| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using cipher algorithms with forward secrecy an ephemeral key is
used to generate the symmetric session key. Beside the SSL certificate's
key, this ephemeral key is of cryptographic interest.
The ephemeral key is chosen by the server side - currently statically in
the Qt implementation - so it is only of interest on the client side to
check it. Therefore the ephemeral key is the null key if the connection
is set up in server mode or a cipher without forward secrecy is used.
Change-Id: If241247dbb8490a91233ae47f2b38952c6591bf4
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
|
|
|
|
|
|
|
|
|
|
| |
This adds an OpenSSL-based implementation of the QSslKeyPrivate encrypt
and decrypt method. This puts both the OpenSSL-based and non-OpenSSL
backends (WinRT for now) on par.
Change-Id: I18a75ee5f1c223601e51ebf0933f4430e7c5c29b
Reviewed-by: Andrew Knight <andrew.knight@intopalo.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
| |
So far, this was only supported for dlopen mode. This adds symmetric
defines for the linking case.
Change-Id: I9cbfa18e04d041dde0cbd833929782cada9eb812
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
| |
invalid conversion from ‘unsigned char**’ to ‘const unsigned char**’
Task-number: QTBUG-44744
Change-Id: I6263db106fe28c6aa04db8ca79421b3a9fc5adc9
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
| |
This change is a step closer to working with openssl 1.2 which makes
this struct opaque.
Change-Id: I3897142657edc0fa4053142b6ef743c2b00c013e
Reviewed-by: Peter Hartmann <peter-qt@hartmann.tk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Qt copyrights are now in The Qt Company, so we could update the source
code headers accordingly. In the same go we should also fix the links to
point to qt.io.
Outdated header.LGPL removed (use header.LGPL21 instead)
Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing
combination. New header.LGPL-COMM taken in the use file which were
using old header.LGPL3 (src/plugins/platforms/android/extract.cpp)
Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license
combination
Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe
Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
|
|
|
|
|
|
|
|
|
|
|
| |
There were still ifdefs for openssl 0.9.7 and openssl 0.9.8f.
[ChangeLog][QtNetwork] Some legacy ifdefs for openssl 0.9.7 and openssl 0.9.8f
were removed, Qt will no longer build with these versions. In addition there
is no support for openssl built with NO_TLSEXT.
Change-Id: I9268515c0a125a2f6d79add8ee1cb40768e7e898
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
|
|
|
|
|
| |
Change-Id: I51733e9a3bb0d5d54dc2f61ac75751d899a84bd1
Reviewed-by: Peter Hartmann <peter-qt@hartmann.tk>
|
|
|
|
|
|
|
|
|
| |
[ChangeLog][QtNetwork][QSslSocket] It is now possible to use TLS PSK
ciphersuites in client sockets.
Task-number: QTBUG-39077
Change-Id: I5523a2be33d46230c6f4106c322fab8a5afa37b4
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
| |
Since the conversion to a long name was already there, also support
creation from a long name.
Change-Id: Iad712db7447fb0a0a18f600b7db54da5b5b87154
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add possibility to get length and other information of EC based
certificates. Also it is possible to parse those public/private
keys from PEM and DER encoded files.
Based on patch by Remco Bloemen
[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
parse elliptic curve certificates.
Change-Id: I4b11f726296aecda89c3cbd195d7c817ae6fc47b
Task-number: QTBUG-18972
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
| |
[ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic
curves should be used by an elliptic curve cipher.
Change-Id: If5d0d58922768b6f1375836489180e576f5a015a
Done-with: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
| |
- Renamed LICENSE.LGPL to LICENSE.LGPLv21
- Added LICENSE.LGPLv3
- Removed LICENSE.GPL
Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2
Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
|
|\
| |
| |
| |
| |
| |
| | |
Conflicts:
src/network/ssl/qsslsocket_openssl_symbols.cpp
Change-Id: Ic62419fa1fee5f4de6c372459d72e6e16f9a810b
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some Linux distributions disable EC by default which causes compile
errors on those platforms.
Task-number: QTBUG-40394
Change-Id: If5816d473bd1d64b1d4977860db662704a83310f
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|\|
| |
| |
| | |
Change-Id: Ia36e93771066d8abcf8123dbe2362c5c9d9260fc
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Avoid accessing the internals of the SSL_CIPHER struct since this has
changed size etc. over time leading to binary incompatibilities.
Task-number: QTBUG-32423
Task-number: QTBUG-23363
Change-Id: I8cb399484e3a62be7d511f4b8b22c876825c87d4
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add support for loading certificates and keys from PKCS#12 bundles
(also known as pfx files).
Task-number: QTBUG-1565
[ChangeLog][QtNetwork][QSslSocket] Support for loading PKCS#12
bundles was added. These are often used to transport keys and
certificates conveniently, particularly when making use of
client certificates.
