| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
All backend-specific code is now separated and removed
from QSslSocket(Private) code. The original code is mostly
preserved to avoid (as much as possible) regressions (and
to simplify code-review).
Fixes: QTBUG-91173
Task-number: QTBUG-65922
Change-Id: I3ac4ba35d952162c8d6dc62d747cbd62dca0ef78
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 9391ba55149336c395b866b24dc9b844334d50da)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also since we have to properly support 'no-ssl' configure option
(alas, we support QSslCertificate on such builds) - introduce
a minimal crippled QTlsBackendCertOnly, which depends on
X509CertificateGeneric.
Fixes: QTBUG-90954
Task-number: QTBUG-65922
Change-Id: Ib9d62903f16b7c0eaaa23e319a822c24a7631dc6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 41fc143635c25f937a557f09890601f6c7d38736)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
To enable QSslCertificate to use TLS plugins. All backend-specific
code is to be moved from QSslCertificate(Private) making them
backend-neutral.
Task-number: QTBUG-90954
Task-number: QTBUG-65922
Change-Id: Ic9d5abf91e42ce81fe56239f95ae97b64035e950
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 405337ee7276be4b76e86745c0694c51283b6b07)
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
| |
which will become parts of TLS plugins in the future.
Task-number: QTBUG-65922
Change-Id: I4ee3c59c435fc34a9f4dacd3ff0e3cfb44251e23
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
QTlsBackend is a factory itself - it creates TLS/X509 objects. Having
an intermediary between Factory->Backend->TLS primitive does not look
very natural thus let's squash the first two parts. Backend is a factory
creating TLS primitives, but its static functions also provide information
about backends availablei and give access to those backends.
Fixes: QTBUG-90606
Task-number: QTBUG-65922
Change-Id: I8409d81fd11fb46e6ab4465b4937a7680a8c2447
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
| |
This is an abstraction for TLS backend and its factory, preparing to transition
to plugin-based design.
Task-number: QTBUG-65922
Change-Id: Ibe810e77fd1b715a6bea66cd3f44312b015ac274
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This API gives the names of available backends and provides a basic
information about features/protocols supported by those backends.
Also, it has the 'loadBackend' functions which allow to select
a particular backend (which are becoming plugins).
At the moment, the implementation is still 'hardcoded', the
follow-up patch will allow to select different backends in runtime.
Task-number: QTBUG-65922
Change-Id: I05877de9c02857594e76b24d52e7578bdb01df69
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
| |
Since we're going to split QMutex and QRecursiveMutex into
separate classes, make sure QMutexLocker is prepared for that.
Change-Id: Id5e9a955d1db7c8ee663dd3811ad6448dad0aeae
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
| |
|
|
|
|
| |
Fixes: QTBUG-83491
Change-Id: I783a355be5405d4c44e703874bdf2e14afe629e1
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
| |
This is required to remove the ; from the macro with Qt 6.
Task-number: QTBUG-82978
Change-Id: I3f0b6717956ca8fa486bed9817b89dfa19f5e0e1
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
|
| |
|
|
|
|
| |
Task-number: QTBUG-84469
Change-Id: I7827da68e73ca8ff1e599c836f2157894c452b63
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
| |
Task-number: QTBUG-84319
Change-Id: I0f4e83c282b58ab4cc5e397b21981978f79d92cf
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
examples/opengl/doc/src/cube.qdoc
src/corelib/global/qlibraryinfo.cpp
src/corelib/text/qbytearray_p.h
src/corelib/text/qlocale_data_p.h
src/corelib/time/qhijricalendar_data_p.h
src/corelib/time/qjalalicalendar_data_p.h
src/corelib/time/qromancalendar_data_p.h
src/network/ssl/qsslcertificate.h
src/widgets/doc/src/graphicsview.qdoc
src/widgets/widgets/qcombobox.cpp
src/widgets/widgets/qcombobox.h
tests/auto/corelib/tools/qscopeguard/tst_qscopeguard.cpp
tests/auto/widgets/widgets/qcombobox/tst_qcombobox.cpp
tests/benchmarks/corelib/io/qdiriterator/qdiriterator.pro
tests/manual/diaglib/debugproxystyle.cpp
tests/manual/diaglib/qwidgetdump.cpp
tests/manual/diaglib/qwindowdump.cpp
tests/manual/diaglib/textdump.cpp
util/locale_database/cldr2qlocalexml.py
util/locale_database/qlocalexml.py
util/locale_database/qlocalexml2cpp.py
Resolution of util/locale_database/ are based on:
https://codereview.qt-project.org/c/qt/qtbase/+/294250
and src/corelib/{text,time}/*_data_p.h were then regenerated by
running those scripts.
