summaryrefslogtreecommitdiffstats
path: root/src/network/ssl
Commit message (Collapse)AuthorAgeFilesLines
* use private linkage where possibleOswald Buddenhagen2013-10-311-1/+1
| | | | | | Change-Id: Ie8eaa71bee87654c21218a23efd7e9d65b71f022 Reviewed-by: Joerg Bornemann <joerg.bornemann@digia.com> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* use the right scopeOswald Buddenhagen2013-10-311-1/+1
| | | | | | | | | "windows" only worked more or less by accident (it's the opposite of "console" and just happens to be the default on windows). Change-Id: Ib60c8ae5aea04f28207c05cc0005183dd6eb6244 Reviewed-by: Joerg Bornemann <joerg.bornemann@digia.com> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Doc: Adding mark-up to boolean default values.Jerome Pasion2013-10-087-33/+33
| | | | | | | | | | | | | | | | | Default values should have mark-up to denote that they are code. This commit changes: -"property is true" to "property is \c true". -"Returns true" to "Returns \c true". -"property is false" to "property is \c false". -"returns true" to "returns \c true". -"returns false" to "returns \c false". src/3rdparty and non-documentation instances were ignored. Task-number: QTBUG-33360 Change-Id: Ie87eaa57af947caa1230602b61c5c46292a4cf4e Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com> Reviewed-by: Jerome Pasion <jerome.pasion@digia.com>
* Fix ssh root certificates path for Blackberry playbook OS.sfabry2013-10-031-0/+1
| | | | | | | | | This was removed by commit 4c8d8a72ec65f409394075ef50401265e495c1dd But without it Playbook OS 2.1.0.1753 could not access ssh properly. Change-Id: I18e136eaede2a5dffeb10b5fe31023b9aef709cb Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
* Remove redundant code.Jędrzej Nowacki2013-09-291-2/+0
| | | | | | | | QPair is documented to initialize members Change-Id: I1dccfd265521ca3ca1a648b161c0a163c72e2f2e Reviewed-by: Peter Hartmann <phartmann@blackberry.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Reduce QtNetwork lib size by 16111 bytes.Jędrzej Nowacki2013-09-271-1/+6
| | | | | | | Warning message was repeated multiple times inside the library. Change-Id: Idcd417dda22de189893db597acfc36c2aa99d078 Reviewed-by: Richard J. Moore <rich@kde.org>
* Fix open ssl forwarding macros.Jędrzej Nowacki2013-09-272-16/+24
| | | | | | | | | | | This patch fixes them in many ways: - use Q_UNLIKELY to mark an error case - reduce QtNetwork library size by 40315 bytes - fix DEFINEFUNC9 which had wrong logic, happily it was not used anywhere Change-Id: Ic46a569f85aa22a00ecd88158e60c52f4665ec4c Reviewed-by: Richard J. Moore <rich@kde.org>
* Resolve error caused by server-initiated TLS renegotiationScott Deboy2013-09-171-5/+16
| | | | | | | | | | Updating the SSL_write code to correctly handle SSL_ERROR_WANT_WRITE and SSL_ERROR_WANT_READ, which are not actual errors. Change-Id: Icd7369b438ef402bf438c3fcc64514a1f9f45452 Reviewed-by: Peter Hartmann <phartmann@blackberry.com> Reviewed-by: Lars Knoll <lars.knoll@digia.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-08-144-29/+222
|\ | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure mkspecs/macx-xcode/Info.plist.app mkspecs/macx-xcode/Info.plist.lib qmake/doc/qmake.qdocconf src/corelib/global/qglobal.h tests/auto/other/exceptionsafety/exceptionsafety.pro tests/auto/widgets/widgets/qcombobox/tst_qcombobox.cpp Change-Id: I3c769a4a82dc2e99a12c69123fbf17613fd2ac2a
| * Android: Get SSL root certificates from TrustManagerPaul Olav Tvete2013-07-294-29/+220
| | | | | | | | | | | | | | | | On Android, when not using Ministro, we cannot read certificates from the file system, so we have to get them through Java APIs instead. Change-Id: I415329fcb45836735c1112dbe832214b3c73dc9a Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@digia.com>
