| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Add support for SSL on iOS/OS X by adding a SecureTransport based
backend.
[ChangeLog][QtNetwork][QSslSocket] A new SSL backend for iOS and OS X,
implemented with Apple's Secure Transport (Security Framework).
Change-Id: I7466db471be2a8a2170f9af9d6ad4c7b6425738b
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
| |
[ChangeLog][QtNetwork][QSslSocket] It is now possible to use TLS PSK
ciphersuites in client sockets.
Task-number: QTBUG-39077
Change-Id: I5523a2be33d46230c6f4106c322fab8a5afa37b4
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/global/qglobal.h
src/platformsupport/platformcompositor/qopenglcompositor.cpp
src/platformsupport/platformcompositor/qopenglcompositorbackingstore.cpp
tests/auto/gui/kernel/qwindow/tst_qwindow.cpp
Change-Id: I5422868500be695584a496dbbbc719d146bc572d
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Place all debug output into the 'qt.network.ssl' category.
This allows people to disable certain warnings at runtime.
Task-number: QTBUG-43173
Change-Id: Ide731fae3109f9cd7730cc096ee069a5b99d35f1
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
QIODevice makes readData() call only when its read buffer is empty.
Also data argument points to the user or reserved read buffer area.
So, no need in data transfer from read buffer at this point at all.
Task-number: QTBUG-41797
Change-Id: Ieb4afdf7eec37fdf288073e4a060e64424f22b9c
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 1853579dad1bbb44599314213a1d8a203ecae1c9)
Reviewed-by: Alex Trotsenko <alex1973tr@gmail.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic
curves should be used by an elliptic curve cipher.
Change-Id: If5d0d58922768b6f1375836489180e576f5a015a
Done-with: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/tools/qbytearray.cpp
src/gui/image/qimage.cpp
src/gui/image/qppmhandler.cpp
src/gui/kernel/qguiapplication.cpp
src/gui/painting/qpaintengine_raster.cpp
Change-Id: I7c1a8e7ebdfd7f7ae767fdb932823498a7660765
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Renamed LICENSE.LGPL to LICENSE.LGPLv21
- Added LICENSE.LGPLv3
- Removed LICENSE.GPL
Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2
Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
QIODevice makes readData() call only when its read buffer is empty.
Also data argument points to the user or reserved read buffer area.
So, no need in data transfer from read buffer at this point at all.
Change-Id: Ieb4afdf7eec37fdf288073e4a060e64424f22b9c
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|/
|
|
|
|
|
|
|
|
| |
I was actually wondering if the test always succeeds (i.e. should
be turned into a Q_ASSERT), but I don't know the codebase enough to
justify such a change.
Change-Id: Id01b8de7244428e9b1c240dc365c66eeef0d6111
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
|
|
|
|
|
|
|
|
|
| |
Similarly to 1b19f660 (which added socket flushing before close), the
socket should have a chance to disconnect if the write buffer is not
empty. Instead of flushing, the pendingClose is added so that the
backend may disconnect the socket once these bytes have been written.
Change-Id: I2d85b6356c3e158bade3d5d86161d3e33649cad6
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
| |
This moves the socket backend's host name matching functions up to
QSslSocketPrivate so that they can be shared between backends. This
works, as there is no OpenSSL-specific code here.
Change-Id: I73c2081fdc2e60a44c90e90800d1e1877391a626
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
| |
The change creates a stub implementation for WinRT, adding the needed
files and classes to build SSL support on that platform.
Task-number: QTBUG-37497
Change-Id: Idc3e8aa91c5eb8a938705f2385d1074fe6c1d83e
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to prepare the addition of WinRT and iOS (SecureTransport)
implementations of SSL the structure of some SSL files has to be
redone. Parts of certificate that probably can be reused by other
ports stayed in qsslcertificate.cpp while other parts were moved
to qsslcertificate_openssl.cpp. qsslcontext, qsslkey and qsslsocket
were suffixed by _openssl to show that these are pure openssl
implementations.
Change-Id: I7b022dec49759f882274999c0991bf95788f2a3a
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/features/qt.prf
src/plugins/platforms/xcb/qxcbwindow.h
src/tools/qdoc/qdocindexfiles.cpp
src/widgets/kernel/qwidget_qpa.cpp
Change-Id: I214f57b03bc2ff86cf3b7dfe2966168af93a5a67
|
| |
| |
| |
| |
| |
| |
| |
| | |
Note added in QNetworkReply and QSslSocket documentation.
Task-number: QTBUG-16770
Change-Id: I2dd8cfb913ec29a96b5465a905cd213713b8d537
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If you do sock->write(data) followed by sock->close() then the data
written is not transmitted unless you flush when using QSslSocket but
is when using QTcpSocket. This change makes QSslSocket work like
QTcpSocket.
Change-Id: Ia2e1c021dc48ac0d573f78da782ea77641c03bc1
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Discussed with Peter and agreed that it's a slightly better fit there.
Change-Id: If8db777336e2273670a23d75d8542b30c07e0d7b
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add support for loading certificates and keys from PKCS#12 bundles
(also known as pfx files).
