diff options
Diffstat (limited to 'tests/auto/network/ssl')
13 files changed, 589 insertions, 101 deletions
diff --git a/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro b/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro index 87a210c051..7c1cd5b66b 100644 --- a/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro +++ b/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro @@ -1,7 +1,7 @@ CONFIG += testcase SOURCES += tst_qsslcertificate.cpp -!wince:win32:LIBS += -lws2_32 +win32:LIBS += -lws2_32 QT = core network testlib TARGET = tst_qsslcertificate diff --git a/tests/auto/network/ssl/qsslcipher/qsslcipher.pro b/tests/auto/network/ssl/qsslcipher/qsslcipher.pro index 4cb2dfebab..81ef2d8d9a 100644 --- a/tests/auto/network/ssl/qsslcipher/qsslcipher.pro +++ b/tests/auto/network/ssl/qsslcipher/qsslcipher.pro @@ -1,7 +1,7 @@ CONFIG += testcase SOURCES += tst_qsslcipher.cpp -win32:!wince: LIBS += -lws2_32 +win32:LIBS += -lws2_32 QT = core network testlib TARGET = tst_qsslcipher diff --git a/tests/auto/network/ssl/qssldiffiehellmanparameters/qssldiffiehellmanparameters.pro b/tests/auto/network/ssl/qssldiffiehellmanparameters/qssldiffiehellmanparameters.pro new file mode 100644 index 0000000000..b8053f9eb3 --- /dev/null +++ b/tests/auto/network/ssl/qssldiffiehellmanparameters/qssldiffiehellmanparameters.pro @@ -0,0 +1,8 @@ +CONFIG += testcase +CONFIG += parallel_test + +SOURCES += tst_qssldiffiehellmanparameters.cpp +!wince*:win32:LIBS += -lws2_32 +QT = core network testlib + +TARGET = tst_qssldiffiehellmanparameters diff --git a/tests/auto/network/ssl/qssldiffiehellmanparameters/tst_qssldiffiehellmanparameters.cpp b/tests/auto/network/ssl/qssldiffiehellmanparameters/tst_qssldiffiehellmanparameters.cpp new file mode 100644 index 0000000000..f3b9003fbb --- /dev/null +++ b/tests/auto/network/ssl/qssldiffiehellmanparameters/tst_qssldiffiehellmanparameters.cpp @@ -0,0 +1,163 @@ +/**************************************************************************** +** +** Copyright (C) 2015 Mikkel Krautz <mikkel@krautz.dk> +** Contact: http://www.qt.io/licensing/ +** +** This file is part of the QtNetwork module of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:LGPL$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and The Qt Company. For licensing terms +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. +** +** GNU Lesser General Public License Usage +** Alternatively, this file may be used under the terms of the GNU Lesser +** General Public License version 3 as published by the Free Software +** Foundation and appearing in the file LICENSE.LGPL3 included in the +** packaging of this file. Please review the following information to +** ensure the GNU Lesser General Public License version 3 requirements +** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 2.0 or (at your option) the GNU General +** Public license version 3 or any later version approved by the KDE Free +** Qt Foundation. The licenses are as published by the Free Software +** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-2.0.html and +** https://www.gnu.org/licenses/gpl-3.0.html. +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + +#include <QtTest/QtTest> +#include <QSslDiffieHellmanParameters> +#include <QSslSocket> +#include <QByteArray> + +class tst_QSslDiffieHellmanParameters : public QObject +{ + Q_OBJECT + +#ifndef QT_NO_SSL +private Q_SLOTS: + void constructionEmpty(); + void constructionDefault(); + void constructionDER(); + void constructionPEM(); + void unsafe512Bits(); + void unsafeNonPrime(); +#endif +}; + +#ifndef QT_NO_SSL + +void tst_QSslDiffieHellmanParameters::constructionEmpty() +{ + QSslDiffieHellmanParameters dh; + + QCOMPARE(dh.isEmpty(), true); + QCOMPARE(dh.isValid(), true); + QCOMPARE(dh.error(), QSslDiffieHellmanParameters::NoError); +} + +void tst_QSslDiffieHellmanParameters::constructionDefault() +{ + QSslDiffieHellmanParameters dh = QSslDiffieHellmanParameters::defaultParameters(); + +#ifndef QT_NO_OPENSSL + QCOMPARE(dh.isValid(), true); + QCOMPARE(dh.error(), QSslDiffieHellmanParameters::NoError); +#endif +} + +void tst_QSslDiffieHellmanParameters::constructionDER() +{ + // Uniquely generated with 'openssl dhparam -outform DER -out out.der -check -2 4096' + const auto dh = QSslDiffieHellmanParameters::fromEncoded(QByteArray::fromBase64(QByteArrayLiteral( + "MIICCAKCAgEAsbQYx57ZlyEyWF8jD5WYEswGR2aTVFsHqP3026SdyTwcjY+YlMOae0EagK" + "jDA0UlPcih1kguQOvOVgyc5gI3YbBb4pCNEdy048xITlsdqG7qC3+2VvFR3vfixEbQQll9" + "2cGIIneD/36p7KJcDnBNUwwWj/VJKhTwelTfKTj2T39si9xGMkqZiQuCaXRk6vSKZ4ZDPk" + "jiq5Ti1kHVFbL9SMWRa8zplPtDMrVfhSyw10njgD4qKd1UoUPdmhEPhRZlHaZ/cAHNSHMj" + "uhDakeMpN+XP2/sl5IpPZ3/vVOk9PhBDFO1NYzKx/b7RQgZCUmXoglKYpfBiz8OheoI0hK" + "V0fU/OCtHjRrP4hE9vIHA2aE+gaQZiYCciGcR9BjHQ7Y8K9qHyTX8UIz2G4ZKzQZK9G+pA" + "K0xD+1H3qZ/MaUhzNDQOwwihnTjjXzTjfIGqYDdbouAhw+tX51CsGonI0cL3s3QMa3CwGH" + "mw+AH2b/Z68dTSy0sC3CYn9cNbrctqyeHwQrsx9FfpOz+Z6sk2WsPgqgSp/pDVVgm5oSfO" + "2mN7WAWgUlf9TQuj1HIRCTI+PbBq2vYvn+YResMRo+8ng1QptKAAgQoVVGNRYxZ9iAZlvO" + "52DcHKlsqDuafQ1XVGmzVIrKtBi2gfLtPqY4v6g6v26l8gbzK67PpWstllHiPb4VMCAQI=" + )), QSsl::Der); + +#ifndef