| * QNX: hardcode on-demand SSL root cert loadingPeter Hartmann2013-07-261-0/+2
| | | | | | | | | | | | | | | | | | | | | | The c_rehash'ed symlinks are always there on QNX, so no need to check at every app start for the feature. This saves ~ 17ms at each app start. Task-number: QTBUG-32549 Change-Id: Ia9df60aba9d1bd70868b7004b847867a2128f600 Reviewed-by: Andreas Holzammer <andreas.holzammer@kdab.com> Reviewed-by: Rafael Roquetto <rafael.roquetto@kdab.com>
* | OSX: Make QSslSocket compile on 10.9Liang Qi2013-08-062-15/+15
| | | | | | | | | | | | | | | | | | | | CSSM_DATA_PTR was deprecated in 10.7. Replace SecCertificateGetData with SecCertificateCopyData. Task-number: QTBUG-32715 Change-Id: I762687370689b5b5c032567240667631b1ffde98 Reviewed-by: Jake Petroules <jake.petroules@petroules.com> Reviewed-by: Gabriel de Dietrich <gabriel.dedietrich@digia.com>
* | QNX: adapt SSL lib file name lookup heuristicsPeter Hartmann2013-07-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I.e. do not try to load file names that are not there anyhow. The code would search for libcrypto.so.1.0.0 and libssl.so.1.0.0, while on QNX the libs are called libcrypto.so and libssl.so, and there are no symlinks with version numbers. This saves ~ 45 ms in real apps (tested with Facebook, Twitter and Foursquare), and ~ 24 ms at app startup in an isolated app without GUI (difference maybe because threads are fighting for CPU or so). Task-number: QTBUG-32548 Change-Id: I25869538bbfa3c2848541415e8361e0bd7a8fd50 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* | Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-07-231-3/+3
|\| | | | | | | | | | | | | Conflicts: tests/auto/dbus/qdbusabstractinterface/tst_qdbusabstractinterface.cpp Change-Id: I18a9d83fc14f4a9afdb1e40523ec51e3fa1d7754
| * Fix compilation of run-time-resolved SSL on AndroidEskil Abrahamsen Blomfeldt2013-07-191-3/+3
| | | | | | | | | | | | | | | | | | | | We need the same code for both the no-sdk and the sdk case for the OpenSSL code, since this is not covered by a system library, but by an external dependency in both cases. Task-number: QTBUG-32130 Change-Id: I976835556fcb0e6c32cfb3da4dd585e45490061b Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* | Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-06-043-3/+11
|\| | | | | | | | | | | | | | | Conflicts: src/corelib/global/qglobal.h src/plugins/platforms/cocoa/qnsview.mm Change-Id: I6fe345df5c417cb7a55a3f91285d9b47a22c04fa
| * Fixes: QtNetwork compilation for OpenSSL < 1.0.0aavit2013-05-233-3/+11
| | | | | | | | | | | | | | | | | | | | Incorporate some more of the API changes between OpenSSL versions 0.9.8 and 1.0.0. Task-number: QTBUG-31140 Change-Id: Ie719b34e3ec8751f0fbc07d315e82816c110762c Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* | Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-05-233-10/+6
|\| | | | | | | | | | | | | | | | | | | | | Conflicts: src/corelib/io/qdatastream.cpp src/corelib/io/qdatastream.h src/corelib/json/qjsonwriter.cpp src/plugins/platforms/cocoa/qcocoawindow.mm src/plugins/platforms/xcb/qxcbkeyboard.cpp Change-Id: I46fef1455f5a9f2ce1ec394a3c65881093c51b62
