| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| | |
refs/staging/dev
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
.qmake.conf
src/corelib/doc/src/objectmodel/signalsandslots.qdoc
src/plugins/platforms/cocoa/qcocoamenuloader.mm
src/plugins/platforms/xcb/qxcbconnection.cpp
src/plugins/platforms/xcb/qxcbconnection.h
src/plugins/platforms/xcb/qxcbconnection_xi2.cpp
src/plugins/platforms/xcb/qxcbwindow.cpp
tests/auto/gui/image/qimage/tst_qimage.cpp
Done-with: Gatis Paeglis <gatis.paeglis@qt.io>
Change-Id: I9bd24ee9b00d4f26c8f344ce3970aa6e93935ff5
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It appears that by default our keychain auto-locks when the
system sleeps. This makes the keychain totally useless, since
its password is a random 256 bytes our user never has a chance
to know. Thanks to Mårten for the hint about SecKeychainSetSettings,
the way to properly fix it.
Task-number: QTBUG-69677
Change-Id: I2603c26b8422a1bcace3336e9b4ebe0381c952d7
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also remove unneeded and now wrong check (was marked with TODO)
which was a copy and paste from OpenSSL counterpart. There, testing
if peerCertificateChain.isEmpty() makes sense, since there we
potentially call storePeerCertificates() twice during the handshake.
Change-Id: I946e6876adb3f9504e93c06ac90ff36dd44aca4c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That's actually how ignoreVerificationErrors (and QSslSocket::ignoreSslErrors)
are used to set the expected/known verification errors before handshake.
Auto-test updated too.
Change-Id: I9c700302d81ddb383a4a750fafd594373fb38ace
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
As now the feature 'dtls' depends on the feature 'openssl' - ifdefs
are redundant, this code is always 'openssl-only'.
Change-Id: I6a7fe9e3a00ae05656af1626e7de74e813df5d32
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Unfortunately, this enum is not 'binary', it also has 'UnencryptedMode'
and as a result we can end up with server-side method/context.
Change-Id: If2da4c1b9f7e9ff916d933c9517c00a632aea324
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
More Qt-style and more natural, also, shorter names.
Change-Id: I97bd68a8614126d518a3853027661435dc4e080d
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After a handshake was completed, TLS socket is in 'connectionEncrypted' state.
So on a read notification, in 'transmit', we call 'SSLRead' to read supposedly
encrypted application data or TLS internal messages. In case SSLRead finds either
ClientHello or HelloRequest from a server, it attempts in a rather sneaky manner
to renegotiate. And as it happens here and there with SecureTransport, SSLRead
fails and the work is only half-done, since we have kSSLSessionOptionBreakOnServerAuth
and kSSLSessionOptionBreakOnCertRequested options set to 'true'. We end up with
completely unexpected errors like errSSLClientCertRequested or errSSLPeerAuthCompleted
(yes, this is so normal and totally expected for 'SSLRead' function to verify
certificates and WRITE messages, no need to document this at all!).
If SecureTransport is sneaky, so can be us:
- in a read callback SecureTransport is probing the type of record
and we can notice a sudden session state change - it goes from
kSSLConnected (which is set upon handshake completion) to
kSSLHandshake (which means a (re)handshake is ongoing);
- if this is the case - we lie to SecureTransport about the amount
of data available (0 bytes), set 'renegotiating' to 'true', return
errSSLWouldBlock;
- in 'transmit', if SSLRead returns errSSLWouldBlock and 'renegotiating'
was set, we call 'startHandshake' until isHandshakeComplete() == true
or some error encountered.
[ChangeLog][QtNetwork][QSslSocket] Implement renegotiation for SecureTransport backend
Task-number: QTBUG-69420
Change-Id: Iaab1336aa3abf3f6ac94b358f3142d2738a18ee9
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch renames rather awkward 'remote' into more conventional
'peer' (similar to what we have in QAbstractSocket).
