| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Fixes oss-fuzz issue 29534.
Change-Id: I51d0b8238c73e5860c40d3b74577ddb8926647a3
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 11a3eab1e168256778c45090b56e998e50c08c55)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the read buffer has a max size we do our best not to exceed it.
Usually there's no problem and we just read more when the next
tcp frame arrives. However if there's data leftover after the last
tcp frame arrived then we won't receive any more data. To counter
this QSslSocket would try to invoke QSslSocketPrivate::transmit
indirectly if there were any bytes available on the plain socket.
The problem is that with Schannel the last few remaining bytes
would not be in the plain socket, but in the 'intermediateBuffer'.
So let's make QSslSocket aware of that.
Fixes: QTBUG-90625
Change-Id: If56e4cce558f99c9a08a1f6818e005a887712ef2
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Norbert Pfeiler <norbert.pfeiler+git@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 6d4da1340f18b66e60ed6969aeb7180e00d39077)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL adds an '-arm'/'-arm64' suffix to the DLL names when building
for VC-WIN32-ARM or VC-WIN64-ARM. This needs to be accounted for in Qt
to find the OpenSSL DLLs correctly.
Fixes: QTBUG-89647
Change-Id: Ibc9b81e06f8e64c0676f335e13024fa7fe3a4fa3
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit c111aad270f1d51c2e870ee25e9a6bba64b3cecc)
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
|
| |
Fixes oss-fuzz issue 29276.
Change-Id: I57b0c26e5377bd6b82d9f044ae1d1d13acec996a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit ce90248882b73b4b816a8550710279e3e55ab64c)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
An invalid (as input data) certificate may have non-zero number of invalid (nullptr)
extensions (if OpenSSL failed to parse them, for example).
Fixes: QTBUG-89547
Change-Id: I4b93ac9f482f850f02d01b0aea10560dc11b688d
Reviewed-by: Lars Schmertmann <lars.schmertmann@governikus.de>
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
(cherry picked from commit f31997448838902eb5237b567f0c80f423f2406e)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Another case when an OpenSSL's call can dump some errors into the shared
error queue discovered. An invalid certificate with non-null X509 * may
result in several errors appended to the queue.
Change-Id: I1278b371bd1edf2d656760c371bfb6da5dcab6ec
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 3bc398f76669c2532ae6e3f163f994feb7e6a0bf)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
| |
Something defined is always greater than undefined
Fixes: QTBUG-89530
Change-Id: I7633dd4233f7b13c3c5be17352841ec873531ef9
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 3eb35d324186b17d00f158d71a251f1bf93b6d2d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
| |
At the same time I'll add a generic protection against being called in
unprotected mode in the schannel backend (openssl already has it in a
different form).
Change-Id: I97c1be6239c27e306de0af7ad568fbcfde09da71
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit f8badeda72813ee4d32e7672c4a98373cb7b5d60)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Q_MOVABLE_TYPE was conceived before C++ had move semantics. Now, with
move semantics, its name is misleading. Q_RELOCATABLE_TYPE was
introduced as a synonym to Q_MOVABLE_TYPE. Usage of Q_MOVABLE_TYPE
is discouraged now. This patch replaces all usages of Q_MOVABLE_TYPE
by Q_RELOCATABLE_TYPE in QtBase. As the two are synonymous, this
patch should have no impact on users.
Change-Id: Ie653984363198c1aeb1f70f8e0fa189aae38eb5c
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Andrei Golubev <andrei.golubev@qt.io>
(cherry picked from commit 0440614af0bb08e373d8e3e40f90b6412c043d14)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QSslCertificate::verify() has an undocumented and not very desirable property -
on some platorms it updates the default configuration, which can be surprising.
For example, we deprecated QSslSocket::setDefaultCaCertificates() and recommend
using QSslConfiguration::defaultConfiguration(), QSslConfiguration::setDefaultConfiguration(),
and QSslConfiguration::setCaCertificates(). If an application does this to select
CA roots it trusts explicitly, and then for some reason is calling verify, the
application can have its QSslSockets successfully connecting to a host, whose
root was not trusted by the application. Also, on Windows, defaultCaCertificates()
include system roots already, no need to have them twice.
