| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Task-number: QTBUG-84319
Change-Id: I0f4e83c282b58ab4cc5e397b21981978f79d92cf
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
examples/opengl/doc/src/cube.qdoc
src/corelib/global/qlibraryinfo.cpp
src/corelib/text/qbytearray_p.h
src/corelib/text/qlocale_data_p.h
src/corelib/time/qhijricalendar_data_p.h
src/corelib/time/qjalalicalendar_data_p.h
src/corelib/time/qromancalendar_data_p.h
src/network/ssl/qsslcertificate.h
src/widgets/doc/src/graphicsview.qdoc
src/widgets/widgets/qcombobox.cpp
src/widgets/widgets/qcombobox.h
tests/auto/corelib/tools/qscopeguard/tst_qscopeguard.cpp
tests/auto/widgets/widgets/qcombobox/tst_qcombobox.cpp
tests/benchmarks/corelib/io/qdiriterator/qdiriterator.pro
tests/manual/diaglib/debugproxystyle.cpp
tests/manual/diaglib/qwidgetdump.cpp
tests/manual/diaglib/qwindowdump.cpp
tests/manual/diaglib/textdump.cpp
util/locale_database/cldr2qlocalexml.py
util/locale_database/qlocalexml.py
util/locale_database/qlocalexml2cpp.py
Resolution of util/locale_database/ are based on:
https://codereview.qt-project.org/c/qt/qtbase/+/294250
and src/corelib/{text,time}/*_data_p.h were then regenerated by
running those scripts.
Updated CMakeLists.txt in each of
tests/auto/corelib/serialization/qcborstreamreader/
tests/auto/corelib/serialization/qcborvalue/
tests/auto/gui/kernel/
and generated new ones in each of
tests/auto/gui/kernel/qaddpostroutine/
tests/auto/gui/kernel/qhighdpiscaling/
tests/libfuzzer/corelib/text/qregularexpression/optimize/
tests/libfuzzer/gui/painting/qcolorspace/fromiccprofile/
tests/libfuzzer/gui/text/qtextdocument/sethtml/
tests/libfuzzer/gui/text/qtextdocument/setmarkdown/
tests/libfuzzer/gui/text/qtextlayout/beginlayout/
by running util/cmake/pro2cmake.py on their changed .pro files.
Changed target name in
tests/auto/gui/kernel/qaction/qaction.pro
tests/auto/gui/kernel/qaction/qactiongroup.pro
tests/auto/gui/kernel/qshortcut/qshortcut.pro
to ensure unique target names for CMake
Changed tst_QComboBox::currentIndex to not test the
currentIndexChanged(QString), as that one does not exist in Qt 6
anymore.
Change-Id: I9a85705484855ae1dc874a81f49d27a50b0dcff7
|
| | |
| |
| |
| |
| | |
Change-Id: I49c285604694c93d37c9d1c7cd6d3b1509858319
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also, change the notion of 'unsupported protocol' for QSslSocket,
previously it was SslV2 and SslV3, now instead it's all versions
of DTLS and UnknownProtocol:
- makes no sense at all to connect using TCP socket and then
suddenly start using DTLS_client/server_method
- UnknownProtocol is not to be set in a configuration,
unknown means that some ciphersuite's protocol version
cannot be established.
- 'disabledProtocols' auto-test becomes 'unsupportedProtocols'
and tests that QSslSocket fails to start encryption if the
protocol version is wrong.
Handling these enumerators (SslV2 and SslV2) as errors
not needed anymore. Removed from QSslContext and our
existing backends (qsslsocket_whatever).
TlsV1SslV3 enumerator is not making any sense at all (previously
was [SSL v3, TLS 1.0], then became "the same as TLS v. 1.0", but
now this name is very confusing. Removed.
Task-number: QTBUG-75638
Task-number: QTBUG-76501
Change-Id: I2781ba1c3051a7791b476266d4561d956948974a
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/codecs/qicucodec.cpp
src/dbus/qdbusserver.cpp
src/gui/painting/qbezier.cpp
src/plugins/platforms/eglfs/deviceintegration/eglfs_kms/qeglfskmsgbmscreen.cpp
src/plugins/printsupport/cups/qppdprintdevice.cpp
Change-Id: I2703128bb64baf5580fbc2c2061b55b0f0611d2a
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/gui/configure.json
src/gui/util/qtexturefilereader.cpp
src/gui/util/util.pri
tests/auto/gui/util/qtexturefilereader/tst_qtexturefilereader.cpp
Change-Id: I2bc4f84705b66099e97330cda68e0b816aceb9cc
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As is said in RFC7301 in section 3.1 [1]:
Protocols are named by IANA-registered, opaque, non-empty byte strings
[...]. Empty strings MUST NOT be included and byte strings MUST NOT be
truncated.