QT_NO_OPENSSL + QCOMPARE(dh.isValid(), true); + QCOMPARE(dh.error(), QSslDiffieHellmanParameters::NoError); +#endif +} + +void tst_QSslDiffieHellmanParameters::constructionPEM() +{ + // Uniquely generated with 'openssl dhparam -outform PEM -out out.pem -check -2 4096' + const auto dh = QSslDiffieHellmanParameters::fromEncoded(QByteArrayLiteral( + "-----BEGIN DH PARAMETERS-----\n" + "MIICCAKCAgEA9QTdqhQkbGuhWzBsW5X475AjjrITpg1BHX5+mp1sstUd84Lshq1T\n" + "+S2QQQtdl25EPoUblpyyLAf8krFSH4YwR7jjLWklA8paDOwRYod0zLmVZ1Wx6og3\n" + "PRc8P+SCs+6gKTXfv//bJJhiJXnM73lDFsGHbSqN+msf20ei/zy5Rwey2t8dPjLC\n" + "Q+qkb/avlovi2t2rsUWcxMT1875TQ4HuApayqw3R3lTQe9u05b9rTrinmT7AE4mm\n" + "xGqO9FZJdXYE2sOKwwJkpM48KFyV90uJANmqJnQrkgdukaGTHwxZxgAyO6ur/RWC\n" + "kzf9STFT6IY4Qy05q+oZVJfh8xPHszKmmC8nWaLfiHMYBnL5fv+1kh/aU11Kz9TG\n" + "iDXwQ+tzhKAutQPUwe3IGQUYQMZPwZI4vegdU88/7YPXuWt7b/0Il5+2ma5FbtG2\n" + "u02PMi+J3JZsYi/tEUv1tJBVHGH0kDpgcyOm8rvkCtNbNkETzfwUPoEgA0oPMhVt\n" + "sFGub1av+jLRyFNGNBJcqXAO+Tq2zXG00DxbGY+aooJ50qU/Lh5gfnCEMDXlMM9P\n" + "T8JVpWaaNLCC+0Z5txsfYp+FO8mOttIPIF6F8FtmTnm/jhNntvqKvsU+NHylIYzr\n" + "o42EpiWwS7ktPPUS2GtG+IUdy8rvdO1xJ5kNxs7ZlygY4W1htOhbUusCAQI=\n" + "-----END DH PARAMETERS-----\n" + ), QSsl::Pem); + +#ifndef QT_NO_OPENSSL + QCOMPARE(dh.isValid(), true); + QCOMPARE(dh.error(), QSslDiffieHellmanParameters::NoError); +#endif +} + +void tst_QSslDiffieHellmanParameters::unsafe512Bits() +{ + // Uniquely generated with 'openssl dhparam -outform PEM -out out.pem -check -2 512' + const auto dh = QSslDiffieHellmanParameters::fromEncoded(QByteArrayLiteral( + "-----BEGIN DH PARAMETERS-----\n" + "MEYCQQCf8goDn56akiliAtEL1ZG7VH+9wfLxsv8/B1emTUG+rMKB1yaVAU7HaAiM\n" + "Gtmo2bAWUqBczUTOTzqmWTm28P6bAgEC\n" + "-----END DH PARAMETERS-----\n" + ), QSsl::Pem); + +#ifndef QT_NO_OPENSSL + QCOMPARE(dh.isValid(), false); + QCOMPARE(dh.error(), QSslDiffieHellmanParameters::UnsafeParametersError); +#endif +} + +void tst_QSslDiffieHellmanParameters::unsafeNonPrime() +{ + // Uniquely generated with 'openssl dhparam -outform DER -out out.der -check -2 1024' + // and then modified by hand to make P not be a prime number. + const auto dh = QSslDiffieHellmanParameters::fromEncoded(QByteArray::fromBase64(QByteArrayLiteral( + "MIGHAoGBALLcOLg+ow8TMnbCUeNjwys6wUTIH9mn4ZSeIbD6qvCsJgg4cUxXwJQmPY" + "Xl15AsKXgkXWh0n+/N6tjH0sSRJnzDvN2H3KxFLKkvxmBYrDOJMdCuMgZD50aOsVyd" + "vholAW9zilkoYkB6sqwxY1Z2dbpTWajCsUAWZQ0AIP4Y5nesAgEC" + )), QSsl::Der); + +#ifndef QT_NO_OPENSSL + QCOMPARE(dh.isValid(), false); + QCOMPARE(dh.error(), QSslDiffieHellmanParameters::UnsafeParametersError); +#endif +} + +#endif // QT_NO_SSL + +QTEST_MAIN(tst_QSslDiffieHellmanParameters) +#include "tst_qssldiffiehellmanparameters.moc" diff --git a/tests/auto/network/ssl/qsslellipticcurve/qsslellipticcurve.pro b/tests/auto/network/ssl/qsslellipticcurve/qsslellipticcurve.pro index e67b64b2b7..a180086c5e 100644 --- a/tests/auto/network/ssl/qsslellipticcurve/qsslellipticcurve.pro +++ b/tests/auto/network/ssl/qsslellipticcurve/qsslellipticcurve.pro @@ -1,7 +1,7 @@ CONFIG += testcase SOURCES += tst_qsslellipticcurve.cpp -win32:!wince: LIBS += -lws2_32 +win32:LIBS += -lws2_32 QT = core network testlib TARGET = tst_qsslellipticcurve diff --git a/tests/auto/network/ssl/qsslerror/qsslerror.pro b/tests/auto/network/ssl/qsslerror/qsslerror.pro index 7737aae3f1..117fd4ac27 100644 --- a/tests/auto/network/ssl/qsslerror/qsslerror.pro +++ b/tests/auto/network/ssl/qsslerror/qsslerror.pro @@ -1,7 +1,7 @@ CONFIG += testcase SOURCES += tst_qsslerror.cpp -win32:!wince: LIBS += -lws2_32 +win32:LIBS += -lws2_32 QT = core network testlib TARGET = tst_qsslerror diff --git a/tests/auto/network/ssl/qsslkey/qsslkey.pro b/tests/auto/network/ssl/qsslkey/qsslkey.pro index 7eb04793f3..8c3877631a 100644 --- a/tests/auto/network/ssl/qsslkey/qsslkey.pro +++ b/tests/auto/network/ssl/qsslkey/qsslkey.pro @@ -1,9 +1,9 @@ CONFIG += testcase SOURCES += tst_qsslkey.cpp -win32:!wince: LIBS += -lws2_32 +win32:LIBS += -lws2_32 QT = core network testlib -contains(QT_CONFIG, private_tests) { +qtConfig(private_tests) { QT += core-private network-private } diff --git a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp index 8afc71a216..0112af4ed7 100644 --- a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp +++ b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp @@ -34,9 +34,14 @@ #include <QtNetwork/qhostaddress.h> #include <QtNetwork/qnetworkproxy.h> -#if !defined(QT_NO_SSL) && defined(QT_BUILD_INTERNAL) -#include "private/qsslkey_p.h" -#define TEST_CRYPTO +#ifdef QT_BUILD_INTERNAL + #ifndef QT_NO_SSL + #include "private/qsslkey_p.h" + #define