| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch-set implements a new QSslSocket backend based on OpenSSL 1.1.
1. General.
The code in this patch was organized to achieve these (somewhat contradicting)
objectives:
- keep the new code free of #if-ery, as far as possible;
- make it easy to clean away dead code when we're eventually able to retire
out-dated OpenSSL versions;
- reduce the amount of code duplication.
If changes in some file/component were insignificant (~5 one-liners per file),
we still use pp-checks like: #if QT_CONFIG(opensslv11) ... #else ... #endif -
the logic is simple and it's still easy to clean the code if we remove the legacy
back-end. Where it saved #if-ery, we also introduced 'forward-compatible'
macros implementing equivalents of 1.1 functions using older OpenSSL.
In case some class contains a lot of version-specific ifdefs (particularly where
nested #if-ery was complex) we choose to split code into: "pre11" h/cpp files,
"shared" h/cpp files (they preserve their original names, e.g qsslsocket_openssl.cpp)
and "11" h/cpp files. If in future we remove the legacy back-end, "pre11" should be
removed; "shared" and "11" parts - merged.
2. Configuration.
We introduced a new feature 'opensslv11' which complements the pre-existing
'openssl' and 'openssl-linked' features. The 'opensslv11' feature is enabled
by a simple test which either compiles successfully or ends in a compilation
error, depending on a value of the OPENSSL_VERSION_NUMBER constant. If the
feature was enabled, we also append an additional compilation flag
-DOPENSSL_API_COMPAT=0x10100000L to make sure our new code does not contain
deprecated structures, function calls, macro-invocations from OpenSSL < 1.1.
Change-Id: I2064efbe9685def5d2bb2233a66f7581954fb74a
Reviewed-by: André Klitzing <aklitzing@gmail.com>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
- add missing \since 5.8 on free functions
- fix \relates of qHash to point to QSslDHP, not QHash, which is in another module
- API fix: use named instead of unnamed ctors
- share code between ctors
- API fix: add inline move ctor (for now, this requires using a naked d pointer,
which isn't much of a problem, since the class is immutable).
Change-Id: Ic30f9c3c03b8a3798e0676e38991ead85c587214
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
|
|
|
|
|
|
|
|
|
| |
The declaration and definition of the forwarding functions for PSK
differed which leads to link errors with some versions of openssl.
Change-Id: Ic62d87dbd33a77f3c114f0a597a6c0858b22174a
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: André Klitzing <aklitzing@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Only the OpenSSL backend is supported right now.
[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
set custom Diffie-Hellman parameters for QSslSocket-based servers.
Change-Id: I50148873132cd0ec7e414250b107b6b4cbde02ea
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/wince80colibri-armv7-msvc2012/qmake.conf
qmake/generators/win32/msvc_vcproj.cpp
src/corelib/global/qnamespace.h
src/corelib/global/qnamespace.qdoc
src/corelib/io/qfsfileengine_win.cpp
src/corelib/tools/tools.pri
src/network/ssl/qsslconfiguration_p.h
src/plugins/platforms/linuxfb/qlinuxfbscreen.cpp
src/plugins/platforms/windows/windows.pri
src/src.pro
src/tools/bootstrap/bootstrap.pro
src/tools/uic/cpp/cppwriteinitialization.cpp
src/widgets/dialogs/qfilesystemmodel.cpp
tests/auto/testlib/selftests/expected_cmptest.teamcity
tests/auto/testlib/selftests/expected_cmptest.txt
Change-Id: I4d2ac78f0dcc97f008186bbbc769c6fe588ab0e5
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Port the last remaining Q_FOREACH user in QtNetwork to
C++11 range-for and mark the library as Q_FOREACH-free,
using QT_NO_FOREACH.
Change-Id: I8977f151e3575422fc1154677e035274c018d66f
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
config_help.txt
configure
src/corelib/io/qprocess_wince.cpp
src/plugins/platforms/windows/qwindowstheme.cpp
src/plugins/platforms/xcb/qxcbbackingstore.cpp
tests/auto/corelib/tools/qtimezone/BLACKLIST
tests/auto/network/socket/qudpsocket/tst_qudpsocket.cpp
tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp
Change-Id: I26644d1cb3b78412c8ff285e2a55bea1bd641c01
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
... by replacing them with C++11 range-for loops.
This is the simplest of the patch series: Q_FOREACH took a
copy, so we do, too. Except we don't, since we're just
catching the return value that comes out of the function
(RVO). We can't feed the rvalues into range-for, because
they are non-const and would thus detach.
Change-Id: I42c9c44d948ab1512a69d42890187bc3cf2d7e58
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
... by replacing them with C++11 range-for loops.
To avoid detaches of these mutable Qt containers,
wrap the container in qAsConst().
Change-Id: I47c5308a6ad220b4c5495e55a3b0d38547bfa8d9
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
... (or trivially marked const) local variables or
parameters, by replacing them with C++11 range-for
loops.