Change-Id: Ifc45e538b8adf9cc076bd7aee693277829fd94dc
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Initially macOS SDK 10.13 had a missing symbol (only a function declaration
in a header), while iOS, tvOS and watchOS SDKs all had the required symbol. Now
it appears more recent SDK for macOS also has the function we need and thus we enable
ALPN on macOS (as a result 'h2' protocol can now be negotiated as required by
RFC 7540).
[ChangeLog][QtNetwork][QSslSocket] Enable ALPN (and thus HTTP/2 negotiation) in SecureTransport backend (macOS).
Change-Id: I65bd8262a9571a5495d11f7f5a29d150334cd09c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
No need in ugly macro ioErr and if-ery, no need in generic noErr.
SecureTransport has its own, more specific error codes: errSecIO
and errSecSuccess (which have the equivalent values).
Change-Id: Ifd99fbcbee290fe27caa0c258923f4527c047ba8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL has 'no-dtls' configure option (or can be too ancient to properly
support it), we shall respect such builds. This patch extends configure.json
with a 'dtls' test and adds protection against linkage/compile-time
issues in the QtNetwork's code.
Change-Id: I0c0dd94f5c226115cee4285b82c83aa546555aea
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These are leftovers from the prototype version of DTLS connection
and no code is using them now.
Change-Id: I3970a56303a59ce95e9c22344fac89e89f6559c8
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The logic seems to be simple - if client code on error signal
tries to close TLS socket and this socket has buffered data,
it calls 'flush' and 'transmit' or even 'startHandshake' as
a result, which in turn will set and emit error again. To auto-
test this, we initiate a handshake with pre-shared key hint
on a server side and both client/server sockets incorrectly
configured (missing PSK signals). We also do early write
into the client socket to make sure it has some data
buffered by the moment we call 'close'.
Task-number: QTBUG-68089
Task-number: QTBUG-56476
Change-Id: I6ba6435bd572ad85d9209c4c81774a397081b34f
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The QSslCertificate class can parse and provide details about SSL
certificates without a proper backend, this can for instance be used
by QtWebEngine to provide metadata about certificates, even on Windows
builds without OpenSSL, as QtWebEngine does not use Qt's SSL stack.
Change-Id: Ib48f1ed7315c5bc66721ec87ee651d8372f07f71
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
According to RFC 6347 a DTLS server also must retransmit buffered message(s)
if timeouts happen during the handshake phase (so it's not a client only as
I initially understood it).
Conveniently so an auto-test is already in place and needs just a tiny
adjustment - handshakeWithRetransmission covers both sides.
Change-Id: If914ec3052e28ef5bf12a40e5eede45bbc53e8e0
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/plugins/platforms/cocoa/qnsview.mm
src/plugins/platforms/cocoa/qnsview_dragging.mm
src/plugins/platforms/ios/qiosinputcontext.mm
src/plugins/platforms/xcb/qxcbconnection.cpp
src/plugins/platforms/xcb/qxcbconnection_xi2.cpp
src/plugins/platforms/xcb/qxcbwindow.cpp
src/tools/androiddeployqt/main.cpp
Was moved from qttools into qtbase in 5.11.
So re-apply 32398e4d here.
tests/auto/corelib/global/qlogging/test/test.pro
tests/auto/corelib/global/qlogging/tst_qlogging.cpp
tests/auto/corelib/io/qfile/tst_qfile.cpp
tests/auto/corelib/kernel/qtimer/tst_qtimer.cpp
tests/auto/corelib/thread/qthreadstorage/test/test.pro
tests/auto/widgets/itemviews/qheaderview/tst_qheaderview.cpp
tests/auto/widgets/kernel/qapplication/test/test.pro
Done-with: Gatis Paeglis <gatis.paeglis@qt.io>
Done-with: Mårten Nordheim <marten.nordheim@qt.io>
Done-with: Oliver Wolff <oliver.wolff@qt.io>
Change-Id: Id970486c5315a1718c540f00deb2633533e8fc7b
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix warnings about invalid function type casts (return types
conflicting with the FARPROC returned by GetProcAddress()) like:
corelib\global\qoperatingsystemversion_win.cpp:100:48: error: cast between incompatible function types from 'FARPROC' {aka 'long long int (*)()'} to 'RtlGetVersionFunction' {aka 'long int (*)(_OSVERSIONINFOW*)'} [-Werror=cast-function-type]
by introducing nested casts.
