diff options
Diffstat (limited to 'tests/auto/network/ssl')
-rw-r--r-- | tests/auto/network/ssl/qdtls/tst_qdtls.cpp | 4 | ||||
-rw-r--r-- | tests/auto/network/ssl/qocsp/tst_qocsp.cpp | 10 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp | 140 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 102 |
4 files changed, 170 insertions, 86 deletions
diff --git a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp index 4dfdf14e5b..5d79b0f26b 100644 --- a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp +++ b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp @@ -837,10 +837,6 @@ void tst_QDtls::verifyServerCertificate() void tst_QDtls::verifyClientCertificate_data() { -#if !QT_CONFIG(opensslv11) - QSKIP("This test is not supposed to work with OpenSSL version below 1.1"); -#endif - QTest::addColumn<QSslSocket::PeerVerifyMode>("verifyMode"); QTest::addColumn<QList<QSslCertificate>>("clientCerts"); QTest::addColumn<QSslKey>("clientKey"); diff --git a/tests/auto/network/ssl/qocsp/tst_qocsp.cpp b/tests/auto/network/ssl/qocsp/tst_qocsp.cpp index 9716c04bbb..94d206ac83 100644 --- a/tests/auto/network/ssl/qocsp/tst_qocsp.cpp +++ b/tests/auto/network/ssl/qocsp/tst_qocsp.cpp @@ -431,14 +431,14 @@ private: }; #define QCOMPARE_SINGLE_ERROR(sslSocket, expectedError) \ - const auto &tlsErrors = sslSocket.sslErrors(); \ + const auto &tlsErrors = sslSocket.sslHandshakeErrors(); \ QCOMPARE(tlsErrors.size(), 1); \ QCOMPARE(tlsErrors[0].error(), expectedError) #define QVERIFY_HANDSHAKE_WITHOUT_ERRORS(sslSocket) \ QVERIFY(sslSocket.isEncrypted()); \ QCOMPARE(sslSocket.state(), QAbstractSocket::ConnectedState); \ - QVERIFY(sslSocket.sslErrors().isEmpty()) + QVERIFY(sslSocket.sslHandshakeErrors().isEmpty()) #define QDECLARE_CHAIN(object, chainFileName) \ CertificateChain object = QSslCertificate::fromPath(certDirPath + QLatin1String(chainFileName)); \ @@ -606,7 +606,7 @@ void tst_QOcsp::malformedResponse() loop.enterLoopMSecs(handshakeTimeoutMS); QVERIFY(!clientSocket.isEncrypted()); - QCOMPARE(clientSocket.error(), QAbstractSocket::SslHandshakeFailedError); + QCOMPARE(clientSocket.socketError(), QAbstractSocket::SslHandshakeFailedError); } void tst_QOcsp::expiredResponse_data() @@ -722,7 +722,7 @@ void tst_QOcsp::wrongCertificateInResponse() loop.enterLoopMSecs(handshakeTimeoutMS); QVERIFY(!clientSocket.isEncrypted()); - QVERIFY(containsError(clientSocket.sslErrors(), expectedError)); + QVERIFY(containsError(clientSocket.sslHandshakeErrors(), expectedError)); } void tst_QOcsp::untrustedResponder() @@ -747,7 +747,7 @@ void tst_QOcsp::untrustedResponder() loop.enterLoopMSecs(handshakeTimeoutMS); QVERIFY(!clientSocket.isEncrypted()); - QVERIFY(containsError(clientSocket.sslErrors(), expectedError)); + QVERIFY(containsError(clientSocket.sslHandshakeErrors(), expectedError)); } void tst_QOcsp::setupOcspClient(QSslSocket &clientSocket, const CertificateChain &caCerts, const QString &name) diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp index 14718ad373..a7a81e9f0b 100644 --- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp @@ -86,6 +86,8 @@ private slots: void fromDevice(); void fromPath_data(); void fromPath(); + void fromPath_qregularexpression_data(); + void fromPath_qregularexpression(); void certInfo(); void certInfoQByteArray(); void task256066toPem(); @@ -434,7 +436,7 @@ void tst_QSslCertificate::subjectAlternativeNames() void tst_QSslCertificate::utf8SubjectNames() { QSslCertificate cert = QSslCertificate::fromPath(testDataDir + "certificates/cert-ss-san-utf8.pem", QSsl::Pem, - QRegExp::FixedString).first(); + QSslCertificate::FixedString).first(); QVERIFY(!cert.isNull()); // O is "Heavy Metal Records" with heavy use of "decorations" like accents, umlauts etc., @@ -625,6 +627,88 @@ void tst_QSslCertificate::fromPath() numCerts); } +void tst_QSslCertificate::fromPath_qregularexpression_data() +{ + QTest::addColumn<QString>("path"); + QTest::addColumn<int>("syntax"); + QTest::addColumn<bool>("pemencoding"); + QTest::addColumn<int>("numCerts"); + + QTest::newRow("empty fixed pem") << QString() << int(QSslCertificate::FixedString) << true << 0; + QTest::newRow("empty fixed der") << QString() << int(QSslCertificate::FixedString) << false << 0; + QTest::newRow("empty regexp pem") << QString() << int(QSslCertificate::RegExp) << true << 0; + QTest::newRow("empty regexp der") << QString() << int(QSslCertificate::RegExp) << false << 0; + QTest::newRow("empty wildcard pem") << QString() << int(QSslCertificate::Wildcard) << true << 0; + QTest::newRow("empty wildcard der") << QString() << int(QSslCertificate::Wildcard) << false << 0; + QTest::newRow("\"certificates\" fixed pem") << (testDataDir + "certificates") << int(QSslCertificate::FixedString) << true << 0; + QTest::newRow("\"certificates\" fixed der") << (testDataDir + "certificates") << int(QSslCertificate::FixedString) << false << 0; + QTest::newRow("\"certificates\" regexp pem") << (testDataDir + "certificates") << int(QSslCertificate::RegExp) << true << 0; + QTest::newRow("\"certificates\" regexp der") << (testDataDir + "certificates") << int(QSslCertificate::RegExp) << false << 0; + QTest::newRow("\"certificates\" wildcard pem") << (testDataDir + "certificates") << int(QSslCertificate::Wildcard) << true << 0; + QTest::newRow("\"certificates\" wildcard der") << (testDataDir + "certificates") << int(QSslCertificate::Wildcard) << false << 0; + QTest::newRow("\"certificates/cert.pem\" fixed pem") << (testDataDir + "certificates/cert.pem") << int(QSslCertificate::FixedString) << true << 1; + QTest::newRow("\"certificates/cert.pem\" fixed der") << (testDataDir + "certificates/cert.pem") << int(QSslCertificate::FixedString) << false << 0; + QTest::newRow("\"certificates/cert.pem\" regexp pem") << (testDataDir + "certificates/cert.pem") << int(QSslCertificate::RegExp) << true << 1; + QTest::newRow("\"certificates/cert.pem\" regexp der") << (testDataDir + "certificates/cert.pem") << int(QSslCertificate::RegExp) << false << 0; + QTest::newRow("\"certificates/cert.pem\" wildcard pem") << (testDataDir + "certificates/cert.pem") << int(QSslCertificate::Wildcard) << true << 1; + QTest::newRow("\"certificates/cert.pem\" wildcard der") << (testDataDir + "certificates/cert.pem") << int(QSslCertificate::Wildcard) << false << 0; + QTest::newRow("\"certificates/*\" fixed pem") << (testDataDir + "certificates/*") << int(QSslCertificate::FixedString) << true << 0; + QTest::newRow("\"certificates/*\" fixed der") << (testDataDir + "certificates/*") << int(QSslCertificate::FixedString) << false << 0; + QTest::newRow("\"certificates/*\" regexp pem") << (testDataDir + "certificates/*") << int(QSslCertificate::RegExp) << true << 0; + QTest::newRow("\"certificates/*\" regexp der") << (testDataDir + "certificates/*") << int(QSslCertificate::RegExp) << false << 0; + QTest::newRow("\"certificates/*\" wildcard pem") << (testDataDir + "certificates/*") << int(QSslCertificate::Wildcard) << true << 7; + QTest::newRow("\"certificates/ca*\" wildcard pem") << (testDataDir + "certificates/ca*") << int(QSslCertificate::Wildcard) << true << 1; + QTest::newRow("\"certificates/cert*\" wildcard pem") << (testDataDir + "certificates/cert*") << int(QSslCertificate::Wildcard) << true << 4; + QTest::newRow("\"certificates/cert-[sure]*\" wildcard pem") << (testDataDir + "certificates/cert-[sure]*") << int(QSslCertificate::Wildcard) << true << 3; + QTest::newRow("\"certificates/cert-[not]*\" wildcard pem") << (testDataDir + "certificates/cert-[not]*") << int(QSslCertificate::Wildcard) << true << 0; + QTest::newRow("\"certificates/*\" wildcard der") << (testDataDir + "certificates/*") << int(QSslCertificate::Wildcard) << false << 2; + QTest::newRow("\"c*/c*.pem\" fixed pem") << (testDataDir + "c*/c*.pem") << int(QSslCertificate::FixedString) << true << 0; + QTest::newRow("\"c*/c*.pem\" fixed der") << (testDataDir + "c*/c*.pem") << int(QSslCertificate::FixedString) << false << 0; + QTest::newRow("\"c*/c*.pem\" regexp pem") << (testDataDir + "c*/c*.pem") << int(QSslCertificate::RegExp) << true << 0; + QTest::newRow("\"c*/c*.pem\" regexp der") << (testDataDir + "c*/c*.pem") << int(QSslCertificate::RegExp) << false << 0; + QTest::newRow("\"c*/c*.pem\" wildcard pem") << (testDataDir + "c*/c*.pem") << int(QSslCertificate::Wildcard) << true << 5; + QTest::newRow("\"c*/c*.pem\" wildcard der") << (testDataDir + "c*/c*.pem") << int(QSslCertificate::Wildcard) << false << 0; + QTest::newRow("\"d*/c*.pem\" fixed pem") << (testDataDir + "d*/c*.pem") << int(QSslCertificate::FixedString) << true << 0; + QTest::newRow("\"d*/c*.pem\" fixed der") << (testDataDir + "d*/c*.pem") << int(QSslCertificate::FixedString) << false << 0; + QTest::newRow("\"d*/c*.pem\" regexp pem") << (testDataDir + "d*/c*.pem") << int(QSslCertificate::RegExp) << true << 0; + QTest::newRow("\"d*/c*.pem\" regexp der") << (testDataDir + "d*/c*.pem") << int(QSslCertificate::RegExp) << false << 0; + QTest::newRow("\"d*/c*.pem\" wildcard pem") << (testDataDir + "d*/c*.pem") << int(QSslCertificate::Wildcard) << true << 0; + QTest::newRow("\"d*/c*.pem\" wildcard der") << (testDataDir + "d*/c*.pem") << int(QSslCertificate::Wildcard) << false << 0; + QTest::newRow("\"c.*/c.*.pem\" fixed pem") << (testDataDir + "c.*/c.*.pem") << int(QSslCertificate::FixedString) << true << 0; + QTest::newRow("\"c.*/c.*.pem\" fixed der") << (testDataDir + "c.*/c.