| * Improve support for <MODULE>_PATH optionsMatt Fischer2013-05-101-5/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Several modules, including DBus, MySQL, and OpenSSL have configure options of the form <MODULE>_PATH, which is used on Windows (where pkg-config is not present) to specify the locations of third-party libraries. These switches had been implemented by adding extra variables which were referenced in .pro files, to add the appropriate compiler and linker switches. This is undesirable because it means there are two independent paths for adding the switches to the build, which can get out of sync with each other, and indeed this had happened for some of the DBus tools. To remedy the situation, all three of the switches were reworked so that they added values directly to the principal variables that are used in the project files. This reduces maintenance, by ensuring that the pkg-config and non-pkg-config paths appear the same to the rest of the build system. Change-Id: Iae342f1d14b79fbcfef9fe38aadc803ad3141799 Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
| * Utilize the new Q_OS_MACX define.Jake Petroules2013-05-092-5/+5
| | | | | | | | | | | | | | | | | | | | All occurrences of `#if defined(Q_OS_MAC) && !defined(Q_OS_IOS)` have been replaced with `#if defined(Q_OS_MACX)`. Change-Id: I5055d9bd1845136beb8ed1c79a8f0f2c0897751a Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com> Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@digia.com> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* | QSslConfiguration: add API to persist and resume SSL sessionsPeter Hartmann2013-05-1011-9/+141
| | | | | | | | | | | | | | | | | | | | | | | | | | Session tickets can be cached on the client side for hours (e.g. graph.facebook.com: ~ 24 hours, api.twitter.com: 4 hours), because the server does not need to maintain state. We need public API for it so an application can cache the session (e.g. to disk) and resume a session already with the 1st handshake, saving one network round trip. Task-number: QTBUG-20668 Change-Id: I10255932dcd528ee1231538cb72b52b97f9f4a3c Reviewed-by: Richard J. Moore <rich@kde.org>
* | Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-04-293-4/+13
|\| | | | | | | Change-Id: I2a54058b64ac69c78b4120fdaf09b96e025a4c6c
| * SSL internals: do not write after shutting down the socketPeter Hartmann2013-04-233-4/+13
| | | | | | | | | | | | | | | | | | ... but rather throw an error, so the HTTP layer can recover from a SSL shutdown gracefully. In case the other side sent us a shutdown, we should not send one as well, as it results in an error. Change-Id: Ie7a56cf3008b6ead912aade18dbec67846e2a87e Reviewed-by: Richard J. Moore <rich@kde.org>
* | Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-04-221-2/+6
|\| | | | | | | Change-Id: I059725e3b7d7ffd5a16a0931e6c17200917172b5
| * SSL internals: fix memory corruption using QSslConfigurationPrivatePeter Hartmann2013-04-181-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | We are passing a QSslConfigurationPrivate that is allocated on the stack (in QSslSocketBackendPrivate::initSslContext()) to QSslConfiguration::QSslConfiguration(QSslConfigurationPrivate *dd). When the SSL context is destroyed, this object is not there any more. So now we create a deep copy of the configuration like we do in QSslSocket::sslConfiguration(). Task-number: QTBUG-30648 Change-Id: Iaefaa9c00fd6bfb707eba5ac59e9508bf951f8a5 Reviewed-by: Richard J. Moore <rich@kde.org>
* | SSL namespace: Add enum to disable SSL session sharingPeter Hartmann2013-04-223-2/+5
|/ | | | | | | | | | There is already an enum to disable SSL session tickets, which has been used to disable session sharing for now. However, SSL session sharing is not the same as SSL session tickets: Session sharing is built into the SSL protocol, while session tickets is a TLS extension (RFC 5077). Change-Id: If76b99c94b346cfb00e47366e66098f6334fd9bc Reviewed-by: Richard J. Moore <rich@kde.org>
* SSL code: store SSL parameters for debugging, guarded by definePeter Hartmann2013-03-221-0/+35