Task-number: QTBUG-68742
Task-number: QTQAINFRA-2095
Change-Id: I8ba6a74e6347dada486ca40c98aa8999957c4281
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
|
| | |
| |
| |
| |
| |
| | |
Task-number: QTBUG-68933
Change-Id: I3f2a9f8c562f9a44bb32bddd31d75abbfe6de04d
Reviewed-by: Topi Reiniö <topi.reinio@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Use %-placeholder formatting instead of string concatenation
for messages of the form "XX failed: %1"
- Introduce helper functions for duplicate messages
- Introduce helper function for message reporting function failures
to avoid duplication
- Extract helper function for reporting SSL handshake errors
Complemements ac583b686d0677517e7f8a10ce4e79c7fe227ccf.
Change-Id: Iaf6c158ca8086d0b17a3e3c51955707734829615
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For now the new feature depends on openssl as that is the only supported
implementation. Once we get an implementation for SecureTransport, we
can change the condition.
The feature needs to be public because qdtls.h is a public header.
Change-Id: Ie3e4acbeb2888f2fb13453b3ecdc19bacc83f6e6
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds DTLS support to QtNetwork module (and its OpenSSL
back-end).
DTLS over UDP is defined by RFC 6347.
The new API consists of
1) QDtlsClientVerifier which checks if a client that sent us ClientHello
is a real DTLS client by generating a cookie, sending a HelloVerifyRequest
with this cookie attached, and then verifiying a cookie received back.
To be deployed in combination with a server-side QUdpSocket.
2) QDtls - initiates and proceeds with a TLS handshake (client or server
side), with certificates and/or pre-shared key (PSK), and encrypts/decrypts
datagrams after the handshake has finished.
This patch does not implement yet another UDP socket, instead
it allows use of existing QUdpSocket(s), by adding DTLS support
on top. OpenSSL back-end uses a custom BIO to make it work with
QUdpSocket and give a finer control over IO operations.
On the server side, demultiplexing is left to client code (could
be done either by connecting QUdpSocket or by extracting address/port
for an incoming datagram and then forwarding/dispatching them to
the corresponding QDtls object).
Task-number: QTPM-779
Change-Id: Ifcdf8586c70c3018b0c5549efc722e795f2c1c52
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
.qmake.conf
src/corelib/kernel/qeventdispatcher_cf.mm
src/gui/kernel/qguiapplication_p.h
src/gui/kernel/qwindowsysteminterface.cpp
src/gui/kernel/qwindowsysteminterface.h
src/plugins/platforms/cocoa/qcocoawindow.mm
src/plugins/platforms/cocoa/qnswindowdelegate.mm
src/plugins/platforms/ios/qioseventdispatcher.mm
src/plugins/platforms/windows/qwindowsdrag.h
src/plugins/platforms/windows/qwindowsinternalmimedata.h
src/plugins/platforms/windows/qwindowsmime.cpp
src/plugins/platforms/winrt/qwinrtscreen.cpp
Change-Id: Ic817f265c2386e83839d2bb9ef7419cb29705246
|
| | |
| |
| |
| |
| |
| |
| | |
No reason to duplicate the info there in a paranthesis.
Change-Id: Ie01be382d36bbc8e7f2eff4cc7ae0df207869c25
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
No need to start with 'connectToHost' from 'connectToHostEncrytped'
- we will fail to start client encryption later anyway. This can happen
if we, for example, fail to resolve some symbols or libraries are missing.
