diff options
Diffstat (limited to 'tests/auto/network')
6 files changed, 77 insertions, 4 deletions
diff --git a/tests/auto/network/access/http2/tst_http2.cpp b/tests/auto/network/access/http2/tst_http2.cpp index 235b78c34a..bbb314128b 100644 --- a/tests/auto/network/access/http2/tst_http2.cpp +++ b/tests/auto/network/access/http2/tst_http2.cpp @@ -50,7 +50,8 @@ #include "emulationdetector.h" -#if !defined(QT_NO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) +#if (!defined(QT_NO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT)) \ + || QT_CONFIG(schannel) // HTTP/2 over TLS requires ALPN/NPN to negotiate the protocol version. const bool clearTextHTTP2 = false; #else diff --git a/tests/auto/network/access/qnetworkreply/certs/qt-test-server-host-network-cacert.pem b/tests/auto/network/access/qnetworkreply/certs/qt-test-server-host-network-cacert.pem new file mode 100644 index 0000000000..5bdce3a3f9 --- /dev/null +++ b/tests/auto/network/access/qnetworkreply/certs/qt-test-server-host-network-cacert.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIClzCCAgACCQDeuuUc2HkfKDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEChMC +UXQxGTAXBgNVBAsTEENvcmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5v +Ym9keS5xdC5pbzENMAsGA1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UE +BhMCTk8xHTAbBgNVBAMTFHF0LXRlc3Qtc2VydmVyLmxvY2FsMB4XDTE5MDEyNTE1 +NDE0N1oXDTQ5MDExNzE1NDE0N1owgY8xCzAJBgNVBAoTAlF0MRkwFwYDVQQLExBD +b3JlIEFuZCBOZXR3b3JrMRswGQYJKoZIhvcNAQkBFgxub2JvZHkucXQuaW8xDTAL +BgNVBAcTBE9zbG8xDTALBgNVBAgTBE9zbG8xCzAJBgNVBAYTAk5PMR0wGwYDVQQD +ExRxdC10ZXN0LXNlcnZlci5sb2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAzarbb9Y0yafxwL7kQRgZ4gLJIuan1boDLp4oevRfGndfd6kRO49+8C7Gnus6 +2RLXwQxR6CRSPyPDQgwRxvIcoUL+tMJpg633cLEYFcwgKGIw8CwV5jMZr8PrHMCR +9xFolFD4STcIMtc+dd+jvGkAFd7Nhw9cAmuCyAF9avAd3HMCAwEAATANBgkqhkiG +9w0BAQQFAAOBgQB1dxK3Ia4sCpvSikKLaf1ZXu+9GKaNWKJe9bWex9/RmNOla9N2 +FIh6/CfaPFDy/OXCkyEiGg78iyg/DgqVoa9JJGV3diI6berisHMPJpv1syyz9YEU +G3RQUClPcPV6EcedyqCdpbnIFtiSZbtJ0ZBGef4KzBN3rTmPucKb+bhMPg== +-----END CERTIFICATE----- diff --git a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp index 61f0f70ea7..0d6828797a 100644 --- a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp +++ b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp @@ -550,8 +550,15 @@ static void setupSslServer(QSslSocket* serverSocket) } #ifdef QT_TEST_SERVER +#ifdef QT_TEST_SERVER_NAME +// In this case, each server is assigned a unique hostname. Use the wildcard SSL +// certificate (*.test-net.qt.local). const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-net-cacert.pem"; #else +// Otherwise, select the single-name SSL certificate (qt-test-server.local) instead. +const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-server-host-network-cacert.pem"; +#endif // QT_TEST_SERVER_NAME +#else const QString tst_QNetworkReply::certsFilePath = "/certs/qt-test-server-cacert.pem"; #endif diff --git a/tests/auto/network/ssl/qsslsocket/BLACKLIST b/tests/auto/network/ssl/qsslsocket/BLACKLIST index 8e1a55995e..555822d1e6 100644 --- a/tests/auto/network/ssl/qsslsocket/BLACKLIST +++ b/tests/auto/network/ssl/qsslsocket/BLACKLIST @@ -1 +1,7 @@ windows +[connectToHostEncrypted] +osx-10.13 +[setSslConfiguration] +osx-10.13 +[connectToHostEncryptedWithVerificationPeerName] +osx-10.13 diff --git a/tests/auto/network/ssl/qsslsocket/certs/127-0-0-1-as-CN.crt b/tests/auto/network/ssl/qsslsocket/certs/127-0-0-1-as-CN.crt new file mode 100644 index 0000000000..2253469392 --- /dev/null +++ b/tests/auto/network/ssl/qsslsocket/certs/127-0-0-1-as-CN.