| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All backend-specific code is now separated and removed
from QSslSocket(Private) code. The original code is mostly
preserved to avoid (as much as possible) regressions (and
to simplify code-review).
Fixes: QTBUG-91173
Task-number: QTBUG-65922
Change-Id: I3ac4ba35d952162c8d6dc62d747cbd62dca0ef78
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 9391ba55149336c395b866b24dc9b844334d50da)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Weird macro had inverted notion of type safety: instead of casting
parameters and return values (they are pointers) to work with generic
OPENSSL_sk_xxx functions, it was ... casting a function pointer to an invalid
type to get ... nothing, but UB. Home-brewed (un)'safestack'!!!
Change-Id: Ib91a7ba4cd472f370836797e422456f91a4385b0
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 9fc2f1f076b953ff0979fb73ed6e70ac9bde278c)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CentOS it seems not only backported some OpenSSL 3 functions,
but also raised the default security level to 2, making some of
our keys (and MDs?) 'too weak' and failing auto-tests here and
there as a result. For our auto-test we lower the level to 1,
as it is expected to be.
Fixes: QTBUG-86336
Pick-to: 5.15
Change-Id: I7062a1b292e8b60eb9c2b2e82bd002f09f9da603
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
| |
Change-Id: Ic8db7dc252f8fea46eb5a4f334726d6c7f4645a6
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>
|
|
|
|
|
|
| |
Change-Id: I76bf6c7d47c7d29228837bbb139a7f6a32de0e5e
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
| |
OpenSSL 1.1.1 has a convenient function for parsing ASN.1 times;
use that instead of the hand-rolled code.
Change-Id: Ic0aecc915f362c02b220819305f3f3c347a75297
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DSA/DH/etc _bits functions were first deprecated, then un-deprecated,
so we don't worry about them for now. SSL_CTX_load_verify_location was deprecated
and two new functions were introduced instead (one using file, the second
- path). It's unfortunately 3.0 only, so we have to check OpenSSL version.
DH_check is deprecated and we have to use EVP_PKEY_param_check with
tons of a boilerplate code around.
Fixes: QTBUG-83733
Pick-to: 5.15
Change-Id: Icd401ab6aad30c23c37443c7bc82c702fb843640
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/widgets/widgets/qabstractbutton.cpp
src/widgets/widgets/qbuttongroup.cpp
src/widgets/widgets/qbuttongroup.h
src/widgets/widgets/qsplashscreen.cpp
tests/auto/widgets/widgets/qbuttongroup/tst_qbuttongroup.cpp
tests/benchmarks/opengl/main.cpp
Needed update:
src/plugins/platforms/cocoa/CMakeLists.txt
Change-Id: I7be4baebb63844ec2b3e0de859ca9de1bc730bb5
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Do not call SSL_shutdown on a session that is in handshake state (SSL_in_init(s)
returns 1). Also, do not call SSL_shutdown if a session encountered a fatal
error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown
was unsuccessful (returned code != 1), we have to clear the error(s) it queued.
Fixes: QTBUG-83450
Change-Id: I6326119f4e79605429263045ac20605c30dccca3
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
examples/widgets/graphicsview/boxes/scene.h
src/corelib/Qt5CoreMacros.cmake
src/corelib/Qt6CoreMacros.cmake
src/network/ssl/qsslsocket.cpp
src/network/ssl/qsslsocket.h
src/platformsupport/fontdatabases/windows/qwindowsfontenginedirectwrite.cpp
src/testlib/CMakeLists.txt
src/testlib/.prev_CMakeLists.txt
tests/auto/corelib/tools/qscopeguard/tst_qscopeguard.cpp
Disabled building manual tests with CMake for now, because qmake
doesn't do it, and it confuses people.
Done-With: Alexandru Croitor <alexandru.croitor@qt.io>
Done-With: Volker Hilsheimer <volker.hilsheimer@qt.io>
Change-Id: I865ae347bd01f4e59f16d007b66d175a52f1f152
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The session we cache at the end of a handshake is non-resumable
in TLS 1.3, since NewSessionTicket message appears quite some time
after the handshake was complete. OpenSSL has a callback where
we can finally obtain a resumable session and inform an application
about session ticket updated by emitting a signal. Truism: OpenSSL-only.
[ChangeLog][QtNetwork] A new signal introduced to report when a valid session ticket received (TLS 1.3)
Fixes: QTBUG-81591
Change-Id: I4d22fad5cc082e431577e20ddbda2835e864b511
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Add a new verification callback. This gives an option
to report errors directly from this callback (by emitting
handshakeInterruptedOnError()). This allows an application
to explain to its peer why the handshake was interrupted (by
sending a corresponding alert message).