[ChangeLog][QtCore][QtNetwork] QSslSocket::verify - do not change the default configuration
Fixes: QTBUG-88639
Change-Id: I1cd40b259d0a6dcd15c78d1e7c027ff10859595c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 1158ff67b492853b72199ed78bfcf24132e1c7ff)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
As noted by LCOV, the part with q_BIO_free(bio) was never executed
since we were taking the result from QScopedPointer before returning.
While it's a what RAII idiom is for, there is quite a low probability
that SSL_set_bio() one day will start throwing exceptions.
Change-Id: Id24e480dac34166c627b71bb2972de558c644339
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 16f4ce89eda53645a412b73e0c5ea63e638e7268)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
| |
With TLS 1.3 the client goes through renegotiation
when using Schannel. The status returned is OK and
we can immediately continue, so do that.
Change-Id: I831eaae318df9d94b5fb7672db7e407d94f9da56
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
| |
Fixes oss-fuzz issue 22272.
Pick-to: 5.15
Change-Id: I8a49b9487f632469402c983e517e817e8e65bef7
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
QSslPreSharedKeyAuthenticator::isEqual() as accessed
by inline operators is not exported.
Amends 57e57d9bcda868abcfb552e1247b391162c0dff9.
Change-Id: Ia0f0de81a371a31422d07af5b11f0db03265504e
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
| |
Make them hidden friends, add a private isEqual helper where needed.
Adjust and add documentation.
Fixes: QTBUG-87976
Change-Id: If7c19eeab5be7452364eb76193981100f5516d6b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-86295
Change-Id: Ib8bcf0a6e2af8a589b44e56b19641f4d2fe6f800
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
|
|
|
|
|
|
|
|
|
| |
Following 77d812683f0ad595606f9833613dd49bb2fda26d QMutexLocker is now a
templated class which should in most cases be deduced automatically.
Doesn't work here because of the global static wrapper.
Change-Id: I62fda0651eac12f3234396cb7e41a26df8cc8b46
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
| |
Since we're going to split QMutex and QRecursiveMutex into
separate classes, make sure QMutexLocker is prepared for that.
Change-Id: Id5e9a955d1db7c8ee663dd3811ad6448dad0aeae
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
|
|
|
|
|
|
|
| |
Avoid detaching where possible
Change-Id: I438d3e66689aeef05951af86a48af2a6910da7c2
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
|
|
|
|
|
|
|
|
| |
When parsing subjectAltName extension to make it more like OpenSSL
counterpart.
Fixes: QTBUG-86830
Change-Id: If1a4e72ee0b19f2cf40aa53632f9ec1468178c3b
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's not possible to connect to microsoft.com with Schannel TLS 1.3 for
some reason (also tested with Internet Explorer), but other sites work
fine. Must be something they have to iron out for later.
In my experience this needs a preview release of Windows. One of my
machines is opted into the dev channel of Windows where they enabled TLS
1.3 by default, and it works well in my tests except for the part above.
On my other machine, after enabling TLS 1.3 through the registry, I fail
to complete the handshake with any site. So around March/April next year
is when this code would activate for most people.
MinGW apparently defines NTDDI_VERSION as the one for Windows Server
2003, so it currently doesn't build the new TLS 1.3 code. In Qt (as a
project) we could consider setting this higher, but that's out of scope
for this patch!
Fixes: QTBUG-81294
Change-Id: If329959c3a30ecbfbb8c0d335cc39ccb6d012890
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
| |
Change-Id: I3af7747f424ef7837c9c3d4af3e5cbd14922aeb6
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
| |
This code has been deprecated in Qt 5.
Change-Id: Ia8e0bc791ac1f43df7124b4f30db3d0bb9966015
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Rename Android package name org.qtproject.qt5.android to
org.qtproject.qt.android to avoid inconsistency with Qt 6 name.
Also, we include the major version number in the jar target.
