| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
The only reason for copying QSslEllipticCurves into a temporary array
would be to be extra-pedantic about type safety, but in the end,
we can simply force a cast and remove the copy.
Change-Id: Ice8a036fe4b79ba438ce83b5eacf6158eb3f0ce7
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
| |
OpenSSL 1.0.2 introduces SSL_CTX_set_ecdh_auto, which allows us
to stop using one specific temporary curve, and instead makes
the server negotiate the best curve.
Task-number: QTBUG-42925
Change-Id: I3a68f29030bdf04f368bfdf79c888401ce82bdd8
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
[ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic
curves should be used by an elliptic curve cipher.
Change-Id: If5d0d58922768b6f1375836489180e576f5a015a
Done-with: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/io/qiodevice.cpp
src/plugins/bearer/linux_common/qofonoservice_linux.cpp
src/plugins/bearer/linux_common/qofonoservice_linux_p.h
src/plugins/platforms/android/qandroidplatformtheme.cpp
src/tools/bootstrap/bootstrap.pro
src/widgets/styles/qmacstyle_mac.mm
Change-Id: Ia02aab6c4598ce74e9c30bb4666d5e2ef000f99b
|
| | |\
| | |
| | |
| | | |
Change-Id: I95f235a66ce2e9b1fa435c0f911c6f7e811755f0
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Variable dsa is assigned in this block with q_DSA_new instead of rsa.
So this should be the destination of memcpy.
Change-Id: Id5a41d99f1606bf525ad5f819bbc06bb1235bf5b
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows apps to ship their own openssl libraries inside the
application bundle.
The change consists of two parts: First, adding
<bundle>/Contents/Frameworks
to the alternative search paths. Second, disabling the preemtive
check for libssl.dylib, libcrypto.dylib in the system paths:
The system's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib
will still be picked up as a fallback in the alternative search
paths, but only after .app/Contents/Frameworks have been inspected.
[ChangeLog][QtNetwork][QSsl] On OS X and iOS, openssl dylib's are
picked up from the 'Frameworks' directory of the app bundle.
Change-Id: I982930f4a6cf5e0114c04ecbc87f27e54ba8bb88
Reviewed-by: Jake Petroules <jake.petroules@petroules.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
QIODevice makes readData() call only when its read buffer is empty.
Also data argument points to the user or reserved read buffer area.
So, no need in data transfer from read buffer at this point at all.
Task-number: QTBUG-41797
Change-Id: Ieb4afdf7eec37fdf288073e4a060e64424f22b9c
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 1853579dad1bbb44599314213a1d8a203ecae1c9)
Reviewed-by: Alex Trotsenko <alex1973tr@gmail.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes errors like
qsslsocket_openssl_symbols.cpp:111:6: error:
unused function 'qsslSocketUnresolvedSymbolWarning'
[-Werror,-Wunused-function]
void qsslSocketUnresolvedSymbolWarning(const char *functionName)
^
1 error generated.
Change-Id: I164518de583f080724ab9a7165c885602a1c6231
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
src/gui/text/qfontdatabase.cpp
Change-Id: I6ac1f55faa22b8e7b591386fb67f0333d0ea443d
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After the poodle vulnerability SSLv3 should like SSLv2 no longer be
considered safe, so when a user request a safe protocol we should
only allow TLS versions.
[ChangeLog][QtNetwork][QSsl] QSsl::SecureProtocols now also excludes SSLv3
Change-Id: If825f6beb599294b028d706903b39db6b20be519
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| | |
Change-Id: If7e51514ed6832750e3ad967e4d322ccf920d2bb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslError), so
make it public.
Also included both .error() and .certificate() in the hash, as
both of these are used to determine equality (the WinRT version
only used .error()).
[ChangeLog][QtNetwork][QSslError] Can now be used in QSet/QHash.
Change-Id: Ieb7995bed491ff011d4be9dad544248b56fd4f73
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslCertificate), so
make it public.
Also, the implementation in qsslsocket_winrt.cpp simply hashed
the handle(), which violates the principle that equal instances
must hash to the same value. Also, for some platforms, the
implementation returns nullptr unconditionally, which, while not
violating the above-mentioned principle, will make all users of
the hash have worst-case complexity.
