl) + socket.setProtocol(Test::TlsV1_1); QList<QSslError> errorList; auto connection = connect(&socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), [&socket, &errorList](const QList<QSslError> &errors) { @@ -4619,10 +4747,19 @@ void tst_QSslSocket::alertMissingCertificate() connect(&clientSocket, &QAbstractSocket::errorOccurred, earlyQuitter); connect(&server, &SslServer::socketError, earlyQuitter); - runner.enterLoopMSecs(1000); + runner.enterLoop(1s); + + if (clientSocket.isEncrypted()) { + // When using TLS 1.3 the client side thinks it is connected very + // quickly, before the server has finished processing. So wait for the + // inevitable disconnect. + QCOMPARE(clientSocket.sessionProtocol(), QSsl::TlsV1_3); + connect(&clientSocket, &QSslSocket::disconnected, &runner, &QTestEventLoop::exitLoop); + runner.enterLoop(10s); + } - QVERIFY(serverSpy.count() > 0); - QVERIFY(clientSpy.count() > 0); + QVERIFY(serverSpy.size() > 0); + QVERIFY(clientSpy.size() > 0); QVERIFY(server.socket && !server.socket->isEncrypted()); QVERIFY(!clientSocket.isEncrypted()); } @@ -4673,11 +4810,11 @@ void tst_QSslSocket::alertInvalidCertificate() connect(&clientSocket, &QAbstractSocket::errorOccurred, earlyQuitter); connect(&server, &SslServer::socketError, earlyQuitter); - runner.enterLoopMSecs(1000); + runner.enterLoop(1s); - QVERIFY(serverSpy.count() > 0); - QVERIFY(clientSpy.count() > 0); - QVERIFY(interruptedSpy.count() > 0); + QVERIFY(serverSpy.size() > 0); + QVERIFY(clientSpy.size() > 0); + QVERIFY(interruptedSpy.size() > 0); QVERIFY(server.socket && !server.socket->isEncrypted()); QVERIFY(!clientSocket.isEncrypted()); } @@ -4801,17 +4938,17 @@ void tst_QSslSocket::selfSignedCertificates() connect(&clientSocket, &QAbstractSocket::errorOccurred, earlyQuitter); connect(&server, &SslServer::socketError, earlyQuitter); - runner.enterLoopMSecs(1000); + runner.enterLoop(1s); if (clientKnown) { - QCOMPARE(serverSpy.count(), 0); - QCOMPARE(clientSpy.count(), 0); + QCOMPARE(serverSpy.size(), 0); + QCOMPARE(clientSpy.size(), 0); QVERIFY(server.socket && server.socket->isEncrypted()); QVERIFY(clientSocket.isEncrypted()); } else { - QVERIFY(serverSpy.count() > 0); + QVERIFY(serverSpy.size() > 0); QEXPECT_FAIL("", "Failing to trigger signal, QTBUG-81661", Continue); - QVERIFY(clientSpy.count() > 0); + QVERIFY(clientSpy.size() > 0); QVERIFY(server.socket && !server.socket->isEncrypted()); QVERIFY(!clientSocket.isEncrypted()); } @@ -4939,18 +5076,18 @@ void tst_QSslSocket::pskHandshake() connect(&clientSocket, &QAbstractSocket::errorOccurred, earlyQuitter); connect(&server, &SslServer::socketError, earlyQuitter); - runner.enterLoopMSecs(1000); + runner.enterLoop(1s); if (pskRight) { - QCOMPARE(serverSpy.count(), 0); - QCOMPARE(clientSpy.count(), 0); + QCOMPARE(serverSpy.size(), 0); + QCOMPARE(clientSpy.size(), 0); QVERIFY(server.socket && server.socket->isEncrypted()); QVERIFY(clientSocket.isEncrypted()); } else { - QVERIFY(serverSpy.count() > 0); + QVERIFY(serverSpy.size() > 0); QCOMPARE(serverSpy.first().at(0).toInt(), static_cast<int>(QSsl::AlertLevel::Fatal)); QCOMPARE(serverSpy.first().at(1).toInt(), static_cast<int>(QSsl::AlertType::BadRecordMac)); - QVERIFY(clientSpy.count() > 