summaryrefslogtreecommitdiffstats
path: root/src/network/ssl/qsslsocket_openssl_p.h
Commit message (Collapse)AuthorAgeFilesLines
* QSslSocketBackendPrivate - avoid recursion while handing errorsTimur Pocheptsov2018-07-121-0/+2
| | | | | | | | | | | | | | | | | The logic seems to be simple - if client code on error signal tries to close TLS socket and this socket has buffered data, it calls 'flush' and 'transmit' or even 'startHandshake' as a result, which in turn will set and emit error again. To auto- test this, we initiate a handshake with pre-shared key hint on a server side and both client/server sockets incorrectly configured (missing PSK signals). We also do early write into the client socket to make sure it has some data buffered by the moment we call 'close'. Task-number: QTBUG-68089 Task-number: QTBUG-56476 Change-Id: I6ba6435bd572ad85d9209c4c81774a397081b34f Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* QtNetwork: Fix and streamline translations of QDtlsFriedemann Kleint2018-06-281-0/+2
| | | | | | | | | | | | | | | - Use %-placeholder formatting instead of string concatenation for messages of the form "XX failed: %1" - Introduce helper functions for duplicate messages - Introduce helper function for message reporting function failures to avoid duplication - Extract helper function for reporting SSL handshake errors Complemements ac583b686d0677517e7f8a10ce4e79c7fe227ccf. Change-Id: Iaf6c158ca8086d0b17a3e3c51955707734829615 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* Move QWindowsCaRootFetcher to its own fileMårten Nordheim2018-03-231-17/+0
| | | | | | | In preparation for its usage in QDtls. Change-Id: I7b28ac060e350228839461dc027c809af9ff73a4 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* Replace Q_DECL_OVERRIDE with override where possibleKevin Funk2017-09-191-9/+9
| | | | | | | | | | | | | | | | Remaining uses of Q_DECL_OVERRIDE are in: src/corelib/global/qcompilerdetection.h src/corelib/global/qglobal.cpp doc/global/qt-cpp-defines.qdocconf (definition and documentation of Q_DECL_OVERRIDE) tests/manual/qcursor/qcursorhighdpi/main.cpp (a test executable compilable both under Qt4 and Qt5) Change-Id: Ib9b05d829add69e98a86238274b6a1fcb19b49ba Reviewed-by: Lars Knoll <lars.knoll@qt.io> Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io> Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
* QSslSocket: OpenSSL 1.1 backendRichard J. Moore2017-07-041-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch-set implements a new QSslSocket backend based on OpenSSL 1.1. 1. General. The code in this patch was organized to achieve these (somewhat contradicting) objectives: - keep the new code free of #if-ery, as far as possible; - make it easy to clean away dead code when we're eventually able to retire out-dated OpenSSL versions; - reduce the amount of code duplication. If changes in some file/component were insignificant (~5 one-liners per file), we still use pp-checks like: #if QT_CONFIG(opensslv11) ... #else ... #endif - the logic is simple and it's still easy to clean the code if we remove the legacy back-end. Where it saved #if-ery, we also introduced 'forward-compatible' macros implementing equivalents of 1.1 functions using older OpenSSL. In case some class contains a lot of version-specific ifdefs (particularly where nested #if-ery was complex) we choose to split code into: "pre11" h/cpp files, "shared" h/cpp files (they preserve their original names, e.g qsslsocket_openssl.cpp) and "11" h/cpp files. If in future we remove the legacy back-end, "pre11" should be removed; "shared" and "11" parts - merged. 2. Configuration. We introduced a new feature 'opensslv11' which complements the pre-existing 'openssl' and 'openssl-linked' features. The 'opensslv11' feature is enabled by a simple test which either compiles successfully or ends in a compilation error, depending on a value of the OPENSSL_VERSION_NUMBER constant. If the feature was enabled, we also append an additional compilation flag -DOPENSSL_API_COMPAT=0x10100000L to make sure our new code does not contain deprecated structures, function calls, macro-invocations from OpenSSL < 1.1. Change-Id: I2064efbe9685def5d2bb2233a66f7581954fb74a Reviewed-by: André Klitzing <aklitzing@gmail.com> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Standardize some "We mean it" commentsFriedemann Kleint2016-08-171-3/+3
