| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Add support for SSL on iOS/OS X by adding a SecureTransport based
backend.
[ChangeLog][QtNetwork][QSslSocket] A new SSL backend for iOS and OS X,
implemented with Apple's Secure Transport (Security Framework).
Change-Id: I7466db471be2a8a2170f9af9d6ad4c7b6425738b
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
| |
Change-Id: I9c09a3e2dfb90eb22d4509ac6c450a0bb5da48f6
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
Place all debug output into the 'qt.network.ssl' category.
This allows people to disable certain warnings at runtime.
Task-number: QTBUG-43173
Change-Id: Ide731fae3109f9cd7730cc096ee069a5b99d35f1
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
This makes it follow the coding style, which says to camel case acronyms too,
and makes it consistent with the rest of the class.
Change-Id: I4a1b21de1815530e476fc5aa8a0d41c724fc8021
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: hjk <hjk121@nokiamail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslCertificate), so
make it public.
Also, the implementation in qsslsocket_winrt.cpp simply hashed
the handle(), which violates the principle that equal instances
must hash to the same value. Also, for some platforms, the
implementation returns nullptr unconditionally, which, while not
violating the above-mentioned principle, will make all users of
the hash have worst-case complexity.
To calculate a meaningful hash, therefore, the certificate needs
to be inspected deeper than just the handle.
For OpenSSL, we use X509::sha1_hash, which also X509_cmp uses
internally to determine inequality (it checks more stuff, but
if X059::sha1_hash is different, X509_cmp() returns non-zero,
which is sufficient for the purposes of qHash()). sha1_hash may
not be up-to-date, though, so we call X509_cmp to make it valid.
Ugh.
For WinRT/Qt, we use the DER encoding, as that is the native
storage format used in QSslCertificate. This is not equivalent
to the implementation used in qsslsocket_winrt.cpp before, but
since handle() == handle() => toDer() == toDer(), it should not
be a problem.
[ChangeLog][QtNetwork][QSslCertificate] Can now be used as a key in QSet/QHash.
Change-Id: I10858fe648c70fc9535af6913dd3b7f3b2cf0eba
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
|
| |
|
|
|
|
|
|
|
| |
- Renamed LICENSE.LGPL to LICENSE.LGPLv21
- Added LICENSE.LGPLv3
- Removed LICENSE.GPL
Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2
Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This makes non-OpenSSL backends able to handle to certificate
extensions.
This also converts the Q_OS_WINRT #ifdef's in the unit test to
QT_NO_OPENSSL as the behavior is the same for any non-OpenSSL
backend.
Change-Id: I6a8306dc5c97a659ec96063d5a59cee2ee9a63a9
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This element can be used for backends that do not offer all the
information that is needed when implementing a ssl certificate backend.
WinRT and the SecureTransport lack functionality in this area for
example.
The sources and tests are added for ssl and openssl configurations in order
to be tested. The condition for adding these can be changed as soon
as they are used by an actual implementation
Change-Id: I2b836133105afdc178bf3b1ee7d732bea069effa
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| |
|
|
|
|
|
|
|
|
| |
The change creates a stub implementation for WinRT, adding the needed
files and classes to build SSL support on that platform.
Task-number: QTBUG-37497
Change-Id: Idc3e8aa91c5eb8a938705f2385d1074fe6c1d83e
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to prepare the addition of WinRT and iOS (SecureTransport)
implementations of SSL the structure of some SSL files has to be
redone. Parts of certificate that probably can be reused by other
ports stayed in qsslcertificate.cpp while other parts were moved
to qsslcertificate_openssl.cpp. qsslcontext, qsslkey and qsslsocket
were suffixed by _openssl to show that these are pure openssl
implementations.
Change-Id: I7b022dec49759f882274999c0991bf95788f2a3a
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\
| |
| |
| | |
Change-Id: Ia12ffdb27ecdf25c2a2bdb0eed1945387502108a
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Those intermediate certificates were used to issue "unauthorized"
certificates according to
http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html
, and are by default trusted on Windows, so to be safe we blacklist
them here.
Change-Id: I9891c5bee2dd82c22eb0f45e9b04abd25efeb596
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Discussed with Peter and agreed that it's a slightly better fit there.
Change-Id: If8db777336e2273670a23d75d8542b30c07e0d7b
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| | |
| |
| |
| |
| | |
Change-Id: I6a4e96fb1a94a1a55eabe6b3e0df09b5d27fd8a2
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |/
|
|
|
| |
Change-Id: I382a017a0b865b849667301aff8b2f87b676ecc6
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
| |
These functions now return a QStringList to reflect the possibility of
there being more than one entry of a given type, but the documentation
did not reflect this.
