| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All backend-specific code is now separated and removed
from QSslSocket(Private) code. The original code is mostly
preserved to avoid (as much as possible) regressions (and
to simplify code-review).
Fixes: QTBUG-91173
Task-number: QTBUG-65922
Change-Id: I3ac4ba35d952162c8d6dc62d747cbd62dca0ef78
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 9391ba55149336c395b866b24dc9b844334d50da)
|
|
|
|
|
|
|
|
|
|
| |
Renamed the private part of the namespace to QTlsPrivate.
Fixes: QTBUG-91531
Change-Id: Id2d9c458d8d958b35e437eee42889177dad0a7a7
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit e4efa00c72c7011f4e5c27722c2a522b30274610)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also since we have to properly support 'no-ssl' configure option
(alas, we support QSslCertificate on such builds) - introduce
a minimal crippled QTlsBackendCertOnly, which depends on
X509CertificateGeneric.
Fixes: QTBUG-90954
Task-number: QTBUG-65922
Change-Id: Ib9d62903f16b7c0eaaa23e319a822c24a7631dc6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 41fc143635c25f937a557f09890601f6c7d38736)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The idea is to have QSslKey(Private) backend-neutral and hide
all library-specific code inside plugins.
Fixes: QTBUG-90953
Task-number: QTBUG-65922
Change-Id: I2eeee3b2b72c78c2e24f2fb914abce3caa913be8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 0352cf8e1bf57615b9faf3f6f383896444e762ac)
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To enable QSslCertificate to use TLS plugins. All backend-specific
code is to be moved from QSslCertificate(Private) making them
backend-neutral.
Task-number: QTBUG-90954
Task-number: QTBUG-65922
Change-Id: Ic9d5abf91e42ce81fe56239f95ae97b64035e950
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 405337ee7276be4b76e86745c0694c51283b6b07)
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
| |
sizeof(1) should be fine, but it looks weird, so let's just use the type
instead.
Change-Id: I543462a837b0214883ca389be0e7e6ba2057cdd0
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
| |
While rebasing and resolving conflicts, I've acidentally removed a
declaration of supportsTls13() making a call expression invalid.
Change-Id: If561091db36f0354b61fa050ff9f72b29eddce53
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
| |
which will become parts of TLS plugins in the future.
Task-number: QTBUG-65922
Change-Id: I4ee3c59c435fc34a9f4dacd3ff0e3cfb44251e23
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QTlsBackend is a factory itself - it creates TLS/X509 objects. Having
an intermediary between Factory->Backend->TLS primitive does not look
very natural thus let's squash the first two parts. Backend is a factory
creating TLS primitives, but its static functions also provide information
about backends availablei and give access to those backends.
Fixes: QTBUG-90606
Task-number: QTBUG-65922
Change-Id: I8409d81fd11fb46e6ab4465b4937a7680a8c2447
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
| |
Amends 7cf8e5ada9eac00b200141fdc80a2e76c0422411
Change-Id: I6e188675ab53fd173bd75defe9d190a509f4adad
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
| |
This is an abstraction for TLS backend and its factory, preparing to transition
to plugin-based design.
Task-number: QTBUG-65922
Change-Id: Ibe810e77fd1b715a6bea66cd3f44312b015ac274
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This API gives the names of available backends and provides a basic
information about features/protocols supported by those backends.
Also, it has the 'loadBackend' functions which allow to select
a particular backend (which are becoming plugins).
At the moment, the implementation is still 'hardcoded', the
follow-up patch will allow to select different backends in runtime.
Task-number: QTBUG-65922
Change-Id: I05877de9c02857594e76b24d52e7578bdb01df69
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
| |
Something defined is always greater than undefined
Pick-to: 6.0
Fixes: QTBUG-89530
Change-Id: I7633dd4233f7b13c3c5be17352841ec873531ef9
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
At the same time I'll add a generic protection against being called in
unprotected mode in the schannel backend (openssl already has it in a
different form).
Pick-to: 5.15 6.0
Change-Id: I97c1be6239c27e306de0af7ad568fbcfde09da71
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
| |
With TLS 1.3 the client goes through renegotiation
when using Schannel. The status returned is OK and
we can immediately continue, so do that.
Change-Id: I831eaae318df9d94b5fb7672db7e407d94f9da56
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
| |
Following 77d812683f0ad595606f9833613dd49bb2fda26d QMutexLocker is now a
templated class which should in most cases be deduced automatically.
Doesn't work here because of the global static wrapper.