Updated CMakeLists.txt in each of
tests/auto/corelib/serialization/qcborstreamreader/
tests/auto/corelib/serialization/qcborvalue/
tests/auto/gui/kernel/
and generated new ones in each of
tests/auto/gui/kernel/qaddpostroutine/
tests/auto/gui/kernel/qhighdpiscaling/
tests/libfuzzer/corelib/text/qregularexpression/optimize/
tests/libfuzzer/gui/painting/qcolorspace/fromiccprofile/
tests/libfuzzer/gui/text/qtextdocument/sethtml/
tests/libfuzzer/gui/text/qtextdocument/setmarkdown/
tests/libfuzzer/gui/text/qtextlayout/beginlayout/
by running util/cmake/pro2cmake.py on their changed .pro files.
Changed target name in
tests/auto/gui/kernel/qaction/qaction.pro
tests/auto/gui/kernel/qaction/qactiongroup.pro
tests/auto/gui/kernel/qshortcut/qshortcut.pro
to ensure unique target names for CMake
Changed tst_QComboBox::currentIndex to not test the
currentIndexChanged(QString), as that one does not exist in Qt 6
anymore.
Change-Id: I9a85705484855ae1dc874a81f49d27a50b0dcff7
|
| | |
| |
| |
| |
| | |
Change-Id: I49c285604694c93d37c9d1c7cd6d3b1509858319
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also, change the notion of 'unsupported protocol' for QSslSocket,
previously it was SslV2 and SslV3, now instead it's all versions
of DTLS and UnknownProtocol:
- makes no sense at all to connect using TCP socket and then
suddenly start using DTLS_client/server_method
- UnknownProtocol is not to be set in a configuration,
unknown means that some ciphersuite's protocol version
cannot be established.
- 'disabledProtocols' auto-test becomes 'unsupportedProtocols'
and tests that QSslSocket fails to start encryption if the
protocol version is wrong.
Handling these enumerators (SslV2 and SslV2) as errors
not needed anymore. Removed from QSslContext and our
existing backends (qsslsocket_whatever).
TlsV1SslV3 enumerator is not making any sense at all (previously
was [SSL v3, TLS 1.0], then became "the same as TLS v. 1.0", but
now this name is very confusing. Removed.
Task-number: QTBUG-75638
Task-number: QTBUG-76501
Change-Id: I2781ba1c3051a7791b476266d4561d956948974a
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/codecs/qicucodec.cpp
src/dbus/qdbusserver.cpp
src/gui/painting/qbezier.cpp
src/plugins/platforms/eglfs/deviceintegration/eglfs_kms/qeglfskmsgbmscreen.cpp
src/plugins/printsupport/cups/qppdprintdevice.cpp
Change-Id: I2703128bb64baf5580fbc2c2061b55b0f0611d2a
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/gui/configure.json
src/gui/util/qtexturefilereader.cpp
src/gui/util/util.pri
tests/auto/gui/util/qtexturefilereader/tst_qtexturefilereader.cpp
Change-Id: I2bc4f84705b66099e97330cda68e0b816aceb9cc
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As is said in RFC7301 in section 3.1 [1]:
Protocols are named by IANA-registered, opaque, non-empty byte strings
[...]. Empty strings MUST NOT be included and byte strings MUST NOT be
truncated.