To calculate a meaningful hash, therefore, the certificate needs
to be inspected deeper than just the handle.
For OpenSSL, we use X509::sha1_hash, which also X509_cmp uses
internally to determine inequality (it checks more stuff, but
if X059::sha1_hash is different, X509_cmp() returns non-zero,
which is sufficient for the purposes of qHash()). sha1_hash may
not be up-to-date, though, so we call X509_cmp to make it valid.
Ugh.
For WinRT/Qt, we use the DER encoding, as that is the native
storage format used in QSslCertificate. This is not equivalent
to the implementation used in qsslsocket_winrt.cpp before, but
since handle() == handle() => toDer() == toDer(), it should not
be a problem.
[ChangeLog][QtNetwork][QSslCertificate] Can now be used as a key in QSet/QHash.
Change-Id: I10858fe648c70fc9535af6913dd3b7f3b2cf0eba
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When creating SSL context failed due to unsupported protocol being
demanded, no explanation was given. It's because
QSslContext::fromConfiguration() extracted explanation for error message
from OpenSSL, which at that point hasn't even been called yet. This
patch adds explicit message informing that an unsupported protocol was
chosen.
Task-number: QTBUG-41775
Change-Id: I9d2710da4ba314a16837a90afcdc5d9256179bef
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When QSslCertificatePrivate::certificatesFromDer() was passed count ==
-1 to extract unlimied number of certificates from buffer, it also tried
to parse the 0-sized fragment after the last certificate. This has
caused d2i_X509() to report an error on latest OpenSSL.
Task-number: QTBUG-41774
Change-Id: Ifa36b7ac5b4236bd2fb53b9d7fe53c5db3cb078c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |\|
| |
| |
| | |
Change-Id: I05fcd8dc66d9ad0dc76bb7f5bae05c9876bfba14
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For const char*s, operator== is overloaded, so comparing to a (C) string
literal is efficient, since qstrcmp doesn't require the length of the
strings to compare.
OTOH, QByteArrayLiteral, when not using RVO, litters the code with
QByteArray dtor calls, which are not inline. Worse, absent lambdas,
it even allocates memory.
So, just compare with a (C) string literal instead.
Change-Id: Id3bfdc89558ba51911f6317a7a73c287f96e6f24
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/tools/qbytearray.cpp
src/gui/image/qimage.cpp
src/gui/image/qppmhandler.cpp
src/gui/kernel/qguiapplication.cpp
src/gui/painting/qpaintengine_raster.cpp
Change-Id: I7c1a8e7ebdfd7f7ae767fdb932823498a7660765
|
| | |
| |
| |
| |
| | |
Change-Id: I8f812002302d3b74af252fa66e9e13154bbf80e1
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
- Renamed LICENSE.LGPL to LICENSE.LGPLv21
- Added LICENSE.LGPLv3
- Removed LICENSE.GPL
Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2
Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The isAlwaysAskOption was removed in 38621713150b663355ebeb799a5a50d8e39a3c38
so manually removed code in
src/plugins/bearer/connman/qconnmanengine.cpp
Conflicts:
src/corelib/global/qglobal.h
src/corelib/tools/qcollator_macx.cpp
src/corelib/tools/qstring.cpp
src/gui/kernel/qwindow.cpp
src/gui/kernel/qwindow_p.h
src/gui/text/qtextengine.cpp
src/platformsupport/fontdatabases/fontconfig/qfontenginemultifontconfig_p.h
src/plugins/platforms/android/qandroidinputcontext.cpp
src/plugins/platforms/xcb/qglxintegration.cpp
src/plugins/platforms/xcb/qglxintegration.h
src/plugins/platforms/xcb/qxcbconnection_xi2.cpp
src/testlib/qtestcase.cpp
src/testlib/qtestlog.cpp
src/widgets/dialogs/qfiledialog.cpp
src/widgets/kernel/qwindowcontainer.cpp
tests/auto/corelib/tools/qcollator/tst_qcollator.cpp
tests/auto/gui/text/qtextscriptengine/tst_qtextscriptengine.cpp
tests/auto/widgets/kernel/qwidget_window/tst_qwidget_window.cpp
tests/auto/widgets/widgets/qlineedit/tst_qlineedit.cpp
Change-Id: Ic5d4187f682257a17509f6cd28d2836c6cfe2fc8
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I7a4dd22ea3bcebf4c3ec3ad731628fd8f3c247e0
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
QIODevice makes readData() call only when its read buffer is empty.