TEST_CRYPTO + #endif + #ifndef QT_NO_OPENSSL + #include "private/qsslsocket_openssl_symbols_p.h" + #endif #endif class tst_QSslKey : public QObject @@ -58,7 +63,7 @@ class tst_QSslKey : public QObject QList<KeyInfo> keyInfoList; - void createPlainTestRows(); + void createPlainTestRows(bool filter = false, QSsl::EncodingFormat format = QSsl::EncodingFormat::Pem); public slots: void initTestCase(); @@ -69,6 +74,10 @@ private slots: void emptyConstructor(); void constructor_data(); void constructor(); +#ifndef QT_NO_OPENSSL + void constructorHandle_data(); + void constructorHandle(); +#endif void copyAndAssign_data(); void copyAndAssign(); void equalsOperator(); @@ -142,7 +151,7 @@ Q_DECLARE_METATYPE(QSsl::KeyAlgorithm) Q_DECLARE_METATYPE(QSsl::KeyType) Q_DECLARE_METATYPE(QSsl::EncodingFormat) -void tst_QSslKey::createPlainTestRows() +void tst_QSslKey::createPlainTestRows(bool filter, QSsl::EncodingFormat format) { QTest::addColumn<QString>("absFilePath"); QTest::addColumn<QSsl::KeyAlgorithm>("algorithm"); @@ -150,6 +159,9 @@ void tst_QSslKey::createPlainTestRows() QTest::addColumn<int>("length"); QTest::addColumn<QSsl::EncodingFormat>("format"); foreach (KeyInfo keyInfo, keyInfoList) { + if (filter && keyInfo.format != format) + continue; + QTest::newRow(keyInfo.fileInfo.fileName().toLatin1()) << keyInfo.fileInfo.absoluteFilePath() << keyInfo.algorithm << keyInfo.type << keyInfo.length << keyInfo.format; @@ -176,6 +188,45 @@ void tst_QSslKey::constructor() QVERIFY(!key.isNull()); } +#ifndef QT_NO_OPENSSL + +void tst_QSslKey::constructorHandle_data() +{ + createPlainTestRows(true); +} + +void tst_QSslKey::constructorHandle() +{ +#ifndef QT_BUILD_INTERNAL + QSKIP("This test requires -developer-build."); +#else + if (!QSslSocket::supportsSsl()) + return; + + QFETCH(QString, absFilePath); + QFETCH(QSsl::KeyAlgorithm, algorithm); + QFETCH(QSsl::KeyType, type); + QFETCH(int, length); + + QByteArray pem = readFile(absFilePath); + auto func = (type == QSsl::KeyType::PublicKey + ? q_PEM_read_bio_PUBKEY + : q_PEM_read_bio_PrivateKey); + + BIO* bio = q_BIO_new(q_BIO_s_mem()); + q_BIO_write(bio, pem.constData(), pem.length()); + QSslKey key(func(bio, nullptr, nullptr, nullptr), type); + q_BIO_free(bio); + + QVERIFY(!key.isNull()); + QCOMPARE(key.algorithm(), algorithm); + QCOMPARE(key.type(), type); + QCOMPARE(key.length(), length); +#endif +} + +#endif + void tst_QSslKey::copyAndAssign_data() { createPlainTestRows(); diff --git a/tests/auto/network/ssl/qsslsocket/qsslsocket.pro b/tests/auto/network/ssl/qsslsocket/qsslsocket.pro index de2be8e126..5c92ca833a 100644 --- a/tests/auto/network/ssl/qsslsocket/qsslsocket.pro +++ b/tests/auto/network/ssl/qsslsocket/qsslsocket.pro @@ -1,7 +1,7 @@ CONFIG += testcase SOURCES += tst_qsslsocket.cpp -win32:!wince: LIBS += -lws2_32 +win32:LIBS += -lws2_32 QT = core core-private network-private testlib TARGET = tst_qsslsocket @@ -15,19 +15,11 @@ win32 { } # OpenSSL support -contains(QT_CONFIG, openssl) | contains(QT_CONFIG, openssl-linked) { +qtConfig(openssl)|qtConfig(openssl-linked) { # Add optional SSL libs LIBS += $$OPENSSL_LIBS } -wince* { - DEFINES += SRCDIR=\\\"./\\\" +DEFINES += SRCDIR=\\\"$$PWD/\\\" - certFiles.files = certs ssl.tar.gz - certFiles.path = . - DEPLOYMENT += certFiles -} else { - DEFINES += SRCDIR=\\\"$$PWD/\\\" -} - -requires(contains(QT_CONFIG,private_tests)) +requires(qtConfig(private_tests)) diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 00c3a41d88..4eb26d17fe 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -57,7 +57,7 @@ #include "private/qsslconfiguration_p.h" Q_DECLARE_METATYPE(QSslSocket::SslMode) -typedef QList<QSslError::SslError> SslErrorList; +typedef QVector<QSslError::SslError> SslErrorList; Q_DECLARE_METATYPE(SslErrorList) Q_DECLARE_METATYPE(QSslError) Q_DECLARE_METATYPE(QSslKey) @@ -220,6 +220,10 @@ private slots: void qtbug18498_peek(); void qtbug18498_peek2(); void dhServer(); +#ifndef QT_NO_OPENSSL + void dhServerCustomParamsNull(); + void dhServerCustomParams(); +#endif void ecdhServer(); void verifyClientCertificate_data(); void verifyClientCertificate(); @@ -230,6 +234,8 @@ private slots: void simplePskConnect(); void ephemeralServerKey_data(); void ephemeralServerKey(); + void allowedProtocolNegotiation(); + void pskServer(); #endif void setEmptyDefaultConfiguration(); // this test should be last @@ -381,14 +387,14 @@ void tst_QSslSocket::cleanup() #ifndef QT_NO_SSL QSslSocketPtr tst_QSslSocket::newSocket() { - QSslSocket *socket = new QSslSocket; + const auto socket = QSslSocketPtr::create(); proxyAuthCalled = 0; - connect(socket, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)), + connect(socket.data(), SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)), SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)), Qt::DirectConnection); - return QSslSocketPtr(socket); + return socket; } #endif @@ -628,7 +634,8 @@ void tst_QSslSocket::sslErrors() // check the SSL errors contain HostNameMismatch and an error due to // the certificate being self-signed SslErrorList sslErrors; - foreach (const QSslError &err, socket->sslErrors()) + const auto socketSslErrors = socket->sslErrors(); + for (const QSslError &err : socketSslErrors) sslErrors << err.error(); qSort(sslErrors); QVERIFY(sslErrors.contains(QSslError::HostNameMismatch)); @@ -637,7 +644,8 @@ void tst_QSslSocket::sslErrors() // check the same errors were emitted by sslErrors QVERIFY(!sslErrorsSpy.isEmpty()); SslErrorList emittedErrors; - foreach (const QSslError &err, qvariant_cast<QList<QSslError> >(sslErrorsSpy.first().first())) + const auto sslErrorsSpyErrors = qvariant_cast<QList<QSslError> >(qAsConst(sslErrorsSpy).first().first()); + for (const QSslError &err : sslErrorsSpyErrors) emittedErrors << err.error(); qSort(emittedErrors); QCOMPARE(sslErrors, emittedErrors); @@ -646,7 +654,7 @@ void tst_QSslSocket::sslErrors() QVERIFY(!peerVerifyErrorSpy.isEmpty()); SslErrorList peerErrors; const QList<QVariantList> &peerVerifyList = peerVerifyErrorSpy; - foreach (const QVariantList &args, peerVerifyList) + for (const QVariantList &args : peerVerifyList) peerErrors << qvariant_cast<QSslError>(args.first()).error(); qSort(peerErrors); QCOMPARE(sslErrors, peerErrors); @@ -1160,7 +1168,9 @@ void tst_QSslSocket::protocolServerSide_data() #if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) QTest::newRow("ssl2-ssl2") << QSsl::SslV2 << QSsl::SslV2 << false; // no idea why it does not work, but we don't care about SSL 2 #endif +#if !defined(OPENSSL_NO_SSL3) QTest::newRow("ssl3-ssl3") << QSsl::SslV3 << QSsl::SslV3 << true; +#endif QTest::newRow("tls1.0-tls1.0") << QSsl::TlsV1_0 << QSsl::TlsV1_0 << true; QTest::newRow("tls1ssl3-tls1ssl3") << QSsl::TlsV1SslV3 << QSsl::TlsV1SslV3 << true; QTest::newRow("any-any") << QSsl::AnyProtocol << QSsl::AnyProtocol << true; @@ -1174,23 +1184,27 @@ void tst_QSslSocket::protocolServerSide_data() QTest::newRow("ssl2-any") << QSsl::SslV2 << QSsl::AnyProtocol << false; // no idea why it does not work, but we don't care about SSL 2 #endif -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) +#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) && !defined(OPENSSL_NO_SSL3) QTest::newRow("ssl3-ssl2") << QSsl::SslV3 << QSsl::SslV2 << false; #endif +#if !defined(OPENSSL_NO_SSL3) QTest::newRow("ssl3-tls1.0") << QSsl::SslV3 << QSsl::TlsV1_0 << false; QTest::newRow("ssl3-tls1ssl3") << QSsl::SslV3 << QSsl::TlsV1SslV3 << true; QTest::newRow("ssl3-secure") << QSsl::SslV3 << QSsl::SecureProtocols << false; -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) +#endif +#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) && !defined(OPENSSL_NO_SSL3) QTest::newRow("ssl3-any") << QSsl::SslV3 << QSsl::AnyProtocol << false; // we won't set a SNI header here because we connect to a // numerical IP, so OpenSSL will send a SSL 2 handshake -#else +#elif !defined(OPENSSL_NO_SSL3) QTest::newRow("ssl3-any") << QSsl::SslV3 << QSsl::AnyProtocol << true; #endif #if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) QTest::newRow("tls1.0-ssl2") << QSsl::TlsV1_0 << QSsl::SslV2 << false; #endif +#if !defined(OPENSSL_NO_SSL3) QTest::newRow("tls1.0-ssl3") << QSsl::TlsV1_0 << QSsl::SslV3 << false; +#endif QTest::newRow("tls1-tls1ssl3") << QSsl::TlsV1_0 << QSsl::TlsV1SslV3 << true; QTest::newRow("tls1.0-secure") << QSsl::TlsV1_0 << QSsl::SecureProtocols << true; #if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) @@ -1203,7 +1217,9 @@ void tst_QSslSocket::protocolServerSide_data() #if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) QTest::newRow("tls1ssl3-ssl2") << QSsl::TlsV1SslV3 << QSsl::SslV2 << false; #endif +#if !defined(OPENSSL_NO_SSL3) QTest::newRow("tls1ssl3-ssl3") << QSsl::TlsV1SslV3 << QSsl::SslV3 << true; +#endif QTest::newRow("tls1ssl3-tls1.0") << QSsl::TlsV1SslV3 << QSsl::TlsV1_0 << true; QTest::newRow("tls1ssl3-secure") << QSsl::TlsV1SslV3 << QSsl::SecureProtocols << true; QTest::newRow("tls1ssl3-any") << QSsl::TlsV1SslV3 << QSsl::AnyProtocol << true; @@ -1211,7 +1227,9 @@ void tst_QSslSocket::protocolServerSide_data() #if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) QTest::newRow("secure-ssl2") << QSsl::SecureProtocols << QSsl::SslV2 << false; #endif +#if !defined(OPENSSL_NO_SSL3) QTest::newRow("secure-ssl3") << QSsl::SecureProtocols << QSsl::SslV3 << false; +#endif QTest::newRow("secure-tls1.0") << QSsl::SecureProtocols << QSsl::TlsV1_0 << true; QTest::newRow("secure-tls1ssl3") << QSsl::SecureProtocols << QSsl::TlsV1SslV3 << true; QTest::newRow("secure-any") << QSsl::SecureProtocols << QSsl::AnyProtocol << true; @@ -1219,7 +1237,9 @@ void tst_QSslSocket::protocolServerSide_data() #if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) QTest::newRow("any-ssl2") << QSsl::AnyProtocol << QSsl::SslV2 << false; // no idea why it does not work, but we don't care about SSL 2 #endif +#if !defined(OPENSSL_NO_SSL3) QTest::newRow("any-ssl3") << QSsl::AnyProtocol << QSsl::SslV3 << true; +#endif QTest::newRow("any-tls1.0") << QSsl::AnyProtocol << QSsl::TlsV1_0 << true; QTest::newRow("any-tls1ssl3") << QSsl::AnyProtocol << QSsl::TlsV1SslV3 << true; QTest::newRow("any-secure") << QSsl::AnyProtocol << QSsl::SecureProtocols << true; @@ -1244,8 +1264,8 @@ void tst_QSslSocket::protocolServerSide() QEventLoop loop; QTimer::singleShot(5000, &loop, SLOT(quit())); - QSslSocketPtr client(new QSslSocket); - socket = client.data(); + QSslSocket client; + socket = &client; QFETCH(QSsl::SslProtocol, clientProtocol); socket->setProtocol(clientProtocol); // upon SSL wrong version error, error will be triggered, not sslErrors @@ -1253,14 +1273,14 @@ void tst_QSslSocket::protocolServerSide() connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit())); - client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); + client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); loop.exec(); QFETCH(bool, works); QAbstractSocket::SocketState expectedState = (works) ? QAbstractSocket::ConnectedState : QAbstractSocket::UnconnectedState; - QCOMPARE(int(client->state()), int(expectedState)); - QCOMPARE(client->isEncrypted(), works); + QCOMPARE(int(client.state()), int(expectedState)); + QCOMPARE(client.isEncrypted(), works); } #ifndef QT_NO_OPENSSL @@ -1285,8 +1305,8 @@ void tst_QSslSocket::serverCipherPreferences() QEventLoop loop; QTimer::singleShot(5000, &loop, SLOT(quit())); - QSslSocketPtr client(new QSslSocket); - socket = client.data(); + QSslSocket client; + socket = &client; socket->setCiphers("AES256-SHA:AES128-SHA"); // upon SSL wrong version error, error will be triggered, not sslErrors @@ -1294,12 +1314,12 @@ void tst_QSslSocket::serverCipherPreferences() connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit())); - client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); + client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); loop.exec(); - QVERIFY(client->isEncrypted()); - QCOMPARE(client->sessionCipher().name(), QString("AES128-SHA")); + QVERIFY(client.isEncrypted()); + QCOMPARE(client.sessionCipher().name(), QString("AES128-SHA")); } { @@ -1314,8 +1334,8 @@ void tst_QSslSocket::serverCipherPreferences() QEventLoop loop; QTimer::singleShot(5000, &loop, SLOT(quit())); - QSslSocketPtr client(new QSslSocket); - socket = client.data(); + QSslSocket client; + socket = &client; socket->setCiphers("AES256-SHA:AES128-SHA"); // upon SSL wrong version error, error will be triggered, not sslErrors @@ -1323,12 +1343,12 @@ void tst_QSslSocket::serverCipherPreferences() connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit())); - client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); + client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); loop.exec(); - QVERIFY(client->isEncrypted()); - QCOMPARE(client->sessionCipher().name(), QString("AES256-SHA")); + QVERIFY(client.isEncrypted()); + QCOMPARE(client.sessionCipher().name(), QString("AES256-SHA")); } } @@ -1419,21 +1439,21 @@ void tst_QSslSocket::setSocketDescriptor() QEventLoop loop; QTimer::singleShot(5000, &loop, SLOT(quit())); - QSslSocketPtr client(new QSslSocket); - socket = client.data();; + QSslSocket client; + socket = &client; connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit())); - client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); + client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); loop.exec(); - QCOMPARE(client->state(), QAbstractSocket::ConnectedState); - QVERIFY(client->isEncrypted()); - QVERIFY(!client->peerAddress().isNull()); - QVERIFY(client->peerPort() != 0); - QVERIFY(!client->localAddress().isNull()); - QVERIFY(client->localPort() != 0); + QCOMPARE(client.state(), QAbstractSocket::ConnectedState); + QVERIFY(client.isEncrypted()); + QVERIFY(!client.peerAddress().isNull()); + QVERIFY(client.peerPort() != 0); + QVERIFY(!client.localAddress().isNull()); + QVERIFY(client.localPort() != 0); } void tst_QSslSocket::setSslConfiguration_data() @@ -2846,10 +2866,37 @@ void tst_QSslSocket::qtbug18498_peek2() void tst_QSslSocket::dhServer() { - if (!QSslSocket::supportsSsl()) { - qWarning("SSL not supported, skipping test"); + if (!QSslSocket::supportsSsl()) + QSKIP("No SSL support"); + + QFETCH_GLOBAL(bool, setProxy); + if (setProxy) return; - } + + SslServer server; + server.ciphers = QLatin1String("DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA"); + QVERIFY(server.listen()); + + QEventLoop loop; + QTimer::singleShot(5000, &loop, SLOT(quit())); + + QSslSocket client; + socket = &client; + connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), &loop, SLOT(quit())); + connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); + connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit())); + + client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); + + loop.exec(); + QCOMPARE(client.state(), QAbstractSocket::ConnectedState); +} + +#ifndef QT_NO_OPENSSL +void tst_QSslSocket::dhServerCustomParamsNull() +{ + if (!QSslSocket::supportsSsl()) + QSKIP("No SSL support"); QFETCH_GLOBAL(bool, setProxy); if (setProxy) @@ -2857,22 +2904,74 @@ void tst_QSslSocket::dhServer() SslServer server; server.ciphers = QLatin1String("DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA"); + + QSslConfiguration cfg = server.config; + cfg.setDiffieHellmanParameters(QSslDiffieHellmanParameters()); + server.config = cfg; + QVERIFY(server.listen()); QEventLoop loop; QTimer::singleShot(5000, &loop, SLOT(quit())); - QSslSocketPtr client(new QSslSocket); - socket = client.data(); + QSslSocket client; + socket = &client; connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), &loop, SLOT(quit())); connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit())); - client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); + client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); loop.exec(); - QCOMPARE(client->state(), QAbstractSocket::ConnectedState); + + QVERIFY(client.state() != QAbstractSocket::ConnectedState); } +#endif // QT_NO_OPENSSL + +#ifndef QT_NO_OPENSSL +void tst_QSslSocket::dhServerCustomParams() +{ + if (!QSslSocket::supportsSsl()) + QSKIP("No SSL support"); + + QFETCH_GLOBAL(bool, setProxy); + if (setProxy) + return; + + SslServer server; + server.ciphers = QLatin1String("DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA"); + + QSslConfiguration cfg = server.config; + + // Custom 2048-bit DH parameters generated with 'openssl dhparam -outform DER -out out.der -check -2 2048' + const auto dh = QSslDiffieHellmanParameters::fromEncoded(QByteArray::fromBase64(QByteArrayLiteral( + "MIIBCAKCAQEAvVA7b8keTfjFutCtTJmP/pnQfw/prKa+GMed/pBWjrC4N1YwnI8h/A861d9WE/VWY7XMTjvjX3/0" + "aaU8wEe0EXNpFdlTH+ZMQctQTSJOyQH0RCTwJfDGPCPT9L+c9GKwEKWORH38Earip986HJc0w3UbnfIwXUdsWHiXi" + "Z6r3cpyBmTKlsXTFiDVAOUXSiO8d/zOb6zHZbDfyB/VbtZRmnA7TXVn9oMzC0g9+FXHdrV4K+XfdvNZdCegvoAZiy" + "R6ZQgNG9aZ36/AQekhg060hp55f9HDPgXqYeNeXBiferjUtU7S9b3s83XhOJAr01/0Tf5dENwCfg2gK36TM8cC4wI" + "BAg==")), QSsl::Der); + cfg.setDiffieHellmanParameters(dh); + + server.config = cfg; + + QVERIFY(server.listen()); + + QEventLoop loop; + QTimer::singleShot(5000, &loop, SLOT(quit())); + + QSslSocket client; + socket = &client; + connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), &loop, SLOT(quit())); + connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); + connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit())); + + client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); + + loop.exec(); + + QVERIFY(client.state() == QAbstractSocket::ConnectedState); +} +#endif // QT_NO_OPENSSL void tst_QSslSocket::ecdhServer() { @@ -2892,16 +2991,16 @@ void tst_QSslSocket::ecdhServer() QEventLoop loop; QTimer::singleShot(5000, &loop, SLOT(quit())); - QSslSocketPtr client(new QSslSocket); - socket = client.data(); + QSslSocket client; + socket = &client; connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), &loop, SLOT(quit())); connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit())); - client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); + client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); loop.exec(); - QCOMPARE(client->state(), QAbstractSocket::ConnectedState); + QCOMPARE(client.state(), QAbstractSocket::ConnectedState); } void tst_QSslSocket::verifyClientCertificate_data() @@ -3003,16 +3102,16 @@ void tst_QSslSocket::verifyClientCertificate() QFETCH(QList<QSslCertificate>, clientCerts); QFETCH(QSslKey, clientKey); - QSslSocketPtr client(new QSslSocket); - client->setLocalCertificateChain(clientCerts); - client->setPrivateKey(clientKey); - socket = client.data(); + QSslSocket client; + client.setLocalCertificateChain(clientCerts); + client.setPrivateKey(clientKey); + socket = &client; connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); connect(socket, SIGNAL(disconnected()), &loop, SLOT(quit())); connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit())); - client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); + client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); loop.exec(); @@ -3034,8 +3133,8 @@ void tst_QSslSocket::verifyClientCertificate() } // check client socket - QCOMPARE(int(client->state()), int(expectedState)); - QCOMPARE(client->isEncrypted(), works); + QCOMPARE(int(client.state()), int(expectedState)); + QCOMPARE(client.isEncrypted(), works); } void tst_QSslSocket::readBufferMaxSize() @@ -3126,8 +3225,12 @@ class PskProvider : public QObject Q_OBJECT public: + bool m_server; + QByteArray m_identity; + QByteArray m_psk; + explicit PskProvider(QObject *parent = 