diff options
Diffstat (limited to 'tests/auto/network')
75 files changed, 2459 insertions, 574 deletions
diff --git a/tests/auto/network/access/hpack/tst_hpack.cpp b/tests/auto/network/access/hpack/tst_hpack.cpp index 810745a065..d5e359db57 100644 --- a/tests/auto/network/access/hpack/tst_hpack.cpp +++ b/tests/auto/network/access/hpack/tst_hpack.cpp @@ -57,7 +57,6 @@ private Q_SLOTS: void lookupTableConstructor(); - void lookupTableStatic_data(); void lookupTableStatic(); void lookupTableDynamic(); @@ -126,7 +125,7 @@ void tst_Hpack::bitstreamConstruction() // 'Read' some data back: for (int i = 0; i < size; ++i) { uchar bitPattern = 0; - const auto bitsRead = in.peekBits(i * 8, 8, &bitPattern); + const auto bitsRead = in.peekBits(quint64(i * 8), 8, &bitPattern); QVERIFY(bitsRead == 8); QVERIFY(bitPattern == bytes[i]); } @@ -282,7 +281,7 @@ void tst_Hpack::bitstreamCompression() const auto start = QRandomGenerator::global()->bounded(uint(bytes.length()) / 2); auto end = start * 2; if (!end) - end = bytes.length() / 2; + end = unsigned(bytes.length() / 2); strings.push_back(bytes.substr(start, end - start)); const auto &s = strings.back(); totalStringBytes += s.size(); @@ -384,43 +383,21 @@ void tst_Hpack::lookupTableConstructor() } } -void tst_Hpack::lookupTableStatic_data() -{ - QTest::addColumn<QByteArray>("expectedName"); - QTest::addColumn<QByteArray>("expectedValue"); - - // Some predefined fields to find - // (they are always defined/required by HPACK). - QTest::newRow(":authority|") << QByteArray(":authority") << QByteArray(""); - QTest::newRow(":method|GET") << QByteArray(":method") << QByteArray("GET"); - QTest::newRow(":method|POST") << QByteArray(":method") << QByteArray("POST"); - QTest::newRow(":path|/") << QByteArray(":path") << QByteArray("/"); - QTest::newRow(":path|/index.html") << QByteArray(":path") << QByteArray("/index.html"); - QTest::newRow(":scheme|http") << QByteArray(":scheme") << QByteArray("http"); - QTest::newRow(":scheme|https") << QByteArray(":scheme") << QByteArray("https"); - QTest::newRow(":status|200") << QByteArray(":status") << QByteArray("200"); - QTest::newRow(":status|204") << QByteArray(":status") << QByteArray("204"); - QTest::newRow(":status|206") << QByteArray(":status") << QByteArray("206"); - QTest::newRow(":status|304") << QByteArray(":status") << QByteArray("304"); - QTest::newRow(":status|400") << QByteArray(":status") << QByteArray("400"); - QTest::newRow(":status|404") << QByteArray(":status") << QByteArray("404"); - QTest::newRow(":status|500") << QByteArray(":status") << QByteArray("500"); -} - void tst_Hpack::lookupTableStatic() { const FieldLookupTable table(0, false /*all static, no need in 'search index'*/); - - QFETCH(QByteArray, expectedName); - QFETCH(QByteArray, expectedValue); - - const quint32 index = table.indexOf(expectedName, expectedValue); - QVERIFY(index != 0); - + const auto &staticTable = FieldLookupTable::staticPart(); QByteArray name, value; - QVERIFY(table.field(index, &name, &value)); - QCOMPARE(name, expectedName); - QCOMPARE(value, expectedValue); + quint32 currentIndex = 1; // HPACK is indexing starting from 1. + for (const HeaderField &field : staticTable) { + const quint32 index = table.indexOf(field.name, field.value); + QVERIFY(index != 0); + QCOMPARE(index, currentIndex); + QVERIFY(table.field(index, &name, &value)); + QCOMPARE(name, field.name); + QCOMPARE(value, field.value); + ++currentIndex; + } } void tst_Hpack::lookupTableDynamic() diff --git a/tests/auto/network/access/http2/http2.pro b/tests/auto/network/access/http2/http2.pro index 62b685e556..646ea117f7 100644 --- a/tests/auto/network/access/http2/http2.pro +++ b/tests/auto/network/access/http2/http2.pro @@ -2,7 +2,8 @@ QT = core core-private network network-private testlib CONFIG += testcase parallel_test c++11 TARGET = tst_http2 -HEADERS += http2srv.h +INCLUDEPATH += ../../../../shared/ +HEADERS += http2srv.h ../../../../shared/emulationdetector.h SOURCES += tst_http2.cpp http2srv.cpp DEFINES += SRCDIR=\\\"$$PWD/\\\" diff --git a/tests/auto/network/access/http2/http2srv.cpp b/tests/auto/network/access/http2/http2srv.cpp index 1f9ffb8985..5a99d4e50c 100644 --- a/tests/auto/network/access/http2/http2srv.cpp +++ b/tests/auto/network/access/http2/http2srv.cpp @@ -76,11 +76,15 @@ void fill_push_header(const HttpHeader &originalRequest, HttpHeader &promisedReq } -Http2Server::Http2Server(bool h2c, const Http2::RawSettings &ss, const Http2::RawSettings &cs) - : serverSettings(ss), - expectedClientSettings(cs), - clearTextHTTP2(h2c) +Http2Server::Http2Server(H2Type type, const Http2::RawSettings &ss, const Http2::RawSettings &cs) + : connectionType(type), + serverSettings(ss), + expectedClientSettings(cs) { +#if !QT_CONFIG(ssl) + Q_ASSERT(type != H2Type::h2Alpn && type != H2Type::h2Direct); +#endif + responseBody = "<html>\n" "<head>\n" "<title>Sample \"Hello, World\" Application</title>\n" @@ -129,15 +133,15 @@ void Http2Server::redirectOpenStream(quint16 port) targetPort = port; } +bool Http2Server::isClearText() const +{ + return connectionType == H2Type::h2c || connectionType == H2Type::h2cDirect; +} + void Http2Server::startServer() { -#ifdef QT_NO_SSL - // Let the test fail with timeout. - if (!clearTextHTTP2) - return; -#endif if (listen()) { - if (clearTextHTTP2) + if (isClearText()) authority = QStringLiteral("127.0.0.1:%1").arg(serverPort()).toLatin1(); emit serverStarted(serverPort()); } @@ -146,7 +150,7 @@ void Http2Server::startServer() bool Http2Server::sendProtocolSwitchReply() { Q_ASSERT(socket); - Q_ASSERT(clearTextHTTP2 && upgradeProtocol); + Q_ASSERT(connectionType == H2Type::h2c); // The first and the last HTTP/1.1 response we send: const char response[] = "HTTP/1.1 101 Switching Protocols\r\n" "Connection: Upgrade\r\n" @@ -262,25 +266,28 @@ void Http2Server::sendWINDOW_UPDATE(quint32 streamID, quint32 delta) void Http2Server::incomingConnection(qintptr socketDescriptor) { - if (clearTextHTTP2) { + if (isClearText()) { socket.reset(new QTcpSocket); const bool set = socket->setSocketDescriptor(socketDescriptor); Q_ASSERT(set); // Stop listening: close(); - upgradeProtocol = true; + upgradeProtocol = connectionType == H2Type::h2c; QMetaObject::invokeMethod(this, "connectionEstablished", Qt::QueuedConnection); } else { -#ifndef QT_NO_SSL +#if QT_CONFIG(ssl) socket.reset(new QSslSocket); QSslSocket *sslSocket = static_cast<QSslSocket *>(socket.data()); - // Add HTTP2 as supported protocol: - auto conf = QSslConfiguration::defaultConfiguration(); - auto protos = conf.allowedNextProtocols(); - protos.prepend(QSslConfiguration::ALPNProtocolHTTP2); - conf.setAllowedNextProtocols(protos); - sslSocket->setSslConfiguration(conf); + + if (connectionType == H2Type::h2Alpn) { + // Add HTTP2 as supported protocol: + auto conf = QSslConfiguration::defaultConfiguration(); + auto protos = conf.allowedNextProtocols(); + protos.prepend(QSslConfiguration::ALPNProtocolHTTP2); + conf.setAllowedNextProtocols(protos); + sslSocket->setSslConfiguration(conf); + } // SSL-related setup ... sslSocket->setPeerVerifyMode(QSslSocket::VerifyNone); sslSocket->setProtocol(QSsl::TlsV1_2OrLater); @@ -299,7 +306,7 @@ void Http2Server::incomingConnection(qintptr socketDescriptor) connect(sslSocket, SIGNAL(encrypted()), this, SLOT(connectionEstablished())); sslSocket->startServerEncryption(); #else - Q_UNREACHABLE(); + Q_ASSERT(0); #endif } } @@ -377,7 +384,7 @@ void Http2Server::connectionEstablished() { using namespace Http2; - if (testingGOAWAY && !clearTextHTTP2) + if (testingGOAWAY && !isClearText()) return triggerGOAWAYEmulation(); // For clearTextHTTP2 we first have to respond with 'protocol switch' @@ -392,7 +399,7 @@ void Http2Server::connectionEstablished() waitingClientSettings = false; settingsSent = false; - if (clearTextHTTP2) { + if (connectionType == H2Type::h2c) { requestLine.clear(); // Now we have to handle HTTP/1.1 request. We use Get/Post in our test, // so set requestType to something unsupported: @@ -431,6 +438,13 @@ void Http2Server::readReady() if (connectionError) return; + if (redirectSent) { + // We are a "single shot" server, working in 'h2' mode, + // responding with a redirect code. Don't bother to handle + // anything else now. + return; + } + if (upgradeProtocol) { handleProtocolUpgrade(); } else if (waitingClientPreface) { @@ -800,11 +814,18 @@ void Http2Server::sendResponse(quint32 streamID, bool emptyBody) HttpHeader header; if (redirectWhileReading) { + if (redirectSent) { + // This is a "single-shot" server responding with a redirect code. + return; + } + + redirectSent = true; + qDebug("server received HEADERS frame (followed by DATA frames), redirecting ..."); Q_ASSERT(targetPort); header.push_back({":status", "308"}); const QString url("%1://localhost:%2/"); - header.push_back({"location", url.arg(clearTextHTTP2 ? QStringLiteral("http") : QStringLiteral("https"), + header.push_back({"location", url.arg(isClearText() ? QStringLiteral("http") : QStringLiteral("https"), QString::number(targetPort)).toLatin1()}); } else { diff --git a/tests/auto/network/access/http2/http2srv.h b/tests/auto/network/access/http2/http2srv.h index 87a17ced8b..4ef4b25101 100644 --- a/tests/auto/network/access/http2/http2srv.h +++ b/tests/auto/network/access/http2/http2srv.h @@ -62,21 +62,32 @@ public: Q_DECLARE_PRIVATE(Http11Reply) }; +enum class H2Type { + h2Alpn, // Secure connection, ALPN to negotiate h2. + h2c, // Clear text with protocol upgrade. + h2Direct, // Secure connection, ALPN not supported. + h2cDirect, // Clear text direct +}; + class Http2Server : public QTcpServer { Q_OBJECT public: - Http2Server(bool clearText, const Http2::RawSettings &serverSettings, + + Http2Server(H2Type type, const Http2::RawSettings &serverSettings, const Http2::RawSettings &clientSettings); ~Http2Server(); + // To be called before server started: void enablePushPromise(bool enabled, const QByteArray &path = QByteArray()); void setResponseBody(const QByteArray &body); void emulateGOAWAY(int timeout); void redirectOpenStream(quint16 targetPort); + bool isClearText() const; + // Invokables, since we can call them from the main thread, // but server (can) work on its own thread. Q_INVOKABLE void startServer(); @@ -129,6 +140,7 @@ private: QScopedPointer<QAbstractSocket> socket; + H2Type connectionType = H2Type::h2Alpn; // Connection preface: bool waitingClientPreface = false; bool waitingClientSettings = false; @@ -170,7 +182,6 @@ private: quint32 streamRecvWindowSize = Http2::defaultSessionWindowSize; QByteArray responseBody; - bool clearTextHTTP2 = false; bool pushPromiseEnabled = false; quint32 lastPromisedStream = 0; QByteArray pushPath; @@ -193,6 +204,7 @@ private: // Redirect, with status code 308, as soon as we've seen headers, while client // may still be sending DATA frames. See tst_Http2::earlyResponse(). bool redirectWhileReading = false; + bool redirectSent = false; quint16 targetPort = 0; QAtomicInt interrupted; protected slots: diff --git a/tests/auto/network/access/http2/tst_http2.cpp b/tests/auto/network/access/http2/tst_http2.cpp index 49daedf32c..53d0e7a694 100644 --- a/tests/auto/network/access/http2/tst_http2.cpp +++ b/tests/auto/network/access/http2/tst_http2.cpp @@ -48,7 +48,10 @@ #include <cstdlib> #include <string> -#if !defined(QT_NO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) +#include "emulationdetector.h" + +#if (!defined(QT_NO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT)) \ + || QT_CONFIG(schannel) // HTTP/2 over TLS requires ALPN/NPN to negotiate the protocol version. const bool clearTextHTTP2 = false; #else @@ -57,6 +60,9 @@ const bool clearTextHTTP2 = false; const bool clearTextHTTP2 = true; #endif +Q_DECLARE_METATYPE(H2Type) +Q_DECLARE_METATYPE(QNetworkRequest::Attribute) + QT_BEGIN_NAMESPACE class tst_Http2 : public QObject @@ -67,6 +73,7 @@ public: ~tst_Http2(); private slots: // Tests: + void singleRequest_data(); void singleRequest(); void multipleRequests(); void flowControlClientSide(); @@ -98,13 +105,13 @@ private: // small payload. void runEventLoop(int ms = 5000); void stopEventLoop(); - Http2Server *newServer(const Http2::RawSettings &serverSettings, + Http2Server *newServer(const Http2::RawSettings &serverSettings, H2Type connectionType, const Http2::ProtocolParameters &clientSettings = {}); // Send a get or post request, depending on a payload (empty or not). void sendRequest(int streamNumber, QNetworkRequest::Priority priority = QNetworkRequest::NormalPriority, const QByteArray &payload = QByteArray()); - QUrl requestUrl() const; + QUrl requestUrl(H2Type connnectionType) const; quint16 serverPort = 0; QThread *workerThread = nullptr; @@ -141,6 +148,11 @@ struct ServerDeleter using ServerPtr = QScopedPointer<Http2Server, ServerDeleter>; +H2Type defaultConnectionType() +{ + return clearTextHTTP2 ? H2Type::h2c : H2Type::h2Alpn; +} + } // unnamed namespace tst_Http2::tst_Http2() @@ -162,25 +174,59 @@ tst_Http2::~tst_Http2() } } +void tst_Http2::singleRequest_data() +{ + QTest::addColumn<QNetworkRequest::Attribute>("h2Attribute"); + QTest::addColumn<H2Type>("connectionType"); + + // 'Clear text' that should always work, either via the protocol upgrade + // or as direct. + QTest::addRow("h2c-upgrade") << QNetworkRequest::HTTP2AllowedAttribute << H2Type::h2c; + QTest::addRow("h2c-direct") << QNetworkRequest::Http2DirectAttribute << H2Type::h2cDirect; + + if (!clearTextHTTP2) { + // Qt with TLS where TLS-backend supports ALPN. + QTest::addRow("h2-ALPN") << QNetworkRequest::HTTP2AllowedAttribute << H2Type::h2Alpn; + } + +#if QT_CONFIG(ssl) + QTest::addRow("h2-direct") << QNetworkRequest::Http2DirectAttribute << H2Type::h2Direct; +#endif +} + void tst_Http2::singleRequest() { clearHTTP2State(); +#if QT_CONFIG(securetransport) + // Normally on macOS we use plain text only for SecureTransport + // does not support ALPN on the server side. With 'direct encrytped' + // we have to use TLS sockets (== private key) and thus suppress a + // keychain UI asking for permission to use a private key. + // Our CI has this, but somebody testing locally - will have a problem. + qputenv("QT_SSL_USE_TEMPORARY_KEYCHAIN", QByteArray("1")); + auto envRollback = qScopeGuard([](){ + qunsetenv("QT_SSL_USE_TEMPORARY_KEYCHAIN"); + }); +#endif + serverPort = 0; nRequests = 1; - ServerPtr srv(newServer(defaultServerSettings)); + QFETCH(const H2Type, connectionType); + ServerPtr srv(newServer(defaultServerSettings, connectionType)); QMetaObject::invokeMethod(srv.data(), "startServer", Qt::QueuedConnection); runEventLoop(); QVERIFY(serverPort != 0); - auto url = requestUrl(); + auto url = requestUrl(connectionType); url.setPath("/index.html"); QNetworkRequest request(url); - request.setAttribute(QNetworkRequest::HTTP2AllowedAttribute, QVariant(true)); + QFETCH(const QNetworkRequest::Attribute, h2Attribute); + request.setAttribute(h2Attribute, QVariant(true)); auto reply = manager.get(request); connect(reply, &QNetworkReply::finished, this, &tst_Http2::replyFinished); @@ -205,7 +251,7 @@ void tst_Http2::multipleRequests() serverPort = 0; nRequests = 10; - ServerPtr srv(newServer(defaultServerSettings)); + ServerPtr srv(newServer(defaultServerSettings, defaultConnectionType())); QMetaObject::invokeMethod(srv.data(), "startServer", Qt::QueuedConnection); @@ -256,7 +302,7 @@ void tst_Http2::flowControlClientSide() manager.setProperty(Http2::http2ParametersPropertyName, QVariant::fromValue(params)); const Http2::RawSettings serverSettings = {{Settings::MAX_CONCURRENT_STREAMS_ID, quint32(3)}}; - ServerPtr srv(newServer(serverSettings, params)); + ServerPtr srv(newServer(serverSettings, defaultConnectionType(), params)); const QByteArray respond(int(Http2::defaultSessionWindowSize * 10), 'x'); @@ -288,6 +334,9 @@ void tst_Http2::flowControlServerSide() // to let all replies finish without any error. using namespace Http2; + if (EmulationDetector::isRunningArmOnX86()) + QSKIP("Test is too slow to run on emulator"); + clearHTTP2State(); serverPort = 0; @@ -295,7 +344,7 @@ void tst_Http2::flowControlServerSide() const Http2::RawSettings serverSettings = {{Settings::MAX_CONCURRENT_STREAMS_ID, 7}}; - ServerPtr srv(newServer(serverSettings)); + ServerPtr srv(newServer(serverSettings, defaultConnectionType())); const QByteArray payload(int(Http2::defaultSessionWindowSize * 500), 'x'); @@ -330,7 +379,7 @@ void tst_Http2::pushPromise() params.settingsFrameData[Settings::ENABLE_PUSH_ID] = 1; manager.setProperty(Http2::http2ParametersPropertyName, QVariant::fromValue(params)); - ServerPtr srv(newServer(defaultServerSettings, params)); + ServerPtr srv(newServer(defaultServerSettings, defaultConnectionType(), params)); srv->enablePushPromise(true, QByteArray("/script.js")); QMetaObject::invokeMethod(srv.data(), "startServer", Qt::QueuedConnection); @@ -338,7 +387,7 @@ void tst_Http2::pushPromise() QVERIFY(serverPort != 0); - auto url = requestUrl(); + auto url = requestUrl(defaultConnectionType()); url.setPath("/index.html"); QNetworkRequest request(url); @@ -404,14 +453,14 @@ void tst_Http2::goaway() serverPort = 0; nRequests = 3; - ServerPtr srv(newServer(defaultServerSettings)); + ServerPtr srv(newServer(defaultServerSettings, defaultConnectionType())); srv->emulateGOAWAY(responseTimeoutMS); QMetaObject::invokeMethod(srv.data(), "startServer", Qt::QueuedConnection); runEventLoop(); QVERIFY(serverPort != 0); - auto url = requestUrl(); + auto url = requestUrl(defaultConnectionType()); // We have to store these replies, so that we can check errors later. std::vector<QNetworkReply *> replies(nRequests); for (int i = 0; i < nRequests; ++i) { @@ -451,7 +500,7 @@ void tst_Http2::earlyResponse() serverPort = 0; nRequests = 1; - ServerPtr targetServer(newServer(defaultServerSettings)); + ServerPtr targetServer(newServer(defaultServerSettings, defaultConnectionType())); QMetaObject::invokeMethod(targetServer.data(), "startServer", Qt::QueuedConnection); runEventLoop(); @@ -461,14 +510,14 @@ void tst_Http2::earlyResponse() const quint16 targetPort = serverPort; serverPort = 0; - ServerPtr redirector(newServer(defaultServerSettings)); + ServerPtr redirector(newServer(defaultServerSettings, defaultConnectionType())); redirector->redirectOpenStream(targetPort); QMetaObject::invokeMethod(redirector.data(), "startServer", Qt::QueuedConnection); runEventLoop(); QVERIFY(serverPort); - sendRequest(1, QNetworkRequest::NormalPriority, {10000000, Qt::Uninitialized}); + sendRequest(1, QNetworkRequest::NormalPriority, {1000000, Qt::Uninitialized}); runEventLoop(); @@ -501,11 +550,11 @@ void tst_Http2::stopEventLoop() eventLoop.exitLoop(); } -Http2Server *tst_Http2::newServer(const Http2::RawSettings &serverSettings, +Http2Server *tst_Http2::newServer(const Http2::RawSettings &serverSettings, H2Type connectionType, const Http2::ProtocolParameters &clientSettings) { using namespace Http2; - auto srv = new Http2Server(clearTextHTTP2, serverSettings, + auto srv = new Http2Server(connectionType, serverSettings, clientSettings.settingsFrameData); using Srv = Http2Server; @@ -530,7 +579,7 @@ void tst_Http2::sendRequest(int streamNumber, QNetworkRequest::Priority priority, const QByteArray &payload) { - auto url = requestUrl(); + auto url = requestUrl(defaultConnectionType()); url.setPath(QString("/stream%1.html").arg(streamNumber)); QNetworkRequest request(url); @@ -549,10 +598,24 @@ void tst_Http2::sendRequest(int streamNumber, connect(reply, &QNetworkReply::finished, this, &tst_Http2::replyFinished); } -QUrl tst_Http2::requestUrl() const +QUrl tst_Http2::requestUrl(H2Type connectionType) const { +#if !QT_CONFIG(ssl) + Q_ASSERT(connectionType != H2Type::h2Alpn && connectionType != H2Type::h2Direct); +#endif static auto url = QUrl(QLatin1String(clearTextHTTP2 ? "http://127.0.0.1" : "https://127.0.0.1")); url.setPort(serverPort); + // Clear text may mean no-TLS-at-all or crappy-TLS-without-ALPN. + switch (connectionType) { + case H2Type::h2Alpn: + case H2Type::h2Direct: + url.setScheme(QStringLiteral("https")); + break; + case H2Type::h2c: + case H2Type::h2cDirect: + url.setScheme(QStringLiteral("http")); + break; + } return url; } diff --git a/tests/auto/network/access/qabstractnetworkcache/qabstractnetworkcache.pro b/tests/auto/network/access/qabstractnetworkcache/qabstractnetworkcache.pro index 1874f001ab..bdd9d4eb7e 100644 --- a/tests/auto/network/access/qabstractnetworkcache/qabstractnetworkcache.pro +++ b/tests/auto/network/access/qabstractnetworkcache/qabstractnetworkcache.pro @@ -5,3 +5,5 @@ SOURCES += tst_qabstractnetworkcache.cpp TESTDATA += tests/* +QT_TEST_SERVER_LIST = apache2 +include($$dirname(_QMAKE_CONF_)/tests/auto/testserver.pri) diff --git a/tests/auto/network/access/qabstractnetworkcache/tst_qabstractnetworkcache.cpp b/tests/auto/network/access/qabstractnetworkcache/tst_qabstractnetworkcache.cpp index 0da42b8b87..182e3e9547 100644 --- a/tests/auto/network/access/qabstractnetworkcache/tst_qabstractnetworkcache.cpp +++ b/tests/auto/network/access/qabstractnetworkcache/tst_qabstractnetworkcache.cpp @@ -39,7 +39,7 @@ #include <algorithm> -#define TESTFILE QLatin1String("http://") + QtNetworkSettings::serverName() + QLatin1String("/qtest/cgi-bin/") +#define TESTFILE QLatin1String("http://") + QtNetworkSettings::httpServerName() + QLatin1String("/qtest/cgi-bin/") class tst_QAbstractNetworkCache : public QObject { @@ -127,8 +127,13 @@ Q_DECLARE_METATYPE(QNetworkRequest::CacheLoadControl) void tst_QAbstractNetworkCache::initTestCase() { +#if defined(QT_TEST_SERVER) + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpServerName(), 80)); +#else if (!QtNetworkSettings::verifyTestNetworkSettings()) QSKIP("No network test server available"); +#endif + #ifndef QT_NO_BEARERMANAGEMENT netConfMan = new QNetworkConfigurationManager(this); networkConfiguration = netConfMan->defaultConfiguration(); @@ -251,9 +256,14 @@ void tst_QAbstractNetworkCache::cacheControl_data() QTest::newRow("200-1") << QNetworkRequest::PreferNetwork << "httpcachetest_cachecontrol-expire.cgi" << false; QTest::newRow("200-2") << QNetworkRequest::AlwaysNetwork << "httpcachetest_cachecontrol.cgi?no-cache" << AlwaysFalse; - QTest::newRow("200-3") << QNetworkRequest::PreferNetwork << "httpcachetest_cachecontrol.cgi?no-cache" << false; + QTest::newRow("200-3") << QNetworkRequest::PreferNetwork << "httpcachetest_cachecontrol.cgi?no-cache" << true; QTest::newRow("200-4") << QNetworkRequest::AlwaysCache << "httpcachetest_cachecontrol.cgi?no-cache" << false; - QTest::newRow("200-5") << QNetworkRequest::PreferCache << "httpcachetest_cachecontrol.cgi?no-cache" << false; + QTest::newRow("200-5") << QNetworkRequest::PreferCache << "httpcachetest_cachecontrol.cgi?no-cache" << true; + + QTest::newRow("200-6") << QNetworkRequest::AlwaysNetwork << "httpcachetest_cachecontrol.cgi?no-store" << AlwaysFalse; + QTest::newRow("200-7") << QNetworkRequest::PreferNetwork << "httpcachetest_cachecontrol.cgi?no-store" << false; + QTest::newRow("200-8") << QNetworkRequest::AlwaysCache << "httpcachetest_cachecontrol.cgi?no-store" << false; + QTest::newRow("200-9") << QNetworkRequest::PreferCache << "httpcachetest_cachecontrol.cgi?no-store" << false; QTest::newRow("304-0") << QNetworkRequest::PreferNetwork << "httpcachetest_cachecontrol.cgi?max-age=1000" << true; diff --git a/tests/auto/network/access/qhttpnetworkconnection/qhttpnetworkconnection.pro b/tests/auto/network/access/qhttpnetworkconnection/qhttpnetworkconnection.pro index d32b651b86..69a4a50144 100644 --- a/tests/auto/network/access/qhttpnetworkconnection/qhttpnetworkconnection.pro +++ b/tests/auto/network/access/qhttpnetworkconnection/qhttpnetworkconnection.pro @@ -4,3 +4,7 @@ SOURCES += tst_qhttpnetworkconnection.cpp requires(qtConfig(private_tests)) QT = core-private network-private testlib + +QT_TEST_SERVER_LIST = apache2 +include($$dirname(_QMAKE_CONF_)/tests/auto/testserver.pri) + diff --git a/tests/auto/network/access/qhttpnetworkconnection/tst_qhttpnetworkconnection.cpp b/tests/auto/network/access/qhttpnetworkconnection/tst_qhttpnetworkconnection.cpp index 84766f5484..0a9320118d 100644 --- a/tests/auto/network/access/qhttpnetworkconnection/tst_qhttpnetworkconnection.cpp +++ b/tests/auto/network/access/qhttpnetworkconnection/tst_qhttpnetworkconnection.cpp @@ -50,6 +50,7 @@ private: bool finishedCalled; bool finishedWithErrorCalled; QNetworkReply::NetworkError netErrorCode; + QString (*httpServerName)() = QtNetworkSettings::httpServerName; private Q_SLOTS: void initTestCase(); @@ -101,7 +102,11 @@ private Q_SLOTS: void tst_QHttpNetworkConnection::initTestCase() { +#if defined(QT_TEST_SERVER) + QVERIFY(QtNetworkSettings::verifyConnection(httpServerName(), 80)); +#else QVERIFY(QtNetworkSettings::verifyTestNetworkSettings()); +#endif } void tst_QHttpNetworkConnection::options_data() @@ -126,10 +131,9 @@ void tst_QHttpNetworkConnection::head_data() QTest::addColumn<QString>("statusString"); QTest::addColumn<int>("contentLength"); - QTest::newRow("success-internal") << "http://" << QtNetworkSettings::serverName() << "/qtest/rfc3252.txt" << ushort(80) << false << 200 << "OK" << 25962; - - QTest::newRow("failure-path") << "http://" << QtNetworkSettings::serverName() << "/t" << ushort(80) << false << 404 << "Not Found" << -1; - QTest::newRow("failure-protocol") << "" << QtNetworkSettings::serverName() << "/qtest/rfc3252.txt" << ushort(80) << false << 400 << "Bad Request" << -1; + QTest::newRow("success-internal") << "http://" << httpServerName() << "/qtest/rfc3252.txt" << ushort(80) << false << 200 << "OK" << 25962; + QTest::newRow("failure-path") << "http://" << httpServerName() << "/t" << ushort(80) << false << 404 << "Not Found" << -1; + QTest::newRow("failure-protocol") << "" << httpServerName() << "/qtest/rfc3252.txt" << ushort(80) << false << 400 << "Bad Request" << -1; } void tst_QHttpNetworkConnection::head() @@ -175,10 +179,10 @@ void tst_QHttpNetworkConnection::get_data() QTest::addColumn<int>("contentLength"); QTest::addColumn<int>("downloadSize"); - QTest::newRow("success-internal") << "http://" << QtNetworkSettings::serverName() << "/qtest/rfc3252.txt" << ushort(80) << false << 200 << "OK" << 25962 << 25962; + QTest::newRow("success-internal") << "http://" << httpServerName() << "/qtest/rfc3252.txt" << ushort(80) << false << 200 << "OK" << 25962 << 25962; - QTest::newRow("failure-path") << "http://" << QtNetworkSettings::serverName() << "/t" << ushort(80) << false << 404 << "Not Found" << -1 << -1; - QTest::newRow("failure-protocol") << "" << QtNetworkSettings::serverName() << "/qtest/rfc3252.txt" << ushort(80) << false << 400 << "Bad Request" << -1 << -1; + QTest::newRow("failure-path") << "http://" << httpServerName() << "/t" << ushort(80) << false << 404 << "Not Found" << -1 << -1; + QTest::newRow("failure-protocol") << "" << httpServerName() << "/qtest/rfc3252.txt" << ushort(80) << false << 400 << "Bad Request" << -1 << -1; } void tst_QHttpNetworkConnection::get() @@ -244,8 +248,8 @@ void tst_QHttpNetworkConnection::put_data() QTest::addColumn<QString>("data"); QTest::addColumn<bool>("succeed"); - QTest::newRow("success-internal") << "http://" << QtNetworkSettings::serverName() << "/dav/file1.txt" << ushort(80) << false << "Hello World\nEnd of file\n"<<true; - QTest::newRow("fail-internal") << "http://" << QtNetworkSettings::serverName() << "/dav2/file1.txt" << ushort(80) << false << "Hello World\nEnd of file\n"<<false; + QTest::newRow("success-internal") << "http://" << httpServerName() << "/dav/file1.txt" << ushort(80) << false << "Hello World\nEnd of file\n"<<true; + QTest::newRow("fail-internal") << "http://" << httpServerName() << "/dav2/file1.txt" << ushort(80) << false << "Hello World\nEnd of file\n"<<false; QTest::newRow("fail-host") << "http://" << "invalid.test.qt-project.org" << "/dav2/file1.txt" << ushort(80) << false << "Hello World\nEnd of file\n"<<false; } @@ -324,8 +328,8 @@ void tst_QHttpNetworkConnection::post_data() QTest::addColumn<int>("contentLength"); QTest::addColumn<int>("downloadSize"); - QTest::newRow("success-internal") << "http://" << QtNetworkSettings::serverName() << "/qtest/cgi-bin/echo.cgi" << ushort(80) << false << "7 bytes" << 200 << "OK" << 7 << 7; - QTest::newRow("failure-internal") << "http://" << QtNetworkSettings::serverName() << "/t" << ushort(80) << false << "Hello World" << 404 << "Not Found" << -1 << -1; + QTest::newRow("success-internal") << "http://" << httpServerName() << "/qtest/cgi-bin/echo.cgi" << ushort(80) << false << "7 bytes" << 200 << "OK" << 7 << 7; + QTest::newRow("failure-internal") << "http://" << httpServerName() << "/t" << ushort(80) << false << "Hello World" << 404 << "Not Found" << -1 << -1; } void tst_QHttpNetworkConnection::post() @@ -449,11 +453,11 @@ void tst_QHttpNetworkConnection::get401_data() QTest::addColumn<QString>("password"); QTest::addColumn<int>("statusCode"); - QTest::newRow("no-credentials") << "http://" << QtNetworkSettings::serverName() << "/qtest/rfcs-auth/index.html" << ushort(80) << false << false << "" << ""<<401; - QTest::newRow("invalid-credentials") << "http://" << QtNetworkSettings::serverName() << "/qtest/rfcs-auth/index.html" << ushort(80) << false << true << "test" << "test"<<401; - QTest::newRow("valid-credentials") << "http://" << QtNetworkSettings::serverName() << "/qtest/rfcs-auth/index.html" << ushort(80) << false << true << "httptest" << "httptest"<<200; - QTest::newRow("digest-authentication-invalid") << "http://" << QtNetworkSettings::serverName() << "/qtest/auth-digest/index.html" << ushort(80) << false << true << "wrong" << "wrong"<<401; - QTest::newRow("digest-authentication-valid") << "http://" << QtNetworkSettings::serverName() << "/qtest/auth-digest/index.html" << ushort(80) << false << true << "httptest" << "httptest"<<200; + QTest::newRow("no-credentials") << "http://" << httpServerName() << "/qtest/rfcs-auth/index.html" << ushort(80) << false << false << "" << ""<<401; + QTest::newRow("invalid-credentials") << "http://" << httpServerName() << "/qtest/rfcs-auth/index.html" << ushort(80) << false << true << "test" << "test"<<401; + QTest::newRow("valid-credentials") << "http://" << httpServerName() << "/qtest/rfcs-auth/index.html" << ushort(80) << false << true << "httptest" << "httptest"<<200; + QTest::newRow("digest-authentication-invalid") << "http://" << httpServerName() << "/qtest/auth-digest/index.html" << ushort(80) << false << true << "wrong" << "wrong"<<401; + QTest::newRow("digest-authentication-valid") << "http://" << httpServerName() << "/qtest/auth-digest/index.html" << ushort(80) << false << true << "httptest" << "httptest"<<200; } void tst_QHttpNetworkConnection::get401() @@ -508,9 +512,9 @@ void tst_QHttpNetworkConnection::compression_data() QTest::addColumn<bool>("autoCompress"); QTest::addColumn<QString>("contentCoding"); - QTest::newRow("success-autogzip-temp") << "http://" << QtNetworkSettings::serverName() << "/qtest/rfcs/rfc2616.html" << ushort(80) << false << 200 << "OK" << -1 << 418321 << true << ""; - QTest::newRow("success-nogzip-temp") << "http://" << QtNetworkSettings::serverName() << "/qtest/rfcs/rfc2616.html" << ushort(80) << false << 200 << "OK" << 418321 << 418321 << false << "identity"; - QTest::newRow("success-manualgzip-temp") << "http://" << QtNetworkSettings::serverName() << "/qtest/deflate/rfc2616.html" << ushort(80) << false << 200 << "OK" << 119124 << 119124 << false << "gzip"; + QTest::newRow("success-autogzip-temp") << "http://" << httpServerName() << "/qtest/rfcs/rfc2616.html" << ushort(80) << false << 200 << "OK" << -1 << 418321 << true << ""; + QTest::newRow("success-nogzip-temp") << "http://" << httpServerName() << "/qtest/rfcs/rfc2616.html" << ushort(80) << false << 200 << "OK" << 418321 << 418321 << false << "identity"; + QTest::newRow("success-manualgzip-temp") << "http://" << httpServerName() << "/qtest/deflate/rfc2616.html" << ushort(80) << false << 200 << "OK" << 119124 << 119124 << false << "gzip"; } @@ -586,9 +590,9 @@ void tst_QHttpNetworkConnection::ignoresslerror_data() // fluke's certificate is signed by a non-standard authority. // Since we don't introduce that CA into the SSL verification chain, // connecting should fail. - QTest::newRow("success-init") << "https://" << QtNetworkSettings::serverName() << "/" << ushort(443) << true << true << false << 200; - QTest::newRow("success-fromSignal") << "https://" << QtNetworkSettings::serverName() << "/" << ushort(443) << true << false << true << 200; - QTest::newRow("failure") << "https://" << QtNetworkSettings::serverName() << "/" << ushort(443) << true << false << false << 100; + QTest::newRow("success-init") << "https://" << httpServerName() << "/" << ushort(443) << true << true << false << 200; + QTest::newRow("success-fromSignal") << "https://" << httpServerName() << "/" << ushort(443) << true << false << true << 200; + QTest::newRow("failure") << "https://" << httpServerName() << "/" << ushort(443) << true << false << false << 100; } void tst_QHttpNetworkConnection::ignoresslerror() @@ -635,7 +639,7 @@ void tst_QHttpNetworkConnection::nossl_data() QTest::addColumn<bool>("encrypt"); QTest::addColumn<QNetworkReply::NetworkError>("networkError"); - QTest::newRow("protocol-error") << "https://" << QtNetworkSettings::serverName() << "/" << ushort(443) << true <<QNetworkReply::ProtocolUnknownError; + QTest::newRow("protocol-error") << "https://" << httpServerName() << "/" << ushort(443) << true <<QNetworkReply::ProtocolUnknownError; } void tst_QHttpNetworkConnection::nossl() @@ -696,7 +700,7 @@ void tst_QHttpNetworkConnection::getMultiple() QFETCH(bool, pipeliningAllowed); QFETCH(int, requestCount); - QHttpNetworkConnection connection(connectionCount, QtNetworkSettings::serverName()); + QHttpNetworkConnection connection(connectionCount, httpServerName()); QList<QHttpNetworkRequest*> requests; QList<QHttpNetworkReply*> replies; @@ -705,7 +709,7 @@ void tst_QHttpNetworkConnection::getMultiple() // depending on what you use the results will vary. // for the "real" results, use a URL that has "internet latency" for you. Then (6 connections, pipelining) will win. // for LAN latency, you will possibly get that (1 connection, no pipelining) is the fastest - QHttpNetworkRequest *request = new QHttpNetworkRequest("http://" + QtNetworkSettings::serverName() + "/qtest/rfc3252.txt"); + QHttpNetworkRequest *request = new QHttpNetworkRequest("http://" + httpServerName() + "/qtest/rfc3252.txt"); if (pipeliningAllowed) request->setPipeliningAllowed(true); requests.append(request); @@ -723,7 +727,7 @@ void tst_QHttpNetworkConnection::getMultipleWithPipeliningAndMultiplePriorities( quint16 requestCount = 100; // use 2 connections. - QHttpNetworkConnection connection(2, QtNetworkSettings::serverName()); + QHttpNetworkConnection connection(2, httpServerName()); QList<QHttpNetworkRequest*> requests; QList<QHttpNetworkReply*> replies; @@ -731,9 +735,9 @@ void tst_QHttpNetworkConnection::getMultipleWithPipeliningAndMultiplePriorities( for (int i = 0; i < requestCount; i++) { QHttpNetworkRequest *request = 0; if (i % 3) - request = new QHttpNetworkRequest("http://" + QtNetworkSettings::serverName() + "/qtest/rfc3252.txt", QHttpNetworkRequest::Get); + request = new QHttpNetworkRequest("http://" + httpServerName() + "/qtest/rfc3252.txt", QHttpNetworkRequest::Get); else - request = new QHttpNetworkRequest("http://" + QtNetworkSettings::serverName() + "/qtest/rfc3252.txt", QHttpNetworkRequest::Head); + request = new QHttpNetworkRequest("http://" + httpServerName() + "/qtest/rfc3252.txt", QHttpNetworkRequest::Head); if (i % 2 || i % 3) request->setPipeliningAllowed(true); @@ -800,9 +804,9 @@ void tst_QHttpNetworkConnection::getMultipleWithPriorities() { quint16 requestCount = 100; // use 2 connections. - QHttpNetworkConnection connection(2, QtNetworkSettings::serverName()); + QHttpNetworkConnection connection(2, httpServerName()); GetMultipleWithPrioritiesReceiver receiver(requestCount); - QUrl url("http://" + QtNetworkSettings::serverName() + "/qtest/rfc3252.txt"); + QUrl url("http://" + httpServerName() + "/qtest/rfc3252.txt"); QList<QHttpNetworkRequest*> requests; QList<QHttpNetworkReply*> replies; @@ -854,10 +858,10 @@ void tst_QHttpNetworkConnection::getEmptyWithPipelining() { quint16 requestCount = 50; // use 2 connections. - QHttpNetworkConnection connection(2, QtNetworkSettings::serverName()); + QHttpNetworkConnection connection(2, httpServerName()); GetEmptyWithPipeliningReceiver receiver(requestCount); - QUrl url("http://" + QtNetworkSettings::serverName() + "/cgi-bin/echo.cgi"); // a get on this = getting an empty file + QUrl url("http://" + httpServerName() + "/cgi-bin/echo.cgi"); // a get on this = getting an empty file QList<QHttpNetworkRequest*> requests; QList<QHttpNetworkReply*> replies; @@ -901,8 +905,8 @@ void tst_QHttpNetworkConnection::getAndEverythingShouldBePipelined() { quint16 requestCount = 100; // use 1 connection. - QHttpNetworkConnection connection(1, QtNetworkSettings::serverName()); - QUrl url("http://" + QtNetworkSettings::serverName() + "/qtest/rfc3252.txt"); + QHttpNetworkConnection connection(1, httpServerName()); + QUrl url("http://" + httpServerName() + "/qtest/rfc3252.txt"); QList<QHttpNetworkRequest*> requests; QList<QHttpNetworkReply*> replies; @@ -937,8 +941,8 @@ void tst_QHttpNetworkConnection::getAndThenDeleteObject_data() void tst_QHttpNetworkConnection::getAndThenDeleteObject() { // yes, this will leak if the testcase fails. I don't care. It must not fail then :P - QHttpNetworkConnection *connection = new QHttpNetworkConnection(QtNetworkSettings::serverName()); - QHttpNetworkRequest request("http://" + QtNetworkSettings::serverName() + "/qtest/bigfile"); + QHttpNetworkConnection *connection = new QHttpNetworkConnection(httpServerName()); + QHttpNetworkRequest request("http://" + httpServerName() + "/qtest/bigfile"); QHttpNetworkReply *reply = connection->sendRequest(request); reply->setDownstreamLimited(true); diff --git a/tests/auto/network/access/qnetworkcookiejar/tst_qnetworkcookiejar.cpp b/tests/auto/network/access/qnetworkcookiejar/tst_qnetworkcookiejar.cpp index 6c3443a735..45abb6aa05 100644 --- a/tests/auto/network/access/qnetworkcookiejar/tst_qnetworkcookiejar.cpp +++ b/tests/auto/network/access/qnetworkcookiejar/tst_qnetworkcookiejar.cpp @@ -60,12 +60,15 @@ private slots: class MyCookieJar: public QNetworkCookieJar { public: + ~MyCookieJar() override; inline QList<QNetworkCookie> allCookies() const { return QNetworkCookieJar::allCookies(); } inline void setAllCookies(const QList<QNetworkCookie> &cookieList) { QNetworkCookieJar::setAllCookies(cookieList); } }; +MyCookieJar::~MyCookieJar() = default; + void tst_QNetworkCookieJar::getterSetter() { MyCookieJar jar; diff --git a/tests/auto/network/access/qnetworkreply/BLACKLIST b/tests/auto/network/access/qnetworkreply/BLACKLIST index fab8224431..4d29a830e9 100644 --- a/tests/auto/network/access/qnetworkreply/BLACKLIST +++ b/tests/auto/network/access/qnetworkreply/BLACKLIST @@ -8,6 +8,9 @@ windows * [getErrors:ftp-host] linux +# QTBUG-71953 +[getFromHttp:success-external] +* [getFromHttpIntoBuffer] windows [getFromHttpIntoBuffer2] diff --git a/tests/auto/network/access/qnetworkreply/certs/qt-test-server-host-network-cacert.pem b/tests/auto/network/access/qnetworkreply/certs/qt-test-server-host-network-cacert.pem new file mode 100644 index 0000000000..5bdce3a3f9 --- /dev/null +++ b/tests/auto/network/access/qnetworkreply/certs/qt-test-server-host-network-cacert.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIClzCCAgACCQDeuuUc2HkfKDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEChMC +UXQxGTAXBgNVBAsTEENvcmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5v +Ym9keS5xdC5pbzENMAsGA1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UE +BhMCTk8xHTAbBgNVBAMTFHF0LXRlc3Qtc2VydmVyLmxvY2FsMB4XDTE5MDEyNTE1 +NDE0N1oXDTQ5MDExNzE1NDE0N1owgY8xCzAJBgNVBAoTAlF0MRkwFwYDVQQLExBD +b3JlIEFuZCBOZXR3b3JrMRswGQYJKoZIhvcNAQkBFgxub2JvZHkucXQuaW8xDTAL +BgNVBAcTBE9zbG8xDTALBgNVBAgTBE9zbG8xCzAJBgNVBAYTAk5PMR0wGwYDVQQD +ExRxdC10ZXN0LXNlcnZlci5sb2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAzarbb9Y0yafxwL7kQRgZ4gLJIuan1boDLp4oevRfGndfd6kRO49+8C7Gnus6 +2RLXwQxR6CRSPyPDQgwRxvIcoUL+tMJpg633cLEYFcwgKGIw8CwV5jMZr8PrHMCR +9xFolFD4STcIMtc+dd+jvGkAFd7Nhw9cAmuCyAF9avAd3HMCAwEAATANBgkqhkiG +9w0BAQQFAAOBgQB1dxK3Ia4sCpvSikKLaf1ZXu+9GKaNWKJe9bWex9/RmNOla9N2 +FIh6/CfaPFDy/OXCkyEiGg78iyg/DgqVoa9JJGV3diI6berisHMPJpv1syyz9YEU +G3RQUClPcPV6EcedyqCdpbnIFtiSZbtJ0ZBGef4KzBN3rTmPucKb+bhMPg== +-----END CERTIFICATE----- diff --git a/tests/auto/network/access/qnetworkreply/echo/echo.pro b/tests/auto/network/access/qnetworkreply/echo/echo.pro index 1f05fd9a54..3e304f4105 100644 --- a/tests/auto/network/access/qnetworkreply/echo/echo.pro +++ b/tests/auto/network/access/qnetworkreply/echo/echo.pro @@ -1,4 +1,4 @@ SOURCES += main.cpp QT = core -CONFIG -= app_bundle debug_and_release_target -CONFIG += console +CONFIG -= debug_and_release_target +CONFIG += cmdline diff --git a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp index 30b41da515..eb956bec30 100644 --- a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp +++ b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp @@ -123,7 +123,7 @@ class tst_QNetworkReply: public QObject if (!seedCreated) { seedCreated = true; // not thread-safe, but who cares } - return QString::number(QTime(0, 0, 0).msecsTo(QTime::currentTime())) + return QString::number(QTime::currentTime().msecsSinceStartOfDay()) + QLatin1Char('-') + QString::number(QCoreApplication::applicationPid()) + QLatin1Char('-') + QString::number(QRandomGenerator::global()->generate()); } @@ -550,8 +550,15 @@ static void setupSslServer(QSslSocket* serverSocket) } #ifdef QT_TEST_SERVER +#ifdef QT_TEST_SERVER_NAME +// In this case, each server is assigned a unique hostname. Use the wildcard SSL +// certificate (*.test-net.qt.local). const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-net-cacert.pem"; #else +// Otherwise, select the single-name SSL certificate (qt-test-server.local) instead. +const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-server-host-network-cacert.pem"; +#endif // QT_TEST_SERVER_NAME +#else const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-server-cacert.pem"; #endif @@ -1809,6 +1816,11 @@ void tst_QNetworkReply::getFromFileSpecial_data() void tst_QNetworkReply::getFromFileSpecial() { +#if defined(QT_TEST_SERVER) && defined(Q_OS_WIN) + if (qstrcmp(QTest::currentDataTag(), "smb-path") == 0) + QSKIP("Docker-based test server doesn't support smb protocol yet"); +#endif + QFETCH(QString, fileName); QFETCH(QString, url); @@ -3202,6 +3214,11 @@ void tst_QNetworkReply::ioGetFromFileSpecial_data() void tst_QNetworkReply::ioGetFromFileSpecial() { +#if defined(QT_TEST_SERVER) && defined(Q_OS_WIN) + if (qstrcmp(QTest::currentDataTag(), "smb-path") == 0) + QSKIP("Docker-based test server doesn't support smb protocol yet"); +#endif + QFETCH(QString, fileName); QFETCH(QString, url); @@ -3959,7 +3976,7 @@ void tst_QNetworkReply::ioGetFromHttpWithCache_data() "HTTP/1.0 200\r\n" "Connection: keep-alive\r\n" "Content-Type: text/plain\r\n" - "Cache-control: no-cache\r\n" + "Cache-control: no-store\r\n" "Content-length: 8\r\n" "\r\n" "Reloaded"; @@ -3985,6 +4002,33 @@ void tst_QNetworkReply::ioGetFromHttpWithCache_data() content.second = "Not-reloaded"; content.first.setLastModified(past); + // "no-cache" + rawHeaders.clear(); + rawHeaders << QNetworkCacheMetaData::RawHeader("Date", QLocale::c().toString(past, dateFormat).toLatin1()) + << QNetworkCacheMetaData::RawHeader("Cache-control", "no-cache"); + content.first.setRawHeaders(rawHeaders); + content.first.setLastModified(past); + content.first.setExpirationDate(future); + + // "no-cache" does not mean "no cache", just that we must consult remote first + QTest::newRow("no-cache,200,always-network") + << reply200 << "Reloaded" << content << int(QNetworkRequest::AlwaysNetwork) << QStringList() << false << true; + QTest::newRow("no-cache,200,prefer-network") + << reply200 << "Reloaded" << content << int(QNetworkRequest::PreferNetwork) << QStringList() << false << true; + QTest::newRow("no-cache,200,prefer-cache") + << reply200 << "Reloaded" << content << int(QNetworkRequest::PreferCache) << QStringList() << false << true; + // We're not allowed by the spec to deliver cached data without checking if it is still + // up-to-date. + QTest::newRow("no-cache,200,always-cache") + << reply200 << QString() << content << int(QNetworkRequest::AlwaysCache) << QStringList() << false << false; + + QTest::newRow("no-cache,304,prefer-network") + << reply304 << "Not-reloaded" << content << int(QNetworkRequest::PreferNetwork) << QStringList() << true << true; + QTest::newRow("no-cache,304,prefer-cache") + << reply304 << "Not-reloaded" << content << int(QNetworkRequest::PreferCache) << QStringList() << true << true; + QTest::newRow("no-cache,304,always-cache") + << reply304 << QString() << content << int(QNetworkRequest::AlwaysCache) << QStringList() << false << false; + // // Set to expired // diff --git a/tests/auto/network/bearer/qnetworksession/lackey/lackey.pro b/tests/auto/network/bearer/qnetworksession/lackey/lackey.pro index 1605b31d94..dd83d905e6 100644 --- a/tests/auto/network/bearer/qnetworksession/lackey/lackey.pro +++ b/tests/auto/network/bearer/qnetworksession/lackey/lackey.pro @@ -5,5 +5,4 @@ QT = core network DESTDIR = ./ -win32:CONFIG += console -mac:CONFIG -= app_bundle +CONFIG += cmdline diff --git a/tests/auto/network/kernel/qauthenticator/tst_qauthenticator.cpp b/tests/auto/network/kernel/qauthenticator/tst_qauthenticator.cpp index 55053842dc..8cef351554 100644 --- a/tests/auto/network/kernel/qauthenticator/tst_qauthenticator.cpp +++ b/tests/auto/network/kernel/qauthenticator/tst_qauthenticator.cpp @@ -93,7 +93,7 @@ void tst_QAuthenticator::basicAuth() QCOMPARE(priv->phase, QAuthenticatorPrivate::Start); - QCOMPARE(priv->calculateResponse("GET", "/").constData(), QByteArray("Basic " + expectedReply).constData()); + QCOMPARE(priv->calculateResponse("GET", "/", "").constData(), QByteArray("Basic " + expectedReply).constData()); } void tst_QAuthenticator::ntlmAuth_data() @@ -133,9 +133,9 @@ void tst_QAuthenticator::ntlmAuth() headers << qMakePair<QByteArray, QByteArray>("WWW-Authenticate", "NTLM"); priv->parseHttpResponse(headers, /*isProxy = */ false); if (sso) - QVERIFY(priv->calculateResponse("GET", "/").startsWith("NTLM ")); + QVERIFY(priv->calculateResponse("GET", "/", "").startsWith("NTLM ")); else - QCOMPARE(priv->calculateResponse("GET", "/").constData(), "NTLM TlRMTVNTUAABAAAABYIIAAAAAAAAAAAAAAAAAAAAAAA="); + QCOMPARE(priv->calculateResponse("GET", "/", "").constData(), "NTLM TlRMTVNTUAABAAAABYIIAAAAAAAAAAAAAAAAAAAAAAA="); // NTLM phase 2: challenge headers.clear(); @@ -146,7 +146,7 @@ void tst_QAuthenticator::ntlmAuth() QEXPECT_FAIL("with-realm-sso", "NTLM authentication code doesn't extract the realm", Continue); QCOMPARE(auth.realm(), realm); - QVERIFY(priv->calculateResponse("GET", "/").startsWith("NTLM ")); + QVERIFY(priv->calculateResponse("GET", "/", "").startsWith("NTLM ")); } void tst_QAuthenticator::equalityOperators() diff --git a/tests/auto/network/kernel/qhostinfo/tst_qhostinfo.cpp b/tests/auto/network/kernel/qhostinfo/tst_qhostinfo.cpp index 82825f608c..da6e02210b 100644 --- a/tests/auto/network/kernel/qhostinfo/tst_qhostinfo.cpp +++ b/tests/auto/network/kernel/qhostinfo/tst_qhostinfo.cpp @@ -179,7 +179,6 @@ void tst_QHostInfo::staticInformation() void tst_QHostInfo::initTestCase() { - QVERIFY(QtNetworkSettings::verifyTestNetworkSettings()); #ifndef QT_NO_BEARERMANAGEMENT //start the default network netConfMan = new QNetworkConfigurationManager(this); @@ -240,8 +239,6 @@ void tst_QHostInfo::lookupIPv4_data() QTest::addColumn<QString>("addresses"); QTest::addColumn<int>("err"); - // Test server lookup - QTest::newRow("lookup_01") << QtNetworkSettings::serverName() << QtNetworkSettings::serverIP().toString() << int(QHostInfo::NoError); QTest::newRow("empty") << "" << "" << int(QHostInfo::HostNotFound); QTest::newRow("single_ip4") << "a-single" TEST_DOMAIN << "192.0.2.1" << int(QHostInfo::NoError); @@ -396,6 +393,68 @@ void tst_QHostInfo::lookupConnectToLambda() QCOMPARE(tmp.join(' '), expected.join(' ')); } +static QStringList reverseLookupHelper(const QString &ip) +{ + QStringList results; + + const QString pythonCode = + "import socket;" + "import sys;" + "print (socket.getnameinfo((sys.argv[1], 0), 0)[0]);"; + + QList<QByteArray> lines; + QProcess python; + python.setProcessChannelMode(QProcess::ForwardedErrorChannel); + python.start("python", QStringList() << QString("-c") << pythonCode << ip); + if (python.waitForFinished()) { + if (python.exitStatus() == QProcess::NormalExit && python.exitCode() == 0) + lines = python.readAllStandardOutput().split('\n'); + for (QByteArray line : lines) { + if (!line.isEmpty()) + results << line.trimmed(); + } + if (!results.isEmpty()) + return results; + } + + qDebug() << "Python failed, falling back to nslookup"; + QProcess lookup; + lookup.setProcessChannelMode(QProcess::ForwardedErrorChannel); + lookup.start("nslookup", QStringList(ip)); + if (!lookup.waitForFinished()) { + results << "nslookup failure"; + qDebug() << "nslookup failure"; + return results; + } + lines = lookup.readAllStandardOutput().split('\n'); + + QByteArray name; + + const QByteArray nameMarkerNix("name ="); + const QByteArray nameMarkerWin("Name:"); + const QByteArray addressMarkerWin("Address:"); + + for (QByteArray line : lines) { + int index = -1; + if ((index = line.indexOf(nameMarkerNix)) != -1) { // Linux and macOS + name = line.mid(index + nameMarkerNix.length()).chopped(1).trimmed(); + results << name; + } else if (line.startsWith(nameMarkerWin)) { // Windows formatting + name = line.mid(line.lastIndexOf(" ")).trimmed(); + } else if (line.startsWith(addressMarkerWin)) { + QByteArray address = line.mid(addressMarkerWin.length()).trimmed(); + if (address == ip) { + results << name; + } + } + } + + if (results.isEmpty()) { + qDebug() << "Failure to parse nslookup output: " << lines; + } + return results; +} + void tst_QHostInfo::reverseLookup_data() { QTest::addColumn<QString>("address"); @@ -403,8 +462,8 @@ void tst_QHostInfo::reverseLookup_data() QTest::addColumn<int>("err"); QTest::addColumn<bool>("ipv6"); - QTest::newRow("google-public-dns-a.google.com") << QString("8.8.8.8") << QStringList(QString("google-public-dns-a.google.com")) << 0 << false; - QTest::newRow("gitorious.org") << QString("87.238.52.168") << QStringList(QString("gitorious.org")) << 0 << false; + QTest::newRow("dns.google") << QString("8.8.8.8") << reverseLookupHelper("8.8.8.8") << 0 << false; + QTest::newRow("one.one.one.one") << QString("1.1.1.1") << reverseLookupHelper("1.1.1.1") << 0 << false; QTest::newRow("bogus-name") << QString("1::2::3::4") << QStringList() << 1 << true; } @@ -422,6 +481,8 @@ void tst_QHostInfo::reverseLookup() QHostInfo info = QHostInfo::fromName(address); if (err == 0) { + if (!hostNames.contains(info.hostName())) + qDebug() << "Failure: expecting" << hostNames << ",got " << info.hostName(); QVERIFY(hostNames.contains(info.hostName())); QCOMPARE(info.addresses().first(), QHostAddress(address)); } else { diff --git a/tests/auto/network/kernel/qnetworkdatagram/tst_qnetworkdatagram.cpp b/tests/auto/network/kernel/qnetworkdatagram/tst_qnetworkdatagram.cpp index 5eedd1043b..cd6019090f 100644 --- a/tests/auto/network/kernel/qnetworkdatagram/tst_qnetworkdatagram.cpp +++ b/tests/auto/network/kernel/qnetworkdatagram/tst_qnetworkdatagram.cpp @@ -131,7 +131,7 @@ void tst_QNetworkDatagram::makeReply() QNetworkDatagram copy = dgram; copy.setData(copy.data()); { - QNetworkDatagram reply = qMove(copy).makeReply("World"); + QNetworkDatagram reply = std::move(copy).makeReply("World"); QCOMPARE(reply.data(), QByteArray("World")); QCOMPARE(reply.senderAddress(), QHostAddress(localAddress)); QCOMPARE(reply.senderPort(), localAddress.isEmpty() ? -1 : dgram.destinationPort()); diff --git a/tests/auto/network/socket/qhttpsocketengine/qhttpsocketengine.pro b/tests/auto/network/socket/qhttpsocketengine/qhttpsocketengine.pro index 56a4fb8aee..492bb6aa8d 100644 --- a/tests/auto/network/socket/qhttpsocketengine/qhttpsocketengine.pro +++ b/tests/auto/network/socket/qhttpsocketengine/qhttpsocketengine.pro @@ -10,3 +10,8 @@ MOC_DIR=tmp requires(qtConfig(private_tests)) QT = core-private network-private testlib +# TODO: For now linux-only, because cyrus is linux-only atm ... +linux { + QT_TEST_SERVER_LIST = squid danted cyrus apache2 + include($$dirname(_QMAKE_CONF_)/tests/auto/testserver.pri) +} diff --git a/tests/auto/network/socket/qhttpsocketengine/tst_qhttpsocketengine.cpp b/tests/auto/network/socket/qhttpsocketengine/tst_qhttpsocketengine.cpp index 68f3ea059b..cdc6fef663 100644 --- a/tests/auto/network/socket/qhttpsocketengine/tst_qhttpsocketengine.cpp +++ b/tests/auto/network/socket/qhttpsocketengine/tst_qhttpsocketengine.cpp @@ -122,7 +122,14 @@ public slots: void tst_QHttpSocketEngine::initTestCase() { +#ifdef QT_TEST_SERVER + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3128)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1080)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpServerName(), 80)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::imapServerName(), 143)); +#else QVERIFY(QtNetworkSettings::verifyTestNetworkSettings()); +#endif } void tst_QHttpSocketEngine::init() @@ -171,7 +178,7 @@ void tst_QHttpSocketEngine::errorTest_data() QTest::newRow("proxy-host-not-found") << "this-host-does-not-exist." << 1080 << QString() << QString() << int(QAbstractSocket::ProxyNotFoundError); - QTest::newRow("proxy-connection-refused") << QtNetworkSettings::serverName() << 2 << QString() + QTest::newRow("proxy-connection-refused") << QtNetworkSettings::socksProxyServerName() << 2 << QString() << QString() << int(QAbstractSocket::ProxyConnectionRefusedError); @@ -278,13 +285,12 @@ void tst_QHttpSocketEngine::simpleConnectToIMAP() QVERIFY(socketDevice.initialize(QAbstractSocket::TcpSocket, QAbstractSocket::IPv4Protocol)); QCOMPARE(socketDevice.state(), QAbstractSocket::UnconnectedState); - socketDevice.setProxy(QNetworkProxy(QNetworkProxy::HttpProxy, QtNetworkSettings::serverName(), 3128)); - - QVERIFY(!socketDevice.connectToHost(QtNetworkSettings::serverIP(), 143)); + socketDevice.setProxy(QNetworkProxy(QNetworkProxy::HttpProxy, QtNetworkSettings::httpProxyServerName(), 3128)); + QVERIFY(!socketDevice.connectToHost(QtNetworkSettings::imapServerIp(), 143)); QCOMPARE(socketDevice.state(), QAbstractSocket::ConnectingState); QVERIFY(socketDevice.waitForWrite()); QCOMPARE(socketDevice.state(), QAbstractSocket::ConnectedState); - QCOMPARE(socketDevice.peerAddress(), QtNetworkSettings::serverIP()); + QCOMPARE(socketDevice.peerAddress(), QtNetworkSettings::imapServerIp()); QVERIFY(!socketDevice.localAddress().isNull()); QVERIFY(socketDevice.localPort() > 0); @@ -292,10 +298,10 @@ void tst_QHttpSocketEngine::simpleConnectToIMAP() QVERIFY(socketDevice.waitForRead()); // Read the greeting - qint64 available = socketDevice.bytesAvailable(); + qint64 available = int(socketDevice.bytesAvailable()); QVERIFY(available > 0); QByteArray array; - array.resize(available); + array.resize(int(available)); QVERIFY(socketDevice.read(array.data(), array.size()) == available); // Check that the greeting is what we expect it to be @@ -310,9 +316,9 @@ void tst_QHttpSocketEngine::simpleConnectToIMAP() // Wait for the response QVERIFY(socketDevice.waitForRead()); - available = socketDevice.bytesAvailable(); + available = int(socketDevice.bytesAvailable()); QVERIFY(available > 0); - array.resize(available); + array.resize(int(available)); QVERIFY(socketDevice.read(array.data(), array.size()) == available); // Check that the greeting is what we expect it to be @@ -321,7 +327,7 @@ void tst_QHttpSocketEngine::simpleConnectToIMAP() // Wait for the response QVERIFY(socketDevice.waitForRead()); char c; - QCOMPARE(socketDevice.read(&c, sizeof(c)), (qint64) -1); + QCOMPARE(socketDevice.read(&c, sizeof(c)), qint64(-1)); QCOMPARE(socketDevice.error(), QAbstractSocket::RemoteHostClosedError); QCOMPARE(socketDevice.state(), QAbstractSocket::UnconnectedState); } @@ -335,10 +341,10 @@ void tst_QHttpSocketEngine::simpleErrorsAndStates() // Initialize device QVERIFY(socketDevice.initialize(QAbstractSocket::TcpSocket, QAbstractSocket::IPv4Protocol)); - socketDevice.setProxy(QNetworkProxy(QNetworkProxy::HttpProxy, QtNetworkSettings::serverName(), 3128)); + socketDevice.setProxy(QNetworkProxy(QNetworkProxy::HttpProxy, QtNetworkSettings::httpProxyServerName(), 3128)); QCOMPARE(socketDevice.state(), QAbstractSocket::UnconnectedState); - QVERIFY(!socketDevice.connectToHost(QHostAddress(QtNetworkSettings::serverName()), 8088)); + QVERIFY(!socketDevice.connectToHost(QHostAddress(QtNetworkSettings::socksProxyServerName()), 8088)); QCOMPARE(socketDevice.state(), QAbstractSocket::ConnectingState); if (socketDevice.waitForWrite(30000)) { QVERIFY(socketDevice.state() == QAbstractSocket::ConnectedState || @@ -422,7 +428,7 @@ void tst_QHttpSocketEngine::tcpSocketBlockingTest() QTcpSocket socket; // Connect - socket.connectToHost(QtNetworkSettings::serverName(), 143); + socket.connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket.waitForConnected()); QCOMPARE(socket.state(), QTcpSocket::ConnectedState); @@ -479,7 +485,7 @@ void tst_QHttpSocketEngine::tcpSocketNonBlockingTest() tcpSocketNonBlocking_socket = &socket; // Connect - socket.connectToHost(QtNetworkSettings::serverName(), 143); + socket.connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket.state() == QTcpSocket::HostLookupState || socket.state() == QTcpSocket::ConnectingState); @@ -607,13 +613,13 @@ void tst_QHttpSocketEngine::downloadBigFile() connect(tmpSocket, SIGNAL(connected()), SLOT(exitLoopSlot())); connect(tmpSocket, SIGNAL(readyRead()), SLOT(downloadBigFileSlot())); - tmpSocket->connectToHost(QtNetworkSettings::serverName(), 80); + tmpSocket->connectToHost(QtNetworkSettings::httpServerName(), 80); QTestEventLoop::instance().enterLoop(30); if (QTestEventLoop::instance().timeout()) QFAIL("Network operation timed out"); - QByteArray hostName = QtNetworkSettings::serverName().toLatin1(); + QByteArray hostName = QtNetworkSettings::httpServerName().toLatin1(); QCOMPARE(tmpSocket->state(), QAbstractSocket::ConnectedState); QVERIFY(tmpSocket->write("GET /qtest/mediumfile HTTP/1.0\r\n") > 0); QVERIFY(tmpSocket->write("Host: ") > 0); @@ -664,13 +670,13 @@ void tst_QHttpSocketEngine::passwordAuth() QVERIFY(socketDevice.initialize(QAbstractSocket::TcpSocket, QAbstractSocket::IPv4Protocol)); QCOMPARE(socketDevice.state(), QAbstractSocket::UnconnectedState); - socketDevice.setProxy(QNetworkProxy(QNetworkProxy::HttpProxy, QtNetworkSettings::serverName(), 3128, "qsockstest", "password")); + socketDevice.setProxy(QNetworkProxy(QNetworkProxy::HttpProxy, QtNetworkSettings::httpProxyServerName(), 3128, "qsockstest", "password")); - QVERIFY(!socketDevice.connectToHost(QtNetworkSettings::serverIP(), 143)); + QVERIFY(!socketDevice.connectToHost(QtNetworkSettings::imapServerIp(), 143)); QCOMPARE(socketDevice.state(), QAbstractSocket::ConnectingState); QVERIFY(socketDevice.waitForWrite()); QCOMPARE(socketDevice.state(), QAbstractSocket::ConnectedState); - QCOMPARE(socketDevice.peerAddress(), QtNetworkSettings::serverIP()); + QCOMPARE(socketDevice.peerAddress(), QtNetworkSettings::imapServerIp()); // Wait for the greeting QVERIFY(socketDevice.waitForRead()); diff --git a/tests/auto/network/socket/qlocalsocket/socketprocess/socketprocess.pro b/tests/auto/network/socket/qlocalsocket/socketprocess/socketprocess.pro index 643c4c5733..e11ed5644b 100644 --- a/tests/auto/network/socket/qlocalsocket/socketprocess/socketprocess.pro +++ b/tests/auto/network/socket/qlocalsocket/socketprocess/socketprocess.pro @@ -3,7 +3,6 @@ QT = core network testlib DESTDIR = ./ TARGET = socketprocess -win32:CONFIG += console -mac:CONFIG -= app_bundle +CONFIG += cmdline SOURCES += main.cpp diff --git