summaryrefslogtreecommitdiffstats
path: root/src/network/ssl/qsslconfiguration.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Merge remote-tracking branch 'origin/5.11' into 5.12Qt Forward Merge Bot2018-10-081-0/+4
|\ | | | | | | | | | | | | Conflicts: src/corelib/tools/qtimezoneprivate.cpp Change-Id: Icbb5999d378711ce3786a4fe0aba176a45ac702c
| * Doc: Describe behavior of QSslConfiguration::caCertificates() on iOSLeena Miettinen2018-10-041-0/+4
| | | | | | | | | | | | | | | | | | | | In iOS, the system certificates cannot be accessed, so this function will return an empty list for the default configuration. Task-number: QTBUG-60407 Change-Id: I0d691a0dd5e6367594e71c7ebccfbdc866d4a3f0 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Andy Shaw <andy.shaw@qt.io>
* | qdoc: Fix qdoc warnings from changes to QDtlsMartin Smith2018-08-151-1/+1
| | | | | | | | | | | | | | | | This update corrects several minor documentation errors that were introduced by a recent change to QDtls. Change-Id: I6ee6b0bf74c82dca86ba8d5f39acbd642829ec44 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* | Extend the feature 'dtls' to handle missing DTLS support in OpenSSLTimur Pocheptsov2018-07-131-22/+26
| | | | | | | | | | | | | | | | | | | | | | | | OpenSSL has 'no-dtls' configure option (or can be too ancient to properly support it), we shall respect such builds. This patch extends configure.json with a 'dtls' test and adds protection against linkage/compile-time issues in the QtNetwork's code. Change-Id: I0c0dd94f5c226115cee4285b82c83aa546555aea Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* | Merge remote-tracking branch 'origin/5.11' into devLiang Qi2018-07-021-1/+1
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: src/plugins/platforms/cocoa/qnsview.mm src/plugins/platforms/cocoa/qnsview_dragging.mm src/plugins/platforms/ios/qiosinputcontext.mm src/plugins/platforms/xcb/qxcbconnection.cpp src/plugins/platforms/xcb/qxcbconnection_xi2.cpp src/plugins/platforms/xcb/qxcbwindow.cpp src/tools/androiddeployqt/main.cpp Was moved from qttools into qtbase in 5.11. So re-apply 32398e4d here. tests/auto/corelib/global/qlogging/test/test.pro tests/auto/corelib/global/qlogging/tst_qlogging.cpp tests/auto/corelib/io/qfile/tst_qfile.cpp tests/auto/corelib/kernel/qtimer/tst_qtimer.cpp tests/auto/corelib/thread/qthreadstorage/test/test.pro tests/auto/widgets/itemviews/qheaderview/tst_qheaderview.cpp tests/auto/widgets/kernel/qapplication/test/test.pro Done-with: Gatis Paeglis <gatis.paeglis@qt.io> Done-with: Mårten Nordheim <marten.nordheim@qt.io> Done-with: Oliver Wolff <oliver.wolff@qt.io> Change-Id: Id970486c5315a1718c540f00deb2633533e8fc7b
| * Doc: Add missing full stops in briefsPaul Wicking2018-06-211-1/+1
| | | | | | | | | | | | Task-number: QTBUG-68933 Change-Id: I3f2a9f8c562f9a44bb32bddd31d75abbfe6de04d Reviewed-by: Topi Reiniö <topi.reinio@qt.io>
* | Merge remote-tracking branch 'origin/5.11' into devLiang Qi2018-06-071-1/+1
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: .qmake.conf src/corelib/kernel/qeventdispatcher_cf.mm src/gui/kernel/qguiapplication_p.h src/gui/kernel/qwindowsysteminterface.cpp src/gui/kernel/qwindowsysteminterface.h src/plugins/platforms/cocoa/qcocoawindow.mm src/plugins/platforms/cocoa/qnswindowdelegate.mm src/plugins/platforms/ios/qioseventdispatcher.mm src/plugins/platforms/windows/qwindowsdrag.h src/plugins/platforms/windows/qwindowsinternalmimedata.h src/plugins/platforms/windows/qwindowsmime.cpp src/plugins/platforms/winrt/qwinrtscreen.cpp Change-Id: Ic817f265c2386e83839d2bb9ef7419cb29705246
| * Doc: Remove outdated info and linkify valueMårten Nordheim2018-06-041-1/+1
| | | | | | | | | | | | | | No reason to duplicate the info there in a paranthesis. Change-Id: Ie01be382d36bbc8e7f2eff4cc7ae0df207869c25 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* | Merge remote-tracking branch 'origin/5.11' into devLiang Qi2018-05-141-4/+4
|\| | | | | | | | | | | | | | | | | Conflicts: mkspecs/features/qt_module_headers.prf tests/auto/widgets/itemviews/qheaderview/tst_qheaderview.cpp tests/auto/widgets/kernel/qwidget/BLACKLIST Change-Id: I2a08952d28d1d0e3d73f521a3d44700ce79ff16c
