| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Change-Id: I78913fee6720f6ad9b196824b35de189567340be
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/android/templates/AndroidManifest.xml
src/network/ssl/qsslsocket_mac.cpp
src/widgets/styles/qstylesheetstyle.cpp
tests/auto/corelib/kernel/qtimer/BLACKLIST
tests/auto/testlib/selftests/blacklisted/tst_blacklisted.cpp
tests/auto/testlib/selftests/expected_blacklisted.lightxml
tests/auto/testlib/selftests/expected_blacklisted.tap
tests/auto/testlib/selftests/expected_blacklisted.teamcity
tests/auto/testlib/selftests/expected_blacklisted.txt
tests/auto/testlib/selftests/expected_blacklisted.xml
tests/auto/testlib/selftests/expected_blacklisted.xunitxml
tests/auto/testlib/selftests/expected_float.tap
tests/auto/testlib/selftests/expected_float.teamcity
tests/auto/testlib/selftests/expected_float.txt
tests/auto/testlib/selftests/expected_float.xunitxml
Done-With: Christian Ehrlicher <ch.ehrlicher@gmx.de>
Done-With: Edward Welbourne <edward.welbourne@qt.io>
Done-With: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: If93cc432a56ae3ac1b6533d0028e4dc497415a52
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is similar to a change we approved recently in OpenSSL back-end.
Similar to OpenSSL, not setting the upper limit on protocols allowed
to negotiate/use, neatly ends up with the highest available, which
is ... TLS 1.2 at the moment, but will silently switch to 1.3 etc.
This was also recommended by Apple's engineer who closed a related
bug report with 'Won't do' - "do not limit the max, you'll always
have the real max supported'. Also, while at the moment we do
not allow QSsl::TlsV1_3 and QSsl::TlsV1_3OrLater, if we managed
to negotiate it - report it properly, not as 'Unknown'.
Task-number: QTBUG-67463
Change-Id: I3f46ea525f06edca03259123809f3b7b1191b1ee
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As per RFC 6176 (2011) and RFC 7568 (2015).
Code-wise, we're left with the decision of what to do with a few
enumerators in QSsl::Protocol; I've made TlsV1SslV3 act as TlsV1,
and adjusted the description of AnyProtocol.
A new test was introduced - deprecatedProtocol() - to test that
we, indeed, do not allow use of SSL v2 and v3. protocol() and
protocolServerSide() were reduced to exclude the (now) no-op
and meaningless tests - neither client nor server side can
start a handshake now, since we bail out early in initSslContext().
[ChangeLog][QtNetwork][SSL] Support for SSLv2 and SSLv3
sockets has been dropped, as per RFC 6176 (2011)
and RFC 7568 (2015).
Change-Id: I2fe4e8c3e82adf7aa10d4bdc9e3f7b8c299f77b6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| |
| |
| |
| | |
Change-Id: I3cfcfba892ff4a0ab4e31f308620b445162bb17b
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/io/qdir.cpp
src/corelib/kernel/qtimer.cpp
src/corelib/kernel/qtimer.h
Done-With: Edward Welbourne <edward.welbourne@qt.io>
Change-Id: I683d897760ec06593136d77955f8bc87fdef3f9f
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
1. Remove the conditional inclusion of DTLS versions, they made difficult
and unnecessary ugly adding new protocols (something like TlsV1_2OrLater + 4).
2. OpenSSL 1.1.1 first introduced TLS 1.3 support. OpenSSL 1.1 back-end is
compatible with OpenSSL 1.1.1, but would fail to extract/report protocol
versions and set versions like 'TLS 1.3 only' or 'TLS 1.3 or better' on a
new context. Given 1.1.1 is deployed/adapted fast by different distros,
and 5.12 is LTS, we fix this issue by introducing QSsl::Tls1_3 and
QSsl::Tls1_3OrLater.
SecureTransport, WinRT and OpenSSL below 1.1.1 will report an error in case
the application requests this protocol (SecureTransport in future will
probably enable TLS 1.3).
Saying all that, TLS 1.3 support is experimental in QSslSocket.