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/jCCAeagAwIBAgIJALBykhTMGxyEMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV +BAMMCTEyNy4wLjAuMTAeFw0xOTAxMjUyMjU5NDFaFw0xOTAyMjQyMjU5NDFaMBQx +EjAQBgNVBAMMCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALMEo10Xd6e5ot4Rg99VejDV/WNdAhY6+2Ilzuc+1XdzDpEQCuqWY2hAGX9m +QXyFSR+UcpJWoUFUtJLsArXgRnxT+seHuemrLZGZOkDStUhKNpxfwOmhIT+sLocw +qXCwNf9oG4//3evGwGqJhLDpGUhTNVCAMaalb1yrcXskYEkWdelzCTMzoirVvbS2 +6PH3kE+WPaBehMFruLtp+v7btnVIA305DwFy4CLq+HHFq59BbxRWxhRSkfXM8w+d +g05P3VNpEb8Apn4rQ+n/xRz7oZs0Aou4GZG5JAgiLOibbVBK+xnD/UW/txeFWfRZ +1dzIi4yAKkdwIhPAg+pP1G6tgZMCAwEAAaNTMFEwHQYDVR0OBBYEFNGZZgb9dbVY +FKkkoQp/oAQ2/B51MB8GA1UdIwQYMBaAFNGZZgb9dbVYFKkkoQp/oAQ2/B51MA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFvHy0RE96TDw6Q2pfCY +aMz/X8dMAEMz5XqC7ImcztVg6VTRHpiw+QFQGqCLwNNuwkD9/pZ3IgVzSbRQw3oW +HO7wD30NFl17LQMONBdcmR9FO5ruBh8G0Q1tmeKNtuwjzF3LAkj/J3tAn6eVmHi5 +75WEK/vQgy9XElN6EC6TgC/4B5/DPdZuEMdL7AP8ADLq9UVf8JC9c4QjU9G1Ce2R +PzNwkhkLvtLlcxFcXciuc+oGhLENoJ2ZYHctT/ReOuBoRWEwIB1AeCWxitxjBZ6t +lmZ+UewuzJ7y1X5maQZr7w3o8f6DwqwYrmMd45tS6jkHHAJlaCs/yCfVnLBwZ1l4 +NeM= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 8367977648..1c27901844 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -74,6 +74,16 @@ typedef QSharedPointer<QSslSocket> QSslSocketPtr; #endif #endif // QT_NO_SSL +// Detect ALPN (Application-Layer Protocol Negotiation) support +#undef ALPN_SUPPORTED // Undef the variable first to be safe +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) +#define ALPN_SUPPORTED 1 +#endif + +#if QT_CONFIG(schannel) && !defined(Q_CC_MINGW) +#define ALPN_SUPPORTED 1 +#endif + #if defined Q_OS_HPUX && defined Q_CC_GNU // This error is delivered every time we try to use the fluke CA // certificate. For now we work around this bug. Task 202317. @@ -1722,6 +1732,14 @@ void tst_QSslSocket::isMatchingHostname() cert = certs.first(); QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("192.5.8.16")), true); QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("fe80::3c29:2fa1:dd44:765")), true); + + /* openssl req -x509 -nodes -new -newkey rsa -keyout /dev/null -out 127-0-0-1-as-CN.crt \ + -subj "/CN=127.0.0.1" + */ + certs = QSslCertificate::fromPath(testDataDir + "certs/127-0-0-1-as-CN.crt"); + QVERIFY(!certs.isEmpty()); + cert = certs.first(); + QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("127.0.0.1")), true); } void tst_QSslSocket::wildcard() @@ -3408,12 +3426,20 @@ void tst_QSslSocket::setEmptyDefaultConfiguration() // this test should be last, void tst_QSslSocket::allowedProtocolNegotiation() { -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) +#ifndef ALPN_SUPPORTED + QSKIP("ALPN is unsupported, skipping test"); +#endif + +#if QT_CONFIG(schannel) + if (QOperatingSystemVersion::current() < QOperatingSystemVersion::Windows8_1) + QSKIP("ALPN is not supported on this version of Windows using Schannel."); +#endif QFETCH_GLOBAL(bool, setProxy); if (setProxy) return; + const QByteArray expectedNegotiated("cool-protocol"); QList<QByteArray> serverProtos; serverProtos << expectedNegotiated << "not-so-cool-protocol"; @@ -3441,8 +3467,6 @@ void tst_QSslSocket::allowedProtocolNegotiation() QVERIFY(server.socket->sslConfiguration().nextNegotiatedProtocol() == clientSocket.sslConfiguration().nextNegotiatedProtocol()); QVERIFY(server.socket->sslConfiguration().nextNegotiatedProtocol() == expectedNegotiated); - -#endif // OPENSSL_VERSION_NUMBER } #ifndef QT_NO_OPENSSL |