| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Change-Id: I0b4b18e6ea2b78917220e77865fd92eb7a684179
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We had such an overloaded version in QSslSocket, it was deprecated without
providing any alternative. Now this function has some use and may be
introduced in Qt6, as QSslConfiguration::setCiphers(const QString &).
Last but not the least - a useless and strange auto-test was removed
(it was creating a list of 5 QSslCiphers each with isNull() == true).
That's becasue '!MD5' or 'ALL' (for example) is not a cipher to be found
in supportedCiphers.
Change-Id: I47eb4c0faa9b52885e883751dd992cd9cb3d26fe
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-84469
Change-Id: I7827da68e73ca8ff1e599c836f2157894c452b63
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\
| |
| |
| | |
Change-Id: Ibee5acec72a1a1769d4bc5f23f56c7dc8d4cf3cb
|
| |
| |
| |
| |
| |
| |
| | |
From API review
Change-Id: Id174ff1a0a123585e41723ef1c1876b2f3bd39c5
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
examples/widgets/graphicsview/boxes/scene.h
src/corelib/Qt5CoreMacros.cmake
src/corelib/Qt6CoreMacros.cmake
src/network/ssl/qsslsocket.cpp
src/network/ssl/qsslsocket.h
src/platformsupport/fontdatabases/windows/qwindowsfontenginedirectwrite.cpp
src/testlib/CMakeLists.txt
src/testlib/.prev_CMakeLists.txt
tests/auto/corelib/tools/qscopeguard/tst_qscopeguard.cpp
Disabled building manual tests with CMake for now, because qmake
doesn't do it, and it confuses people.
Done-With: Alexandru Croitor <alexandru.croitor@qt.io>
Done-With: Volker Hilsheimer <volker.hilsheimer@qt.io>
Change-Id: I865ae347bd01f4e59f16d007b66d175a52f1f152
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The changed function was added in September 2019 in 5.15 branch before
the new overload was added and the old one was deprecated, so we can
freely change it.
Amends 1068d579ee848edf08db5ac611b292c76c30a39b
Change-Id: Iff9d72c26ce557c28b188e1754daa03fd061d531
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
1. Add a new verification callback. This gives an option
to report errors directly from this callback (by emitting
handshakeInterruptedOnError()). This allows an application
to explain to its peer why the handshake was interrupted (by
sending a corresponding alert message).
2. This also means we want to notice such alerts (in Qt,
from the application's point of view, they are mostly
informational only, no interaction is required). So we
also introduce a new 'info callback', that can notice alert
messages read or written. We also introduce two new enums
describing the level and type of an alert message. QSslSocket
gets three new signals (for incoming/outgoing alerts and
verification errors found early).
3. In case we requested a certificate, but the peer provided
none, we would previously abruptly close the connection without
a proper alert message (and such a situation is not handled
by any verification callbacks, since there is no certificate(s)
to verify essentially). So we now introduce a new verification
option that maps to what OpenSSL calls 'SSL_VERIFY_FAIL_IF_NO_PEER_CERT'.
This way, the proper alert will be generated.
Fixes: QTBUG-68419
Change-Id: I5d1e9298b4040a2d4f867f5b1a3567a2253927b8
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Include qcontainerfwd.h instead where required. This prepares
for unifying QList and QVector.
Change-Id: I6c85e2bdd44fb41aedd884b0d551f682760df5b5
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|\|
| |
| |
| | |
Change-Id: Ideaa64d583746f1ce8265997131fb1ce3a9acbcf
|
| |
| |
| |
| |
| |
| |
| |
| | |
The QSslSocket versions of these will be deprecated.
Change-Id: I88c788f88e13f190e015d6a78b958e81c2d483a1
Reviewed-by: Jesus Fernandez <jsfdez@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As it was superseded by HTTP/2. Bye, Speedy. Since it's Qt 6,
we also fix the attribute's enumerator to fit our coding
convention with HTTP2AllowedAttribute becoming Http2AllowedAttribute,
and the same for HTTP2WasUsedAttribute.
tst_qnetworkreply in 'benchmark' directory of qtbase/tests
was updated - we have the logic they tested in preConnectEncrypted
in tst_http2 now.
