| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Since we're going to split QMutex and QRecursiveMutex into
separate classes, make sure QMutexLocker is prepared for that.
Change-Id: Id5e9a955d1db7c8ee663dd3811ad6448dad0aeae
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Remove a useless forward declaration of a non-existing class.
2. Simplify the cipher filtering.
3. A missing private key (when local cert is present) found
by the Qt, not OpenSSL, so no need in asking OpenSSL for errors
in queue.
3. Fix a potential double-free (for opaque keys).
4. read/write BIOs normally owned by SSL object, but if
we fail to allocate any of them, we return early,
potentially failing to free the one that was allocated.
Change-Id: Ifb52fbc9fd1a38f101bd7ff02e79b82d6eb7e5b0
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently it is possible to compare a QSslError with a
QSslError::SslError because QSslError has an implicit
constructor. But the comparison often fails because
a QSslError received from the system contains a
certificate.
[ChangeLog][QtNetwork][QSslError] The constructor
QSslError(QSslError::SslError error) is now explicit.
Change-Id: I36cc5895245d3b43ab4b8d65a9635893d6b0e6a4
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
The CA fetcher on Windows works on a separate thread, it can take
quite some time to finish its job and if a connection was meanwhile
closed (via 'abort', 'close' or 'disconnectFromHost') but the socket
is still alive/re-used - we don't want to be fooled by the previous
fetch 'finished' signal, only if it's fetching for the same certificate.
Change-Id: Ibd0a70000ad10cff10207d37d7b47c38e615d0f1
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If QSslConfiguration::setCaCertificates is set to empty list openssl
cannot verify the OCSP-Response.
Qt will provide it as QSslError::OcspResponseCannotBeTrusted that can be
ignored. But the openssl error is still in the error queue and prevents
a successful reply in QNetworkReply::finished.
So let's clear the queue after OCSP checking to avoid side affects.
Change-Id: I44a7f45a2eebd20ea86a235a0534f80986c40a26
Fixes: QTBUG-85638
Pick-to: 5.15
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
| |
This is required to remove the ; from the macro with Qt 6.
Task-number: QTBUG-82978
Change-Id: I3f0b6717956ca8fa486bed9817b89dfa19f5e0e1
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Not to pollute the global namespace with rather generic names
(especially in case QT_NAMESPACE is none); also drop the
(now)redundant 'Q' prefix in the names.
Change-Id: I57ea7e3996cced705f7ddbdbc1e0231191b31c43
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-84469
Change-Id: I7827da68e73ca8ff1e599c836f2157894c452b63
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
They were deprecated with replacements in QSslConfiguration proposed (and
some without alternative, which we'll provide if there is any demand
in such an API). Special thanks to M.N. for a nice hint on how to
amend the test without introducing a new API.
Change-Id: I7841a5b3f30469d8204b61cb65921c34275e0650
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
| |
Task-number: QTBUG-84319
Change-Id: I0f4e83c282b58ab4cc5e397b21981978f79d92cf
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case a certificate chain is missing an intermediate,
for a certificate having "Authority Information Access"
extension it's possible to fetch this intermediate and
build the chain up to the trusted root. Unfortunately,
it's not always possible to install the root certificate
in the system "ROOT" store and then an application
wants to set it in the socket's configuration,
using setCaCertificates(). But this call also
disables CA fetcher ('no on demand root loading').
It makes sense to relax this logic for such
certificates and try to fetch the intermediate CA
and then have the complete chain verified.
Pick-to: 5.15
Fixes: QTBUG-84173
Change-Id: I5b9b4271767eba6f5fd2b5cf05e942360c6aa245
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
| |
If we already know the certificate, there is no need in adding it again.
This function is deprecated, but will stay forever in 5.15.