Change-Id: I62fda0651eac12f3234396cb7e41a26df8cc8b46
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's not possible to connect to microsoft.com with Schannel TLS 1.3 for
some reason (also tested with Internet Explorer), but other sites work
fine. Must be something they have to iron out for later.
In my experience this needs a preview release of Windows. One of my
machines is opted into the dev channel of Windows where they enabled TLS
1.3 by default, and it works well in my tests except for the part above.
On my other machine, after enabling TLS 1.3 through the registry, I fail
to complete the handshake with any site. So around March/April next year
is when this code would activate for most people.
MinGW apparently defines NTDDI_VERSION as the one for Windows Server
2003, so it currently doesn't build the new TLS 1.3 code. In Qt (as a
project) we could consider setting this higher, but that's out of scope
for this patch!
Fixes: QTBUG-81294
Change-Id: If329959c3a30ecbfbb8c0d335cc39ccb6d012890
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certain servers, like smtp.live.com, will send a request for a
certificate even though they don't require one. In Schannel this
manifests as a warning/info status (SEC_I_INCOMPLETE_CREDENTIALS).
In the cases where it's not needed we should suppress the warning and
try to connect anyway, which is done by calling
InitializeSecurityContext again when we get the status.
Pick-to: 5.15
Change-Id: I3c48140f2949d8557251a49a2b66946da9395736
Reviewed-by: Joshua GPBeta <studiocghibli@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no reason for keep using our macro now that we have C++17.
The macro itself is left in for the moment being, as well as its
detection logic, because it's needed for C code (not everything
supports C11 yet). A few more cleanups will arrive in the next few
patches.
Note that this is a mere search/replace; some places were using
double braces to work around the presence of commas in a macro, no
attempt has been done to fix those.
tst_qglobal had just some minor changes to keep testing the macro.
Change-Id: I1c1c397d9f3e63db3338842bf350c9069ea57639
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
|\
| |
| |
| | |
Change-Id: Ibee5acec72a1a1769d4bc5f23f56c7dc8d4cf3cb
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Following the incomplete data guesstimation optimization the
tst_QSslSocket::readBufferMaxSize test would fail due to it waiting for
16K, but the readBufferMaxSize was 10 bytes.
Amends 559b563d711db0760a51b0dce26536dbc8766a9d
Change-Id: I5d17fac24e73c1305161aff744710b4c5b0b457a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\|
| |
| |
| | |
Change-Id: I469b0501cc65fc5ce4d797a69ae89405cc69c7f8
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 94b3dd77f29a00ebbd1efdc66d75f57e1c75b152.
The patch fixes ambiguity between a getter and a signal by changing the
getter name, but we still have to rename the signal to follow the signals
naming convention.
Revert the commit to keep the getter as is and change the signal name instead.
Change-Id: I0dd60cf1ae9d1bd95beeb8ad58661ca4b1fb63b9
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|\|
| |
| |
| |
| |
| |
| | |
Conflicts:
tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
Change-Id: I4d3041fa291a918c774ffa5eb5c8792a0966451d
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The one that is a getter for the last error found. This is to disambiguate
the expression '&QAbstractSocket::error'. Introduce a new member-function
socketError as a replacement.
[ChangeLog][Deprecation Notice] QAbstractSocket::error() (the getter) is deprecated; superseded by socketError().
Task-number: QTBUG-80369
Change-Id: Ia2e3d108657aaa7929ab0810babe2ede309740ba
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also, change the notion of 'unsupported protocol' for QSslSocket,
previously it was SslV2 and SslV3, now instead it's all versions
of DTLS and UnknownProtocol:
- makes no sense at all to connect using TCP socket and then
suddenly start using DTLS_client/server_method
- UnknownProtocol is not to be set in a configuration,
unknown means that some ciphersuite's protocol version
cannot be established.
- 'disabledProtocols' auto-test becomes 'unsupportedProtocols'
and tests that QSslSocket fails to start encryption if the
protocol version is wrong.
Handling these enumerators (SslV2 and SslV2) as errors
not needed anymore. Removed from QSslContext and our
existing backends (qsslsocket_whatever).
TlsV1SslV3 enumerator is not making any sense at all (previously
was [SSL v3, TLS 1.0], then became "the same as TLS v. 1.0", but
now this name is very confusing. Removed.