Done-by: Albert Astals Cid <albert.astals.cid@kdab.com>
Done-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: I4a97cc789b62763763cf41c44157ef0a9fd6cbec
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
| |/
|
|
|
|
|
|
|
|
| |
It's needed to generate a pkcs12/pfx bundle from our
certificate chains which are then imported into a certificate
store in Schannel and then passed to various Schannel API.
Change-Id: Idb88f42f2aa15eb91c52404ee6c57bf43e983379
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Testing barely 10.13 seems to be insuficcient: we have developers working
on macOS 10.12 with SDK 10.13, but apparently they cannot update to the
latest SDK 10.13. We can try to be more specific and use __MAC_10_13_4.
Task-number: QTBUG-70757
Change-Id: I083d51f1a945f63f0413792387475341ecb96118
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Andy Maloney <asmaloney@gmail.com>
|
| |
|
|
|
|
|
|
| |
And reflow the text where it exceeds the 100 column limit.
Change-Id: I0d270c6a74a4c6ecba30e4e4d38a5d8f2cf81040
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
| |
As discussed/proposed previously: remove the duplicated code when converting the
native certificate representation into QSslCertificate (configuration.peerCertificate).
Also, use the correct integer type when iterating - CFIndex is actually long, not int.
Change-Id: Ia6f43172e21b5153a93f1ef2589980d68ec2b39f
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |\
| |
| |
| | |
refs/staging/dev
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
.qmake.conf
src/corelib/doc/src/objectmodel/signalsandslots.qdoc
src/plugins/platforms/cocoa/qcocoamenuloader.mm
src/plugins/platforms/xcb/qxcbconnection.cpp
src/plugins/platforms/xcb/qxcbconnection.h
src/plugins/platforms/xcb/qxcbconnection_xi2.cpp
src/plugins/platforms/xcb/qxcbwindow.cpp
tests/auto/gui/image/qimage/tst_qimage.cpp
Done-with: Gatis Paeglis <gatis.paeglis@qt.io>
Change-Id: I9bd24ee9b00d4f26c8f344ce3970aa6e93935ff5
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It appears that by default our keychain auto-locks when the
system sleeps. This makes the keychain totally useless, since
its password is a random 256 bytes our user never has a chance
to know. Thanks to Mårten for the hint about SecKeychainSetSettings,
the way to properly fix it.
Task-number: QTBUG-69677
Change-Id: I2603c26b8422a1bcace3336e9b4ebe0381c952d7
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also remove unneeded and now wrong check (was marked with TODO)
which was a copy and paste from OpenSSL counterpart. There, testing
if peerCertificateChain.isEmpty() makes sense, since there we
potentially call storePeerCertificates() twice during the handshake.
Change-Id: I946e6876adb3f9504e93c06ac90ff36dd44aca4c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After a handshake was completed, TLS socket is in 'connectionEncrypted' state.
So on a read notification, in 'transmit', we call 'SSLRead' to read supposedly
encrypted application data or TLS internal messages. In case SSLRead finds either
ClientHello or HelloRequest from a server, it attempts in a rather sneaky manner
to renegotiate. And as it happens here and there with SecureTransport, SSLRead
fails and the work is only half-done, since we have kSSLSessionOptionBreakOnServerAuth
and kSSLSessionOptionBreakOnCertRequested options set to 'true'. We end up with
completely unexpected errors like errSSLClientCertRequested or errSSLPeerAuthCompleted
(yes, this is so normal and totally expected for 'SSLRead' function to verify
certificates and WRITE messages, no need to document this at all!).
If SecureTransport is sneaky, so can be us:
- in a read callback SecureTransport is probing the type of record
and we can notice a sudden session state change - it goes from
kSSLConnected (which is set upon handshake completion) to
kSSLHandshake (which means a (re)handshake is ongoing);
- if this is the case - we lie to SecureTransport about the amount
of data available (0 bytes), set 'renegotiating' to 'true', return
errSSLWouldBlock;
- in 'transmit', if SSLRead returns errSSLWouldBlock and 'renegotiating'
was set, we call 'startHandshake' until isHandshakeComplete() == true
or some error encountered.