| * Fix documentation of setBackendConfigurationOptionAndré Klitzing2018-04-251-4/+4
| | | | | | | | | | | | | | | | Introduced by mistake in f55c73ede28d4455f555a28e401407326ac9b954 Change-Id: Ieac8fc0a6bb536e5ef3770a22785fe41d4033ee9 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* | Add a new (D)TLS configurationTimur Pocheptsov2018-04-061-0/+56
|/ | | | | | | | | | | | | Namespace QSsl: introduce DtlsV1_0/DtlsV1_2/DtlsV1_2OrLater enumerators into SslProtocol. Implement QSslConfiguration::defaultDtlsConfiguration. Make some functions shared - now not only QSslSocket needs them, but also DTLS-related code. This patch-set also enables protocol-specific set of ciphers (so for DTLS we are using the correct method - 'DTLS_method'). Change-Id: I828fc898674aa3c0a471e8e5b94575bb50538601 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* Expand Config to Configuration in method namesEdward Welbourne2018-03-131-9/+9
| | | | | | | | Commit f55c73ede28d4455f555a28e401407326ac9b954 added various backendConfig methods; API review for 5.11 pointed out that Config should not be abbreviated. Change-Id: I3b294b44a030b2a6e4cdd034fa27583c228dfe42 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* Fix some qdoc-warnings for 5.11Friedemann Kleint2018-02-211-1/+1
| | | | | | | | | | | | | | | | Rename example savegame and its snippets following a6b697ca13945a174cff9f3e9b1af1cf61c0bea5. Fix: /qtbase/examples/corelib/serialization/savegame/doc/src/savegame.qdoc:28: warning: Cannot find file 'json/savegame/savegame.pro' or 'json/savegame/savegame.qmlproject' qtbase/examples/corelib/serialization/savegame/doc/src/savegame.qdoc:98: (qdoc) warning: Cannot find file to quote from: 'json/savegame/level.cpp' json qtbase/src/network/ssl/qsslconfiguration.cpp:889: warning: Undocumented parameter 'name' in QSslConfiguration::setBackendConfigOption() qtbase/src/corelib/tools/qbitarray.cpp:314: warning: No such parameter 'len' in QBitArray::fromBits() Change-Id: If59512873ca2116b89490927fdbf9ea1d8b237a8 Reviewed-by: Topi Reiniö <topi.reinio@qt.io> Reviewed-by: Martin Smith <martin.smith@qt.io>
* Introduce QSslConfiguration::backendConfigLars Schmertmann2018-01-261-0/+56
| | | | | | | | With this change it is possible to use all supported configurations in different backends without any new interfaces. Change-Id: Ib233539a970681d30ae3907258730e491f8d3531 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* HTTP2 protocol handlerTimur Pocheptsov2016-07-081-0/+1
| | | | | | | | | | Add HTTP2 support in QNAM - QHttp2ProtocolHandler + aux. classes. [ChangeLog][QtNetwork] Added support for HTTP/2 protocol Task-number: QTBUG-50956 Change-Id: I3a119cfbb1fb3118d9003225f5e54b46ae2829b6 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* Fix some qdoc-warnings for Qt 5.8.Friedemann Kleint2016-06-281-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | qtbase/src/corelib/tools/qstring.cpp:8341: warning: Unknown command '\length' qtbase/src/corelib/tools/qstring.cpp:8354: warning: Unknown command '\length' qtbase/src/corelib/tools/qstring.cpp:8366: warning: Unknown command '\length' qtbase/src/corelib/doc/src/animation.qdoc:38: warning: Can't link to 'QAbstractAnimation::updateCurrentValue()' qtbase/src/corelib/io/qdatastream.cpp:529: warning: Undocumented enum item 'Qt_5_8' in QDataStream::Version qtbase/src/corelib/tools/qdatetime.cpp:4377: warning: No documentation for 'QDateTime::currentSecsSinceEpoch()' qtbase/src/corelib/tools/qcommandlineoption.cpp:435: warning: Undocumented parameter 'flags' in QCommandLineOption::setFlags() qtbase/src/network/ssl/qsslconfiguration.cpp:857: warning: Undocumented parameter 'dhparams' in QSslConfiguration::setDiffieHellmanParameters() qtbase/src/network/ssl/qsslconfiguration.cpp:830: warning: Undocumented parameter 'hint' in QSslConfiguration::setPreSharedKeyIdentityHint() qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:225: warning: No such enum item 'ErrorUnsafeParameters' in QSslDiffieHellmanParameters::Error qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:225: warning: No such enum item 'ErrorInvalidInputData' in QSslDiffieHellmanParameters::Error qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:225: warning: Undocumented enum item 'UnsafeParametersError' in QSslDiffieHellmanParameters::Error qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:225: warning: Undocumented enum item 'NoError' in QSslDiffieHellmanParameters::Error qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:225: warning: Undocumented enum item 'InvalidInputDataError' in QSslDiffieHellmanParameters::Error qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:105: warning: Undocumented parameter 'encoding' in QSslDiffieHellmanParameters::QSslDiffieHellmanParameters() qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:129: warning: Undocumented parameter 'encoding' in QSslDiffieHellmanParameters::QSslDiffieHellmanParameters() qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:208: warning: Can't link to 'clear()' qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:277: warning: Undocumented parameter 'dhparam' in operator<<() qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:277: warning: No such parameter 'dhparm' in operator<<() qtbase/src/widgets/kernel/qapplication.cpp:999: warning: Cannot find 'QApplication::autoMaximizeThreshold' specified with '\property' in any header file Change-Id: I4ac00f0fc0dbc4d421cf7c0273635d9681962645 Reviewed-by: Topi Reiniö <topi.reinio@theqtcompany.com>
* Add settable QSslDiffieHellmanParameters for QSslSocket-based servers.Mikkel Krautz2016-05-251-0/+29
| | | | | | | | | | Only the OpenSSL backend is supported right now. [ChangeLog][QtNetwork][SSL/TLS support] It is now possible to set custom Diffie-Hellman parameters for QSslSocket-based servers. Change-Id: I50148873132cd0ec7e414250b107b6b4cbde02ea Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
* Merge remote-tracking branch 'origin/5.7' into devLiang Qi2016-05-231-0/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: mkspecs/wince80colibri-armv7-msvc2012/qmake.conf qmake/generators/win32/msvc_vcproj.cpp src/corelib/global/qnamespace.h src/corelib/global/qnamespace.qdoc src/corelib/io/qfsfileengine_win.cpp src/corelib/tools/tools.pri src/network/ssl/qsslconfiguration_p.h src/plugins/platforms/linuxfb/qlinuxfbscreen.cpp src/plugins/platforms/windows/windows.pri src/src.pro src/tools/bootstrap/bootstrap.pro src/tools/uic/cpp/cppwriteinitialization.cpp src/widgets/dialogs/qfilesystemmodel.cpp tests/auto/testlib/selftests/expected_cmptest.teamcity tests/auto/testlib/selftests/expected_cmptest.txt Change-Id: I4d2ac78f0dcc97f008186bbbc769c6fe588ab0e5
| * Add ephemeralServerKey to isNull() and operator==André Klitzing2016-05-131-0/+2
| | | | | | | | | | | | Change-Id: Iacd0f55886847630b84a8037d8d26504c558c90e Reviewed-by: Sebastian Lösch <Sebastian.Loesch@governikus.com> Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
* | Add support for PSK on server sideAndré Klitzing2016-05-021-0/+28
| | | | | | | | | | | | | | | | [ChangeLog][QtNetwork][QSslSocket] TLS PSK ciphers are possible in server sockets. Task-number: QTBUG-39077 Change-Id: Iaa854a6f50242deae5492f2e4759c727488995f5 Reviewed-by: Richard J. Moore <rich@kde.org>
* | qsslsocket/qsslcontext - add ALPN (OpenSSL only)Timur Pocheptsov2016-03-211-8/+12
|/ | | | | | | | | Application-Layer Protocol Negotiation (ALPN) - is a reworked revision of Next Protocol Negotiation (NPN) we have in our OpenSSL code. Can be used as a part of HTTP2 negotiation during TLS handshake. Change-Id: I484ec528c81d4887a64749095ec292dfaec18330 Reviewed-by: Richard J. Moore <rich@kde.org>
* Use QFlags::setFlag where prudent in qtbaseAndre Somers2016-02-121-4/+1
| | | | | | | | | | | | | | | | | QFlags::setFlag is most useful to replace explicit constructs like if (condition) { someFlags |= TheConditionFlag; } else { someFlags &= ~TheConditionFlag; } with someFlags.setFlag(TheConditionFlag, condition); Change-Id: Ie4586681c83e0af812d5bbf14965aad51941a960 Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
* Updated license headersJani Heikkinen2016-01-151-14/+20