[1]: https://tools.ietf.org/html/rfc7301#section-3.1
Change-Id: I2c41fa99984a53cc58803e5a264d06edac964cc6
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |/ /
| |
| |
| |
| | |
Change-Id: I78913fee6720f6ad9b196824b35de189567340be
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/android/templates/AndroidManifest.xml
src/network/ssl/qsslsocket_mac.cpp
src/widgets/styles/qstylesheetstyle.cpp
tests/auto/corelib/kernel/qtimer/BLACKLIST
tests/auto/testlib/selftests/blacklisted/tst_blacklisted.cpp
tests/auto/testlib/selftests/expected_blacklisted.lightxml
tests/auto/testlib/selftests/expected_blacklisted.tap
tests/auto/testlib/selftests/expected_blacklisted.teamcity
tests/auto/testlib/selftests/expected_blacklisted.txt
tests/auto/testlib/selftests/expected_blacklisted.xml
tests/auto/testlib/selftests/expected_blacklisted.xunitxml
tests/auto/testlib/selftests/expected_float.tap
tests/auto/testlib/selftests/expected_float.teamcity
tests/auto/testlib/selftests/expected_float.txt
tests/auto/testlib/selftests/expected_float.xunitxml
Done-With: Christian Ehrlicher <ch.ehrlicher@gmx.de>
Done-With: Edward Welbourne <edward.welbourne@qt.io>
Done-With: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: If93cc432a56ae3ac1b6533d0028e4dc497415a52
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is similar to a change we approved recently in OpenSSL back-end.
Similar to OpenSSL, not setting the upper limit on protocols allowed
to negotiate/use, neatly ends up with the highest available, which
is ... TLS 1.2 at the moment, but will silently switch to 1.3 etc.
This was also recommended by Apple's engineer who closed a related
bug report with 'Won't do' - "do not limit the max, you'll always
have the real max supported'. Also, while at the moment we do
not allow QSsl::TlsV1_3 and QSsl::TlsV1_3OrLater, if we managed
to negotiate it - report it properly, not as 'Unknown'.
Task-number: QTBUG-67463
Change-Id: I3f46ea525f06edca03259123809f3b7b1191b1ee
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As per RFC 6176 (2011) and RFC 7568 (2015).
Code-wise, we're left with the decision of what to do with a few
enumerators in QSsl::Protocol; I've made TlsV1SslV3 act as TlsV1,
and adjusted the description of AnyProtocol.
A new test was introduced - deprecatedProtocol() - to test that
we, indeed, do not allow use of SSL v2 and v3. protocol() and
protocolServerSide() were reduced to exclude the (now) no-op
and meaningless tests - neither client nor server side can
start a handshake now, since we bail out early in initSslContext().
[ChangeLog][QtNetwork][SSL] Support for SSLv2 and SSLv3
sockets has been dropped, as per RFC 6176 (2011)
and RFC 7568 (2015).
Change-Id: I2fe4e8c3e82adf7aa10d4bdc9e3f7b8c299f77b6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| |
| |
| |
| | |
Change-Id: I3cfcfba892ff4a0ab4e31f308620b445162bb17b
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/io/qdir.cpp
src/corelib/kernel/qtimer.cpp
src/corelib/kernel/qtimer.h
Done-With: Edward Welbourne <edward.welbourne@qt.io>
Change-Id: I683d897760ec06593136d77955f8bc87fdef3f9f
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
1. Remove the conditional inclusion of DTLS versions, they made difficult
and unnecessary ugly adding new protocols (something like TlsV1_2OrLater + 4).
2. OpenSSL 1.1.1 first introduced TLS 1.3 support. OpenSSL 1.1 back-end is
compatible with OpenSSL 1.1.1, but would fail to extract/report protocol
versions and set versions like 'TLS 1.3 only' or 'TLS 1.3 or better' on a
new context. Given 1.1.1 is deployed/adapted fast by different distros,
and 5.12 is LTS, we fix this issue by introducing QSsl::Tls1_3 and
QSsl::Tls1_3OrLater.
SecureTransport, WinRT and OpenSSL below 1.1.1 will report an error in case
the application requests this protocol (SecureTransport in future will
probably enable TLS 1.3).
Saying all that, TLS 1.3 support is experimental in QSslSocket.