2. This also means we want to notice such alerts (in Qt,
from the application's point of view, they are mostly
informational only, no interaction is required). So we
also introduce a new 'info callback', that can notice alert
messages read or written. We also introduce two new enums
describing the level and type of an alert message. QSslSocket
gets three new signals (for incoming/outgoing alerts and
verification errors found early).
3. In case we requested a certificate, but the peer provided
none, we would previously abruptly close the connection without
a proper alert message (and such a situation is not handled
by any verification callbacks, since there is no certificate(s)
to verify essentially). So we now introduce a new verification
option that maps to what OpenSSL calls 'SSL_VERIFY_FAIL_IF_NO_PEER_CERT'.
This way, the proper alert will be generated.
Fixes: QTBUG-68419
Change-Id: I5d1e9298b4040a2d4f867f5b1a3567a2253927b8
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL 1.0.2 will stop receiving all support at the end
of 2019. Qt 5.15 is our next LTS thus makes sense remove
OpenSSL 1.0.2 support there. This also allows us quite
a significant cleanup of an old heavily if-defed code
and all 'pre11' suffixed source files.
[ChangeLog][QtNetwork][SSL] Removed OpenSSL 1.0.x support, now 1.1.x is required
Change-Id: I70c70c56cbd8aeff793afe793335696d1b1b7408
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
.qmake.conf
src/gui/painting/qdrawhelper.cpp
src/gui/text/qdistancefield.cpp
src/gui/text/qdistancefield_p.h
src/network/ssl/qsslsocket_openssl.cpp
src/plugins/platforms/android/qandroidinputcontext.cpp
src/widgets/styles/qstylesheetstyle.cpp
Done-With: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: Ia7daad21f077ea889898f17734ec46303e71fe6b
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When our QSslSocketBackendPrivate (OpenSSL backend) was developed,
the ancient versions of OpenSSL did not have an API needed to pass
an application-specific data into verification callback. Thus the
developers resorted to the use of global variables (a list with errors)
and locks. Some of our auto-tests use QNAM and in-process server.
Whenever the client (essentially qhttpthreadeddelegate) and the server
live in different threads, any use of 'https' is dead-lock prone,
which recent events demonstrated and which were previously observed
but not understood properly (rare occasions, not always easy to
reproduce). Now we fix this for good by removing locking.
There are two places (in 5.12) where these locks are needed:
1. Before calling SSL_connect/SSL_accept (handshake) - here
we reuse the same trick we do in PSK callback ('SSL' has
an external data set, and it's 'this', meaning an object
of type QSslSocketBackendPrivate).
2. The static member function 'verify', here we do not have
'SSL', but we have our temporary 'X509_STORE', to which
we can directly attach an external data - a pointer to
a vector to collect verification errors.
Note, this change assumes that OpenSSL Qt is build/linked
against is at least of version 1.0.1 - we set external data
on SSL unconditionally (no version checks).
Fixes: QTBUG-76157
Change-Id: I05c98e77dfd5fb0c2c260fb6c463732facf53ffc
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| | |
And export the required symbols in OpenSSL so we can run the test there
as well even if it's not needed for any functionality.
Change-Id: I4246d2b0bbdd42079d255f97f3c66ce8bb37390b
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Check if QSslKey::handle() returns data representing the
same key information as that passed to the constructor.
Task-number: QTBUG-64495
Change-Id: I1a91264e6f6d92d259b51fca9de00fcbfd5cc845
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Alas, we have to do the job ossl_typ.h failed to - undef macros
coming from wincrypt.h (?) and clashing with identifiers/naming
conventions not exactly very wisely chosen by OpenSSL.
Change-Id: I1725c4f769be64dbb391d040b2c1574b20b65151
Fixes: QTBUG-73322
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Again, 1.0 is required now.
Change-Id: Icca5dc38eb33c1579653d96d6c079b335a401aad
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch introduces a private 'API' to enable server-side OCSP responses
and implements a simple OCSP responder, tests OCSP status on a client
side (the test is pretty basic, but for now should suffice).
Change-Id: I4c6cacd4a1b949dd0ef5e6b59322fb0967d02120
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch enables OCSP stapling in QSslSocket::SslClientMode (OpenSSL back-end
only). OCSP stapling is described by RFC6066 and based on the original OCSP as
defined by RFC2560. At the moment multiple certificate status protocol is not
supported (not implemented in OpenSSL). SecureTransport does not support OCSP
stapling at the moment.
[ChangeLog][QtNetwork][TLS] Added OCSP-stapling support for OpenSSL backend
Task-number: QTBUG-12812
Task-number: QTBUG-17158
Change-Id: Id2e0f4cc861311d1ece462864e5e30c76184af8c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
This is necessary to provide details for the key too,
when the server is using DHE-RSA-AESxxx-SHAxxx.
Amends 7f77dc84fb434f33ffe96f6633792706b80fb0a3.