*.pem") << int(QSslCertificate::FixedString) << false << 0; + QTest::newRow("\"c.*/c.*.pem\" regexp pem") << (testDataDir + "c.*/c.*.pem") << int(QSslCertificate::RegExp) << true << 5; + QTest::newRow("\"c.*/c.*.pem\" regexp der") << (testDataDir + "c.*/c.*.pem") << int(QSslCertificate::RegExp) << false << 0; + QTest::newRow("\"c.*/c.*.pem\" wildcard pem") << (testDataDir + "c.*/c.*.pem") << int(QSslCertificate::Wildcard) << true << 0; + QTest::newRow("\"c.*/c.*.pem\" wildcard der") << (testDataDir + "c.*/c.*.pem") << int(QSslCertificate::Wildcard) << false << 0; + QTest::newRow("\"d.*/c.*.pem\" fixed pem") << (testDataDir + "d.*/c.*.pem") << int(QSslCertificate::FixedString) << true << 0; + QTest::newRow("\"d.*/c.*.pem\" fixed der") << (testDataDir + "d.*/c.*.pem") << int(QSslCertificate::FixedString) << false << 0; + QTest::newRow("\"d.*/c.*.pem\" regexp pem") << (testDataDir + "d.*/c.*.pem") << int(QSslCertificate::RegExp) << true << 0; + QTest::newRow("\"d.*/c.*.pem\" regexp der") << (testDataDir + "d.*/c.*.pem") << int(QSslCertificate::RegExp) << false << 0; + QTest::newRow("\"d.*/c.*.pem\" wildcard pem") << (testDataDir + "d.*/c.*.pem") << int(QSslCertificate::Wildcard) << true << 0; + QTest::newRow("\"d.*/c.*.pem\" wildcard der") << (testDataDir + "d.*/c.*.pem") << int(QSslCertificate::Wildcard) << false << 0; +#ifdef Q_OS_LINUX + QTest::newRow("absolute path wildcard pem") << (testDataDir + "certificates/*.pem") << int(QSslCertificate::Wildcard) << true << 7; +#endif + + QTest::newRow("trailing-whitespace") << (testDataDir + "more-certificates/trailing-whitespace.pem") << int(QSslCertificate::FixedString) << true << 1; + QTest::newRow("no-ending-newline") << (testDataDir + "more-certificates/no-ending-newline.pem") << int(QSslCertificate::FixedString) << true << 1; + QTest::newRow("malformed-just-begin") << (testDataDir + "more-certificates/malformed-just-begin.pem") << int(QSslCertificate::FixedString) << true << 0; + QTest::newRow("malformed-just-begin-no-newline") << (testDataDir + "more-certificates/malformed-just-begin-no-newline.pem") << int(QSslCertificate::FixedString) << true << 0; +} + +void tst_QSslCertificate::fromPath_qregularexpression() +{ + QFETCH(QString, path); + QFETCH(int, syntax); + QFETCH(bool, pemencoding); + QFETCH(int, numCerts); + + QCOMPARE(QSslCertificate::fromPath(path, + pemencoding ? QSsl::Pem : QSsl::Der, + QSslCertificate::PatternSyntax(syntax)).size(), + numCerts); +} + void tst_QSslCertificate::certInfo() { // MD5 Fingerprint=B6:CF:57:34:DA:A9:73:21:82:F7:CF:4D:3D:85:31:88 @@ -711,7 +795,7 @@ void tst_QSslCertificate::certInfo() "55:ba:e7:fb:95:5d:91"; QSslCertificate cert = QSslCertificate::fromPath(testDataDir + "certificates/cert.pem", QSsl::Pem, - QRegExp::FixedString).first(); + QSslCertificate::FixedString).first(); QVERIFY(!cert.isNull()); QCOMPARE(cert.issuerInfo(QSslCertificate::Organization)[0], QString("CryptSoft Pty Ltd")); @@ -768,7 +852,7 @@ void tst_QSslCertificate::certInfo() void tst_QSslCertificate::certInfoQByteArray() { QSslCertificate cert = QSslCertificate::fromPath(testDataDir + "certificates/cert.pem", QSsl::Pem, - QRegExp::FixedString).first(); + QSslCertificate::FixedString).first(); QVERIFY(!cert.isNull()); // in this test, check the bytearray variants before the enum variants to see if @@ -820,7 +904,7 @@ void tst_QSslCertificate::nulInCN() QSKIP("Generic QSslCertificatePrivate fails this test"); #endif QList<QSslCertificate> certList = - QSslCertificate::fromPath(testDataDir + "more-certificates/badguy-nul-cn.crt"); + QSslCertificate::fromPath(testDataDir + "more-certificates/badguy-nul-cn.crt", QSsl::Pem, QSslCertificate::FixedString); QCOMPARE(certList.size(), 1); const QSslCertificate &cert = certList.at(0); @@ -839,7 +923,7 @@ void tst_QSslCertificate::nulInSan() QSKIP("Generic QSslCertificatePrivate fails this test"); #endif QList<QSslCertificate> certList = - QSslCertificate::fromPath(testDataDir + "more-certificates/badguy-nul-san.crt"); + QSslCertificate::fromPath(testDataDir + "more-certificates/badguy-nul-san.crt", QSsl::Pem, QSslCertificate::FixedString); QCOMPARE(certList.size(), 1); const QSslCertificate &cert = certList.at(0); @@ -859,7 +943,7 @@ void tst_QSslCertificate::nulInSan() void tst_QSslCertificate::largeSerialNumber() { QList<QSslCertificate> certList = - QSslCertificate::fromPath(testDataDir + "more-certificates/cert-large-serial-number.pem"); + QSslCertificate::fromPath(testDataDir + "more-certificates/cert-large-serial-number.pem", QSsl::Pem, QSslCertificate::FixedString); QCOMPARE(certList.size(), 1); @@ -871,7 +955,7 @@ void tst_QSslCertificate::largeSerialNumber() void tst_QSslCertificate::largeExpirationDate() // QTBUG-12489 { QList<QSslCertificate> certList = - QSslCertificate::fromPath(testDataDir + "more-certificates/cert-large-expiration-date.pem"); + QSslCertificate::fromPath(testDataDir + "more-certificates/cert-large-expiration-date.pem", QSsl::Pem, QSslCertificate::FixedString); QCOMPARE(certList.size(), 1); @@ -884,7 +968,7 @@ void tst_QSslCertificate::largeExpirationDate() // QTBUG-12489 void tst_QSslCertificate::blacklistedCertificates() { - QList<QSslCertificate> blacklistedCerts = QSslCertificate::fromPath(testDataDir + "more-certificates/blacklisted*.pem", QSsl::Pem, QRegExp::Wildcard); + QList<QSslCertificate> blacklistedCerts = QSslCertificate::fromPath(testDataDir + "more-certificates/blacklisted*.pem", QSsl::Pem, QSslCertificate::Wildcard); QVERIFY(blacklistedCerts.count() > 0); for (int a = 0; a < blacklistedCerts.count(); a++) { QVERIFY(blacklistedCerts.at(a).isBlacklisted()); @@ -893,15 +977,15 @@ void tst_QSslCertificate::blacklistedCertificates() void tst_QSslCertificate::selfsignedCertificates() { - QVERIFY(QSslCertificate::fromPath(testDataDir + "certificates/cert-ss.pem").first().isSelfSigned()); - QVERIFY(!QSslCertificate::fromPath(testDataDir + "certificates/cert.pem").first().isSelfSigned()); + QVERIFY(QSslCertificate::fromPath(testDataDir + "certificates/cert-ss.pem", QSsl::Pem, QSslCertificate::FixedString).first().isSelfSigned()); + QVERIFY(!QSslCertificate::fromPath(testDataDir + "certificates/cert.pem", QSsl::Pem, QSslCertificate::FixedString).first().isSelfSigned()); QVERIFY(!QSslCertificate().isSelfSigned()); } void tst_QSslCertificate::toText() { QList<QSslCertificate> certList = - QSslCertificate::fromPath(testDataDir + "more-certificates/cert-large-expiration-date.pem"); + QSslCertificate::fromPath(testDataDir + "more-certificates/cert-large-expiration-date.pem", QSsl::Pem, QSslCertificate::FixedString); QCOMPARE(certList.size(), 1); const QSslCertificate &cert = certList.at(0); @@ -943,7 +1027,7 @@ void tst_QSslCertificate::toText() void tst_QSslCertificate::multipleCommonNames() { QList<QSslCertificate> certList = - QSslCertificate::fromPath(testDataDir + "more-certificates/test-cn-two-cns-cert.pem"); + QSslCertificate::fromPath(testDataDir + "more-certificates/test-cn-two-cns-cert.pem", QSsl::Pem, QSslCertificate::FixedString); QVERIFY(certList.count() > 0); QStringList commonNames = certList[0].subjectInfo(QSslCertificate::CommonName); @@ -954,14 +1038,14 @@ void tst_QSslCertificate::multipleCommonNames() void tst_QSslCertificate::subjectAndIssuerAttributes() { QList<QSslCertificate> certList = - QSslCertificate::fromPath(testDataDir + "more-certificates/test-cn-with-drink-cert.pem"); + QSslCertificate::fromPath(testDataDir + "more-certificates/test-cn-with-drink-cert.pem", QSsl::Pem, QSslCertificate::FixedString); QVERIFY(certList.count() > 0); QList<QByteArray> attributes = certList[0].subjectInfoAttributes(); QVERIFY(attributes.contains(QByteArray("favouriteDrink"))); attributes.clear(); - certList = QSslCertificate::fromPath(testDataDir + "more-certificates/natwest-banking.pem"); + certList = QSslCertificate::fromPath(testDataDir + "more-certificates/natwest-banking.pem", QSsl::Pem, QSslCertificate::FixedString); QVERIFY(certList.count() > 0); QByteArray shortName("1.3.6.1.4.1.311.60.2.1.3"); @@ -996,17 +1080,17 @@ void tst_QSslCertificate::verify() errors.clear(); // Verify a valid cert signed by a CA - QList<QSslCertificate> caCerts = QSslCertificate::fromPath(testDataDir + "verify-certs/cacert.pem"); + QList<QSslCertificate> caCerts = QSslCertificate::fromPath(testDataDir + "verify-certs/cacert.pem", QSsl::Pem, QSslCertificate::FixedString); QSslSocket::addDefaultCaCertificate(caCerts.first()); - toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-ocsp-good-cert.pem"); + toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-ocsp-good-cert.pem", QSsl::Pem, QSslCertificate::FixedString); errors = QSslCertificate::verify(toVerify); VERIFY_VERBOSE(errors.count() == 0); errors.clear(); // Test a blacklisted certificate - toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-addons-mozilla-org-cert.pem"); + toVerify = QSslCertificate::fromPath(testDataDir + "verify-certs/test-addons-mozilla-org-cert.pem", QSsl::Pem, QSslCertificate::FixedString); errors = QSslCertificate::verify(toVerify); bool foundBlack = false; foreach (const QSslError &error, errors) { @@ -1019,7 +1103,7 @@ void tst_QSslCertificate::verify() errors.clear(); // This one is expired and untrusted - toVerify = QSslCertificate::fromPath(testDataDir + "more-certificates/cert-large-serial-number.pem"); + toVerify = QSslCertificate::fromPath(testDataDir + "more-certificates/cert-large-serial-number.pem", QSsl::Pem, QSslCertificate::FixedString); errors = QSslCertificate::verify(toVerify); VERIFY_VERBOSE(errors.contains(QSslError(QSslError::SelfSignedCertificate, toVerify[0]))); VERIFY_VERBOSE(errors.contains(QSslError(QSslError::CertificateExpired, toVerify[0]))); @@ -1027,15 +1111,15 @@ void tst_QSslCertificate::verify() toVerify.clear(); // This one is signed by a valid cert, but the signer is not a valid CA - toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-not-ca-cert.pem").first(); - toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-ocsp-good-cert.pem").first(); + toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-not-ca-cert.pem", QSsl::Pem, QSslCertificate::FixedString).first(); + toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-ocsp-good-cert.pem", QSsl::Pem, QSslCertificate::FixedString).first(); errors = QSslCertificate::verify(toVerify); VERIFY_VERBOSE(errors.contains(QSslError(QSslError::InvalidCaCertificate, toVerify[1]))); toVerify.clear(); // This one is signed by a valid cert, and the signer is a valid CA - toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-is-ca-cert.pem").first(); - toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-ca-cert.pem").first(); + toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-is-ca-cert.pem", QSsl::Pem, QSslCertificate::FixedString).first(); + toVerify << QSslCertificate::fromPath(testDataDir + "verify-certs/test-intermediate-ca-cert.pem", QSsl::Pem, QSslCertificate::FixedString).first(); errors = QSslCertificate::verify(toVerify); VERIFY_VERBOSE(errors.count() == 0); @@ -1065,7 +1149,7 @@ QString tst_QSslCertificate::toString(const QList<QSslError>& errors) void tst_QSslCertificate::extensions() { QList<QSslCertificate> certList = - QSslCertificate::fromPath(testDataDir + "more-certificates/natwest-banking.pem"); + QSslCertificate::fromPath(testDataDir + "more-certificates/natwest-banking.pem", QSsl::Pem, QSslCertificate::FixedString); QVERIFY(certList.count() > 0); QSslCertificate cert = certList[0]; @@ -1163,7 +1247,7 @@ void tst_QSslCertificate::extensions() void tst_QSslCertificate::extensionsCritical() { QList<QSslCertificate> certList = - QSslCertificate::fromPath(testDataDir + "verify-certs/test-addons-mozilla-org-cert.pem"); + QSslCertificate::fromPath(testDataDir + "verify-certs/test-addons-mozilla-org-cert.pem", QSsl::Pem, QSslCertificate::FixedString); QVERIFY(certList.count() > 0); QSslCertificate cert = certList[0]; @@ -1284,12 +1368,12 @@ void tst_QSslCertificate::version_data() QTest::newRow("null certificate") << QSslCertificate() << QByteArray(); QList<QSslCertificate> certs; - certs << QSslCertificate::fromPath(testDataDir + "verify-certs/test-ocsp-good-cert.pem"); + certs << QSslCertificate::fromPath(testDataDir + "verify-certs/test-ocsp-good-cert.pem", QSsl::Pem, QSslCertificate::FixedString); QTest::newRow("v3 certificate") << certs.first() << QByteArrayLiteral("3"); certs.clear(); - certs << QSslCertificate::fromPath(testDataDir + "certificates/cert.pem"); + certs << QSslCertificate::fromPath(testDataDir + "certificates/cert.pem", QSsl::Pem, QSslCertificate::FixedString); QTest::newRow("v1 certificate") << certs.first() << QByteArrayLiteral("1"); } @@ -1326,7 +1410,7 @@ void tst_QSslCertificate::pkcs12() QVERIFY(ok); f.close(); - QList<QSslCertificate> leafCert = QSslCertificate::fromPath(testDataDir + QLatin1String("pkcs12/leaf.crt")); + QList<QSslCertificate> leafCert = QSslCertificate::fromPath(testDataDir + QLatin1String("pkcs12/leaf.crt"), QSsl::Pem, QSslCertificate::FixedString); QVERIFY(!leafCert.isEmpty()); QCOMPARE(cert, leafCert.first()); @@ -1341,7 +1425,7 @@ void tst_QSslCertificate::pkcs12() QVERIFY(!leafKey.isNull()); QCOMPARE(key, leafKey); - QList<QSslCertificate> caCert = QSslCertificate::fromPath(testDataDir + QLatin1String("pkcs12/inter.crt")); + QList<QSslCertificate> caCert = QSslCertificate::fromPath(testDataDir + QLatin1String("pkcs12/inter.crt"), QSsl::Pem, QSslCertificate::FixedString); QVERIFY(!caCert.isEmpty()); QVERIFY(!caCerts.isEmpty()); diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 8e2dc13cfc..e0364c7155 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -77,7 +77,7 @@ typedef QSharedPointer<QSslSocket> QSslSocketPtr; // Detect ALPN (Application-Layer Protocol Negotiation) support #undef ALPN_SUPPORTED // Undef the variable first to be safe -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) +#if defined(OPENSSL_VERSION_NUMBER) && !defined(OPENSSL_NO_TLSEXT) #define ALPN_SUPPORTED 1 #endif @@ -94,11 +94,13 @@ typedef QSharedPointer<QSslSocket> QSslSocketPtr; // Use this cipher to force PSK key sharing. // Also, it's a cipher w/o auth, to check that we emit the signals warning // about the identity of the