summaryrefslogtreecommitdiffstats
path: root/src/network/ssl/qsslsocket.cpp
Commit message (Collapse)AuthorAgeFilesLines
* QSslConfiguration: add API to persist and resume SSL sessionsPeter Hartmann2013-05-101-0/+2
| | | | | | | | | | | | | Session tickets can be cached on the client side for hours (e.g. graph.facebook.com: ~ 24 hours, api.twitter.com: 4 hours), because the server does not need to maintain state. We need public API for it so an application can cache the session (e.g. to disk) and resume a session already with the 1st handshake, saving one network round trip. Task-number: QTBUG-20668 Change-Id: I10255932dcd528ee1231538cb72b52b97f9f4a3c Reviewed-by: Richard J. Moore <rich@kde.org>
* SSL internals: do not write after shutting down the socketPeter Hartmann2013-04-231-0/+2
| | | | | | | | | ... but rather throw an error, so the HTTP layer can recover from a SSL shutdown gracefully. In case the other side sent us a shutdown, we should not send one as well, as it results in an error. Change-Id: Ie7a56cf3008b6ead912aade18dbec67846e2a87e Reviewed-by: Richard J. Moore <rich@kde.org>
* Whitespace cleanup: remove trailing whitespaceAxel Waggershauser2013-03-161-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | Remove all trailing whitespace from the following list of files: *.cpp *.h *.conf *.qdoc *.pro *.pri *.mm *.rc *.pl *.qps *.xpm *.txt *README excluding 3rdparty, test-data and auto generated code. Note A): the only non 3rdparty c++-files that still have trailing whitespace after this change are: * src/corelib/codecs/cp949codetbl_p.h * src/corelib/codecs/qjpunicode.cpp * src/corelib/codecs/qbig5codec.cpp * src/corelib/xml/qxmlstream_p.h * src/tools/qdoc/qmlparser/qqmljsgrammar.cpp * src/tools/uic/ui4.cpp * tests/auto/other/qtokenautomaton/tokenizers/* * tests/benchmarks/corelib/tools/qstring/data.cpp * util/lexgen/tokenizer.cpp Note B): in about 30 files some overlapping 'leading tab' and 'TAB character in non-leading whitespace' issues have been fixed to make the sanity bot happy. Plus some general ws-fixes here and there as asked for during review. Change-Id: Ia713113c34d82442d6ce4d93d8b1cf545075d11d Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
* Add support for intermediate certificates to server sockets.Richard Moore2013-02-191-0/+26
| | | | | | | | | | Add intermediate certificates to our server sockets, and to our client certs. Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba Task-Number: QTBUG-19825 Task-Number: QTBUG-13281 Reviewed-by: Peter Hartmann <phartmann@rim.com>
* Store the local certificate in a QList.Richard Moore2013-02-191-6/+9
| | | | | | | | | Instead of storing a single QSslCertificate for a the local cert, store a list of them. This will allow us to handle server sockets that use a certificate that is not issued directly from the CA root in future. Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96 Reviewed-by: Peter Hartmann <phartmann@rim.com>
* Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-02-181-3/+7
|\ | | | | | | | | | | | | Conflicts: src/widgets/styles/qmacstyle_mac.mm Change-Id: If8326db9e7da3cbf45dbf7475fdff9915c7723b1
| * SSL docs: Be more explicit about the threats of ignoring SSL errorsPeter Hartmann2013-02-161-3/+7
| | | | | | | | | | | | | | ... because almost everybody gets it wrong almost every time. Change-Id: I54938ef094323ba8de02186b585b11b9579f3ca4 Reviewed-by: Richard J. Moore <rich@kde.org>
* | SSL: Implement session sharing and use it from QNetworkAccessManagerPeter Hartmann2013-02-061-0/+17
|/ | | | | | | | This improves performance since a network round trip can be avoided. Change-Id: I1aaff7e48ef9638cb137de0f43942c3a4dd2884a Initial-patch-by: Markus Goetz <markus@woboq.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* QSslConfiguration: toggle on demand loading of root certs properlyPeter Hartmann2013-01-231-1/+14
| | | | | | | | | | | | | | | make sure we keep track of when we can load root certs and when we cannot (we cannot when the developer set the certs explicitly). This is implemented the same way for QSslSocket already, and needs to be duplicated because we have 2 methods for setting CA certificates: one in QSslSocket and one in QSslConfiguration. In addition, adapt the auto test which checks whether setting a default QSslConfiguration works: There is no way to set on demand loading through the API, so it should be enabled by default. Task-number: QTBUG-29103 Change-Id: I5146128aaa385dfcc0ad1e0ef81a92d9350ec5f2 Reviewed-by: Richard J. Moore <rich@kde.org>
* Update copyright year in Digia's license headersSergio Ahumada2013-01-181-1/+1