Manual qnetworkreply test was updated (instead of SPDY in NPN failure
we can use H2, the second test was deleted - again, auto-tested in
tst_http2).
Change-Id: I559c140c333ddf72664911c6e275b1d0d2b980a9
Task-number: QTBUG-78255
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
| |
Remove remaining handling of missing support for rvalue refs.
Change-Id: I78bab8bccfeeb9c76f464f345874364a37e4840a
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
| |
Change-Id: I91ac9e714a465cab226b211812aa46e8fe5ff2ab
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch enables OCSP stapling in QSslSocket::SslClientMode (OpenSSL back-end
only). OCSP stapling is described by RFC6066 and based on the original OCSP as
defined by RFC2560. At the moment multiple certificate status protocol is not
supported (not implemented in OpenSSL). SecureTransport does not support OCSP
stapling at the moment.
[ChangeLog][QtNetwork][TLS] Added OCSP-stapling support for OpenSSL backend
Task-number: QTBUG-12812
Task-number: QTBUG-17158
Change-Id: Id2e0f4cc861311d1ece462864e5e30c76184af8c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
| |
This update corrects several minor documentation errors that
were introduced by a recent change to QDtls.
Change-Id: I6ee6b0bf74c82dca86ba8d5f39acbd642829ec44
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL has 'no-dtls' configure option (or can be too ancient to properly
support it), we shall respect such builds. This patch extends configure.json
with a 'dtls' test and adds protection against linkage/compile-time
issues in the QtNetwork's code.
Change-Id: I0c0dd94f5c226115cee4285b82c83aa546555aea
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds DTLS support to QtNetwork module (and its OpenSSL
back-end).
DTLS over UDP is defined by RFC 6347.
The new API consists of
1) QDtlsClientVerifier which checks if a client that sent us ClientHello
is a real DTLS client by generating a cookie, sending a HelloVerifyRequest
with this cookie attached, and then verifiying a cookie received back.
To be deployed in combination with a server-side QUdpSocket.
2) QDtls - initiates and proceeds with a TLS handshake (client or server
side), with certificates and/or pre-shared key (PSK), and encrypts/decrypts
datagrams after the handshake has finished.
This patch does not implement yet another UDP socket, instead
it allows use of existing QUdpSocket(s), by adding DTLS support
on top. OpenSSL back-end uses a custom BIO to make it work with
QUdpSocket and give a finer control over IO operations.
On the server side, demultiplexing is left to client code (could
be done either by connecting QUdpSocket or by extracting address/port
for an incoming datagram and then forwarding/dispatching them to
the corresponding QDtls object).
Task-number: QTPM-779
Change-Id: Ifcdf8586c70c3018b0c5549efc722e795f2c1c52
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|\
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/features/qt_module_headers.prf
tests/auto/widgets/itemviews/qheaderview/tst_qheaderview.cpp
tests/auto/widgets/kernel/qwidget/BLACKLIST
Change-Id: I2a08952d28d1d0e3d73f521a3d44700ce79ff16c
|
| |
| |
| |
| |
| |
| |
| |
| | |
Introduced by mistake in f55c73ede28d4455f555a28e401407326ac9b954
Change-Id: Ieac8fc0a6bb536e5ef3770a22785fe41d4033ee9
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
Namespace QSsl: introduce DtlsV1_0/DtlsV1_2/DtlsV1_2OrLater enumerators
into SslProtocol. Implement QSslConfiguration::defaultDtlsConfiguration.
Make some functions shared - now not only QSslSocket needs them,
but also DTLS-related code. This patch-set also enables
protocol-specific set of ciphers (so for DTLS we are using
the correct method - 'DTLS_method').
Change-Id: I828fc898674aa3c0a471e8e5b94575bb50538601
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
| |
Commit f55c73ede28d4455f555a28e401407326ac9b954 added various backendConfig methods;
API review for 5.11 pointed out that Config should not be abbreviated.
Change-Id: I3b294b44a030b2a6e4cdd034fa27583c228dfe42
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
| |
With this change it is possible to use all supported
configurations in different backends without any new interfaces.