Done-by: Albert Astals Cid <albert.astals.cid@kdab.com>
Done-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: I4a97cc789b62763763cf41c44157ef0a9fd6cbec
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
| |/
|
|
|
|
|
|
|
|
| |
It's needed to generate a pkcs12/pfx bundle from our
certificate chains which are then imported into a certificate
store in Schannel and then passed to various Schannel API.
Change-Id: Idb88f42f2aa15eb91c52404ee6c57bf43e983379
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Testing barely 10.13 seems to be insuficcient: we have developers working
on macOS 10.12 with SDK 10.13, but apparently they cannot update to the
latest SDK 10.13. We can try to be more specific and use __MAC_10_13_4.
Task-number: QTBUG-70757
Change-Id: I083d51f1a945f63f0413792387475341ecb96118
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Andy Maloney <asmaloney@gmail.com>
|
| |
|
|
|
|
|
|
| |
And reflow the text where it exceeds the 100 column limit.
Change-Id: I0d270c6a74a4c6ecba30e4e4d38a5d8f2cf81040
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
| |
As discussed/proposed previously: remove the duplicated code when converting the
native certificate representation into QSslCertificate (configuration.peerCertificate).
Also, use the correct integer type when iterating - CFIndex is actually long, not int.
Change-Id: Ia6f43172e21b5153a93f1ef2589980d68ec2b39f
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |\
| |
| |
| | |
refs/staging/dev
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
.qmake.conf
src/corelib/doc/src/objectmodel/signalsandslots.qdoc
src/plugins/platforms/cocoa/qcocoamenuloader.mm
src/plugins/platforms/xcb/qxcbconnection.cpp
src/plugins/platforms/xcb/qxcbconnection.h
src/plugins/platforms/xcb/qxcbconnection_xi2.cpp
src/plugins/platforms/xcb/qxcbwindow.cpp
tests/auto/gui/image/qimage/tst_qimage.cpp
Done-with: Gatis Paeglis <gatis.paeglis@qt.io>
Change-Id: I9bd24ee9b00d4f26c8f344ce3970aa6e93935ff5
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It appears that by default our keychain auto-locks when the
system sleeps. This makes the keychain totally useless, since
its password is a random 256 bytes our user never has a chance
to know. Thanks to Mårten for the hint about SecKeychainSetSettings,
the way to properly fix it.
Task-number: QTBUG-69677
Change-Id: I2603c26b8422a1bcace3336e9b4ebe0381c952d7
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also remove unneeded and now wrong check (was marked with TODO)
which was a copy and paste from OpenSSL counterpart. There, testing
if peerCertificateChain.isEmpty() makes sense, since there we
potentially call storePeerCertificates() twice during the handshake.
Change-Id: I946e6876adb3f9504e93c06ac90ff36dd44aca4c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After a handshake was completed, TLS socket is in 'connectionEncrypted' state.
So on a read notification, in 'transmit', we call 'SSLRead' to read supposedly
encrypted application data or TLS internal messages. In case SSLRead finds either
ClientHello or HelloRequest from a server, it attempts in a rather sneaky manner
to renegotiate. And as it happens here and there with SecureTransport, SSLRead
fails and the work is only half-done, since we have kSSLSessionOptionBreakOnServerAuth
and kSSLSessionOptionBreakOnCertRequested options set to 'true'. We end up with
completely unexpected errors like errSSLClientCertRequested or errSSLPeerAuthCompleted
(yes, this is so normal and totally expected for 'SSLRead' function to verify
certificates and WRITE messages, no need to document this at all!).
If SecureTransport is sneaky, so can be us:
- in a read callback SecureTransport is probing the type of record
and we can notice a sudden session state change - it goes from
kSSLConnected (which is set upon handshake completion) to
kSSLHandshake (which means a (re)handshake is ongoing);
- if this is the case - we lie to SecureTransport about the amount
of data available (0 bytes), set 'renegotiating' to 'true', return
errSSLWouldBlock;
- in 'transmit', if SSLRead returns errSSLWouldBlock and 'renegotiating'
was set, we call 'startHandshake' until isHandshakeComplete() == true
or some error encountered.