0); + QVERIFY(clientSpy.size() > 0); QCOMPARE(clientSpy.first().at(0).toInt(), static_cast<int>(QSsl::AlertLevel::Fatal)); QCOMPARE(clientSpy.first().at(1).toInt(), static_cast<int>(QSsl::AlertType::BadRecordMac)); QVERIFY(server.socket && !server.socket->isEncrypted()); diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/BLACKLIST b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/BLACKLIST new file mode 100644 index 0000000000..96d94bd935 --- /dev/null +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/BLACKLIST @@ -0,0 +1,7 @@ +# QTBUG-101274 +# [onDemandRootCertLoadingMemberMethods:WithoutProxy] +# qnx ci + +# QTBUG-63481 +[onDemandRootCertLoadingMemberMethods] +* diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/CMakeLists.txt b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/CMakeLists.txt index 3f68cbfdf4..34e026cb8b 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/CMakeLists.txt @@ -1,4 +1,11 @@ -# Generated from qsslsocket_onDemandCertificates_member.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause + +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslsocket_onDemandCertificates_member LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() if(NOT QT_FEATURE_private_tests) return() @@ -11,26 +18,9 @@ endif() qt_internal_add_test(tst_qsslsocket_onDemandCertificates_member SOURCES tst_qsslsocket_onDemandCertificates_member.cpp - DEFINES - SRCDIR=\\\"${CMAKE_CURRENT_SOURCE_DIR}/\\\" - PUBLIC_LIBRARIES + LIBRARIES Qt::CorePrivate Qt::NetworkPrivate - QT_TEST_SERVER_LIST "squid" "danted" # special case + QT_TEST_SERVER_LIST "squid" "danted" + BUNDLE_ANDROID_OPENSSL_LIBS ) - -#### Keys ignored in scope 1:.:.:qsslsocket_onDemandCertificates_member.pro:<TRUE>: -# _REQUIREMENTS = "qtConfig(private_tests)" -# testcase.timeout = "300" - -## Scopes: -##################################################################### - -#### Keys ignored in scope 3:.:.:qsslsocket_onDemandCertificates_member.pro:(CMAKE_BUILD_TYPE STREQUAL Debug): -# DESTDIR = "debug" - -#### Keys ignored in scope 4:.:.:qsslsocket_onDemandCertificates_member.pro:else: -# DESTDIR = "release" - -#### Keys ignored in scope 5:.:.:qsslsocket_onDemandCertificates_member.pro:LINUX: -# QT_TEST_SERVER_LIST = "squid" "danted" diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp index 759fad6a02..119891c916 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp @@ -1,30 +1,5 @@ -/**************************************************************************** -** -** Copyright (C) 2016 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2016 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtNetwork> @@ -219,6 +194,7 @@ static bool waitForEncrypted(QSslSocket *socket) void tst_QSslSocket_onDemandCertificates_member::onDemandRootCertLoadingMemberMethods() { +#define ERR(socket) socket->errorString().toLatin1() const QString host("www.qt.io"); // not using any root certs -> should not work @@ -228,13 +204,13 @@ void tst_QSslSocket_onDemandCertificates_member::onDemandRootCertLoadingMemberMe sslConfig.setCaCertificates(QList<QSslCertificate>()); socket2->setSslConfiguration(sslConfig); socket2->connectToHostEncrypted(host, 