summaryrefslogtreecommitdiffstats
path: root/src/network/ssl/qdtls.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Port from QAtomic::load() to loadRelaxed()Giuseppe D'Angelo2019-06-201-1/+1
| | | | | | | | | | | | | | | Semi-automated, just needed ~20 manual fixes: $ find \( -iname \*.cpp -or -iname \*.h \) -exec perl -pe 's/(\.|->)load\(\)/$1loadRelaxed\(\)/g' -i \{\} + $ find \( -iname \*.cpp -or -iname \*.h \) -exec perl -pe 's/(\.|->)store\(/$1storeRelaxed\(/g' -i \{\} + It can be easily improved (e.g. for store check that there are no commas after the opening parens). The most common offender is QLibrary::load, and some code using std::atomic directly. Change-Id: I07c38a3c8ed32c924ef4999e85c7e45cf48f0f6c Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
* Copy backend configuration while setting dtls configSona Kurazyan2019-01-051-0/+1
| | | | | | | | When setting dtls configuration, we should also copy backendConfig, otherwise this setting will be ignored. Change-Id: I4df53e8e6d8c2bd0eb7dddb9928b7883c401d60a Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* QDtls and QDtlsClientVerifier - add destructorsTimur Pocheptsov2018-09-101-0/+14
| | | | | | | | | | | While these destructors are essentially trivial and contain no code, the classes inherit QObject and thus have virtual tables. For such classes -Wweak-vtable generates a warning: "'Class' has no out-of-line virtual method definitions; its vtable will be emitted in every translation unit." Noticed this after updating QtCreator to the latest version. Change-Id: Iacb5d0cd49353bd35260aff736652542bb1ef197 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* DTLS: load roots from system stores only if allowedTimur Pocheptsov2018-08-151-0/+1
| | | | | | | | Respect allowRootCertOnDemandLoading, as it's done in QSslSocket (well, almost as in QSslSocket). Change-Id: Ic6cbb24a91e92cdb20f5f749553f15a62aae8b02 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* QDtsl::abortHandshake() - generalize the notion of 'abort'Timur Pocheptsov2018-08-151-4/+4
| | | | | | | | | | | | | | Previously, the function had a different name that made its purpose clear - "abort after peer verification error was encoutered". Since now it's just 'abort handshake', it also should abort an ongoing handshake, even if no peer verification error found so that we now have an API that can reset a QDtls object to its initial 'nothing done yet' state. Change-Id: Idadfec6f82d65c8f07d1c2afa4467c921c7e85c4 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* qdoc: Fix qdoc warnings from changes to QDtlsMartin Smith2018-08-151-21/+35
| | | | | | | | This update corrects several minor documentation errors that were introduced by a recent change to QDtls. Change-Id: I6ee6b0bf74c82dca86ba8d5f39acbd642829ec44 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* QDtls: delay protocol version verificationTimur Pocheptsov2018-08-101-21/+15
| | | | | | | | | | | | | | | | | | | A weird behavior of the DTLS server example, when linked with 1.0.2, exposed that client code, requesting an invalid protocol (for example, SSLv3) can end-up with connection encrypted with DTLS 1.2 (which is not that bad, but totally surprising). When we check the protocol version early in setDtlsConfiguration() and find a wrong version, we leave our previous configuration intact and we will use it later during the handshake. This is wrong. So now we let our user set whatever wrong configuration they have and later fail in TLS initialization, saying - 'Unsupported protocol, DTLS was expected'. Auto-test was reduced - the follow-up patch will introduce a new 'invalidConfiguration' auto-test. Change-Id: I9be054c6112eea11b7801a1595aaf1d34329e1d2 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* Document the DTLS APITimur Pocheptsov2018-08-091-10/+589
| | | | | | | Task-number: QTBUG-68070 Change-Id: Ifd08ecb7c2c1a6dc352952a10ad56259bd1ecf10 Reviewed-by: Paul Wicking <paul.wicking@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* Remove redundant #if-eryTimur Pocheptsov2018-07-301-8/+1
| | | | | | | | | As now the feature 'dtls' depends on the feature 'openssl' - ifdefs are redundant, this code is always 'openssl-only'. Change-Id: I6a7fe9e3a00ae05656af1626e7de74e813df5d32 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* QDtls - use conventional namesTimur Pocheptsov2018-07-271-6/+6
| | | | | | | | More Qt-style and more natural, also, shorter names. Change-Id: I97bd68a8614126d518a3853027661435dc4e080d Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* QDtls - refactorTimur Pocheptsov2018-07-261-6/+6
| | | | | | | | | This patch renames rather awkward 'remote' into more conventional 'peer' (similar to what we have in QAbstractSocket). Change-Id: Ifc45e538b8adf9cc076bd7aee693277829fd94dc Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* QDtls - handle server-side timeoutsTimur Pocheptsov2018-07-051-6/+0
| | | | | | | | | | | | | According to RFC 6347 a DTLS server also must retransmit buffered message(s) if timeouts happen during the handshake phase (so it's not a client only as I initially understood it). Conveniently so an auto-test is already in place and needs just a tiny adjustment - handshakeWithRetransmission covers both sides. Change-Id: If914ec3052e28ef5bf12a40e5eede45bbc53e8e0 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* QtNetwork: Fix and streamline translations of QDtlsFriedemann Kleint2018-06-281-2/+7
| | | | | | | | | | | | | | | - Use %-placeholder formatting instead of string concatenation for messages of the form "XX failed: %1" - Introduce helper functions for duplicate messages - Introduce helper function for message reporting function failures to avoid duplication - Extract helper function for reporting SSL handshake errors Complemements ac583b686d0677517e7f8a10ce4e79c7fe227ccf. Change-Id: Iaf6c158ca8086d0b17a3e3c51955707734829615 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* Let's encrypt datagramsTimur Pocheptsov2018-06-181-0/+569
This patch adds DTLS support to QtNetwork module (and its OpenSSL back-end). DTLS over UDP is defined by RFC 6347. The new API consists of 1) QDtlsClientVerifier which checks if a client that sent us ClientHello is a real DTLS client by generating a cookie, sending a HelloVerifyRequest with this cookie attached, and then verifiying a cookie received back. To be deployed in combination with a server-side QUdpSocket. 2) QDtls - initiates and proceeds with a TLS handshake (client or server side), with certificates and/or pre-shared key (PSK), and encrypts/decrypts datagrams after the handshake has finished. This patch does not implement yet another UDP socket, instead it allows use of existing QUdpSocket(s), by adding DTLS support on top. OpenSSL back-end uses a custom BIO to make it work with QUdpSocket and give a finer control over IO operations. On the server side, demultiplexing is left to client code (could be done either by connecting QUdpSocket or by extracting address/port for an incoming datagram and then forwarding/dispatching them to the corresponding QDtls object). Task-number: QTPM-779 Change-Id: Ifcdf8586c70c3018b0c5549efc722e795f2c1c52 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 03:19:29 +0000