Task-number: QTBUG-1565
[ChangeLog][QtNetwork][QSslSocket] Support for loading PKCS#12
bundles was added. These are often used to transport keys and
certificates conveniently, particularly when making use of
client certificates.
Change-Id: Idaeb2cb4dac4b19881a5c99c7c0a7eea00c2b207
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
|
|\|
| |
| |
| | |
Change-Id: Idec54e19963e8d88c711cb179cffc81596323899
|
| |
| |
| |
| |
| |
| | |
Change-Id: I213ac1fb2733e675f3641441fe6c621bab06c1f0
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Many bugs originate due to mismatches between the build-time and
run-time versions of openssl but they're hard to debug as we don't
provide access to the build-time info. This addresses that weakness.
[ChangeLog][QtNetwork][QSslSocket] Added accessors for the version
of openssl used at build-time. This will help when debugging
problems caused by a mismatch with the run-time version.
Change-Id: I6a4c21c8f16ab4c90cdf166f38c62fe37bf1f165
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Previously we allowed you to specify which version(s) you wanted to use,
but did not provide access to the version that was actually negotiated.
[ChangeLog][QtNetwork][QSslSocket] Add support for finding the version
of SSL/TLS in use by a connection.
Task-number: QTBUG-28471
Change-Id: I6d50d2bc9f1ce7f98192e67992178fe7e41c0575
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
... which is needed to negotiate the SPDY protocol.
[ChangeLog][QtNetwork][QSslConfiguration] Added support for the Next
Protocol Negotiation (NPN) TLS extension.
Task-number: QTBUG-33208
Change-Id: I3c945f9b7e2d2ffb0814bfdd3e87de1dae6c20ef
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The overload used an evil hack to work around a flaw in the QSslCipher
API rather than fixing the API. The hack was broken by the addition of
support for newer versions of TLS. This change solves the issue properly
by fixing the QSslCipher API then using the fixed version.
Task-Number: QTBUG-34688
Change-Id: Ibf677c374f837f705395741e730d40d8f912d7c6
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Any cipher that is < 128 bits is excluded from the default SSL
configuration. These ciphers are still included in the list
of availableCiphers() and can be used by applications if required.
Calling QSslSocket::setDefaultCiphers(QSslSocket::availableCiphers())
will restore the old behavior.
Note that in doing so I spotted that calling defaultCiphers() before
doing other actions with SSL had an existing bug that I've addressed
as part of the change.
[ChangeLog][Important Behavior Changes] The default set of
ciphers used by QSslSocket has been changed to exclude ciphers that are
using key lengths smaller than 128 bits. These ciphers are still available
and can be enabled by applications if required.
Change-Id: If2241dda67b624e5febf788efa1369f38c6b1dba
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
| |
to reflect the fact that this returns and sets the whole session
ticket, and not just the session ID.
Change-Id: I00fe2bc4197dbcd7a02b3ae4f2f84e3a2a7edad0
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Default values should have mark-up to denote that they are code.
This commit changes:
-"property is true" to "property is \c true".
-"Returns true" to "Returns \c true".
-"property is false" to "property is \c false".
-"returns true" to "returns \c true".
-"returns false" to "returns \c false".
src/3rdparty and non-documentation instances were ignored.
Task-number: QTBUG-33360
Change-Id: Ie87eaa57af947caa1230602b61c5c46292a4cf4e
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Jerome Pasion <jerome.pasion@digia.com>
|
|
|
|
|
|
|
|
|
| |
This was removed by commit 4c8d8a72ec65f409394075ef50401265e495c1dd
But without it Playbook OS 2.1.0.1753 could not access ssh properly.
Change-Id: I18e136eaede2a5dffeb10b5fe31023b9aef709cb
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Session tickets can be cached on the client side for hours (e.g.
graph.facebook.com: ~ 24 hours, api.twitter.com: 4 hours), because the
server does not need to maintain state.
We need public API for it so an application can cache the session (e.g.
to disk) and resume a session already with the 1st handshake, saving
one network round trip.
Task-number: QTBUG-20668
Change-Id: I10255932dcd528ee1231538cb72b52b97f9f4a3c
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
| |
... but rather throw an error, so the HTTP layer can recover from a SSL
shutdown gracefully. In case the other side sent us a shutdown, we should
not send one as well, as it results in an error.
Change-Id: Ie7a56cf3008b6ead912aade18dbec67846e2a87e
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove all trailing whitespace from the following list of files:
*.cpp *.h *.conf *.qdoc *.pro *.pri *.mm *.rc *.pl *.qps *.xpm *.txt *README
excluding 3rdparty, test-data and auto generated code.