| | | | | Change-Id: Ic804938fc352291d011800d21e549c10acac66fb Reviewed-by: Lars Knoll <lars.knoll@digia.com>
* BlackBerry: change SSL root cert folderPeter Hartmann2013-01-141-1/+1
| | | | | | | | | Currently /etc/openssl/certs is symlinked to /var/certmgr/web/user_trusted, but this will be changed in the future. /etc/openssl/certs is the folder to be used to read the root certs. Change-Id: Ic037e5075ec7ee50c132fe08dc69abbe585e32e4 Reviewed-by: Sean Harmer <sean.harmer@kdab.com>
* QSslSocket: Allow disconnections within the connected() signalJocelyn Turcotte2012-10-251-3/+5
| | | | | | | | | | | | | When doing happy eyeballs style network state lookup, we might have to close an SSL socket from its connected signal. This can cause the warning: QSslSocket::startClientEncryption: cannot start handshake when not connected The signal should be emitted after we called startClientEncryption to avoid this warning. In that case it will initialize the encryption and ramp it down right after. Change-Id: I0c8c79cad7f91f0088b87c5e4ee8aafbc688411c Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* documentation fixesMarcel Krems2012-09-271-1/+1
| | | | | Change-Id: If165933df41e518f5ba6065792676260fd2492b6 Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
* Change copyrights from Nokia to DigiaIikka Eklund2012-09-221-24/+24
| | | | | | | | Change copyrights and license headers from Nokia to Digia Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e Reviewed-by: Lars Knoll <lars.knoll@digia.com> Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
* network: Fix missing or improper include guard in headersSergio Ahumada2012-09-151-1/+1
| | | | | | | | | | Use an include guard in headers to ensure the header is not included more than once. Make the header guard match its file name. Also, cpp files should include their own headers first (but below config.h) Change-Id: Iecf5da23c0f8e6d457f67657b88ef7557bde9669 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* QtNetwork: remove double buffering on socketsMartin Petersson2012-06-261-18/+11
| | | | | | | | | Removes the readBuffer from the QAbstractSocket since data is already buffered in the QIODevice. Change-Id: I4e50b791fd2852455e526fa2c07089d4d3f0b2a4 Reviewed-by: Prasanth Ullattil <prasanth.ullattil@nokia.com> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Add Blackberry path for SSL certificatesNicolas Arnaud-Cormos2012-06-061-0/+1
| | | | | | Change-Id: Ic01e4bddaa6f1fd94f16952e0818f4369c2ec8ab Reviewed-by: Sean Harmer <sean.harmer@kdab.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Doc: Modularize QtNetwork documentation.Casper van Donderen2012-05-091-7/+7
| | | | | | | This change moves the snippets and imagesto the modularized directories. Change-Id: If14912692a7f72d7de345eaf88d9ec9752310fca Reviewed-by: Marius Storm-Olsen <marius.storm-olsen@nokia.com>
* Various minor fixes for qdoc warnings.Richard Moore2012-05-061-2/+2
| | | | | Change-Id: I54c5ab6e1bfb1816bb510be9e2bfa1e3362faa36 Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Fix more qdoc warnings in qtnetwork.Richard Moore2012-05-061-1/+2
| | | | | Change-Id: Ibfac6236e9f68b41e34e67ef03cfd590582439be Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Rename QAbstractSocket::PauseOnNotify -> PauseOnSslErrorsShane Kearns2012-05-041-1/+1
| | | | | | | | | | | | | | | Although we created an enum for pause modes to make 5.x binary compatible with 5.0, the enum value is not well named. In 5.1, we propose to add PauseOnProxyAuthentication to the enum. PauseOnNotify is not clear what it means, while PauseOnSslErrors is. Any new notification in a minor release would need a new enum value otherwise applications would get pauses they did not expect. Task-number: QTBUG-19032 Change-Id: I4dbb7467663b37ca7f0551d24a31bc013968bedc Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
* Document new APIs in 5.0Shane Kearns2012-05-031-0/+2
| | | | | | | | The \since 5.0 directive was missing from many places. Task-number: QTBUG-24001 Change-Id: I191ba8891ae66d78f923164bcab2fccb16eabef9 Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Fix bug in qsslsocket peek()Kalle Viironen2012-04-231-0/+51
| | | | | | | | | | | | | | | | | | Calling peek() for qsslsocket caused socket data to be copied into qiodevices buffer and therefore make it unaccessible in qsslsocket. Cherry picked form 4.8-branch & modified to Qt5 API changes (int -> qintptr) Original commits: commit 621f18955082fc73471e75d1f8c35c2dcd4befeb Author: Shane Kearns <ext-shane.2.kearns@nokia.com> commit 68b1d5c17aa38d5921bdade2b0e0cb67c6c90513 Author: Kalle Viironen <kalle.viironen@digia.com> Task-number: QTBUG-18498 Change-Id: I6be4b19baec2f3197537f5e7b61432040ec84ad2 Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Remove the usage of deprecated qdoc macros.Casper van Donderen2012-03-021-5/+5