peer. +#ifndef QT_NO_OPENSSL static const QString PSK_CIPHER_WITHOUT_AUTH = QStringLiteral("PSK-AES256-CBC-SHA"); static const quint16 PSK_SERVER_PORT = 4433; static const QByteArray PSK_CLIENT_PRESHAREDKEY = QByteArrayLiteral("\x1a\x2b\x3c\x4d\x5e\x6f"); static const QByteArray PSK_SERVER_IDENTITY_HINT = QByteArrayLiteral("QtTestServerHint"); static const QByteArray PSK_CLIENT_IDENTITY = QByteArrayLiteral("Client_identity"); +#endif // !QT_NO_OPENSSL class tst_QSslSocket : public QObject { @@ -525,7 +527,7 @@ void tst_QSslSocket::constructing() QCOMPARE(socket.write(0, 0), qint64(-1)); QTest::ignoreMessage(QtWarningMsg, writeNotOpenMessage); QCOMPARE(socket.write(QByteArray()), qint64(-1)); - QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError); + QCOMPARE(socket.socketError(), QAbstractSocket::UnknownSocketError); QVERIFY(!socket.flush()); QVERIFY(!socket.isValid()); QCOMPARE(socket.localAddress(), QHostAddress()); @@ -731,7 +733,7 @@ void tst_QSslSocket::sslErrors() // check the SSL errors contain HostNameMismatch and an error due to // the certificate being self-signed SslErrorList sslErrors; - const auto socketSslErrors = socket->sslErrors(); + const auto socketSslErrors = socket->sslHandshakeErrors(); for (const QSslError &err : socketSslErrors) sslErrors << err.error(); std::sort(sslErrors.begin(), sslErrors.end()); @@ -826,7 +828,9 @@ void tst_QSslSocket::connectToHostEncrypted() socket->setProtocol(QSsl::SslProtocol::TlsV1_1); #endif this->socket = socket.data(); - QVERIFY(socket->addCaCertificates(httpServerCertChainPath())); + auto config = socket->sslConfiguration(); + QVERIFY(config.addCaCertificates(httpServerCertChainPath())); + socket->setSslConfiguration(config); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(untrustedWorkaroundSlot(QList<QSslError>))); @@ -863,7 +867,9 @@ void tst_QSslSocket::connectToHostEncryptedWithVerificationPeerName() #endif this->socket = socket.data(); - socket->addCaCertificates(httpServerCertChainPath()); + auto config = socket->sslConfiguration(); + config.addCaCertificates(httpServerCertChainPath()); + socket->setSslConfiguration(config); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(untrustedWorkaroundSlot(QList<QSslError>))); @@ -968,7 +974,9 @@ void tst_QSslSocket::peerCertificateChain() this->socket = socket.data(); QList<QSslCertificate> caCertificates = QSslCertificate::fromPath(httpServerCertChainPath()); QCOMPARE(caCertificates.count(), 1); - socket->addCaCertificates(caCertificates); + auto config = socket->sslConfiguration(); + config.addCaCertificates(caCertificates); + socket->setSslConfiguration(config); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(untrustedWorkaroundSlot(QList<QSslError>))); @@ -1097,7 +1105,6 @@ void tst_QSslSocket::protocol() QCOMPARE(socket->protocol(), QSsl::TlsV1_0); socket->abort(); } -#if OPENSSL_VERSION_NUMBER >= 0x10001000L { // qt-test-server probably doesn't allow TLSV1.1 socket->setProtocol(QSsl::TlsV1_1); @@ -1134,7 +1141,7 @@ void tst_QSslSocket::protocol() QCOMPARE(socket->protocol(), QSsl::TlsV1_2); socket->abort(); } -#endif + #ifdef TLS1_3_VERSION { // qt-test-server probably doesn't allow TLSV1.3 @@ -1227,10 +1234,10 @@ signals: protected: void incomingConnection(qintptr socketDescriptor) { + QSslConfiguration configuration = config; socket = new QSslSocket(this); - socket->setSslConfiguration(config); - socket->setPeerVerifyMode(peerVerifyMode); - socket->setProtocol(protocol); + configuration.setPeerVerifyMode(peerVerifyMode); + configuration.setProtocol(protocol); if (ignoreSslErrors) connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SIGNAL(socketError(QAbstractSocket::SocketError))); @@ -1239,14 +1246,14 @@ protected: QVERIFY(file.open(QIODevice::ReadOnly)); QSslKey key(file.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey); QVERIFY(!key.isNull()); - socket->setPrivateKey(key); + configuration.setPrivateKey(key); // Add CA certificates to verify client certificate if (!addCaCertificates.isEmpty()) { QList<QSslCertificate> caCert = QSslCertificate::fromPath(addCaCertificates); QVERIFY(!caCert.isEmpty()); QVERIFY(!caCert.first().isNull()); - socket->addCaCertificates(caCert); + configuration.addCaCertificates(caCert); } // If we have a cert issued directly from the CA @@ -1254,9 +1261,8 @@ protected: QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile); QVERIFY(!localCert.isEmpty()); QVERIFY(!localCert.first().isNull()); - socket->setLocalCertificate(localCert.first()); - } - else { + configuration.setLocalCertificate(localCert.first()); + } else { QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile); QVERIFY(!localCert.isEmpty()); QVERIFY(!localCert.first().isNull()); @@ -1265,14 +1271,12 @@ protected: QVERIFY(!interCert.isEmpty()); QVERIFY(!interCert.first().isNull()); - socket->setLocalCertificateChain(localCert + interCert); + configuration.setLocalCertificateChain(localCert + interCert); } - if (!ciphers.isEmpty()) { - auto sslConfig = socket->sslConfiguration(); - sslConfig.setCiphers(ciphers); - socket->setSslConfiguration(sslConfig); - } + if (!ciphers.isEmpty()) + configuration.setCiphers(ciphers); + socket->setSslConfiguration(configuration); QVERIFY(socket->setSocketDescriptor(socketDescriptor, QAbstractSocket::ConnectedState)); QVERIFY(!socket->peerAddress().isNull()); @@ -1386,16 +1390,16 @@ void tst_QSslSocket::protocolServerSide() QAbstractSocket::SocketState expectedState = (works) ? QAbstractSocket::ConnectedState : QAbstractSocket::UnconnectedState; // Determine whether the client or the server caused the event loop // to quit due to a socket error, and investigate the culprit. - if (client.error() != QAbstractSocket::UnknownSocketError) { + if (client.socketError() != QAbstractSocket::UnknownSocketError) { // It can happen that the client, after TCP connection established, before // incomingConnection() slot fired, hits TLS initialization error and stops // the loop, so the server socket is not created yet. if (server.socket) - QVERIFY(server.socket->error() == QAbstractSocket::UnknownSocketError); + QVERIFY(server.socket->socketError() == QAbstractSocket::UnknownSocketError); QCOMPARE(client.state(), expectedState); - } else if (server.socket->error() != QAbstractSocket::UnknownSocketError) { - QVERIFY(client.error() == QAbstractSocket::UnknownSocketError); + } else if (server.socket->socketError() != QAbstractSocket::UnknownSocketError) { + QVERIFY(client.socketError() == QAbstractSocket::UnknownSocketError); QCOMPARE(server.socket->state(), expectedState); } @@ -1751,7 +1755,8 @@ void tst_QSslSocket::addDefaultCaCertificate() QCOMPARE(flukeCerts.size(), 1); QList<QSslCertificate> globalCerts = QSslConfiguration::defaultConfiguration().caCertificates(); QVERIFY(!globalCerts.contains(flukeCerts.first())); - QSslSocket::addDefaultCaCertificate(flukeCerts.first()); + sslConfig.addCaCertificate(flukeCerts.first()); + QSslConfiguration::setDefaultConfiguration(sslConfig); QCOMPARE(QSslConfiguration::defaultConfiguration().caCertificates().size(), globalCerts.size() + 1); QVERIFY(QSslConfiguration::defaultConfiguration().caCertificates() @@ -1944,7 +1949,9 @@ void tst_QSslSocket::wildcard() // responds with the wildcard, and QSslSocket should accept that as a // valid connection. This was broken in 4.3.0. QSslSocketPtr socket = newSocket(); - socket->addCaCertificates(QLatin1String("certs/aspiriniks.ca.crt")); + auto config = socket->sslConfiguration(); + config.addCaCertificates(QLatin1String("certs/aspiriniks.ca.crt")); + socket->setSslConfiguration(config); this->socket = socket.data(); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket, SIGNAL(sslErrors(QList<QSslError>)), @@ -2004,7 +2011,7 @@ void tst_QSslSocket::setEmptyKey() QTestEventLoop::instance().enterLoop(2); QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); - QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError); + QCOMPARE(socket.socketError(), QAbstractSocket::UnknownSocketError); } void tst_QSslSocket::spontaneousWrite() @@ -2426,7 +2433,7 @@ void tst_QSslSocket::verifyMode() QList<QSslError> expectedErrors = QList<QSslError>() << QSslError(FLUKE_CERTIFICATE_ERROR, socket.peerCertificate()); - QCOMPARE(socket.sslErrors(), expectedErrors); + QCOMPARE(socket.sslHandshakeErrors(), expectedErrors); socket.abort(); VerifyServer server; @@ -2442,7 +2449,7 @@ void tst_QSslSocket::verifyMode() loop.exec(); QVERIFY(clientSocket.isEncrypted()); - QVERIFY(server.socket->sslErrors().isEmpty()); + QVERIFY(server.socket->sslHandshakeErrors().isEmpty()); } void tst_QSslSocket::verifyDepth() @@ -2575,7 +2582,9 @@ void tst_QSslSocket::resetProxy() // make sure the connection works, and then set a nonsense proxy, and then // make sure it does not work anymore QSslSocket socket; - socket.addCaCertificates(httpServerCertChainPath()); + auto config = socket.sslConfiguration(); + config.addCaCertificates(httpServerCertChainPath()); + socket.setSslConfiguration(config); socket.setProxy(goodProxy); socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket.waitForConnected(10000), qPrintable(socket.errorString())); @@ -2594,7 +2603,9 @@ void tst_QSslSocket::resetProxy() // set the nonsense proxy and make sure the connection does not work, // and then set the right proxy and make sure it works QSslSocket socket2; - socket2.addCaCertificates(httpServerCertChainPath()); + auto config2 = socket.sslConfiguration(); + config2.addCaCertificates(httpServerCertChainPath()); + socket2.setSslConfiguration(config2); socket2.setProxy(badProxy); socket2.