Change-Id: Ib233539a970681d30ae3907258730e491f8d3531
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Add HTTP2 support in QNAM - QHttp2ProtocolHandler + aux. classes.
[ChangeLog][QtNetwork] Added support for HTTP/2 protocol
Task-number: QTBUG-50956
Change-Id: I3a119cfbb1fb3118d9003225f5e54b46ae2829b6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new modular configuration system requires one global
header per module, that is included by all other files in
this module.
That header will later on #include the configuration file
for Qt Network. For now it defines the Q_NETWORK_EXPORT
macro for this library.
Change-Id: I9c45d425baf881c431ed71fd457c7feb2c123855
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
|
|
|
|
|
|
|
|
|
|
| |
Only the OpenSSL backend is supported right now.
[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
set custom Diffie-Hellman parameters for QSslSocket-based servers.
Change-Id: I50148873132cd0ec7e414250b107b6b4cbde02ea
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
|
|
|
|
|
|
|
|
| |
[ChangeLog][QtNetwork][QSslSocket] TLS PSK ciphers are possible in server sockets.
Task-number: QTBUG-39077
Change-Id: Iaa854a6f50242deae5492f2e4759c727488995f5
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
| |
From Qt 5.7 -> LGPL v2.1 isn't an option anymore, see
http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/
Updated license headers to use new LGPL header instead of LGPL21 one
(in those files which will be under LGPL v3)
Change-Id: I046ec3e47b1876cd7b4b0353a576b352e3a946d9
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using cipher algorithms with forward secrecy an ephemeral key is
used to generate the symmetric session key. Beside the SSL certificate's
key, this ephemeral key is of cryptographic interest.
The ephemeral key is chosen by the server side - currently statically in
the Qt implementation - so it is only of interest on the client side to
check it. Therefore the ephemeral key is the null key if the connection
is set up in server mode or a cipher without forward secrecy is used.
Change-Id: If241247dbb8490a91233ae47f2b38952c6591bf4
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/global/qglobal.cpp
src/corelib/global/qglobal.h
src/corelib/global/qsysinfo.h
src/corelib/global/qsystemdetection.h
src/corelib/kernel/qobjectdefs.h
src/plugins/plugins.pro
tests/auto/widgets/itemviews/qlistview/qlistview.pro
Change-Id: Ib55aa79d707c4c1453fb9d697f6cf92211ed665c
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
QSslConfiguration is better suited for these APIs. The ones
in QSslSocket that already have a counterpart have been deprecated.
[ChangeLog][QtNetwork][SSL/TLS Support] Most of the QSslSocket
functions to deal with ciphersuites, certification authorities
as well as elliptic curves have been deprecated in favor of the
corresponding counterparts in QSslConfiguration.
Task-number: QTBUG-46558
Change-Id: I1de03379efcbcab931c20e876e252769fe4279e0
Reviewed-by: Liang Qi <liang.qi@theqtcompany.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Jani Heikkinen <jani.heikkinen@theqtcompany.com>
|
|/
|
|
|
| |
Change-Id: Ib29ec4b73a4cdc51074997f7d167c289cf5af7a4
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Qt copyrights are now in The Qt Company, so we could update the source
code headers accordingly. In the same go we should also fix the links to
point to qt.io.
Outdated header.LGPL removed (use header.LGPL21 instead)
Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing
combination. New header.LGPL-COMM taken in the use file which were
using old header.LGPL3 (src/plugins/platforms/android/extract.cpp)
Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license
combination
Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe
Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
|
|
|
|
|
|
| |
Change-Id: I9c09a3e2dfb90eb22d4509ac6c450a0bb5da48f6
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
| |
[ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic
curves should be used by an elliptic curve cipher.
Change-Id: If5d0d58922768b6f1375836489180e576f5a015a
Done-with: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
| |
- Renamed LICENSE.LGPL to LICENSE.LGPLv21
- Added LICENSE.LGPLv3
- Removed LICENSE.GPL
Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2
Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we allowed you to specify which version(s) you wanted to use,
but did not provide access to the version that was actually negotiated.
[ChangeLog][QtNetwork][QSslSocket] Add support for finding the version
of SSL/TLS in use by a connection.