| | | | | | | | | | | From Qt 5.7 -> LGPL v2.1 isn't an option anymore, see http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/ Updated license headers to use new LGPL header instead of LGPL21 one (in those files which will be under LGPL v3) Change-Id: I046ec3e47b1876cd7b4b0353a576b352e3a946d9 Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
* Make ephemeral server key availableSebastian Lösch2016-01-041-0/+17
| | | | | | | | | | | | | | When using cipher algorithms with forward secrecy an ephemeral key is used to generate the symmetric session key. Beside the SSL certificate's key, this ephemeral key is of cryptographic interest. The ephemeral key is chosen by the server side - currently statically in the Qt implementation - so it is only of interest on the client side to check it. Therefore the ephemeral key is the null key if the connection is set up in server mode or a cipher without forward secrecy is used. Change-Id: If241247dbb8490a91233ae47f2b38952c6591bf4 Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
* QSslSocket: move default cipher, EC and default CA APIs to QSslConfigurationGiuseppe D'Angelo2015-06-111-0/+45
| | | | | | | | | | | | | | | | QSslConfiguration is better suited for these APIs. The ones in QSslSocket that already have a counterpart have been deprecated. [ChangeLog][QtNetwork][SSL/TLS Support] Most of the QSslSocket functions to deal with ciphersuites, certification authorities as well as elliptic curves have been deprecated in favor of the corresponding counterparts in QSslConfiguration. Task-number: QTBUG-46558 Change-Id: I1de03379efcbcab931c20e876e252769fe4279e0 Reviewed-by: Liang Qi <liang.qi@theqtcompany.com> Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Jani Heikkinen <jani.heikkinen@theqtcompany.com>
* Update copyright headersJani Heikkinen2015-02-111-7/+7
| | | | | | | | | | | | | | | | | | Qt copyrights are now in The Qt Company, so we could update the source code headers accordingly. In the same go we should also fix the links to point to qt.io. Outdated header.LGPL removed (use header.LGPL21 instead) Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing combination. New header.LGPL-COMM taken in the use file which were using old header.LGPL3 (src/plugins/platforms/android/extract.cpp) Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license combination Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
* Merge remote-tracking branch 'origin/5.4' into devFrederik Gladhorn2015-02-101-0/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: src/3rdparty/harfbuzz-ng/harfbuzz-ng.pro src/gui/image/qimage_conversions.cpp src/gui/opengl/qopenglextensions_p.h src/gui/text/qtextengine.cpp src/network/ssl/qsslsocket_openssl.cpp src/plugins/platforms/eglfs/qeglfshooks_stub.cpp src/plugins/platforms/eglfs/qeglfsscreen.cpp src/plugins/platforms/eglfs/qeglfswindow.cpp src/plugins/platforms/windows/qwindowsfontdatabase.cpp src/plugins/platforms/windows/qwindowsfontdatabase_ft.cpp src/plugins/platforms/windows/qwindowsnativeinterface.cpp src/plugins/platforms/windows/qwindowsscreen.cpp src/plugins/platforms/windows/qwindowswindow.cpp src/plugins/platforms/windows/qwindowswindow.h src/plugins/platforms/xcb/qxcbdrag.h src/widgets/itemviews/qabstractitemview.cpp src/widgets/kernel/qwidget.cpp src/widgets/util/qsystemtrayicon_p.h tests/auto/corelib/itemmodels/qsortfilterproxymodel/tst_qsortfilterproxymodel.cpp Thanks to Friedemann Kleint for resolving the qwindowsfontdatabase.cpp conflicts. Change-Id: I937232c30523d5121c195d947d92aec6f129b03e
| * Doc: add missing since 5.4 for new sessionProtocol() methods.David Faure2015-01-191-0/+1
| | | | | | | | | | | | | | | | They were added in 233a2f37bfa6c896612cbf9a7db42e8e0da788f5, which is in 5.4, but the \since information was missing. Change-Id: I346a049cad75647fdcd7b64df80dc169bb4ec70a Reviewed-by: Richard J. Moore <rich@kde.org>
* | [QSSL] Pass params of shareable type by const-ref rather than by valueKonstantin Ritt2015-01-281-0/+4
| | | | | | | | | | | | Change-Id: I9c09a3e2dfb90eb22d4509ac6c450a0bb5da48f6 Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* | Merge remote-tracking branch 'origin/5.4' into devSimon Hausmann2014-12-181-1/+3