a/tests/auto/network/socket/qlocalsocket/tst_qlocalsocket.cpp b/tests/auto/network/socket/qlocalsocket/tst_qlocalsocket.cpp index 779d55a77a..45ab275510 100644 --- a/tests/auto/network/socket/qlocalsocket/tst_qlocalsocket.cpp +++ b/tests/auto/network/socket/qlocalsocket/tst_qlocalsocket.cpp @@ -962,9 +962,6 @@ void tst_QLocalSocket::processConnection() #if !QT_CONFIG(process) QSKIP("No qprocess support", SkipAll); #else -#ifdef Q_OS_MAC - QSKIP("The processConnection test is unstable on Mac. See QTBUG-39986."); -#endif #ifdef Q_OS_WIN const QString exeSuffix = QStringLiteral(".exe"); diff --git a/tests/auto/network/socket/qsocks5socketengine/BLACKLIST b/tests/auto/network/socket/qsocks5socketengine/BLACKLIST index 60526827bf..8af3cea8dc 100644 --- a/tests/auto/network/socket/qsocks5socketengine/BLACKLIST +++ b/tests/auto/network/socket/qsocks5socketengine/BLACKLIST @@ -2,6 +2,9 @@ * [passwordAuth] * +# QTBUG-74162 +[passwordAuth2] +* [serverTest] windows [downloadBigFile] diff --git a/tests/auto/network/socket/qsocks5socketengine/qsocks5socketengine.pro b/tests/auto/network/socket/qsocks5socketengine/qsocks5socketengine.pro index 71ceafa133..ca9e44873c 100644 --- a/tests/auto/network/socket/qsocks5socketengine/qsocks5socketengine.pro +++ b/tests/auto/network/socket/qsocks5socketengine/qsocks5socketengine.pro @@ -11,3 +11,9 @@ MOC_DIR=tmp QT = core-private network-private testlib requires(qtConfig(private_tests)) + +# Only on Linux until cyrus has been added to docker-compose-for-{windows,macOS}.yml and tested +linux { + QT_TEST_SERVER_LIST = danted apache2 cyrus + include($$dirname(_QMAKE_CONF_)/tests/auto/testserver.pri) +} diff --git a/tests/auto/network/socket/qsocks5socketengine/tst_qsocks5socketengine.cpp b/tests/auto/network/socket/qsocks5socketengine/tst_qsocks5socketengine.cpp index 1212ea20e5..464054f8a6 100644 --- a/tests/auto/network/socket/qsocks5socketengine/tst_qsocks5socketengine.cpp +++ b/tests/auto/network/socket/qsocks5socketengine/tst_qsocks5socketengine.cpp @@ -137,7 +137,13 @@ private slots: void tst_QSocks5SocketEngine::initTestCase() { +#ifdef QT_TEST_SERVER + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1080)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpServerName(), 80)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::imapServerName(), 143)); +#else QVERIFY(QtNetworkSettings::verifyTestNetworkSettings()); +#endif } //--------------------------------------------------------------------------- @@ -293,13 +299,13 @@ void tst_QSocks5SocketEngine::simpleConnectToIMAP() QVERIFY(socketDevice.initialize(QAbstractSocket::TcpSocket, QAbstractSocket::IPv4Protocol)); QCOMPARE(socketDevice.state(), QAbstractSocket::UnconnectedState); - socketDevice.setProxy(QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::serverName(), 1080)); + socketDevice.setProxy(QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::socksProxyServerName(), 1080)); - QVERIFY(!socketDevice.connectToHost(QtNetworkSettings::serverIP(), 143)); + QVERIFY(!socketDevice.connectToHost(QtNetworkSettings::imapServerIp(), 143)); QCOMPARE(socketDevice.state(), QAbstractSocket::ConnectingState); QVERIFY(socketDevice.waitForWrite()); QCOMPARE(socketDevice.state(), QAbstractSocket::ConnectedState); - QCOMPARE(socketDevice.peerAddress(), QtNetworkSettings::serverIP()); + QCOMPARE(socketDevice.peerAddress(), QtNetworkSettings::imapServerIp()); // Wait for the greeting QVERIFY(socketDevice.waitForRead()); @@ -347,10 +353,10 @@ void tst_QSocks5SocketEngine::simpleErrorsAndStates() // Initialize device QVERIFY(socketDevice.initialize(QAbstractSocket::TcpSocket, QAbstractSocket::IPv4Protocol)); - socketDevice.setProxy(QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::serverName(), 1080)); + socketDevice.setProxy(QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::socksProxyServerName(), 1080)); QCOMPARE(socketDevice.state(), QAbstractSocket::UnconnectedState); - QVERIFY(!socketDevice.connectToHost(QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first(), 8088)); + QVERIFY(!socketDevice.connectToHost(QHostInfo::fromName(QtNetworkSettings::socksProxyServerName()).addresses().first(), 8088)); QCOMPARE(socketDevice.state(), QAbstractSocket::ConnectingState); if (socketDevice.waitForWrite(15000)) { QVERIFY(socketDevice.state() == QAbstractSocket::UnconnectedState || @@ -433,7 +439,7 @@ void tst_QSocks5SocketEngine::serverTest() // Initialize a Tcp socket QVERIFY(server.initialize(QAbstractSocket::TcpSocket)); - QNetworkProxy proxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::serverName(), 1080); + QNetworkProxy proxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::socksProxyServerName(), 1080); server.setProxy(proxy); @@ -510,7 +516,7 @@ void tst_QSocks5SocketEngine::udpTest() QVERIFY(udpSocket.initialize(QAbstractSocket::UdpSocket)); QVERIFY(udpSocket.isValid()); - QNetworkProxy proxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::serverName(), 1080); + QNetworkProxy proxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::socksProxyServerName(), 1080); udpSocket.setProxy(proxy); @@ -564,7 +570,7 @@ void tst_QSocks5SocketEngine::tcpSocketBlockingTest() QTcpSocket socket; // Connect - socket.connectToHost(QtNetworkSettings::serverName(), 143); + socket.connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket.waitForConnected()); QCOMPARE(socket.state(), QTcpSocket::ConnectedState); @@ -635,7 +641,7 @@ void tst_QSocks5SocketEngine::tcpSocketNonBlockingTest() }); // Connect - socket.connectToHost(QtNetworkSettings::serverName(), 143); + socket.connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket.state() == QTcpSocket::HostLookupState || socket.state() == QTcpSocket::ConnectingState); @@ -754,13 +760,13 @@ void tst_QSocks5SocketEngine::downloadBigFile() << " (" << stopWatch.elapsed() << "ms)"; }); - socket.connectToHost(QtNetworkSettings::serverName(), 80); + socket.connectToHost(QtNetworkSettings::httpServerName(), 80); QTestEventLoop::instance().enterLoop(30); if (QTestEventLoop::instance().timeout()) QFAIL("Network operation timed out"); - QByteArray hostName = QtNetworkSettings::serverName().toLatin1(); + QByteArray hostName = QtNetworkSettings::httpServerName().toLatin1(); QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); QVERIFY(socket.write("GET /qtest/mediumfile HTTP/1.0\r\n") > 0); QVERIFY(socket.write("HOST: ") > 0); @@ -791,13 +797,13 @@ void tst_QSocks5SocketEngine::passwordAuth() QVERIFY(socketDevice.initialize(QAbstractSocket::TcpSocket, QAbstractSocket::IPv4Protocol)); QCOMPARE(socketDevice.state(), QAbstractSocket::UnconnectedState); - socketDevice.setProxy(QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::serverName(), 1080, "qsockstest", "password")); + socketDevice.setProxy(QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::socksProxyServerName(), 1080, "qsockstest", "password")); // Connect to imap.trolltech.com's IP - QVERIFY(!socketDevice.connectToHost(QtNetworkSettings::serverIP(), 143)); + QVERIFY(!socketDevice.connectToHost(QtNetworkSettings::imapServerIp(), 143)); QCOMPARE(socketDevice.state(), QAbstractSocket::ConnectingState); QVERIFY(socketDevice.waitForWrite()); - if (!socketDevice.connectToHost(QtNetworkSettings::serverIP(), 143)) { + if (!socketDevice.connectToHost(QtNetworkSettings::imapServerIp(), 143)) { qDebug("%d, %s", socketDevice.error(), socketDevice.errorString().toLatin1().constData()); } QCOMPARE(socketDevice.state(), QAbstractSocket::ConnectedState); @@ -857,19 +863,19 @@ void tst_QSocks5SocketEngine::passwordAuth2() QVERIFY(socketDevice.initialize(QAbstractSocket::TcpSocket, QAbstractSocket::IPv4Protocol)); QCOMPARE(socketDevice.state(), QAbstractSocket::UnconnectedState); - socketDevice.setProxy(QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::serverName(), 1081)); + socketDevice.setProxy(QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::socksProxyServerName(), 1081)); socketDevice.setReceiver(this); - QVERIFY(!socketDevice.connectToHost(QtNetworkSettings::serverIP(), 143)); + QVERIFY(!socketDevice.connectToHost(QtNetworkSettings::imapServerIp(), 143)); QCOMPARE(socketDevice.state(), QAbstractSocket::ConnectingState); while (socketDevice.state() == QAbstractSocket::ConnectingState) { QVERIFY(socketDevice.waitForWrite()); - socketDevice.connectToHost(QtNetworkSettings::serverIP(), 143); + socketDevice.connectToHost(QtNetworkSettings::imapServerIp(), 143); } if (socketDevice.state() != QAbstractSocket::ConnectedState) qDebug("%d, %s", socketDevice.error(), socketDevice.errorString().toLatin1().constData()); QCOMPARE(socketDevice.state(), QAbstractSocket::ConnectedState); - QCOMPARE(socketDevice.peerAddress(), QtNetworkSettings::serverIP()); + QCOMPARE(socketDevice.peerAddress(), QtNetworkSettings::imapServerIp()); // Wait for the greeting QVERIFY(socketDevice.waitForRead()); diff --git a/tests/auto/network/socket/qtcpserver/test/test.pro b/tests/auto/network/socket/qtcpserver/test/test.pro index 4491523383..ac4ed9a989 100644 --- a/tests/auto/network/socket/qtcpserver/test/test.pro +++ b/tests/auto/network/socket/qtcpserver/test/test.pro @@ -16,3 +16,9 @@ win32 { QT = core network testlib MOC_DIR=tmp + +# Only on Linux until cyrus has been added to docker-compose-for-{windows,macOS}.yml and tested +linux { + QT_TEST_SERVER_LIST = danted cyrus squid ftp-proxy + include($$dirname(_QMAKE_CONF_)/tests/auto/testserver.pri) +} diff --git a/tests/auto/network/socket/qtcpserver/tst_qtcpserver.cpp b/tests/auto/network/socket/qtcpserver/tst_qtcpserver.cpp index 161d94d642..22ac9aa076 100644 --- a/tests/auto/network/socket/qtcpserver/tst_qtcpserver.cpp +++ b/tests/auto/network/socket/qtcpserver/tst_qtcpserver.cpp @@ -160,8 +160,15 @@ void tst_QTcpServer::initTestCase_data() void tst_QTcpServer::initTestCase() { +#ifdef QT_TEST_SERVER + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1080)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3128)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::ftpProxyServerName(), 2121)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::imapServerName(), 143)); +#else if (!QtNetworkSettings::verifyTestNetworkSettings()) QSKIP("No network test server available"); +#endif #ifndef QT_NO_BEARERMANAGEMENT QNetworkConfigurationManager man; networkSession = new QNetworkSession(man.defaultConfiguration(), this); @@ -177,7 +184,7 @@ void tst_QTcpServer::init() #ifndef QT_NO_NETWORKPROXY QFETCH_GLOBAL(int, proxyType); if (proxyType == QNetworkProxy::Socks5Proxy) { - QNetworkProxy::setApplicationProxy(QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::serverName(), 1080)); + QNetworkProxy::setApplicationProxy(QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::socksProxyServerName(), 1080)); } #else // !QT_NO_NETWORKPROXY QSKIP("No proxy support"); @@ -513,7 +520,7 @@ void tst_QTcpServer::waitForConnectionTest() } QTcpSocket findLocalIpSocket; - findLocalIpSocket.connectToHost(QtNetworkSettings::serverName(), 143); + findLocalIpSocket.connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(findLocalIpSocket.waitForConnected(5000)); QTcpServer server; @@ -668,16 +675,18 @@ void tst_QTcpServer::invalidProxy_data() QTest::addColumn<int>("port"); QTest::addColumn<int>("expectedError"); - QString fluke = QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString(); - QTest::newRow("ftp-proxy") << int(QNetworkProxy::FtpCachingProxy) << fluke << 143 + const QString imapIp = QtNetworkSettings::imapServerIp().toString(); + const QString httpProxyIp = QtNetworkSettings::httpProxyServerIp().toString(); + const QString socksIp = QtNetworkSettings::socksProxyServerIp().toString(); + QTest::newRow("ftp-proxy") << int(QNetworkProxy::FtpCachingProxy) << imapIp << 143 << int(QAbstractSocket::UnsupportedSocketOperationError); - QTest::newRow("http-proxy") << int(QNetworkProxy::HttpProxy) << fluke << 3128 + QTest::newRow("http-proxy") << int(QNetworkProxy::HttpProxy) << httpProxyIp << 3128 << int(QAbstractSocket::UnsupportedSocketOperationError); QTest::newRow("no-such-host") << int(QNetworkProxy::Socks5Proxy) << "invalid.test.qt-project.org" << 1080 << int(QAbstractSocket::ProxyNotFoundError); - QTest::newRow("socks5-on-http") << int(QNetworkProxy::Socks5Proxy) << fluke << 3128 + QTest::newRow("socks5-on-http") << int(QNetworkProxy::Socks5Proxy) << httpProxyIp << 3128 << int(QAbstractSocket::SocketTimeoutError); } @@ -740,48 +749,48 @@ void tst_QTcpServer::proxyFactory_data() // tests that do get to listen - proxyList << QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::serverName(), 1080); + proxyList << QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::socksProxyServerName(), 1080); QTest::newRow("socks5") << proxyList << proxyList.at(0) << false << int(QAbstractSocket::UnknownSocketError); proxyList.clear(); - proxyList << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::serverName(), 3128) - << QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::serverName(), 1080); + proxyList << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::httpProxyServerName(), 3128) + << QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::socksProxyServerName(), 1080); QTest::newRow("cachinghttp+socks5") << proxyList << proxyList.at(1) << false << int(QAbstractSocket::UnknownSocketError); proxyList.clear(); - proxyList << QNetworkProxy(QNetworkProxy::FtpCachingProxy, QtNetworkSettings::serverName(), 2121) - << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::serverName(), 3128) - << QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::serverName(), 1080); + proxyList << QNetworkProxy(QNetworkProxy::FtpCachingProxy, QtNetworkSettings::ftpProxyServerName(), 2121) + << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::httpProxyServerName(), 3128) + << QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::socksProxyServerName(), 1080); QTest::newRow("ftp+cachinghttp+socks5") << proxyList << proxyList.at(2) << false << int(QAbstractSocket::UnknownSocketError); // tests that fail to listen proxyList.clear(); - proxyList << QNetworkProxy(QNetworkProxy::HttpProxy, QtNetworkSettings::serverName(), 3128); + proxyList << QNetworkProxy(QNetworkProxy::HttpProxy, QtNetworkSettings::httpProxyServerName(), 3128); QTest::newRow("http") << proxyList << proxyList.at(0) << true << int(QAbstractSocket::UnsupportedSocketOperationError); proxyList.clear(); - proxyList << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::serverName(), 3128); + proxyList << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::httpProxyServerName(), 3128); QTest::newRow("cachinghttp") << proxyList << QNetworkProxy() << true << int(QAbstractSocket::UnsupportedSocketOperationError); proxyList.clear(); - proxyList << QNetworkProxy(QNetworkProxy::FtpCachingProxy, QtNetworkSettings::serverName(), 2121); + proxyList << QNetworkProxy(QNetworkProxy::FtpCachingProxy, QtNetworkSettings::ftpProxyServerName(), 2121); QTest::newRow("ftp") << proxyList << QNetworkProxy() << true << int(QAbstractSocket::UnsupportedSocketOperationError); proxyList.clear(); - proxyList << QNetworkProxy(QNetworkProxy::FtpCachingProxy, QtNetworkSettings::serverName(), 2121) - << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::serverName(), 3128); + proxyList << QNetworkProxy(QNetworkProxy::FtpCachingProxy, QtNetworkSettings::ftpProxyServerName(), 2121) + << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::httpProxyServerName(), 3128); QTest::newRow("ftp+cachinghttp") << proxyList << QNetworkProxy() << true << int(QAbstractSocket::UnsupportedSocketOperationError); diff --git a/tests/auto/network/socket/qtcpsocket/stressTest/stressTest.pro b/tests/auto/network/socket/qtcpsocket/stressTest/stressTest.pro index 2eb00593e0..6afc008e7d 100644 --- a/tests/auto/network/socket/qtcpsocket/stressTest/stressTest.pro +++ b/tests/auto/network/socket/qtcpsocket/stressTest/stressTest.pro @@ -2,8 +2,7 @@ HEADERS += Test.h SOURCES += main.cpp Test.cpp QT = core network testlib -CONFIG -= app_bundle -CONFIG += console +CONFIG += cmdline DESTDIR = ./ MOC_DIR = .moc/ TMP_DIR = .tmp/ diff --git a/tests/auto/network/socket/qtcpsocket/test/test.pro b/tests/auto/network/socket/qtcpsocket/test/test.pro index 337e75b372..29d9414b03 100644 --- a/tests/auto/network/socket/qtcpsocket/test/test.pro +++ b/tests/auto/network/socket/qtcpsocket/test/test.pro @@ -15,3 +15,9 @@ win32 { } else { DESTDIR = ../ } + +# Only on Linux until cyrus has been added to docker-compose-for-{windows,macOS}.yml and tested +linux { + QT_TEST_SERVER_LIST = danted squid apache2 ftp-proxy vsftpd iptables cyrus + include($$dirname(_QMAKE_CONF_)/tests/auto/testserver.pri) +} diff --git a/tests/auto/network/socket/qtcpsocket/tst_qtcpsocket.cpp b/tests/auto/network/socket/qtcpsocket/tst_qtcpsocket.cpp index 263a475435..abe9845213 100644 --- a/tests/auto/network/socket/qtcpsocket/tst_qtcpsocket.cpp +++ b/tests/auto/network/socket/qtcpsocket/tst_qtcpsocket.cpp @@ -317,7 +317,7 @@ tst_QTcpSocket::tst_QTcpSocket() connect(earlyConstructedSockets->endPoints[1], SIGNAL(bytesWritten(qint64)), this, SLOT(earlySocketBytesSent(qint64))); earlyConstructedSockets->endPoints[1]->write("hello work"); - firstFailInfo.setAddresses(QList<QHostAddress>() << QHostAddress("224.0.0.0") << QtNetworkSettings::serverIP()); + firstFailInfo.setAddresses(QList<QHostAddress>() << QHostAddress("224.0.0.0") << QtNetworkSettings::httpServerIp()); } void tst_QTcpSocket::initTestCase_data() @@ -326,7 +326,6 @@ void tst_QTcpSocket::initTestCase_data() QTest::addColumn<int>("proxyType"); QTest::addColumn<bool>("ssl"); - qDebug() << QtNetworkSettings::serverName(); QTest::newRow("WithoutProxy") << false << 0 << false; //QTest::newRow("WithSocks5Proxy") << true << int(Socks5Proxy) << false; ### temporarily disabled, QTBUG-38385 //QTest::newRow("WithSocks5ProxyAuth") << true << int(Socks5Proxy | AuthBasic) << false; ### temporarily disabled, QTBUG-38385 @@ -352,7 +351,17 @@ void tst_QTcpSocket::initTestCase_data() void tst_QTcpSocket::initTestCase() { +#ifdef QT_TEST_SERVER + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpServerName(), 80)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3128)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::imapServerName(), 143)); + //QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::firewallServerName(), 1357)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1080)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::ftpServerName(), 21)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::ftpProxyServerName(), 2121)); +#else QVERIFY(QtNetworkSettings::verifyTestNetworkSettings()); +#endif } void tst_QTcpSocket::init() @@ -361,30 +370,33 @@ void tst_QTcpSocket::init() if (setProxy) { #ifndef QT_NO_NETWORKPROXY QFETCH_GLOBAL(int, proxyType); - QList<QHostAddress> addresses = QHostInfo::fromName(QtNetworkSettings::serverName()).addresses(); - QVERIFY2(addresses.count() > 0, "failed to get ip address for test server"); - QString fluke = addresses.first().toString(); + QList<QHostAddress> socks5Addresses = QHostInfo::fromName(QtNetworkSettings::socksProxyServerName()).addresses(); + QList<QHostAddress> httpProxyAddresses = QHostInfo::fromName(QtNetworkSettings::httpProxyServerName()).addresses(); + QVERIFY2(socks5Addresses.count() > 0, "failed to get ip address for SOCKS5 proxy server"); + QVERIFY2(httpProxyAddresses.count() > 0, "failed to get ip address for HTTP proxy server"); + QString socks5Address = socks5Addresses.first().toString(); + QString httpProxyAddress = httpProxyAddresses.first().toString(); QNetworkProxy proxy; switch (proxyType) { case Socks5Proxy: - proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, fluke, 1080); + proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, socks5Address, 1080); break; case Socks5Proxy | AuthBasic: - proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, fluke, 1081); + proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, socks5Address, 1081); break; case HttpProxy | NoAuth: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3128); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, httpProxyAddress, 3128); break; case HttpProxy | AuthBasic: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3129); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, httpProxyAddress, 3129); break; case HttpProxy | AuthNtlm: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3130); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, httpProxyAddress, 3130); break; } QNetworkProxy::setApplicationProxy(proxy); @@ -644,8 +656,8 @@ void tst_QTcpSocket::bind() void tst_QTcpSocket::bindThenResolveHost_data() { QTest::addColumn<QString>("hostName"); - QTest::newRow("ip-literal") << QtNetworkSettings::serverIP().toString(); - QTest::newRow("name") << QtNetworkSettings::serverName(); + QTest::newRow("ip-literal") << QtNetworkSettings::httpServerIp().toString(); + QTest::newRow("name") << QtNetworkSettings::httpServerName(); QTest::newRow("first-fail") << firstFailName; } @@ -715,7 +727,7 @@ void tst_QTcpSocket::setSocketDescriptor() #ifdef Q_OS_WIN // need the dummy to ensure winsock is started QTcpSocket *dummy = newSocket(); - dummy->connectToHost(QtNetworkSettings::serverName(), 143); + dummy->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(dummy->waitForConnected()); SOCKET sock = ::socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); @@ -737,7 +749,7 @@ void tst_QTcpSocket::setSocketDescriptor() QCOMPARE(socket->socketDescriptor(), (qintptr)sock); qt_qhostinfo_clear_cache(); //avoid the HostLookupState being skipped due to address being in cache from previous test. - socket->connectToHost(QtNetworkSettings::serverName(), 80); + socket->connectToHost(QtNetworkSettings::httpServerName(), 80); QCOMPARE(socket->state(), QTcpSocket::HostLookupState); QCOMPARE(socket->socketDescriptor(), (qintptr)sock); QVERIFY(socket->waitForConnected(10000)); @@ -758,7 +770,7 @@ void tst_QTcpSocket::socketDescriptor() QTcpSocket *socket = newSocket(); QCOMPARE(socket->socketDescriptor(), (qintptr)-1); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket->state() == QAbstractSocket::HostLookupState || socket->state() == QAbstractSocket::ConnectingState); QVERIFY(socket->waitForConnected(10000)); @@ -775,7 +787,7 @@ void tst_QTcpSocket::blockingIMAP() QTcpSocket *socket = newSocket(); // Connect - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket->waitForConnected(10000)); QCOMPARE(socket->state(), QTcpSocket::ConnectedState); QVERIFY(socket->isValid()); @@ -852,6 +864,14 @@ void tst_QTcpSocket::hostNotFound() socket->connectToHost("nosuchserver.qt-project.org", 80); QVERIFY(!socket->waitForConnected()); QCOMPARE(socket->state(), QTcpSocket::UnconnectedState); +#ifdef QT_TEST_SERVER + QFETCH_GLOBAL(bool, setProxy); + if (setProxy) { + QEXPECT_FAIL("", "QTBUG-73953: The version of Squid in the docker container behaves " + "differently to the one in the network testing server, returning 503 " + "when we expect 404", Continue); + } +#endif QCOMPARE(int(socket->error()), int(QTcpSocket::HostNotFoundError)); delete socket; @@ -861,8 +881,8 @@ void tst_QTcpSocket::hostNotFound() void tst_QTcpSocket::timeoutConnect_data() { QTest::addColumn<QString>("address"); - QTest::newRow("host") << QtNetworkSettings::serverName(); - QTest::newRow("ip") << QtNetworkSettings::serverIP().toString(); + QTest::newRow("host") << QtNetworkSettings::firewallServerName(); + QTest::newRow("ip") << QtNetworkSettings::firewallServerIp().toString(); } void tst_QTcpSocket::timeoutConnect() @@ -910,7 +930,7 @@ void tst_QTcpSocket::nonBlockingIMAP() nonBlockingIMAP_socket = socket; // Connect - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket->state() == QTcpSocket::HostLookupState || socket->state() == QTcpSocket::ConnectingState); @@ -1036,7 +1056,7 @@ void tst_QTcpSocket::delayedClose() connect(socket, SIGNAL(connected()), SLOT(nonBlockingIMAP_connected())); connect(socket, SIGNAL(disconnected()), SLOT(exitLoopSlot())); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); enterLoop(30); if (timeout()) @@ -1082,7 +1102,7 @@ QByteArray tst_QTcpSocket::expectedReplyIMAP() void tst_QTcpSocket::fetchExpectedReplyIMAP() { QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY2(socket->waitForConnected(10000), qPrintable(socket->errorString())); QVERIFY2(socket->state() == QTcpSocket::ConnectedState, qPrintable(socket->errorString())); @@ -1101,7 +1121,7 @@ void tst_QTcpSocket::fetchExpectedReplyIMAP() void tst_QTcpSocket::partialRead() { QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket->waitForConnected(10000)); QCOMPARE(socket->state(), QTcpSocket::ConnectedState); char buf[512]; @@ -1125,7 +1145,7 @@ void tst_QTcpSocket::partialRead() void tst_QTcpSocket::unget() { QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket->waitForConnected(10000)); QCOMPARE(socket->state(), QTcpSocket::ConnectedState); char buf[512]; @@ -1162,7 +1182,7 @@ void tst_QTcpSocket::readRegularFile_readyRead() void tst_QTcpSocket::readAllAfterClose() { QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); connect(socket, SIGNAL(readyRead()), SLOT(readRegularFile_readyRead())); enterLoop(10); if (timeout()) @@ -1202,7 +1222,7 @@ void tst_QTcpSocket::openCloseOpenClose() QCOMPARE(socket->state(), QTcpSocket::UnconnectedState); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket->waitForConnected(10000)); socket->close(); } @@ -1225,7 +1245,7 @@ void tst_QTcpSocket::connectDisconnectConnectDisconnect() QCOMPARE(int(socket->peerPort()), 0); QCOMPARE(socket->peerAddress(), QHostAddress()); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket->waitForReadyRead(10000)); QCOMPARE(QString::fromLatin1(socket->read(4)), QString("* OK")); @@ -1429,7 +1449,7 @@ void tst_QTcpSocket::disconnectWhileLookingUp() // just connect and disconnect, then make sure nothing weird happened QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 21); + socket->connectToHost(QtNetworkSettings::ftpServerName(), 21); // check that connect is in progress QVERIFY(socket->state() != QAbstractSocket::UnconnectedState); @@ -1477,7 +1497,7 @@ void tst_QTcpSocket::downloadBigFile() connect(tmpSocket, SIGNAL(readyRead()), SLOT(downloadBigFileSlot())); connect(tmpSocket, SIGNAL(disconnected()), SLOT(exitLoopSlot())); - tmpSocket->connectToHost(QtNetworkSettings::serverName(), 80); + tmpSocket->connectToHost(QtNetworkSettings::httpServerName(), 80); enterLoop(30); if (timeout()) { @@ -1486,7 +1506,7 @@ void tst_QTcpSocket::downloadBigFile() QFAIL("Network operation timed out"); } - QByteArray hostName = QtNetworkSettings::serverName().toLatin1(); + QByteArray hostName = QtNetworkSettings::httpServerName().toLatin1(); QCOMPARE(tmpSocket->state(), QAbstractSocket::ConnectedState); QVERIFY(tmpSocket->write("GET /qtest/mediumfile HTTP/1.0\r\n") > 0); QVERIFY(tmpSocket->write("HOST: ") > 0); @@ -1552,7 +1572,7 @@ void tst_QTcpSocket::downloadBigFileSlot() void tst_QTcpSocket::readLine() { QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket->waitForConnected(5000)); while (!socket->canReadLine()) @@ -1601,7 +1621,7 @@ void tst_QTcpSocket::readLine() void tst_QTcpSocket::readLineString() { QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket->waitForReadyRead(10000)); QByteArray arr = socket->readLine(); @@ -1614,7 +1634,7 @@ void tst_QTcpSocket::readLineString() void tst_QTcpSocket::readChunks() { QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket->waitForConnected(10000)); QVERIFY(socket->waitForReadyRead(5000)); @@ -1634,7 +1654,7 @@ void tst_QTcpSocket::readChunks() void tst_QTcpSocket::waitForBytesWritten() { QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 80); + socket->connectToHost(QtNetworkSettings::httpServerName(), 80); QVERIFY(socket->waitForConnected(10000)); socket->write("GET / HTTP/1.0\r\n\r\n"); @@ -1652,7 +1672,7 @@ void tst_QTcpSocket::waitForBytesWrittenMinusOne() QSKIP("QTBUG-24451 - indefinite wait may hang"); #endif QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 80); + socket->connectToHost(QtNetworkSettings::httpServerName(), 80); QVERIFY(socket->waitForConnected(10000)); socket->write("GET / HTTP/1.0\r\n\r\n"); @@ -1667,7 +1687,7 @@ void tst_QTcpSocket::waitForBytesWrittenMinusOne() void tst_QTcpSocket::waitForReadyRead() { QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 80); + socket->connectToHost(QtNetworkSettings::httpServerName(), 80); socket->write("GET / HTTP/1.0\r\n\r\n"); QVERIFY(socket->waitForReadyRead(5000)); delete socket; @@ -1680,7 +1700,7 @@ void tst_QTcpSocket::waitForReadyReadMinusOne() QSKIP("QTBUG-24451 - indefinite wait may hang"); #endif QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 80); + socket->connectToHost(QtNetworkSettings::httpServerName(), 80); socket->write("GET / HTTP/1.0\r\n\r\n"); QVERIFY(socket->waitForReadyRead(-1)); delete socket; @@ -1693,7 +1713,7 @@ void tst_QTcpSocket::flush() socket->flush(); connect(socket, SIGNAL(connected()), SLOT(exitLoopSlot())); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); enterLoop(60); QVERIFY(socket->isOpen()); @@ -1710,7 +1730,7 @@ void tst_QTcpSocket::flush() void tst_QTcpSocket::synchronousApi() { QTcpSocket *ftpSocket = newSocket(); - ftpSocket->connectToHost(QtNetworkSettings::serverName(), 21); + ftpSocket->connectToHost(QtNetworkSettings::ftpServerName(), 21); ftpSocket->write("QUIT\r\n"); QVERIFY(ftpSocket->waitForDisconnected(10000)); QVERIFY(ftpSocket->bytesAvailable() > 0); @@ -1757,10 +1777,10 @@ void tst_QTcpSocket::recursiveReadyRead() QSignalSpy spy(testSocket, SIGNAL(readyRead())); - testSocket->connectToHost(QtNetworkSettings::serverName(), 143); + testSocket->connectToHost(QtNetworkSettings::imapServerName(), 143); enterLoop(30); QVERIFY2(!timeout(), - "Timed out when connecting to QtNetworkSettings::serverName()."); + "Timed out when connecting to QtNetworkSettings::imapServerName()."); enterLoop(30); QVERIFY2(!timeout(), @@ -1794,7 +1814,7 @@ void tst_QTcpSocket::recursiveReadyReadSlot() void tst_QTcpSocket::atEnd() { QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 