Also data argument points to the user or reserved read buffer area.
So, no need in data transfer from read buffer at this point at all.
Change-Id: Ieb4afdf7eec37fdf288073e4a060e64424f22b9c
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |\| |
| | |
| | |
| | | |
Change-Id: Id4997327cc01bd4bb397a463bdffbd15e80398ef
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This makes non-OpenSSL backends able to handle to certificate
extensions.
This also converts the Q_OS_WINRT #ifdef's in the unit test to
QT_NO_OPENSSL as the behavior is the same for any non-OpenSSL
backend.
Change-Id: I6a8306dc5c97a659ec96063d5a59cee2ee9a63a9
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds support for reading and writing ASN.1 boolean
values. It also adds an operator to test two ASN.1 elements
for equality.
Change-Id: I4a22cbf9808533d593fc59d27b63caaf650b1f57
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds the infrastructure for reading and writing encrypted private keys
when using non-OpenSSL backends. Each platform must provide its cryptographic
encrypt / decrypt functions.
As WinRT already uses the common parser, this commit includes an
implementation for that platform.
Done-with: Andrew Knight <andrew.knight@digia.com>
Task-number: QTBUG-40688
Change-Id: I0d153425ce63601ff03b784a111e13962061025f
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change adds the ability to decode ASN.1 INTEGER fields,
provided they represent a positive number of less than 64-bit.
This is needed for PKCS#12 decoding.
Change-Id: Iafb76f22383278d6773b9e879a8f3ef43c8d2c8f
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I2c2f5072302d2989362a382bd24cc10617336acf
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I was actually wondering if the test always succeeds (i.e. should
be turned into a Q_ASSERT), but I don't know the codebase enough to
justify such a change.
Change-Id: Id01b8de7244428e9b1c240dc365c66eeef0d6111
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
QSslKey currently has methods which supposedly allow decoding and
encoding private keys as DER protected by a passphrase. This is
broken by design as explained in QTBUG-41038, as storing the encrypted
DER data alone makes no sense: such a file lacks the necessary
information about the encryption algorithm and initialization vector.
This change:
- explicitly stops using the passphrase when decoding DER in the
constructor. The behavior is unchanged, it is not possible to
read the encrypted DER alone.
- refuses to honor the passphrase to DER encode a private key. The toDer
method now outputs an empty QByteArray instead of garbage.
Task-number: QTBUG-41038
Change-Id: I4281050cf1104f12d154db201a173633bfe22bd9
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Move from a stub to a functional SSL socket implementation.
This implementation has some limitations. Due to the way the native
SSL upgrade works, it is not possible to ignore SSL errors after the
handshake has begun. The user must set the ignore flags before
connecting to the host.
Due to missing implementation in the underlying native socket, the
synchronous methods (waitForConnected(), waitForDisconnected()) are not
functional either. Users must rely on the asynchronous methods instead.
This is not a problem in the general case, as HTTP(S) is not affected.
SSL server sockets are not supported by the native API, so it is not
possible to bind an SSL server socket.
Change-Id: Id0b323f273892580b294aa5a6ff601a8241470df
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The native handle and import functions are now available for use in other
parts of the winrt backend.
Change-Id: I07e6f95b3411c3dc7c1a7a164544b18e5e435d01
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This internal implementation of QSslKey can be used when OpenSSL is not
available. Encrypted keys are not supported, as the cryptography must
be supplied by a separate library.
With this commit, WinRT is migrated to the new implementation,
but qsslkey_winrt.cpp is left in place so that the missing crypto
implementation can be added later. This also means most of the expected
failures for that platform can be removed from the autotest.
