| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We set anchors from QSslConfiguration::caCertificates. On macOS these
anchors are by default copied from the system store, so I expected
setting 'trust those anchors only' should not break anything.
Somehow, on 10.11 SecTrustEvaluate fails to evaluate a valid
certificate chain (apparently because it has an intermediate
certificate, it's just a guess, since their API/docs are too poor
to explain well what was the real cause) as I can see connecting,
for example, to google.com - we have a chain with a valid root,
say it's GetTrust CA and we have it also in our list of anchors we set
on trust, but evaluation fails with: kSecTrustResultRecoverableTrustFailure:
"This means that you should not trust the chain as-is, but that
the chain could be trusted with some minor change to the evaluation
context, such as ignoring expired certificates or adding an
additional anchor to the set of trusted anchors."
Since none of certs is expired, and the required anchor already set,
this must be some bug in SecureTransport. For macOS (deployment
target) < 10.12 we fallback to the original version of the code
(the one that unfortunately does not allow us to limit the set
of trusted anchors by what client code wants to trust).
Change-Id: Ie42fd77c3eb6ef7469812aa0d7efff88a003c0b8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The verifySessionProtocol() method in the SecureTransport backend did not
properly handle TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater.
This commit teaches verifySessionProtocol() about them.
It also adds TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater to the
protocolServerSide() test in tst_qsslsocket.
Backport from 5.10 to 5.9 (LTS).
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 9c765522d1c4f8090b5f5d391b1740fc4bd67664)
Change-Id: I58c53bdf43e0f19b4506f3696d793f657eb4dc6f
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
| |
Unique begins with a "y" sound, hence a unique is correct.
Change-Id: I9eb6b4d4c9ddab45af931e97c041c24edf163eca
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I noticed we never release 'items' imported by SecPKCS12Import.
But looking at the actual code (SecImportExport.c), it appears
we own these 'items' and must release them. And this leads to a crash
(on over-release) which reveals another bug: a value from a dictionary
obtained with 'Get' method should follow the 'get rule' - we do not
own it and QCFType RAII object is not needed.
Change-Id: I219015fadedb256c401e50cf7e955f3d7e0a6c5f
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
That's the only place there we can potentially pass a null pointer
to CFArrayAppendValue (all other calls are conditionally-protected).
This results in (surprise! ... ?) Objective-C exception (while we call
something that is a pure-C API). So far we cannot reproduce this crash and
can only speculate: probably this happens with invalid (can be either
really invalid or the result of our generic QSslCertificate's failure to read/
parse)) custom CA certificates appended to a QSslConfiguration object by
applications using QSslSocket/QNAM. The fix will probably make a handshake to
fail, but this seems to be better than a crash anyway.
Task-number: QTBUG-58213
Change-Id: Ie4f9ab2138bc383adc9f9ed55ed61be2d3cf7020
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On iOS QSslConfiguration always has an empty list of system CA certificates.
Calling SecTrustSetAnchorCertificatesOnly(.., TRUE) on iOS results in
SecTrustEvaluate failing to verify a valid certificate, since there
are no 'anchors' at all. We can use SecTrustSetAnchorCerificatesOnly(.. TRUE)
on macOS only, where we do extract/copy system certificates using
SecTrustSettingsCopyCertificates and save them in a QSslConfiguration's
list.
Task-number: QTBUG-61053
Change-Id: I70d4e46273d78414baaac8531273def707c3eebc
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Calling SecTrustSetAnchorCertificatesOnly(trust, false) we actually extend
what our user provided in QSslConfiguration as CA certificates (caCertificates,
setCaCertificates) - Secure Transport will also use a default set provided
by the system and SSL handshake can surprisingly (for a user) succeed.
And the default content of these caCertificates, if not altered by setCaCertificates
call - are those system CA certificates.
Task-number: QTBUG-60233
Change-Id: I8c1094bb7eec260f5202a47085f9f75e720eda7b
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry picked:
this change was first merged into dev, but now we also need it in 5.9
to enable SSL socket tests on the new CI VMs (macOS 10.11, 10.12).