21); + socket->connectToHost(QtNetworkSettings::ftpServerName(), 21); QVERIFY(socket->waitForReadyRead(15000)); QTextStream stream(socket); @@ -1802,9 +1822,15 @@ void tst_QTcpSocket::atEnd() QString greeting = stream.readLine(); QVERIFY(stream.atEnd()); +#ifdef QT_TEST_SERVER + // Test server must use some vsFTPd 3.x.x version + QVERIFY2(greeting.length() == sizeof("220 (vsFTPd 3.x.x)")-1, qPrintable(greeting)); + QVERIFY2(greeting.startsWith("220 (vsFTPd 3."), qPrintable(greeting)); +#else // Test server must use some vsFTPd 2.x.x version QVERIFY2(greeting.length() == sizeof("220 (vsFTPd 2.x.x)")-1, qPrintable(greeting)); QVERIFY2(greeting.startsWith("220 (vsFTPd 2."), qPrintable(greeting)); +#endif QVERIFY2(greeting.endsWith(QLatin1Char(')')), qPrintable(greeting)); delete socket; @@ -1835,7 +1861,7 @@ protected: connect(socket, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)), SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)), Qt::DirectConnection); - socket->connectToHost(QtNetworkSettings::serverName(), 21); + socket->connectToHost(QtNetworkSettings::ftpServerName(), 21); socket->write("QUIT\r\n"); exec(); @@ -1909,7 +1935,7 @@ void tst_QTcpSocket::waitForReadyReadInASlot() tmpSocket = socket; connect(socket, SIGNAL(connected()), this, SLOT(waitForReadyReadInASlotSlot())); - socket->connectToHost(QtNetworkSettings::serverName(), 80); + socket->connectToHost(QtNetworkSettings::httpServerName(), 80); socket->write("GET / HTTP/1.0\r\n\r\n"); enterLoop(30); @@ -2073,7 +2099,7 @@ void tst_QTcpSocket::waitForConnectedInHostLookupSlot() timer.start(15000); connect(tmpSocket, SIGNAL(hostFound()), this, SLOT(hostLookupSlot())); - tmpSocket->connectToHost(QtNetworkSettings::serverName(), 143); + tmpSocket->connectToHost(QtNetworkSettings::imapServerName(), 143); // only execute the loop if not already connected if (tmpSocket->state() != QAbstractSocket::ConnectedState) @@ -2128,7 +2154,7 @@ public slots: inline void doIt() { attemptedToConnect = true; - sock->connectToHost(QtNetworkSettings::serverName(), 80); + sock->connectToHost(QtNetworkSettings::httpServerName(), 80); #if defined(Q_OS_MAC) pthread_yield_np(); @@ -2179,7 +2205,7 @@ void tst_QTcpSocket::readyReadSignalsAfterWaitForReadyRead() QSignalSpy readyReadSpy(socket, SIGNAL(readyRead())); // Connect - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); // Wait for the read QVERIFY(socket->waitForReadyRead(10000)); @@ -2315,7 +2341,7 @@ void tst_QTcpSocket::localAddressEmptyOnBSD() void tst_QTcpSocket::zeroAndMinusOneReturns() { QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 80); + socket->connectToHost(QtNetworkSettings::httpServerName(), 80); socket->write("GET / HTTP/1.0\r\nConnection: keep-alive\r\n\r\n"); QVERIFY(socket->waitForReadyRead(15000)); @@ -2376,7 +2402,7 @@ void tst_QTcpSocket::connectionRefused() connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), &QTestEventLoop::instance(), SLOT(exitLoop())); - socket->connectToHost(QtNetworkSettings::serverName(), 144); + socket->connectToHost(QtNetworkSettings::httpServerName(), 144); enterLoop(10); disconnect(socket, SIGNAL(error(QAbstractSocket::SocketError)), @@ -2429,7 +2455,17 @@ void tst_QTcpSocket::suddenRemoteDisconnect() QString::fromLatin1("Could not start %1: %2").arg(processExe, serverProcess.errorString()))); while (!serverProcess.canReadLine()) QVERIFY(serverProcess.waitForReadyRead(10000)); - QCOMPARE(serverProcess.readLine().data(), QByteArray(server.toLatin1() + "\n").data()); + + QByteArray line = serverProcess.readLine(); + + // Ignore following print, happens on Qemu: + if (line == "getsockopt level=41 optname=26 not yet supported\n") { + while (!serverProcess.canReadLine()) + QVERIFY(serverProcess.waitForReadyRead(10000)); + line = serverProcess.readLine(); + } + + QCOMPARE(line.data(), QByteArray(server.toLatin1() + "\n").data()); // Start client QProcess clientProcess; @@ -2513,7 +2549,7 @@ void tst_QTcpSocket::moveToThread0() { // Case 1: Moved after connecting, before waiting for connection. QTcpSocket *socket = newSocket();; - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); socket->moveToThread(0); QVERIFY(socket->waitForConnected(5000)); socket->write("XXX LOGOUT\r\n"); @@ -2525,7 +2561,7 @@ void tst_QTcpSocket::moveToThread0() // Case 2: Moved before connecting QTcpSocket *socket = newSocket(); socket->moveToThread(0); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket->waitForConnected(5000)); socket->write("XXX LOGOUT\r\n"); QVERIFY(socket->waitForBytesWritten(5000)); @@ -2535,7 +2571,7 @@ void tst_QTcpSocket::moveToThread0() { // Case 3: Moved after writing, while waiting for bytes to be written. QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket->waitForConnected(5000)); socket->write("XXX LOGOUT\r\n"); socket->moveToThread(0); @@ -2546,7 +2582,7 @@ void tst_QTcpSocket::moveToThread0() { // Case 4: Moved after writing, while waiting for response. QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 143); + socket->connectToHost(QtNetworkSettings::imapServerName(), 143); QVERIFY(socket->waitForConnected(5000)); socket->write("XXX LOGOUT\r\n"); QVERIFY(socket->waitForBytesWritten(5000)); @@ -2677,7 +2713,7 @@ void tst_QTcpSocket::taskQtBug5799ConnectionErrorWaitForConnected() // use waitForConnected, e.g. this should use a synchronous select() on the OS level QTcpSocket socket; - socket.connectToHost(QtNetworkSettings::serverName(), 12346); + socket.connectToHost(QtNetworkSettings::httpServerName(), 12346); QTime timer; timer.start(); socket.waitForConnected(10000); @@ -2697,7 +2733,7 @@ void tst_QTcpSocket::taskQtBug5799ConnectionErrorEventLoop() // This testcase uses an event loop QTcpSocket socket; connect(&socket, SIGNAL(error(QAbstractSocket::SocketError)), &QTestEventLoop::instance(), SLOT(exitLoop())); - socket.connectToHost(QtNetworkSettings::serverName(), 12346); + socket.connectToHost(QtNetworkSettings::httpServerName(), 12346); QTestEventLoop::instance().enterLoop(10); QVERIFY2(!QTestEventLoop::instance().timeout(), "Connection to closed port timed out instead of refusing, something is wrong"); @@ -2710,7 +2746,7 @@ void tst_QTcpSocket::taskQtBug7054TimeoutErrorResetting() { QTcpSocket *socket = newSocket(); - socket->connectToHost(QtNetworkSettings::serverName(), 443); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QVERIFY(socket->waitForConnected(5*1000)); QCOMPARE(socket->error(), QAbstractSocket::UnknownSocketError); @@ -2739,10 +2775,12 @@ void tst_QTcpSocket::invalidProxy_data() QTest::addColumn<bool>("failsAtConnect"); QTest::addColumn<int>("expectedError"); - QString fluke = QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString(); - QTest::newRow("ftp-proxy") << int(QNetworkProxy::FtpCachingProxy) << fluke << 21 << true + const QString ftpAddress = QtNetworkSettings::ftpServerIp().toString(); + const QString httpProxyAddress = QtNetworkSettings::httpProxyServerIp().toString(); + const QString socksProxyAddress = QtNetworkSettings::socksProxyServerIp().toString(); + QTest::newRow("ftp-proxy") << int(QNetworkProxy::FtpCachingProxy) << ftpAddress << 21 << true << int(QAbstractSocket::UnsupportedSocketOperationError); - QTest::newRow("http-caching-proxy") << int(QNetworkProxy::HttpCachingProxy) << fluke << 3128 << true + QTest::newRow("http-caching-proxy") << int(QNetworkProxy::HttpCachingProxy) << httpProxyAddress << 3128 << true << int(QAbstractSocket::UnsupportedSocketOperationError); QTest::newRow("no-such-host-socks5") << int(QNetworkProxy::Socks5Proxy) << "this-host-will-never-exist.qt-project.org" << 1080 << false @@ -2750,9 +2788,9 @@ void tst_QTcpSocket::invalidProxy_data() QTest::newRow("no-such-host-http") << int(QNetworkProxy::HttpProxy) << "this-host-will-never-exist.qt-project.org" << 3128 << false << int(QAbstractSocket::ProxyNotFoundError); - QTest::newRow("http-on-socks5") << int(QNetworkProxy::HttpProxy) << fluke << 1080 << false + QTest::newRow("http-on-socks5") << int(QNetworkProxy::HttpProxy) << socksProxyAddress << 1080 << false << int(QAbstractSocket::ProxyConnectionClosedError); - QTest::newRow("socks5-on-http") << int(QNetworkProxy::Socks5Proxy) << fluke << 3128 << false + QTest::newRow("socks5-on-http") << int(QNetworkProxy::Socks5Proxy) << httpProxyAddress << 3128 << false << int(QAbstractSocket::SocketTimeoutError); } @@ -2771,7 +2809,7 @@ void tst_QTcpSocket::invalidProxy() QTcpSocket *socket = newSocket(); socket->setProxy(proxy); - socket->connectToHost(QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString(), 80); + socket->connectToHost(QtNetworkSettings::httpServerIp().toString(), 80); if (failsAtConnect) { QCOMPARE(socket->state(), QAbstractSocket::UnconnectedState); @@ -2823,48 +2861,48 @@ void tst_QTcpSocket::proxyFactory_data() // tests that do connect - proxyList << QNetworkProxy(QNetworkProxy::HttpProxy, QtNetworkSettings::serverName(), 3129); + proxyList << QNetworkProxy(QNetworkProxy::HttpProxy, QtNetworkSettings::httpProxyServerName(), 3129); QTest::newRow("http") << proxyList << proxyList.at(0) << false << int(QAbstractSocket::UnknownSocketError); proxyList.clear(); - proxyList << QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::serverName(), 1081); + proxyList << QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::socksProxyServerName(), 1081); QTest::newRow("socks5") << proxyList << proxyList.at(0) << false << int(QAbstractSocket::UnknownSocketError); proxyList.clear(); - proxyList << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::serverName(), 3129) - << QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::serverName(), 1081); + proxyList << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::httpProxyServerName(), 3129) + << QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::socksProxyServerName(), 1081); QTest::newRow("cachinghttp+socks5") << proxyList << proxyList.at(1) << false << int(QAbstractSocket::UnknownSocketError); proxyList.clear(); - proxyList << QNetworkProxy(QNetworkProxy::FtpCachingProxy, QtNetworkSettings::serverName(), 2121) - << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::serverName(), 3129) - << QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::serverName(), 1081); + proxyList << QNetworkProxy(QNetworkProxy::FtpCachingProxy, QtNetworkSettings::ftpProxyServerName(), 2121) + << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::httpProxyServerName(), 3129) + << QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::socksProxyServerName(), 1081); QTest::newRow("ftp+cachinghttp+socks5") << proxyList << proxyList.at(2) << false << int(QAbstractSocket::UnknownSocketError); // tests that fail to connect proxyList.clear(); - proxyList << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::serverName(), 3129); + proxyList << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::httpProxyServerName(), 3129); QTest::newRow("cachinghttp") << proxyList << QNetworkProxy() << true << int(QAbstractSocket::UnsupportedSocketOperationError); proxyList.clear(); - proxyList << QNetworkProxy(QNetworkProxy::FtpCachingProxy, QtNetworkSettings::serverName(), 2121); + proxyList << QNetworkProxy(QNetworkProxy::FtpCachingProxy, QtNetworkSettings::ftpProxyServerName(), 2121); QTest::newRow("ftp") << proxyList << QNetworkProxy() << true << int(QAbstractSocket::UnsupportedSocketOperationError); proxyList.clear(); - proxyList << QNetworkProxy(QNetworkProxy::FtpCachingProxy, QtNetworkSettings::serverName(), 2121) - << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::serverName(), 3129); + proxyList << QNetworkProxy(QNetworkProxy::FtpCachingProxy, QtNetworkSettings::ftpProxyServerName(), 2121) + << QNetworkProxy(QNetworkProxy::HttpCachingProxy, QtNetworkSettings::httpProxyServerName(), 3129); QTest::newRow("ftp+cachinghttp") << proxyList << QNetworkProxy() << true << int(QAbstractSocket::UnsupportedSocketOperationError); @@ -2885,7 +2923,7 @@ void tst_QTcpSocket::proxyFactory() QNetworkProxyFactory::setApplicationProxyFactory(factory); QTcpSocket *socket = newSocket(); - QString host = QtNetworkSettings::serverName(); + QString host = QtNetworkSettings::httpServerName(); socket->connectToHost(host, 80); // Verify that the factory was called properly diff --git a/tests/auto/network/socket/qudpsocket/clientserver/clientserver.pro b/tests/auto/network/socket/qudpsocket/clientserver/clientserver.pro index a1b0021232..83a31b11e9 100644 --- a/tests/auto/network/socket/qudpsocket/clientserver/clientserver.pro +++ b/tests/auto/network/socket/qudpsocket/clientserver/clientserver.pro @@ -1,6 +1,5 @@ QT = core network SOURCES += main.cpp -CONFIG += console -CONFIG -= app_bundle +CONFIG += cmdline TARGET = clientserver DESTDIR = ./ diff --git a/tests/auto/network/socket/qudpsocket/test/test.pro b/tests/auto/network/socket/qudpsocket/test/test.pro index e856776ddc..0fdb97ba27 100644 --- a/tests/auto/network/socket/qudpsocket/test/test.pro +++ b/tests/auto/network/socket/qudpsocket/test/test.pro @@ -17,3 +17,9 @@ win32 { } TARGET = tst_qudpsocket + +# Only on Linux until 'echo' has been added to docker-compose-for-{windows,macOS}.yml and tested +linux { + QT_TEST_SERVER_LIST = danted echo + include($$dirname(_QMAKE_CONF_)/tests/auto/testserver.pri) +} diff --git a/tests/auto/network/socket/qudpsocket/tst_qudpsocket.cpp b/tests/auto/network/socket/qudpsocket/tst_qudpsocket.cpp index 8ebb27e58c..a4b22cb000 100644 --- a/tests/auto/network/socket/qudpsocket/tst_qudpsocket.cpp +++ b/tests/auto/network/socket/qudpsocket/tst_qudpsocket.cpp @@ -235,6 +235,7 @@ void tst_QUdpSocket::initTestCase_data() // hack: we only enable the Socks5 over UDP tests on the old // test server, because they fail on the new one. See QTBUG-35490 bool newTestServer = true; +#ifndef QT_TEST_SERVER QTcpSocket socket; socket.connectToHost(QtNetworkSettings::serverName(), 22); if (socket.waitForConnected(10000)) { @@ -244,6 +245,7 @@ void tst_QUdpSocket::initTestCase_data() newTestServer = false; socket.disconnectFromHost(); } +#endif QTest::addColumn<bool>("setProxy"); QTest::addColumn<int>("proxyType"); @@ -257,8 +259,13 @@ void tst_QUdpSocket::initTestCase_data() void tst_QUdpSocket::initTestCase() { +#ifdef QT_TEST_SERVER + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1080)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::echoServerName(), 7)); +#else if (!QtNetworkSettings::verifyTestNetworkSettings()) QSKIP("No network test server available"); +#endif allAddresses = QNetworkInterface::allAddresses(); m_skipUnsupportedIPv6Tests = shouldSkipIpv6TestsForBrokenSetsockopt(); @@ -300,7 +307,7 @@ void tst_QUdpSocket::init() #if QT_CONFIG(socks5) QFETCH_GLOBAL(int, proxyType); if (proxyType == QNetworkProxy::Socks5Proxy) { - QNetworkProxy::setApplicationProxy(QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::serverName(), 1080)); + QNetworkProxy::setApplicationProxy(QNetworkProxy(QNetworkProxy::Socks5Proxy, QtNetworkSettings::socksProxyServerName(), 1080)); } #else QSKIP("No proxy support"); @@ -981,7 +988,7 @@ void tst_QUdpSocket::writeDatagramToNonExistingPeer_data() QTest::addColumn<bool>("bind"); QTest::addColumn<QHostAddress>("peerAddress"); QHostAddress localhost(QHostAddress::LocalHost); - QList<QHostAddress> serverAddresses(QHostInfo::fromName(QtNetworkSettings::serverName()).addresses()); + QList<QHostAddress> serverAddresses(QHostInfo::fromName(QtNetworkSettings::socksProxyServerName()).addresses()); if (serverAddresses.isEmpty()) return; @@ -995,7 +1002,7 @@ void tst_QUdpSocket::writeDatagramToNonExistingPeer_data() void tst_QUdpSocket::writeDatagramToNonExistingPeer() { - if (QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().isEmpty()) + if (QHostInfo::fromName(QtNetworkSettings::socksProxyServerName()).addresses().isEmpty()) QFAIL("Could not find test server address"); QFETCH(bool, bind); QFETCH(QHostAddress, peerAddress); @@ -1015,7 +1022,7 @@ void tst_QUdpSocket::writeToNonExistingPeer_data() { QTest::addColumn<QHostAddress>("peerAddress"); QHostAddress localhost(QHostAddress::LocalHost); - QList<QHostAddress> serverAddresses(QHostInfo::fromName(QtNetworkSettings::serverName()).addresses()); + QList<QHostAddress> serverAddresses(QHostInfo::fromName(QtNetworkSettings::socksProxyServerName()).addresses()); if (serverAddresses.isEmpty()) return; @@ -1028,7 +1035,7 @@ void tst_QUdpSocket::writeToNonExistingPeer_data() void tst_QUdpSocket::writeToNonExistingPeer() { QSKIP("Connected-mode UDP sockets and their behaviour are erratic"); - if (QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().isEmpty()) + if (QHostInfo::fromName(QtNetworkSettings::socksProxyServerName()).addresses().isEmpty()) QFAIL("Could not find test server address"); QFETCH(QHostAddress, peerAddress); quint16 peerPort = 34534; @@ -1551,7 +1558,7 @@ void tst_QUdpSocket::echo_data() void tst_QUdpSocket::echo() { QFETCH(bool, connect); - QHostInfo info = QHostInfo::fromName(QtNetworkSettings::serverName()); + QHostInfo info = QHostInfo::fromName(QtNetworkSettings::echoServerName()); QVERIFY(info.addresses().count()); QHostAddress remote = info.addresses().first(); @@ -1640,15 +1647,14 @@ void tst_QUdpSocket::linkLocalIPv6() sockets << s; } - QUdpSocket neutral; - QVERIFY(neutral.bind(QHostAddress(QHostAddress::AnyIPv6))); - QSignalSpy neutralReadSpy(&neutral, SIGNAL(readyRead())); - QByteArray testData("hello"); foreach (QUdpSocket *s, sockets) { + QUdpSocket neutral; + QVERIFY(neutral.bind(QHostAddress(QHostAddress::AnyIPv6))); + QSignalSpy neutralReadSpy(&neutral, SIGNAL(readyRead())); + QSignalSpy spy(s, SIGNAL(readyRead())); - neutralReadSpy.clear(); QVERIFY(s->writeDatagram(testData, s->localAddress(), neutral.localPort())); QTRY_VERIFY(neutralReadSpy.count() > 0); //note may need to accept a firewall prompt diff --git a/tests/auto/network/socket/qudpsocket/udpServer/udpServer.pro b/tests/auto/network/socket/qudpsocket/udpServer/udpServer.pro index cf707aa14a..c8f9ebf648 100644 --- a/tests/auto/network/socket/qudpsocket/udpServer/udpServer.pro +++ b/tests/auto/network/socket/qudpsocket/udpServer/udpServer.pro @@ -1,5 +1,3 @@ SOURCES += main.cpp QT = core network -CONFIG -= app_bundle -CONFIG += console - +CONFIG += cmdline diff --git a/tests/auto/network/ssl/qocsp/certs/alice.crt b/tests/auto/network/ssl/qocsp/certs/alice.crt new file mode 100644 index 0000000000..02df86a517 --- /dev/null +++ b/tests/auto/network/ssl/qocsp/certs/alice.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEGDCCAwCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCTk8x +DTALBgNVBAgMBE9zbG8xEjAQBgNVBAcMCU9zbG8gQ2l0eTETMBEGA1UECgwKVGhl +IFF0IENBMTENMAsGA1UECwwEUVRDTjERMA8GA1UEAwwIY2ExcXQuaW8xJTAjBgkq +hkiG9w0BCQEWFnRpbXVyLnBvY2hlcHRzb3ZAcXQuaW8wHhcNMTgxMTIyMTEwNjE4 +WhcNMjgxMTE5MTEwNjE4WjCBkjELMAkGA1UEBhMCTk8xDTALBgNVBAgMBE9zbG8x +EjAQBgNVBAcMCU9zbG8gQ2l0eTEdMBsGA1UECgwUVGhlIEZhbW91cyBBbGljZSBM +dGQxDTALBgNVBAsMBEdPQUExEjAQBgNVBAMMCWFsaWNlLm9yZzEeMBwGCSqGSIb3 +DQEJARYPYWxpY2VAYWxpY2Uub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAtuGDR9oIEkK57xlxq/xc3u7B1ni4pdoyhf9r+pkgmu591qp2kl3Xcq3W +Ve5Z553orAUCAExPlKfFV+CYYAedSgsDYlKk8DN+f/n+hkG6Wl2qyFzHgl+mvPwa +eDqdVMIcDHGhSljALi9AqsN4lbrUhSxiyuPhAwl82WB0EIucmBs1NxSSZgFPRBLG +Uzy9WvtQFq1qtn795PVIUsNg68qZQ9BvRduOQAr3bg3anoYqytthWnzLWKri2QR4 +Z4Y0mvcbT/PZwhtcFZzDXG3Hvc7k3AroAbWoSghMEgok9TW9grKYkW2d5cpQTP+l +ptkB6yZ06MY9/uCdYzhm8eu2RgVndwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG +SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E +FgQUQz2PuE4VuqHtZYTvVLr4+0IuHTUwHwYDVR0jBBgwFoAUeBcnAkU7sTqm7i2Q +vTxwgr0nQ0QwDQYJKoZIhvcNAQELBQADggEBABGGmo1vUAXKQm9kowvUtjDpEIIY +TpT+KqiUBOgJg5fGn6a63vBn5GMA6eT948ywi9ZU2M9dIXJCM+bdqjXeOtt4bBPZ +xz6DcBPW9CoTR4CV1muNa95WIXzAHatq3XYG041ddMf41WG7QIdQsojBYEG0IYlv +PQx+B+m2cu7A04aI2tCS8aUh7Xc9wRilJ+h/FlYFFQzgyEKsd7CFgkyxG/sLyFNH +skYYk/DLlmaWa+YScHYB5kAk8StoETeMI2LLs7rgJmchi8eAxjLroYDUhQclUjqz +vlNM+4GvcF5RluyuEXFOZVdmQahkXcyu0Q3yxvsBbnDglmbb2YHPl/blB7w= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qocsp/certs/alice.key b/tests/auto/network/ssl/qocsp/certs/alice.key new file mode 100644 index 0000000000..6f2666ebde --- /dev/null +++ b/tests/auto/network/ssl/qocsp/certs/alice.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC24YNH2ggSQrnv +GXGr/Fze7sHWeLil2jKF/2v6mSCa7n3WqnaSXddyrdZV7lnnneisBQIATE+Up8VX +4JhgB51KCwNiUqTwM35/+f6GQbpaXarIXMeCX6a8/Bp4Op1UwhwMcaFKWMAuL0Cq +w3iVutSFLGLK4+EDCXzZYHQQi5yYGzU3FJJmAU9EEsZTPL1a+1AWrWq2fv3k9UhS +w2DryplD0G9F245ACvduDdqehirK22FafMtYquLZBHhnhjSa9xtP89nCG1wVnMNc +bce9zuTcCugBtahKCEwSCiT1Nb2CspiRbZ3lylBM/6Wm2QHrJnToxj3+4J1jOGbx +67ZGBWd3AgMBAAECggEADbzU+sHDF3QRuYdExbGYXFq9DtpUrIi+gNhWCSYVj+3Y +YBa//3CzLXcngZ78++wdvUZHBzS0SatspJRHffc0doprP6iLoUuM9hoWZ4lqcT1W +BeUKS53ZzZp2do+Yn/RQ3RJwFkCidxWvmuRCG6VEL5jM9wa1MWA2E7IuJcwHAFny +WIByosje5Qrd7eXDuVoqr1hjJ2UxIjIJ8Zgg3EE9wVUyJE3PU1HLz2AefonYRwbL +XlzNgnj0c9Ti9ejfyon+jTnpslLKtPal2kxyGoKPAngadAhCzqSaCWggACm7R8Ge +pZ0Y0pV7QReEgjfFd4D3qOqLRQZVJOMDb3vJu2/rsQKBgQDfKjfSpUweBM9li7GS +xXbDpC3Y8zQ2VY+2SvgYoYiYU/Y6YenxhKM1XDbWZxhxS8GVfCUAESFDOTZcMvdi +QEbG1uEmuCn1ksvrC2y54rtd8WDppcS0vJxCrU4nZG0v9IjVKp67B8EpBpAQeNb1 +tR6ByT2fLJu5+WU2S7OxqX7uLwKBgQDRyfKvrCQgdJOQlJlHOv1y1hN8WY51A8P/ +JbDXoun3PCPd+JczvFXCUh3ZLXqUEAX2qDOBD1pBM62EN6/A9ukO4mcMd8uYIet6 +nR4nVqXUjWuzXe6eo913lTDQrIOGWpViTc8fnvFlwBPfwzxbZNx38HZbw0L0nT7d +8TE/JxLROQKBgQC4Kzo4b8vadjPGZLueGbICkQp5IXR0ZrYcRdBrW1vEAn6Q/d84 +PzMFxV1IIXrNfSx8NiC+5mQh+yQ+gJ0iC1OdoxXag1+1V3lMN3h6C4B/bcWB7Rjh +40m9yRJXdgyZ59/Is8ydIzAosE7SGTelPNy5VR+yrfiySPxbC6x3MR8cZwKBgQCq +PVTg1bIjXDZ7NvsDYI1XaP07BXmi30FnhXByLFPsOzNn51jbtNNq8zQhjtRP3ojY +VjolWw4EpykBiCbpUfRiDbtN1NC0TaJHR8S2a4v6ZiCl123R8mu/pKOOUtAQcOWU +dkvD/zkpNqtqA4axK7H06n9Bi7yDwC7J7/Xkp5KPkQKBgFDprXrXg4zvIsxbXYZ3 +2bCaxyhBXNKcGwtWbbLfJcOwHJPns/abGkYIJ0NbMZX1LwTDfQWmC+8YKKvIlbKG +S2uk5H4qzupR4XN6YJ7SCHlGv2z0vxVjV7aWc1TME2iZQoBuO1urxPZwHd/euruo +kluWh1KV5XnWjBSYjZpiXxWl +-----END PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qocsp/certs/ca1.crt b/tests/auto/network/ssl/qocsp/certs/ca1.crt new file mode 100644 index 0000000000..b5ae194fab --- /dev/null +++ b/tests/auto/network/ssl/qocsp/certs/ca1.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID9DCCAtygAwIBAgIJAMQbE3657KDYMA0GCSqGSIb3DQEBCwUAMIGOMQswCQYD +VQQGEwJOTzENMAsGA1UECAwET3NsbzESMBAGA1UEBwwJT3NsbyBDaXR5MRMwEQYD +VQQKDApUaGUgUXQgQ0ExMQ0wCwYDVQQLDARRVENOMREwDwYDVQQDDAhjYTFxdC5p +bzElMCMGCSqGSIb3DQEJARYWdGltdXIucG9jaGVwdHNvdkBxdC5pbzAeFw0xODEx +MjIxMDIxMTNaFw0yODExMTkxMDIxMTNaMIGOMQswCQYDVQQGEwJOTzENMAsGA1UE +CAwET3NsbzESMBAGA1UEBwwJT3NsbyBDaXR5MRMwEQYDVQQKDApUaGUgUXQgQ0Ex +MQ0wCwYDVQQLDARRVENOMREwDwYDVQQDDAhjYTFxdC5pbzElMCMGCSqGSIb3DQEJ +ARYWdGltdXIucG9jaGVwdHNvdkBxdC5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAOCs3AV7sDKHJUJcm7a0OqnShIvoB1qv6UcOmlBmUzGl5GzX90Jz +7jYJoOPjxjNyRxMOsOReB1ZcSuIAjkdAEfFMaVe6j7qKTJ5ycTVY/fVoxyxsSNuI +xOJ6RCEjLHcxONEbkN/xI8LMdVko3m4P10r5GxwrgyPvpa87Yq5+XJ1BPWJyKbD7 +Tqpn3dvZUj0/POsMUTT7Q7VXOfDlZj58XWAC6ECTqJauhGFMhiwgqOn2Qo1W0QjV +DkGqRTdgIAM6Rv2cSRxgnflwW5QZ8kWUV81h/yx4cck/D9TcVxjr3Pvy6aJ/U41u +d4XJQgwCj4LJi4msw1S0CvZWmz+2BKxcbRsCAwEAAaNTMFEwHQYDVR0OBBYEFHgX +JwJFO7E6pu4tkL08cIK9J0NEMB8GA1UdIwQYMBaAFHgXJwJFO7E6pu4tkL08cIK9 +J0NEMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADp1kqDRcyVG +BdMge+Il10IjbpzzSjAoZiqiw69V99LiHW9ePbxG4AmliE6Za60GE5PCXOLjJh/5 +efgnIbybbyIOIT9iK4TXWLw2XW+rMY51c0RAxp2h/sc+5CZ0F0I811F5VUHXg2qR +U7C2zbzqAimN8TBm6FRe7NFQfqLCrsuFJjSc3obrqKQcpvRwxMk6NpkdoemzqLmY +lrBrTaeVbZ4ix3srVPvXRm9TdiC+JuuFmvulMfe+/wwnhb+dwT3JUC+EIq/Uf5Wb +g8lvB4ntitL8NLQ2hFGqYuoFNIGs6tRN71ohk+/ONqe9wJhcI9QAruPOvsg+8J0H +uGooX7PUNHg= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qocsp/certs/ca1.key b/tests/auto/network/ssl/qocsp/certs/ca1.key new file mode 100644 index 0000000000..4ee080f706 --- /dev/null +++ b/tests/auto/network/ssl/qocsp/certs/ca1.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgrNwFe7AyhyVC +XJu2tDqp0oSL6Adar+lHDppQZlMxpeRs1/dCc+42CaDj48YzckcTDrDkXgdWXEri +AI5HQBHxTGlXuo+6ikyecnE1WP31aMcsbEjbiMTiekQhIyx3MTjRG5Df8SPCzHVZ +KN5uD9dK+RscK4Mj76WvO2KuflydQT1icimw+06qZ93b2VI9PzzrDFE0+0O1Vznw +5WY+fF1gAuhAk6iWroRhTIYsIKjp9kKNVtEI1Q5BqkU3YCADOkb9nEkcYJ35cFuU +GfJFlFfNYf8seHHJPw/U3FcY69z78umif1ONbneFyUIMAo+CyYuJrMNUtAr2Vps/ +tgSsXG0bAgMBAAECggEBAL1RCwjXw42gEUZM8KzQS0pD6IpXVrMU3ZWReXhb8Kg6 +KDOK+3+UXlpMXLUKfj1lgvxM+cNEdBxSIoszerARDc1s3KseufOui4dL2ZbhSQVc +Z9BH4lCSe4x3CCeAEvzQjhatirMY51BCpnMdm+fUE07KfwyKobNLQSpZ+Pod4f5i +oQbOiZYfRfU2quaWIsVb/a5IiUD0gG0KS9O5wX6VigVeFRpOPHT4YCQ1qds4HqQq +PKQtkLq0mo6beXCfXWrJ5Nc0QOIFlgSAHkeRR7zLK8MlaerwZ5YdeJIWuPM9l9H+ +34FVkHle1rPN6dJf7EPwWxn1PceFe3QYn1GHoiMmXfkCgYEA/U6iQypbLEKLmLbt +XTvhV1FVDQM42BX+ATNQ8Wro0ybdyzM+d4271uAUGTF1Zvxndv22p+JOmldWveAR +0iVK4mvrs25ACg27Bz3LiUaQB2OyYrj9M7TLgQ47gYEhwgnsSniFyrMcptNyIfW5 +GoB1N00EKiCvHyWo5LK6kRZt5QcCgYEA4xBOC/Otc9lTp24iSVA8Y7XJ+nlypFtc +pehf262jH11wEkWskmc9aP/kpxt9fUrDxf3YIOqITR4mMNn184P1WywHAQF7Adfd +3r5YBMVaanuaMsSuAZOJGyvuk2BE6328IKdE+3emndzXuQdDf0X2TUznwdKe9AzZ +qadCBLfUpk0CgYAgDKbzIJTQkMrg06RMu5rTVXMRZmr2zDGLLVb8dK5oqO4/G4i3 +z7MIiOmCFoPoN99PauKFc1jGpm5PL96RXC6RX14/IZ/wpbQYQnVSNR9cD/0uCIHg +3OsytP5KcHA5ANBoy78B2o+xe+dg7JozBDXQfWodem0t37Hy3bpFSTU2WQKBgETY +qcFn9hydNYcblpvCDz1wXjhq4H7DENlhFseF42LcMuHnbEbLtMwEYrDkXe1CYQ/E +QubgFcnELXI8dB2M0jT9qXX9m+1YJXanIgr4R8zngz6HcfcaY8TwUhsvYlZAvmzs +KrdQdR2CW4pHkIijjuWrPs3+7aEz0D9nblX94yU1AoGATVCfQOwmEMFHg33luMMt +0lTOHsar6g1O5vz0ZPZ1NjJF9Qe3+T7B4n4gq9pLwfi7Ohoa4CDmt0nKmy56dBha +5LM8mzw+PaH9a3pP93caS6k/X68TLOp7fwvnzP6HTjtis2sdYzVma6ghEF0zRdQr +6nWMI6Kx2kFaNdzKSHzxP5A= +-----END PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qocsp/certs/infbob.key b/tests/auto/network/ssl/qocsp/certs/infbob.key new file mode 100644 index 0000000000..7878339151 --- /dev/null +++ b/tests/auto/network/ssl/qocsp/certs/infbob.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDkF2BuPlkQa3Ox +JxnbQ+gy1mAxaGGzfnmGocraxVSKSssX3zSkeIrWB1kW3diOtIZ1jovYftHGsqoB +F5k6fN9dr37mFIZnilF6Bq0seYjNUl6I0d7Cf3NJSf7TG5+P+dAyNLN8aXILctY8 +krlSe4ysb++9xgawt2DYL3I0LBd+W27hd2BlfcmB4g2X3zOasjZM8F5HSBxF5e7f +fVaUmCC8S4jdXUQEbUNFk6HufDwDhP1gMtoGKHusWOdI5O6cQAfUUmRLSfi/jWoe +KLPafbj7KIcA8+YojOvub2guNpO42h9fc83/gCkkBJhwXNdIQjRUnz6Lu05kDTG9 +X28gbX9TAgMBAAECggEBAN9xCxVUXJmaOb6ciFblIi3TFm6wS62zw0chbgB8eQH0 +nRoonYBVWeSrVBnzf7bkoCe/Wb3fFo+o7KOfQ4spUwOK7SxlhPkfZgu9SJ4d/Obu +vw8XUTqF8iEkrM6P6/L2DX9xYzcIcSFIARlbvtJPmBJAocHtoRYyvltpt13mp6kt +/LVYR4qFAWRpPR6rnjlXEjfrE9taHWgIJEjwMj+IcTjnGiS1rX1T/JNhjRxsRJwU +qxqhYmeenNymyUJxS2B806EcG3UAJu63dK61VXN1dtPhS3FqjeR//GRlmy14n7RW +ZQAuT9dPB/WzUZVzEcOgTwe/+XsPTSfz7gpaoffgMJECgYEA/43xZRi48Dfp3tdq +qwwLf6Ya9pB2zb3XE8MUQhxsrygzL5ngZhmr2m0LgGCf5fXa983G6wzA6sOdpvve +jFAlBZYbWaYnvog9QIFcTj0S6PahGTBaR7PSNzK0UzoHYexYVCkyzQl1O2hktazd +Cankh/6IlAFkKbUSDqAwc07jNCkCgYEA5H0tNXpcDN6JTgKNe8YHM0GjZB+qGEoL +7YZbFlANjO9pOPY6JMQ3+DbOoruIH97CIyVYokuH0qRAfjm5LNiVYECFVFZRnGFb +BNPOPAnPJPISDF66zjW0KLMYCykJAHQ4SpHUPcJ6JnfBr76s/xSbNI9qnhpy3QYI +ATkqOrP25xsCgYEAy3pjmJGEv5BloM942VSv2yWRFn2UeuELXWrYuIMVbqndh6tH +50PNeA+XNtK4vktx3Bl2pzTybnrvDkRBwQsXT0lj4Y/Q2X509uWJb6plYiTtxLah +S7I8UUMIHbR4qFmdQvXCw0sikvjeJ2HKZaVml3ntmZs5+5N3GzolGcrYUXECgYEA +pPsBnsCoIJ66s7pCIKIfZtI5QT1f20P0EuDVemn5Ls9bwcaAuzV3WGFymKwiISj+ +MtRviFhTTTROYRYa8Be+3A4ad4gQS4M8bmLlYhKPIJUtlQL9jZHXcR/H9578ofhJ +AQcFIkb/XjFQiC58yX4+hxgbGufsEk2dkAyPwm1ZlQsCgYBTjnraJbYSz1v3MQKx +fHm9eHki/ODR3lWiCYYnnW3AwRa7AXS4ZiSw78wzkUX2XTJbE6JlEUH4M9DMzr4y +QBwKmx+3u+Im4WcZ889jo6XrF0X9mXRmY25+gr2ypTbKZjT8FCYcXIgiOxITLXZh +Bmn7KZcsdaPxSFn05ASEanLNqA== +-----END PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qocsp/certs/infbobchain.crt b/tests/auto/network/ssl/qocsp/certs/infbobchain.crt new file mode 100644 index 0000000000..7ed13c2856 --- /dev/null +++ b/tests/auto/network/ssl/qocsp/certs/infbobchain.crt @@ -0,0 +1,49 @@ +-----BEGIN CERTIFICATE----- +MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCTk8x +DTALBgNVBAgMBE9zbG8xEjAQBgNVBAcMCU9zbG8gQ2l0eTETMBEGA1UECgwKVGhl +IFF0IENBMTENMAsGA1UECwwEUVRDTjERMA8GA1UEAwwIY2ExcXQuaW8xJTAjBgkq +hkiG9w0BCQEWFnRpbXVyLnBvY2hlcHRzb3ZAcXQuaW8wHhcNMTgxMTIyMTAyOTM3 +WhcNMjgxMTE5MTAyOTM3WjCBmDELMAkGA1UEBhMCTk8xDTALBgNVBAgMBE9zbG8x +EjAQBgNVBAcMCU9zbG8gQ2l0eTEkMCIGA1UECgwbVGhlIEluZmFtb3VzIFNuZWFr +eSBCb2IgTHRkMQwwCgYDVQQLDANCREExEzARBgNVBAMMCmluZmJvYi5jb20xHTAb +BgkqhkiG9w0BCQEWDmJvYkBpbmZib2IuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA5Bdgbj5ZEGtzsScZ20PoMtZgMWhhs355hqHK2sVUikrLF980 +pHiK1gdZFt3YjrSGdY6L2H7RxrKqAReZOnzfXa9+5hSGZ4pRegatLHmIzVJeiNHe +wn9zSUn+0xufj/nQMjSzfGlyC3LWPJK5UnuMrG/vvcYGsLdg2C9yNCwXfltu4Xdg +ZX3JgeINl98zmrI2TPBeR0gcReXu331WlJggvEuI3V1EBG1DRZOh7nw8A4T9YDLa +Bih7rFjnSOTunEAH1FJkS0n4v41qHiiz2n24+yiHAPPmKIzr7m9oLjaTuNofX3PN +/4ApJASYcFzXSEI0VJ8+i7tOZA0xvV9vIG1/UwIDAQABo3sweTAJBgNVHRMEAjAA +MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd +BgNVHQ4EFgQUloqk6Iihkkcxp85jAzeUPGVmapkwHwYDVR0jBBgwFoAUeBcnAkU7 +sTqm7i2QvTxwgr0nQ0QwDQYJKoZIhvcNAQELBQADggEBAGCdYFNskTzMilRtmw+v +oJQM3mc6LdYYuADCuh8O/GKaqUnE7V2XnMBYWMN93eeN9VXmK2yAZaQU1J6ruP1S +pLMzJ8hbQej+sm+XAHVxAtr34KmEC50gIn1cB/sRKxHMombbNl7EK44puFU7q58P +zBz5lTXXTfA954D/ijEMMSDvIZ25me6vrGPMj1LX/wC6CWadSr9IxAO9HQVQQqwv +AbbqrCvMSMv633/f1EYU8Q6jhUCTlnin4pXtriOnqi+6MZICaYRCUgV224Rs3OUS +jmrbOeoaZUpmOVmuoYXWeexe229G2KGiEIgnSBEk5OLFHCeZ8++WJ5/SLHt8MBLc +O0w= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID9DCCAtygAwIBAgIJAMQbE3657KDYMA0GCSqGSIb3DQEBCwUAMIGOMQswCQYD +VQQGEwJOTzENMAsGA1UECAwET3NsbzESMBAGA1UEBwwJT3NsbyBDaXR5MRMwEQYD +VQQKDApUaGUgUXQgQ0ExMQ0wCwYDVQQLDARRVENOMREwDwYDVQQDDAhjYTFxdC5p +bzElMCMGCSqGSIb3DQEJARYWdGltdXIucG9jaGVwdHNvdkBxdC5pbzAeFw0xODEx +MjIxMDIxMTNaFw0yODExMTkxMDIxMTNaMIGOMQswCQYDVQQGEwJOTzENMAsGA1UE +CAwET3NsbzESMBAGA1UEBwwJT3NsbyBDaXR5MRMwEQYDVQQKDApUaGUgUXQgQ0Ex +MQ0wCwYDVQQLDARRVENOMREwDwYDVQQDDAhjYTFxdC5pbzElMCMGCSqGSIb3DQEJ +ARYWdGltdXIucG9jaGVwdHNvdkBxdC5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAOCs3AV7sDKHJUJcm7a0OqnShIvoB1qv6UcOmlBmUzGl5GzX90Jz +7jYJoOPjxjNyRxMOsOReB1ZcSuIAjkdAEfFMaVe6j7qKTJ5ycTVY/fVoxyxsSNuI +xOJ6RCEjLHcxONEbkN/xI8LMdVko3m4P10r5GxwrgyPvpa87Yq5+XJ1BPWJyKbD7 +Tqpn3dvZUj0/POsMUTT7Q7VXOfDlZj58XWAC6ECTqJauhGFMhiwgqOn2Qo1W0QjV +DkGqRTdgIAM6Rv2cSRxgnflwW5QZ8kWUV81h/yx4cck/D9TcVxjr3Pvy6aJ/U41u +d4XJQgwCj4LJi4msw1S0CvZWmz+2BKxcbRsCAwEAAaNTMFEwHQYDVR0OBBYEFHgX +JwJFO7E6pu4tkL08cIK9J0NEMB8GA1UdIwQYMBaAFHgXJwJFO7E6pu4tkL08cIK9 +J0NEMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADp1kqDRcyVG +BdMge+Il10IjbpzzSjAoZiqiw69V99LiHW9ePbxG4AmliE6Za60GE5PCXOLjJh/5 +efgnIbybbyIOIT9iK4TXWLw2XW+rMY51c0RAxp2h/sc+5CZ0F0I811F5VUHXg2qR +U7C2zbzqAimN8TBm6FRe7NFQfqLCrsuFJjSc3obrqKQcpvRwxMk6NpkdoemzqLmY +lrBrTaeVbZ4ix3srVPvXRm9TdiC+JuuFmvulMfe+/wwnhb+dwT3JUC+EIq/Uf5Wb +g8lvB4ntitL8NLQ2hFGqYuoFNIGs6tRN71ohk+/ONqe9wJhcI9QAruPOvsg+8J0H +uGooX7PUNHg= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qocsp/certs/ss1-private.key b/tests/auto/network/ssl/qocsp/certs/ss1-private.key new file mode 100644 index 0000000000..1c42daaf9f --- /dev/null +++ b/tests/auto/network/ssl/qocsp/certs/ss1-private.