[1]: https://tools.ietf.org/html/rfc7301#section-3.1
Change-Id: I2c41fa99984a53cc58803e5a264d06edac964cc6
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |/ /
| |
| |
| |
| | |
Change-Id: I78913fee6720f6ad9b196824b35de189567340be
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/android/templates/AndroidManifest.xml
src/network/ssl/qsslsocket_mac.cpp
src/widgets/styles/qstylesheetstyle.cpp
tests/auto/corelib/kernel/qtimer/BLACKLIST
tests/auto/testlib/selftests/blacklisted/tst_blacklisted.cpp
tests/auto/testlib/selftests/expected_blacklisted.lightxml
tests/auto/testlib/selftests/expected_blacklisted.tap
tests/auto/testlib/selftests/expected_blacklisted.teamcity
tests/auto/testlib/selftests/expected_blacklisted.txt
tests/auto/testlib/selftests/expected_blacklisted.xml
tests/auto/testlib/selftests/expected_blacklisted.xunitxml
tests/auto/testlib/selftests/expected_float.tap
tests/auto/testlib/selftests/expected_float.teamcity
tests/auto/testlib/selftests/expected_float.txt
tests/auto/testlib/selftests/expected_float.xunitxml
Done-With: Christian Ehrlicher <ch.ehrlicher@gmx.de>
Done-With: Edward Welbourne <edward.welbourne@qt.io>
Done-With: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: If93cc432a56ae3ac1b6533d0028e4dc497415a52
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is similar to a change we approved recently in OpenSSL back-end.
Similar to OpenSSL, not setting the upper limit on protocols allowed
to negotiate/use, neatly ends up with the highest available, which
is ... TLS 1.2 at the moment, but will silently switch to 1.3 etc.
This was also recommended by Apple's engineer who closed a related
bug report with 'Won't do' - "do not limit the max, you'll always
have the real max supported'. Also, while at the moment we do
not allow QSsl::TlsV1_3 and QSsl::TlsV1_3OrLater, if we managed
to negotiate it - report it properly, not as 'Unknown'.
Task-number: QTBUG-67463
Change-Id: I3f46ea525f06edca03259123809f3b7b1191b1ee
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As per RFC 6176 (2011) and RFC 7568 (2015).
Code-wise, we're left with the decision of what to do with a few
enumerators in QSsl::Protocol; I've made TlsV1SslV3 act as TlsV1,
and adjusted the description of AnyProtocol.
A new test was introduced - deprecatedProtocol() - to test that
we, indeed, do not allow use of SSL v2 and v3. protocol() and
protocolServerSide() were reduced to exclude the (now) no-op
and meaningless tests - neither client nor server side can
start a handshake now, since we bail out early in initSslContext().
[ChangeLog][QtNetwork][SSL] Support for SSLv2 and SSLv3
sockets has been dropped, as per RFC 6176 (2011)
and RFC 7568 (2015).
Change-Id: I2fe4e8c3e82adf7aa10d4bdc9e3f7b8c299f77b6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| |
| |
| |
| | |
Change-Id: I3cfcfba892ff4a0ab4e31f308620b445162bb17b
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/io/qdir.cpp
src/corelib/kernel/qtimer.cpp
src/corelib/kernel/qtimer.h
Done-With: Edward Welbourne <edward.welbourne@qt.io>
Change-Id: I683d897760ec06593136d77955f8bc87fdef3f9f
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
1. Remove the conditional inclusion of DTLS versions, they made difficult
and unnecessary ugly adding new protocols (something like TlsV1_2OrLater + 4).
2. OpenSSL 1.1.1 first introduced TLS 1.3 support. OpenSSL 1.1 back-end is
compatible with OpenSSL 1.1.1, but would fail to extract/report protocol
versions and set versions like 'TLS 1.3 only' or 'TLS 1.3 or better' on a
new context. Given 1.1.1 is deployed/adapted fast by different distros,
and 5.12 is LTS, we fix this issue by introducing QSsl::Tls1_3 and
QSsl::Tls1_3OrLater.