|\| | | | | | | | | | | | | | | | | | | Conflicts: src/corelib/global/qglobal.h src/platformsupport/platformcompositor/qopenglcompositor.cpp src/platformsupport/platformcompositor/qopenglcompositorbackingstore.cpp tests/auto/gui/kernel/qwindow/tst_qwindow.cpp Change-Id: I5422868500be695584a496dbbbc719d146bc572d
| * Use categorized logging for ssl codeKai Koehne2014-12-101-1/+3
| | | | | | | | | | | | | | | | | | Place all debug output into the 'qt.network.ssl' category. This allows people to disable certain warnings at runtime. Task-number: QTBUG-43173 Change-Id: Ide731fae3109f9cd7730cc096ee069a5b99d35f1 Reviewed-by: Richard J. Moore <rich@kde.org>
* | SSL: Add support for selecting which curves should be used by an elliptic cipherGiuseppe D'Angelo2014-11-261-0/+46
|/ | | | | | | | | [ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic curves should be used by an elliptic curve cipher. Change-Id: If5d0d58922768b6f1375836489180e576f5a015a Done-with: Marc Mutz <marc.mutz@kdab.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Update license headers and add new license filesMatti Paaso2014-09-241-19/+11
| | | | | | | | | - Renamed LICENSE.LGPL to LICENSE.LGPLv21 - Added LICENSE.LGPLv3 - Removed LICENSE.GPL Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2 Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
* Merge remote-tracking branch 'origin/stable' into devSergio Ahumada2014-03-131-1/+1
|\ | | | | | | Change-Id: Idec54e19963e8d88c711cb179cffc81596323899
| * Replace Note: with \note in documentationKurt Pattyn2014-03-131-1/+1
| | | | | | | | | | | | Change-Id: I213ac1fb2733e675f3641441fe6c621bab06c1f0 Reviewed-by: Peter Hartmann <phartmann@blackberry.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* | Add support for finding the version of SSL/TLS in use.Richard J. Moore2014-03-101-0/+13
|/ | | | | | | | | | | | Previously we allowed you to specify which version(s) you wanted to use, but did not provide access to the version that was actually negotiated. [ChangeLog][QtNetwork][QSslSocket] Add support for finding the version of SSL/TLS in use by a connection. Task-number: QTBUG-28471 Change-Id: I6d50d2bc9f1ce7f98192e67992178fe7e41c0575 Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
* SSL: add support for the Next Protocol Negotiation extensionPeter Hartmann2014-02-111-2/+104
| | | | | | | | | | | | ... which is needed to negotiate the SPDY protocol. [ChangeLog][QtNetwork][QSslConfiguration] Added support for the Next Protocol Negotiation (NPN) TLS extension. Task-number: QTBUG-33208 Change-Id: I3c945f9b7e2d2ffb0814bfdd3e87de1dae6c20ef Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Ensure weak ciphers are not part of the default SSL configuration.Richard J. Moore2014-01-211-1/+1
| | | | | | | | | | | | | | | | | | | | Any cipher that is < 128 bits is excluded from the default SSL configuration. These ciphers are still included in the list of availableCiphers() and can be used by applications if required. Calling QSslSocket::setDefaultCiphers(QSslSocket::availableCiphers()) will restore the old behavior. Note that in doing so I spotted that calling defaultCiphers() before doing other actions with SSL had an existing bug that I've addressed as part of the change. [ChangeLog][Important Behavior Changes] The default set of ciphers used by QSslSocket has been changed to exclude ciphers that are using key lengths smaller than 128 bits. These ciphers are still available and can be enabled by applications if required. Change-Id: If2241dda67b624e5febf788efa1369f38c6b1dba Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* QSslConfiguration: rename [get]session() to [get]sessionTicket()Peter Hartmann2013-11-081-12/+12
| | | | | | | | to reflect the fact that this returns and sets the whole session ticket, and not just the session ID. Change-Id: I00fe2bc4197dbcd7a02b3ae4f2f84e3a2a7edad0 Reviewed-by: Richard J. Moore <rich@kde.org>
* Doc: Adding mark-up to boolean default values.Jerome Pasion2013-10-081-4/+4