[ChangeLog][QtNetwork][QSslSocket] Implement renegotiation for SecureTransport backend
Task-number: QTBUG-69420
Change-Id: Iaab1336aa3abf3f6ac94b358f3142d2738a18ee9
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Initially macOS SDK 10.13 had a missing symbol (only a function declaration
in a header), while iOS, tvOS and watchOS SDKs all had the required symbol. Now
it appears more recent SDK for macOS also has the function we need and thus we enable
ALPN on macOS (as a result 'h2' protocol can now be negotiated as required by
RFC 7540).
[ChangeLog][QtNetwork][QSslSocket] Enable ALPN (and thus HTTP/2 negotiation) in SecureTransport backend (macOS).
Change-Id: I65bd8262a9571a5495d11f7f5a29d150334cd09c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |/
|
|
|
|
|
|
|
|
| |
No need in ugly macro ioErr and if-ery, no need in generic noErr.
SecureTransport has its own, more specific error codes: errSecIO
and errSecSuccess (which have the equivalent values).
Change-Id: Ifd99fbcbee290fe27caa0c258923f4527c047ba8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
.qmake.conf
sc/corelib/io/qfsfileengine_p.h
src/corelib/io/qstorageinfo_unix.cpp
src/platformsupport/eglconvenience/qeglpbuffer_p.h
src/platformsupport/input/libinput/qlibinputkeyboard.cpp
src/platformsupport/input/libinput/qlibinputpointer.cpp
src/plugins/platforms/cocoa/qcocoamenu.mm
src/plugins/platforms/ios/qiosscreen.h
src/plugins/platforms/ios/qioswindow.h
src/plugins/platforms/ios/quiview.mm
src/printsupport/dialogs/qpagesetupdialog_unix_p.h
src/printsupport/dialogs/qprintpreviewdialog.cpp
src/printsupport/widgets/qcupsjobwidget_p.h
src/widgets/widgets/qmenu.cpp
tests/auto/corelib/tools/qdatetime/tst_qdatetime.cpp
tests/auto/widgets/itemviews/qtreeview/tst_qtreeview.cpp
Change-Id: Iecb4883122efe97ef0ed850271e6c51bab568e9c
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
.qmake.conf
mkspecs/win32-g++/qmake.conf
src/corelib/global/qglobal_p.h
src/corelib/global/qoperatingsystemversion_p.h
src/corelib/io/qfilesystemengine_win.cpp
src/network/bearer/qbearerengine.cpp
src/platformsupport/input/libinput/qlibinputpointer.cpp
src/sql/doc/snippets/code/doc_src_sql-driver.cpp
src/widgets/kernel/qwidget_p.h
src/widgets/kernel/qwidgetwindow.cpp
src/widgets/styles/qfusionstyle.cpp
tests/auto/corelib/io/qfileinfo/tst_qfileinfo.cpp
Change-Id: I80e2722f481b12fff5d967c28f89208c0e9a1dd8
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We set anchors from QSslConfiguration::caCertificates. On macOS these
anchors are by default copied from the system store, so I expected
setting 'trust those anchors only' should not break anything.
Somehow, on 10.11 SecTrustEvaluate fails to evaluate a valid
certificate chain (apparently because it has an intermediate
certificate, it's just a guess, since their API/docs are too poor
to explain well what was the real cause) as I can see connecting,
for example, to google.com - we have a chain with a valid root,
say it's GetTrust CA and we have it also in our list of anchors we set
on trust, but evaluation fails with: kSecTrustResultRecoverableTrustFailure:
"This means that you should not trust the chain as-is, but that
the chain could be trusted with some minor change to the evaluation
context, such as ignoring expired certificates or adding an
additional anchor to the set of trusted anchors."
Since none of certs is expired, and the required anchor already set,
this must be some bug in SecureTransport. For macOS (deployment
target) < 10.12 we fallback to the original version of the code
(the one that unfortunately does not allow us to limit the set
of trusted anchors by what client code wants to trust).
Change-Id: Ie42fd77c3eb6ef7469812aa0d7efff88a003c0b8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The verifySessionProtocol() method in the SecureTransport backend did not
properly handle TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater.
This commit teaches verifySessionProtocol() about them.
It also adds TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater to the
protocolServerSide() test in tst_qsslsocket.