Also ported one indexed loop.
Change-Id: Idddcac48ce7527b1ea674671ceb9aaf4d31fb42e
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
[ChangeLog][QtNetwork][QSslSocket] TLS PSK ciphers are possible in server sockets.
Task-number: QTBUG-39077
Change-Id: Iaa854a6f50242deae5492f2e4759c727488995f5
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
ALPN and NPN should not be mutually exclusive, it's possible that our
peer does not support ALPN but does support a protocol we can negotiate
via NPN. So use them both.
Change-Id: Ib3c8066d89117efab55ac8435cc2c806c7a1ece0
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|/
|
|
|
|
|
|
|
| |
Application-Layer Protocol Negotiation (ALPN) - is a reworked revision
of Next Protocol Negotiation (NPN) we have in our OpenSSL code.
Can be used as a part of HTTP2 negotiation during TLS handshake.
Change-Id: I484ec528c81d4887a64749095ec292dfaec18330
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's a version of fromConfiguration() that returns the QSslContext
instance in a shared instead of a naked pointer.
Use it in QSslSocketBackend.
The idea here, of course, is to use QSharedPointer<T>::create(),
which co-locates the refcount with the payload in a single memory
allocation, instead of QSharedPointer<T>(new T), which causes
two allocations.
Change-Id: Ia5396fb3b291f2912fca5cd97e0aa1e45e065e55
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
| |
This is in preparation of providing a named constructor that returns
a shared instead of a naked pointer.
Change-Id: I23aed950facac9d0b053321e75b61df7df8a6605
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
From Qt 5.7 -> LGPL v2.1 isn't an option anymore, see
http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/
Updated license headers to use new LGPL header instead of LGPL21 one
(in those files which will be under LGPL v3)
Change-Id: I046ec3e47b1876cd7b4b0353a576b352e3a946d9
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The latter is much faster as it doesn't have to deal with
time zones.
This change is safe, because the QDateTimes are only used for
comparison with other QDateTimes, which, from a quick glance around,
seem to be mostly, if not exclusively, in UTC. Comparsions work
across time zones, but the comparison between UTC date-times is
fastest.
Credits to Milian Wolff, from whose QtWS15 talk this advice is
taken.
Change-Id: I6859d886d8dc8e0a52fbe394fbb7b93a87b4739a
Reviewed-by: Milian Wolff <milian.wolff@kdab.com>
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@theqtcompany.com>
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
|
|
|
|
|
|
|
|
| |
invalid conversion from ‘unsigned char**’ to ‘const unsigned char**’
Task-number: QTBUG-44744
Change-Id: I6263db106fe28c6aa04db8ca79421b3a9fc5adc9
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
| |
Change-Id: Ic5305216536ee3938c389336c979b5c90fc886e4
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
|
|
|
|
|
|
|
|
| |
This change is a step closer to working with openssl 1.2 which makes
this struct opaque.
Change-Id: I3897142657edc0fa4053142b6ef743c2b00c013e
Reviewed-by: Peter Hartmann <peter-qt@hartmann.tk>
|
|
|
|
|
| |
Change-Id: I90b99fb515dcf559824f673d2304081238541c4c
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Qt copyrights are now in The Qt Company, so we could update the source
code headers accordingly. In the same go we should also fix the links to
point to qt.io.
Outdated header.LGPL removed (use header.LGPL21 instead)
Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing
combination. New header.LGPL-COMM taken in the use file which were
using old header.LGPL3 (src/plugins/platforms/android/extract.cpp)
Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license
combination
Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe
Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/3rdparty/harfbuzz-ng/harfbuzz-ng.pro
src/gui/image/qimage_conversions.cpp
src/gui/opengl/qopenglextensions_p.h
src/gui/text/qtextengine.cpp
src/network/ssl/qsslsocket_openssl.cpp
src/plugins/platforms/eglfs/qeglfshooks_stub.cpp
src/plugins/platforms/eglfs/qeglfsscreen.cpp
src/plugins/platforms/eglfs/qeglfswindow.cpp
src/plugins/platforms/windows/qwindowsfontdatabase.cpp
src/plugins/platforms/windows/qwindowsfontdatabase_ft.cpp
src/plugins/platforms/windows/qwindowsnativeinterface.cpp
src/plugins/platforms/windows/qwindowsscreen.cpp
src/plugins/platforms/windows/qwindowswindow.cpp
src/plugins/platforms/windows/qwindowswindow.h
src/plugins/platforms/xcb/qxcbdrag.h
src/widgets/itemviews/qabstractitemview.cpp
src/widgets/kernel/qwidget.cpp
src/widgets/util/qsystemtrayicon_p.h
tests/auto/corelib/itemmodels/qsortfilterproxymodel/tst_qsortfilterproxymodel.cpp
Thanks to Friedemann Kleint for resolving the qwindowsfontdatabase.cpp
conflicts.