As we do not merge dev->5.9, we need this cherry-pick.
Since day one Secure Transport socket has two annoying problems on macOS:
when we call SecPKCS12Import, we indeed import certs and keys into the default keychain
and also (which is more serious) later a dialog can pop up, asking for permission
to use a private key (this is especially annoying if you're running SSL autotests or
have a server application). Apparently, it's possible to work around those problems
if we create our own (temporary) keychain and pass it in the 'options' parameter
to SecPKCS12Import.
[ChangeLog][QtNetwork] Allow QSslSocket to use a temporary keychain on macOS.
Task-number: QTBUG-56102
Change-Id: Ic3a56c905100dc80d907a25fe6ebfa232dcf5b9e
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 17927392cf1cecb20cef7cb9cd77131391de087c)
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Secure Transport supports more ciphers then we can convert into QSslCipher.
This results in our tests failing, since after the successful SSL handshake
sessionCipher is 'unknown'. This patch adds missing AES256-GCM-SHA384 and also,
to make new cipher addition easier in future, sorts cipher suites as it's done
in CipherSuite.h (ST framework's header) - grouped by RFC they were introduced
in + sorted within their group.
As a bonus (thanks to Eddy for spotting this problem) - some copy & paste (?)
typos were fixed (mismatched names).
Task-number: QTBUG-59480
Change-Id: I61e984da8b37f1c0787305a26fc289e2e7c2b4ad
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It was first introduced when we had to work-around old macOS SDK (<= 10.7) with
missing API; so we split the original code into two functions, one for
iOS (any supported version) and macOS > 10.7, another function (with all
ifdefs needed and old, deprecated API usage) for macOS <= 10.7. Now that
support for those versions was dropped and the second function gone, having
the remaining code in some external function looks illogical. It can be moved
into the member-function back.
Change-Id: Ib6355f225b5df3d92a70bd7679545cc89c450228
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/features/uikit/xcodebuild.mk
tests/auto/other/lancelot/tst_lancelot.cpp
tests/auto/widgets/widgets/qmdisubwindow/tst_qmdisubwindow.cpp
tests/auto/widgets/widgets/qmenubar/tst_qmenubar.cpp
Change-Id: Ia0ae2de86094120281abd445138877c2cc3e882c
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/widgets/dialogs/qcolordialog.cpp
src/widgets/dialogs/qfiledialog.cpp
tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
Change-Id: I34bc8a990f8f526889a95a5c7099ef557b9681ad
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1. QSslSocketBackendPrivate::transmit was ignoring 'readBufferMaxSize';
as a result, we can have a user trying to set read buffer's size
to a small value (and more important - reading slowly in a small
chunks from this socket), but SSL itself socket reading 'too fast',
potentially growing its internal buffer to a huge size. This also
results in auto-tests failing - whenever we're trying to limit read
rate in some test.
2. Update qsslsocket auto-test.
Task-number: QTBUG-43388
Task-number: QTBUG-55170
Change-Id: Iedece26df0ac5b3b7cad62cc8c98aedc28e7ca5b
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I3f9e00569458a463af2eaa5a3a16a6afd1e9c1ea
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@theqtcompany.com>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
qmake/library/qmakebuiltins.cpp
qmake/library/qmakeevaluator.cpp
qmake/library/qmakeevaluator.h
qmake/project.h
QMakeEvaluator:
* evaluateConditional(): one side changed return type, the other
changed a parameter type.
* split_value_list(): one side changed a parameter adjacent to where ...
* expandVariableReferences(): ... the other killed one overload and
changed the survivor
src/corelib/io/qlockfile_unix.cpp
One side changed a #if condition, the other moved NETBSD's part of
what it controlled.
src/corelib/tools/qdatetime.cpp
One side fixed a reachable Q_UNREACHABLE in toMSecsSinceEpoch(), the
other moved it from the private class to the public one, in the midst
of the "short date-time" optimization, which confused diff entirely.