Backport from 5.10 to 5.9 (LTS).
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 9c765522d1c4f8090b5f5d391b1740fc4bd67664)
Change-Id: I58c53bdf43e0f19b4506f3696d793f657eb4dc6f
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Starting from iOS 11.0 (SDK) Apple has exposed two new functions:
SSLSetALPNProtocols and SSLCopyALPNProtocols. This allows us to
negotiate http/2 (and any other application layer protocol) via TLS on
iOS. Unlike OpenSSL, SecureTransport's version is very limited - we
have to compare protocols manually after the SSL handshake has
finished. Still, this is better than nothing. These two functions are
also declared in macOS SDK starting from 10.13, but unfortunately the
symbols are missing and for now this feature is only enabled on iOS.
Change-Id: I3ed2f287bfa864f8aca0c231171e804f7d6b8016
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/plugins/platforms/windows/qwindowsmousehandler.cpp
src/plugins/platforms/xcb/qxcbimage.cpp
tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
tests/manual/qtabletevent/regular_widgets/main.cpp
Done-with: Friedemann Kleint<Friedemann.Kleint@qt.io>
Done-with: Mårten Nordheim<marten.nordheim@qt.io>
Change-Id: I5b2499513a92c590ed0756f7d2e93c35a64b7f30
|
| | |\|
| | |
| | |
| | | |
Change-Id: I3cf73c53cf131d0babfb558c2507bed0e0fc5f08
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Unique begins with a "y" sound, hence a unique is correct.
Change-Id: I9eb6b4d4c9ddab45af931e97c041c24edf163eca
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remaining uses of Q_NULLPTR are in:
src/corelib/global/qcompilerdetection.h
(definition and documentation of Q_NULLPTR)
tests/manual/qcursor/qcursorhighdpi/main.cpp
(a test executable compilable both under Qt4 and Qt5)
Change-Id: If6b074d91486e9b784138f4514f5c6d072acda9a
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
.qmake.conf
Change-Id: I43531e087bb810889d5c1fbfcdffb29b78804839
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I noticed we never release 'items' imported by SecPKCS12Import.
But looking at the actual code (SecImportExport.c), it appears
we own these 'items' and must release them. And this leads to a crash
(on over-release) which reveals another bug: a value from a dictionary
obtained with 'Get' method should follow the 'get rule' - we do not
own it and QCFType RAII object is not needed.
Change-Id: I219015fadedb256c401e50cf7e955f3d7e0a6c5f
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/io/qprocess_unix.cpp
src/corelib/io/qprocess_win.cpp
src/plugins/platforms/android/qandroidplatformintegration.h
src/plugins/platforms/windows/qwindowscontext.cpp
src/plugins/platforms/windows/windows.pri
src/tools/uic/cpp/cppwriteinitialization.cpp
src/widgets/doc/src/widgets-and-layouts/gallery.qdoc
Change-Id: I8d0834c77f350ea7540140c2c7f372814afc2d0f
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That's the only place there we can potentially pass a null pointer
to CFArrayAppendValue (all other calls are conditionally-protected).
This results in (surprise! ... ?) Objective-C exception (while we call
something that is a pure-C API). So far we cannot reproduce this crash and
can only speculate: probably this happens with invalid (can be either
really invalid or the result of our generic QSslCertificate's failure to read/
parse)) custom CA certificates appended to a QSslConfiguration object by
applications using QSslSocket/QNAM. The fix will probably make a handshake to
fail, but this seems to be better than a crash anyway.
Task-number: QTBUG-58213
Change-Id: Ie4f9ab2138bc383adc9f9ed55ed61be2d3cf7020
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
src/widgets/widgets/qmenu.cpp
Change-Id: I6d3baf56eb24501cddb129a3cb6b958ccc25a308
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On iOS QSslConfiguration always has an empty list of system CA certificates.
Calling SecTrustSetAnchorCertificatesOnly(.., TRUE) on iOS results in
SecTrustEvaluate failing to verify a valid certificate, since there
are no 'anchors' at all. We can use SecTrustSetAnchorCerificatesOnly(.. TRUE)
on macOS only, where we do extract/copy system certificates using
SecTrustSettingsCopyCertificates and save them in a QSslConfiguration's
list.