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4bXcfIjweShLx +6jBTKu/i5sXmlwTH9Z4PTzQ1VteKyEIDlnW5ocVWqRgBrvz3NlTFkDKkQXshkXyE +JyVZFbAPCfGsroZVISpFhUmJbPMBNn3SyGEU+sxWIpOZOKmG5tel6B4Bt5TWsRHL +mtU8Pv/APsz+i9JhgE25ksGhx16MqvdRv/xNGleF8qe+hDOeiNF3/lNv2hYb/MvD +1F73FBoDVnqty/VXXOJFb7elLE4ArXsTN/hip42Lbl1guYvnqnTZFhCHwMzRu4qc +3FTlemumfJpacpRnqVw2TURA5SdpTp9NYIxygEGNY201meNEjAEyg8GeFkAgu99R +LPQT+rTNAgMBAAECggEAPQEIfCXo2OQLrDWY0onLW7SWFZYyoKngJJRAYrxdA60G +GQW13zdhfS7ln/jv+B3ioI74EVkPj6T+GQCR3AvOdssFQ+dey93yi5hxIKIHJ4mM +ySI66qOi34MEa5RQjyzgfCJxeoPtGa7sgfqvOgRkuISNbk11w4abLx0aK5c08TY0 +JdeoWWhATaFZXl782Aw2FwGPTwOIf7GB09BJS3qUqlMT9fowLmWO10jOKkNtvcnT +2mAqT5cdZG1ffT5+f0JETPCbBPhhyE7VyYEVQfqTkRnEoz3hcZvjx91jD527+CSL +Qhg7zZu2oakyJQvpHETZ6cgrs7uDEiol7ARANezwyQKBgQDmapxV/qIOd5WFDVXw +lGt+dsELBBdMhvzr4A9eZdIZiXu48rdFG0XoECo5BKpXa1+ISr2od0U0YODrJrws +OHxHhlxGjJFs8kFteUPHyEZv6/rvkbA+xc0Uw04NnDRHBLK8VvX7MBWfvTqLN4bK +sZsMblscRBtEpFpN1fiJgnNASwKBgQDM56lBugtueBV9M4C/JF2is96d14ue3Y4i +SgMnHY18D3ru+KDuxPYoIs5Yos2vDWK2k8754WZ+WNXokjRoYPiFbeBPpI9NudJs +BUJz/sLJHjs3a4HrQs3hCuufczNxq9wQnALQHCMEqeBUTYCu/1+zYgwAu3Z/R8rJ +jKgexl+gRwKBgGrLCNCWpze7VzKGvsk1kSjZE5nueHoAqqMMgzMGUD2DyjMrU6QV +Au6O53Lr5aOE4Y9CzOqS9SFUsYprtpVsTLW94XDVX+W11ntN1At5mKPxJKn6xUwi +022HI9sNBfHQjKLcTz/vxmX2B3dU8gVqEenOEC5mppjG8A/ZV0ssigxHAoGAfGsG +OSSwoElGMxm8yVNZj9vMBufEnZhGH8f1FiE5seTsboKFpbXvCfvoc6WXYv2rvNUP +TmdxBrMGYAu2ytJm1Q4cr/9qDHYSsQiYizpcKCa1KjebUbDktgsde1pGGHWUUHmK +s7cCBGjqEAZnZtslzxRv2Vn639pF5hAEXXtywS0CgYAUIjhp43qgtbQdZMX7xbVR +lT26aq7NguCtt7njpgkhqc0HThb3I8ImrhNSDcS0/T9dPU70vt0ceruyRXmwX5hA +l28i5GzF5ufaRQdcsSR9u+P67nD5sTZBesbejXFySis5EC/97A4XZvkSfY4DQSZ+ +u8JJPZUlb2kGAHRpmxvpDA== +-----END PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qocsp/certs/ss1.crt b/tests/auto/network/ssl/qocsp/certs/ss1.crt new file mode 100644 index 0000000000..43ca8316c2 --- /dev/null +++ b/tests/auto/network/ssl/qocsp/certs/ss1.crt @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEKzCCAxOgAwIBAgIJAOO/b5uLSmT8MA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD +VQQGEwJOTzENMAsGA1UECAwET3NsbzENMAsGA1UEBwwET3NsbzESMBAGA1UECgwJ +VGhlIFF0IENBMScwJQYDVQQLDB5SJkQgKGZha2UgY2VydGlmaWNhdGVzIGlzc3Vl +cikxGTAXBgNVBAMMEFRpbXVyIFBvY2hlcHRzb3YxJTAjBgkqhkiG9w0BCQEWFnRp +bXVyLnBvY2hlcHRzb3ZAcXQuaW8wIBcNMTgxMTE3MDUxNDA1WhgPMjExODEwMjQw +NTE0MDVaMIGqMQswCQYDVQQGEwJOTzENMAsGA1UECAwET3NsbzENMAsGA1UEBwwE +T3NsbzESMBAGA1UECgwJVGhlIFF0IENBMScwJQYDVQQLDB5SJkQgKGZha2UgY2Vy +dGlmaWNhdGVzIGlzc3VlcikxGTAXBgNVBAMMEFRpbXVyIFBvY2hlcHRzb3YxJTAj +BgkqhkiG9w0BCQEWFnRpbXVyLnBvY2hlcHRzb3ZAcXQuaW8wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC4bXcfIjweShLx6jBTKu/i5sXmlwTH9Z4PTzQ1 +VteKyEIDlnW5ocVWqRgBrvz3NlTFkDKkQXshkXyEJyVZFbAPCfGsroZVISpFhUmJ +bPMBNn3SyGEU+sxWIpOZOKmG5tel6B4Bt5TWsRHLmtU8Pv/APsz+i9JhgE25ksGh +x16MqvdRv/xNGleF8qe+hDOeiNF3/lNv2hYb/MvD1F73FBoDVnqty/VXXOJFb7el +LE4ArXsTN/hip42Lbl1guYvnqnTZFhCHwMzRu4qc3FTlemumfJpacpRnqVw2TURA +5SdpTp9NYIxygEGNY201meNEjAEyg8GeFkAgu99RLPQT+rTNAgMBAAGjUDBOMB0G +A1UdDgQWBBSyHPlJr6BrpwMY7Sxg2R3CpQR7UzAfBgNVHSMEGDAWgBSyHPlJr6Br +pwMY7Sxg2R3CpQR7UzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBD +o86xp1WwvX6mYzF94ifZlkq1aDN6/njj2B9fvJCtygfqq6b9BrQJ0hNeqRh8OaIh +v2YmjbdUaoYguHmUxL+SeS67Sp8QBoSwdU5x0i8ygrigBrbb3myNqN6hGvpGy9E0 +B8PnVDt9DaOCunaMyGNPMLNPVGYULmberGtxV9wilcH4Q6WZrk9IhuyfqeBZtBYM +IcjV3OKdUv/ggu2IZSN7njKcgr+uyPt0Ymo9GozJSTdnN/E4hsRgzcgzCMf2fxzj +nGcsDRQ4L1R8p1zDlduxmmk42zGCGz3duFX7dijAxJWirS8Zsea4aooLgDQYT/zI +8hKd3KC3knLhPcxFKiUg +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qocsp/qocsp.pro b/tests/auto/network/ssl/qocsp/qocsp.pro new file mode 100644 index 0000000000..f4e846f39b --- /dev/null +++ b/tests/auto/network/ssl/qocsp/qocsp.pro @@ -0,0 +1,15 @@ +CONFIG += testcase + +SOURCES += tst_qocsp.cpp +QT = core network network-private testlib + +TARGET = tst_qocsp + +win32 { + CONFIG(debug, debug|release) { + DESTDIR = debug + } else { + DESTDIR = release + } +} + diff --git a/tests/auto/network/ssl/qocsp/tst_qocsp.cpp b/tests/auto/network/ssl/qocsp/tst_qocsp.cpp new file mode 100644 index 0000000000..9716c04bbb --- /dev/null +++ b/tests/auto/network/ssl/qocsp/tst_qocsp.cpp @@ -0,0 +1,823 @@ +/**************************************************************************** + ** + ** Copyright (C) 2018 The Qt Company Ltd. + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the test suite of the Qt Toolkit. + ** + ** $QT_BEGIN_LICENSE:GPL-EXCEPT$ + ** Commercial License Usage + ** Licensees holding valid commercial Qt licenses may use this file in + ** accordance with the commercial license agreement provided with the + ** Software or, alternatively, in accordance with the terms contained in + ** a written agreement between you and The Qt Company. For licensing terms + ** and conditions see https://www.qt.io/terms-conditions. For further + ** information use the contact form at https://www.qt.io/contact-us. + ** + ** GNU General Public License Usage + ** Alternatively, this file may be used under the terms of the GNU + ** General Public License version 3 as published by the Free Software + ** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT + ** included in the packaging of this file. Please review the following + ** information to ensure the GNU General Public License requirements will + ** be met: https://www.gnu.org/licenses/gpl-3.0.html. + ** + ** $QT_END_LICENSE$ + ** + ****************************************************************************/ + +#include <QtTest/QtTest> + +#include <QtNetwork/private/qtnetworkglobal_p.h> + +#include <QtNetwork/private/qsslsocket_openssl_symbols_p.h> +#include <QtNetwork/private/qsslsocket_openssl_p.h> + +#include <QtNetwork/qsslcertificate.h> +#include <QtNetwork/qtcpserver.h> +#include <QtNetwork/qsslerror.h> +#include <QtNetwork/qsslkey.h> +#include <QtNetwork/qssl.h> + +#include <QtCore/qsharedpointer.h> +#include <QtCore/qbytearray.h> +#include <QtCore/qfileinfo.h> +#include <QtCore/qstring.h> +#include <QtCore/qfile.h> +#include <QtCore/qlist.h> +#include <QtCore/qdir.h> + +#include <openssl/ocsp.h> + +#include <algorithm> +#include <utility> + +// NOTE: the word 'subject' in the code below means the subject of a status request, +// so in general it's our peer's certificate we are asking about. + +using SslError = QT_PREPEND_NAMESPACE(QSslError); +using VectorOfErrors = QT_PREPEND_NAMESPACE(QVector<SslError>); +using Latin1String = QT_PREPEND_NAMESPACE(QLatin1String); + +Q_DECLARE_METATYPE(SslError) +Q_DECLARE_METATYPE(VectorOfErrors) +Q_DECLARE_METATYPE(Latin1String) + +QT_BEGIN_NAMESPACE + +namespace { + +using OcspResponse = QSharedPointer<OCSP_RESPONSE>; +using BasicResponse = QSharedPointer<OCSP_BASICRESP>; +using SingleResponse = QSharedPointer<OCSP_SINGLERESP>; +using CertId = QSharedPointer<OCSP_CERTID>; +using EvpKey = QSharedPointer<EVP_PKEY>; +using Asn1Time = QSharedPointer<ASN1_TIME>; +using CertificateChain = QList<QSslCertificate>; + +using NativeX509Ptr = X509 *; + +class X509Stack { +public: + explicit X509Stack(const QList<QSslCertificate> &chain); + + ~X509Stack(); + + int size() const; + X509 *operator[](int index) const; + operator STACK_OF(X509) *() const; + +private: + OPENSSL_STACK *stack = nullptr; + + Q_DISABLE_COPY(X509Stack) +}; + +X509Stack::X509Stack(const QList<QSslCertificate> &chain) +{ + if (!chain.size()) + return; + + stack = q_OPENSSL_sk_new_null(); + if (!stack) + return; + + for (const QSslCertificate &cert : chain) { + X509 *nativeCert = NativeX509Ptr(cert.handle()); + if (!nativeCert) + continue; + q_OPENSSL_sk_push(stack, nativeCert); + q_X509_up_ref(nativeCert); + } +} + +X509Stack::~X509Stack() +{ + if (stack) + q_OPENSSL_sk_pop_free(stack, reinterpret_cast<void(*)(void*)>(q_X509_free)); +} + +int X509Stack::size() const +{ + if (stack) + return q_OPENSSL_sk_num(stack); + return 0; +} + +X509 *X509Stack::operator[](int index) const +{ + return NativeX509Ptr(q_OPENSSL_sk_value(stack, index)); +} + +X509Stack::operator STACK_OF(X509) *() const +{ + return reinterpret_cast<STACK_OF(X509)*>(stack); +} + +struct OcspTimeStamp +{ + OcspTimeStamp() = default; + OcspTimeStamp(long secondsBeforeNow, long secondsAfterNow); + + static Asn1Time timeToAsn1Time(long adjustment); + + Asn1Time thisUpdate; + Asn1Time nextUpdate; +}; + +OcspTimeStamp::OcspTimeStamp(long secondsBeforeNow, long secondsAfterNow) +{ + Asn1Time start = timeToAsn1Time(secondsBeforeNow); + Asn1Time end = timeToAsn1Time(secondsAfterNow); + if (start.data() && end.data()) { + thisUpdate.swap(start); + nextUpdate.swap(end); + } +} + +Asn1Time OcspTimeStamp::timeToAsn1Time(long adjustment) +{ + if (ASN1_TIME *adjusted = q_X509_gmtime_adj(nullptr, adjustment)) + return Asn1Time(adjusted, q_ASN1_TIME_free); + return Asn1Time{}; +} + +struct OcspResponder +{ + OcspResponder(const OcspTimeStamp &stamp, const CertificateChain &subjs, + const CertificateChain &respChain, const QSslKey &respPKey); + + QByteArray buildResponse(int responseStatus, int certificateStatus) const; + static EvpKey privateKeyToEVP_PKEY(const QSslKey &privateKey); + static CertId certificateToCertId(X509 *subject, X509 *issuer); + static QByteArray responseToDer(OCSP_RESPONSE *response); + + OcspTimeStamp timeStamp; + // Plural, we can send a 'wrong' BasicResponse containing more than + // 1 SingleResponse. + X509Stack subjects; + X509Stack responderChain; + QSslKey responderKey; +}; + +OcspResponder::OcspResponder(const OcspTimeStamp &stamp, const CertificateChain &subjs, + const CertificateChain &respChain, const QSslKey &respPKey) + : timeStamp(stamp), + subjects(subjs), + responderChain(respChain), + responderKey(respPKey) +{ +} + +QByteArray OcspResponder::buildResponse(int responseStatus, int certificateStatus) const +{ + if (responseStatus != OCSP_RESPONSE_STATUS_SUCCESSFUL) { + OCSP_RESPONSE *response = q_OCSP_response_create(responseStatus, nullptr); + if (!response) + return {}; + const OcspResponse rGuard(response, q_OCSP_RESPONSE_free); + return responseToDer(response); + } + + Q_ASSERT(subjects.size() && responderChain.size() && responderKey.handle()); + + const EvpKey nativeKey = privateKeyToEVP_PKEY(responderKey); + if (!nativeKey.data()) + return {}; + + OCSP_BASICRESP *basicResponse = q_OCSP_BASICRESP_new(); + if (!basicResponse) + return {}; + const BasicResponse brGuard(basicResponse, q_OCSP_BASICRESP_free); + + for (int i = 0, e = subjects.size(); i < e; ++i) { + X509 *subject = subjects[i]; + Q_ASSERT(subject); + CertId certId = certificateToCertId(subject, responderChain[0]); + if (!certId.data()) + return {}; + + // NOTE: we do not own this 'singleResponse': + ASN1_TIME *revisionTime = certificateStatus == V_OCSP_CERTSTATUS_REVOKED ? + timeStamp.thisUpdate.data() : nullptr; + + if (!q_OCSP_basic_add1_status(basicResponse, certId.data(), certificateStatus, 0, revisionTime, + timeStamp.thisUpdate.data(), timeStamp.nextUpdate.data())) { + return {}; + } + } + + if (q_OCSP_basic_sign(basicResponse, responderChain[0], nativeKey.data(), q_EVP_sha1(), + responderChain, 0) != 1) { + return {}; + } + + OCSP_RESPONSE *ocspResponse = q_OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, basicResponse); + if (!ocspResponse) + return {}; + const OcspResponse rGuard(ocspResponse, q_OCSP_RESPONSE_free); + return responseToDer(ocspResponse); +} + +EvpKey OcspResponder::privateKeyToEVP_PKEY(const QSslKey &privateKey) +{ + const EvpKey nullKey; + if (privateKey.isNull() || privateKey.algorithm() != QSsl::Rsa) { + // We use only RSA keys in this auto-test, since we test OCSP only, + // not handshake/TLS in general. + return nullKey; + } + + EVP_PKEY *nativeKey = q_EVP_PKEY_new(); + if (!nativeKey) + return nullKey; + + const EvpKey keyGuard(nativeKey, q_EVP_PKEY_free); + if (!q_EVP_PKEY_set1_RSA(nativeKey, reinterpret_cast<RSA *>(privateKey.handle()))) + return nullKey; + + return keyGuard; +} + +CertId OcspResponder::certificateToCertId(X509 *subject, X509 *issuer) +{ + const CertId nullId; + if (!subject || !issuer) + return nullId; + + const EVP_MD *digest = q_EVP_sha1(); + if (!digest) + return nullId; + + OCSP_CERTID *certId = q_OCSP_cert_to_id(digest, subject, issuer); + if (!certId) + return nullId; + + return CertId(certId, q_OCSP_CERTID_free); +} + +QByteArray OcspResponder::responseToDer(OCSP_RESPONSE *response) +{ + if (!response) + return {}; + + const int derSize = q_i2d_OCSP_RESPONSE(response, nullptr); + if (derSize <= 0) + return {}; + + QByteArray derData(derSize, Qt::Uninitialized); + unsigned char *pData = reinterpret_cast<unsigned char *>(derData.data()); + const int serializedSize = q_i2d_OCSP_RESPONSE(response, &pData); + if (serializedSize != derSize) + return {}; + + return derData; +} + +// The QTcpServer capable of sending OCSP status responses. +class OcspServer : public QTcpServer +{ + Q_OBJECT + +public: + OcspServer(const CertificateChain &serverChain, const QSslKey &privateKey); + + void configureResponse(const QByteArray &responseDer); + QString hostName() const; + QString peerVerifyName() const; + +Q_SIGNALS: + void internalServerError(); + +private: + void incomingConnection(qintptr descriptor) override; + +public: + QSslConfiguration serverConfig; + QSslSocket serverSocket; +}; + +OcspServer::OcspServer(const CertificateChain &serverChain, const QSslKey &privateKey) +{ + Q_ASSERT(serverChain.size()); + Q_ASSERT(!privateKey.isNull()); + + serverConfig = QSslConfiguration::defaultConfiguration(); + serverConfig.setLocalCertificateChain(serverChain); + serverConfig.setPrivateKey(privateKey); +} + +void OcspServer::configureResponse(const QByteArray &responseDer) +{ + serverConfig.setBackendConfigurationOption("Qt-OCSP-response", responseDer); +} + +QString OcspServer::hostName() const +{ + // It's 'name' and not 'address' to be consistent with QSslSocket's naming style, + // where it's connectToHostEncrypted(hostName, ...) + const QHostAddress &addr = serverAddress(); + if (addr == QHostAddress::Any || addr == QHostAddress::AnyIPv4) + return QStringLiteral("127.0.0.1"); + if (addr == QHostAddress::AnyIPv6) + return QStringLiteral("::1"); + return addr.toString(); +} + +QString OcspServer::peerVerifyName() const +{ + const CertificateChain &localChain = serverConfig.localCertificateChain(); + if (localChain.isEmpty()) + return {}; + const auto cert = localChain.first(); + if (cert.isNull()) + return {}; + + const QStringList &names = cert.subjectInfo(QSslCertificate::CommonName); + return names.isEmpty() ? QString{} : names.first(); +} + +void OcspServer::incomingConnection(qintptr socketDescriptor) +{ + close(); + + if (!serverSocket.setSocketDescriptor(socketDescriptor)) { + emit internalServerError(); + return; + } + + serverSocket.setSslConfiguration(serverConfig); + // Since we test a client, not a server, we don't care about any + // possible errors on the server (QAbstractSocket or QSslSocket-related). + // Thus, we don't connect to any error signal. + serverSocket.startServerEncryption(); +} + +} // unnamed namespace + +class tst_QOcsp : public QObject +{ + Q_OBJECT + +public slots: + void initTestCase(); + +private slots: + void connectSelfSigned(); + void badStatus_data(); + void badStatus(); + void multipleSingleResponses(); + void malformedResponse(); + void expiredResponse_data(); + void expiredResponse(); + void noNextUpdate(); + void wrongCertificateInResponse_data(); + void wrongCertificateInResponse(); + void untrustedResponder(); + + // OCSPTODO: more tests in future ... + +private: + void setupOcspClient(QSslSocket &clientSocket, const CertificateChain &trustedCAs, + const QString &peerName); + bool containsOcspErrors(const QList<QSslError> &errorsFound) const; + static bool containsError(const QList<QSslError> &errors, QSslError::SslError code); + static QByteArray goodResponse(const CertificateChain &subject, const CertificateChain &responder, + const QSslKey &privateKey, long beforeNow = -1000, long afterNow = 1000); + static bool loadPrivateKey(const QString &keyName, QSslKey &key); + static CertificateChain issuerToChain(const CertificateChain &chain); + static CertificateChain subjectToChain(const CertificateChain &chain); + + static QString certDirPath; + + void (QSslSocket::*socketErrorSignal)(QAbstractSocket::SocketError) = &QAbstractSocket::error; + void (QSslSocket::*tlsErrorsSignal)(const QList<QSslError> &) = &QSslSocket::sslErrors; + void (QTestEventLoop::*exitLoopSlot)() = &QTestEventLoop::exitLoop; + + const int handshakeTimeoutMS = 500; + QTestEventLoop loop; + + std::vector<QSslError::SslError> ocspErrorCodes = {QSslError::OcspNoResponseFound, + QSslError::OcspMalformedRequest, + QSslError::OcspMalformedResponse, + QSslError::OcspInternalError, + QSslError::OcspTryLater, + QSslError::OcspSigRequred, + QSslError::OcspUnauthorized, + QSslError::OcspResponseCannotBeTrusted, + QSslError::OcspResponseCertIdUnknown, + QSslError::OcspResponseExpired, + QSslError::OcspStatusUnknown}; +}; + +#define QCOMPARE_SINGLE_ERROR(sslSocket, expectedError) \ + const auto &tlsErrors = sslSocket.sslErrors(); \ + QCOMPARE(tlsErrors.size(), 1); \ + QCOMPARE(tlsErrors[0].error(), expectedError) + +#define QVERIFY_HANDSHAKE_WITHOUT_ERRORS(sslSocket) \ + QVERIFY(sslSocket.isEncrypted()); \ + QCOMPARE(sslSocket.state(), QAbstractSocket::ConnectedState); \ + QVERIFY(sslSocket.sslErrors().isEmpty()) + +#define QDECLARE_CHAIN(object, chainFileName) \ + CertificateChain object = QSslCertificate::fromPath(certDirPath + QLatin1String(chainFileName)); \ + QVERIFY(object.size()) + +#define QDECLARE_PRIVATE_KEY(key, keyFileName) \ + QSslKey key; \ + QVERIFY(loadPrivateKey(QLatin1String(keyFileName), key)) + +QString tst_QOcsp::certDirPath; + +void tst_QOcsp::initTestCase() +{ + QVERIFY(QSslSocket::supportsSsl()); + + certDirPath = QFileInfo(QFINDTESTDATA("certs")).absolutePath(); + QVERIFY(certDirPath.size() > 0); + certDirPath += QDir::separator() + QStringLiteral("certs") + QDir::separator(); +} + +void tst_QOcsp::connectSelfSigned() +{ + // This test may look a bit confusing, since we have essentially 1 + // self-signed certificate, which we trust for the purpose of this test, + // but we also request its (the certificate's) status and then we sign + // the status response using the same certificate and the corresponding + // private key. Anyway, we test the very basic things here: we send + // an OCSP status request, we verify the response (if server has sent it), + // and detect errors (if any). + QDECLARE_CHAIN(subjectChain, "ss1.crt"); + QDECLARE_CHAIN(responderChain, "ss1.crt"); + QDECLARE_PRIVATE_KEY(privateKey, "ss1-private.key"); + { + // This server ignores our status request: + const QSslError::SslError expectedError = QSslError::OcspNoResponseFound; + + OcspServer server(subjectChain, privateKey); + QVERIFY(server.listen()); + connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot); + + QSslSocket clientSocket; + QSslConfiguration clientConfig = QSslConfiguration::defaultConfiguration(); + auto roots = clientConfig.caCertificates(); + setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName()); + clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); + loop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY(!clientSocket.isEncrypted()); + QCOMPARE_SINGLE_ERROR(clientSocket, expectedError); + } + { + // Now the server will send a valid 'status: good' response. + OcspServer server(subjectChain, privateKey); + const QByteArray response(goodResponse(subjectChain, responderChain, privateKey)); + QVERIFY(response.size()); + server.configureResponse(response); + QVERIFY(server.listen()); + + QSslSocket clientSocket; + setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName()); + clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); + loop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY_HANDSHAKE_WITHOUT_ERRORS(clientSocket); + } +} + +void tst_QOcsp::badStatus_data() +{ + QTest::addColumn<int>("responseStatus"); + QTest::addColumn<int>("certificateStatus"); + QTest::addColumn<QSslError>("expectedError"); + + QTest::addRow("malformed-request") << OCSP_RESPONSE_STATUS_MALFORMEDREQUEST << 1 << QSslError(QSslError::OcspMalformedRequest); + QTest::addRow("internal-error") << OCSP_RESPONSE_STATUS_INTERNALERROR << 2 << QSslError(QSslError::OcspInternalError); + QTest::addRow("try-later") << OCSP_RESPONSE_STATUS_TRYLATER << 3 << QSslError(QSslError::OcspTryLater); + QTest::addRow("signed-request-require") << OCSP_RESPONSE_STATUS_SIGREQUIRED << 2 << QSslError(QSslError::OcspSigRequred); + QTest::addRow("unauthorized-request") << OCSP_RESPONSE_STATUS_UNAUTHORIZED << 1 <<QSslError(QSslError::OcspUnauthorized); + + QTest::addRow("certificate-revoked") << OCSP_RESPONSE_STATUS_SUCCESSFUL << V_OCSP_CERTSTATUS_REVOKED + << QSslError(QSslError::CertificateRevoked); + QTest::addRow("status-unknown") << OCSP_RESPONSE_STATUS_SUCCESSFUL << V_OCSP_CERTSTATUS_UNKNOWN + << QSslError(QSslError::OcspStatusUnknown); +} + +void tst_QOcsp::badStatus() +{ + // This test works with two types of 'bad' responses: + // 1. 'Error messages' (the response's status is anything but SUCCESSFUL, + // no information about the certificate itself, no signature); + // 2. 'REVOKED' or 'UNKNOWN' status for a certificate in question. + QFETCH(const int, responseStatus); + QFETCH(const int, certificateStatus); + QFETCH(const QSslError, expectedError); + + QDECLARE_CHAIN(subjectChain, "infbobchain.crt"); + QCOMPARE(subjectChain.size(), 2); + QDECLARE_CHAIN(responderChain, "ca1.crt"); + QDECLARE_PRIVATE_KEY(subjPrivateKey, "infbob.key"); + QDECLARE_PRIVATE_KEY(respPrivateKey, "ca1.key"); + + OcspServer server(subjectChain, subjPrivateKey); + const OcspTimeStamp stamp(-1000, 1000); + OcspResponder builder(stamp, subjectToChain(subjectChain), responderChain, respPrivateKey); + const QByteArray response(builder.buildResponse(responseStatus, certificateStatus)); + QVERIFY(response.size()); + server.configureResponse(response); + QVERIFY(server.listen()); + connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot); + + QSslSocket clientSocket; + setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName()); + clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); + loop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY(!clientSocket.isEncrypted()); + QCOMPARE_SINGLE_ERROR(clientSocket, expectedError.error()); +} + +void tst_QOcsp::multipleSingleResponses() +{ + // We handle a response with more than one SingleResponse as malformed: + const QSslError::SslError expectedError = QSslError::OcspMalformedResponse; + + // Here we use subjectChain only to generate a response, the server + // is configured with the responder chain (it's the same cert after all). + QDECLARE_CHAIN(subjectChain, "ss1.crt"); + QDECLARE_CHAIN(responderChain, "ss1.crt"); + QDECLARE_PRIVATE_KEY(privateKey, "ss1-private.key"); + + // Let's have more than 1 certificate in a chain: + subjectChain.append(subjectChain[0]); + + OcspServer server(responderChain, privateKey); + // Generate a BasicOCSPResponse containing 2 SingleResponses: + const QByteArray response(goodResponse(subjectChain, responderChain, privateKey)); + QVERIFY(response.size()); + server.configureResponse(response); + QVERIFY(server.listen()); + connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot); + + QSslSocket clientSocket; + setupOcspClient(clientSocket, issuerToChain(responderChain), server.peerVerifyName()); + clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); + loop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY(!clientSocket.isEncrypted()); + QCOMPARE_SINGLE_ERROR(clientSocket, expectedError); +} + +void tst_QOcsp::malformedResponse() +{ + QDECLARE_CHAIN(serverChain, "ss1.crt"); + QDECLARE_PRIVATE_KEY(privateKey, "ss1-private.key"); + + OcspServer server(serverChain, privateKey); + // Let's send some arbitrary bytes instead of DER and see what happens next: + server.configureResponse("Sure, you can trust me, this cert was not revoked (I don't say it was issued at all)!"); + QVERIFY(server.listen()); + connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot); + + QSslSocket clientSocket; + setupOcspClient(clientSocket, issuerToChain(serverChain), server.peerVerifyName()); + clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); + loop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY(!clientSocket.isEncrypted()); + QCOMPARE(clientSocket.error(), QAbstractSocket::SslHandshakeFailedError); +} + +void tst_QOcsp::expiredResponse_data() +{ + QTest::addColumn<long>("beforeNow"); + QTest::addColumn<long>("afterNow"); + + QTest::addRow("expired") << -2000L << -1000L; + QTest::addRow("not-valid-yet") << 5000L << 10000L; + QTest::addRow("next-before-this") << -1000L << -2000L; +} + +void tst_QOcsp::expiredResponse() +{ + // We report different kinds of problems with [thisUpdate, nextUpdate] + // as 'expired' (to keep it simple): + const QSslError::SslError expectedError = QSslError::OcspResponseExpired; + + QFETCH(const long, beforeNow); + QFETCH(const long, afterNow); + + QDECLARE_CHAIN(subjectChain, "ss1.crt"); + QDECLARE_CHAIN(responderChain, "ss1.crt"); + QDECLARE_PRIVATE_KEY(privateKey, "ss1-private.key"); + + OcspServer server(subjectChain, privateKey); + const QByteArray response(goodResponse(subjectChain, responderChain, privateKey, beforeNow, afterNow)); + QVERIFY(response.size()); + server.configureResponse(response); + QVERIFY(server.listen()); + connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot); + + QSslSocket clientSocket; + setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName()); + clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); + loop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY(!clientSocket.isEncrypted()); + QCOMPARE_SINGLE_ERROR(clientSocket, expectedError); +} + +void tst_QOcsp::noNextUpdate() +{ + // RFC2560, 2.4: + // "If nextUpdate is not set, the responder is indicating that newer + // revocation information is available all the time." + // + // This test is just to verify that we correctly handle such responses. + QDECLARE_CHAIN(subjectChain, "ss1.crt"); + QDECLARE_CHAIN(responderChain, "ss1.crt"); + QDECLARE_PRIVATE_KEY(privateKey, "ss1-private.key"); + + OcspServer server(subjectChain, privateKey); + OcspTimeStamp openRange(-1000, 0); + openRange.nextUpdate.clear(); + const OcspResponder responder(openRange, subjectChain, responderChain, privateKey); + const QByteArray response(responder.buildResponse(OCSP_RESPONSE_STATUS_SUCCESSFUL, + V_OCSP_CERTSTATUS_GOOD)); + QVERIFY(response.size()); + server.configureResponse(response); + QVERIFY(server.listen()); + connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot); + + QSslSocket clientSocket; + setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName()); + clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); + loop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY_HANDSHAKE_WITHOUT_ERRORS(clientSocket); +} + +void tst_QOcsp::wrongCertificateInResponse_data() +{ + QTest::addColumn<QLatin1String>("respChainName"); + QTest::addColumn<QLatin1String>("respKeyName"); + QTest::addColumn<QLatin1String>("wrongChainName"); + + QTest::addRow("same-CA-wrong-subject") << QLatin1String("ca1.crt") << QLatin1String("ca1.key") + << QLatin1String("alice.crt"); + QTest::addRow("wrong-CA-same-subject") << QLatin1String("ss1.crt") << QLatin1String("ss1-private.key") + << QLatin1String("alice.crt"); + QTest::addRow("wrong-CA-wrong-subject") << QLatin1String("ss1.crt") << QLatin1String("ss1-private.key") + << QLatin1String("ss1.crt"); +} + +void tst_QOcsp::wrongCertificateInResponse() +{ + QFETCH(const QLatin1String, respChainName); + QFETCH(const QLatin1String, respKeyName); + QFETCH(const QLatin1String, wrongChainName); + // In this test, the server will send a valid response (correctly signed + // by a trusted key/cert) but for a wrong certificate (not the one the + // server presented to the client in the server's 'Certificate' message). + const QSslError::SslError expectedError = QSslError::OcspResponseCertIdUnknown; + + QDECLARE_CHAIN(subjectChain, "infbobchain.crt"); + QDECLARE_PRIVATE_KEY(subjectKey, "infbob.key"); + QDECLARE_CHAIN(responderChain, respChainName); + QDECLARE_PRIVATE_KEY(responderKey, respKeyName); + + QDECLARE_CHAIN(wrongChain, wrongChainName); + + OcspServer server(subjectToChain(subjectChain), subjectKey); + const QByteArray wrongResponse(goodResponse(wrongChain, responderChain, responderKey)); + QVERIFY(wrongResponse.size()); + server.configureResponse(wrongResponse); + QVERIFY(server.listen()); + connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot); + + QSslSocket clientSocket; + setupOcspClient(clientSocket, issuerToChain(subjectChain), server.peerVerifyName()); + clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); + loop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY(!clientSocket.isEncrypted()); + QVERIFY(containsError(clientSocket.sslErrors(), expectedError)); +} + +void tst_QOcsp::untrustedResponder() +{ + const QSslError::SslError expectedError = QSslError::OcspResponseCannotBeTrusted; + + QDECLARE_CHAIN(subjectChain, "infbobchain.crt"); + QDECLARE_PRIVATE_KEY(subjectKey, "infbob.key"); + QDECLARE_CHAIN(responderChain, "ca1.crt"); + QDECLARE_PRIVATE_KEY(responderKey, "ca1.key"); + + OcspServer server(subjectChain, subjectKey); + const QByteArray response(goodResponse(subjectToChain(subjectChain), responderChain, responderKey)); + QVERIFY(response.size()); + server.configureResponse(response); + QVERIFY(server.listen()); + connect(&server, &OcspServer::internalServerError, &loop, exitLoopSlot); + + QSslSocket clientSocket; + setupOcspClient(clientSocket, {}, server.peerVerifyName()); + clientSocket.connectToHostEncrypted(server.hostName(), server.serverPort()); + loop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY(!clientSocket.isEncrypted()); + QVERIFY(containsError(clientSocket.sslErrors(), expectedError)); +} + +void tst_QOcsp::setupOcspClient(QSslSocket &clientSocket, const CertificateChain &caCerts, const QString &name) +{ + QSslConfiguration clientConfig = QSslConfiguration::defaultConfiguration(); + clientConfig.setOcspStaplingEnabled(true); + + if (caCerts.size()) { + auto roots = clientConfig.caCertificates(); + roots.append(caCerts); + clientConfig.setCaCertificates(roots); + } + + clientSocket.setSslConfiguration(clientConfig); + clientSocket.setPeerVerifyName(name); + + connect(&clientSocket, socketErrorSignal, &loop, exitLoopSlot); + connect(&clientSocket, tlsErrorsSignal, &loop, exitLoopSlot); + connect(&clientSocket, &QSslSocket::encrypted, &loop, exitLoopSlot); +} + +bool tst_QOcsp::containsOcspErrors(const QList<QSslError> &errorsFound) const +{ + for (auto code : ocspErrorCodes) { + if (containsError(errorsFound, code)) + return true; + } + return false; +} + +bool tst_QOcsp::containsError(const QList<QSslError> &errors, QSslError::SslError code) +{ + const auto it = std::find_if(errors.begin(), errors.end(), + [&code](const QSslError &other){return other.error() == code;}); + return it != errors.end(); +} + +QByteArray tst_QOcsp::goodResponse(const CertificateChain &subject, const CertificateChain &responder, + const QSslKey &privateKey, long beforeNow, long afterNow) +{ + const OcspResponder builder(OcspTimeStamp(beforeNow, afterNow), subject, responder, privateKey); + return builder.buildResponse(OCSP_RESPONSE_STATUS_SUCCESSFUL, V_OCSP_CERTSTATUS_GOOD); +} + +bool tst_QOcsp::loadPrivateKey(const QString &keyFileName, QSslKey &key) +{ + QFile keyFile(certDirPath + keyFileName); + if (!keyFile.open(QIODevice::ReadOnly)) + return false; + key = QSslKey(keyFile.