Change-Id: Idaeb2cb4dac4b19881a5c99c7c0a7eea00c2b207
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
|
| |
| |
| |
| |
| | |
Change-Id: I382a017a0b865b849667301aff8b2f87b676ecc6
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/qnx-armv7le-qcc/qplatformdefs.h
src/printsupport/kernel/qcups.cpp
src/widgets/styles/qstyle.h
tests/auto/widgets/itemviews/qlistwidget/tst_qlistwidget.cpp
Change-Id: Ia41e13051169a6d4a8a1267548e7d47b859bb267
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Despite supporting DH and ECDH key exchange as a client, Qt did not provide
any default parameters which prevented them being used as a server. A
future change should allow the user to control the parameters used, but
these defaults should be okay for most users.
[ChangeLog][Important Behavior Changes] Support for DH and ECDH key exchange
cipher suites when acting as an SSL server has been made possible. This
change means the you can now implement servers that offer forward-secrecy
using Qt.
Task-number: QTBUG-20666
Change-Id: I469163900e4313da9d2d0c3e1e5e47ef46320b17
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Previously we allowed you to specify which version(s) you wanted to use,
but did not provide access to the version that was actually negotiated.
[ChangeLog][QtNetwork][QSslSocket] Add support for finding the version
of SSL/TLS in use by a connection.
Task-number: QTBUG-28471
Change-Id: I6d50d2bc9f1ce7f98192e67992178fe7e41c0575
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
... which is needed to negotiate the SPDY protocol.
[ChangeLog][QtNetwork][QSslConfiguration] Added support for the Next
Protocol Negotiation (NPN) TLS extension.
Task-number: QTBUG-33208
Change-Id: I3c945f9b7e2d2ffb0814bfdd3e87de1dae6c20ef
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
|
|
|
|
|
|
|
| |
the diff -w for this commit is empty.
Started-by: Thiago Macieira <thiago.macieira@intel.com>
Change-Id: I77bb84e71c63ce75e0709e5b94bee18e3ce6ab9e
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes them in many ways:
- use Q_UNLIKELY to mark an error case
- reduce QtNetwork library size by 40315 bytes
- fix DEFINEFUNC9 which had wrong logic, happily it was not used
anywhere
Change-Id: Ic46a569f85aa22a00ecd88158e60c52f4665ec4c
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|\
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/global/qglobal.h
src/plugins/platforms/cocoa/qnsview.mm
Change-Id: I6fe345df5c417cb7a55a3f91285d9b47a22c04fa
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Incorporate some more of the API changes between OpenSSL versions
0.9.8 and 1.0.0.
Task-number: QTBUG-31140
Change-Id: Ie719b34e3ec8751f0fbc07d315e82816c110762c
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
Session tickets can be cached on the client side for hours (e.g.
graph.facebook.com: ~ 24 hours, api.twitter.com: 4 hours), because the
server does not need to maintain state.
We need public API for it so an application can cache the session (e.g.
to disk) and resume a session already with the 1st handshake, saving
one network round trip.
Task-number: QTBUG-20668
Change-Id: I10255932dcd528ee1231538cb72b52b97f9f4a3c
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/concurrent/doc/qtconcurrent.qdocconf
src/corelib/doc/qtcore.qdocconf
src/corelib/global/qglobal.h
src/dbus/doc/qtdbus.qdocconf
src/dbus/qdbusmessage.h
src/gui/doc/qtgui.qdocconf
src/gui/image/qimagereader.cpp
src/network/doc/qtnetwork.qdocconf
src/opengl/doc/qtopengl.qdocconf
src/opengl/qgl.h
src/plugins/platforms/windows/qwindowswindow.cpp
src/printsupport/doc/qtprintsupport.qdocconf
src/sql/doc/qtsql.qdocconf
src/testlib/doc/qttestlib.qdocconf
src/tools/qdoc/doc/config/qt-cpp-ignore.qdocconf
src/widgets/doc/qtwidgets.qdocconf
src/xml/doc/qtxml.qdocconf
Change-Id: Ie9a1fa2cc44bec22a0b942e817a1095ca3414629
|
| |
| |
| |
| |
| |
| | |
Change-Id: I559d4dd8789a249af855f6fe9bfe013ba1d77132
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes a compilation error with GCC 4.7
which was introduced in b5652df775efbd1c52eecee5f08e40e600e5d70b
In function ‘SSL_SESSION* q_SSL_get1_session(const SSL*)’:
invalid conversion from ‘const SSL* {aka const ssl_st*}’ to ‘SSL* {aka ssl_st*}’ [-fpermissive]
Change-Id: I909f7fb4295b2019283a7af66a038d4711e5f7cb
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@rim.com>
|
|/
|
|
|
|
|
|
| |
This improves performance since a network round trip can be avoided.
Change-Id: I1aaff7e48ef9638cb137de0f43942c3a4dd2884a
Initial-patch-by: Markus Goetz <markus@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
| |
Change-Id: Ic804938fc352291d011800d21e549c10acac66fb
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL changed the layout of X509_STORE_CTX between 0.9 and 1.0
So we have to consider this struct as private implementation, and use
the access functions instead.
This bug would cause certificate verification problems if a different
version of openssl is loaded at runtime to the headers Qt was compiled
against.