One side changed a QStringLiteral to QLatin1String, the other rewrote
adjoining code.
src/network/kernel/qauthenticator.cpp
Both rewrote a line, equivalently; kept the dev version.
src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm
src/platformsupport/fontdatabases/mac/qfontengine_coretext_p.h
One side changed #if-ery that the other removed.
tools/configure/configureapp.cpp
One side added a check to -target parsing; the other killed -target.
tests/auto/testlib/selftests/expected_cmptest.lightxml
tests/auto/testlib/selftests/expected_cmptest.teamcity
tests/auto/testlib/selftests/expected_cmptest.txt
tests/auto/testlib/selftests/expected_cmptest.xml
tests/auto/testlib/selftests/expected_cmptest.xunitxml
Regenerated using generate_expected_output.py
I note that quite a few other expected_* come out changed, now.
There was no git-conflict in
src/widgets/kernel/qformlayout.cpp
but it didn't compile; one side removed some unused methods; the other
found uses for one of them. Put FixedColumnMatrix<>::removeRow(int)
back for its new user.
Change-Id: I8cc2a71add48c0a848e13cfc47b5a7754e8ca584
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
qmake/library/qmakeevaluator.cpp
One side changed the iterator to use ranged-for, the other changed its
body; they only conflicted because the latter had to add braces around
the body, intruding on the for-line. Trivial resolution.
Change-Id: Ib487bc3bd6e3c5225db15f94b9a8f6caaa33456b
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I2ab758fe61ea1ba9b84672ac05ac219b85e3de6a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Replace it with QL1S in QStringBuilder expressions
and in overloaded functions.
Replace patterns 'QString::number() + QStringLiteral'
and 'QStringLiteral + QString::number()' with
QString::asprintf.
Saves some text size.
Change-Id: Ib39b2332264dfc3df04e77f2c101b47a1030cef4
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| | |\|
| | |
| | |
| | | |
Change-Id: Ibd81cd1df4a0650d93fcb556a57be90be2e1f569
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1. QSslSocketBackendPrivate::transmit can invalidate SSL context
causing subsequent SSLWrite or SSLRead calls to fail; these report
errSecParam (as null context is an invalid parameter) spuriously,
when we should rather report the cause of invalidation. The OpenSSL
backend can trigger this when it aborts connection during an SSL
handshake, on an sslErrors signal. As transmit() emits readReady(),
a directly connected slot can trigger the same problem if it aborts or
closes.
2. If during peer verification (and in checkSslErrors) we disconnect
on sslErrors signal, peer verification must be considered failed and
should not continue handshake/set connectionEncrypted.
Task-number: QTBUG-52975
Task-number: QTBUG-53906
Change-Id: Iacd3b489a4156e25ef3460ace40d21f34a946bed
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Now that the minimum deployment target (and thus SDK) is 10.9 for OS X
and 7.0 for iOS, all code paths affecting platform versions lower than
the aforementioned are removed.
Change-Id: Id985c7259c4ac069319d88f2c29c9559ae9e8641
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pass -xplatform macx-tvos-clang to configure to build.
Builds device and simulator by default.
Added ‘uikit’ platform with the common setup.
Also added QT_PLATFORM_UIKIT define (undocumented).
qmake config defines tvos (but not ios).
tvOS is 64bits only (QT_ARCH is arm64) and requires bitcode to be
embedded in the binary. A new ‘bitcode’ configuration was added.
For ReleaseDevice builds (which get archived and push to the store),
bitcode is actually embedded (-fembed-bitcode passed to clang). For all
other configurations, only using bitcode markers to keep file size
down (-fembed-bitcode-marker).
Build disables Widgets in qtbase, and qtscript (unsupported,
would require fixes to JavaScriptCore source code).
Qpa same as on iOS but disables device orientation, status bar, clipboard,
menus, dialogs which are not supported on tvOS.
Change-Id: I645804fd933be0befddeeb43095a74d2c178b2ba
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@theqtcompany.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For CoW types, prefer const methods to avoid needless detach()ing.
Mark predictNextRequest() as const, because this method
does not modify the object.
Change-Id: Ic94e2b31445ece46ab1423bf5b5f4e66d9a5b6ca
Reviewed-by: Edward Welbourne <edward.welbourne@theqtcompany.com>
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
... by replacing them with C++11 range-for loops.