443); - QVERIFY(!waitForEncrypted(socket2.data())); + QVERIFY2(!waitForEncrypted(socket2.data()), ERR(socket2)); // default: using on demand loading -> should work QSslSocketPtr socket = newSocket(); this->socket = socket.data(); socket->connectToHostEncrypted(host, 443); - QVERIFY2(waitForEncrypted(socket.data()), qPrintable(socket->errorString())); + QVERIFY2(waitForEncrypted(socket.data()), ERR(socket)); // not using any root certs again -> should not work QSslSocketPtr socket3 = newSocket(); @@ -243,7 +219,7 @@ void tst_QSslSocket_onDemandCertificates_member::onDemandRootCertLoadingMemberMe sslConfig.setCaCertificates(QList<QSslCertificate>()); socket3->setSslConfiguration(sslConfig); socket3->connectToHostEncrypted(host, 443); - QVERIFY(!waitForEncrypted(socket3.data())); + QVERIFY2(!waitForEncrypted(socket3.data()), ERR(socket3)); // setting empty SSL configuration explicitly -> depends on on-demand loading QSslSocketPtr socket4 = newSocket(); @@ -254,16 +230,20 @@ void tst_QSslSocket_onDemandCertificates_member::onDemandRootCertLoadingMemberMe #ifdef QT_BUILD_INTERNAL const bool works = QSslSocketPrivate::rootCertOnDemandLoadingSupported(); #if defined(Q_OS_LINUX) || defined(Q_OS_WIN) - QCOMPARE(works, true); + QVERIFY2(works, ERR(socket4)); #elif defined(Q_OS_MAC) - QCOMPARE(works, false); + QVERIFY2(!works, ERR(socket4)); #endif // other platforms: undecided. // When we *allow* on-demand loading, we enable it by default; so, on Unix, // it will work without setting any certificates. Otherwise, the configuration // contains an empty set of certificates, so on-demand loading shall fail. - QCOMPARE(waitForEncrypted(socket4.data()), works); + const bool result = waitForEncrypted(socket4.data()); + if (result != works) + qDebug() << socket4->errorString(); + QCOMPARE(waitForEncrypted(socket4.data()), works); #endif // QT_BUILD_INTERNAL } +#undef ERR #endif // QT_NO_OPENSSL diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/BLACKLIST b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/BLACKLIST deleted file mode 100644 index 52bd2bc86d..0000000000 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/BLACKLIST +++ /dev/null @@ -1,2 +0,0 @@ -[onDemandRootCertLoadingStaticMethods:WithSocks5ProxyAuth] -windows diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/CMakeLists.txt b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/CMakeLists.txt index 976143f649..696eec98ee 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/CMakeLists.txt +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/CMakeLists.txt @@ -1,4 +1,11 @@ -# Generated from qsslsocket_onDemandCertificates_static.pro. +# Copyright (C) 2022 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause + +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qsslsocket_onDemandCertificates_static LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() if(NOT QT_FEATURE_private_tests) return() @@ -11,25 +18,9 @@ endif() qt_internal_add_test(tst_qsslsocket_onDemandCertificates_static SOURCES tst_qsslsocket_onDemandCertificates_static.cpp - DEFINES - SRCDIR=\\\"${CMAKE_CURRENT_SOURCE_DIR}/\\\" - PUBLIC_LIBRARIES + LIBRARIES Qt::CorePrivate Qt::NetworkPrivate - QT_TEST_SERVER_LIST "squid" "danted" # special case + QT_TEST_SERVER_LIST "squid" "danted" + BUNDLE_ANDROID_OPENSSL_LIBS ) - -#### Keys ignored in scope 1:.:.:qsslsocket_onDemandCertificates_static.pro:<TRUE>: -# _REQUIREMENTS = "qtConfig(private_tests)" - -## Scopes: -##################################################################### - -#### Keys ignored in scope 3:.:.:qsslsocket_onDemandCertificates_static.pro:(CMAKE_BUILD_TYPE STREQUAL Debug): -# DESTDIR = "debug" - -#### Keys ignored in scope 4:.:.:qsslsocket_onDemandCertificates_static.pro:else: -# DESTDIR = "release" - -#### Keys ignored in scope 5:.:.:qsslsocket_onDemandCertificates_static.pro:LINUX: -# QT_TEST_SERVER_LIST = "squid" "danted" diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/tst_qsslsocket_onDemandCertificates_static.cpp b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/tst_qsslsocket_onDemandCertificates_static.cpp index bbcdb5b13f..c5475da581 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/tst_qsslsocket_onDemandCertificates_static.cpp +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/tst_qsslsocket_onDemandCertificates_static.cpp @@ -1,30 +1,5 @@ -/**************************************************************************** -** -** Copyright (C) 2016 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2016 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtNetwork> diff --git a/tests/auto/network/ssl/shared/qopenssl_symbols.h b/tests/auto/network/ssl/shared/qopenssl_symbols.h index 2c86f6e052..c98e90d424 100644 --- a/tests/auto/network/ssl/shared/qopenssl_symbols.h +++ b/tests/auto/network/ssl/shared/qopenssl_symbols.h @@ -1,42 +1,6 @@ -/**************************************************************************** -** -** Copyright (C) 2021 The Qt Company Ltd. -** Copyright (C) 2014 BlackBerry Limited. All rights reserved. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the QtNetwork module of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:LGPL$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU Lesser General Public License Usage -** Alternatively, this file may be used under the terms of the GNU Lesser -** General Public License version 3 as published by the Free Software -** Foundation and appearing in the file LICENSE.LGPL3 included in the -** packaging of this file. Please review the following information to -** ensure the GNU Lesser General Public License version 3 requirements -** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 2.0 or (at your option) the GNU General -** Public license version 3 or any later version approved by the KDE Free -** Qt Foundation. The licenses are as published by the Free Software -** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-2.0.html and -** https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2021 The Qt Company Ltd. +// Copyright (C) 2014 BlackBerry Limited. All rights reserved. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only /**************************************************************************** ** @@ -71,6 +35,7 @@ // reduced to the needs of our auto-tests, that have to mess with // OpenSSL calls directly. +#include <QtCore/qset.h> #include <QtNetwork/private/qtnetworkglobal_p.h> QT_REQUIRE_CONFIG(openssl); @@ -206,43 +171,40 @@ void qsslSocketCannotResolveSymbolWarning(const char *functionName) #define DUMMYARG -#define FUNC_UNUSED(func) \ - []() {Q_UNUSED(q_##func);}() - #if defined(QT_LINKED_OPENSSL) // **************** Static declarations ****************** // ret func(arg) # define DEFINEFUNC(ret, func, arg, a, err, funcret) \ - ret q_##func(arg) { FUNC_UNUSED(func); funcret func(a); } + [[maybe_unused]] ret q_##func(arg) { funcret func(a); } // ret func(arg1, arg2) # define DEFINEFUNC2(ret, func, arg1, a, arg2, b, err, funcret) \ - ret q_##func(arg1, arg2) { FUNC_UNUSED(func); funcret func(a, b); } + [[maybe_unused]] ret q_##func(arg1, arg2) { funcret func(a, b); } // ret func(arg1, arg2, arg3) # define DEFINEFUNC3(ret, func, arg1, a, arg2, b, arg3, c, err, funcret) \ - ret q_##func(arg1, arg2, arg3) { FUNC_UNUSED(func); funcret func(a, b, c); } + [[maybe_unused]] ret q_##func(arg1, arg2, arg3) { funcret func(a, b, c); } // ret func(arg1, arg2, arg3, arg4) # define DEFINEFUNC4(ret, func, arg1, a, arg2, b, arg3, c, arg4, d, err, funcret) \ - ret q_##func(arg1, arg2, arg3, arg4) { FUNC_UNUSED(func); funcret func(a, b, c, d); } + [[maybe_unused]] ret q_##func(arg1, arg2, arg3, arg4) { funcret func(a, b, c, d); } // ret func(arg1, arg2, arg3, arg4, arg5) # define DEFINEFUNC5(ret, func, arg1, a, arg2, b, arg3, c, arg4, d, arg5, e, err, funcret) \ - ret q_##func(arg1, arg2, arg3, arg4, arg5) { FUNC_UNUSED(func); funcret func(a, b, c, d, e); } + [[maybe_unused]] ret q_##func(arg1, arg2, arg3, arg4, arg5) { funcret func(a, b, c, d, e); } // ret func(arg1, arg2, arg3, arg4, arg6) # define DEFINEFUNC6(ret, func, arg1, a, arg2, b, arg3, c, arg4, d, arg5, e, arg6, f, err, funcret) \ - ret q_##func(arg1, arg2, arg3, arg4, arg5, arg6) { FUNC_UNUSED(func); funcret func(a, b, c, d, e, f); } + [[maybe_unused]] ret q_##func(arg1, arg2, arg3, arg4, arg5, arg6) { funcret func(a, b, c, d, e, f); } // ret func(arg1, arg2, arg3, arg4, arg6, arg7) # define DEFINEFUNC7(ret, func, arg1, a, arg2, b, arg3, c, arg4, d, arg5, e, arg6, f, arg7, g, err, funcret) \ - ret q_##func(arg1, arg2, arg3, arg4, arg5, arg6, arg7) { FUNC_UNUSED(func); funcret func(a, b, c, d, e, f, g); } + [[maybe_unused]] ret q_##func(arg1, arg2, arg3, arg4, arg5, arg6, arg7) { funcret func(a, b, c, d, e, f, g); } // ret func(arg1, arg2, arg3, arg4, arg6, arg7, arg8, arg9) # define DEFINEFUNC9(ret, func, arg1, a, arg2, b, arg3, c, arg4, d, arg5, e, arg6, f, arg7, g, arg8, h, arg9, i, err, funcret) \ - ret q_##func(arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) { FUNC_UNUSED(func); funcret func(a, b, c, d, e, f, g, h, i); } + [[maybe_unused]] ret q_##func(arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) { funcret func(a, b, c, d, e, f, g, h, i); } // **************** Static declarations ****************** @@ -254,8 +216,7 @@ void qsslSocketCannotResolveSymbolWarning(const char *functionName) # define DEFINEFUNC(ret, func, arg, a, err, funcret) \ typedef ret (*_q_PTR_##func)(arg); \ static _q_PTR_##func _q_##func = 0; \ - ret q_##func(arg) { \ - FUNC_UNUSED(func); \ + [[maybe_unused]] ret q_##func(arg) { \ if (Q_UNLIKELY(!