| | | | | | | Fix the occurrences where the wrong classes are mentioned. Change-Id: Ia291af77f0f454a39cab93e7376a110c19a07771 Reviewed-by: Lars Knoll <lars.knoll@qt.io>
* Add qtnetworkglobal.h and qtnetworkglobal_p.hLars Knoll2016-07-031-0/+1
| | | | | | | | | | | | | The new modular configuration system requires one global header per module, that is included by all other files in this module. That header will later on #include the configuration file for Qt Network. For now it defines the Q_NETWORK_EXPORT macro for this library. Change-Id: I9c45d425baf881c431ed71fd457c7feb2c123855 Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
* Add support for PSK on server sideAndré Klitzing2016-05-021-0/+1
| | | | | | | | [ChangeLog][QtNetwork][QSslSocket] TLS PSK ciphers are possible in server sockets. Task-number: QTBUG-39077 Change-Id: Iaa854a6f50242deae5492f2e4759c727488995f5 Reviewed-by: Richard J. Moore <rich@kde.org>
* Merge remote-tracking branch 'origin/5.6' into 5.7Liang Qi2016-02-181-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | This also reverts commit 018e670a26ff5a61b949100ae080f5e654e7bee8. The change was introduced in 5.6. After the refactoring, 14960f52, in 5.7 branch and a merge, it is not needed any more. Conflicts: .qmake.conf src/corelib/io/qstandardpaths_mac.mm src/corelib/tools/qsharedpointer_impl.h tests/auto/widgets/itemviews/qlistview/tst_qlistview.cpp Change-Id: If4fdff0ebf2b9b5df9f9db93ea0022d5ee3da2a4
| * QtNetwork: Silence Clang on Windows.Friedemann Kleint2016-02-171-1/+1
| | | | | | | | | | | | | | | | | | Remove dead code and fix override. Task-number: QTBUG-50804 Change-Id: I9cc28507e549d56a1f15fcc54bb6f7465beef644 Reviewed-by: Edward Welbourne <edward.welbourne@theqtcompany.com> Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
* | QSslSocket (OpenSSL): replace QList<QPair> by QVector<Struct>Marc Mutz2016-02-171-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A QList<QPair<int,int>> is one of the most dangerous ones, because it fundamentally changes memory layout, and therefore performance and invariants, when going from 32-bit platforms (array list) to 64-bit (vector-like). Port to QVector instead, which has a consistent design across all platforms. Also port from QPair to a simple struct { code, depth }, because member names such as 'first' and 'second' have no semantic value and make code using them very hard to understand. Change-Id: I86c95d78dbb2e82ec222d6eae8ba11568e3ff0af Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
* | Updated license headersJani Heikkinen2016-01-151-14/+20
|/ | | | | | | | | | | From Qt 5.7 -> LGPL v2.1 isn't an option anymore, see http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/ Updated license headers to use new LGPL header instead of LGPL21 one (in those files which will be under LGPL v3) Change-Id: I046ec3e47b1876cd7b4b0353a576b352e3a946d9 Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
* Update copyright headersJani Heikkinen2015-02-111-7/+7
| | | | | | | | | | | | | | | | | | Qt copyrights are now in The Qt Company, so we could update the source code headers accordingly. In the same go we should also fix the links to point to qt.io. Outdated header.LGPL removed (use header.LGPL21 instead) Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing combination. New header.LGPL-COMM taken in the use file which were using old header.LGPL3 (src/plugins/platforms/android/extract.cpp) Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license combination Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