Task-number: QTBUG-61053
Change-Id: I70d4e46273d78414baaac8531273def707c3eebc
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/network/access/qnetworkreply.cpp
tests/auto/corelib/kernel/qmetaobject/tst_qmetaobject.cpp
Change-Id: Iadf766269454087e69fb216fc3857d85b0ddfaad
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Calling SecTrustSetAnchorCertificatesOnly(trust, false) we actually extend
what our user provided in QSslConfiguration as CA certificates (caCertificates,
setCaCertificates) - Secure Transport will also use a default set provided
by the system and SSL handshake can surprisingly (for a user) succeed.
And the default content of these caCertificates, if not altered by setCaCertificates
call - are those system CA certificates.
Task-number: QTBUG-60233
Change-Id: I8c1094bb7eec260f5202a47085f9f75e720eda7b
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cherry picked:
this change was first merged into dev, but now we also need it in 5.9
to enable SSL socket tests on the new CI VMs (macOS 10.11, 10.12).
As we do not merge dev->5.9, we need this cherry-pick.
Since day one Secure Transport socket has two annoying problems on macOS:
when we call SecPKCS12Import, we indeed import certs and keys into the default keychain
and also (which is more serious) later a dialog can pop up, asking for permission
to use a private key (this is especially annoying if you're running SSL autotests or
have a server application). Apparently, it's possible to work around those problems
if we create our own (temporary) keychain and pass it in the 'options' parameter
to SecPKCS12Import.
[ChangeLog][QtNetwork] Allow QSslSocket to use a temporary keychain on macOS.
Task-number: QTBUG-56102
Change-Id: Ic3a56c905100dc80d907a25fe6ebfa232dcf5b9e
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 17927392cf1cecb20cef7cb9cd77131391de087c)
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- don't create a QString, a QByteArray suffices
- perform the mid() operation on a view type (QLatin1String),
not on a container
- use QStringBuilder
Change-Id: Ifd74f2bc98606425f9f6cb4da8618e8066a8b12e
Reviewed-by: Milian Wolff <milian.wolff@kdab.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/io/qfilesystemengine_win.cpp
src/gui/text/qdistancefield.cpp
src/plugins/platforms/xcb/qxcbconnection.h
Change-Id: I1be4a6f440ccb7599991159e3cb9de60990e4b1e
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Secure Transport supports more ciphers then we can convert into QSslCipher.
This results in our tests failing, since after the successful SSL handshake
sessionCipher is 'unknown'. This patch adds missing AES256-GCM-SHA384 and also,
to make new cipher addition easier in future, sorts cipher suites as it's done
in CipherSuite.h (ST framework's header) - grouped by RFC they were introduced
in + sorted within their group.
As a bonus (thanks to Eddy for spotting this problem) - some copy & paste (?)
typos were fixed (mismatched names).
Task-number: QTBUG-59480
Change-Id: I61e984da8b37f1c0787305a26fc289e2e7c2b4ad
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The verifySessionProtocol() method in the SecureTransport backend did not
properly handle TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater.
This commit teaches verifySessionProtocol() about them.
It also adds TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater to the
protocolServerSide() test in tst_qsslsocket.
Change-Id: I394766c75dbea4d89bf3d6b9c3f3c89530ac0749
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since day one Secure Transport socket has two annoying problems on macOS:
when we call SecPKCS12Import, we indeed import certs and keys into the default keychain
and also (which is more serious) later a dialog can pop up, asking for permission
to use a private key (this is especially annoying if you're running SSL autotests or
have a server application). Apparently, it's possible to work around those problems
if we create our own (temporary) keychain and pass it in the 'options' parameter
to SecPKCS12Import.
[ChangeLog][QtNetwork] Allow QSslSocket to use a temporary keychain on macOS.
Task-number: QTBUG-56102
Change-Id: Ic3a56c905100dc80d907a25fe6ebfa232dcf5b9e
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It was first introduced when we had to work-around old macOS SDK (<= 10.7) with
missing API; so we split the original code into two functions, one for
iOS (any supported version) and macOS > 10.7, another function (with all
ifdefs needed and old, deprecated API usage) for macOS <= 10.7. Now that
support for those versions was dropped and the second function gone, having
the remaining code in some external function looks illogical. It can be moved
into the member-function back.