_q_##func)) { \ qsslSocketUnresolvedSymbolWarning(#func); \ err; \ @@ -267,8 +228,7 @@ void qsslSocketCannotResolveSymbolWarning(const char *functionName) # define DEFINEFUNC2(ret, func, arg1, a, arg2, b, err, funcret) \ typedef ret (*_q_PTR_##func)(arg1, arg2); \ static _q_PTR_##func _q_##func = 0; \ - ret q_##func(arg1, arg2) { \ - FUNC_UNUSED(func); \ + [[maybe_unused]] ret q_##func(arg1, arg2) { \ if (Q_UNLIKELY(!_q_##func)) { \ qsslSocketUnresolvedSymbolWarning(#func);\ err; \ @@ -280,8 +240,7 @@ void qsslSocketCannotResolveSymbolWarning(const char *functionName) # define DEFINEFUNC3(ret, func, arg1, a, arg2, b, arg3, c, err, funcret) \ typedef ret (*_q_PTR_##func)(arg1, arg2, arg3); \ static _q_PTR_##func _q_##func = 0; \ - ret q_##func(arg1, arg2, arg3) { \ - FUNC_UNUSED(func); \ + [[maybe_unused]] ret q_##func(arg1, arg2, arg3) { \ if (Q_UNLIKELY(!_q_##func)) { \ qsslSocketUnresolvedSymbolWarning(#func); \ err; \ @@ -293,8 +252,7 @@ void qsslSocketCannotResolveSymbolWarning(const char *functionName) # define DEFINEFUNC4(ret, func, arg1, a, arg2, b, arg3, c, arg4, d, err, funcret) \ typedef ret (*_q_PTR_##func)(arg1, arg2, arg3, arg4); \ static _q_PTR_##func _q_##func = 0; \ - ret q_##func(arg1, arg2, arg3, arg4) { \ - FUNC_UNUSED(func); \ + [[maybe_unused]] ret q_##func(arg1, arg2, arg3, arg4) { \ if (Q_UNLIKELY(!_q_##func)) { \ qsslSocketUnresolvedSymbolWarning(#func); \ err; \ @@ -306,8 +264,7 @@ void qsslSocketCannotResolveSymbolWarning(const char *functionName) # define DEFINEFUNC5(ret, func, arg1, a, arg2, b, arg3, c, arg4, d, arg5, e, err, funcret) \ typedef ret (*_q_PTR_##func)(arg1, arg2, arg3, arg4, arg5); \ static _q_PTR_##func _q_##func = 0; \ - ret q_##func(arg1, arg2, arg3, arg4, arg5) { \ - FUNC_UNUSED(func); \ + [[maybe_unused]] ret q_##func(arg1, arg2, arg3, arg4, arg5) { \ if (Q_UNLIKELY(!_q_##func)) { \ qsslSocketUnresolvedSymbolWarning(#func); \ err; \ @@ -319,8 +276,7 @@ void qsslSocketCannotResolveSymbolWarning(const char *functionName) # define DEFINEFUNC6(ret, func, arg1, a, arg2, b, arg3, c, arg4, d, arg5, e, arg6, f, err, funcret) \ typedef ret (*_q_PTR_##func)(arg1, arg2, arg3, arg4, arg5, arg6); \ static _q_PTR_##func _q_##func = 0; \ - ret q_##func(arg1, arg2, arg3, arg4, arg5, arg6) { \ - FUNC_UNUSED(func); \ + [[maybe_unused]] ret q_##func(arg1, arg2, arg3, arg4, arg5, arg6) { \ if (Q_UNLIKELY(!_q_##func)) { \ qsslSocketUnresolvedSymbolWarning(#func); \ err; \ @@ -332,8 +288,7 @@ void qsslSocketCannotResolveSymbolWarning(const char *functionName) # define DEFINEFUNC7(ret, func, arg1, a, arg2, b, arg3, c, arg4, d, arg5, e, arg6, f, arg7, g, err, funcret) \ typedef ret (*_q_PTR_##func)(arg1, arg2, arg3, arg4, arg5, arg6, arg7); \ static _q_PTR_##func _q_##func = 0; \ - ret q_##func(arg1, arg2, arg3, arg4, arg5, arg6, arg7) { \ - FUNC_UNUSED(func); \ + [[maybe_unused]] ret q_##func(arg1, arg2, arg3, arg4, arg5, arg6, arg7) { \ if (Q_UNLIKELY(!_q_##func)) { \ qsslSocketUnresolvedSymbolWarning(#func); \ err; \ @@ -345,8 +300,7 @@ void qsslSocketCannotResolveSymbolWarning(const char *functionName) # define DEFINEFUNC9(ret, func, arg1, a, arg2, b, arg3, c, arg4, d, arg5, e, arg6, f, arg7, g, arg8, h, arg9, i, err, funcret) \ typedef ret (*_q_PTR_##func)(arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9); \ static _q_PTR_##func _q_##func = 0; \ - ret q_##func(arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) { \ - FUNC_UNUSED(func); \ + [[maybe_unused]] ret q_##func(arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) { \ if (Q_UNLIKELY(!