* Remove legacy ifdefs for ancient openssl.Richard J. Moore2015-02-081-2/+0
| | | | | | | | | | | There were still ifdefs for openssl 0.9.7 and openssl 0.9.8f. [ChangeLog][QtNetwork] Some legacy ifdefs for openssl 0.9.7 and openssl 0.9.8f were removed, Qt will no longer build with these versions. In addition there is no support for openssl built with NO_TLSEXT. Change-Id: I9268515c0a125a2f6d79add8ee1cb40768e7e898 Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
* ssl: fix QSslSocket::peerCertificateChain in server modeJeremy Lainé2015-02-071-0/+1
| | | | | | | | | | | The OpenSSL backend for QSslSocket return an incomplete peer certificate chain when in server mode: it does not include the peer's certificate as the first element of the chain. This change fixes this issue. Change-Id: I2f0815bca2f314a075b48a2d0b5a6d5b7af50722 Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
* [QSSL] Pass params of shareable type by const-ref rather than by valueKonstantin Ritt2015-01-281-1/+1
| | | | | | Change-Id: I9c09a3e2dfb90eb22d4509ac6c450a0bb5da48f6 Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* QSslSocket: introduce support for TLS PSK (client side)Giuseppe D'Angelo2015-01-231-0/+4
| | | | | | | | | [ChangeLog][QtNetwork][QSslSocket] It is now possible to use TLS PSK ciphersuites in client sockets. Task-number: QTBUG-39077 Change-Id: I5523a2be33d46230c6f4106c322fab8a5afa37b4 Reviewed-by: Richard J. Moore <rich@kde.org>
* Merge remote-tracking branch 'origin/5.4' into devSimon Hausmann2014-12-101-1/+1
|\ | | | | | | | | | | | | | | Conflicts: doc/global/template/style/online.css mkspecs/android-g++/qmake.conf Change-Id: Ib39ea7bd42f5ae12e82a3bc59a66787a16bdfc61
| * Use camel case in PKCS#12 functionAlejandro Exojo2014-11-241-1/+1
| | | | | | | | | | | | | | | | | | This makes it follow the coding style, which says to camel case acronyms too, and makes it consistent with the rest of the class. Change-Id: I4a1b21de1815530e476fc5aa8a0d41c724fc8021 Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: hjk <hjk121@nokiamail.com>
* | Add Q_DECL_OVERRIDE in the src subdirectoryOlivier Goffart2014-12-031-8/+8
|/ | | | | | | | | | Done automatically with clang-modernize on linux (But does not add Q_DECL_OVERRIDE to the function that are marked as inline because it a compilation error with MSVC2010) Change-Id: I2196ee26e3e6fe20816834ecea5ea389eeab3171 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Update license headers and add new license filesMatti Paaso2014-09-241-19/+11
| | | | | | | | | - Renamed LICENSE.LGPL to LICENSE.LGPLv21 - Added LICENSE.LGPLv3 - Removed LICENSE.GPL Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2 Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
* ssl: Share the host name matching utilitiesAndrew Knight2014-08-271-2/+0
| | | | | | | | | This moves the socket backend's host name matching functions up to QSslSocketPrivate so that they can be shared between backends. This works, as there is no OpenSSL-specific code here. Change-Id: I73c2081fdc2e60a44c90e90800d1e1877391a626 Reviewed-by: Richard J. Moore <rich@kde.org>
* Add support for loading PKCS#12 bundles.Richard J. Moore2014-05-111-0/+4
| | | | | | | | | | | | | | | Add support for loading certificates and keys from PKCS#12 bundles (also known as pfx files). Task-number: QTBUG-1565 [ChangeLog][QtNetwork][QSslSocket] Support for loading PKCS#12 bundles was added. These are often used to transport keys and certificates conveniently, particularly when making use of client certificates. Change-Id: Idaeb2cb4dac4b19881a5c99c7c0a7eea00c2b207 Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
* Add support for finding the version of SSL/TLS in use.Richard J. Moore2014-03-101-0/+1
| | | | | | | | | | | | Previously we allowed you to specify which version(s) you wanted to use, but did not provide access to the version that was actually negotiated. [ChangeLog][QtNetwork][QSslSocket] Add support for finding the version of SSL/TLS in use by a connection. Task-number: QTBUG-28471 Change-Id: I6d50d2bc9f1ce7f98192e67992178fe7e41c0575 Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
* Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-02-141-0/+14
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: src/concurrent/doc/qtconcurrent.qdocconf src/corelib/doc/qtcore.qdocconf src/corelib/global/qglobal.h src/dbus/doc/qtdbus.qdocconf src/dbus/qdbusmessage.h src/gui/doc/qtgui.qdocconf src/gui/image/qimagereader.cpp src/network/doc/qtnetwork.qdocconf src/opengl/doc/qtopengl.qdocconf src/opengl/qgl.h src/plugins/platforms/windows/qwindowswindow.cpp src/printsupport/doc/qtprintsupport.qdocconf src/sql/doc/qtsql.qdocconf src/testlib/doc/qttestlib.qdocconf src/tools/qdoc/doc/config/qt-cpp-ignore.qdocconf src/widgets/doc/qtwidgets.qdocconf src/xml/doc/qtxml.qdocconf Change-Id: Ie9a1fa2cc44bec22a0b942e817a1095ca3414629
| * Remove Nokia from ssl linking exception.Frederik Gladhorn2013-02-111-0/+14
| | | | | | | | | | | | Change-Id: I559d4dd8789a249af855f6fe9bfe013ba1d77132 Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Lars Knoll <lars.knoll@digia.com>
* | SSL: Implement session sharing and use it from QNetworkAccessManagerPeter Hartmann2013-02-061-2/+3
|/ | | | | | | | This improves performance since a network round trip can be avoided. Change-Id: I1aaff7e48ef9638cb137de0f43942c3a4dd2884a Initial-patch-by: Markus Goetz <markus@woboq.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Update copyright year in Digia's license headersSergio Ahumada2013-01-181-1/+1
| | | | | Change-Id: Ic804938fc352291d011800d21e549c10acac66fb Reviewed-by: Lars Knoll <lars.knoll@digia.com>
* Change copyrights from Nokia to DigiaIikka Eklund2012-09-221-24/+24
| | | | | | | | Change copyrights and license headers from Nokia to Digia Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e Reviewed-by: Lars Knoll <lars.knoll@digia.com> Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
* Use windows API to update missing CA rootsShane Kearns2012-04-111-0/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Windows ships with a minimal set of CA roots. When using windows API to verify a certificate, it will fetch the root certificate from windows update (assuming it is part of the Microsoft trust program). As we are using openssl, this does not happen transparently. If SSL errors occur which indicate a broken chain then attempt to fix it using the windows API before emitting sslErrors. If the system CA certs are not in use (a CA bundle has been set on the socket or as the global configuration), then this is skipped. This is so an application can continue to use its own cert bundle rather than trusting the system certs. Key usage is specified, so that windows will return not trusted status if the root is not suitable for SSL (server auth or client auth OID). Testability: - to test, must delete the CA cert(s) from the "third party root certification authorities" section of the cert store using mmc.exe. - If the workaround of installing the windows XP cert bundle was performed, then you also need to delete certs from the "trusted root certification authorities" section. This is dangerous, be careful not to delete the required certificates which are documented on MS website - Naturally, modifying these areas of the cert store requires elevated privilege. Task-number: QTBUG-24827 Change-Id: I5cfe71c8a10595731f6bbbbabaaefa3313496654 Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Prevent data loss when an ssl socket is closed by remoteShane Kearns2012-02-011-0/+1
| | | | | | | | | | | | SSL context was destroyed on disconnect. This makes it impossible to decrypt buffered encrypted data. So if there is encrypted data in the receive buffers, then don't destroy the ssl context until the socket is destroyed. Task-Number: QTBUG-23607 Change-Id: I16a7b4fa006647ec73049c90cdbc72686696850f Reviewed-by: Jonas Gastal <jgastal@profusion.mobi> Reviewed-by: Richard J. Moore <rich@kde.org>