[ChangeLog][QtNetwork][QSslSocket] Implement renegotiation for SecureTransport backend
Task-number: QTBUG-69420
Change-Id: Iaab1336aa3abf3f6ac94b358f3142d2738a18ee9
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Initially macOS SDK 10.13 had a missing symbol (only a function declaration
in a header), while iOS, tvOS and watchOS SDKs all had the required symbol. Now
it appears more recent SDK for macOS also has the function we need and thus we enable
ALPN on macOS (as a result 'h2' protocol can now be negotiated as required by
RFC 7540).
[ChangeLog][QtNetwork][QSslSocket] Enable ALPN (and thus HTTP/2 negotiation) in SecureTransport backend (macOS).
Change-Id: I65bd8262a9571a5495d11f7f5a29d150334cd09c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |/
|
|
|
|
|
|
|
|
| |
No need in ugly macro ioErr and if-ery, no need in generic noErr.
SecureTransport has its own, more specific error codes: errSecIO
and errSecSuccess (which have the equivalent values).
Change-Id: Ifd99fbcbee290fe27caa0c258923f4527c047ba8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
.qmake.conf
sc/corelib/io/qfsfileengine_p.h
src/corelib/io/qstorageinfo_unix.cpp
src/platformsupport/eglconvenience/qeglpbuffer_p.h
src/platformsupport/input/libinput/qlibinputkeyboard.cpp
src/platformsupport/input/libinput/qlibinputpointer.cpp
src/plugins/platforms/cocoa/qcocoamenu.mm
src/plugins/platforms/ios/qiosscreen.h
src/plugins/platforms/ios/qioswindow.h
src/plugins/platforms/ios/quiview.mm
src/printsupport/dialogs/qpagesetupdialog_unix_p.h
src/printsupport/dialogs/qprintpreviewdialog.cpp
src/printsupport/widgets/qcupsjobwidget_p.h
src/widgets/widgets/qmenu.cpp
tests/auto/corelib/tools/qdatetime/tst_qdatetime.cpp
tests/auto/widgets/itemviews/qtreeview/tst_qtreeview.cpp
Change-Id: Iecb4883122efe97ef0ed850271e6c51bab568e9c
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
.qmake.conf
mkspecs/win32-g++/qmake.conf
src/corelib/global/qglobal_p.h
src/corelib/global/qoperatingsystemversion_p.h
src/corelib/io/qfilesystemengine_win.cpp
src/network/bearer/qbearerengine.cpp
src/platformsupport/input/libinput/qlibinputpointer.cpp
src/sql/doc/snippets/code/doc_src_sql-driver.cpp
src/widgets/kernel/qwidget_p.h
src/widgets/kernel/qwidgetwindow.cpp
src/widgets/styles/qfusionstyle.cpp
tests/auto/corelib/io/qfileinfo/tst_qfileinfo.cpp
Change-Id: I80e2722f481b12fff5d967c28f89208c0e9a1dd8
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We set anchors from QSslConfiguration::caCertificates. On macOS these
anchors are by default copied from the system store, so I expected
setting 'trust those anchors only' should not break anything.
Somehow, on 10.11 SecTrustEvaluate fails to evaluate a valid
certificate chain (apparently because it has an intermediate
certificate, it's just a guess, since their API/docs are too poor
to explain well what was the real cause) as I can see connecting,
for example, to google.com - we have a chain with a valid root,
say it's GetTrust CA and we have it also in our list of anchors we set
on trust, but evaluation fails with: kSecTrustResultRecoverableTrustFailure:
"This means that you should not trust the chain as-is, but that
the chain could be trusted with some minor change to the evaluation
context, such as ignoring expired certificates or adding an
additional anchor to the set of trusted anchors."
Since none of certs is expired, and the required anchor already set,
this must be some bug in SecureTransport. For macOS (deployment
target) < 10.12 we fallback to the original version of the code
(the one that unfortunately does not allow us to limit the set
of trusted anchors by what client code wants to trust).