| | | | | | | | | | | ... so SSL traffic can be decrypted with e.g. tcpdump / Wireshark. For this to work, the define needs to be uncommented and QtNetwork recompiled. This will create a file in /tmp/qt-ssl-keys which can be fed into Wireshark. A recent version of Wireshark is needed for this to work. Change-Id: I4e41fd2e6122260cd96d443b1360edc71b08b5fd Reviewed-by: Richard J. Moore <rich@kde.org>
* Whitespace cleanup: remove trailing whitespaceAxel Waggershauser2013-03-165-13/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | Remove all trailing whitespace from the following list of files: *.cpp *.h *.conf *.qdoc *.pro *.pri *.mm *.rc *.pl *.qps *.xpm *.txt *README excluding 3rdparty, test-data and auto generated code. Note A): the only non 3rdparty c++-files that still have trailing whitespace after this change are: * src/corelib/codecs/cp949codetbl_p.h * src/corelib/codecs/qjpunicode.cpp * src/corelib/codecs/qbig5codec.cpp * src/corelib/xml/qxmlstream_p.h * src/tools/qdoc/qmlparser/qqmljsgrammar.cpp * src/tools/uic/ui4.cpp * tests/auto/other/qtokenautomaton/tokenizers/* * tests/benchmarks/corelib/tools/qstring/data.cpp * util/lexgen/tokenizer.cpp Note B): in about 30 files some overlapping 'leading tab' and 'TAB character in non-leading whitespace' issues have been fixed to make the sanity bot happy. Plus some general ws-fixes here and there as asked for during review. Change-Id: Ia713113c34d82442d6ce4d93d8b1cf545075d11d Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
* Fixed build of SSL when using android-no-sdk.Samuel Rødal2013-03-071-3/+5
| | | | | | | | Introduced Q_OS_ANDROID_NO_SDK which makes more sense than Q_OS_LINUX_ANDROID when Q_OS_ANDROID also defines Q_OS_LINUX. Change-Id: Id2aa228b66daffba82776a12c91a264a360afd86 Reviewed-by: Gunnar Sletta <gunnar.sletta@digia.com>
* Introducing the Qt Android portPaul Olav Tvete2013-03-051-1/+16
| | | | | | | | | | | | | | | | | | | | | Based on the Necessitas project by Bogdan Vatra. Contributors to the Qt5 project: BogDan Vatra <bogdan@kde.org> Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@digia.com> hjk <hjk121@nokiamail.com> Oswald Buddenhagen <oswald.buddenhagen@digia.com> Paul Olav Tvete <paul.tvete@digia.com> Robin Burchell <robin+qt@viroteck.net> Samuel Rødal <samuel.rodal@digia.com> Yoann Lopes <yoann.lopes@digia.com> The full history of the Qt5 port can be found in refs/old-heads/android, SHA-1 249ca9ca2c7d876b91b31df9434dde47f9065d0d Change-Id: Iff1a7b2dbb707c986f2639e65e39ed8f22430120 Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com> Reviewed-by: Lars Knoll <lars.knoll@digia.com>
* Add support for intermediate certificates to server sockets.Richard Moore2013-02-195-0/+68
| | | | | | | | | | Add intermediate certificates to our server sockets, and to our client certs. Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba Task-Number: QTBUG-19825 Task-Number: QTBUG-13281 Reviewed-by: Peter Hartmann <phartmann@rim.com>
* Store the local certificate in a QList.Richard Moore2013-02-194-11/+31
| | | | | | | | | Instead of storing a single QSslCertificate for a the local cert, store a list of them. This will allow us to handle server sockets that use a certificate that is not issued directly from the CA root in future. Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96 Reviewed-by: Peter Hartmann <phartmann@rim.com>
* Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-02-181-3/+7
|\ | | | | | | | | | | | | Conflicts: src/widgets/styles/qmacstyle_mac.mm Change-Id: If8326db9e7da3cbf45dbf7475fdff9915c7723b1
| * SSL docs: Be more explicit about the threats of ignoring SSL errorsPeter Hartmann2013-02-161-3/+7