Pick-to: 5.15
Change-Id: I760f5bcffea78ac02c5643ee1112725edd32f15a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DSA/DH/etc _bits functions were first deprecated, then un-deprecated,
so we don't worry about them for now. SSL_CTX_load_verify_location was deprecated
and two new functions were introduced instead (one using file, the second
- path). It's unfortunately 3.0 only, so we have to check OpenSSL version.
DH_check is deprecated and we have to use EVP_PKEY_param_check with
tons of a boilerplate code around.
Fixes: QTBUG-83733
Pick-to: 5.15
Change-Id: Icd401ab6aad30c23c37443c7bc82c702fb843640
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/widgets/widgets/qabstractbutton.cpp
src/widgets/widgets/qbuttongroup.cpp
src/widgets/widgets/qbuttongroup.h
src/widgets/widgets/qsplashscreen.cpp
tests/auto/widgets/widgets/qbuttongroup/tst_qbuttongroup.cpp
tests/benchmarks/opengl/main.cpp
Needed update:
src/plugins/platforms/cocoa/CMakeLists.txt
Change-Id: I7be4baebb63844ec2b3e0de859ca9de1bc730bb5
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Do not call SSL_shutdown on a session that is in handshake state (SSL_in_init(s)
returns 1). Also, do not call SSL_shutdown if a session encountered a fatal
error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown
was unsuccessful (returned code != 1), we have to clear the error(s) it queued.
Fixes: QTBUG-83450
Change-Id: I6326119f4e79605429263045ac20605c30dccca3
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
examples/opengl/doc/src/cube.qdoc
src/corelib/global/qlibraryinfo.cpp
src/corelib/text/qbytearray_p.h
src/corelib/text/qlocale_data_p.h
src/corelib/time/qhijricalendar_data_p.h
src/corelib/time/qjalalicalendar_data_p.h
src/corelib/time/qromancalendar_data_p.h
src/network/ssl/qsslcertificate.h
src/widgets/doc/src/graphicsview.qdoc
src/widgets/widgets/qcombobox.cpp
src/widgets/widgets/qcombobox.h
tests/auto/corelib/tools/qscopeguard/tst_qscopeguard.cpp
tests/auto/widgets/widgets/qcombobox/tst_qcombobox.cpp
tests/benchmarks/corelib/io/qdiriterator/qdiriterator.pro
tests/manual/diaglib/debugproxystyle.cpp
tests/manual/diaglib/qwidgetdump.cpp
tests/manual/diaglib/qwindowdump.cpp
tests/manual/diaglib/textdump.cpp
util/locale_database/cldr2qlocalexml.py
util/locale_database/qlocalexml.py
util/locale_database/qlocalexml2cpp.py
Resolution of util/locale_database/ are based on:
https://codereview.qt-project.org/c/qt/qtbase/+/294250
and src/corelib/{text,time}/*_data_p.h were then regenerated by
running those scripts.
Updated CMakeLists.txt in each of
tests/auto/corelib/serialization/qcborstreamreader/
tests/auto/corelib/serialization/qcborvalue/
tests/auto/gui/kernel/
and generated new ones in each of
tests/auto/gui/kernel/qaddpostroutine/
tests/auto/gui/kernel/qhighdpiscaling/
tests/libfuzzer/corelib/text/qregularexpression/optimize/
tests/libfuzzer/gui/painting/qcolorspace/fromiccprofile/
tests/libfuzzer/gui/text/qtextdocument/sethtml/
tests/libfuzzer/gui/text/qtextdocument/setmarkdown/
tests/libfuzzer/gui/text/qtextlayout/beginlayout/
by running util/cmake/pro2cmake.py on their changed .pro files.
Changed target name in
tests/auto/gui/kernel/qaction/qaction.pro
tests/auto/gui/kernel/qaction/qactiongroup.pro
tests/auto/gui/kernel/qshortcut/qshortcut.pro
to ensure unique target names for CMake
Changed tst_QComboBox::currentIndex to not test the
currentIndexChanged(QString), as that one does not exist in Qt 6
anymore.