SecureTransport, WinRT and OpenSSL below 1.1.1 will report an error in case
the application requests this protocol (SecureTransport in future will
probably enable TLS 1.3).
Saying all that, TLS 1.3 support is experimental in QSslSocket.
Done-by: Albert Astals Cid <albert.astals.cid@kdab.com>
Done-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: I4a97cc789b62763763cf41c44157ef0a9fd6cbec
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
| |/
|
|
|
|
|
|
|
|
| |
It's needed to generate a pkcs12/pfx bundle from our
certificate chains which are then imported into a certificate
store in Schannel and then passed to various Schannel API.
Change-Id: Idb88f42f2aa15eb91c52404ee6c57bf43e983379
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Testing barely 10.13 seems to be insuficcient: we have developers working
on macOS 10.12 with SDK 10.13, but apparently they cannot update to the
latest SDK 10.13. We can try to be more specific and use __MAC_10_13_4.
Task-number: QTBUG-70757
Change-Id: I083d51f1a945f63f0413792387475341ecb96118
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Andy Maloney <asmaloney@gmail.com>
|
| |
|
|
|
|
|
|
| |
And reflow the text where it exceeds the 100 column limit.
Change-Id: I0d270c6a74a4c6ecba30e4e4d38a5d8f2cf81040
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
| |
As discussed/proposed previously: remove the duplicated code when converting the
native certificate representation into QSslCertificate (configuration.peerCertificate).
Also, use the correct integer type when iterating - CFIndex is actually long, not int.
Change-Id: Ia6f43172e21b5153a93f1ef2589980d68ec2b39f
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |\
| |
| |
| | |
refs/staging/dev
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
.qmake.conf
src/corelib/doc/src/objectmodel/signalsandslots.qdoc
src/plugins/platforms/cocoa/qcocoamenuloader.mm
src/plugins/platforms/xcb/qxcbconnection.cpp
src/plugins/platforms/xcb/qxcbconnection.h
src/plugins/platforms/xcb/qxcbconnection_xi2.cpp
src/plugins/platforms/xcb/qxcbwindow.cpp
tests/auto/gui/image/qimage/tst_qimage.cpp
Done-with: Gatis Paeglis <gatis.paeglis@qt.io>
Change-Id: I9bd24ee9b00d4f26c8f344ce3970aa6e93935ff5
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It appears that by default our keychain auto-locks when the
system sleeps. This makes the keychain totally useless, since
its password is a random 256 bytes our user never has a chance
to know. Thanks to Mårten for the hint about SecKeychainSetSettings,
the way to properly fix it.
Task-number: QTBUG-69677
Change-Id: I2603c26b8422a1bcace3336e9b4ebe0381c952d7
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also remove unneeded and now wrong check (was marked with TODO)
which was a copy and paste from OpenSSL counterpart. There, testing
if peerCertificateChain.isEmpty() makes sense, since there we
potentially call storePeerCertificates() twice during the handshake.
Change-Id: I946e6876adb3f9504e93c06ac90ff36dd44aca4c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After a handshake was completed, TLS socket is in 'connectionEncrypted' state.
So on a read notification, in 'transmit', we call 'SSLRead' to read supposedly
encrypted application data or TLS internal messages. In case SSLRead finds either
ClientHello or HelloRequest from a server, it attempts in a rather sneaky manner
to renegotiate. And as it happens here and there with SecureTransport, SSLRead
fails and the work is only half-done, since we have kSSLSessionOptionBreakOnServerAuth
and kSSLSessionOptionBreakOnCertRequested options set to 'true'. We end up with
completely unexpected errors like errSSLClientCertRequested or errSSLPeerAuthCompleted
(yes, this is so normal and totally expected for 'SSLRead' function to verify
certificates and WRITE messages, no need to document this at all!).
If SecureTransport is sneaky, so can be us:
- in a read callback SecureTransport is probing the type of record
and we can notice a sudden session state change - it goes from
kSSLConnected (which is set upon handshake completion) to
kSSLHandshake (which means a (re)handshake is ongoing);
- if this is the case - we lie to SecureTransport about the amount
of data available (0 bytes), set 'renegotiating' to 'true', return
errSSLWouldBlock;
- in 'transmit', if SSLRead returns errSSLWouldBlock and 'renegotiating'
was set, we call 'startHandshake' until isHandshakeComplete() == true
or some error encountered.