To avoid detaches of these mutable Qt containers,
wrap the container in qAsConst().
Change-Id: I47c5308a6ad220b4c5495e55a3b0d38547bfa8d9
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Wrap C-string in QL1S to prevent memory allocation.
Replace startsWith() with comparing to first element of
(existing) splitting result.
Change-Id: Id47a0c350e4027abecd1394c1ee5dec8f346af00
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Edward Welbourne <edward.welbourne@theqtcompany.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace substring functions that return QString with
corresponding functions that return QStringRef where
it's possible.
Create QString from QStringRef only where necessary.
Change-Id: I697f776c60003629990cfd197534ffed63bafe2f
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Change-Id: I96974a7460c29b46cae8a28aadb3e50cdcdb7beb
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
|
| | |
| |
| |
| |
| |
| |
| | |
This allows to remove a code duplication in several places.
Change-Id: I49f56e951682dbd2968923654a12cba5199a2502
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
From Qt 5.7 -> LGPL v2.1 isn't an option anymore, see
http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/
Updated license headers to use new LGPL header instead of LGPL21 one
(in those files which will be under LGPL v3)
Change-Id: I046ec3e47b1876cd7b4b0353a576b352e3a946d9
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/kernel/qcoreapplication.cpp
src/corelib/kernel/qeventdispatcher_blackberry.cpp
src/network/bearer/qnetworkconfiguration.cpp
src/plugins/bearer/blackberry/qbbengine.cpp
src/plugins/platforms/android/androidjnimain.cpp
src/plugins/platforms/android/qandroidplatformtheme.cpp
src/plugins/platforms/qnx/qqnxbpseventfilter.cpp
src/plugins/platforms/qnx/qqnxfiledialoghelper_bb10.cpp
src/plugins/platforms/qnx/qqnxinputcontext_imf.cpp
src/plugins/platforms/qnx/qqnxintegration.cpp
src/plugins/platforms/qnx/qqnxnavigatorbps.cpp
src/plugins/platforms/qnx/qqnxvirtualkeyboardbps.cpp
src/plugins/platforms/qnx/qqnxwindow.cpp
src/widgets/kernel/qwidgetwindow.cpp
src/widgets/styles/qwindowsvistastyle.cpp
src/widgets/styles/qwindowsxpstyle.cpp
src/widgets/widgets/qtoolbararealayout.cpp
tests/auto/corelib/global/qflags/qflags.pro
tests/auto/corelib/itemmodels/qitemmodel/modelstotest.cpp
tests/auto/corelib/tools/qversionnumber/qversionnumber.pro
tests/auto/widgets/dialogs/qfilesystemmodel/tst_qfilesystemmodel.cpp
Change-Id: I37be88c6c185bb85404823353e027a0a6acdbce4
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/network/socket/qnativesocketengine_p.h
src/network/ssl/qsslsocket_mac.cpp
src/network/ssl/qsslsocket_mac_p.h
src/widgets/kernel/qwidget.cpp
Change-Id: I39592cb37d710dfaf8640769ba3c1b637927d7f4
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
SSLSetProtocolVersionMin/Max were introduced _only_ in 10.8 and
we need a workaround for 10.7 - use SSLSetProtocolVersion or SSLSetProtocolVersionEnabled.
Change-Id: I4b7ed9fda21e2c374a98fd777253280e8013ffde
Reviewed-by: Morten Johan Sørvig <morten.sorvig@theqtcompany.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
On OS X SSLCreateContext is quite recent - it requires OS X/SDK version
>= 10.8. Since SecureTransport back-end is the default one in Qt 5.6,
make it also work on OS X 10.7.
Change-Id: I364feff9dd95772fcea926494b2d4edaffd2dde1
Reviewed-by: Morten Johan Sørvig <morten.sorvig@theqtcompany.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This will make sure that certs in the domainUser (login),
and domainAdmin (per machine) keychain are being picked up
in systemCaCertificates() in addition to the (usually immutable)
DomainSystem keychain.