Change-Id: I9a85705484855ae1dc874a81f49d27a50b0dcff7
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We don't support 1.0 any more, and 1.1.0 has reached EOL.
Bump to 1.1.1 so we can freely use its APIs.
[ChangeLog][QtNetwork][SSL] The minimum required version
of OpenSSL is now 1.1.1.
Change-Id: I5cfb6672fadfa48aedaefbcd6a954aa9eb85bfa5
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
|\|
| |
| |
| | |
Change-Id: If36d96c0fef3de5ab6503977501c55c62a2ecc97
|
| |
| |
| |
| |
| |
| |
| |
| | |
The Qt version was added in 5.14 "for use as eventual replacement for
QString::SplitBehavior." Move another step closer to that goal.
Change-Id: I399b5ea56e9255e775ca1746632f7421519a6616
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
|\|
| |
| |
| | |
Change-Id: I469b0501cc65fc5ce4d797a69ae89405cc69c7f8
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 94b3dd77f29a00ebbd1efdc66d75f57e1c75b152.
The patch fixes ambiguity between a getter and a signal by changing the
getter name, but we still have to rename the signal to follow the signals
naming convention.
Revert the commit to keep the getter as is and change the signal name instead.
Change-Id: I0dd60cf1ae9d1bd95beeb8ad58661ca4b1fb63b9
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
examples/widgets/graphicsview/boxes/scene.h
src/corelib/Qt5CoreMacros.cmake
src/corelib/Qt6CoreMacros.cmake
src/network/ssl/qsslsocket.cpp
src/network/ssl/qsslsocket.h
src/platformsupport/fontdatabases/windows/qwindowsfontenginedirectwrite.cpp
src/testlib/CMakeLists.txt
src/testlib/.prev_CMakeLists.txt
tests/auto/corelib/tools/qscopeguard/tst_qscopeguard.cpp
Disabled building manual tests with CMake for now, because qmake
doesn't do it, and it confuses people.
Done-With: Alexandru Croitor <alexandru.croitor@qt.io>
Done-With: Volker Hilsheimer <volker.hilsheimer@qt.io>
Change-Id: I865ae347bd01f4e59f16d007b66d175a52f1f152
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The session we cache at the end of a handshake is non-resumable
in TLS 1.3, since NewSessionTicket message appears quite some time
after the handshake was complete. OpenSSL has a callback where
we can finally obtain a resumable session and inform an application
about session ticket updated by emitting a signal. Truism: OpenSSL-only.
[ChangeLog][QtNetwork] A new signal introduced to report when a valid session ticket received (TLS 1.3)
Fixes: QTBUG-81591
Change-Id: I4d22fad5cc082e431577e20ddbda2835e864b511
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\|
| |
| |
| |
| |
| |
| | |
Conflicts:
tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
Change-Id: I4d3041fa291a918c774ffa5eb5c8792a0966451d
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The one that is a getter for the last error found. This is to disambiguate
the expression '&QAbstractSocket::error'. Introduce a new member-function
socketError as a replacement.
[ChangeLog][Deprecation Notice] QAbstractSocket::error() (the getter) is deprecated; superseded by socketError().
Task-number: QTBUG-80369
Change-Id: Ia2e3d108657aaa7929ab0810babe2ede309740ba
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|\|
| |
| |
| | |
Change-Id: I4134c0c6b6c9911950f58b3b5c86e789d28a185b
|
| |\
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/corelib/serialization/qcborvalue.cpp
Change-Id: I675a3029955c96e81a33ed9d98b72b55b6784b52
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Introduced by fe6e54fb1f5cda652b9489f740763f8d735621dd. The probability -> 0,
meaning malloc must fail to trigger it, but it is still a leak. We now use
std::unique_ptr which improves the code in general a bit and fixes a leak.
Change-Id: I6c0fa36953196d3235fb60354dc9ad2396d8dfcb
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1. Add a new verification callback. This gives an option
to report errors directly from this callback (by emitting
handshakeInterruptedOnError()). This allows an application
to explain to its peer why the handshake was interrupted (by
sending a corresponding alert message).
