| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Change-Id: I227a9541bf76c1c048a694f022b8fc419c0c2544
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since switching to the plugin bases system for the tls backends,
Qt again retains some QObjects after QCoreApplication shutdown.
This was previously fixed in QTBUG-84234, so make sure we destroy the
newly introduced QObjects as well.
Task-number: QTBUG-84234
Pick-to: 6.3
Change-Id: I1aaea2c90f7d55793c19259be4f9173b4befb246
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At some point we decided to support a custom set of ciphersuites specified
by QSslConfiguration (which if you ask me was never a good idea). The law
of unforseen consequiences bit us again: since we now give a set of ciphesuites
to QSslConfiguration and set ciphesuites from the configuration a socket has,
we are limited by the ciphersuites we know about at the moment of 'coding'.
Meaning if an SDK was updated and CipherSuite.h later adds more ciphersuites,
we miss them and 'don't support them', while we ... actually do.
This patch tries to add some more ciphersuites introduced in TLS 1.3 (interesting,
SecureTransport does not support TLS 1.3, but TLS 1.3 suites can be used in TLS
1.2 session).
Pick-to: 6.2 6.3 5.15
Task-number: QTBUG-99368
Change-Id: I439b63845c4893e5621cffaf3bcaf62e2b643c74
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
| |
Pick-to: 5.15 6.2
Change-Id: I386c6e4a21dacb2553a39a073052dcf6d92a9854
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the effort of repairing broken links as per QTBUG-96127,
a series of RFC links referring to `tools.ietf.org/html/*` were modified
to point to the new address that the site redirected to.
To simplify executing a similar task and to diminish the duplication of
manually inserted urls, the already existing `rfc.qdoc` file, containing
`\externalpage` commands directing to RFC locations, was enhanced with
links to all RFCs that were mentioned in the current documentation, so
as to aggregate this common category of links.
All links pointing to a `ietf` domain inside QDoc documentation blocks
were then changed to use the newly provided external-references.
Task-number: QTBUG-96127
Pick-to: 6.2
Change-Id: I2a52eb6aa8c9e346f64ef1a627b039220d9f6c2a
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
| |
Pick-to: 6.2
Change-Id: I9523511b9adf40d1280fbf320c24a79aa2860ef2
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Luca Di Sera <luca.disera@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
... instead of QSharedPointer.
QSharedPointer performs twice as many atomic operations per pointer
copy as std::shared_ptr, and this is private API, we're not bound by
BC constraints, so we can port to the more efficient version.
Change-Id: I2e2a02493565a7ca51c86ec0ed66b6ce7c763e41
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
| |
Change-Id: Icb6a689e4c4c8272df2f72fd99aaa8d258e4e7b2
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
|
|
|
|
| |
Change-Id: I5744fc3673e8d318b8dd859a281ed0e766649578
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per the best practice laid forth in RFC-8996.
TLS 1.2 was recommended from 2008 until TLS 1.3 was released in 2018.
[ChangeLog][QtNetwork][QSslSocket] TLS 1.0, 1.1 and DTLS 1.0 are now
deprecated, as recommended by RFC-8996.
Fixes: QTBUG-92880
Change-Id: I90cebcfb07cfce623af7ac9f2b66ce9d02586b54
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also, a minor clean-up: isMatchingHostname() overload
was never used, deleted (and it could not be used safely,
since it requires the name to be normalized first).
The file (qtlsbackend.cpp) was re-shuffled, to have
backend on top of the classes which this backend
is factory for.
Pick-to: 6.2
Pick-to: 6.1
Fixes: QTBUG-91929
Change-Id: I435c69b167f57f7c3f76e34449c52f665dc6f7c2
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was reasonable while backends were a part of QtNetwork.
Now if moving them outside (or just trying to implement
a new backend as a plugin), accessing data-members of
QSslConfigurationPrivate means that any plugin knows
about memory layout actual only for the version of Qt
it was built with/for. Instead, we have to use the
public class. Since it does not have all needed setters
and some data-members have no access at all, we
provide an API in QTlsBackend (which stays a part
of QtNetwork) that knows the actual memory layout.
Task-number: QTBUG-65922
Change-Id: I5ca1de4f982b4b11d9a87c4b40413367dcb83c16
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 31cc0df7607a4d5887812c304aac0001c2cd7705)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All backend-specific code is now separated and removed
from QSslSocket(Private) code. The original code is mostly
preserved to avoid (as much as possible) regressions (and
to simplify code-review).
Fixes: QTBUG-91173
Task-number: QTBUG-65922
Change-Id: I3ac4ba35d952162c8d6dc62d747cbd62dca0ef78
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 9391ba55149336c395b866b24dc9b844334d50da)
|
|
|
|
|
|
|
|
|
|
| |
Renamed the private part of the namespace to QTlsPrivate.
Fixes: QTBUG-91531
Change-Id: Id2d9c458d8d958b35e437eee42889177dad0a7a7
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit e4efa00c72c7011f4e5c27722c2a522b30274610)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Essentially, the same code re-shuffled and placed behind
the new interfaces.
Fixes: QTBUG-91174
Task-number: QTBUG-65922
Change-Id: I8f14697f10713f9738c5c7805aed0150c084850c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 6c835796c8ea2590008900ffb5f4bf0d902ee73d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The corresponding API is becoming a part of QTlsBackend interface,
since it's too minimalistic and does not require additional
interfaces, unlike certificates or keys.
Fixes: QTBUG-91177
Fixes: QTBUG-91175
Task-number: QTBUG-65922
Change-Id: I44dd0adbdf2427962451998664efe234d59fae24
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit cdf4976b5a01bc5b65aed746acc9cc7f87b0fd97)
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also since we have to properly support 'no-ssl' configure option
(alas, we support QSslCertificate on such builds) - introduce
a minimal crippled QTlsBackendCertOnly, which depends on
X509CertificateGeneric.
Fixes: QTBUG-90954
Task-number: QTBUG-65922
Change-Id: Ib9d62903f16b7c0eaaa23e319a822c24a7631dc6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 41fc143635c25f937a557f09890601f6c7d38736)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch also adds 'isValid()' to know if a backend from a plugin
is in working condition (say, there is 'openssl' plugin but no or
old openssl libraries in some system).
Task-number: QTBUG-65922
Change-Id: I0b846536a069ca8c5a94e7191f11c81bac6ad527
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 573ba145d76f239dbc7464a78aabc06ed4d00419)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To enable QSslCertificate to use TLS plugins. All backend-specific
code is to be moved from QSslCertificate(Private) making them
backend-neutral.
Task-number: QTBUG-90954
Task-number: QTBUG-65922
Change-Id: Ic9d5abf91e42ce81fe56239f95ae97b64035e950
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 405337ee7276be4b76e86745c0694c51283b6b07)
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
| |
which will become parts of TLS plugins in the future.
Task-number: QTBUG-65922
Change-Id: I4ee3c59c435fc34a9f4dacd3ff0e3cfb44251e23
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QTlsBackend is a factory itself - it creates TLS/X509 objects. Having
an intermediary between Factory->Backend->TLS primitive does not look
very natural thus let's squash the first two parts. Backend is a factory
creating TLS primitives, but its static functions also provide information
about backends availablei and give access to those backends.
Fixes: QTBUG-90606
Task-number: QTBUG-65922
Change-Id: I8409d81fd11fb46e6ab4465b4937a7680a8c2447
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
This is an abstraction for TLS backend and its factory, preparing to transition
to plugin-based design.
Task-number: QTBUG-65922
Change-Id: Ibe810e77fd1b715a6bea66cd3f44312b015ac274
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|