| | | | | | | | | | | QDoc now has support for Doxygen style commands for italics, bold and list items. This change applies that change in QDoc to the actual documentation. Task-number: QTBUG-24578 Change-Id: I519bf9c29b14092e3ab6067612f42bf749eeedf5 Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
* Remove needless line "#define d d_ptr"Kent Hansen2012-02-151-2/+0
| | | | | | | | | | | | | | | | | | | There was a time when qsslsocket.h declared its private slots as Q_PRIVATE_SLOT(d, void _q_connectedSlot()) But now they are correctly declared as Q_PRIVATE_SLOT(d_func(), void _q_connectedSlot()) so the "#define d d_ptr" hack isn't needed. Specifically, the define would break moc-generated code that refers to the member d of a structure (which a future moc revision does, namely QByteArrayData::d). Change-Id: Ic94fa4d523fb17e8088973cfc0d090d5cce97267 Reviewed-by: Jonas Gastal <jgastal@profusion.mobi> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Removing bad ###Qt5 note.Jonas M. Gastal2012-01-311-1/+0
| | | | | | | | | Implementating this would cause massive SC breakage and give little gain. Change-Id: I56a6d302fdd0e8b53d1f9154f3eaf9e1ee429f9d Reviewed-by: Giuseppe D'Angelo <dangelog@gmail.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Remove "All rights reserved" line from license headers.Jason McDonald2012-01-301-1/+1
| | | | | | | | | | As in the past, to avoid rewriting various autotests that contain line-number information, an extra blank line has been inserted at the end of the license text to ensure that this commit does not change the total number of lines in the license header. Change-Id: I311e001373776812699d6efc045b5f742890c689 Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
* QAbstractSocket / QSslSocket: add API to pause and resumePeter Hartmann2012-01-251-0/+73
| | | | | | | | | | | | | | | pause and resume is currently only supported upon emitting the QSslSocket::sslErrors() signal. The API was added in QAbstractSocket to also support QAbstractSocket::proxyAuthenticationRequired() in the future. This is the first patch to support that feature on the socket level, another patch will follow to support sslErrors() and authenticationRequired() in QNetworkAccessManager / QNetworkReply. Task-number: QTBUG-19032 Change-Id: Ide2918268590ab9a01454ab26cb7fdca3dc840ab Reviewed-by: Shane Kearns <ext-shane.2.kearns@nokia.com>
* Update contact information in license headers.Jason McDonald2012-01-231-1/+1
| | | | | | | Replace Nokia contact email address with Qt Project website. Change-Id: I431bbbf76d7c27d8b502f87947675c116994c415 Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
* Make (dis)connectTo(From)Host virtual in QAbstractSocket.Jonas M. Gastal2012-01-091-5/+5
| | | | | Change-Id: Ib1dfae4031f00fb331108152a259f6a2756381c9 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Make socket descriptors qintptr.Jonas M. Gastal2012-01-051-1/+1
| | | | | | | | | | Windows x64 uses 64 bits integer for sockets, to ensure compatibility we should use ptr sized integers for our socket descriptors. Task-number: QTBUG-19004 Change-Id: I4b56023874a4f1bad107c66c054fecfedde33d88 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
* Update copyright year in license headers.Jason McDonald2012-01-051-1/+1
| | | | | Change-Id: I02f2c620296fcd91d4967d58767ea33fc4e1e7dc Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
* Check we're connected before startClientEncryption()Richard Moore2011-12-071-0/+4
| | | | | | | | | The docs say this is required, but we don't check it and instead segfault right now. Change-Id: I825b00a312a481c5383af127333c0c4698188348 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
* Removing unnecessary hidden property "_q_user-agent".Jonas M. Gastal2011-11-241-2/+0
| | | | | | | | | This property is no longer necessary because we can now set the user agent directly on the proxy. Task-number: QTBUG-17223 Change-Id: I27cb126dd401f02525290d2317650f55cae9f4ef Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* SSL namespace: rename TlsV1 to TlsV1_0Peter Hartmann2011-11-161-1/+1