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QVERIFY(! socket2.waitForConnected(10000)); @@ -2635,7 +2646,6 @@ void tst_QSslSocket::ignoreSslErrorsList() connect(&socket, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)), this, SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*))); -// this->socket = &socket; QSslCertificate cert; QFETCH(QList<QSslError>, expectedSslErrors); @@ -2773,11 +2783,11 @@ void tst_QSslSocket::writeBigChunk() // no better way to do this right now since the error is the same as the default error. if (socket->errorString().startsWith(QLatin1String("Unable to write data"))) { - qWarning() << socket->error() << socket->errorString(); + qWarning() << socket->socketError() << socket->errorString(); QFAIL("Error while writing! Check if the OpenSSL BIO size is limited?!"); } // also check the error string. If another error (than UnknownError) occurred, it should be different than before - QVERIFY2(errorBefore == errorAfter || socket->error() == QAbstractSocket::RemoteHostClosedError, + QVERIFY2(errorBefore == errorAfter || socket->socketError() == QAbstractSocket::RemoteHostClosedError, QByteArray("unexpected error: ").append(qPrintable(errorAfter))); // check that everything has been written to OpenSSL @@ -2816,7 +2826,7 @@ void tst_QSslSocket::blacklistedCertificates() connect(receiver, SIGNAL(sslErrors(QList<QSslError>)), SLOT(exitLoop())); connect(receiver, SIGNAL(encrypted()), SLOT(exitLoop())); enterLoop(1); - QList<QSslError> sslErrors = receiver->sslErrors(); + QList<QSslError> sslErrors = receiver->sslHandshakeErrors(); QVERIFY(sslErrors.count() > 0); // there are more errors (self signed cert and hostname mismatch), but we only care about the blacklist error QCOMPARE(sslErrors.at(0).error(), QSslError::CertificateBlacklisted); @@ -2972,7 +2982,7 @@ void tst_QSslSocket::resume() QCOMPARE(encryptedSpy.count(), 0); QVERIFY(!socket.isEncrypted()); QCOMPARE(errorSpy.count(), 1); - QCOMPARE(socket.error(), QAbstractSocket::SslHandshakeFailedError); + QCOMPARE(socket.socketError(), QAbstractSocket::SslHandshakeFailedError); } } @@ -4043,9 +4053,6 @@ void tst_QSslSocket::ephemeralServerKey_data() QTest::addColumn<QString>("cipher"); QTest::addColumn<bool>("emptyKey"); -#if !QT_CONFIG(opensslv11) // 1.1 drops support for RC4-SHA - QTest::newRow("NonForwardSecrecyCipher") << "RC4-SHA" << true; -#endif // !opensslv11 QTest::newRow("ForwardSecrecyCipher") << "ECDHE-RSA-AES256-SHA" << (QSslSocket::sslLibraryVersionNumber() < 0x10002000L); } @@ -4170,9 +4177,6 @@ void tst_QSslSocket::signatureAlgorithm_data() if (!QSslSocket::supportsSsl()) QSKIP("Signature algorithms cannot be tested without SSL support"); - if (QSslSocket::sslLibraryVersionNumber() < 0x10002000L) - QSKIP("Signature algorithms cannot be tested with OpenSSL < 1.0.2"); - if (QSslSocket::sslLibraryVersionNumber() >= 0x10101000L) { // FIXME: investigate if this test makes any sense with TLS 1.3. QSKIP("Test is not valid for TLS 1.3/OpenSSL 1.1.1"); @@ -4343,9 +4347,9 @@ void tst_QSslSocket::disabledProtocols() // early, preventing any real connection from ever starting. QSslSocket socket; socket.setProtocol(disabledProtocol); - QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError); + QCOMPARE(socket.socketError(), QAbstractSocket::UnknownSocketError); socket.connectToHostEncrypted(QStringLiteral("doesnotmatter.org"), 1010); - QCOMPARE(socket.error(), QAbstractSocket::SslInvalidUserDataError); + QCOMPARE(socket.socketError(), QAbstractSocket::SslInvalidUserDataError); QCOMPARE(socket.state(), QAbstractSocket::UnconnectedState); } { @@ -4355,14 +4359,14 @@ void tst_QSslSocket::disabledProtocols() QVERIFY(server.listen()); QSslSocket socket; - QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError); + QCOMPARE(socket.socketError(), QAbstractSocket::UnknownSocketError); socket.connectToHost(QHostAddress::LocalHost, server.serverPort()); QVERIFY(socket.waitForConnected(timeoutMS)); socket.setProtocol(disabledProtocol); socket.startClientEncryption(); - QCOMPARE(socket.error(), QAbstractSocket::SslInvalidUserDataError); + QCOMPARE(socket.socketError(), QAbstractSocket::SslInvalidUserDataError); } { // 2. waitForEncrypted: client-side, blocking API plus requires from us @@ -4386,7 +4390,7 @@ void tst_QSslSocket::disabledProtocols() loop.enterLoopMSecs(timeoutMS); QVERIFY(!loop.timeout()); QVERIFY(server.socket); - QCOMPARE(server.socket->error(), QAbstractSocket::SslInvalidUserDataError); + QCOMPARE(server.socket->socketError(), QAbstractSocket::SslInvalidUserDataError); } } |