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey); + return !key.isNull(); +} + +CertificateChain tst_QOcsp::issuerToChain(const CertificateChain &chain) +{ + // Here we presume that, if the chain isn't a single self-signed certificate, its second + // entry is the issuer. + const int length = chain.size(); + Q_ASSERT(length > 0); + return CertificateChain() << chain[length > 1 ? 1 : 0]; +} + +CertificateChain tst_QOcsp::subjectToChain(const CertificateChain &chain) +{ + Q_ASSERT(chain.size()); + return CertificateChain() << chain[0]; +} + +QT_END_NAMESPACE + +QTEST_MAIN(tst_QOcsp) + +#include "tst_qocsp.moc" diff --git a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp index 7f8580ddd6..0c8535f2de 100644 --- a/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate.cpp @@ -814,7 +814,7 @@ void tst_QSslCertificate::task256066toPem() void tst_QSslCertificate::nulInCN() { -#if defined(QT_SECURETRANSPORT) || defined(Q_OS_WINRT) +#if QT_CONFIG(securetransport) || defined(Q_OS_WINRT) || QT_CONFIG(schannel) QSKIP("Generic QSslCertificatePrivate fails this test"); #endif QList<QSslCertificate> certList = @@ -833,7 +833,7 @@ void tst_QSslCertificate::nulInCN() void tst_QSslCertificate::nulInSan() { -#if defined(QT_SECURETRANSPORT) || defined(Q_OS_WINRT) +#if QT_CONFIG(securetransport) || defined(Q_OS_WINRT) || QT_CONFIG(schannel) QSKIP("Generic QSslCertificatePrivate fails this test"); #endif QList<QSslCertificate> certList = @@ -968,7 +968,7 @@ void tst_QSslCertificate::subjectAndIssuerAttributes() void tst_QSslCertificate::verify() { -#ifdef QT_SECURETRANSPORT +#if QT_CONFIG(securetransport) QSKIP("Not implemented in SecureTransport"); #endif QList<QSslError> errors; diff --git a/tests/auto/network/ssl/qsslkey/BLACKLIST b/tests/auto/network/ssl/qsslkey/BLACKLIST index c0dfe5eb86..f9bc0af6de 100644 --- a/tests/auto/network/ssl/qsslkey/BLACKLIST +++ b/tests/auto/network/ssl/qsslkey/BLACKLIST @@ -1,2 +1,2 @@ -redhatenterpriselinuxworkstation-6.6 -rhel-7.4 +redhatenterpriselinuxworkstation +rhel diff --git a/tests/auto/network/ssl/qsslkey/keys/dh-pri-1024.der b/tests/auto/network/ssl/qsslkey/keys/dh-pri-1024.der Binary files differnew file mode 100644 index 0000000000..687009e087 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dh-pri-1024.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dh-pri-1024.pem b/tests/auto/network/ssl/qsslkey/keys/dh-pri-1024.pem new file mode 100644 index 0000000000..233e0dfb37 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dh-pri-1024.pem @@ -0,0 +1,9 @@ +-----BEGIN PRIVATE KEY----- +MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAIlk2YX0TJzfQ18ZzZroQoE5Nyjt +bWxWRxBriG/c+JWhBwttVDb6lzLN+GVJxXVPfc6JJmDORVRxdxAlMqu++2Vqpsnl +/H8xIXsxjuTcTjq8sXagGRa0LfeggkUD64tEhO4iZ8Q2TIdb3OHkAF0Sn+06b/0e +iIz323Kywq0CsspTAgECBIGDAoGAQCo39UHP4s2ZVH4nOmWgNlb4JsHPX4EzqDBr +ig46hvMLAFrILYnsCbqqD/+GNAUl1PV/nfEQoAk/HvtACqLFLG5/3jK2w6dVHGEo +JnVOGz9vZpWUx+SCslHJRFaeE+6AAbbvrTr0lci29Ta4IesHlamRsj+ZaUrVX6k/ +/9OTGAo= +-----END PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dh-pri-2048.der b/tests/auto/network/ssl/qsslkey/keys/dh-pri-2048.der Binary files differnew file mode 100644 index 0000000000..e193f25f07 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dh-pri-2048.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dh-pri-2048.pem b/tests/auto/network/ssl/qsslkey/keys/dh-pri-2048.pem new file mode 100644 index 0000000000..32299b2b6c --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dh-pri-2048.pem @@ -0,0 +1,14 @@ +-----BEGIN PRIVATE KEY----- +MIICJgIBADCCARcGCSqGSIb3DQEDATCCAQgCggEBAJsiReJxBjkC7Hy99AJATusq +YsNQHhjoeTLPeHhsBuLtJK18Krk736V09efX6qeAEmvgMQbvbHqtrOaY3q6dut6C +UTGVW+oVg3d/Y8qakkanvEnIlliaTIyWIz0JMjO2prC6AuU/QEzZcQVUS6bxyn3D +iYFxCE6+7cJJpEH9HVbcrl+J6Ch6ax5rQGUyxpSMkmItLJx92upRxOnaxJMHR+ZF +OSdDPfrkINpEzahnhteLszddyLasnE0or6ZnXYLvKsT1Uu6QwDc4EO1FJHScoeep +zsK/VRcXzMpj/1Rl+F9E/AikCqHRrnvISt25wrK0Mwy854P2T7dJlBNewc6vE6MC +AQIEggEEAoIBAGIctO30MoZ9DiuKbOBpqM9rl2bNH/I46GGcfEiSsO/zOw2V9WFC +MxkjF0I1ilDfPY+Ag3bLB2n89DPcfXliYH9MFolehPTc1fWplhX3+ImdC6y95uXO +FV5xtcEQCbPktnUtkUdcAT5831p9lu1QJo+DzMPrQa7axMLj8heBAi4VqAi+8Q31 +dpGKuhCUlgs+pLENx1o0QY2kui6Z5uR0YhmA547lwBWA4XEv5OV9ExmxytiatvOv +PZKT1ID76LrL9bnnZvOEGczWLQvJ9VaaZSpoP+2QisRANWW4w57d+PIR1WR/FTSH +F6xocElUoTzuiSPzRz60aw/KkisImBBKERQ= +-----END PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dh-pri-512.der b/tests/auto/network/ssl/qsslkey/keys/dh-pri-512.der Binary files differnew file mode 100644 index 0000000000..42ddbaaae2 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dh-pri-512.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dh-pri-512.pem b/tests/auto/network/ssl/qsslkey/keys/dh-pri-512.pem new file mode 100644 index 0000000000..d2c3170b16 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dh-pri-512.pem @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIGcAgEAMFMGCSqGSIb3DQEDATBGAkEAvXx0QxJvIGA2ig8Je55R2rmeO4Ta2Esj +ANLuyVIFRbtuLFsdhU+amUc8bs9RUQmkUNzS92jkpAfqtCv+mQ06EwIBAgRCAkBJ +rDM0BTevOPIHpJzMtSQhw3e7Dr38HUfTn8zF3uYi1RCxjkTUukmzRLPTf0aqPgpd +8dSldjG/11aZORl8/mXO +-----END PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dh-pub-1024.der b/tests/auto/network/ssl/qsslkey/keys/dh-pub-1024.der Binary files differnew file mode 100644 index 0000000000..2805a67633 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dh-pub-1024.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dh-pub-1024.pem b/tests/auto/network/ssl/qsslkey/keys/dh-pub-1024.pem new file mode 100644 index 0000000000..da4e327ac9 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dh-pub-1024.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBAIlk2YX0TJzfQ18ZzZroQoE5NyjtbWxW +RxBriG/c+JWhBwttVDb6lzLN+GVJxXVPfc6JJmDORVRxdxAlMqu++2Vqpsnl/H8x +IXsxjuTcTjq8sXagGRa0LfeggkUD64tEhO4iZ8Q2TIdb3OHkAF0Sn+06b/0eiIz3 +23Kywq0CsspTAgECA4GEAAKBgA8pxU1sMDvRWKpvJKNs3jNhZPQWFf4Tszu/cMcb +1qAQ/q0DRb41VvsUoMaCfef/plZleV4MG26owb574AJeC86wX5MbRDTPS4CzAn+I +an92AZl3vlYRQ2sSo3ktkyhw6LV1iewi08Ky7J4rqvG0Oo335QGEZlK1OgwBsyh0 +FKLe +-----END PUBLIC KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dh-pub-2048.der b/tests/auto/network/ssl/qsslkey/keys/dh-pub-2048.der Binary files differnew file mode 100644 index 0000000000..9e749d8a41 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dh-pub-2048.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dh-pub-2048.pem b/tests/auto/network/ssl/qsslkey/keys/dh-pub-2048.pem new file mode 100644 index 0000000000..f751157c87 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dh-pub-2048.pem @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICJDCCARcGCSqGSIb3DQEDATCCAQgCggEBAJsiReJxBjkC7Hy99AJATusqYsNQ +HhjoeTLPeHhsBuLtJK18Krk736V09efX6qeAEmvgMQbvbHqtrOaY3q6dut6CUTGV +W+oVg3d/Y8qakkanvEnIlliaTIyWIz0JMjO2prC6AuU/QEzZcQVUS6bxyn3DiYFx +CE6+7cJJpEH9HVbcrl+J6Ch6ax5rQGUyxpSMkmItLJx92upRxOnaxJMHR+ZFOSdD +PfrkINpEzahnhteLszddyLasnE0or6ZnXYLvKsT1Uu6QwDc4EO1FJHScoeepzsK/ +VRcXzMpj/1Rl+F9E/AikCqHRrnvISt25wrK0Mwy854P2T7dJlBNewc6vE6MCAQID +ggEFAAKCAQAUeWRuqjl7F84USogxJOM1M4y8yKtBYY2KLs5iIVhzV4UZ+9+cMNZA +otLXJ/e8BH0diR0yk7tjxD6hjjqd+nyafIkJGPElDMnTbRPHg5zZYMmI5L/efdSm +OPbM7QsodrYH5aoF4c7hjMb/cttYVG2Yupsy4tfORuDbwL70upqOo6rkVq55eOGS +6pseEume/SD+7e3xIPJTkrMMzBFHG6H7bVHikT4O7yWV1iVzElj919yi+4Zy6TK8 +0hG6l31D5bsJpOduhHYZtN1yQpw+sGT6Yiepkjgt+1YkGFiiRs5vDl4DHeYHyAhL +oH9uKcm3q4lhaOeT5ml765g87qQD6+vr +-----END PUBLIC KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dh-pub-512.der b/tests/auto/network/ssl/qsslkey/keys/dh-pub-512.der Binary files differnew file mode 100644 index 0000000000..8a75babb6d --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dh-pub-512.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dh-pub-512.pem b/tests/auto/network/ssl/qsslkey/keys/dh-pub-512.pem new file mode 100644 index 0000000000..1f4e5c9a47 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dh-pub-512.pem @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGaMFMGCSqGSIb3DQEDATBGAkEAvXx0QxJvIGA2ig8Je55R2rmeO4Ta2EsjANLu +yVIFRbtuLFsdhU+amUc8bs9RUQmkUNzS92jkpAfqtCv+mQ06EwIBAgNDAAJARGBh +9FmRRZZAxBtXZmS8wIgDwWvjB63GQ+E1pDLtZPztvPQ2eqUjTgSuGKV5cDankAV1 +Pkj/IA0Xl+SuFhLLew== +-----END PUBLIC KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/genkeys.sh b/tests/auto/network/ssl/qsslkey/keys/genkeys.sh index 6210b42ab4..0106953bff 100755 --- a/tests/auto/network/ssl/qsslkey/keys/genkeys.sh +++ b/tests/auto/network/ssl/qsslkey/keys/genkeys.sh @@ -88,6 +88,27 @@ do openssl ec -in ec-pri-$size-$curve.pem -pubout -out ec-pub-$size-$curve.der -outform DER done +#--- DH ---------------------------------------------------------------------------- +for size in 512 1024 2048 +do + echo -e "\ngenerating DH parameters to PEM file ..." + openssl dhparam -out dhpar-$size.pem $size + + echo -e "\ngenerating DH private key to PEM file ..." + openssl genpkey -paramfile dhpar-$size.pem -out dh-pri-$size.pem + + /bin/rm dhpar-$size.pem + + echo -e "\ngenerating DH private key to DER file ..." + openssl pkey -in dh-pri-$size.pem -out dh-pri-$size.der -outform DER + + echo -e "\ngenerating DH public key to PEM file ..." + openssl pkey -in dh-pri-$size.pem -pubout -out dh-pub-$size.pem + + echo -e "\ngenerating DH public key to DER file ..." + openssl pkey -in dh-pri-$size.pem -pubout -out dh-pub-$size.der -outform DER +done + #--- PKCS#8 ------------------------------------------------------------------------ # Note: We'll just grab some of the keys generated earlier and convert those # https://www.openssl.org/docs/manmaster/man1/pkcs8.html#PKCS-5-v1.5-and-PKCS-12-algorithms diff --git a/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-aes128.pem b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-aes128.pem new file mode 100644 index 0000000000..1a8751874e --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-aes128.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,A2A6F6BA67CFB2A992BA4FD3A0984B59 + +L5G1mwcXwW30lFty1HaEHlswFXAGk9+qf0TdYYNAAvVrsTMgfMq/6xM5XWo3IgbN +gG4K6T57gQkAywn+upqMHobB+7qc3DRzYlrm89gb74gHOe95l/iUJp4ii+ROLcmY +fg/vNmDSB/D0eM91WfwId7ticYD29+BUbbnqSYyY2S7K7DytYLpXqg3u335GYCdT +JwOsgcgbOICytkgK6c9ZDF3IrkzvWospVuiG5IfpLQkUXlJO3YGJ/oGf1BXnRd/b +kTzUiimUVunX62muHaUXKkAmXS8FCdB0puI+52pzLJ5FHdFxCcnwSG09TmoXbwwa +KoNM+IshNHPBGM7QxflVbSDxDaF1FWLwWSb8+Fhb2fTpfEGMxRCQ8HB1ZeMV4E5W +DSiNhih8ziC0k957ZYv8iuLanoM1YYIdToHeBwjyBJA836eIcq/ElY2QtKUq5PRw ++sU1BdG+f9rf4iAPHpgWZAKFmJ42ya71bEEVAmfysAOPuc4hpn3SsDTtihm9RKc9 +l7LWJHaTnTu6yJA+vMJwAmPWg+IdG5vntbb93X4cgl5ZadBySRtv37wWyQPnQcFh +ytX8z2CJNIFJb0ik8bXc39zOxExoTu/o86IuVJ87jFdS1wz3PRek6dJdl15icx76 +yAT0YB2/ZlRcRrO9hSm0D6P+sLOh//dyhhFAlUrDxqrKngI3KF4kgIrSlva3wmx2 +t16SiUKu6FGQZk6/KYOV27Cy+8UJEqlrNJzy+wSFi26d6e6xWTIR2ItzQCxhYDmq +Tpx0Mh0ml2+bgrKRoDAL5z6UNy0Pc6bYQjvMznIeiuGvL8bAKTDUFwbmrZqNScsl +tW7yNZG9iSJnAZGMTxuOhSvJRpQkxIcLICd+lsUxWZ2YvFxtSORuRNSwaC7oxtTD +gIXV08ayoDbDmcguqTXWuCxtguxNANjhsUOetNHL8iP8QFrzAd5Ith9FgASCIBJJ +3X7vL2YGc3E6DlAJE01loqySU/cnu6/zQapLB9BIzdtoLliwdrJ7PS8FSsBDfZ2X +i6/7gb1jxYkJAS1NqrUMJw6BphRAwF8ny+FtPJ23Oaf+1vRIGiHsh8qw6XBfwFw9 +vtsUUL19r+8zMpvIB6gf34TLuM7AW7idu3c/486EWgZBDL3mOTd3fsyADKv/HCk7 +c8M2dsafxI6QkTlWsB8G5vkZ8lCGKHjrmPWjfD7NXi+CvXIrDY+gOeVN3PlQCU/2 +zF2vIxKtR0CXuxLzIjFhIgTYR5G5ZnddMmHeVkZdPRl7szGtrxOA4QGJQ6ZT4W2e +O1whVU2KB0aBYskhClimapM5ypRkcNQ97cUR6/iNgdgSLqxGHCGeMR9bEyLl7/wr +M0XeDjdVfm/Tj548oHgb0SKLsfL6nnKwqB2viKj81moK9A/wO1Ec9RNaw0jtp2j3 +VIUnPj0GqEjnkHc2jWY2yt4SD6e2AZHwLyWi1q3pixZo1CFiEgFXxwNyYwyeJ6jV +CJHPRzoNjZ8dkvgRjsXdnWwN316JBNVcH8k7CCmg/8Gq3yAojXG1z8VJZ06GHckd +meCL1t89OgwIAmIsysKu7+DrKtSlhkQclZmdG6IrQzuPKaHzTPTDgg3ef3jQ4YQO +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-aes192.pem b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-aes192.pem new file mode 100644 index 0000000000..db74877a5a --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-aes192.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,B408346ADE790F8CF0C902A4F0712B34 + +SwzPBGxmwW2JddOyug1LrWjlZn8siSp5yezjK1x/z2+J2r/vvH8OjGnA387tFtae +WVTmhT1ixQXMDI1UJuKx0gzrG2449c+BUVe2VXFPLZ2ocSgoXbBpVkfhEqtLAn91 +MSOpQMxvobQKltKhxgXGvuBJwhwfT7yK5HamohFGbxLUh4Dh+NBXwoYH4Qt+kM7C +kV8VIKvkr/QAL/SRxNoY8rVResPgYvUjdtiGSNZ6CZhNRu42Q2FqbH817cE0NDsN +il/xvWu4T/6VY1KpwMad/v6BhO45EeKz7YjbF/3Y5jj2JV9r45uf79lM9htMBw0d +L+Cc3YHeFffgU8NZo0+iUoroXcb7mjWNmgYksbkaZPbLG383YXAXwbkQS7zDMVIx +QhXn9w+78hNmEV/7PQ8mGXHEFwnfSR05phXoj8IyL5v0grRMA2dsjfxCgfQjH+kc +Miwr5pD/Flw175OpPFCb2qladdTKoIWiVShspbteoRC0EuiWHzkl5z6Tneyb/sam +yduLmSYD+RA6OBgUPY95Xm4AowlFFsuV/fxYZ53rFf4cZn9Z6VBVmvIEmapV7CtB +JzyIVclocwM0ag5u/esdEt/jndJq9chZlIsDS30y3gP6Rlqk5mj90DAs98l28FVG +WY9jP0babk8mxjYCcnAy7ikUc0D+vJVO6OTmfO3dkGjLpMBM6OlvfhN/0qeXrMDI +nU2qOshUrVna2kRe6FrcvosFTD8wvQ1/BjmCp1iWWsGdc/q1BqI3pgOlgq3TYfl6 +iUJoji3V2iexH+GPkHsrs+kii1clsO2tgIP7doIooSVkcTsRTHHxKeeHn3qL2028 +pTvieIFD/T4biLZ9Q8sX3XWiHNmXZlCx8lX8MDjTavWES8gY4H5Sr6FjRMy1qpZY +5w1aAyJ9YZ0J/jLPmFxt8mWgqHPiPlrQkryBBE3l1MSQ/hCEwlf9dP8a+ayINfd7 +3yNkHKjZ5fuoA+TZUQb/fyVM5o1zJ8ML01PaXWrMEgr3b36QL+Ivo2Rpnp9FpwuH +E405cwCEy5fNSyhHFqqatCbsPl80nkP8OpW6jdWvNy9u0Ap9PS+MbHGq/pfkaazl +fbKGOckrENzEXi6Uj/yY/0sMtbTJuC70n09X3edHyhl/RJPPUoNnwDM5W1FHfS3r +qqSOl/r3y5pEErRdBpR4wEgB7DCLBALGDPfXNAAga4ez/Z2X9Zj234+4ZbUzWoLN +1ER0QYyxLN7oz1qMA15J7nRyRIhDXNlXjyISOqy26T6/d4X0M+6RhNWfT/MHAjJ8 +6ogoGlQUITV3gPO4R6+FGZMF4R6zZXuKVtOXyzRwWnCLfo4gzBHmq+5mmCjGWRq8 +rSSkc6334bYuZOaEoR5EM5sh6ewkjSDPRrKR7EHO02YbiscyT/99TwT5pdIOPK3u +2T6/40fSmCWQyBLuWxV9CMD+rB/q8Ja5KisEseck7PgI2pMmHfiD5yQXhKR9eDrB +sRqZxjgRYxup+/0CIBshL8s1R88xelhXyIKyqFfVudM09yAZxEJLQhpDZ27g45ea +FMX2Ve+ah2NjYBgzAhwKouWg5RyWb6X99NsrCEU75fn/ek86LGs3FxRgB4Uv7Udv +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-aes256.pem b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-aes256.pem new file mode 100644 index 0000000000..3d96b3166e --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-aes256.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,0F2F4695C8FFA35F4076FA0273A3A4E3 + +GCnMcAhhGuNkJ7SSMBrgNOaDfRtG22J0mdf/0VbrMOJF40P13YBjN3Kd6LpTqBya +TCIaxQqtfjH1ffhJk8qhwG7uJFGgcY9i0dkrEYklgThzTVqHp7FsQ2jjgJs5HKpc +euuVD1bxtuc9qI2hq4miA7Z/uDe3M34n+3xcpqccWS1dLFNFZ+fIDwIazfDCu3ah +fUQHDeWLwOqYiQxhUjjrHpZkI1FE2JYZFaf4zIagIIgzI2O+33fgbrTSoeN5meRs +F7V2fhDpyEoIlchwAmp6HE6ngtKP4Ecju00yn99AO42fn097yEVwvGFClQTaIzur +aPEtuKZ4kdc/lmzL2tqNcZckq28ZxpeMq0Fgdcpeg5sDcut811scOjQLFs551On1 +j3E1WfiLoBLKgd9cgmCrZb8hMO+UjcCaV7Jv3T9vDrbvhWs/YhTTwo8UFVplh7Vx +R1h3cKfzlbtOC5WHXGNK5dBu7SnpEk0+pscY5cxTrzN0odjMbbsjZQmKDZXbmZON +USzG3Qtafm6Nw/jwQeIjeqaxSho6xGdadTteGaURw6iGio3h0c6/dHayCsxye4tk +vODa0ZdJASwVh1605qDk9n/iYUT5B46KJCYwO/iN2kUmOcUcZeBqEfV1GfRmepZJ +bwM4sipzE15hOJ5DKSkHWnSlByRMAdSrMxZWraKUczn5frEBAqEFLlBAvf/FnjWa +yZJitgryCI2Y2bww1DEMnTCX345kUQIFmmjbzTIXnM28gW+fR3Br9dCf2FAsLNKr +tru1cYXocPaCUHEqS+XZqVb6BQVQ11YAAde0+x9RknJgsBc9Y7TLobaDBvrV5/nK +T3vm8el08upum6qPTPh6Z0zBbjx4sp6DYT977N1dYeH4n+0JqcSwIeZg/VAdG0RL +GzgZVADpiRlStmy65W95KExBjbO0tRTVk/nB1U1nfLbsswp9EKxXgwtpE/ECeTOi +hzeJBSsXGZ/ZXu/y+NlIu0B/GasFbfrHKslSSrUPTjGEtaEbLNiOEu2Etu3lRcMZ +oDtMxgNR0TUgCS5nte8lLauYYfB6IuxZXpvJdcI5ushqdOJvvYgJ9Yb2ZPlY8Bt5 +C92Ga69aPcMYk24BPpe15eBbXMsFF8RF+CprVoUPCc+PcuROtxdt+rqoqjQeZPmV +WQqq+pT2bychpwD7U5jxQnu4u2m+zeBXyk80euBbwEld9BCgfk9mFj6CdBJSEiGV +qL0ivxd3mDaIKPGd5tcbrOMK2uD7duZY7FrQpAYgryoQJoUHccL7cr9fDC75akHg +AbrG1+vAYEla/y+SlOg5VTHhiuIl17ZGMViXSqh7iqnnD0dNsZ/HDvk3XouhNxQy +RQmfdqyIqLuAcfWwQxCQ2E/oMUIHjNhyYmfLVLVGsfxuevMa1eJv7rZ5vIkD2Vpe +4VveZkNDSpCCNqnvub8+bMW+UXyzbxEZbK5PLkRp7cvtKdA5CUbTlT4060IV0YZ1 +vfMtzXRw8JDD9c1F1WF14afk+y9kvZN88XOH12bSKj+Re06Xx7OzuYU8fclq/pZB +UZVtRETFnLgb8neMuz3vCoPWK/DSHDZGAAicxq7vTljyoU/QP71Dw7UJIAuYx6Mc +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp index ddfe52c5e4..f94756ed73 100644 --- a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp +++ b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp @@ -30,6 +30,7 @@ #include <QtTest/QtTest> #include <qsslkey.h> #include <qsslsocket.h> +#include <QScopeGuard> #include <QtNetwork/qhostaddress.h> #include <QtNetwork/qnetworkproxy.h> @@ -63,7 +64,7 @@ class tst_QSslKey : public QObject QList<KeyInfo> keyInfoList; - void createPlainTestRows(bool filter = false, QSsl::EncodingFormat format = QSsl::EncodingFormat::Pem); + void createPlainTestRows(bool pemOnly = false); public slots: void initTestCase(); @@ -111,13 +112,14 @@ void tst_QSslKey::initTestCase() QDir dir(testDataDir + "keys"); const QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable); - QRegExp rx(QLatin1String("^(rsa|dsa|ec)-(pub|pri)-(\\d+)-?[\\w-]*\\.(pem|der)$")); + QRegExp rx(QLatin1String("^(rsa|dsa|dh|ec)-(pub|pri)-(\\d+)-?[\\w-]*\\.(pem|der)$")); for (const QFileInfo &fileInfo : fileInfoList) { if (rx.indexIn(fileInfo.fileName()) >= 0) { keyInfoList << KeyInfo( fileInfo, rx.cap(1) == QLatin1String("rsa") ? QSsl::Rsa : - (rx.cap(1) == QLatin1String("dsa") ? QSsl::Dsa : QSsl::Ec), + rx.cap(1) == QLatin1String("dsa") ? QSsl::Dsa : + rx.cap(1) == QLatin1String("dh") ? QSsl::Dh : QSsl::Ec, rx.cap(2) == QLatin1String("pub") ? QSsl::PublicKey : QSsl::PrivateKey, rx.cap(3).toInt(), rx.cap(4) == QLatin1String("pem") ? QSsl::Pem : QSsl::Der); @@ -154,7 +156,7 @@ Q_DECLARE_METATYPE(QSsl::KeyAlgorithm) Q_DECLARE_METATYPE(QSsl::KeyType) Q_DECLARE_METATYPE(QSsl::EncodingFormat) -void tst_QSslKey::createPlainTestRows(bool filter, QSsl::EncodingFormat format) +void tst_QSslKey::createPlainTestRows(bool pemOnly) { QTest::addColumn<QString>("absFilePath"); QTest::addColumn<QSsl::KeyAlgorithm>("algorithm"); @@ -162,11 +164,11 @@ void tst_QSslKey::createPlainTestRows(bool filter, QSsl::EncodingFormat format) QTest::addColumn<int>("length"); QTest::addColumn<QSsl::EncodingFormat>("format"); foreach (KeyInfo keyInfo, keyInfoList) { - if (filter && keyInfo.format != format) + if (pemOnly && keyInfo.format != QSsl::EncodingFormat::Pem) continue; -#ifdef Q_OS_WINRT +#if defined(Q_OS_WINRT) || QT_CONFIG(schannel) if (keyInfo.fileInfo.fileName().contains("RC2-64")) - continue; // WinRT treats RC2 as 128 bit + continue; // WinRT/Schannel treats RC2 as 128 bit #endif #if !defined(QT_NO_SSL) && defined(QT_NO_OPENSSL) // generic backend if (keyInfo.fileInfo.fileName().contains(QRegularExpression("-aes\\d\\d\\d-"))) @@ -232,15 +234,50 @@ void tst_QSslKey::constructorHandle() QByteArray passphrase; if (QByteArray(QTest::currentDataTag()).contains("-pkcs8-")) passphrase = "1234"; + BIO* bio = q_BIO_new(q_BIO_s_mem()); q_BIO_write(bio, pem.constData(), pem.length()); - QSslKey key(func(bio, nullptr, nullptr, static_cast<void *>(passphrase.data())), type); + EVP_PKEY *origin = func(bio, nullptr, nullptr, static_cast<void *>(passphrase.data())); +#if QT_CONFIG(opensslv11) + q_EVP_PKEY_up_ref(origin); +#endif + QSslKey key(origin, type); +#if !QT_CONFIG(opensslv11) + q_BIO_write(bio, pem.constData(), pem.length()); + origin = func(bio, nullptr, nullptr, static_cast<void *>(passphrase.data())); +#endif q_BIO_free(bio); + EVP_PKEY *handle = q_EVP_PKEY_new(); + switch (algorithm) { + case QSsl::Rsa: + q_EVP_PKEY_set1_RSA(handle, static_cast<RSA *>(key.handle())); + break; + case QSsl::Dsa: + q_EVP_PKEY_set1_DSA(handle, static_cast<DSA *>(key.handle())); + break; + case QSsl::Dh: + q_EVP_PKEY_set1_DH(handle, static_cast<DH *>(key.handle())); + break; +#ifndef OPENSSL_NO_EC + case QSsl::Ec: + q_EVP_PKEY_set1_EC_KEY(handle, static_cast<EC_KEY *>(key.handle())); + break; +#endif + default: + break; + } + + auto cleanup = qScopeGuard([origin, handle] { + q_EVP_PKEY_free(origin); + q_EVP_PKEY_free(handle); + }); + QVERIFY(!key.isNull()); QCOMPARE(key.algorithm(), algorithm); QCOMPARE(key.type(), type); QCOMPARE(key.length(), length); + QCOMPARE(q_EVP_PKEY_cmp(origin, handle), 1); #endif } @@ -429,15 +466,25 @@ void tst_QSslKey::toEncryptedPemOrDer() void tst_QSslKey::passphraseChecks_data() { QTest::addColumn<QString>("fileName"); - - QTest::newRow("DES") << (testDataDir + "rsa-with-passphrase-des.pem"); - QTest::newRow("3DES") << (testDataDir + "rsa-with-passphrase-3des.pem"); - QTest::newRow("RC2") << (testDataDir + "rsa-with-passphrase-rc2.pem"); + QTest::addColumn<QByteArray>("passphrase"); + + const QByteArray pass("123"); + const QByteArray aesPass("1234"); + + QTest::newRow("DES") << QString(testDataDir + "rsa-with-passphrase-des.pem") << pass; + QTest::newRow("3DES") << QString(testDataDir + "rsa-with-passphrase-3des.pem") << pass; + QTest::newRow("RC2") << QString(testDataDir + "rsa-with-passphrase-rc2.pem") << pass; +#if (!defined(QT_NO_OPENSSL) && !defined(OPENSSL_NO_AES)) || (defined(QT_NO_OPENSSL) && QT_CONFIG(ssl)) + QTest::newRow("AES128") << QString(testDataDir + "rsa-with-passphrase-aes128.pem") << aesPass; + QTest::newRow("AES192") << QString(testDataDir + "rsa-with-passphrase-aes192.pem") << aesPass; + QTest::newRow("AES256") << QString(testDataDir + "rsa-with-passphrase-aes256.pem") << aesPass; +#endif // (OpenSSL && AES) || generic backend } void tst_QSslKey::passphraseChecks() { QFETCH(QString, fileName); + QFETCH(QByteArray, passphrase); QFile keyFile(fileName); QVERIFY(keyFile.exists()); @@ -470,7 +517,7 @@ void tst_QSslKey::passphraseChecks() keyFile.open(QIODevice::ReadOnly); else keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "123"); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, passphrase); QVERIFY(!key.isNull()); // correct passphrase } } @@ -515,79 +562,135 @@ void tst_QSslKey::encrypt_data() QTest::addColumn<QByteArray>("key"); QTest::addColumn<QByteArray>("plainText"); QTest::addColumn<QByteArray>("cipherText"); + QTest::addColumn<QByteArray>("iv"); + QByteArray iv("abcdefgh"); QTest::newRow("DES-CBC, length 0") << QSslKeyPrivate::DesCbc << QByteArray("01234567") << QByteArray() - << QByteArray::fromHex("956585228BAF9B1F"); + << QByteArray::fromHex("956585228BAF9B1F") + << iv; QTest::newRow("DES-CBC, length 1") << QSslKeyPrivate::DesCbc << QByteArray("01234567") << QByteArray(1, 'a') - << QByteArray::fromHex("E6880AF202BA3C12"); + << QByteArray::fromHex("E6880AF202BA3C12") + << iv; QTest::newRow("DES-CBC, length 2") << QSslKeyPrivate::DesCbc << QByteArray("01234567") << QByteArray(2, 'a') - << QByteArray::fromHex("A82492386EED6026"); + << QByteArray::fromHex("A82492386EED6026") + << iv; QTest::newRow("DES-CBC, length 3") << QSslKeyPrivate::DesCbc << QByteArray("01234567") << QByteArray(3, 'a') - << QByteArray::fromHex("90B76D5B79519CBA"); + << QByteArray::fromHex("90B76D5B79519CBA") + << iv; QTest::newRow("DES-CBC, length 4") << QSslKeyPrivate::DesCbc << QByteArray("01234567") << QByteArray(4, 'a') - << QByteArray::fromHex("63E3DD6FED87052A"); + << QByteArray::fromHex("63E3DD6FED87052A") + << iv; QTest::newRow("DES-CBC, length 5") << QSslKeyPrivate::DesCbc << QByteArray("01234567") << QByteArray(5, 'a') - << QByteArray::fromHex("03ACDB0EACBDFA94"); + << QByteArray::fromHex("03ACDB0EACBDFA94") + << iv; QTest::newRow("DES-CBC, length 6") << QSslKeyPrivate::DesCbc << QByteArray("01234567") << QByteArray(6, 'a') - << QByteArray::fromHex("7D95024E42A3A88A"); + << QByteArray::fromHex("7D95024E42A3A88A") + << iv; QTest::newRow("DES-CBC, length 7") << QSslKeyPrivate::DesCbc << QByteArray("01234567") << QByteArray(7, 'a') - << QByteArray::fromHex("5003436B8A8E42E9"); + << QByteArray::fromHex("5003436B8A8E42E9") + << iv; QTest::newRow("DES-CBC, length 8") << QSslKeyPrivate::DesCbc << QByteArray("01234567") << QByteArray(8, 'a') - << QByteArray::fromHex("E4C1F054BF5521C0A4A0FD4A2BC6C1B1"); + << QByteArray::fromHex("E4C1F054BF5521C0A4A0FD4A2BC6C1B1") + << iv; QTest::newRow("DES-EDE3-CBC, length 0") << QSslKeyPrivate::DesEde3Cbc << QByteArray("0123456789abcdefghijklmn") << QByteArray() - << QByteArray::fromHex("3B2B4CD0B0FD495F"); + << QByteArray::fromHex("3B2B4CD0B0FD495F") + << iv; QTest::newRow("DES-EDE3-CBC, length 8") << QSslKeyPrivate::DesEde3Cbc << QByteArray("0123456789abcdefghijklmn") << QByteArray(8, 'a') - << QByteArray::fromHex("F2A5A87763C54A72A3224103D90CDB03"); + << QByteArray::fromHex("F2A5A87763C54A72A3224103D90CDB03") + << iv; QTest::newRow("RC2-40-CBC, length 0") << QSslKeyPrivate::Rc2Cbc << QByteArray("01234") << QByteArray() - << QByteArray::fromHex("6D05D52392FF6E7A"); + << QByteArray::fromHex("6D05D52392FF6E7A") + << iv; QTest::newRow("RC2-40-CBC, length 8") << QSslKeyPrivate::Rc2Cbc << QByteArray("01234") << QByteArray(8, 'a') - << QByteArray::fromHex("75768E64C5749072A5D168F3AFEB0005"); + << QByteArray::fromHex("75768E64C5749072A5D168F3AFEB0005") + << iv; QTest::newRow("RC2-64-CBC, length 0") << QSslKeyPrivate::Rc2Cbc << QByteArray("01234567") << QByteArray() - << QByteArray::fromHex("ADAE6BF70F420130"); + << QByteArray::fromHex("ADAE6BF70F420130") + << iv; QTest::newRow("RC2-64-CBC, length 8") << QSslKeyPrivate::Rc2Cbc << QByteArray("01234567") << QByteArray(8, 'a') - << QByteArray::fromHex("C7BF5C80AFBE9FBEFBBB9FD935F6D0DF"); + << QByteArray::fromHex("C7BF5C80AFBE9FBEFBBB9FD935F6D0DF") + << iv; QTest::newRow("RC2-128-CBC, length 0") << QSslKeyPrivate::Rc2Cbc << QByteArray("012345679abcdefg") << QByteArray() - << QByteArray::fromHex("1E965D483A13C8FB"); + << QByteArray::fromHex("1E965D483A13C8FB") + << iv; QTest::newRow("RC2-128-CBC, length 8") << QSslKeyPrivate::Rc2Cbc << QByteArray("012345679abcdefg") << QByteArray(8, 'a') - << QByteArray::fromHex("5AEC1A5B295660B02613454232F7DECE"); + << QByteArray::fromHex("5AEC1A5B295660B02613454232F7DECE") + << iv; + +#if (!defined(QT_NO_OPENSSL) && !defined(OPENSSL_NO_AES)) || (defined(QT_NO_OPENSSL) && QT_CONFIG(ssl)) + // AES needs a longer IV + iv = QByteArray("abcdefghijklmnop"); + QTest::newRow("AES-128-CBC, length 0") + << QSslKeyPrivate::Aes128Cbc << QByteArray("012345679abcdefg") + << QByteArray() + << QByteArray::fromHex("28DE1A9AA26601C30DD2527407121D1A") + << iv; + QTest::newRow("AES-128-CBC, length 8") + << QSslKeyPrivate::Aes128Cbc << QByteArray("012345679abcdefg") + << QByteArray(8, 'a') + << QByteArray::fromHex("08E880B1BA916F061C1E801D7F44D0EC") + << iv; + + QTest::newRow("AES-192-CBC, length 0") + << QSslKeyPrivate::Aes192Cbc << QByteArray("0123456789abcdefghijklmn") + << QByteArray() + << QByteArray::fromHex("E169E0E205CDC2BA895B7CF6097673B1") + << iv; + QTest::newRow("AES-192-CBC, length 8") + << QSslKeyPrivate::Aes192Cbc << QByteArray("0123456789abcdefghijklmn") + << QByteArray(8, 'a') + << QByteArray::fromHex("3A227D6A3A13237316D30AA17FF9B0A7") + << iv; + + QTest::newRow("AES-256-CBC, length 0") + << QSslKeyPrivate::Aes256Cbc << QByteArray("0123456789abcdefghijklmnopqrstuv") + << QByteArray() + << QByteArray::fromHex("4BAACAA0D22199C97DE206C465B7B14A") + << iv; + QTest::newRow("AES-256-CBC, length 8") + << QSslKeyPrivate::Aes256Cbc << QByteArray("0123456789abcdefghijklmnopqrstuv") + << QByteArray(8, 'a') + << QByteArray::fromHex("879C8C25EC135CDF0B14490A0A7C2F67") + << iv; +#endif // (OpenSSL && AES) || generic backend } void tst_QSslKey::encrypt() @@ -596,13 +699,13 @@ void tst_QSslKey::encrypt() QFETCH(QByteArray, key); QFETCH(QByteArray, plainText); QFETCH(QByteArray, cipherText); - QByteArray iv("abcdefgh"); + QFETCH(QByteArray, iv); -#ifdef Q_OS_WINRT - QEXPECT_FAIL("RC2-40-CBC, length 0", "WinRT treats RC2 as 128-bit", Abort); - QEXPECT_FAIL("RC2-40-CBC, length 8", "WinRT treats RC2 as 128-bit", Abort); - QEXPECT_FAIL("RC2-64-CBC, length 0", "WinRT treats RC2 as 128-bit", Abort); - QEXPECT_FAIL("RC2-64-CBC, length 8", "WinRT treats RC2 as 128-bit", Abort); +#if defined(Q_OS_WINRT) || QT_CONFIG(schannel) + QEXPECT_FAIL("RC2-40-CBC, length 0", "WinRT/Schannel treats RC2 as 128-bit", Abort); + QEXPECT_FAIL("RC2-40-CBC, length 8", "WinRT/Schannel treats RC2 as 128-bit", Abort); + QEXPECT_FAIL("RC2-64-CBC, length 0", "WinRT/Schannel treats RC2 as 128-bit", Abort); + QEXPECT_FAIL("RC2-64-CBC, length 8", "WinRT/Schannel treats RC2 as 128-bit", Abort); #endif QByteArray encrypted = QSslKeyPrivate::encrypt(cipher, plainText, key, iv); QCOMPARE(encrypted, cipherText); diff --git a/tests/auto/network/ssl/qsslsocket/BLACKLIST b/tests/auto/network/ssl/qsslsocket/BLACKLIST index 8e1a55995e..555822d1e6 100644 --- a/tests/auto/network/ssl/qsslsocket/BLACKLIST +++ b/tests/auto/network/ssl/qsslsocket/BLACKLIST @@ -1 +1,7 @@ windows +[connectToHostEncrypted] +osx-10.13 +[setSslConfiguration] +osx-10.13 +[connectToHostEncryptedWithVerificationPeerName] +osx-10.13 diff --git a/tests/auto/network/ssl/qsslsocket/certs/127-0-0-1-as-CN.crt b/tests/auto/network/ssl/qsslsocket/certs/127-0-0-1-as-CN.crt new file mode 100644 index 0000000000..2253469392 --- /dev/null +++ b/tests/auto/network/ssl/qsslsocket/certs/127-0-0-1-as-CN.