Also consider the trust settings on OS X: If a certificate
is either fully trusted or trusted for the purpose of SSL,
it will be accepted.
[ChangeLog][Platform Specific Changes] OS X now accepts trusted
certificates from the login and system keychains.
Task-number: QTBUG-32898
Change-Id: Ia23083d5af74388eeee31ba07239735cbbe64368
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
tst_qsslsocket::sessionCipher fails starting from OS X 10.11, since we
do not recognize ECDHE-RSA-AES256-GCM-SHA384 (and the resulting 'sessionCipher'
isNull).
Change-Id: I37f51a1627c25f03a30172b245be8142d179affa
Task-number: QTBUG-48881
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| | |
Change-Id: I92db9691c2243ae72ecd4e11dd4640afaf4bf822
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@theqtcompany.com>
|
| |/
|
|
|
|
|
|
|
| |
Introduce the methods setError(), setErrorAndEmit() to consistently
set the internal error state.
Change-Id: I4ff951d100cf5e9f9a7e27135bb52188cde99853
Reviewed-by: Alex Trotsenko <alex1973tr@gmail.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This improves SecureTransport logging consistency:
- include error code in SSL error when a native backend call fails
- use qt.network.ssl category for debug / warning messages
- do not use duplicate qWarning when error is already reported via QSslError
Change-Id: I52d457b11f0cef2cc3579305e457663b61b92f3f
Reviewed-by: Timur Pocheptsov <Timur.Pocheptsov@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently when the remote server disconnects gracefully (for example upon
returning an HTTP request with Connection: close) the call to SSLRead
will return errSSLCloseGraceful which is incorrectly reported as
QAbstractSocket::SslInternalError.
This patch aligns the behavior with that of the OpenSSL backend and instead
reports QAbstractSocket::RemoteHostClosedError.
Change-Id: I8c6679280ac0c6fbd71d5f0d29b25f692eca5b24
Task-number: QTBUG-47154
Reviewed-by: Timur Pocheptsov <Timur.Pocheptsov@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New SSL backend fails to read data most of the time.
This patch:
1. Removes direct call to _q_SSLRead - it was never executed (intentionally)
and is completely horrible and redundant.
2. Changes the reading loop - read not while we have bytesAvailable, but
until we have errSSLWouldBlock.
Change-Id: I3fc5ff94ded76fcc1748d4979f7af85740b4b6aa
Task-number: QTBUG-45290
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org>
Reviewed-by: Timur Pocheptsov <Timur.Pocheptsov@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Suddenly :(( With Security Framework v 7.0 dated by 17/02 SSLHandshake
works differently when our server socket is requesting a client side authentication
and client provides no certificate. Despite of kTryAuthenticate (this means,
auth. _can_ fail) server receives an error from SSLHandshake too early.
We have to handle this in startHandshake (when serveMode && canIgnore).
Change-Id: Ie55540078e2944e80cf2f4ade8b000acf29d6ca2
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
| |
and TlsV1_2OrLater
Change-Id: I001ffebef30b47b63cae6ea9487d9e96ca85ff92
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
Enable certificate/trust validation when socket is in server mode.
Change-Id: I8fbba587a9484084495722219d83cca57973a3e6
Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org>
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Timur Pocheptsov <Timur.Pocheptsov@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Qt copyrights are now in The Qt Company, so we could update the source
code headers accordingly. In the same go we should also fix the links to
point to qt.io.
Outdated header.LGPL removed (use header.LGPL21 instead)
Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing
combination. New header.LGPL-COMM taken in the use file which were
using old header.LGPL3 (src/plugins/platforms/android/extract.cpp)
Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license
combination
Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe
Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
|
|
|
Add support for SSL on iOS/OS X by adding a SecureTransport based
backend.
[ChangeLog][QtNetwork][QSslSocket] A new SSL backend for iOS and OS X,
implemented with Apple's Secure Transport (Security Framework).
Change-Id: I7466db471be2a8a2170f9af9d6ad4c7b6425738b
Reviewed-by: Richard J. Moore <rich@kde.org>
|