Task-number: QTBUG-86969
Change-Id: Ibb68947289be1079911b34ea157bf089cc52c47f
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
| |
These value gaps were there for binary compatibility, but we don't need
those in Qt 6.
Change-Id: I72a40d601b61f90e14562578e88493b0d54ff398
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
| |
Change-Id: I0b4b18e6ea2b78917220e77865fd92eb7a684179
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
| |
... not of QSslSocket.
Change-Id: I9db5debe6a0aaa6a780b0047ae3f551ec3770fb4
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
| |
It was already used many places directly making the code inconsistent.
Change-Id: I3b14bc6c333640fb3ba33c71eba97e78c973e44b
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certain servers, like smtp.live.com, will send a request for a
certificate even though they don't require one. In Schannel this
manifests as a warning/info status (SEC_I_INCOMPLETE_CREDENTIALS).
In the cases where it's not needed we should suppress the warning and
try to connect anyway, which is done by calling
InitializeSecurityContext again when we get the status.
Pick-to: 5.15
Change-Id: I3c48140f2949d8557251a49a2b66946da9395736
Reviewed-by: Joshua GPBeta <studiocghibli@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix our API, so that QStringList and QList<QString> are the
same thing.
This required a bit of refactoring in QList and moving the
indexOf(), lastIndexOf() and contains() method into
QListSpecialMethods. In addition, we need to ensure that
the QStringList(const QString&) constructor is still available
for compatibility with Qt 5.
Once those two are done, all methods in QStringList can be moved
into QListSpecialMethods<QString>.
Change-Id: Ib8afbf5b6d9df4d0d47051252233506f62335fa3
Reviewed-by: Andrei Golubev <andrei.golubev@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CentOS it seems not only backported some OpenSSL 3 functions,
but also raised the default security level to 2, making some of
our keys (and MDs?) 'too weak' and failing auto-tests here and
there as a result. For our auto-test we lower the level to 1,
as it is expected to be.
Fixes: QTBUG-86336
Pick-to: 5.15
Change-Id: I7062a1b292e8b60eb9c2b2e82bd002f09f9da603
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
While it's possible to instantiate safe_delete using a nullptr, the
check in if-statement is 99.9(9) % of time redundant and equal
to if (true && object). Some compilers will issue a compilation
error (if warnings are treated as errors for example).
Change-Id: Ib593dc53deb6d2e4b77ea5c896610dc536c61b7c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
| |
Remove compile warning for -Wdeprecated-declarations.
Change-Id: I747c8a390f26cfc4626e40c4684034c394bbf3c9
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Lars Schmertmann <lars.schmertmann@governikus.de>
|
|
|
|
|
|
| |
Pick-to: 5.15
Change-Id: I3653977a4511aa5c296a3954399342d98ac71586
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
|
|
|
|
|
|
|
| |
And put a note about it in the documentation
Change-Id: I29126e4a80f83c256190e03b8fe01f3c869fd46d
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It works as follows:
- user calls write(const QByteArray &);
- this function keeps a pointer to the chunk and calls a regular
write(data, len);
- write(data, len) calls a virtual writeData();
- subclass calls a new QIODevicePrivate::write();
- QIODevicePrivate::write() makes a shallow copy of
the byte array.
Proposed solution is fully compatible with existing subclasses.
By replacing a call to d->writeBuffer.append() with d->write(),
subclasses can improve their performance.
Bump the TypeInformationVersion field in qtHookData, to notify the
Qt Creator developers that the offset of QFilePrivate::fileName was
changed and dumpers should be adapted.
Change-Id: I24713386cc74a9f37e5223c617e4b1ba97f968dc
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
- Remove obsolete functions and enumeration values
- Remove QObject * parameter from QMetaProperty accessors
- Fix renamed enumerations in QSsl
- Fix list items to be \li
- Fix function signatures and variable names
Change-Id: I37c7e6bf2c8ff92bc7b82620bae0a27796f866ab
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QAbstractSocket::abort() is not a virtual function and
QSslSocket::abort() does not override it. Having two alternatives
requires a dynamic typecasting and violates the principles of object-
oriented programming.