Task-number: QTBUG-65142
Change-Id: I0614d5cdf875aaf5b992d8ab6024bcaf3f84b915
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |\|
| |
| |
| | |
Change-Id: I8d8b03ea46c537b091b72dc7b68aa6aa3a627ba6
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
A custom build of openssl can disable DES or RC2. This
allows to build Qt against those builds.
Change-Id: I9b91c943fab4d217a791381e81a7d87a9ff5031a
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/features/qt_module_headers.prf
tests/auto/widgets/itemviews/qheaderview/tst_qheaderview.cpp
tests/auto/widgets/kernel/qwidget/BLACKLIST
Change-Id: I2a08952d28d1d0e3d73f521a3d44700ce79ff16c
|
| | |\
| | |
| | |
| | | |
Change-Id: Id6e2acd5e31c1ac858ddf1d8873a6f10694141de
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Introduced by mistake in f55c73ede28d4455f555a28e401407326ac9b954
Change-Id: Ieac8fc0a6bb536e5ef3770a22785fe41d4033ee9
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Didn't compile with it when I was moving it out.
Change-Id: I3645af71ea3295a61f20000a6bc4716b6e996ce5
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\| |
| | |
| | |
| | | |
Change-Id: Ib58433da04bffb5dfab5486b80f17f39cc4145fa
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We were using the wrong free function in a path which was hit in an
edge case (PKCS#12 certificate without a private key attached).
Change-Id: I5335b5dea7a926b242bed0fd9b989b681a5828d8
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added a few functions to derive keys from passwords. Currently it
supports PBKDF1 and PBKDF2 as defined in
RFC 8018 ( https://tools.ietf.org/html/rfc8018 ).
[ChangeLog][QtNetwork][QPasswordDigestor] Added QPasswordDigestor
Task-number: QTBUG-30550
Change-Id: I2166b518bd8b54e3486514166e76fd9ba2f219c8
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch adds the ability to decode keys which are encoded with PKCS#8
using the generic back-end (used in winrt and secure transport).
It works on both WinRT and macOS; however QSslKey seems unused in the
WinRT backend and it seems only RSA keys can be used for certificates
on macOS. Meaning that DSA and Ec, which in theory* should represent
their unencrypted versions, can't currently be tested properly.
* Can also be confirmed by loading the key using the ST or WinRT
backend, calling toPem(), writing the output to a file and then loading
the unencrypted key using openssl.
[ChangeLog][QtNetwork][QSslKey] Added support for PKCS#8-encoded keys
in the generic SSL back-end (used for SecureTransport on macOS and for
WinRT). Note that it does not support keys encrypted with a PKCS#12
algorithm.
Task-number: QTBUG-59068
Change-Id: Ib27338edc7dbcb5c5e4b02addfdb4b62ac93a4c3
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |\| |
| | |
| | |
| | | |
Change-Id: Id32f0ae002772444c0b61cd132ef81f96fe3b895
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Once connection is established the socket emits 'connected', and then
you can start writing. But it will end up in the write-buffer and won't
get sent until 'transmit' is called. Some code (e.g. QWebSocket) relies
on QSslSocket transmitting once it's encrypted. This is done in the
OpenSSL backend but was not done in the WinRT backend.
Task-number: QTBUG-56558
Change-Id: I8cf5d3257f3597a4bb80f35369490a3816506a34
Reviewed-by: Oliver Wolff <oliver.wolff@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\|
| |
| |
| | |
Change-Id: I86f04fc3b2e4291f161a4985adddd6fd6c789d33
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When releasing a STACK_OF(GENERAL_NAME). Actually, GENERAL_NAME_free is
a special function, not the same as OPENSSL_sk_free.
Task-number: QTBUG-57679
Change-Id: I3ed300bb95e8be35bd9cd06b6dbc6e59c7c6a4ee
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
... to make DTLS protocols work more like TLS protocol versions.