* Remove "All rights reserved" line from license headers.Jason McDonald2012-01-301-1/+1
| | | | | | | | | | As in the past, to avoid rewriting various autotests that contain line-number information, an extra blank line has been inserted at the end of the license text to ensure that this commit does not change the total number of lines in the license header. Change-Id: I311e001373776812699d6efc045b5f742890c689 Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
* QAbstractSocket / QSslSocket: add API to pause and resumePeter Hartmann2012-01-251-0/+1
| | | | | | | | | | | | | | | pause and resume is currently only supported upon emitting the QSslSocket::sslErrors() signal. The API was added in QAbstractSocket to also support QAbstractSocket::proxyAuthenticationRequired() in the future. This is the first patch to support that feature on the socket level, another patch will follow to support sslErrors() and authenticationRequired() in QNetworkAccessManager / QNetworkReply. Task-number: QTBUG-19032 Change-Id: Ide2918268590ab9a01454ab26cb7fdca3dc840ab Reviewed-by: Shane Kearns <ext-shane.2.kearns@nokia.com>
* Update contact information in license headers.Jason McDonald2012-01-231-1/+1
| | | | | | | Replace Nokia contact email address with Qt Project website. Change-Id: I431bbbf76d7c27d8b502f87947675c116994c415 Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
* Update copyright year in license headers.Jason McDonald2012-01-051-1/+1
| | | | | Change-Id: I02f2c620296fcd91d4967d58767ea33fc4e1e7dc Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
* Remove unused member variables from private class.Richard Moore2011-12-121-2/+0
| | | | | | | These aren't used, and so they shouldn't be there. Change-Id: Id4a08d90836c45c140d811b8eca07756e14c56e5 Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* Improve the testability of QSslOptions.Richard Moore2011-11-171-0/+1
| | | | | | | | | | The handling of QSslOptions is complicated not only by the subject, but also by the fact that some of the openssl directives are negatives. This commit tries to separate the inherent complexity from the complexity of the api by allowing us to test them independently. Change-Id: Ieb9386c69dd9b0b49dc42e26b2878a301f26ded1 Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
* network: remove Symbian specific codePeter Hartmann2011-11-141-55/+0
| | | | | | | | removes several files and cleans up the code, removing all Symbian specific #ifdef's etc. Change-Id: Ie457e54cb4b3a992f251383320d47822259c38f1 Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
* Add the ability to verify a chain of certificatesRichard Moore2011-07-121-0/+2
| | | | | | | | | | | Currently it is only possible to verify a certificate chain when connecting to a server. This change makes it possible to verify a chain at any time. Change-Id: Ib70ad7b81418f880e995f391b82ce59561ededb8 Merge-request: 11 Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com> Reviewed-on: http://codereview.qt.nokia.com/1509
* Update licenseheader text in source files for qtbase Qt moduleJyri Tahtela2011-05-241-17/+17
| | | | | | | Updated version of LGPL and FDL licenseheaders. Apply release phase licenseheaders for all source files. Reviewed-by: Trust Me
* Initial import from the monolithic Qt.Qt by Nokia2011-04-271-0/+184
This is the beginning of revision history for this module. If you want to look at revision history older than this, please refer to the Qt Git wiki for how to use Git history grafting. At the time of writing, this wiki is located here: http://qt.gitorious.org/qt/pages/GitIntroductionWithQt If you have already performed the grafting and you don't see any history beyond this commit, try running "git log" with the "--follow" argument. Branched from the monolithic repo, Qt master branch, at commit 896db169ea224deb96c59ce8af800d019de63f12
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-09 13:13:34 +0000