Task-number: QTBUG-28471
Change-Id: I6d50d2bc9f1ce7f98192e67992178fe7e41c0575
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
... which is needed to negotiate the SPDY protocol.
[ChangeLog][QtNetwork][QSslConfiguration] Added support for the Next
Protocol Negotiation (NPN) TLS extension.
Task-number: QTBUG-33208
Change-Id: I3c945f9b7e2d2ffb0814bfdd3e87de1dae6c20ef
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
|
|
|
|
|
|
|
| |
to reflect the fact that this returns and sets the whole session
ticket, and not just the session ID.
Change-Id: I00fe2bc4197dbcd7a02b3ae4f2f84e3a2a7edad0
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Session tickets can be cached on the client side for hours (e.g.
graph.facebook.com: ~ 24 hours, api.twitter.com: 4 hours), because the
server does not need to maintain state.
We need public API for it so an application can cache the session (e.g.
to disk) and resume a session already with the 1st handshake, saving
one network round trip.
Task-number: QTBUG-20668
Change-Id: I10255932dcd528ee1231538cb72b52b97f9f4a3c
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
| |
Add intermediate certificates to our server sockets, and to our client
certs.
Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba
Task-Number: QTBUG-19825
Task-Number: QTBUG-13281
Reviewed-by: Peter Hartmann <phartmann@rim.com>
|
|
|
|
|
|
|
|
|
| |
Instead of storing a single QSslCertificate for a the local cert, store
a list of them. This will allow us to handle server sockets that use a
certificate that is not issued directly from the CA root in future.
Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96
Reviewed-by: Peter Hartmann <phartmann@rim.com>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/concurrent/doc/qtconcurrent.qdocconf
src/corelib/doc/qtcore.qdocconf
src/corelib/global/qglobal.h
src/dbus/doc/qtdbus.qdocconf
src/dbus/qdbusmessage.h
src/gui/doc/qtgui.qdocconf
src/gui/image/qimagereader.cpp
src/network/doc/qtnetwork.qdocconf
src/opengl/doc/qtopengl.qdocconf
src/opengl/qgl.h
src/plugins/platforms/windows/qwindowswindow.cpp
src/printsupport/doc/qtprintsupport.qdocconf
src/sql/doc/qtsql.qdocconf
src/testlib/doc/qttestlib.qdocconf
src/tools/qdoc/doc/config/qt-cpp-ignore.qdocconf
src/widgets/doc/qtwidgets.qdocconf
src/xml/doc/qtxml.qdocconf
Change-Id: Ie9a1fa2cc44bec22a0b942e817a1095ca3414629
|
| |
| |
| |
| |
| |
| | |
Change-Id: I559d4dd8789a249af855f6fe9bfe013ba1d77132
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This improves performance since a network round trip can be avoided.
Change-Id: I1aaff7e48ef9638cb137de0f43942c3a4dd2884a
Initial-patch-by: Markus Goetz <markus@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|/
|
|
|
|
|
|
|
|
|
| |
The macro was made empty in ba3dc5f3b56d1fab6fe37fe7ae08096d7dc68bcb
and is no longer necessary or used.
Discussed-on: http://lists.qt-project.org/pipermail/development/2013-January/009284.html
Change-Id: Id2bb2e2cabde059305d4af5f12593344ba30f001
Reviewed-by: Laszlo Papp <lpapp@kde.org>
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
Reviewed-by: hjk <hjk121@nokiamail.com>
|
|
|
|
|
| |
Change-Id: Ic804938fc352291d011800d21e549c10acac66fb
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
|
|
|
|
|
|
|
|
| |
Change copyrights and license headers from Nokia to Digia
Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
|
|
|
|
|
| |
Change-Id: Ib3eaba59836529ad0cf8e4353b54dd0cd31fd1ad
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The Q_DECLARE_METATYPE()s were outside of #ifndef QT_NO_SSL for classes
that are defined inside.
Expand the #ifndef block.
Change-Id: I45b73a24032fb2a79fd80d91282b782daa8a8f68
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
Reviewed-by: Rafael Roquetto <rafael.roquetto@kdab.com>
|