| | | | | | | | | | | | This is a source-incompatible change. TlsV1 is ambiguous; what is actually meant is TLS version 1.0. There are also TLS versions 1.1 and 1.2; we might want to add options for these once OpenSSL supports them (apparently they will be with OpenSSL version 1.0.1). Change-Id: I940d020b181b5fa528788ef0c3c47e8ef873796a Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
* network: remove Symbian specific codePeter Hartmann2011-11-141-10/+0
| | | | | | | | removes several files and cleans up the code, removing all Symbian specific #ifdef's etc. Change-Id: Ie457e54cb4b3a992f251383320d47822259c38f1 Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
* Fix most warnings about assignments of QAtomicInt.Friedemann Kleint2011-10-311-2/+2
| | | | | Change-Id: Ide409d72d2637b68ec2a85aaca4bc783a7e911e7 Reviewed-by: Bradley T. Hughes <bradley.hughes@nokia.com>
* Add the ability to enable various SSL bug workarounds.Richard Moore2011-10-201-0/+2
| | | | | | | | | | | | | There are lots of buggy SSL servers around and to connect to them you need to disable various features. This commit adds the ability to disable the SSL ticket extension, the ability to disable the insertion of empty fragments, and the ability to disable compression. Task-number: QTBUG-21906 Change-Id: I3e1d0347a46e9030b889bbf15b2aad19b8513b73 Merge-request: 68 Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
* SSL internals: rename methods in the SSL backend to reflect public onesPeter Hartmann2011-07-111-2/+2
| | | | | | | Change-Id: I234c740b1acbfea670d6170332626f5e3ba49328 Reviewed-on: http://codereview.qt.nokia.com/1437 Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com> Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
* QSslSocket: Add accessors for SSL versionRichard Moore2011-07-111-0/+21
| | | | | | | | | | | | | | | | | This commit adds accessors for both the openssl version number and the version string. The intention here is to aid debugging by making it possible for applications to know which version of the openssl library has been found by the runtime linking code. Since the version of openssl in use will depend on the installation of the developer, the test cases merely display the version string and number rather than verifying that any particular version is in use. Change-Id: Ieec44f0941f99887c85c2858bab0481722d739e5 Merge-request: 12 Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com> Reviewed-on: http://codereview.qt.nokia.com/1406 Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
* Add Happy-Eyeballs style IPv6 connection establishing.Martin Petersson2011-07-041-5/+6
| | | | | | | | | | | | | | | | In the cases where a DNS lookup will give you both an IPv4 and IPv6 address, this will start two connection channels at the same time. One trying to connect using IPv4 and one on IPv6. This is done so that we can use the fastest one for the connection. To do this we have to do the hostlookup in the connection. The result is then in the cache for the individual socket so it will not need to do another lookup. Task-number: QTBUG-16458 Change-Id: I806c20168d9c5edc2831b80f82a2bd570b36d5fa Reviewed-on: http://codereview.qt.nokia.com/1003 Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* Update licenseheader text in source files for qtbase Qt moduleJyri Tahtela2011-05-241-17/+17
| | | | | | | Updated version of LGPL and FDL licenseheaders. Apply release phase licenseheaders for all source files. Reviewed-by: Trust Me
* Doc: Fixed qdoc warnings.David Boddie2011-05-231-2/+2
|
* Send User-Agent from the network request in http proxy CONNECT commandShane Kearns2011-05-091-0/+2
| | | | | | | | | | | | | Some proxies can discriminate based on the User-Agent when sent a CONNECT command for establishing a HTTPS connection. With this change, if the User-Agent header is set in the QNetworkRequest then it will be passed to the http socket engine for use in the connect command sent to the proxy. As before, "Mozilla/5.0" will be used by default when no user agent has been set. Task-number: QTBUG-17223 Reviewed-by: Markus Goetz
* Initial import from the monolithic Qt.Qt by Nokia2011-04-271-0/+2260
This is the beginning of revision history for this module. If you want to look at revision history older than this, please refer to the Qt Git wiki for how to use Git history grafting. At the time of writing, this wiki is located here: http://qt.gitorious.org/qt/pages/GitIntroductionWithQt If you have already performed the grafting and you don't see any history beyond this commit, try running "git log" with the "--follow" argument. Branched from the monolithic repo, Qt master branch, at commit 896db169ea224deb96c59ce8af800d019de63f12
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 16:54:41 +0000