Change-Id: I8ab15b6987c17c857f54bc368df3c6c1818f428c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL has 'no-dtls' configure option (or can be too ancient to properly
support it), we shall respect such builds. This patch extends configure.json
with a 'dtls' test and adds protection against linkage/compile-time
issues in the QtNetwork's code.
Change-Id: I0c0dd94f5c226115cee4285b82c83aa546555aea
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
These are leftovers from the prototype version of DTLS connection
and no code is using them now.
Change-Id: I3970a56303a59ce95e9c22344fac89e89f6559c8
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds DTLS support to QtNetwork module (and its OpenSSL
back-end).
DTLS over UDP is defined by RFC 6347.
The new API consists of
1) QDtlsClientVerifier which checks if a client that sent us ClientHello
is a real DTLS client by generating a cookie, sending a HelloVerifyRequest
with this cookie attached, and then verifiying a cookie received back.
To be deployed in combination with a server-side QUdpSocket.
2) QDtls - initiates and proceeds with a TLS handshake (client or server
side), with certificates and/or pre-shared key (PSK), and encrypts/decrypts
datagrams after the handshake has finished.
This patch does not implement yet another UDP socket, instead
it allows use of existing QUdpSocket(s), by adding DTLS support
on top. OpenSSL back-end uses a custom BIO to make it work with
QUdpSocket and give a finer control over IO operations.
On the server side, demultiplexing is left to client code (could
be done either by connecting QUdpSocket or by extracting address/port
for an incoming datagram and then forwarding/dispatching them to
the corresponding QDtls object).
Task-number: QTPM-779
Change-Id: Ifcdf8586c70c3018b0c5549efc722e795f2c1c52
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|\
| |
| |
| | |
Change-Id: I8d8b03ea46c537b091b72dc7b68aa6aa3a627ba6
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A custom build of openssl can disable DES or RC2. This
allows to build Qt against those builds.
Change-Id: I9b91c943fab4d217a791381e81a7d87a9ff5031a
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\|
| |
| |
| | |
Change-Id: I86f04fc3b2e4291f161a4985adddd6fd6c789d33
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When releasing a STACK_OF(GENERAL_NAME). Actually, GENERAL_NAME_free is
a special function, not the same as OPENSSL_sk_free.
Task-number: QTBUG-57679
Change-Id: I3ed300bb95e8be35bd9cd06b6dbc6e59c7c6a4ee
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|/
|
|
|
|
|
|
|
| |
This patch adds several macros, functions and typedefs,
needed by DTLS, into our qsslsocket_openssl_symbols.
Change-Id: I9e4dccc0c576b26b3f629cee6e3245e707604674
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
| |
With this change it is possible to use all supported
configurations in different backends without any new interfaces.
Change-Id: Ib233539a970681d30ae3907258730e491f8d3531
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
The test OPENSSL_VERSION_NUMBER >= 0x1010000000L was introduced before
1.1 support. Now a couple of conditional inclusions can be converted
into QT_CONFIG(opensslv11).
Task-number: QTBUG-64275
Change-Id: I627e6b06f334deac70c827e463ecbfad879dfc24
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch-set implements a new QSslSocket backend based on OpenSSL 1.1.
1. General.
The code in this patch was organized to achieve these (somewhat contradicting)
objectives:
- keep the new code free of #if-ery, as far as possible;
- make it easy to clean away dead code when we're eventually able to retire
out-dated OpenSSL versions;
- reduce the amount of code duplication.
If changes in some file/component were insignificant (~5 one-liners per file),
we still use pp-checks like: #if QT_CONFIG(opensslv11) ... #else ... #endif -
the logic is simple and it's still easy to clean the code if we remove the legacy
back-end. Where it saved #if-ery, we also introduced 'forward-compatible'
macros implementing equivalents of 1.1 functions using older OpenSSL.
In case some class contains a lot of version-specific ifdefs (particularly where
nested #if-ery was complex) we choose to split code into: "pre11" h/cpp files,
"shared" h/cpp files (they preserve their original names, e.g qsslsocket_openssl.cpp)
and "11" h/cpp files. If in future we remove the legacy back-end, "pre11" should be
removed; "shared" and "11" parts - merged.
2. Configuration.
We introduced a new feature 'opensslv11' which complements the pre-existing
'openssl' and 'openssl-linked' features. The 'opensslv11' feature is enabled
by a simple test which either compiles successfully or ends in a compilation
error, depending on a value of the OPENSSL_VERSION_NUMBER constant. If the
feature was enabled, we also append an additional compilation flag
-DOPENSSL_API_COMPAT=0x10100000L to make sure our new code does not contain
deprecated structures, function calls, macro-invocations from OpenSSL < 1.1.