[ChangeLog][QtNetwork][QSslSocket] Implement renegotiation for SecureTransport backend
Task-number: QTBUG-69420
Change-Id: Iaab1336aa3abf3f6ac94b358f3142d2738a18ee9
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Initially macOS SDK 10.13 had a missing symbol (only a function declaration
in a header), while iOS, tvOS and watchOS SDKs all had the required symbol. Now
it appears more recent SDK for macOS also has the function we need and thus we enable
ALPN on macOS (as a result 'h2' protocol can now be negotiated as required by
RFC 7540).
[ChangeLog][QtNetwork][QSslSocket] Enable ALPN (and thus HTTP/2 negotiation) in SecureTransport backend (macOS).
Change-Id: I65bd8262a9571a5495d11f7f5a29d150334cd09c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |/
|
|
|
|
|
|
|
|
| |
No need in ugly macro ioErr and if-ery, no need in generic noErr.
SecureTransport has its own, more specific error codes: errSecIO
and errSecSuccess (which have the equivalent values).
Change-Id: Ifd99fbcbee290fe27caa0c258923f4527c047ba8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
.qmake.conf
sc/corelib/io/qfsfileengine_p.h
src/corelib/io/qstorageinfo_unix.cpp
src/platformsupport/eglconvenience/qeglpbuffer_p.h
src/platformsupport/input/libinput/qlibinputkeyboard.cpp
src/platformsupport/input/libinput/qlibinputpointer.cpp
src/plugins/platforms/cocoa/qcocoamenu.mm
src/plugins/platforms/ios/qiosscreen.h
src/plugins/platforms/ios/qioswindow.h
src/plugins/platforms/ios/quiview.mm
src/printsupport/dialogs/qpagesetupdialog_unix_p.h
src/printsupport/dialogs/qprintpreviewdialog.cpp
src/printsupport/widgets/qcupsjobwidget_p.h
src/widgets/widgets/qmenu.cpp
tests/auto/corelib/tools/qdatetime/tst_qdatetime.cpp
tests/auto/widgets/itemviews/qtreeview/tst_qtreeview.cpp
Change-Id: Iecb4883122efe97ef0ed850271e6c51bab568e9c
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
.qmake.conf
mkspecs/win32-g++/qmake.conf
src/corelib/global/qglobal_p.h
src/corelib/global/qoperatingsystemversion_p.h
src/corelib/io/qfilesystemengine_win.cpp
src/network/bearer/qbearerengine.cpp
src/platformsupport/input/libinput/qlibinputpointer.cpp
src/sql/doc/snippets/code/doc_src_sql-driver.cpp
src/widgets/kernel/qwidget_p.h
src/widgets/kernel/qwidgetwindow.cpp
src/widgets/styles/qfusionstyle.cpp
tests/auto/corelib/io/qfileinfo/tst_qfileinfo.cpp
Change-Id: I80e2722f481b12fff5d967c28f89208c0e9a1dd8
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We set anchors from QSslConfiguration::caCertificates. On macOS these
anchors are by default copied from the system store, so I expected
setting 'trust those anchors only' should not break anything.
Somehow, on 10.11 SecTrustEvaluate fails to evaluate a valid
certificate chain (apparently because it has an intermediate
certificate, it's just a guess, since their API/docs are too poor
to explain well what was the real cause) as I can see connecting,
for example, to google.com - we have a chain with a valid root,
say it's GetTrust CA and we have it also in our list of anchors we set
on trust, but evaluation fails with: kSecTrustResultRecoverableTrustFailure:
"This means that you should not trust the chain as-is, but that
the chain could be trusted with some minor change to the evaluation
context, such as ignoring expired certificates or adding an
additional anchor to the set of trusted anchors."
Since none of certs is expired, and the required anchor already set,
this must be some bug in SecureTransport. For macOS (deployment
target) < 10.12 we fallback to the original version of the code
(the one that unfortunately does not allow us to limit the set
of trusted anchors by what client code wants to trust).
Change-Id: Ie42fd77c3eb6ef7469812aa0d7efff88a003c0b8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The verifySessionProtocol() method in the SecureTransport backend did not
properly handle TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater.
This commit teaches verifySessionProtocol() about them.
It also adds TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater to the
protocolServerSide() test in tst_qsslsocket.
Backport from 5.10 to 5.9 (LTS).