2. This also means we want to notice such alerts (in Qt,
from the application's point of view, they are mostly
informational only, no interaction is required). So we
also introduce a new 'info callback', that can notice alert
messages read or written. We also introduce two new enums
describing the level and type of an alert message. QSslSocket
gets three new signals (for incoming/outgoing alerts and
verification errors found early).
3. In case we requested a certificate, but the peer provided
none, we would previously abruptly close the connection without
a proper alert message (and such a situation is not handled
by any verification callbacks, since there is no certificate(s)
to verify essentially). So we now introduce a new verification
option that maps to what OpenSSL calls 'SSL_VERIFY_FAIL_IF_NO_PEER_CERT'.
This way, the proper alert will be generated.
Fixes: QTBUG-68419
Change-Id: I5d1e9298b4040a2d4f867f5b1a3567a2253927b8
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also, change the notion of 'unsupported protocol' for QSslSocket,
previously it was SslV2 and SslV3, now instead it's all versions
of DTLS and UnknownProtocol:
- makes no sense at all to connect using TCP socket and then
suddenly start using DTLS_client/server_method
- UnknownProtocol is not to be set in a configuration,
unknown means that some ciphersuite's protocol version
cannot be established.
- 'disabledProtocols' auto-test becomes 'unsupportedProtocols'
and tests that QSslSocket fails to start encryption if the
protocol version is wrong.
Handling these enumerators (SslV2 and SslV2) as errors
not needed anymore. Removed from QSslContext and our
existing backends (qsslsocket_whatever).
TlsV1SslV3 enumerator is not making any sense at all (previously
was [SSL v3, TLS 1.0], then became "the same as TLS v. 1.0", but
now this name is very confusing. Removed.
Task-number: QTBUG-75638
Task-number: QTBUG-76501
Change-Id: I2781ba1c3051a7791b476266d4561d956948974a
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL 1.0.2 will stop receiving all support at the end
of 2019. Qt 5.15 is our next LTS thus makes sense remove
OpenSSL 1.0.2 support there. This also allows us quite
a significant cleanup of an old heavily if-defed code
and all 'pre11' suffixed source files.
[ChangeLog][QtNetwork][SSL] Removed OpenSSL 1.0.x support, now 1.1.x is required
Change-Id: I70c70c56cbd8aeff793afe793335696d1b1b7408
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|\
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/network/ssl/qsslsocket_openssl.cpp
src/platformsupport/vkconvenience/qvkconvenience.cpp
Change-Id: I97ce6ed185f7fdad8102cc58d3cfec0119fd7bb4
|
| |
| |
| |
| |
| |
| |
| | |
not to resolve merge conflicts on every 5.13->dev merge.
Change-Id: Id41a7efff52148fe46bedcde828646694fd1764d
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
.qmake.conf
src/network/ssl/qsslsocket_openssl.cpp
Done-With: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: Ibb57a0548b4977797b400637487a56245ac1c024
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/corelib/io/qstorageinfo_unix.cpp
src/network/ssl/qsslsocket_openssl.cpp
Change-Id: Ibc9ce799bef62d60d616beaa9fbde8ebeadfbc20
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
and also plain wrong comments: since we don't set verification callback
on a store - we don't have to lock (our q_X509Callback never gets called).
This change should simplify the merge with change I have in 5.12 (where
I completely got rid of locking). Since I don't care about exact errors
found (relying on the fact it's the same chain of certs we check in
SSL_connect/SSL_accept), for now we don't try to extract them from
OCSP_basic_verify. In fufure, if these chains are different, we
can create a temporary store (see how it's done in 'verify', for example)
and set a VF callback on this store.