Task-number: QTBUG-75638
Task-number: QTBUG-76501
Change-Id: I2781ba1c3051a7791b476266d4561d956948974a
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
|\
| |
| |
| | |
Change-Id: I963b5f48b5d6f3500ca379fbd7f1a4290b570175
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
.qmake.conf
mkspecs/features/mac/default_post.prf
src/corelib/tools/qsimd_p.h
src/platformsupport/fontdatabases/mac/qcoretextfontdatabase.mm
util/qfloat16-tables/gen_qfloat16_tables.cpp
Change-Id: If48fa8a3bc3c983706b609a6d3822cb67c1352a4
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
And add a test for it so it can no longer happen in any current or
future implementation.
Change-Id: I3214aa90595e291b1e1c66befe185cfe1ea7bc6b
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It tells us how many bytes we will need before the call succeeds. It's
not accurate but will reduce the amount of calls to their slow functions
Change-Id: I82393d5acd68b84c6e6f3377ba40bb1d5c51ca8a
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This moves some repeated code into functions (namely readToBuffer and
retainExtraData) while also changing how the intermediateBuffer is
handled to avoid deallocating and reallocating repeatedly.
Change-Id: I49e6cee641f961565051a67123c56b1c8f3c0259
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\|
| |
| |
| | |
Change-Id: Idcf8fc1d79bcd84b494d7f43308e6fe82d60e1a4
|
| |
| |
| |
| |
| |
| |
| |
| | |
It's not a failure state, we just need more data. It is handled properly
in other functions.
Change-Id: I9450a78c71a3f4fe9506a7a79de6efa2db08697c
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The reason it wasn't working before was a couple of things:
1. Due to an extra 'else' it would not process the SEC_I_RENEGOTIATE
or SEC_I_CONTEXT_EXPIRED branch.
2. The peerCertVerified boolean was not only wrong, but also
broke renegotiation even if the 'else' wasn't there.
My previous attempt to fix it ended up being a noop, so:
Reverts e21fa577dde32849fdaa744f30ad3b23d63b7214
Change-Id: Ifbad55d4bb066b7566bb88cead48e329cbd574f9
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\|
| |
| |
| |
| |
| |
| | |
Conflicts:
tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp
Change-Id: Idd3ca5cb9a2b95a4c3513b2a4c8966e6f56193f1
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I realized this is a potential scenario where we will have leftover
data, but it wasn't covered.
Change-Id: Ibaf1015bf2aee120e4a4d98888925b88ecb6ddfd
Reviewed-by: Jesus Fernandez <jsfdez@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/codecs/qicucodec.cpp
src/dbus/qdbusserver.cpp
src/gui/painting/qbezier.cpp
src/plugins/platforms/eglfs/deviceintegration/eglfs_kms/qeglfskmsgbmscreen.cpp
src/plugins/printsupport/cups/qppdprintdevice.cpp
Change-Id: I2703128bb64baf5580fbc2c2061b55b0f0611d2a
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As is said in RFC7301 in section 3.1 [1]:
Protocols are named by IANA-registered, opaque, non-empty byte strings
[...]. Empty strings MUST NOT be included and byte strings MUST NOT be
truncated.
[1]: https://tools.ietf.org/html/rfc7301#section-3.1
Change-Id: I38168ac570a433807e16121d5dec46d4ac73c4bf
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|/
|
|
|
| |
Change-Id: I78913fee6720f6ad9b196824b35de189567340be
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
| |
Change-Id: Ie9992f67ca59aff662a4be046ace08640e7c2714
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
|
|
|
|
|
|
| |
Change-Id: I0f4b372ad3a0cd5e6730ed2e23e738fb06b2aad5
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|\
| |
| |
| | |
Change-Id: I8113c6d8735a151bd152e6096f8c8b8e63a05474
|
| |
| |
| |
| |
| |
| |
| |
| | |
[ChangeLog][QtNetwork][SSL] The Schannel backend now supports ALPN and
thus HTTP/2.
Change-Id: I1819a936ec3c9e0118b9dad12681f791262d4db2
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|/
|
|
|
|
|
|
|
| |
Amends a8412dc020e82b45b54b0b6637b8b88b255c413a.
Task-number: QTBUG-12812
Task-number: QTBUG-17158
Change-Id: Idcdf9ad39a43373097e2c3f31a62ce1b3cb46c22
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
Adds support for Schannel, an SSL backend for Windows, as an
alternative to OpenSSL.
[ChangeLog][QtNetwork][Ssl] Added support for Schannel on Desktop
Windows. To build Qt with Schannel support use '-schannel' during
configure.
Task-number: QTBUG-62637
Change-Id: Ic4fb8ed3657dab994f9f4a4ac5cbddc7001a0a46
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|