Change-Id: Ib6355f225b5df3d92a70bd7679545cc89c450228
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/features/uikit/xcodebuild.mk
tests/auto/other/lancelot/tst_lancelot.cpp
tests/auto/widgets/widgets/qmdisubwindow/tst_qmdisubwindow.cpp
tests/auto/widgets/widgets/qmenubar/tst_qmenubar.cpp
Change-Id: Ia0ae2de86094120281abd445138877c2cc3e882c
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/widgets/dialogs/qcolordialog.cpp
src/widgets/dialogs/qfiledialog.cpp
tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
Change-Id: I34bc8a990f8f526889a95a5c7099ef557b9681ad
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1. QSslSocketBackendPrivate::transmit was ignoring 'readBufferMaxSize';
as a result, we can have a user trying to set read buffer's size
to a small value (and more important - reading slowly in a small
chunks from this socket), but SSL itself socket reading 'too fast',
potentially growing its internal buffer to a huge size. This also
results in auto-tests failing - whenever we're trying to limit read
rate in some test.
2. Update qsslsocket auto-test.
Task-number: QTBUG-43388
Task-number: QTBUG-55170
Change-Id: Iedece26df0ac5b3b7cad62cc8c98aedc28e7ca5b
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I3f9e00569458a463af2eaa5a3a16a6afd1e9c1ea
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@theqtcompany.com>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
qmake/library/qmakebuiltins.cpp
qmake/library/qmakeevaluator.cpp
qmake/library/qmakeevaluator.h
qmake/project.h
QMakeEvaluator:
* evaluateConditional(): one side changed return type, the other
changed a parameter type.
* split_value_list(): one side changed a parameter adjacent to where ...
* expandVariableReferences(): ... the other killed one overload and
changed the survivor
src/corelib/io/qlockfile_unix.cpp
One side changed a #if condition, the other moved NETBSD's part of
what it controlled.
src/corelib/tools/qdatetime.cpp
One side fixed a reachable Q_UNREACHABLE in toMSecsSinceEpoch(), the
other moved it from the private class to the public one, in the midst
of the "short date-time" optimization, which confused diff entirely.
One side changed a QStringLiteral to QLatin1String, the other rewrote
adjoining code.
src/network/kernel/qauthenticator.cpp
Both rewrote a line, equivalently; kept the dev version.
src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm
src/platformsupport/fontdatabases/mac/qfontengine_coretext_p.h
One side changed #if-ery that the other removed.
tools/configure/configureapp.cpp
One side added a check to -target parsing; the other killed -target.
tests/auto/testlib/selftests/expected_cmptest.lightxml
tests/auto/testlib/selftests/expected_cmptest.teamcity
tests/auto/testlib/selftests/expected_cmptest.txt
tests/auto/testlib/selftests/expected_cmptest.xml
tests/auto/testlib/selftests/expected_cmptest.xunitxml
Regenerated using generate_expected_output.py
I note that quite a few other expected_* come out changed, now.
There was no git-conflict in
src/widgets/kernel/qformlayout.cpp
but it didn't compile; one side removed some unused methods; the other
found uses for one of them. Put FixedColumnMatrix<>::removeRow(int)
back for its new user.
Change-Id: I8cc2a71add48c0a848e13cfc47b5a7754e8ca584
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
qmake/library/qmakeevaluator.cpp
One side changed the iterator to use ranged-for, the other changed its
body; they only conflicted because the latter had to add braces around
the body, intruding on the for-line. Trivial resolution.
Change-Id: Ib487bc3bd6e3c5225db15f94b9a8f6caaa33456b
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I2ab758fe61ea1ba9b84672ac05ac219b85e3de6a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Replace it with QL1S in QStringBuilder expressions
and in overloaded functions.
Replace patterns 'QString::number() + QStringLiteral'
and 'QStringLiteral + QString::number()' with
QString::asprintf.
Saves some text size.
Change-Id: Ib39b2332264dfc3df04e77f2c101b47a1030cef4
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