Also, handle (as 'unsupported' for now) those new constants in
a switch statement, when creating SSL_CTX (fixing build errors).
Change-Id: Ia444184ca191d8665e37046b0b9120e43ec5893a
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |\|
| |
| |
| | |
Change-Id: I9f802cb9b4d9ccba77ca39428a5cb1afd2d01642
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Properly handle single protocol TLS configurations. Previously,
due to the use of generic (non version-specific) client/server method
they worked as ranges of protocols instead. This also fixes a couple
of previously broken tests.
Task-number: QTBUG-67584
Change-Id: Ied23113a4fab6b407a34c953e3bd33eab153bb67
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When we load DER-encoded keys in the openssl-backend we always turn it
into PEM-encoded keys (essentially we prepend and append a header and
footer and use 'toBase64' on the DER data).
The problem comes from the header and footer which is simply chosen
based on which key algorithm was chosen by the user. Which would be
wrong when the key is a PKCS#8 key. This caused OpenSSL to fail when
trying to read it. Surprisingly it still loads correctly for unencrypted
keys with the wrong header, but not for encrypted keys.
This patch adds a small function which checks if a key is an encrypted
PKCS#8 key and then uses this function to figure out if a PKCS#8 header
and footer should be used (note that I only do this for encrypted PKCS#8
keys since, as previously mentioned, unencrypted keys are read correctly
by openssl).
The passphrase is now also passed to the QSslKeyPrivate::decodeDer
function so DER-encoded files can actually be decrypted.
[ChangeLog][QtNetwork][QSslKey] The openssl backend can now load
encrypted PKCS#8 DER-encoded keys.
Task-number: QTBUG-17718
Change-Id: I52eedf19bde297c9aa7fb050e835b3fc0db724e2
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |\|
| |
| |
| | |
Change-Id: I0120f804522c0c652e9537b6e9fe08189f071ed2
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It would previously only enable TLS v1.0, but it should also enable
SSL v3. According to Microsoft's documentation[0] that is exactly what
"SocketProtectionLevel_Ssl" does.
[0]: https://docs.microsoft.com/en-us/uwp/api/windows.networking.sockets.socketprotectionlevel
Change-Id: Id48f1ad310d994b8379116c9fa2102db858d7f69
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Namespace QSsl: introduce DtlsV1_0/DtlsV1_2/DtlsV1_2OrLater enumerators
into SslProtocol. Implement QSslConfiguration::defaultDtlsConfiguration.
Make some functions shared - now not only QSslSocket needs them,
but also DTLS-related code. This patch-set also enables
protocol-specific set of ciphers (so for DTLS we are using
the correct method - 'DTLS_method').
Change-Id: I828fc898674aa3c0a471e8e5b94575bb50538601
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/plugins/platforms/cocoa/qnsview.mm
src/plugins/platforms/cocoa/qnsview_mouse.mm
src/testlib/testlib.pro
Change-Id: Ia0ce4243418fe6a485b0f290c67bd433b3b04ff2
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We were releasing only the memory of latest iteration since cfCerts
was being rewritten in every iteration, invalidating the RAII.
Hence, we need to define the variable within the loop to ensure the
object is released for every iteration.
Task-number: QTBUG-66937
Change-Id: Iaa9365168728337c6cdaac4aef686652903cf5a9
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Internally we use "Tls11" and "Tls12" from Microsoft's API for TlsV1_1
and TlsV1_2 respectively. However, in their documentation these values
are defined to also include the lower TLS versions when you use them.
We should document this.
For "SslV3" TLS V1.0 support will also be enabled.
https://docs.microsoft.com/en-us/uwp/api/windows.networking.sockets.socketprotectionlevel
Change-Id: I0b20fb745eba40afc37e8430008872fc8174a72d
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Oliver Wolff <oliver.wolff@qt.io>
|