Change-Id: I937232c30523d5121c195d947d92aec6f129b03e
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since openssl 1.0.1k with enabled option no-ssl3-method we need to
check for OPENSSL_NO_SSL3_METHOD to use following functions:
- SSLv3_method
- SSLv3_server_method
- SSLv3_client_method
Change-Id: Iee83a6f4bacbf5660baa6bdb89eb02ceb9f11614
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There were still ifdefs for openssl 0.9.7 and openssl 0.9.8f.
[ChangeLog][QtNetwork] Some legacy ifdefs for openssl 0.9.7 and openssl 0.9.8f
were removed, Qt will no longer build with these versions. In addition there
is no support for openssl built with NO_TLSEXT.
Change-Id: I9268515c0a125a2f6d79add8ee1cb40768e7e898
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
|
| |
| |
| |
| |
| | |
Change-Id: I51733e9a3bb0d5d54dc2f61ac75751d899a84bd1
Reviewed-by: Peter Hartmann <peter-qt@hartmann.tk>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add possibility to get length and other information of EC based
certificates. Also it is possible to parse those public/private
keys from PEM and DER encoded files.
Based on patch by Remco Bloemen
[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
parse elliptic curve certificates.
Change-Id: I4b11f726296aecda89c3cbd195d7c817ae6fc47b
Task-number: QTBUG-18972
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/global/qglobal.h
src/platformsupport/platformcompositor/qopenglcompositor.cpp
src/platformsupport/platformcompositor/qopenglcompositorbackingstore.cpp
tests/auto/gui/kernel/qwindow/tst_qwindow.cpp
Change-Id: I5422868500be695584a496dbbbc719d146bc572d
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Place all debug output into the 'qt.network.ssl' category.
This allows people to disable certain warnings at runtime.
Task-number: QTBUG-43173
Change-Id: Ide731fae3109f9cd7730cc096ee069a5b99d35f1
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The only reason for copying QSslEllipticCurves into a temporary array
would be to be extra-pedantic about type safety, but in the end,
we can simply force a cast and remove the copy.
Change-Id: Ice8a036fe4b79ba438ce83b5eacf6158eb3f0ce7
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL 1.0.2 introduces SSL_CTX_set_ecdh_auto, which allows us
to stop using one specific temporary curve, and instead makes
the server negotiate the best curve.
Task-number: QTBUG-42925
Change-Id: I3a68f29030bdf04f368bfdf79c888401ce82bdd8
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic
curves should be used by an elliptic curve cipher.
Change-Id: If5d0d58922768b6f1375836489180e576f5a015a
Done-with: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|\|
| |
| |
| |
| |
| |
| | |
Conflicts:
src/gui/text/qfontdatabase.cpp
Change-Id: I6ac1f55faa22b8e7b591386fb67f0333d0ea443d
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After the poodle vulnerability SSLv3 should like SSLv2 no longer be
considered safe, so when a user request a safe protocol we should
only allow TLS versions.
[ChangeLog][QtNetwork][QSsl] QSsl::SecureProtocols now also excludes SSLv3
Change-Id: If825f6beb599294b028d706903b39db6b20be519
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|\|
| |
| |
| | |
Change-Id: If7e51514ed6832750e3ad967e4d322ccf920d2bb
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When creating SSL context failed due to unsupported protocol being
demanded, no explanation was given. It's because
QSslContext::fromConfiguration() extracted explanation for error message
from OpenSSL, which at that point hasn't even been called yet. This
patch adds explicit message informing that an unsupported protocol was
chosen.
Task-number: QTBUG-41775
Change-Id: I9d2710da4ba314a16837a90afcdc5d9256179bef
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/tools/qbytearray.cpp
src/gui/image/qimage.cpp
src/gui/image/qppmhandler.cpp
src/gui/kernel/qguiapplication.cpp
src/gui/painting/qpaintengine_raster.cpp
Change-Id: I7c1a8e7ebdfd7f7ae767fdb932823498a7660765
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Renamed LICENSE.LGPL to LICENSE.LGPLv21
- Added LICENSE.LGPLv3
- Removed LICENSE.GPL
Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2
Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
|
|/
|
|
|
| |
Change-Id: I2c2f5072302d2989362a382bd24cc10617336acf
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
|
|
In order to prepare the addition of WinRT and iOS (SecureTransport)
implementations of SSL the structure of some SSL files has to be
redone. Parts of certificate that probably can be reused by other
ports stayed in qsslcertificate.cpp while other parts were moved
to qsslcertificate_openssl.cpp. qsslcontext, qsslkey and qsslsocket
were suffixed by _openssl to show that these are pure openssl
implementations.
Change-Id: I7b022dec49759f882274999c0991bf95788f2a3a
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|