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 9c765522d1c4f8090b5f5d391b1740fc4bd67664)
Change-Id: I58c53bdf43e0f19b4506f3696d793f657eb4dc6f
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Starting from iOS 11.0 (SDK) Apple has exposed two new functions:
SSLSetALPNProtocols and SSLCopyALPNProtocols. This allows us to
negotiate http/2 (and any other application layer protocol) via TLS on
iOS. Unlike OpenSSL, SecureTransport's version is very limited - we
have to compare protocols manually after the SSL handshake has
finished. Still, this is better than nothing. These two functions are
also declared in macOS SDK starting from 10.13, but unfortunately the
symbols are missing and for now this feature is only enabled on iOS.
Change-Id: I3ed2f287bfa864f8aca0c231171e804f7d6b8016
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/plugins/platforms/windows/qwindowsmousehandler.cpp
src/plugins/platforms/xcb/qxcbimage.cpp
tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
tests/manual/qtabletevent/regular_widgets/main.cpp
Done-with: Friedemann Kleint<Friedemann.Kleint@qt.io>
Done-with: Mårten Nordheim<marten.nordheim@qt.io>
Change-Id: I5b2499513a92c590ed0756f7d2e93c35a64b7f30
|
| | |\|
| | |
| | |
| | | |
Change-Id: I3cf73c53cf131d0babfb558c2507bed0e0fc5f08
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Unique begins with a "y" sound, hence a unique is correct.
Change-Id: I9eb6b4d4c9ddab45af931e97c041c24edf163eca
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remaining uses of Q_NULLPTR are in:
src/corelib/global/qcompilerdetection.h
(definition and documentation of Q_NULLPTR)
tests/manual/qcursor/qcursorhighdpi/main.cpp
(a test executable compilable both under Qt4 and Qt5)
Change-Id: If6b074d91486e9b784138f4514f5c6d072acda9a
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
.qmake.conf
Change-Id: I43531e087bb810889d5c1fbfcdffb29b78804839
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I noticed we never release 'items' imported by SecPKCS12Import.
But looking at the actual code (SecImportExport.c), it appears
we own these 'items' and must release them. And this leads to a crash
(on over-release) which reveals another bug: a value from a dictionary
obtained with 'Get' method should follow the 'get rule' - we do not
own it and QCFType RAII object is not needed.
Change-Id: I219015fadedb256c401e50cf7e955f3d7e0a6c5f
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/io/qprocess_unix.cpp
src/corelib/io/qprocess_win.cpp
src/plugins/platforms/android/qandroidplatformintegration.h
src/plugins/platforms/windows/qwindowscontext.cpp
src/plugins/platforms/windows/windows.pri
src/tools/uic/cpp/cppwriteinitialization.cpp
src/widgets/doc/src/widgets-and-layouts/gallery.qdoc
Change-Id: I8d0834c77f350ea7540140c2c7f372814afc2d0f
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That's the only place there we can potentially pass a null pointer
to CFArrayAppendValue (all other calls are conditionally-protected).
This results in (surprise! ... ?) Objective-C exception (while we call
something that is a pure-C API). So far we cannot reproduce this crash and
can only speculate: probably this happens with invalid (can be either
really invalid or the result of our generic QSslCertificate's failure to read/
parse)) custom CA certificates appended to a QSslConfiguration object by
applications using QSslSocket/QNAM. The fix will probably make a handshake to
fail, but this seems to be better than a crash anyway.
Task-number: QTBUG-58213
Change-Id: Ie4f9ab2138bc383adc9f9ed55ed61be2d3cf7020
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
src/widgets/widgets/qmenu.cpp
Change-Id: I6d3baf56eb24501cddb129a3cb6b958ccc25a308
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On iOS QSslConfiguration always has an empty list of system CA certificates.
Calling SecTrustSetAnchorCertificatesOnly(.., TRUE) on iOS results in
SecTrustEvaluate failing to verify a valid certificate, since there
are no 'anchors' at all. We can use SecTrustSetAnchorCerificatesOnly(.. TRUE)
on macOS only, where we do extract/copy system certificates using
SecTrustSettingsCopyCertificates and save them in a QSslConfiguration's
list.
Task-number: QTBUG-61053
Change-Id: I70d4e46273d78414baaac8531273def707c3eebc
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/network/access/qnetworkreply.cpp
tests/auto/corelib/kernel/qmetaobject/tst_qmetaobject.cpp
Change-Id: Iadf766269454087e69fb216fc3857d85b0ddfaad
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Calling SecTrustSetAnchorCertificatesOnly(trust, false) we actually extend
what our user provided in QSslConfiguration as CA certificates (caCertificates,
setCaCertificates) - Secure Transport will also use a default set provided
by the system and SSL handshake can surprisingly (for a user) succeed.