_q_##func)) { \ qsslSocketUnresolvedSymbolWarning(#func); \ err; \ @@ -410,8 +364,6 @@ DEFINEFUNC(void, OCSP_CERTID_free, OCSP_CERTID *cid, cid, return, DUMMYARG) #endif // QT_CONFIG(ocsp) -#undef FUNC_UNUSED - #ifndef QT_LINKED_OPENSSL #if !QT_CONFIG(library) @@ -453,7 +405,7 @@ struct LibGreaterThan { const auto lhsparts = lhs.split(QLatin1Char('.')); const auto rhsparts = rhs.split(QLatin1Char('.')); - Q_ASSERT(lhsparts.count() > 1 && rhsparts.count() > 1); + Q_ASSERT(lhsparts.size() > 1 && rhsparts.size() > 1); // note: checking rhs < lhs, the same as lhs > rhs return std::lexicographical_compare(rhsparts.begin() + 1, rhsparts.end(), @@ -529,7 +481,7 @@ QStringList findAllLibs(QLatin1String filter) QStringList entryList = dir.entryList(filters, QDir::Files); std::sort(entryList.begin(), entryList.end(), LibGreaterThan()); - for (const QString &entry : qAsConst(entryList)) + for (const QString &entry : std::as_const(entryList)) found << path + QLatin1Char('/') + entry; } @@ -550,6 +502,12 @@ QStringList findAllLibCrypto() #ifdef Q_OS_WIN +#if (OPENSSL_VERSION_NUMBER >> 28) < 3 +#define QT_OPENSSL_VERSION "1_1" +#elif OPENSSL_VERSION_MAJOR == 3 // Starting with 3.0 this define is available +#define QT_OPENSSL_VERSION "3" +#endif // > 3 intentionally left undefined + struct LoadedOpenSsl { std::unique_ptr<QSystemLibrary> ssl, crypto; }; @@ -588,8 +546,9 @@ static LoadedOpenSsl loadOpenSsl() #define QT_SSL_SUFFIX #endif - tryToLoadOpenSslWin32Library(QLatin1String("libssl-1_1" QT_SSL_SUFFIX), - QLatin1String("libcrypto-1_1" QT_SSL_SUFFIX), result); + tryToLoadOpenSslWin32Library(QLatin1String("libssl-" QT_OPENSSL_VERSION QT_SSL_SUFFIX), + QLatin1String("libcrypto-" QT_OPENSSL_VERSION QT_SSL_SUFFIX), + result); #undef QT_SSL_SUFFIX return result; @@ -698,6 +657,11 @@ LoadedOpenSsl loadOpenSsl() const QStringList cryptoList = findAllLibCrypto(); for (const QString &crypto : cryptoList) { +#ifdef Q_OS_DARWIN + // Clients should not load the unversioned libcrypto dylib as it does not have a stable ABI + if (crypto.endsWith("libcrypto.dylib")) + continue; +#endif libcrypto->setFileNameAndVersion(crypto, -1); if (libcrypto->load()) { QFileInfo fi(crypto); diff --git a/tests/auto/network/ssl/shared/tlshelpers.h b/tests/auto/network/ssl/shared/tlshelpers.h index cd0f785aee..de3c2ea51a 100644 --- a/tests/auto/network/ssl/shared/tlshelpers.h +++ b/tests/auto/network/ssl/shared/tlshelpers.h @@ -1,30 +1,5 @@ -/**************************************************************************** -** -** Copyright (C) 2021 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2021 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtNetwork/qtnetworkglobal.h> @@ -37,13 +12,8 @@ #include <QtCore/qstring.h> #include <QtCore/qglobal.h> -// TODO: these 'helpers' later to include OpenSSL resolver/sumbols -// required by some auto-tests. - QT_BEGIN_NAMESPACE - - namespace TlsAux { inline bool classImplemented(QSsl::ImplementedClass cl) |