Change-Id: I2064efbe9685def5d2bb2233a66f7581954fb74a
Reviewed-by: André Klitzing <aklitzing@gmail.com>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In old versions of OpenSSL this function can try to access a config file
sometimes resulting in EACCES. While handling ENOENT correctly, OPENSSL_config
unconditionally calls std::exit on EACCES, which is unacceptable, especially if we
have a Qt-app which is not using SSL at all (but, for example, is using QNAM).
To workaround this, we pre-test if this file can be opened and if not and the
last error is ERR_R_SYS_LIB we just skip q_OPENSSL_add_all_algorithms call.
Task-number: QTBUG-43843
Change-Id: I309172d3b5e7847f67a87ba33c406d4751bc60ca
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
| |
Fix the occurrences where the wrong classes are mentioned.
Change-Id: Ia291af77f0f454a39cab93e7376a110c19a07771
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a TLS handshake the ephemeral server key is saved in the ssl
configuration. Clients who want to get the length or algorithm of the
key only get "Opaque" and "-1" as a result because the key is always
stored as "Opaque". This change converts the key to specific type so
more details are available and the client don't need to convert the
handle by hand.
Change-Id: I60f90fc2c1805e528640d391b20c676b6eeeb49e
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new modular configuration system requires one global
header per module, that is included by all other files in
this module.
That header will later on #include the configuration file
for Qt Network. For now it defines the Q_NETWORK_EXPORT
macro for this library.
Change-Id: I9c45d425baf881c431ed71fd457c7feb2c123855
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/common/mac.conf
mkspecs/features/configure_base.prf
mkspecs/features/configure.prf
mkspecs/macx-clang-32/qmake.conf
mkspecs/macx-clang/qmake.conf
mkspecs/macx-ios-clang/qmake.conf
src/network/ssl/qsslsocket_openssl_symbols_p.h
Change-Id: I768b592e8e589662b1fdb9b8cbd633fef26845b6
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/angle/src/libGLESv2/libGLESv2.pro
src/plugins/platforms/eglfs/deviceintegration/eglfs_kms_egldevice/qeglfskmsegldeviceintegration.cpp
Change-Id: If8da4cfe8f57fea9f78e7239f378a6302c01674e
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The declaration and definition of the forwarding functions for PSK
differed which leads to link errors with some versions of openssl.
Change-Id: I40410f62a584c5dbd2acf5c90422e1243514f8fd
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Only the OpenSSL backend is supported right now.
[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
set custom Diffie-Hellman parameters for QSslSocket-based servers.
Change-Id: I50148873132cd0ec7e414250b107b6b4cbde02ea
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ChangeLog][QtNetwork][QSslSocket] TLS PSK ciphers are possible in server sockets.
Task-number: QTBUG-39077
Change-Id: Iaa854a6f50242deae5492f2e4759c727488995f5
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Application-Layer Protocol Negotiation (ALPN) - is a reworked revision
of Next Protocol Negotiation (NPN) we have in our OpenSSL code.
Can be used as a part of HTTP2 negotiation during TLS handshake.
Change-Id: I484ec528c81d4887a64749095ec292dfaec18330
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
From Qt 5.7 -> LGPL v2.1 isn't an option anymore, see
http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/
Updated license headers to use new LGPL header instead of LGPL21 one
(in those files which will be under LGPL v3)
Change-Id: I046ec3e47b1876cd7b4b0353a576b352e3a946d9
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using cipher algorithms with forward secrecy an ephemeral key is
used to generate the symmetric session key. Beside the SSL certificate's
key, this ephemeral key is of cryptographic interest.
The ephemeral key is chosen by the server side - currently statically in
the Qt implementation - so it is only of interest on the client side to
check it. Therefore the ephemeral key is the null key if the connection
is set up in server mode or a cipher without forward secrecy is used.
Change-Id: If241247dbb8490a91233ae47f2b38952c6591bf4
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
|
|
|
|
|
|
|
|
|
|
| |
This adds an OpenSSL-based implementation of the QSslKeyPrivate encrypt
and decrypt method. This puts both the OpenSSL-based and non-OpenSSL
backends (WinRT for now) on par.
Change-Id: I18a75ee5f1c223601e51ebf0933f4430e7c5c29b
Reviewed-by: Andrew Knight <andrew.knight@intopalo.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
| |
So far, this was only supported for dlopen mode. This adds symmetric
defines for the linking case.
Change-Id: I9cbfa18e04d041dde0cbd833929782cada9eb812
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
| |
invalid conversion from ‘unsigned char**’ to ‘const unsigned char**’
Task-number: QTBUG-44744
Change-Id: I6263db106fe28c6aa04db8ca79421b3a9fc5adc9
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
| |
This change is a step closer to working with openssl 1.2 which makes
this struct opaque.
Change-Id: I3897142657edc0fa4053142b6ef743c2b00c013e
Reviewed-by: Peter Hartmann <peter-qt@hartmann.tk>
|