And the default content of these caCertificates, if not altered by setCaCertificates
call - are those system CA certificates.
Task-number: QTBUG-60233
Change-Id: I8c1094bb7eec260f5202a47085f9f75e720eda7b
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cherry picked:
this change was first merged into dev, but now we also need it in 5.9
to enable SSL socket tests on the new CI VMs (macOS 10.11, 10.12).
As we do not merge dev->5.9, we need this cherry-pick.
Since day one Secure Transport socket has two annoying problems on macOS:
when we call SecPKCS12Import, we indeed import certs and keys into the default keychain
and also (which is more serious) later a dialog can pop up, asking for permission
to use a private key (this is especially annoying if you're running SSL autotests or
have a server application). Apparently, it's possible to work around those problems
if we create our own (temporary) keychain and pass it in the 'options' parameter
to SecPKCS12Import.
[ChangeLog][QtNetwork] Allow QSslSocket to use a temporary keychain on macOS.
Task-number: QTBUG-56102
Change-Id: Ic3a56c905100dc80d907a25fe6ebfa232dcf5b9e
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 17927392cf1cecb20cef7cb9cd77131391de087c)
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- don't create a QString, a QByteArray suffices
- perform the mid() operation on a view type (QLatin1String),
not on a container
- use QStringBuilder
Change-Id: Ifd74f2bc98606425f9f6cb4da8618e8066a8b12e
Reviewed-by: Milian Wolff <milian.wolff@kdab.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/io/qfilesystemengine_win.cpp
src/gui/text/qdistancefield.cpp
src/plugins/platforms/xcb/qxcbconnection.h
Change-Id: I1be4a6f440ccb7599991159e3cb9de60990e4b1e
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Secure Transport supports more ciphers then we can convert into QSslCipher.
This results in our tests failing, since after the successful SSL handshake
sessionCipher is 'unknown'. This patch adds missing AES256-GCM-SHA384 and also,
to make new cipher addition easier in future, sorts cipher suites as it's done
in CipherSuite.h (ST framework's header) - grouped by RFC they were introduced
in + sorted within their group.
As a bonus (thanks to Eddy for spotting this problem) - some copy & paste (?)
typos were fixed (mismatched names).
Task-number: QTBUG-59480
Change-Id: I61e984da8b37f1c0787305a26fc289e2e7c2b4ad
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The verifySessionProtocol() method in the SecureTransport backend did not
properly handle TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater.
This commit teaches verifySessionProtocol() about them.
It also adds TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater to the
protocolServerSide() test in tst_qsslsocket.
Change-Id: I394766c75dbea4d89bf3d6b9c3f3c89530ac0749
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since day one Secure Transport socket has two annoying problems on macOS:
when we call SecPKCS12Import, we indeed import certs and keys into the default keychain
and also (which is more serious) later a dialog can pop up, asking for permission
to use a private key (this is especially annoying if you're running SSL autotests or
have a server application). Apparently, it's possible to work around those problems
if we create our own (temporary) keychain and pass it in the 'options' parameter
to SecPKCS12Import.
[ChangeLog][QtNetwork] Allow QSslSocket to use a temporary keychain on macOS.
Task-number: QTBUG-56102
Change-Id: Ic3a56c905100dc80d907a25fe6ebfa232dcf5b9e
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It was first introduced when we had to work-around old macOS SDK (<= 10.7) with
missing API; so we split the original code into two functions, one for
iOS (any supported version) and macOS > 10.7, another function (with all
ifdefs needed and old, deprecated API usage) for macOS <= 10.7. Now that
support for those versions was dropped and the second function gone, having
the remaining code in some external function looks illogical. It can be moved
into the member-function back.
Change-Id: Ib6355f225b5df3d92a70bd7679545cc89c450228
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/features/uikit/xcodebuild.mk
tests/auto/other/lancelot/tst_lancelot.cpp
tests/auto/widgets/widgets/qmdisubwindow/tst_qmdisubwindow.cpp
tests/auto/widgets/widgets/qmenubar/tst_qmenubar.cpp
Change-Id: Ia0ae2de86094120281abd445138877c2cc3e882c
|