0) - : QObject(parent) + : QObject(parent), m_server(false) { } @@ -3146,7 +3249,11 @@ public slots: { QVERIFY(authenticator); QCOMPARE(authenticator->identityHint(), PSK_SERVER_IDENTITY_HINT); - QVERIFY(authenticator->maximumIdentityLength() > 0); + if (m_server) + QCOMPARE(authenticator->maximumIdentityLength(), 0); + else + QVERIFY(authenticator->maximumIdentityLength() > 0); + QVERIFY(authenticator->maximumPreSharedKeyLength() > 0); if (!m_identity.isEmpty()) { @@ -3159,12 +3266,61 @@ public slots: QCOMPARE(authenticator->preSharedKey(), m_psk); } } - -private: - QByteArray m_identity; - QByteArray m_psk; }; +class PskServer : public QTcpServer +{ + Q_OBJECT +public: + PskServer() + : socket(0), + config(QSslConfiguration::defaultConfiguration()), + ignoreSslErrors(true), + peerVerifyMode(QSslSocket::AutoVerifyPeer), + protocol(QSsl::TlsV1_0), + m_pskProvider() + { + m_pskProvider.m_server = true; + } + QSslSocket *socket; + QSslConfiguration config; + bool ignoreSslErrors; + QSslSocket::PeerVerifyMode peerVerifyMode; + QSsl::SslProtocol protocol; + QString ciphers; + PskProvider m_pskProvider; + +protected: + void incomingConnection(qintptr socketDescriptor) + { + socket = new QSslSocket(this); + socket->setSslConfiguration(config); + socket->setPeerVerifyMode(peerVerifyMode); + socket->setProtocol(protocol); + if (ignoreSslErrors) + connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); + + if (!ciphers.isEmpty()) { + socket->setCiphers(ciphers); + } + + QVERIFY(socket->setSocketDescriptor(socketDescriptor, QAbstractSocket::ConnectedState)); + QVERIFY(!socket->peerAddress().isNull()); + QVERIFY(socket->peerPort() != 0); + QVERIFY(!socket->localAddress().isNull()); + QVERIFY(socket->localPort() != 0); + + connect(socket, &QSslSocket::preSharedKeyAuthenticationRequired, &m_pskProvider, &PskProvider::providePsk); + + socket->startServerEncryption(); + } + +protected slots: + void ignoreErrorSlot() + { + socket->ignoreSslErrors(); + } +}; void tst_QSslSocket::simplePskConnect_data() { QTest::addColumn<PskConnectTestType>("pskTestType"); @@ -3188,7 +3344,7 @@ void tst_QSslSocket::simplePskConnect() bool pskCipherFound = false; const QList<QSslCipher> supportedCiphers = QSslSocket::supportedCiphers(); - foreach (const QSslCipher &cipher, supportedCiphers) { + for (const QSslCipher &cipher : supportedCiphers) { if (cipher.name() == PSK_CIPHER_WITHOUT_AUTH) { pskCipherFound = true; break; @@ -3466,6 +3622,129 @@ void tst_QSslSocket::ephemeralServerKey() QCOMPARE(client->sslConfiguration().ephemeralServerKey().isNull(), emptyKey); } +void tst_QSslSocket::allowedProtocolNegotiation() +{ +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) + + QFETCH_GLOBAL(bool, setProxy); + if (setProxy) + return; + + const QByteArray expectedNegotiated("cool-protocol"); + QList<QByteArray> serverProtos; + serverProtos << expectedNegotiated << "not-so-cool-protocol"; + QList<QByteArray> clientProtos; + clientProtos << "uber-cool-protocol" << expectedNegotiated << "not-so-cool-protocol"; + + + SslServer server; + server.config.setAllowedNextProtocols(serverProtos); + QVERIFY(server.listen()); + + QSslSocket clientSocket; + auto configuration = clientSocket.sslConfiguration(); + configuration.setAllowedNextProtocols(clientProtos); + clientSocket.setSslConfiguration(configuration); + + clientSocket.connectToHostEncrypted("127.0.0.1", server.serverPort()); + clientSocket.ignoreSslErrors(); + + QEventLoop loop; + QTimer::singleShot(5000, &loop, SLOT(quit())); + connect(&clientSocket, SIGNAL(encrypted()), &loop, SLOT(quit())); + loop.exec(); + + QVERIFY(server.socket->sslConfiguration().nextNegotiatedProtocol() == + clientSocket.sslConfiguration().nextNegotiatedProtocol()); + QVERIFY(server.socket->sslConfiguration().nextNegotiatedProtocol() == expectedNegotiated); + +#endif // OPENSSL_VERSION_NUMBER +} + +void tst_QSslSocket::pskServer() +{ + QFETCH_GLOBAL(bool, setProxy); + if (!QSslSocket::supportsSsl() || setProxy) + return; + + QSslSocket socket; + this->socket = &socket; + + QSignalSpy connectedSpy(&socket, SIGNAL(connected())); + QVERIFY(connectedSpy.isValid()); + + QSignalSpy disconnectedSpy(&socket, SIGNAL(disconnected())); + QVERIFY(disconnectedSpy.isValid()); + + QSignalSpy connectionEncryptedSpy(&socket, SIGNAL(encrypted())); + QVERIFY(connectionEncryptedSpy.isValid()); + + QSignalSpy pskAuthenticationRequiredSpy(&socket, SIGNAL(preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*))); + QVERIFY(pskAuthenticationRequiredSpy.isValid()); + + connect(&socket, SIGNAL(connected()), this, SLOT(exitLoop())); + connect(&socket, SIGNAL(disconnected()), this, SLOT(exitLoop())); + connect(&socket, SIGNAL(modeChanged(QSslSocket::SslMode)), this, SLOT(exitLoop())); + connect(&socket, SIGNAL(encrypted()), this, SLOT(exitLoop())); + connect(&socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(exitLoop())); + connect(&socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(exitLoop())); + connect(&socket, SIGNAL(peerVerifyError(QSslError)), this, SLOT(exitLoop())); + connect(&socket, SIGNAL(stateChanged(QAbstractSocket::SocketState)), this, SLOT(exitLoop())); + + // force