Change-Id: I4a36e19836d19c2ea95c869dcfe85f49fe723ff0
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If this callback is not set then OpenSSL will call the callback
used for <= TLS 1.2 unconditionally when connecting. If using PSK it
will call it again later once the preshared key is needed.
We don't currently handle the TLSv1.3 PSK, but we definitely should.
But for now we can work around it - when psk_use_session_callback is
called we simply change the PSK callback to a dummy function whose only
purpose is to restore the old callback.
This is mostly done to keep behavior the same as it is now for users
(and to keep our tests running).
Later we can add a new signal and handle this new feature properly.
Reviewed-by: Simo Fält <simo.falt@qt.io>
(cherry picked from commit d8efc8d718e3b3a0464f321e740541f5b221a5d6)
Task-number: QTBUG-67463
Change-Id: I4aca4ae73ec4be7c4f82a85e8864de103f35a834
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
.qmake.conf
src/gui/painting/qdrawhelper.cpp
src/gui/text/qdistancefield.cpp
src/gui/text/qdistancefield_p.h
src/network/ssl/qsslsocket_openssl.cpp
src/plugins/platforms/android/qandroidinputcontext.cpp
src/widgets/styles/qstylesheetstyle.cpp
Done-With: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: Ia7daad21f077ea889898f17734ec46303e71fe6b
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When our QSslSocketBackendPrivate (OpenSSL backend) was developed,
the ancient versions of OpenSSL did not have an API needed to pass
an application-specific data into verification callback. Thus the
developers resorted to the use of global variables (a list with errors)
and locks. Some of our auto-tests use QNAM and in-process server.
Whenever the client (essentially qhttpthreadeddelegate) and the server
live in different threads, any use of 'https' is dead-lock prone,
which recent events demonstrated and which were previously observed
but not understood properly (rare occasions, not always easy to
reproduce). Now we fix this for good by removing locking.
There are two places (in 5.12) where these locks are needed:
1. Before calling SSL_connect/SSL_accept (handshake) - here
we reuse the same trick we do in PSK callback ('SSL' has
an external data set, and it's 'this', meaning an object
of type QSslSocketBackendPrivate).
2. The static member function 'verify', here we do not have
'SSL', but we have our temporary 'X509_STORE', to which
we can directly attach an external data - a pointer to
a vector to collect verification errors.
Note, this change assumes that OpenSSL Qt is build/linked
against is at least of version 1.0.1 - we set external data
on SSL unconditionally (no version checks).
Fixes: QTBUG-76157
Change-Id: I05c98e77dfd5fb0c2c260fb6c463732facf53ffc
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If this callback is not set then OpenSSL will call the callback
used for <= TLS 1.2 unconditionally when connecting. If using PSK it
will call it again later once the preshared key is needed.
We don't currently handle the TLSv1.3 PSK, but we definitely should.
But for now we can work around it - when psk_use_session_callback is
called we simply change the PSK callback to a dummy function whose only
purpose is to restore the old callback.
This is mostly done to keep behavior the same as it is now for users
(and to keep our tests running).
Later we can add a new signal and handle this new feature properly.
Task-number: QTBUG-67463
Change-Id: I4aca4ae73ec4be7c4f82a85e8864de103f35a834
Reviewed-by: Simo Fält <simo.falt@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Semi-automated, just needed ~20 manual fixes:
$ find \( -iname \*.cpp -or -iname \*.h \) -exec perl -pe 's/(\.|->)load\(\)/$1loadRelaxed\(\)/g' -i \{\} +
$ find \( -iname \*.cpp -or -iname \*.h \) -exec perl -pe 's/(\.|->)store\(/$1storeRelaxed\(/g' -i \{\} +
It can be easily improved (e.g. for store check that there are no commas
after the opening parens). The most common offender is QLibrary::load,
and some code using std::atomic directly.
Change-Id: I07c38a3c8ed32c924ef4999e85c7e45cf48f0f6c
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| | |
in a comment.
Change-Id: I10252b2e732636993daba6b72ed86116691f2030
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
as proposed in the API review.