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/jCCAeagAwIBAgIJALBykhTMGxyEMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV +BAMMCTEyNy4wLjAuMTAeFw0xOTAxMjUyMjU5NDFaFw0xOTAyMjQyMjU5NDFaMBQx +EjAQBgNVBAMMCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALMEo10Xd6e5ot4Rg99VejDV/WNdAhY6+2Ilzuc+1XdzDpEQCuqWY2hAGX9m +QXyFSR+UcpJWoUFUtJLsArXgRnxT+seHuemrLZGZOkDStUhKNpxfwOmhIT+sLocw +qXCwNf9oG4//3evGwGqJhLDpGUhTNVCAMaalb1yrcXskYEkWdelzCTMzoirVvbS2 +6PH3kE+WPaBehMFruLtp+v7btnVIA305DwFy4CLq+HHFq59BbxRWxhRSkfXM8w+d +g05P3VNpEb8Apn4rQ+n/xRz7oZs0Aou4GZG5JAgiLOibbVBK+xnD/UW/txeFWfRZ +1dzIi4yAKkdwIhPAg+pP1G6tgZMCAwEAAaNTMFEwHQYDVR0OBBYEFNGZZgb9dbVY +FKkkoQp/oAQ2/B51MB8GA1UdIwQYMBaAFNGZZgb9dbVYFKkkoQp/oAQ2/B51MA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFvHy0RE96TDw6Q2pfCY +aMz/X8dMAEMz5XqC7ImcztVg6VTRHpiw+QFQGqCLwNNuwkD9/pZ3IgVzSbRQw3oW +HO7wD30NFl17LQMONBdcmR9FO5ruBh8G0Q1tmeKNtuwjzF3LAkj/J3tAn6eVmHi5 +75WEK/vQgy9XElN6EC6TgC/4B5/DPdZuEMdL7AP8ADLq9UVf8JC9c4QjU9G1Ce2R +PzNwkhkLvtLlcxFcXciuc+oGhLENoJ2ZYHctT/ReOuBoRWEwIB1AeCWxitxjBZ6t +lmZ+UewuzJ7y1X5maQZr7w3o8f6DwqwYrmMd45tS6jkHHAJlaCs/yCfVnLBwZ1l4 +NeM= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslsocket/certs/qt-test-server-cert.pem b/tests/auto/network/ssl/qsslsocket/certs/qt-test-server-cert.pem new file mode 100644 index 0000000000..43c8794ce2 --- /dev/null +++ b/tests/auto/network/ssl/qsslsocket/certs/qt-test-server-cert.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIClTCCAf4CCQC2xMhNhwvATDANBgkqhkiG9w0BAQQFADCBjjELMAkGA1UEChMC +UXQxGTAXBgNVBAsTEENvcmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5v +Ym9keS5xdC5pbzENMAsGA1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UE +BhMCTk8xHDAaBgNVBAMUEyoudGVzdC1uZXQucXQubG9jYWwwHhcNMTgwNzAxMTgz +NjI3WhcNNDgwNjIzMTgzNjI3WjCBjjELMAkGA1UEChMCUXQxGTAXBgNVBAsTEENv +cmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5vYm9keS5xdC5pbzENMAsG +A1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UEBhMCTk8xHDAaBgNVBAMU +EyoudGVzdC1uZXQucXQubG9jYWwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AM2q22/WNMmn8cC+5EEYGeICySLmp9W6Ay6eKHr0Xxp3X3epETuPfvAuxp7rOtkS +18EMUegkUj8jw0IMEcbyHKFC/rTCaYOt93CxGBXMIChiMPAsFeYzGa/D6xzAkfcR +aJRQ+Ek3CDLXPnXfo7xpABXezYcPXAJrgsgBfWrwHdxzAgMBAAEwDQYJKoZIhvcN +AQEEBQADgYEAZu/lQPy8PXeyyYGamOVms/FZKJ48BH1y8KC3BeBU5FYnhvgG7pz8 +Wz9JKvt2t/r45wQeAkNL6HnGUBhPJsHMjPHl5KktqN+db3D+FQygBeS2V1+zmC0X +UZNRE4aWiHvt1Lq+pTx89SOMOpfqWfh4qTQKiE5jC2V4DeCNQ3u7uI8= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslsocket/certs/subjectAltNameIP.crt b/tests/auto/network/ssl/qsslsocket/certs/subjectAltNameIP.crt new file mode 100644 index 0000000000..1377fbbabb --- /dev/null +++ b/tests/auto/network/ssl/qsslsocket/certs/subjectAltNameIP.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgIURWaTvdnvU+Y+gPSONs61cMCH8JUwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLZXhhbXBsZS5vcmcwHhcNMTkwMTA4MTExMDMxWhcNMTkw +MjA3MTExMDMxWjAWMRQwEgYDVQQDDAtleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALf0qv9vl8RqvDHpEWfjum7DMrY8qrQnD77C/9f/ +Jl0Jo4UZiSBr1OYYVbiWJyodw8LpQQsKE+fQCo2STb5X9BldJpwpQvvVi6ygxdzN +erJnB15G7xhUkGzDI2xhIJw3e6NGqf1PMB4CTNna6eN2cKYAxPfsWo5Pyh1YtU4s +5h+B3+43ol32ccBiRo4YXagbYMELjspEf0AvObvMWSxZQoBHcJ5JGEApxcgvFu8i +FBSALVy1IrYE3gXAv8TB0AK7IpuNIL48v5JXCA6JOGYbXFljj6aLFTzfrV3lzhQ0 +kqBVnQNqVfOUQNUhNT93bnEWVf911j/af5zuFtmr1kbMzucCAwEAAaN2MHQwHQYD +VR0OBBYEFHZOtGQHV3roaj3nlQ1XRU0O+05TMB8GA1UdIwQYMBaAFHZOtGQHV3ro +aj3nlQ1XRU0O+05TMA8GA1UdEwEB/wQFMAMBAf8wIQYDVR0RBBowGIcEwAUIEIcQ +/oAAAAAAAAA8KS+h3UQHZTANBgkqhkiG9w0BAQsFAAOCAQEAcvqvtUSJ2JM3rrWj +XjCOhosKY/cow4oDAVdn8AvI/Z4FJfcQZ1vA+ZM533/TaJStG4ThfjyX9t1Ej08M +UzP4ZUyXJTv8o6C6j5e9ggEwo/cFp1iWP+xr2SXLJ2cabnu8db5FN5J75HjNsuVs +PM95LYY9VlTm9W7JxMwkPEIG+wH5zu6Hj45UAAamwwjOKT1hJYumxdmLAp1oyG1p +u86b8iVUjiHG+K6qr4hAKXhuSXE1s/pYqcn1feyk2SbkKvGFR6ad+gmdT4ZaiNYT +nL8+t2wim/fRkV0CNdWrrJpWtLzjPq1al7g2eIopdLufSlqanouVpnzwuKGN5QC/ +MuDohA== +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslsocket/qsslsocket.pro b/tests/auto/network/ssl/qsslsocket/qsslsocket.pro index 1260dc9410..03fbe89002 100644 --- a/tests/auto/network/ssl/qsslsocket/qsslsocket.pro +++ b/tests/auto/network/ssl/qsslsocket/qsslsocket.pro @@ -18,3 +18,10 @@ TESTDATA += certs DEFINES += SRCDIR=\\\"$$PWD/\\\" requires(qtConfig(private_tests)) + +# DOCKERTODO: it's 'linux' because it requires cyrus, which +# is linux-only for now ... +linux { + QT_TEST_SERVER_LIST = squid danted cyrus apache2 echo + include($$dirname(_QMAKE_CONF_)/tests/auto/testserver.pri) +} diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 72b5d06dd5..7912063bc8 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -74,6 +74,16 @@ typedef QSharedPointer<QSslSocket> QSslSocketPtr; #endif #endif // QT_NO_SSL +// Detect ALPN (Application-Layer Protocol Negotiation) support +#undef ALPN_SUPPORTED // Undef the variable first to be safe +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) +#define ALPN_SUPPORTED 1 +#endif + +#if QT_CONFIG(schannel) && !defined(Q_CC_MINGW) +#define ALPN_SUPPORTED 1 +#endif + #if defined Q_OS_HPUX && defined Q_CC_GNU // This error is delivered every time we try to use the fluke CA // certificate. For now we work around this bug. Task 202317. @@ -233,18 +243,22 @@ private slots: void verifyClientCertificate(); void readBufferMaxSize(); + void allowedProtocolNegotiation(); + #ifndef QT_NO_OPENSSL void simplePskConnect_data(); void simplePskConnect(); void ephemeralServerKey_data(); void ephemeralServerKey(); - void allowedProtocolNegotiation(); void pskServer(); void forwardReadChannelFinished(); void signatureAlgorithm_data(); void signatureAlgorithm(); #endif + void disabledProtocols_data(); + void disabledProtocols(); + void setEmptyDefaultConfiguration(); // this test should be last protected slots: @@ -296,6 +310,21 @@ Q_DECLARE_METATYPE(tst_QSslSocket::PskConnectTestType) int tst_QSslSocket::loopLevel = 0; +namespace { + +QString httpServerCertChainPath() +{ + // DOCKERTODO: note how we use CA certificate on the real server. The docker container + // is using a different cert with a "special" CN. Check if it's important! +#ifdef QT_TEST_SERVER + return tst_QSslSocket::testDataDir + QStringLiteral("certs/qt-test-server-cert.pem"); +#else + return tst_QSslSocket::testDataDir + QStringLiteral("certs/qt-test-server-cacert.pem"); +#endif // QT_TEST_SERVER +} + +} // unnamed namespace + tst_QSslSocket::tst_QSslSocket() { #ifndef QT_NO_SSL @@ -349,8 +378,19 @@ void tst_QSslSocket::initTestCase() qDebug("Using SSL library %s (%ld)", qPrintable(QSslSocket::sslLibraryVersionString()), QSslSocket::sslLibraryVersionNumber()); +#ifdef QT_TEST_SERVER + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1080)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1081)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3128)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3129)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3130)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpServerName(), 443)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::imapServerName(), 993)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::echoServerName(), 13)); +#else QVERIFY(QtNetworkSettings::verifyTestNetworkSettings()); -#endif +#endif // QT_TEST_SERVER +#endif // QT_NO_SSL } void tst_QSslSocket::init() @@ -359,28 +399,29 @@ void tst_QSslSocket::init() if (setProxy) { #ifndef QT_NO_NETWORKPROXY QFETCH_GLOBAL(int, proxyType); - QString fluke = QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString(); + const QString socksProxyAddr = QtNetworkSettings::socksProxyServerIp().toString(); + const QString httpProxyAddr = QtNetworkSettings::httpProxyServerIp().toString(); QNetworkProxy proxy; switch (proxyType) { case Socks5Proxy: - proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, fluke, 1080); + proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, socksProxyAddr, 1080); break; case Socks5Proxy | AuthBasic: - proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, fluke, 1081); + proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, socksProxyAddr, 1081); break; case HttpProxy | NoAuth: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3128); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, httpProxyAddr, 3128); break; case HttpProxy | AuthBasic: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3129); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, httpProxyAddr, 3129); break; case HttpProxy | AuthNtlm: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3130); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, httpProxyAddr, 3130); break; } QNetworkProxy::setApplicationProxy(proxy); @@ -541,7 +582,7 @@ void tst_QSslSocket::simpleConnect() connect(&socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(exitLoop())); // Start connecting - socket.connectToHost(QtNetworkSettings::serverName(), 993); + socket.connectToHost(QtNetworkSettings::imapServerName(), 993); QCOMPARE(socket.state(), QAbstractSocket::HostLookupState); enterLoop(10); @@ -596,7 +637,7 @@ void tst_QSslSocket::simpleConnectWithIgnore() connect(&socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(exitLoop())); // Start connecting - socket.connectToHost(QtNetworkSettings::serverName(), 993); + socket.connectToHost(QtNetworkSettings::imapServerName(), 993); QVERIFY(socket.state() != QAbstractSocket::UnconnectedState); // something must be in progress enterLoop(10); @@ -628,7 +669,7 @@ void tst_QSslSocket::sslErrors_data() QString name = QtNetworkSettings::serverLocalName(); QTest::newRow(qPrintable(name)) << name << 993; - name = QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString(); + name = QtNetworkSettings::httpServerIp().toString(); QTest::newRow(qPrintable(name)) << name << 443; } @@ -638,10 +679,27 @@ void tst_QSslSocket::sslErrors() QFETCH(int, port); QSslSocketPtr socket = newSocket(); +#if QT_CONFIG(schannel) + // Needs to be < 1.2 because of the old certificate and <= 1.0 because of the mail server + socket->setProtocol(QSsl::SslProtocol::TlsV1_0); +#endif QSignalSpy sslErrorsSpy(socket.data(), SIGNAL(sslErrors(QList<QSslError>))); QSignalSpy peerVerifyErrorSpy(socket.data(), SIGNAL(peerVerifyError(QSslError))); - socket->connectToHostEncrypted(host, port); +#ifdef QT_TEST_SERVER + // On the old test server we had the same certificate on different services. + // The idea of this test is to fail with 'HostNameMismatch', when we're using + // either serverLocalName() or IP address directly. With Docker we connect + // to IMAP server, and we have to connect using imapServerName() and passing + // 'host' as peerVerificationName to the overload of connectToHostEncrypted(). + if (port == 993) { + socket->connectToHostEncrypted(QtNetworkSettings::imapServerName(), port, host); + } else +#endif // QT_TEST_SERVER + { + socket->connectToHostEncrypted(host, port); + } + if (!socket->waitForConnected()) QSKIP("Skipping flaky test - See QTBUG-29941"); socket->waitForEncrypted(10000); @@ -717,14 +775,17 @@ void tst_QSslSocket::connectToHostEncrypted() return; QSslSocketPtr socket = newSocket(); +#if QT_CONFIG(schannel) // old certificate not supported with TLS 1.2 + socket->setProtocol(QSsl::SslProtocol::TlsV1_1); +#endif this->socket = socket.data(); - QVERIFY(socket->addCaCertificates(testDataDir + "certs/qt-test-server-cacert.pem")); + QVERIFY(socket->addCaCertificates(httpServerCertChainPath())); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(untrustedWorkaroundSlot(QList<QSslError>))); #endif - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); // This should pass unconditionally when using fluke's CA certificate. // or use untrusted certificate workaround @@ -737,7 +798,7 @@ void tst_QSslSocket::connectToHostEncrypted() QCOMPARE(socket->mode(), QSslSocket::SslClientMode); - socket->connectToHost(QtNetworkSettings::serverName(), 13); + socket->connectToHost(QtNetworkSettings::echoServerName(), 13); QCOMPARE(socket->mode(), QSslSocket::UnencryptedMode); @@ -750,16 +811,23 @@ void tst_QSslSocket::connectToHostEncryptedWithVerificationPeerName() return; QSslSocketPtr socket = newSocket(); +#if QT_CONFIG(schannel) // old certificate not supported with TLS 1.2 + socket->setProtocol(QSsl::SslProtocol::TlsV1_1); +#endif this->socket = socket.data(); - socket->addCaCertificates(testDataDir + "certs/qt-test-server-cacert.pem"); + socket->addCaCertificates(httpServerCertChainPath()); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(untrustedWorkaroundSlot(QList<QSslError>))); #endif - // connect to the server with its local name, but use the full name for verification. - socket->connectToHostEncrypted(QtNetworkSettings::serverLocalName(), 443, QtNetworkSettings::serverName()); +#ifdef QT_TEST_SERVER + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443, QtNetworkSettings::httpServerName()); +#else + // Connect to the server with its local name, but use the full name for verification. + socket->connectToHostEncrypted(QtNetworkSettings::serverLocalName(), 443, QtNetworkSettings::httpServerName()); +#endif // This should pass unconditionally when using fluke's CA certificate. QFETCH_GLOBAL(bool, setProxy); @@ -781,7 +849,7 @@ void tst_QSslSocket::sessionCipher() this->socket = socket.data(); connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); QVERIFY(socket->sessionCipher().isNull()); - socket->connectToHost(QtNetworkSettings::serverName(), 443 /* https */); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443 /* https */); QVERIFY2(socket->waitForConnected(10000), qPrintable(socket->errorString())); QVERIFY(socket->sessionCipher().isNull()); socket->startClientEncryption(); @@ -816,12 +884,12 @@ void tst_QSslSocket::localCertificate() // values. This test should just run the codepath inside qsslsocket_openssl.cpp QSslSocketPtr socket = newSocket(); - QList<QSslCertificate> localCert = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + QList<QSslCertificate> localCert = QSslCertificate::fromPath(httpServerCertChainPath()); socket->setCaCertificates(localCert); socket->setLocalCertificate(testDataDir + "certs/fluke.cert"); socket->setPrivateKey(testDataDir + "certs/fluke.key"); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QFETCH_GLOBAL(bool, setProxy); if (setProxy && !socket->waitForEncrypted(10000)) QSKIP("Skipping flaky test - See QTBUG-29941"); @@ -844,8 +912,7 @@ void tst_QSslSocket::peerCertificateChain() QSslSocketPtr socket = newSocket(); this->socket = socket.data(); - - QList<QSslCertificate> caCertificates = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + QList<QSslCertificate> caCertificates = QSslCertificate::fromPath(httpServerCertChainPath()); QCOMPARE(caCertificates.count(), 1); socket->addCaCertificates(caCertificates); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND @@ -853,7 +920,7 @@ void tst_QSslSocket::peerCertificateChain() this, SLOT(untrustedWorkaroundSlot(QList<QSslError>))); #endif - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QCOMPARE(socket->mode(), QSslSocket::UnencryptedMode); QVERIFY(socket->peerCertificateChain().isEmpty()); QFETCH_GLOBAL(bool, setProxy); @@ -882,7 +949,7 @@ void tst_QSslSocket::peerCertificateChain() QVERIFY(socket->waitForDisconnected()); // now do it again back to the original server - socket->connectToHost(QtNetworkSettings::serverName(), 443); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QCOMPARE(socket->mode(), QSslSocket::UnencryptedMode); QVERIFY(socket->peerCertificateChain().isEmpty()); QVERIFY2(socket->waitForConnected(10000), qPrintable(socket->errorString())); @@ -921,13 +988,13 @@ void tst_QSslSocket::privateKeyOpaque() // values. This test should just run the codepath inside qsslsocket_openssl.cpp QSslSocketPtr socket = newSocket(); - QList<QSslCertificate> localCert = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + QList<QSslCertificate> localCert = QSslCertificate::fromPath(httpServerCertChainPath()); socket->setCaCertificates(localCert); socket->setLocalCertificate(testDataDir + "certs/fluke.cert"); socket->setPrivateKey(QSslKey(reinterpret_cast<Qt::HANDLE>(pkey))); socket->setPeerVerifyMode(QSslSocket::QueryPeer); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QFETCH_GLOBAL(bool, setProxy); if (setProxy && !socket->waitForEncrypted(10000)) QSKIP("Skipping flaky test - See QTBUG-29941"); @@ -941,7 +1008,7 @@ void tst_QSslSocket::protocol() QSslSocketPtr socket = newSocket(); this->socket = socket.data(); - QList<QSslCertificate> certs = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + QList<QSslCertificate> certs = QSslCertificate::fromPath(httpServerCertChainPath()); socket->setCaCertificates(certs); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND @@ -952,34 +1019,16 @@ void tst_QSslSocket::protocol() QCOMPARE(socket->protocol(), QSsl::SecureProtocols); QFETCH_GLOBAL(bool, setProxy); { - // qt-test-server allows SSLv3. - socket->setProtocol(QSsl::SslV3); - QCOMPARE(socket->protocol(), QSsl::SslV3); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); - if (setProxy && !socket->waitForEncrypted()) - QSKIP("Skipping flaky test - See QTBUG-29941"); - QCOMPARE(socket->protocol(), QSsl::SslV3); - socket->abort(); - QCOMPARE(socket->protocol(), QSsl::SslV3); - socket->connectToHost(QtNetworkSettings::serverName(), 443); - QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); - socket->startClientEncryption(); - if (setProxy && !socket->waitForEncrypted()) - QSKIP("Skipping flaky test - See QTBUG-29941"); - QCOMPARE(socket->protocol(), QSsl::SslV3); - socket->abort(); - } - { // qt-test-server allows TLSV1. socket->setProtocol(QSsl::TlsV1_0); QCOMPARE(socket->protocol(), QSsl::TlsV1_0); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); QCOMPARE(socket->protocol(), QSsl::TlsV1_0); socket->abort(); QCOMPARE(socket->protocol(), QSsl::TlsV1_0); - socket->connectToHost(QtNetworkSettings::serverName(), 443); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); if (setProxy && !socket->waitForEncrypted()) @@ -992,13 +1041,13 @@ void tst_QSslSocket::protocol() // qt-test-server probably doesn't allow TLSV1.1 socket->setProtocol(QSsl::TlsV1_1); QCOMPARE(socket->protocol(), QSsl::TlsV1_1); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); QCOMPARE(socket->protocol(), QSsl::TlsV1_1); socket->abort(); QCOMPARE(socket->protocol(), QSsl::TlsV1_1); - socket->connectToHost(QtNetworkSettings::serverName(), 443); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); if (setProxy && !socket->waitForEncrypted()) @@ -1010,13 +1059,13 @@ void tst_QSslSocket::protocol() // qt-test-server probably doesn't allows TLSV1.2 socket->setProtocol(QSsl::TlsV1_2); QCOMPARE(socket->protocol(), QSsl::TlsV1_2); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); QCOMPARE(socket->protocol(), QSsl::TlsV1_2); socket->abort(); QCOMPARE(socket->protocol(), QSsl::TlsV1_2); - socket->connectToHost(QtNetworkSettings::serverName(), 443); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); if (setProxy && !socket->waitForEncrypted()) @@ -1025,37 +1074,37 @@ void tst_QSslSocket::protocol() socket->abort(); } #endif -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) +#ifdef TLS1_3_VERSION { - // qt-test-server allows SSLV2. - socket->setProtocol(QSsl::SslV2); - QCOMPARE(socket->protocol(), QSsl::SslV2); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + // qt-test-server probably doesn't allow TLSV1.3 + socket->setProtocol(QSsl::TlsV1_3); + QCOMPARE(socket->protocol(), QSsl::TlsV1_3); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) - QSKIP("Skipping flaky test - See QTBUG-29941"); - QCOMPARE(socket->protocol(), QSsl::SslV2); + QSKIP("TLS 1.3 is not supported by the test server or the test is flaky - see QTBUG-29941"); + QCOMPARE(socket->protocol(), QSsl::TlsV1_3); socket->abort(); - QCOMPARE(socket->protocol(), QSsl::SslV2); - socket->connectToHost(QtNetworkSettings::serverName(), 443); - if (setProxy && !socket->waitForConnected()) - QSKIP("Skipping flaky test - See QTBUG-29941"); + QCOMPARE(socket->protocol(), QSsl::TlsV1_3); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); + QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); if (setProxy && !socket->waitForEncrypted()) - QSKIP("Skipping flaky test - See QTBUG-29941"); + QSKIP("TLS 1.3 is not supported by the test server or the test is flaky - see QTBUG-29941"); + QCOMPARE(socket->sessionProtocol(), QSsl::TlsV1_3); socket->abort(); } -#endif +#endif // TLS1_3_VERSION { // qt-test-server allows SSLV3, so it allows AnyProtocol. socket->setProtocol(QSsl::AnyProtocol); QCOMPARE(socket->protocol(), QSsl::AnyProtocol); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); QCOMPARE(socket->protocol(), QSsl::AnyProtocol); socket->abort(); QCOMPARE(socket->protocol(), QSsl::AnyProtocol); - socket->connectToHost(QtNetworkSettings::serverName(), 443); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); if (setProxy && !socket->waitForEncrypted()) @@ -1064,16 +1113,16 @@ void tst_QSslSocket::protocol() socket->abort(); } { - // qt-test-server allows SSLV3, so it allows NoSslV2 + // qt-test-server allows TlsV1, so it allows TlsV1SslV3 socket->setProtocol(QSsl::TlsV1SslV3); QCOMPARE(socket->protocol(), QSsl::TlsV1SslV3); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); QCOMPARE(socket->protocol(), QSsl::TlsV1SslV3); socket->abort(); QCOMPARE(socket->protocol(), QSsl::TlsV1SslV3); - socket->connectToHost(QtNetworkSettings::serverName(), 443); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForConnected()) QSKIP("Skipping flaky test - See QTBUG-29941"); socket->startClientEncryption(); @@ -1187,119 +1236,50 @@ void tst_QSslSocket::protocolServerSide_data() QTest::addColumn<QSsl::SslProtocol>("clientProtocol"); QTest::addColumn<bool>("works"); -#if QT_CONFIG(opensslv11) -#if !defined(OPENSSL_NO_SSL2) - // OpenSSL 1.1 has removed SSL2 support. But there is no OPENSSL_NO_SSL2 macro ... -#define OPENSSL_NO_SSL2 -#endif // OPENSSL_NO_SSL2 -#endif // opensslv11 - -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) - QTest::newRow("ssl2-ssl2") << QSsl::SslV2 << QSsl::SslV2 << false; // no idea why it does not work, but we don't care about SSL 2 -#endif -#if !defined(OPENSSL_NO_SSL3) - QTest::newRow("ssl3-ssl3") << QSsl::SslV3 << QSsl::SslV3 << true; -#endif QTest::newRow("tls1.0-tls1.0") << QSsl::TlsV1_0 << QSsl::TlsV1_0 << true; QTest::newRow("tls1ssl3-tls1ssl3") << QSsl::TlsV1SslV3 << QSsl::TlsV1SslV3 << true; QTest::newRow("any-any") << QSsl::AnyProtocol << QSsl::AnyProtocol << true; QTest::newRow("secure-secure") << QSsl::SecureProtocols << QSsl::SecureProtocols << true; -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) - QTest::newRow("ssl2-ssl3") << QSsl::SslV2 << QSsl::SslV3 << false; - QTest::newRow("ssl2-tls1.0") << QSsl::SslV2 << QSsl::TlsV1_0 << false; - QTest::newRow("ssl2-tls1ssl3") << QSsl::SslV2 << QSsl::TlsV1SslV3 << false; - QTest::newRow("ssl2-secure") << QSsl::SslV2 << QSsl::SecureProtocols << false; - QTest::newRow("ssl2-any") << QSsl::SslV2 << QSsl::AnyProtocol << false; // no idea why it does not work, but we don't care about SSL 2 -#endif - -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) && !defined(OPENSSL_NO_SSL3) - QTest::newRow("ssl3-ssl2") << QSsl::SslV3 << QSsl::SslV2 << false; -#endif -#if !defined(OPENSSL_NO_SSL3) - QTest::newRow("ssl3-tls1.0") << QSsl::SslV3 << QSsl::TlsV1_0 << false; - QTest::newRow("ssl3-tls1ssl3") << QSsl::SslV3 << QSsl::TlsV1SslV3 << true; - QTest::newRow("ssl3-secure") << QSsl::SslV3 << QSsl::SecureProtocols << false; -#endif -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) && !defined(OPENSSL_NO_SSL3) - QTest::newRow("ssl3-any") << QSsl::SslV3 << QSsl::AnyProtocol << false; // we won't set a SNI header here because we connect to a - // numerical IP, so OpenSSL will send a SSL 2 handshake -#elif !defined(OPENSSL_NO_SSL3) - QTest::newRow("ssl3-any") << QSsl::SslV3 << QSsl::AnyProtocol << true; -#endif - -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) - QTest::newRow("tls1.0-ssl2") << QSsl::TlsV1_0 << QSsl::SslV2 << false; -#endif -#if !defined(OPENSSL_NO_SSL3) - QTest::newRow("tls1.0-ssl3") << QSsl::TlsV1_0 << QSsl::SslV3 << false; -#endif QTest::newRow("tls1-tls1ssl3") << QSsl::TlsV1_0 << QSsl::TlsV1SslV3 << true; QTest::newRow("tls1.0-secure") << QSsl::TlsV1_0 << QSsl::SecureProtocols << true; -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) - QTest::newRow("tls1.0-any") << QSsl::TlsV1_0 << QSsl::AnyProtocol << false; // we won't set a SNI header here because we connect to a - // numerical IP, so OpenSSL will send a SSL 2 handshake -#else QTest::newRow("tls1.0-any") << QSsl::TlsV1_0 << QSsl::AnyProtocol << true; -#endif -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) - QTest::newRow("tls1ssl3-ssl2") << QSsl::TlsV1SslV3 << QSsl::SslV2 << false; -#endif -#if !defined(OPENSSL_NO_SSL3) - QTest::newRow("tls1ssl3-ssl3") << QSsl::TlsV1SslV3 << QSsl::SslV3 << true; -#endif QTest::newRow("tls1ssl3-tls1.0") << QSsl::TlsV1SslV3 << QSsl::TlsV1_0 << true; QTest::newRow("tls1ssl3-secure") << QSsl::TlsV1SslV3 << QSsl::SecureProtocols << true; QTest::newRow("tls1ssl3-any") << QSsl::TlsV1SslV3 << QSsl::AnyProtocol << true; -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) - QTest::newRow("secure-ssl2") << QSsl::SecureProtocols << QSsl::SslV2 << false; -#endif -#if !defined(OPENSSL_NO_SSL3) - QTest::newRow("secure-ssl3") << QSsl::SecureProtocols << QSsl::SslV3 << false; -#endif QTest::newRow("secure-tls1.0") << QSsl::SecureProtocols << QSsl::TlsV1_0 << true; QTest::newRow("secure-tls1ssl3") << QSsl::SecureProtocols << QSsl::TlsV1SslV3 << true; QTest::newRow("secure-any") << QSsl::SecureProtocols << QSsl::AnyProtocol << true; -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) - QTest::newRow("any-ssl2") << QSsl::AnyProtocol << QSsl::SslV2 << false; // no idea why it does not work, but we don't care about SSL 2 -#endif -#if !defined(OPENSSL_NO_SSL3) - QTest::newRow("any-ssl3") << QSsl::AnyProtocol << QSsl::SslV3 << true; -#endif - -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) - QTest::newRow("tls1.0orlater-ssl2") << QSsl::TlsV1_0OrLater << QSsl::SslV2 << false; -#endif -#if !defined(OPENSSL_NO_SSL3) - QTest::newRow("tls1.0orlater-ssl3") << QSsl::TlsV1_0OrLater << QSsl::SslV3 << false; -#endif QTest::newRow("tls1.0orlater-tls1.0") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_0 << true; QTest::newRow("tls1.0orlater-tls1.1") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_1 << true; QTest::newRow("tls1.0orlater-tls1.2") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_2 << true; - -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) - QTest::newRow("tls1.1orlater-ssl2") << QSsl::TlsV1_1OrLater << QSsl::SslV2 << false; -#endif -#if !defined(OPENSSL_NO_SSL3) - QTest::newRow("tls1.1orlater-ssl3") << QSsl::TlsV1_1OrLater << QSsl::SslV3 << false; +#ifdef TLS1_3_VERSION + QTest::newRow("tls1.0orlater-tls1.3") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_3 << true; #endif QTest::newRow("tls1.1orlater-tls1.0") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_0 << false; QTest::newRow("tls1.1orlater-tls1.1") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_1 << true; QTest::newRow("tls1.1orlater-tls1.2") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_2 << true; -#if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) - QTest::newRow("tls1.2orlater-ssl2") << QSsl::TlsV1_2OrLater << QSsl::SslV2 << false; -#endif -#if !defined(OPENSSL_NO_SSL3) - QTest::newRow("tls1.2orlater-ssl3") << QSsl::TlsV1_2OrLater << QSsl::SslV3 << false; +#ifdef TLS1_3_VERSION + QTest::newRow("tls1.1orlater-tls1.3") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_3 << true; #endif + QTest::newRow("tls1.2orlater-tls1.0") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_0 << false; QTest::newRow("tls1.2orlater-tls1.1") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_1 << false; QTest::newRow("tls1.2orlater-tls1.2") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_2 << true; +#ifdef TLS1_3_VERSION + QTest::newRow("tls1.2orlater-tls1.3") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_3 << true; +#endif +#ifdef TLS1_3_VERSION + QTest::newRow("tls1.3orlater-tls1.0") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_0 << false; + QTest::newRow("tls1.3orlater-tls1.1") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_1 << false; + QTest::newRow("tls1.3orlater-tls1.2") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_2 << false; + QTest::newRow("tls1.3orlater-tls1.3") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_3 << true; +#endif // TLS1_3_VERSION QTest::newRow("any-tls1.0") << QSsl::AnyProtocol << QSsl::TlsV1_0 << true; QTest::newRow("any-tls1ssl3") << QSsl::AnyProtocol << QSsl::TlsV1SslV3 << true; @@ -1343,13 +1323,19 @@ void tst_QSslSocket::protocolServerSide() QAbstractSocket::SocketState expectedState = (works) ? QAbstractSocket::ConnectedState : QAbstractSocket::UnconnectedState; // Determine whether the client or the server caused the event loop // to quit due to a socket error, and investigate the culprit. - if (server.socket->error() != QAbstractSocket::UnknownSocketError) { + if (client.error() != QAbstractSocket::UnknownSocketError) { + // It can happen that the client, after TCP connection established, before + // incomingConnection() slot fired, hits TLS initialization