Change-Id: Ie42fd77c3eb6ef7469812aa0d7efff88a003c0b8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The verifySessionProtocol() method in the SecureTransport backend did not
properly handle TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater.
This commit teaches verifySessionProtocol() about them.
It also adds TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater to the
protocolServerSide() test in tst_qsslsocket.
Backport from 5.10 to 5.9 (LTS).
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 9c765522d1c4f8090b5f5d391b1740fc4bd67664)
Change-Id: I58c53bdf43e0f19b4506f3696d793f657eb4dc6f
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Starting from iOS 11.0 (SDK) Apple has exposed two new functions:
SSLSetALPNProtocols and SSLCopyALPNProtocols. This allows us to
negotiate http/2 (and any other application layer protocol) via TLS on
iOS. Unlike OpenSSL, SecureTransport's version is very limited - we
have to compare protocols manually after the SSL handshake has
finished. Still, this is better than nothing. These two functions are
also declared in macOS SDK starting from 10.13, but unfortunately the
symbols are missing and for now this feature is only enabled on iOS.
Change-Id: I3ed2f287bfa864f8aca0c231171e804f7d6b8016
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/plugins/platforms/windows/qwindowsmousehandler.cpp
src/plugins/platforms/xcb/qxcbimage.cpp
tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
tests/manual/qtabletevent/regular_widgets/main.cpp
Done-with: Friedemann Kleint<Friedemann.Kleint@qt.io>
Done-with: Mårten Nordheim<marten.nordheim@qt.io>
Change-Id: I5b2499513a92c590ed0756f7d2e93c35a64b7f30
|
| | |\|
| | |
| | |
| | | |
Change-Id: I3cf73c53cf131d0babfb558c2507bed0e0fc5f08
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Unique begins with a "y" sound, hence a unique is correct.
Change-Id: I9eb6b4d4c9ddab45af931e97c041c24edf163eca
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remaining uses of Q_NULLPTR are in:
src/corelib/global/qcompilerdetection.h
(definition and documentation of Q_NULLPTR)
tests/manual/qcursor/qcursorhighdpi/main.cpp
(a test executable compilable both under Qt4 and Qt5)
Change-Id: If6b074d91486e9b784138f4514f5c6d072acda9a
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
.qmake.conf
Change-Id: I43531e087bb810889d5c1fbfcdffb29b78804839
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I noticed we never release 'items' imported by SecPKCS12Import.
But looking at the actual code (SecImportExport.c), it appears
we own these 'items' and must release them. And this leads to a crash
(on over-release) which reveals another bug: a value from a dictionary
obtained with 'Get' method should follow the 'get rule' - we do not
own it and QCFType RAII object is not needed.
Change-Id: I219015fadedb256c401e50cf7e955f3d7e0a6c5f
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/io/qprocess_unix.cpp
src/corelib/io/qprocess_win.cpp
src/plugins/platforms/android/qandroidplatformintegration.h
src/plugins/platforms/windows/qwindowscontext.cpp
src/plugins/platforms/windows/windows.pri
src/tools/uic/cpp/cppwriteinitialization.cpp
src/widgets/doc/src/widgets-and-layouts/gallery.qdoc
Change-Id: I8d0834c77f350ea7540140c2c7f372814afc2d0f
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That's the only place there we can potentially pass a null pointer
to CFArrayAppendValue (all other calls are conditionally-protected).
This results in (surprise! ... ?) Objective-C exception (while we call
something that is a pure-C API). So far we cannot reproduce this crash and
can only speculate: probably this happens with invalid (can be either
really invalid or the result of our generic QSslCertificate's failure to read/
parse)) custom CA certificates appended to a QSslConfiguration object by
applications using QSslSocket/QNAM. The fix will probably make a handshake to
fail, but this seems to be better than a crash anyway.
Task-number: QTBUG-58213
Change-Id: Ie4f9ab2138bc383adc9f9ed55ed61be2d3cf7020
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
src/widgets/widgets/qmenu.cpp
Change-Id: I6d3baf56eb24501cddb129a3cb6b958ccc25a308
|