Change-Id: I607a38d24d533da59fc0d33dac886fa7693ed6c8
Fixes: QTBUG-73739
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/android/templates/AndroidManifest.xml
src/network/ssl/qsslsocket_mac.cpp
src/widgets/styles/qstylesheetstyle.cpp
tests/auto/corelib/kernel/qtimer/BLACKLIST
tests/auto/testlib/selftests/blacklisted/tst_blacklisted.cpp
tests/auto/testlib/selftests/expected_blacklisted.lightxml
tests/auto/testlib/selftests/expected_blacklisted.tap
tests/auto/testlib/selftests/expected_blacklisted.teamcity
tests/auto/testlib/selftests/expected_blacklisted.txt
tests/auto/testlib/selftests/expected_blacklisted.xml
tests/auto/testlib/selftests/expected_blacklisted.xunitxml
tests/auto/testlib/selftests/expected_float.tap
tests/auto/testlib/selftests/expected_float.teamcity
tests/auto/testlib/selftests/expected_float.txt
tests/auto/testlib/selftests/expected_float.xunitxml
Done-With: Christian Ehrlicher <ch.ehrlicher@gmx.de>
Done-With: Edward Welbourne <edward.welbourne@qt.io>
Done-With: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: If93cc432a56ae3ac1b6533d0028e4dc497415a52
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL 1.1.0 and higher requires SSL_shutdown to mark a
session as resumable.
QHttpNetworkConnection/Channel tries to re-use one shared SSL
context (and the session) for its 'channels'. The session is
marked as non-resumable without shutdown sent/received.
This makes it useless for QHttpNetworkConnection.
See: https://github.com/openssl/openssl/issues/1550
Fixes: QTBUG-71967
Change-Id: Iaaceb18c4c5a090f997f9850981a27f04f1f8b06
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Alas, we have to do the job ossl_typ.h failed to - undef macros
coming from wincrypt.h (?) and clashing with identifiers/naming
conventions not exactly very wisely chosen by OpenSSL.
Change-Id: I1725c4f769be64dbb391d040b2c1574b20b65151
Fixes: QTBUG-73322
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If later we try to introduce multiple ocsp support, the API returning
a single response will be somewhat broken and illogical/not clear
how to use at all. Let's return a vector of responses (for now it's
one, can change in future). This makes isNull() redundant on a
response, also, we now need 'subject' - a cert that response was for.
Change-Id: Ibbd9dec163b53906b2fd61fa31c43db7d08adc4d
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
about why a certificate was revoked (if it was) and the responder's
certificate, if we managed to verify a signature, as was previously
shortly discussed in the 'OCSP stapling' patch-set. Auto-test update
will be in a separate patch.
[ChangeLog][QtNetwork][Ssl] Added class QOcspResponse as a part of
OCSP stapling support.
Change-Id: I4e17fb6fc4c3dae0b8ad04ff2897a4823736d16e
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| | |
We require OpenSSL >= 1.0 now.
Change-Id: I6ffe8b2dd606d600671565ebc8bc8ac2b9e0d6c2
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As per RFC 6176 (2011) and RFC 7568 (2015).
Code-wise, we're left with the decision of what to do with a few
enumerators in QSsl::Protocol; I've made TlsV1SslV3 act as TlsV1,
and adjusted the description of AnyProtocol.
A new test was introduced - deprecatedProtocol() - to test that
we, indeed, do not allow use of SSL v2 and v3. protocol() and
protocolServerSide() were reduced to exclude the (now) no-op
and meaningless tests - neither client nor server side can
start a handshake now, since we bail out early in initSslContext().
[ChangeLog][QtNetwork][SSL] Support for SSLv2 and SSLv3
sockets has been dropped, as per RFC 6176 (2011)
and RFC 7568 (2015).
Change-Id: I2fe4e8c3e82adf7aa10d4bdc9e3f7b8c299f77b6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|