Task-Number: QTBUG-36304
Change-Id: Iba2eda5e2c3174c8dcea640b5aed9cdc9a432392
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |
|
|
|
|
|
|
| |
... because it was used to operate a man-in-the-middle proxy.
Task-number: QTBUG-35474
Change-Id: Ic7f19708b278b866e4f06533cbd84e0ff43357e9
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Default values should have mark-up to denote that they are code.
This commit changes:
-"property is true" to "property is \c true".
-"Returns true" to "Returns \c true".
-"property is false" to "property is \c false".
-"returns true" to "returns \c true".
-"returns false" to "returns \c false".
src/3rdparty and non-documentation instances were ignored.
Task-number: QTBUG-33360
Change-Id: Ie87eaa57af947caa1230602b61c5c46292a4cf4e
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Jerome Pasion <jerome.pasion@digia.com>
|
| |
|
|
|
|
|
|
|
| |
DER certificates should not be opened as text files, so we
only pass the QIODevice::Text flag when the format is
QSsl::Pem.
Change-Id: I4bad98023c397b967d5beeec0aaa6c414e06fd9c
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
| |
Change-Id: Ic804938fc352291d011800d21e549c10acac66fb
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Those certificates have erroneously set the CA attribute to true,
meaning everybody in possesion of their keys can issue certificates on
their own.
Task-number: QTBUG-28937
Change-Id: Iff351e590ad3e6ab802e6fa1d65a9a9a9f7683de
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
| |
Change-Id: I37ccb10d40d2a848b7c251286d29aeb85411e912
Reviewed-by: hjk <qthjk@ovi.com>
|
| |
|
|
|
|
|
| |
QText*Format and QDns* ones are still missing.
Change-Id: I8e87fba596e87289ca935717e0a90bfc0b0a26c0
Reviewed-by: hjk <qthjk@ovi.com>
|
| |
|
|
|
|
|
|
| |
Change copyrights and license headers from Nokia to Digia
Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
|
| |
|
|
|
|
|
|
| |
Implemented as in other shared classes (e.g. QPen).
Change-Id: Ib3d87ff99603e617cc8810489f9f5e9fe054cd2a
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The reqExp used to handle wildcards in the path was broken. So we
always searched the working directory and not the specified path.
Autotest where passing because of a hack used for Windows paths
where we removed the first two chars in the path string.
This fix will not use nativeSeparators thus removing the Windows hack
and fix the regExp to match wildcard chars.
Task-number: QTBUG-23573
Change-Id: I56fadbb67f25b8ce9c0f17cb6232e0bdb9148b1c
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
|
| |
A couple of people reviewing the toText() method (which is new in 5.0)
have said that since the string returned is human readable it should
be a QString not a QByteArray. This change follows their advice.
Change-Id: Ibade9a24870805f7fbe2d299abeb9c6e964f0cf4
Reviewed-by: Girish Ramakrishnan <girish.1.ramakrishnan@nokia.com>
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
|
| |
|
|
|
|
|
| |
This change moves the snippets and imagesto the modularized directories.
Change-Id: If14912692a7f72d7de345eaf88d9ec9752310fca
Reviewed-by: Marius Storm-Olsen <marius.storm-olsen@nokia.com>
|
| |
|
|
|
| |
Change-Id: I54c5ab6e1bfb1816bb510be9e2bfa1e3362faa36
Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
|
| |
|
|
|
|
|
|
| |
The \since 5.0 directive was missing from many places.
Task-number: QTBUG-24001
Change-Id: I191ba8891ae66d78f923164bcab2fccb16eabef9
Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
|
| |
|
|
|
|
|
|
| |
With the new functions linked
Task-number: QTBUG-24001
Change-Id: I9fd2de746a6342a1f4f182189e7f2529f092c003
Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
|
| |
|
|
|
|
| |
Change-Id: I837c74d38b9f73aed41c3839421f5faad9d22f3f
Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The comodogate 72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0
certificate is a test certificate and the MD5 Collisions was created
as a proof of concept deliberately made to be expired at the time
of it's creation.
Task-number: QTBUG-24654
Change-Id: Ic8eb417363569fe50bf19cd229658f5e371862f7
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QSslCertificate can be copied around into multiple threads,
without detaching. For example, the https worker threads inside
QNetworkAccessManager.
There are const methods, which lazily initialise members of
the private class without detaching (i.e. caching results of
expensive function calls)
These functions now lock the d pointer using QMutexPool to
avoid concurrency related crashes.
autotest crashes 20% of the time in release builds without
the fix, passes 100 times in a row with the fix.