| | | | | | | | | | | | | | | | | Default values should have mark-up to denote that they are code. This commit changes: -"property is true" to "property is \c true". -"Returns true" to "Returns \c true". -"property is false" to "property is \c false". -"returns true" to "returns \c true". -"returns false" to "returns \c false". src/3rdparty and non-documentation instances were ignored. Task-number: QTBUG-33360 Change-Id: Ie87eaa57af947caa1230602b61c5c46292a4cf4e Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com> Reviewed-by: Jerome Pasion <jerome.pasion@digia.com>
* QSslConfiguration: add API to persist and resume SSL sessionsPeter Hartmann2013-05-101-3/+62
| | | | | | | | | | | | | Session tickets can be cached on the client side for hours (e.g. graph.facebook.com: ~ 24 hours, api.twitter.com: 4 hours), because the server does not need to maintain state. We need public API for it so an application can cache the session (e.g. to disk) and resume a session already with the 1st handshake, saving one network round trip. Task-number: QTBUG-20668 Change-Id: I10255932dcd528ee1231538cb72b52b97f9f4a3c Reviewed-by: Richard J. Moore <rich@kde.org>
* Add support for intermediate certificates to server sockets.Richard Moore2013-02-191-0/+27
| | | | | | | | | | Add intermediate certificates to our server sockets, and to our client certs. Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba Task-Number: QTBUG-19825 Task-Number: QTBUG-13281 Reviewed-by: Peter Hartmann <phartmann@rim.com>
* Store the local certificate in a QList.Richard Moore2013-02-191-4/+19
| | | | | | | | | Instead of storing a single QSslCertificate for a the local cert, store a list of them. This will allow us to handle server sockets that use a certificate that is not issued directly from the CA root in future. Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96 Reviewed-by: Peter Hartmann <phartmann@rim.com>
* SSL: Implement session sharing and use it from QNetworkAccessManagerPeter Hartmann2013-02-061-0/+6
| | | | | | | | This improves performance since a network round trip can be avoided. Change-Id: I1aaff7e48ef9638cb137de0f43942c3a4dd2884a Initial-patch-by: Markus Goetz <markus@woboq.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* QSslConfiguration: toggle on demand loading of root certs properlyPeter Hartmann2013-01-231-0/+3
| | | | | | | | | | | | | | | make sure we keep track of when we can load root certs and when we cannot (we cannot when the developer set the certs explicitly). This is implemented the same way for QSslSocket already, and needs to be duplicated because we have 2 methods for setting CA certificates: one in QSslSocket and one in QSslConfiguration. In addition, adapt the auto test which checks whether setting a default QSslConfiguration works: There is no way to set on demand loading through the API, so it should be enabled by default. Task-number: QTBUG-29103 Change-Id: I5146128aaa385dfcc0ad1e0ef81a92d9350ec5f2 Reviewed-by: Richard J. Moore <rich@kde.org>
* Update copyright year in Digia's license headersSergio Ahumada2013-01-181-1/+1
| | | | | Change-Id: Ic804938fc352291d011800d21e549c10acac66fb Reviewed-by: Lars Knoll <lars.knoll@digia.com>
* Add more qtbase implictly-shared classes to the listGiuseppe D'Angelo2012-11-301-0/+1
| | | | | | | QText*Format and QDns* ones are still missing. Change-Id: I8e87fba596e87289ca935717e0a90bfc0b0a26c0 Reviewed-by: hjk <qthjk@ovi.com>
* Change copyrights from Nokia to DigiaIikka Eklund2012-09-221-24/+24
| | | | | | | | Change copyrights and license headers from Nokia to Digia Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e Reviewed-by: Lars Knoll <lars.knoll@digia.com> Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
* Disable SSL compression by default.Richard Moore2012-09-181-1/+2
| | | | | | | | | Disable SSL compression by default since this appears to be the a likely cause of the currently hyped CRIME attack. Change-Id: I515fcc46f5199acf938e9e880a4345f2d405b2a3 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Peter Hartmann <phartmann@rim.com>
* doc: Fixed qdoc errors in SSLMartin Smith2012-08-181-4/+6
| | | | | | | | | Fixed some bad camel case, marked some parameters with \a, and changed a \enum to a \typedef. Removed some obasolete text. Change-Id: I1e69dd9f3b74129230770addc80fe1c125faf268 Reviewed-by: Richard J. Moore <rich@kde.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-09 14:58:45 +0000