Note A): the only non 3rdparty c++-files that still
have trailing whitespace after this change are:
* src/corelib/codecs/cp949codetbl_p.h
* src/corelib/codecs/qjpunicode.cpp
* src/corelib/codecs/qbig5codec.cpp
* src/corelib/xml/qxmlstream_p.h
* src/tools/qdoc/qmlparser/qqmljsgrammar.cpp
* src/tools/uic/ui4.cpp
* tests/auto/other/qtokenautomaton/tokenizers/*
* tests/benchmarks/corelib/tools/qstring/data.cpp
* util/lexgen/tokenizer.cpp
Note B): in about 30 files some overlapping 'leading tab' and
'TAB character in non-leading whitespace' issues have been fixed
to make the sanity bot happy. Plus some general ws-fixes here
and there as asked for during review.
Change-Id: Ia713113c34d82442d6ce4d93d8b1cf545075d11d
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
|
|
|
|
|
|
|
|
|
|
| |
Add intermediate certificates to our server sockets, and to our client
certs.
Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba
Task-Number: QTBUG-19825
Task-Number: QTBUG-13281
Reviewed-by: Peter Hartmann <phartmann@rim.com>
|
|
|
|
|
|
|
|
|
| |
Instead of storing a single QSslCertificate for a the local cert, store
a list of them. This will allow us to handle server sockets that use a
certificate that is not issued directly from the CA root in future.
Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96
Reviewed-by: Peter Hartmann <phartmann@rim.com>
|
|\
| |
| |
| |
| |
| |
| | |
Conflicts:
src/widgets/styles/qmacstyle_mac.mm
Change-Id: If8326db9e7da3cbf45dbf7475fdff9915c7723b1
|
| |
| |
| |
| |
| |
| |
| | |
... because almost everybody gets it wrong almost every time.
Change-Id: I54938ef094323ba8de02186b585b11b9579f3ca4
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|/
|
|
|
|
|
|
| |
This improves performance since a network round trip can be avoided.
Change-Id: I1aaff7e48ef9638cb137de0f43942c3a4dd2884a
Initial-patch-by: Markus Goetz <markus@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make sure we keep track of when we can load root certs and when we
cannot (we cannot when the developer set the certs explicitly). This is
implemented the same way for QSslSocket already, and needs to be
duplicated because we have 2 methods for setting CA certificates: one in
QSslSocket and one in QSslConfiguration.
In addition, adapt the auto test which checks whether setting a default
QSslConfiguration works: There is no way to set on demand loading
through the API, so it should be enabled by default.
Task-number: QTBUG-29103
Change-Id: I5146128aaa385dfcc0ad1e0ef81a92d9350ec5f2
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
| |
Change-Id: Ic804938fc352291d011800d21e549c10acac66fb
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
|
|
|
|
|
|
|
|
|
| |
Currently /etc/openssl/certs is symlinked to
/var/certmgr/web/user_trusted, but this will be changed in the future.
/etc/openssl/certs is the folder to be used to read the root certs.
Change-Id: Ic037e5075ec7ee50c132fe08dc69abbe585e32e4
Reviewed-by: Sean Harmer <sean.harmer@kdab.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When doing happy eyeballs style network state lookup, we might have to
close an SSL socket from its connected signal. This can cause the warning:
QSslSocket::startClientEncryption: cannot start handshake when not connected
The signal should be emitted after we called startClientEncryption to
avoid this warning. In that case it will initialize the encryption
and ramp it down right after.
Change-Id: I0c8c79cad7f91f0088b87c5e4ee8aafbc688411c
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
|
|
|
|
| |
Change-Id: If165933df41e518f5ba6065792676260fd2492b6
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
|
|
|
|
|
|
|
|
| |
Change copyrights and license headers from Nokia to Digia
Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
|
|
|
|
|
|
|
|
|
|
| |
Use an include guard in headers to ensure the header is not included
more than once. Make the header guard match its file name.
Also, cpp files should include their own headers first (but below config.h)
Change-Id: Iecf5da23c0f8e6d457f67657b88ef7557bde9669
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
| |
Removes the readBuffer from the QAbstractSocket since data is already
buffered in the QIODevice.
Change-Id: I4e50b791fd2852455e526fa2c07089d4d3f0b2a4
Reviewed-by: Prasanth Ullattil <prasanth.ullattil@nokia.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
| |
Change-Id: Ic01e4bddaa6f1fd94f16952e0818f4369c2ec8ab
Reviewed-by: Sean Harmer <sean.harmer@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
| |
This change moves the snippets and imagesto the modularized directories.
Change-Id: If14912692a7f72d7de345eaf88d9ec9752310fca
Reviewed-by: Marius Storm-Olsen <marius.storm-olsen@nokia.com>
|
|
|
|
|
| |
Change-Id: I54c5ab6e1bfb1816bb510be9e2bfa1e3362faa36
Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
|
|
|
|
|
| |
Change-Id: Ibfac6236e9f68b41e34e67ef03cfd590582439be
Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although we created an enum for pause modes to make 5.x binary
compatible with 5.0, the enum value is not well named.
In 5.1, we propose to add PauseOnProxyAuthentication to the enum.
PauseOnNotify is not clear what it means, while PauseOnSslErrors is.
Any new notification in a minor release would need a new enum value
otherwise applications would get pauses they did not expect.
Task-number: QTBUG-19032
Change-Id: I4dbb7467663b37ca7f0551d24a31bc013968bedc
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
|