Task-number: QTBUG-20452
Change-Id: I64a01af8159216f2dd6215a08669890f6c029ca8
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
| |
As in the past, to avoid rewriting various autotests that contain
line-number information, an extra blank line has been inserted at the
end of the license text to ensure that this commit does not change the
total number of lines in the license header.
Change-Id: I311e001373776812699d6efc045b5f742890c689
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
|
| |
|
|
|
|
|
| |
Replace Nokia contact email address with Qt Project website.
Change-Id: I431bbbf76d7c27d8b502f87947675c116994c415
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
|
| |
|
|
|
|
|
|
| |
It was checked in a few places, but it didn't actually remove QTextStream,
so it was pretty useless.
Change-Id: I8eaf28893cd6c7acbe1c0b69d58de90742aee755
Reviewed-by: João Abecasis <joao.abecasis@nokia.com>
|
| |
|
|
|
| |
Change-Id: I02f2c620296fcd91d4967d58767ea33fc4e1e7dc
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
|
| |
|
|
|
|
|
|
|
|
| |
Since recently QSslCertificate::serialNumber() always returns the
hexadecimal format, so we need to adapt to that when checking the
serial numbers for the blacklisted certificates.
Change-Id: I43bdb1be77faad7ad79a835c896fc39477452e75
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
In Qt 4.x the serial number is reported by a mixture of the hex value
and the number, The hex is what is used by other tools, and we should do
the same.
Change-Id: Ia0361d43fb5b920d053c95e932e0c8a012436e5e
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently isValid wrongly gives the impression it checks a certificate
for validity - it doesn't. It merely checks if the certificate dates
are valid and if the certificate is blacklisted. Since it's already
easy for users to check the dates, let's just give them access to the
ability to check for blacklisting.
Change-Id: I25be3bde6a01063034702a9574b28469bf4882cd
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
... as did browser vendors.
Tested manually with affected CA certificates.
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit e1d6df4e5931ee49b4b68dd5a33146f5639268b7)
Change-Id: I5bf6c147abf6d2de0f313d65faa2d9a1e9684cea
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
| |
... by adding a new class QSslCertificateExtension and methods in
QSslCertificate to support extensions. This is needed e.g. for OCSP
(checking revocation status of a certificate) or Extended Validation
certificates.
Change-Id: I5c5d9513fa640cd487786bb9a5af734afebd0828
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
and do not only check leaf certificates, but all intermediates and
the root. Tested manually with the cross-signed intermediates.
Change-Id: I860dc9b568bc244abc9228486dbb374a1a2b47c4
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit 64adbd0c5775f97343afbe0e7b5fde0d70bdaedd)
Reviewed-on: http://codereview.qt.nokia.com/4291
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
... to reduce the possibility of blacklisting valid certificates that
happen to have the same serial number as a blacklisted one, which is
unlikely, but possible.
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit 6b1a8129623e3716f2fc075608b260ce7c381fe2
and adapted to the source incompatible change)
Change-Id: If714c34f6ce028032eee6d68f34d088b6ad5a0cc
Reviewed-on: http://codereview.qt.nokia.com/3895
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
blacklist the leaf certificate for now. There might well be more fake
certificates in the wild, for that either the Diginotar.nl root cert
needs to be disabled on the system or OCSP would need to be enabled
(not supported by Qt yet).
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit 70f6a1b91b242174682c30be976c2aa36c450cc7)
Change-Id: I7cd3fdc4c6e85202914764f983a60d301e54aa35
Reviewed-on: http://codereview.qt.nokia.com/3893
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
| |
... and add a new method subjectAlternativeNames() instead. This was
a typo in the API.
Change-Id: Id8704c387c9ff8e1af2b9a524ff628f5c053a294
Reviewed-on: http://codereview.qt.nokia.com/2618
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: João Abecasis <joao.abecasis@nokia.com>
|
| |
|
|
|
|
|
| |
Change-Id: I47e038299a7e6ef18206839ff59ecef9f0860415
Reviewed-on: http://codereview.qt.nokia.com/1510
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Markus Goetz
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently it is only possible to verify a certificate chain when
connecting to a server. This change makes it possible to verify a
chain at any time.
Change-Id: Ib70ad7b81418f880e995f391b82ce59561ededb8
Merge-request: 11
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-on: http://codereview.qt.nokia.com/1509
|
| |
|
|
|
|
|
|
|
|
|
| |
RFC 2459 "Internet X.509 Public Key Infrastructure" uses the word
"attribute" for fields in a certificate like common name, organization
etc.
Change-Id: I51e595acbe3e146acf81af21cf48e554fa9490e4
Reviewed-on: http://codereview.qt.nokia.com/1453
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
|