| | | | | | | | | | | | | | ... because almost everybody gets it wrong almost every time. Change-Id: I54938ef094323ba8de02186b585b11b9579f3ca4 Reviewed-by: Richard J. Moore <rich@kde.org>
* | Remove ifdefs for supporting Mac OS <= 10.5Tor Arne Vestbø2013-02-182-20/+4
| | | | | | | | | | | | | | | | Qt5 requires Mac OS 10.6, so we can remove checks such as if MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6 Change-Id: Iea21727a277291148704ecf9677ed0b68c24920f Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* | Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-02-147-12/+75
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: src/concurrent/doc/qtconcurrent.qdocconf src/corelib/doc/qtcore.qdocconf src/corelib/global/qglobal.h src/dbus/doc/qtdbus.qdocconf src/dbus/qdbusmessage.h src/gui/doc/qtgui.qdocconf src/gui/image/qimagereader.cpp src/network/doc/qtnetwork.qdocconf src/opengl/doc/qtopengl.qdocconf src/opengl/qgl.h src/plugins/platforms/windows/qwindowswindow.cpp src/printsupport/doc/qtprintsupport.qdocconf src/sql/doc/qtsql.qdocconf src/testlib/doc/qttestlib.qdocconf src/tools/qdoc/doc/config/qt-cpp-ignore.qdocconf src/widgets/doc/qtwidgets.qdocconf src/xml/doc/qtxml.qdocconf Change-Id: Ie9a1fa2cc44bec22a0b942e817a1095ca3414629
| * Remove Nokia from ssl linking exception.Frederik Gladhorn2013-02-116-8/+65
| | | | | | | | | | | | Change-Id: I559d4dd8789a249af855f6fe9bfe013ba1d77132 Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Lars Knoll <lars.knoll@digia.com>
| * Fix loading of SSL certificate of DER files.BogDan Vatra2013-02-081-4/+10
| | | | | | | | | | | | | | | | | | DER certificates should not be opened as text files, so we only pass the QIODevice::Text flag when the format is QSsl::Pem. Change-Id: I4bad98023c397b967d5beeec0aaa6c414e06fd9c Reviewed-by: Richard J. Moore <rich@kde.org>
* | Try harder to locate external OpenSSL libraries on win32Erik van Pienbroek2013-02-091-7/+25
| | | | | | | | | | | | | | | | | | | | | | | | When OpenSSL is built using MSVC then the library names are named ssleay32.dll and libeay32. However, when OpenSSL is built with GCC then different library names are used like libssl-10.dll and libcrypto-10.dll (depending on the version of OpenSSL used) Change-Id: Icb79a5f82d2a511752bfc904f53a58423ce4b86b Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Peter Hartmann <phartmann@rim.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* | SSL: Use correct signature for SSL_get1_sessionMarcel Krems2013-02-092-2/+2
| | | | | | | | | | | | | | | | | | | | | | This fixes a compilation error with GCC 4.7 which was introduced in b5652df775efbd1c52eecee5f08e40e600e5d70b In function ‘SSL_SESSION* q_SSL_get1_session(const SSL*)’: invalid conversion from ‘const SSL* {aka const ssl_st*}’ to ‘SSL* {aka ssl_st*}’ [-fpermissive] Change-Id: I909f7fb4295b2019283a7af66a038d4711e5f7cb Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Peter Hartmann <phartmann@rim.com>
* | SSL: Implement session sharing and use it from QNetworkAccessManagerPeter Hartmann2013-02-0612-213/+488
| | | | | | | | | | | | | | | | This improves performance since a network round trip can be avoided. Change-Id: I1aaff7e48ef9638cb137de0f43942c3a4dd2884a Initial-patch-by: Markus Goetz <markus@woboq.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* | Merge "Merge remote-tracking branch 'origin/stable' into dev" into ↵Frederik Gladhorn2013-01-291-1/+1
|\| | | | | | | refs/staging/dev