Due to the BC, we were unable to fix that in Qt5. Now, we can modify
QSslSocket::close() to handle QAbstractSocket::abort() requests and
remove the duplicate.
Change-Id: I49d6f32a571ae6e35b08cb366816f917e580dae8
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Remove a useless forward declaration of a non-existing class.
2. Simplify the cipher filtering.
3. A missing private key (when local cert is present) found
by the Qt, not OpenSSL, so no need in asking OpenSSL for errors
in queue.
3. Fix a potential double-free (for opaque keys).
4. read/write BIOs normally owned by SSL object, but if
we fail to allocate any of them, we return early,
potentially failing to free the one that was allocated.
Change-Id: Ifb52fbc9fd1a38f101bd7ff02e79b82d6eb7e5b0
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
| |
Now that I need this stuff both in OpenSSL and woldSSL code, makes sense
to introduce such helpers as a separate change (instead of duplicating
the code in wolfSSL patch).
Change-Id: I9ce600ebe709d103209372ea4c2bdb6fa6b6ce3a
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the QIODevice::OpenMode enum into a base class, so that
we can remove the full QIODevice (and thus QObject) dependency
from qdatastream.h and qtextstream.h.
This is required so that we can include QDataStream in qmetatype.h
without getting circular dependencies.
As a nice side effect, QDataStream and QTextStream can now inherit
QIODeviceBase and provide the OpenMode enum directly in their
class scope.
Change-Id: Ifa68b7b1d8d95687ed032f6c9206f92e63bfacdf
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@qt.io>
|
|
|
|
|
|
|
|
| |
Both normal and relaxed constexpr are required by our new minimum of
C++17.
Change-Id: Ic028b88a2e7a6cb7d5925f3133b9d54859a81744
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QIODevice::skip() called a virtual QIODevicePrivate::skip() to
implement an efficient skipping on I/O devices for the internal
subclasses. The user subclasses cannot inherit QIODevicePrivate, so
this functionality was not externally accessible.
This patch replaces QIODevicePrivate::skip() with a virtual protected
QIODevice::skipData(). While the basic implementation simply discards
the data by reading into a dummy buffer, users can reimplement this
function to improve the performance in their subclasses.
[ChangeLog][QtCore][QIODevice] Added virtual protected skipData().
Now, subclasses can implement device-specific skipping of data.
Change-Id: I9522f7f7ab9d03ac06e972a525f8ec2fa909a617
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently it is possible to compare a QSslError with a
QSslError::SslError because QSslError has an implicit
constructor. But the comparison often fails because
a QSslError received from the system contains a
certificate.
[ChangeLog][QtNetwork][QSslError] The constructor
QSslError(QSslError::SslError error) is now explicit.
Change-Id: I36cc5895245d3b43ab4b8d65a9635893d6b0e6a4
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
| |
Change-Id: I9a3b6ccc022a036fa82d429ad008adeabe46f4ce
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
| |
We have several classes inheriting QObject (directly or not) and disabling
copy (thus non-movable implicitly). Let's make them non-movable explicitly
now.
Change-Id: I509a066e9977480b30842afef26319b8afec6001
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
This amends 0ef46b41d86b9fad4fc4a18bd577d208afa1fce8 to ensure the
new configuration is styled correctly for qmake.
Task-number: QTBUG-80938
Change-Id: Iebfff3ff0570d2e92d01d4eb1178c0d6261468f9
Pick-to: 5.15
Reviewed-by: Lars Schmertmann <lars.schmertmann@governikus.de>
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
| |
Change-Id: Ic8db7dc252f8fea46eb5a4f334726d6c7f4645a6
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
The CA fetcher on Windows works on a separate thread, it can take
quite some time to finish its job and if a connection was meanwhile
closed (via 'abort', 'close' or 'disconnectFromHost') but the socket
is still alive/re-used - we don't want to be fooled by the previous
fetch 'finished' signal, only if it's fetching for the same certificate.
Change-Id: Ibd0a70000ad10cff10207d37d7b47c38e615d0f1
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
| |
Change-Id: I76bf6c7d47c7d29228837bbb139a7f6a32de0e5e
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|