Task-number: QTBUG-28343
Change-Id: I47fc24336f7d9c80f08f9c8ba6debc51a5591258
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
| |
Change copyrights and license headers from Nokia to Digia
Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add SslProtocol enums TlsV1_1 and TlsV1_2 and use the appropriate OpenSSL
methods when they're selected (TLSv1_1_client_method, TLSv1_2_client_method,
TLSv1_1_server_method and TLSv1_2_server_method). This allows us to
explicitly use TLS 1.1 or 1.2.
Task-number: QTBUG-26866
Change-Id: I159da548546fa746c20e9e96bc0e5b785e4e761b
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
|
|
|
|
|
|
|
|
|
| |
Since we are calling q_SSL_load_error_strings to load error strings
we should call ERR_free_strings to free the memory again.
Task-number: QTBUG-15732
Change-Id: Ie41291bb0e1434f82025378edfca51930712a8aa
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If SSL_MODE_RELEASE_BUFFERS is available we should tell OpenSSL
to release memory early.
http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html
Task-number: QTBUG-14985
Change-Id: Ib6656ebb3c4d67ca868b317ee83ddbf0983953f9
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Markus Goetz <markus@woboq.com>
|
|
|
|
|
|
|
|
|
|
| |
As in the past, to avoid rewriting various autotests that contain
line-number information, an extra blank line has been inserted at the
end of the license text to ensure that this commit does not change the
total number of lines in the license header.
Change-Id: I311e001373776812699d6efc045b5f742890c689
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
|
|
|
|
|
|
|
| |
Replace Nokia contact email address with Qt Project website.
Change-Id: I431bbbf76d7c27d8b502f87947675c116994c415
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
|
|
|
|
|
| |
Change-Id: I02f2c620296fcd91d4967d58767ea33fc4e1e7dc
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes Qt load the default openssl config always, not just
when compiled with OPENSSL_LOAD_CONF. This means that facilities like
openssl engines (and their configuration) are usable. An alternative
would be to call OPENSSL_config(NULL) ourselves, but that's exactly
what the OPENSSL_add_all_algorithms_conf does for us.
Task-number: QTBUG-16018
Change-Id: I4cda701f82627e0541b6225009f4e1249aec9d47
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL's SSL_ctrl() always took a "void *" argument as 4th parameter,
since at least version 0.9.7.
I have no idea why we had "const void *" in there.
Reviewed-by: Richard J. Moore <rich@kde.org>
Task-number: QTBUG-23132
(cherry picked from commit 4db91cbd6147e40f543342f22c05b7baddc52e5a)
Change-Id: Ie570e1cc59b72f13d3e6f3ed6fc1892444a63743
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Robin Burchell <robin+qt@viroteck.net>
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
|
|
|
|
|
|
|
|
|
|
| |
... by adding a new class QSslCertificateExtension and methods in
QSslCertificate to support extensions. This is needed e.g. for OCSP
(checking revocation status of a certificate) or Extended Validation
certificates.
Change-Id: I5c5d9513fa640cd487786bb9a5af734afebd0828
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Also export two symbols for auto tests since opaque keys
need EVP_PKEY * created by openssl.
Change-Id: Ib7801ddfceb259de7291bfaa5940df87f68af97d
Merge-request: 48
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-on: http://codereview.qt.nokia.com/4011
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Currently it is only possible to verify a certificate chain when
connecting to a server. This change makes it possible to verify a
chain at any time.
Change-Id: Ib70ad7b81418f880e995f391b82ce59561ededb8
Merge-request: 11
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-on: http://codereview.qt.nokia.com/1509
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, x509 name entries that didn't have a shortname would all be
(accidentally) stored with the tag 'UNDEF'. This commit changes things
so that they are stored using the string form of their OID.
Change-Id: I667306cc4f91b1ca84f29b986bc21daadeb089b6
Merge-request: 18
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-on: http://codereview.qt.nokia.com/1449
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds accessors for both the openssl version number and the
version string. The intention here is to aid debugging by making it
possible for applications to know which version of the openssl library
has been found by the runtime linking code.
Since the version of openssl in use will depend on the installation of
the developer, the test cases merely display the version string and
number rather than verifying that any particular version is in use.
Change-Id: Ieec44f0941f99887c85c2858bab0481722d739e5
Merge-request: 12
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-on: http://codereview.qt.nokia.com/1406
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSL_ctrl's prototype has changed slightly in openssl 1.0.0x - the 4th
argument is now a void* as opposed to a const void*.
gcc 4.6 doesn't allow this as an implicit cast.
Merge-request: 1239
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
(cherry picked from commit 007f01a7e801d5409708e4b8de8b3ead1481cf7d)
Change-Id: I4f41af981cf0762383b3fc867ec5d726e2b1e5c6
Reviewed-on: http://codereview.qt.nokia.com/821
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a function that will convert a certificate to human readable text
format using the openssl print function. This is useful for debugging
and for displaying the full details of a certificate (including those
parts not supported by the Qt API).
Change-Id: I27238d05df37f8b15ad09f8e761b06344631a9ce
Merge-request: 2
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-on: http://codereview.qt.nokia.com/551
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
|