Change-Id: I24a3ad1053bb72311613b28b3ae845aa1645a321
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Similarly to 1b19f660 (which added socket flushing before close), the
socket should have a chance to disconnect if the write buffer is not
empty. Instead of flushing, the pendingClose is added so that the
backend may disconnect the socket once these bytes have been written.
Change-Id: I2d85b6356c3e158bade3d5d86161d3e33649cad6
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This moves the socket backend's host name matching functions up to
QSslSocketPrivate so that they can be shared between backends. This
works, as there is no OpenSSL-specific code here.
Change-Id: I73c2081fdc2e60a44c90e90800d1e1877391a626
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Having QAsn1Element in place, we can have a common foundation
for the ssl certificate class for upcoming ports like WinRT
and SecureTransport. The only thing that has to be added to
the existing class is the handle() functionality.
Change-Id: I560a8e412b26f350855c7bc456fcdb8e9b750939
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This element can be used for backends that do not offer all the
information that is needed when implementing a ssl certificate backend.
WinRT and the SecureTransport lack functionality in this area for
example.
The sources and tests are added for ssl and openssl configurations in order
to be tested. The condition for adding these can be changed as soon
as they are used by an actual implementation
Change-Id: I2b836133105afdc178bf3b1ee7d732bea069effa
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows for opening of public key files. It does not, however,
support opening private keys (or decrypting/encrypting them). This is
due to limitations in the native API.
Nearly all public key tests pass (the native API doesn't support the
40-bit key in the test set). The private key tests are expected to fail.
Task-number: QTBUG-40688
Change-Id: Id8f2f1ae6526540736ceb2e5371f6a5d80c4ba7b
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The change creates a stub implementation for WinRT, adding the needed
files and classes to build SSL support on that platform.
Task-number: QTBUG-37497
Change-Id: Idc3e8aa91c5eb8a938705f2385d1074fe6c1d83e
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These methods assumed incoming data would have LF line endings, and
therefore broke when parsing files with CRLF line endings. This
simply removes the line feed from the header/footer strings, and switches
to QByteArrayLiteral while doing so.
Change-Id: I0c14634243c4bd7d19a6b5ef718b6ed1cc6bcdb2
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This allows QSslKey to avoid converting to pem format if the backend
supports native der decoding.
Change-Id: I0822a21401ad0ca81c6eeb6c7d53c421e1e2e93a
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In order to prepare the addition of WinRT and iOS (SecureTransport)
implementations of SSL the structure of some SSL files has to be
redone. Parts of certificate that probably can be reused by other
ports stayed in qsslcertificate.cpp while other parts were moved
to qsslcertificate_openssl.cpp. qsslcontext, qsslkey and qsslsocket
were suffixed by _openssl to show that these are pure openssl
implementations.
Change-Id: I7b022dec49759f882274999c0991bf95788f2a3a
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
src/network/ssl/qsslsocket_openssl_symbols.cpp
Change-Id: Ic62419fa1fee5f4de6c372459d72e6e16f9a810b
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Some Linux distributions disable EC by default which causes compile
errors on those platforms.
Task-number: QTBUG-40394
Change-Id: If5816d473bd1d64b1d4977860db662704a83310f
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
src/gui/text/qfontengine_qpf2.cpp
Change-Id: Ib04f92c41d0edd55d3aef8fb1708d917fba0f2a8
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replaces the raw jni calls with our own jni wrappers. This allows us
to make use of the centralized cache, avoid global data storage and
use a more optimized way to attach to the jni environment.
This change also removes the JNI_OnLoad() function since it's not
used. If we need to add a JNI_OnLoad() function later, we should find a
more suited place for it.
Change-Id: Id84ead10c27d03d19c160304b1f9853b381a103c
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@digia.com>
|
| |\|
| |
| |
| | |
Change-Id: Ia12ffdb27ecdf25c2a2bdb0eed1945387502108a
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Those intermediate certificates were used to issue "unauthorized"
certificates according to
http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html
, and are by default trusted on Windows, so to be safe we blacklist
them here.
Change-Id: I9891c5bee2dd82c22eb0f45e9b04abd25efeb596
Reviewed-by: Richard J. Moore <rich@kde.org>
|