| * Doc: Fix module name formatSze Howe Koh2013-01-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow the conventions at http://qt-project.org/wiki/Spelling_Module_Names_in_Qt_Documentation QtCore -> Qt Core QtDBus -> Qt D-Bus QtDesigner -> Qt Designer QtGui -> Qt GUI QtImageFormats -> Qt Image Formats QtNetwork -> Qt Network QtPrintSupport -> Qt Print Support QtScript -> Qt Script QtSql -> Qt SQL QtSvg -> Qt SVG QtTest -> Qt Test QtWebKit -> Qt WebKit QtWidgets -> Qt Widgets QtXml -> Qt XML QtConcurrent -> Qt Concurrent (partial) QtQuick -> Qt Quick (partial) Also, distinguish between "module" and "library" Change-Id: Icb8aa695ae60b0e45920b0c8fce4dc763a12b0cd Reviewed-by: Jerome Pasion <jerome.pasion@digia.com>
* | Remove QT_{BEGIN,END}_HEADER macro usageSergio Ahumada2013-01-298-32/+0
|/ | | | | | | | | | | The macro was made empty in ba3dc5f3b56d1fab6fe37fe7ae08096d7dc68bcb and is no longer necessary or used. Discussed-on: http://lists.qt-project.org/pipermail/development/2013-January/009284.html Change-Id: Id2bb2e2cabde059305d4af5f12593344ba30f001 Reviewed-by: Laszlo Papp <lpapp@kde.org> Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com> Reviewed-by: hjk <hjk121@nokiamail.com>
* QSslConfiguration: toggle on demand loading of root certs properlyPeter Hartmann2013-01-234-1/+21
| | | | | | | | | | | | | | | make sure we keep track of when we can load root certs and when we cannot (we cannot when the developer set the certs explicitly). This is implemented the same way for QSslSocket already, and needs to be duplicated because we have 2 methods for setting CA certificates: one in QSslSocket and one in QSslConfiguration. In addition, adapt the auto test which checks whether setting a default QSslConfiguration works: There is no way to set on demand loading through the API, so it should be enabled by default. Task-number: QTBUG-29103 Change-Id: I5146128aaa385dfcc0ad1e0ef81a92d9350ec5f2 Reviewed-by: Richard J. Moore <rich@kde.org>
* Update copyright year in Digia's license headersSergio Ahumada2013-01-1823-23/+23
| | | | | Change-Id: Ic804938fc352291d011800d21e549c10acac66fb Reviewed-by: Lars Knoll <lars.knoll@digia.com>
* BlackBerry: change SSL root cert folderPeter Hartmann2013-01-141-1/+1
| | | | | | | | | Currently /etc/openssl/certs is symlinked to /var/certmgr/web/user_trusted, but this will be changed in the future. /etc/openssl/certs is the folder to be used to read the root certs. Change-Id: Ic037e5075ec7ee50c132fe08dc69abbe585e32e4 Reviewed-by: Sean Harmer <sean.harmer@kdab.com>
* Fix compile when verify is already definedAndy Shaw2013-01-141-0/+4
| | | | | | | | | | On Mac if AssertMacros.h has already been included then it defines verify which conflicts with the verify static function. Therefore we just undef this if is already defined. Task-number: QTBUG-27316 Change-Id: I5960e504c4efa4fc4ff65ba66bbd7decb33ffc62 Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@digia.com>
* SSL certificates: blacklist mis-issued Turktrust certificatesPeter Hartmann2013-01-041-0/+3
| | | | | | | | | | | | Those certificates have erroneously set the CA attribute to true, meaning everybody in possesion of their keys can issue certificates on their own. Task-number: QTBUG-28937 Change-Id: Iff351e590ad3e6ab802e6fa1d65a9a9a9f7683de Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* Move the Q_DECLARE_METATYPE for QList<QSslError> to qsslerror.hStephen Kelly2013-01-032-4/+4
| | | | | | | | | | | | | Otherwise it is possible to assert if qRegisterMetaType<QList<QSslError> >("QList<QSslError>") is called in a TU which does not include the Q_DECLARE_METATYPE invocation. Change-Id: Ice1ffbb0f8d0a745d2bffc8b4e13ca31621e8ca4 Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com> Reviewed-by: Richard J. Moore <rich@kde.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 19:29:58 +0000