error and stops + // the loop, so the server socket is not created yet. + if (server.socket) + QVERIFY(server.socket->error() == QAbstractSocket::UnknownSocketError); + + QCOMPARE(client.state(), expectedState); + } else if (server.socket->error() != QAbstractSocket::UnknownSocketError) { QVERIFY(client.error() == QAbstractSocket::UnknownSocketError); QCOMPARE(server.socket->state(), expectedState); - } else if (client.error() != QAbstractSocket::UnknownSocketError) { - QVERIFY(server.socket->error() == QAbstractSocket::UnknownSocketError); - QCOMPARE(client.state(), expectedState); } + QCOMPARE(client.isEncrypted(), works); } @@ -1491,6 +1477,11 @@ void tst_QSslSocket::setLocalCertificateChain() loop.exec(); QList<QSslCertificate> chain = socket->peerCertificateChain(); +#if QT_CONFIG(schannel) + QEXPECT_FAIL("", "Schannel cannot send intermediate certificates not " + "located in a system certificate store", + Abort); +#endif QCOMPARE(chain.size(), 2); QCOMPARE(chain[0].serialNumber(), QByteArray("10:a0:ad:77:58:f6:6e:ae:46:93:a3:43:f9:59:8a:9e")); QCOMPARE(chain[1].serialNumber(), QByteArray("3b:eb:99:c5:ea:d8:0b:5d:0b:97:5d:4f:06:75:4b:e1")); @@ -1543,7 +1534,7 @@ void tst_QSslSocket::setSslConfiguration_data() QTest::newRow("empty") << QSslConfiguration() << false; QSslConfiguration conf = QSslConfiguration::defaultConfiguration(); QTest::newRow("default") << conf << false; // does not contain test server cert - QList<QSslCertificate> testServerCert = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + QList<QSslCertificate> testServerCert = QSslCertificate::fromPath(httpServerCertChainPath()); conf.setCaCertificates(testServerCert); QTest::newRow("set-root-cert") << conf << true; conf.setProtocol(QSsl::SecureProtocols); @@ -1558,8 +1549,11 @@ void tst_QSslSocket::setSslConfiguration() QSslSocketPtr socket = newSocket(); QFETCH(QSslConfiguration, configuration); socket->setSslConfiguration(configuration); +#if QT_CONFIG(schannel) // old certificate not supported with TLS 1.2 + socket->setProtocol(QSsl::SslProtocol::TlsV1_1); +#endif this->socket = socket.data(); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QFETCH(bool, works); QFETCH_GLOBAL(bool, setProxy); if (setProxy && (socket->waitForEncrypted(10000) != works)) @@ -1579,7 +1573,7 @@ void tst_QSslSocket::waitForEncrypted() this->socket = socket.data(); connect(this->socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QFETCH_GLOBAL(bool, setProxy); if (setProxy && !socket->waitForEncrypted(10000)) @@ -1598,7 +1592,7 @@ void tst_QSslSocket::waitForEncryptedMinusOne() this->socket = socket.data(); connect(this->socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QFETCH_GLOBAL(bool, setProxy); if (setProxy && !socket->waitForEncrypted(-1)) @@ -1614,7 +1608,7 @@ void tst_QSslSocket::waitForConnectedEncryptedReadyRead() this->socket = socket.data(); connect(this->socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 993); + socket->connectToHostEncrypted(QtNetworkSettings::imapServerName(), 993); QVERIFY2(socket->waitForConnected(10000), qPrintable(socket->errorString())); QFETCH_GLOBAL(bool, setProxy); @@ -1646,7 +1640,7 @@ void tst_QSslSocket::addDefaultCaCertificate() // Reset the global CA chain QSslSocket::setDefaultCaCertificates(QSslSocket::systemCaCertificates()); - QList<QSslCertificate> flukeCerts = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + QList<QSslCertificate> flukeCerts = QSslCertificate::fromPath(httpServerCertChainPath()); QCOMPARE(flukeCerts.size(), 1); QList<QSslCertificate> globalCerts = QSslSocket::defaultCaCertificates(); QVERIFY(!globalCerts.contains(flukeCerts.first())); @@ -1770,6 +1764,25 @@ void tst_QSslSocket::isMatchingHostname() QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("foo.foo.xn--schufele-2za.de")), false); QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("www.schaufele.de")), false); QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("www.schufele.de")), false); + + /* Generated with the following command (only valid with openssl >= 1.1.1 due to "-addext"): + openssl req -x509 -nodes -subj "/CN=example.org" \ + -addext "subjectAltName = IP:192.5.8.16, IP:fe80::3c29:2fa1:dd44:765" \ + -newkey rsa:2048 -keyout /dev/null -out subjectAltNameIP.crt + */ + certs = QSslCertificate::fromPath(testDataDir + "certs/subjectAltNameIP.crt"); + QVERIFY(!certs.isEmpty()); + cert = certs.first(); + QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("192.5.8.16")), true); + QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("fe80::3c29:2fa1:dd44:765")), true); + + /* openssl req -x509 -nodes -new -newkey rsa -keyout /dev/null -out 127-0-0-1-as-CN.crt \ + -subj "/CN=127.0.0.1" + */ + certs = QSslCertificate::fromPath(testDataDir + "certs/127-0-0-1-as-CN.crt"); + QVERIFY(!certs.isEmpty()); + cert = certs.first(); + QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("127.0.0.1")), true); } void tst_QSslSocket::wildcard() @@ -1998,7 +2011,7 @@ void tst_QSslSocket::setReadBufferSize_task_250027() QSslSocketPtr socket = newSocket(); socket->setReadBufferSize(1000); // limit to 1 kb/sec socket->ignoreSslErrors(); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); socket->ignoreSslErrors(); QVERIFY2(socket->waitForConnected(10*1000), qPrintable(socket->errorString())); if (setProxy && !socket->waitForEncrypted(10*1000)) @@ -2011,7 +2024,7 @@ void tst_QSslSocket::setReadBufferSize_task_250027() // provoke a response by sending a request socket->write("GET /qtest/fluke.gif HTTP/1.0\n"); // this file is 27 KB socket->write("Host: "); - socket->write(QtNetworkSettings::serverName().toLocal8Bit().constData()); + socket->write(QtNetworkSettings::httpServerName().toLocal8Bit().constData()); socket->write("\n"); socket->write("Connection: close\n"); socket->write("\n"); @@ -2126,7 +2139,7 @@ protected: // delayed reading data QTest::qSleep(100); - if (!socket->waitForReadyRead(2000)) + if (!socket->waitForReadyRead(2000) && socket->bytesAvailable() == 0) return; // error socket->readAll(); dataReadSemaphore.release(); @@ -2197,7 +2210,7 @@ void tst_QSslSocket::waitForMinusOne() socket.write("How are you doing?"); QVERIFY(socket.bytesToWrite() != 0); QVERIFY(socket.waitForBytesWritten(-1)); - QVERIFY(server.dataReadSemaphore.tryAcquire(1, 2000)); + QVERIFY(server.dataReadSemaphore.tryAcquire(1, 2500)); // third verification: it should wait for 100 ms: QVERIFY(socket.waitForReadyRead(-1)); @@ -2252,6 +2265,9 @@ void tst_QSslSocket::verifyMode() return; QSslSocket socket; +#if QT_CONFIG(schannel) // old certificate not supported with TLS 1.2 + socket.setProtocol(QSsl::SslProtocol::TlsV1_1); +#endif QCOMPARE(socket.peerVerifyMode(), QSslSocket::AutoVerifyPeer); socket.setPeerVerifyMode(QSslSocket::VerifyNone); QCOMPARE(socket.peerVerifyMode(), QSslSocket::VerifyNone); @@ -2259,7 +2275,7 @@ void tst_QSslSocket::verifyMode() socket.setPeerVerifyMode(QSslSocket::VerifyPeer); QCOMPARE(socket.peerVerifyMode(), QSslSocket::VerifyPeer); - socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (socket.waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); @@ -2298,7 +2314,7 @@ void tst_QSslSocket::verifyDepth() void tst_QSslSocket::disconnectFromHostWhenConnecting() { QSslSocketPtr socket = newSocket(); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 993); + socket->connectToHostEncrypted(QtNetworkSettings::imapServerName(), 993); socket->ignoreSslErrors(); socket->write("XXXX LOGOUT\r\n"); QAbstractSocket::SocketState state = socket->state(); @@ -2327,7 +2343,7 @@ void tst_QSslSocket::disconnectFromHostWhenConnecting() void tst_QSslSocket::disconnectFromHostWhenConnected() { QSslSocketPtr socket = newSocket(); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 993); + socket->connectToHostEncrypted(QtNetworkSettings::imapServerName(), 993); socket->ignoreSslErrors(); if (!socket->waitForEncrypted(5000)) QSKIP("Skipping flaky test - See QTBUG-29941"); @@ -2414,13 +2430,13 @@ void tst_QSslSocket::resetProxy() // make sure the connection works, and then set a nonsense proxy, and then // make sure it does not work anymore QSslSocket socket; - socket.addCaCertificates(testDataDir + "certs/qt-test-server-cacert.pem"); + socket.addCaCertificates(httpServerCertChainPath()); socket.setProxy(goodProxy); - socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket.waitForConnected(10000), qPrintable(socket.errorString())); socket.abort(); socket.setProxy(badProxy); - socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QVERIFY(! socket.waitForConnected(10000)); // don't forget to login @@ -2433,13 +2449,13 @@ void tst_QSslSocket::resetProxy() // set the nonsense proxy and make sure the connection does not work, // and then set the right proxy and make sure it works QSslSocket socket2; - socket2.addCaCertificates(testDataDir + "certs/qt-test-server-cacert.pem"); + socket2.addCaCertificates(httpServerCertChainPath()); socket2.setProxy(badProxy); - socket2.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket2.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QVERIFY(! socket2.waitForConnected(10000)); socket2.abort(); socket2.setProxy(goodProxy); - socket2.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket2.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket2.waitForConnected(10000), qPrintable(socket.errorString())); #endif // QT_NO_NETWORKPROXY } @@ -2452,7 +2468,7 @@ void tst_QSslSocket::ignoreSslErrorsList_data() // construct the list of errors that we will get with the SSL handshake and that we will ignore QList<QSslError> expectedSslErrors; // fromPath gives us a list of certs, but it actually only contains one - QList<QSslCertificate> certs = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + QList<QSslCertificate> certs = QSslCertificate::fromPath(httpServerCertChainPath()); QSslError rightError(FLUKE_CERTIFICATE_ERROR, certs.at(0)); QSslError wrongError(FLUKE_CERTIFICATE_ERROR); @@ -2483,7 +2499,7 @@ void tst_QSslSocket::ignoreSslErrorsList() QFETCH(int, expectedSslErrorSignalCount); QSignalSpy sslErrorsSpy(&socket, SIGNAL(error(QAbstractSocket::SocketError))); - socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); bool expectEncryptionSuccess = (expectedSslErrorSignalCount == 0); if (socket.waitForEncrypted(10000) != expectEncryptionSuccess) @@ -2514,7 +2530,7 @@ void tst_QSslSocket::ignoreSslErrorsListWithSlot() this, SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*))); connect(&socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorListSlot(QList<QSslError>))); - socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QFETCH(int, expectedSslErrorSignalCount); bool expectEncryptionSuccess = (expectedSslErrorSignalCount == 0); @@ -2552,15 +2568,18 @@ void tst_QSslSocket::abortOnSslErrors() void tst_QSslSocket::readFromClosedSocket() { QSslSocketPtr socket = newSocket(); +#if QT_CONFIG(schannel) // old certificate not supported with TLS 1.2 + socket->setProtocol(QSsl::SslProtocol::TlsV1_1); +#endif socket->ignoreSslErrors(); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); socket->ignoreSslErrors(); socket->waitForConnected(); socket->waitForEncrypted(); // provoke a response by sending a request socket->write("GET /qtest/fluke.gif HTTP/1.1\n"); socket->write("Host: "); - socket->write(QtNetworkSettings::serverName().toLocal8Bit().constData()); + socket->write(QtNetworkSettings::httpServerName().toLocal8Bit().constData()); socket->write("\n"); socket->write("\n"); socket->waitForBytesWritten(); @@ -2584,7 +2603,7 @@ void tst_QSslSocket::writeBigChunk() this->socket = socket.data(); connect(this->socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QByteArray data; data.resize(1024*1024*10); // 10 MB @@ -2743,7 +2762,9 @@ void tst_QSslSocket::resume_data() QTest::newRow("DoNotIgnoreErrors") << false << QList<QSslError>() << false; QTest::newRow("ignoreAllErrors") << true << QList<QSslError>() << true; - QList<QSslCertificate> certs = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + // Note, httpServerCertChainPath() it's ... because we use the same certificate on + // different services. We'll be actually connecting to IMAP server. + QList<QSslCertificate> certs = QSslCertificate::fromPath(httpServerCertChainPath()); QSslError rightError(FLUKE_CERTIFICATE_ERROR, certs.at(0)); QSslError wrongError(FLUKE_CERTIFICATE_ERROR); errorsList.append(wrongError); @@ -2776,7 +2797,7 @@ void tst_QSslSocket::resume() this, SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*))); connect(&socket, SIGNAL(error(QAbstractSocket::SocketError)), &QTestEventLoop::instance(), SLOT(exitLoop())); - socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 993); + socket.connectToHostEncrypted(QtNetworkSettings::imapServerName(), 993); QTestEventLoop::instance().enterLoop(10); QFETCH_GLOBAL(bool, setProxy); if (setProxy && QTestEventLoop::instance().timeout()) @@ -3279,14 +3300,14 @@ void tst_QSslSocket::verifyClientCertificate_data() void tst_QSslSocket::verifyClientCertificate() { -#ifdef QT_SECURETRANSPORT +#if QT_CONFIG(securetransport) // We run both client and server on the same machine, // this means, client can update keychain with client's certificates, // and server later will use the same certificates from the same // keychain thus making tests fail (wrong number of certificates, // success instead of failure etc.). QSKIP("This test can not work with Secure Transport"); -#endif +#endif // QT_CONFIG(securetransport) #ifdef Q_OS_WINRT QSKIP("Server-side encryption is not implemented on WinRT."); #endif @@ -3300,6 +3321,11 @@ void tst_QSslSocket::verifyClientCertificate() return; QFETCH(QSslSocket::PeerVerifyMode, peerVerifyMode); +#if QT_CONFIG(schannel) + if (peerVerifyMode == QSslSocket::QueryPeer || peerVerifyMode == QSslSocket::AutoVerifyPeer) + QSKIP("Schannel doesn't tackle requesting a certificate and not receiving one."); +#endif + SslServer server; server.addCaCertificates = testDataDir + "certs/bogus-ca.crt"; server.ignoreSslErrors = false; @@ -3330,6 +3356,14 @@ void tst_QSslSocket::verifyClientCertificate() // check server socket QVERIFY(server.socket); +#if QT_CONFIG(schannel) + // As additional info to the QEXPECT_FAIL below: + // This is because schannel treats it as an error (client side) if you don't have a certificate + // when asked for one. + QEXPECT_FAIL("NoCert:VerifyPeer", + "The client disconnects first, which causes the event " + "loop to quit before the server disconnects.", Continue); +#endif QCOMPARE(server.socket->state(), expectedState); QCOMPARE(server.socket->isEncrypted(), works); @@ -3338,6 +3372,13 @@ void tst_QSslSocket::verifyClientCertificate() QVERIFY(server.socket->peerCertificateChain().isEmpty()); } else { QCOMPARE(server.socket->peerCertificate(), clientCerts.first()); +#if QT_CONFIG(schannel) + if (clientCerts.count() == 1 && server.socket->peerCertificateChain().count() == 2) { + QEXPECT_FAIL("", + "Schannel includes the entire chain, not just the leaf and intermediates", + Continue); + } +#endif QCOMPARE(server.socket->peerCertificateChain(), clientCerts); } @@ -3348,7 +3389,7 @@ void tst_QSslSocket::verifyClientCertificate() void tst_QSslSocket::readBufferMaxSize() { -#ifdef QT_SECURETRANSPORT +#if QT_CONFIG(securetransport) || QT_CONFIG(schannel) // QTBUG-55170: // SecureTransport back-end was ignoring read-buffer // size limit, resulting (potentially) in a constantly @@ -3405,7 +3446,7 @@ void tst_QSslSocket::readBufferMaxSize() QCOMPARE(client->bytesAvailable() + readSoFar, message.size()); #else // Not needed, QSslSocket works correctly with other back-ends. -#endif +#endif // QT_CONFIG(securetransport) || QT_CONFIG(schannel) } void tst_QSslSocket::setEmptyDefaultConfiguration() // this test should be last, as it has some side effects @@ -3422,12 +3463,57 @@ void tst_QSslSocket::setEmptyDefaultConfiguration() // this test should be last, socket = client.data(); connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QFETCH_GLOBAL(bool, setProxy); if (setProxy && socket->waitForEncrypted(4000)) QSKIP("Skipping flaky test - See QTBUG-29941"); } +void tst_QSslSocket::allowedProtocolNegotiation() +{ +#ifndef ALPN_SUPPORTED + QSKIP("ALPN is unsupported, skipping test"); +#endif + +#if QT_CONFIG(schannel) + if (QOperatingSystemVersion::current() < QOperatingSystemVersion::Windows8_1) + QSKIP("ALPN is not supported on this version of Windows using Schannel."); +#endif + + QFETCH_GLOBAL(bool, setProxy); + if (setProxy) + return; + + + const QByteArray expectedNegotiated("cool-protocol"); + QList<QByteArray> serverProtos; + serverProtos << expectedNegotiated << "not-so-cool-protocol"; + QList<QByteArray> clientProtos; + clientProtos << "uber-cool-protocol" << expectedNegotiated << "not-so-cool-protocol"; + + + SslServer server; + server.config.setAllowedNextProtocols(serverProtos); + QVERIFY(server.listen()); + + QSslSocket clientSocket; + auto configuration = clientSocket.sslConfiguration(); + configuration.setAllowedNextProtocols(clientProtos); + clientSocket.setSslConfiguration(configuration); + + clientSocket.connectToHostEncrypted("127.0.0.1", server.serverPort()); + clientSocket.ignoreSslErrors(); + + QEventLoop loop; + QTimer::singleShot(5000, &loop, SLOT(quit())); + connect(&clientSocket, SIGNAL(encrypted()), &loop, SLOT(quit())); + loop.exec(); + + QVERIFY(server.socket->sslConfiguration().nextNegotiatedProtocol() == + clientSocket.sslConfiguration().nextNegotiatedProtocol()); + QVERIFY(server.socket->sslConfiguration().nextNegotiatedProtocol() == expectedNegotiated); +} + #ifndef QT_NO_OPENSSL class PskProvider : public QObject { @@ -3505,7 +3591,12 @@ protected: socket = new QSslSocket(this); socket->setSslConfiguration(config); socket->setPeerVerifyMode(peerVerifyMode); - socket->setProtocol(protocol); + if (QSslSocket::sslLibraryVersionNumber() > 0x10101000L) { + // FIXME. With OpenSSL 1.1.1 and TLS 1.3 PSK auto-test is broken. + socket->setProtocol(QSsl::TlsV1_2); + } else { + socket->setProtocol(protocol); + } if (ignoreSslErrors) connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); @@ -3836,55 +3927,24 @@ void tst_QSslSocket::ephemeralServerKey() QCOMPARE(client->sslConfiguration().ephemeralServerKey().isNull(), emptyKey); } -void tst_QSslSocket::allowedProtocolNegotiation() -{ -#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) - - QFETCH_GLOBAL(bool, setProxy); - if (setProxy) - return; - - const QByteArray expectedNegotiated("cool-protocol"); - QList<QByteArray> serverProtos; - serverProtos << expectedNegotiated << "not-so-cool-protocol"; - QList<QByteArray> clientProtos; - clientProtos << "uber-cool-protocol" << expectedNegotiated << "not-so-cool-protocol"; - - - SslServer server; - server.config.setAllowedNextProtocols(serverProtos); - QVERIFY(server.listen()); - - QSslSocket clientSocket; - auto configuration = clientSocket.sslConfiguration(); - configuration.setAllowedNextProtocols(clientProtos); - clientSocket.setSslConfiguration(configuration); - - clientSocket.connectToHostEncrypted("127.0.0.1", server.serverPort()); - clientSocket.ignoreSslErrors(); - - QEventLoop loop; - QTimer::singleShot(5000, &loop, SLOT(quit())); - connect(&clientSocket, SIGNAL(encrypted()), &loop, SLOT(quit())); - loop.exec(); - - QVERIFY(server.socket->sslConfiguration().nextNegotiatedProtocol() == - clientSocket.sslConfiguration().nextNegotiatedProtocol()); - QVERIFY(server.socket->sslConfiguration().nextNegotiatedProtocol() == expectedNegotiated); - -#endif // OPENSSL_VERSION_NUMBER -} - void tst_QSslSocket::pskServer() { #ifdef Q_OS_WINRT QSKIP("Server-side encryption is not implemented on WinRT."); #endif +#if QT_CONFIG(schannel) + QSKIP("Schannel does not have PSK support implemented."); +#endif QFETCH_GLOBAL(bool, setProxy); if (!QSslSocket::supportsSsl() || setProxy) return; QSslSocket socket; +#ifdef TLS1_3_VERSION + // FIXME: with OpenSSL 1.1.1 (thus TLS 1.3) test is known to fail + // due to the different PSK mechanism (?) - to be investigated ASAP. + socket.setProtocol(QSsl::TlsV1_2); +#endif this->socket = &socket; QSignalSpy connectedSpy(&socket, SIGNAL(connected())); @@ -3970,6 +4030,11 @@ void tst_QSslSocket::signatureAlgorithm_data() if (QSslSocket::sslLibraryVersionNumber() < 0x10002000L) QSKIP("Signature algorithms cannot be tested with OpenSSL < 1.0.2"); + if (QSslSocket::sslLibraryVersionNumber() >= 0x10101000L) { + // FIXME: investigate if this test makes any sense with TLS 1.3. + QSKIP("Test is not valid for TLS 1.3/OpenSSL 1.1.1"); + } + QTest::addColumn<QByteArrayList>("serverSigAlgPairs"); QTest::addColumn<QSsl::SslProtocol>("serverProtocol"); QTest::addColumn<QByteArrayList>("clientSigAlgPairs"); @@ -4107,13 +4172,81 @@ void tst_QSslSocket::forwardReadChannelFinished() }); connect(&socket, &QSslSocket::readChannelFinished, &QTestEventLoop::instance(), &QTestEventLoop::exitLoop); - socket.connectToHostEncrypted(QtNetworkSettings::serverLocalName(), 443); + socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); enterLoop(10); QVERIFY(readChannelFinishedSpy.count()); } #endif // QT_NO_OPENSSL +void tst_QSslSocket::disabledProtocols_data() +{ + QTest::addColumn<QSsl::SslProtocol>("disabledProtocol"); + QTest::newRow("SslV2") << QSsl::SslV2; + QTest::newRow("SslV3") << QSsl::SslV3; +} + +void tst_QSslSocket::disabledProtocols() +{ + QFETCH_GLOBAL(const bool, setProxy); + if (setProxy) + return; + + QFETCH(const QSsl::SslProtocol, disabledProtocol); + const int timeoutMS = 500; + // Test a client socket. + { + // 0. connectToHostEncrypted: client-side, non-blocking API, error is discovered + // early, preventing any real connection from ever starting. + QSslSocket socket; + socket.setProtocol(disabledProtocol); + QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError); + socket.connectToHostEncrypted(QStringLiteral("doesnotmatter.org"), 1010); + QCOMPARE(socket.error(), QAbstractSocket::SslInvalidUserDataError); + QCOMPARE(socket.state(), QAbstractSocket::UnconnectedState); + } + { + // 1. startClientEncryption: client-side, non blocking API, but wants a socket in + // the 'connected' state (otherwise just returns false not setting any error code). + SslServer server; + QVERIFY(server.listen()); + + QSslSocket socket; + QCOMPARE(socket.error(), QAbstractSocket::UnknownSocketError); + + socket.connectToHost(QHostAddress::LocalHost, server.serverPort()); + QVERIFY(socket.waitForConnected(timeoutMS)); + + socket.setProtocol(disabledProtocol); + socket.startClientEncryption(); + QCOMPARE(socket.error(), QAbstractSocket::SslInvalidUserDataError); + } + { + // 2. waitForEncrypted: client-side, blocking API plus requires from us + // to call ... connectToHostEncrypted(), which will notice an error and + // will prevent any connect at all. Nothing to test. + } + + // Test a server side, relatively simple: server does not connect, it listens/accepts + // and then calls startServerEncryption() (which must fall). + { + SslServer server; + server.protocol = disabledProtocol; + QVERIFY(server.listen()); + + QTestEventLoop loop; + connect(&server, &SslServer::socketError, [&loop](QAbstractSocket::SocketError) + {loop.exitLoop();}); + + QTcpSocket client; + client.connectToHost(QHostAddress::LocalHost, server.serverPort()); + loop.enterLoopMSecs(timeoutMS); + QVERIFY(!loop.timeout()); + QVERIFY(server.socket); + QCOMPARE(server.socket->error(), QAbstractSocket::SslInvalidUserDataError); + } +} + #endif // QT_NO_SSL QTEST_MAIN(tst_QSslSocket) diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/BLACKLIST b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/BLACKLIST deleted file mode 100644 index c9b628d79b..0000000000 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/BLACKLIST +++ /dev/null @@ -1,2 +0,0 @@ -[onDemandRootCertLoadingMemberMethods] -linux diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/qsslsocket_onDemandCertificates_member.pro b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/qsslsocket_onDemandCertificates_member.pro index 05755ff606..3e3ebeb358 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/qsslsocket_onDemandCertificates_member.pro +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/qsslsocket_onDemandCertificates_member.pro @@ -17,3 +17,9 @@ win32 { DEFINES += SRCDIR=\\\"$$PWD/\\\" requires(qtConfig(private_tests)) + +# DOCKERTODO: linux, docker is disabled on macOS/Windows. +linux { + QT_TEST_SERVER_LIST = squid danted + include($$dirname(_QMAKE_CONF_)/tests/auto/testserver.pri) +} diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp index 25c2701f69..4199c0f465 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp @@ -102,7 +102,15 @@ void tst_QSslSocket_onDemandCertificates_member::initTestCase_data() void tst_QSslSocket_onDemandCertificates_member::initTestCase() { +#ifdef QT_TEST_SERVER + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1080)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1081)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3128)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3129)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3130)); +#else QVERIFY(QtNetworkSettings::verifyTestNetworkSettings()); +#endif // QT_TEST_SERVER } void tst_QSslSocket_onDemandCertificates_member::init() @@ -110,28 +118,29 @@ void tst_QSslSocket_onDemandCertificates_member::init() QFETCH_GLOBAL(bool, setProxy); if (setProxy) { QFETCH_GLOBAL(int, proxyType); - QString testServer = QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString(); + const auto socksAddr = QtNetworkSettings::socksProxyServerIp().toString(); + const auto squidAddr = QtNetworkSettings::httpProxyServerIp().toString(); QNetworkProxy proxy; switch (proxyType) { case Socks5Proxy: - proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, testServer, 1080); + proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, socksAddr, 1080); break; case Socks5Proxy | AuthBasic: - proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, testServer, 1081); + proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, socksAddr, 1081); break; case HttpProxy | NoAuth: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, testServer, 3128); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, squidAddr, 3128); break; case HttpProxy | AuthBasic: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, testServer, 3129); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, squidAddr, 3129); break; case HttpProxy | AuthNtlm: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, testServer, 3130); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, squidAddr, 3130); break; } QNetworkProxy::setApplicationProxy(proxy); diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/qsslsocket_onDemandCertificates_static.pro b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/qsslsocket_onDemandCertificates_static.pro index c345d7379f..1ad42b309e 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/qsslsocket_onDemandCertificates_static.pro +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/qsslsocket_onDemandCertificates_static.pro @@ -16,3 +16,9 @@ win32 { DEFINES += SRCDIR=\\\"$$PWD/\\\" requires(qtConfig(private_tests)) + +#DOCKERTODO Linux, docker is disabled on macOS and Windows. +linux { + QT_TEST_SERVER_LIST = squid danted + include($$dirname(_QMAKE_CONF_)/tests/auto/testserver.pri) +} diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/tst_qsslsocket_onDemandCertificates_static.cpp b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/tst_qsslsocket_onDemandCertificates_static.cpp index 503edc0bff..671a21b1c2 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/tst_qsslsocket_onDemandCertificates_static.cpp +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/tst_qsslsocket_onDemandCertificates_static.cpp @@ -98,7 +98,15 @@ void tst_QSslSocket_onDemandCertificates_static::initTestCase_data() void tst_QSslSocket_onDemandCertificates_static::initTestCase() { +#ifdef QT_TEST_SERVER + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1080)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1081)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3128)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3129)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3130)); +#else QVERIFY(QtNetworkSettings::verifyTestNetworkSettings()); +#endif // QT_TEST_SERVER } void tst_QSslSocket_onDemandCertificates_static::init() @@ -106,28 +114,30 @@ void tst_QSslSocket_onDemandCertificates_static::init() QFETCH_GLOBAL(bool, setProxy); if (setProxy) { QFETCH_GLOBAL(int, proxyType); - QString testServer = QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString(); + const auto socksAddr = QtNetworkSettings::socksProxyServerIp().toString(); + const auto squidAddr = QtNetworkSettings::httpProxyServerIp().toString(); + QNetworkProxy proxy; switch (proxyType) { case Socks5Proxy: - proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, testServer, 1080); + proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, socksAddr, 1080); break; case Socks5Proxy | AuthBasic: - proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, testServer, 1081); + proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, socksAddr, 1081); break; case HttpProxy | NoAuth: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, testServer, 3128); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, squidAddr, 3128); break; case HttpProxy | AuthBasic: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, testServer, 3129); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, squidAddr, 3129); break; case HttpProxy | AuthNtlm: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, testServer, 3130); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, squidAddr, 3130); break; } QNetworkProxy::setApplicationProxy(proxy); diff --git a/tests/auto/network/ssl/ssl.pro b/tests/auto/network/ssl/ssl.pro index e89443ef4e..169e9bce83 100644 --- a/tests/auto/network/ssl/ssl.pro +++ b/tests/auto/network/ssl/ssl.pro @@ -21,6 +21,8 @@ qtConfig(ssl) { qdtlscookie \ qdtls } + + qtConfig(ocsp): SUBDIRS += qocsp } } |