a PSK cipher w/o auth + socket.setCiphers(PSK_CIPHER_WITHOUT_AUTH); + + PskProvider provider; + provider.setIdentity(PSK_CLIENT_IDENTITY); + provider.setPreSharedKey(PSK_CLIENT_PRESHAREDKEY); + connect(&socket, SIGNAL(preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*)), &provider, SLOT(providePsk(QSslPreSharedKeyAuthenticator*))); + socket.setPeerVerifyMode(QSslSocket::VerifyNone); + + PskServer server; + server.m_pskProvider.setIdentity(provider.m_identity); + server.m_pskProvider.setPreSharedKey(provider.m_psk); + server.config.setPreSharedKeyIdentityHint(PSK_SERVER_IDENTITY_HINT); + QVERIFY(server.listen()); + + // Start connecting + socket.connectToHost(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); + enterLoop(5); + + // Entered connected state + QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); + QCOMPARE(socket.mode(), QSslSocket::UnencryptedMode); + QVERIFY(!socket.isEncrypted()); + QCOMPARE(connectedSpy.count(), 1); + QCOMPARE(disconnectedSpy.count(), 0); + + // Enter encrypted mode + socket.startClientEncryption(); + QCOMPARE(socket.mode(), QSslSocket::SslClientMode); + QVERIFY(!socket.isEncrypted()); + QCOMPARE(connectionEncryptedSpy.count(), 0); + + // Start handshake. + enterLoop(10); + + // We must get the PSK signal in all cases + QCOMPARE(pskAuthenticationRequiredSpy.count(), 1); + + QCOMPARE(connectionEncryptedSpy.count(), 1); + QVERIFY(socket.isEncrypted()); + QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); + + // check writing + socket.write("Hello from Qt TLS/PSK!"); + QVERIFY(socket.waitForBytesWritten()); + + // disconnect + socket.disconnectFromHost(); + enterLoop(10); + + QCOMPARE(socket.state(), QAbstractSocket::UnconnectedState); + QCOMPARE(disconnectedSpy.count(), 1); +} + #endif // QT_NO_OPENSSL #endif // QT_NO_SSL diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/qsslsocket_onDemandCertificates_member.pro b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/qsslsocket_onDemandCertificates_member.pro index ae911e43ed..c862b3d3ae 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/qsslsocket_onDemandCertificates_member.pro +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/qsslsocket_onDemandCertificates_member.pro @@ -2,7 +2,7 @@ CONFIG += testcase testcase.timeout = 300 # this test is slow SOURCES += tst_qsslsocket_onDemandCertificates_member.cpp -win32:!wince: LIBS += -lws2_32 +win32:LIBS += -lws2_32 QT = core core-private network-private testlib TARGET = tst_qsslsocket_onDemandCertificates_member @@ -15,10 +15,6 @@ win32 { } } -wince* { - DEFINES += SRCDIR=\\\"./\\\" -} else { - DEFINES += SRCDIR=\\\"$$PWD/\\\" -} +DEFINES += SRCDIR=\\\"$$PWD/\\\" -requires(contains(QT_CONFIG,private_tests)) +requires(qtConfig(private_tests)) diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/qsslsocket_onDemandCertificates_static.pro b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/qsslsocket_onDemandCertificates_static.pro index 25e5a5d5c7..c27a58fcd2 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/qsslsocket_onDemandCertificates_static.pro +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/qsslsocket_onDemandCertificates_static.pro @@ -1,7 +1,7 @@ CONFIG += testcase SOURCES += tst_qsslsocket_onDemandCertificates_static.cpp -win32:!wince: LIBS += -lws2_32 +win32:LIBS += -lws2_32 QT = core core-private network-private testlib TARGET = tst_qsslsocket_onDemandCertificates_static @@ -14,10 +14,6 @@ win32 { } } -wince* { - DEFINES += SRCDIR=\\\"./\\\" -} else { - DEFINES += SRCDIR=\\\"$$PWD/\\\" -} +DEFINES += SRCDIR=\\\"$$PWD/\\\" -requires(contains(QT_CONFIG,private_tests)) +requires(qtConfig(private_tests)) diff --git a/tests/auto/network/ssl/ssl.pro b/tests/auto/network/ssl/ssl.pro index 25d79ebfe8..175f361071 100644 --- a/tests/auto/network/ssl/ssl.pro +++ b/tests/auto/network/ssl/ssl.pro @@ -1,4 +1,6 @@ TEMPLATE=subdirs +QT_FOR_CONFIG += network + SUBDIRS=\ qsslcertificate \ qsslcipher \ @@ -6,8 +8,8 @@ SUBDIRS=\ qsslerror \ qsslkey \ -contains(QT_CONFIG, ssl) | contains(QT_CONFIG, openssl) | contains(QT_CONFIG, openssl-linked) { - contains(QT_CONFIG, private_tests) { +qtConfig(ssl) { + qtConfig(private_tests) { SUBDIRS += \ qsslsocket \ qsslsocket_onDemandCertificates_member \ @@ -19,8 +21,9 @@ winrt: SUBDIRS -= \ qsslsocket_onDemandCertificates_member \ qsslsocket_onDemandCertificates_static \ -contains(QT_CONFIG, ssl) | contains(QT_CONFIG, openssl) | contains(QT_CONFIG, openssl-linked) { - contains(QT_CONFIG, private_tests) { - SUBDIRS += qasn1element +qtConfig(ssl) { + qtConfig(private_tests) { + SUBDIRS += qasn1element \ + qssldiffiehellmanparameters } } |