summaryrefslogtreecommitdiffstats
path: root/src/network/ssl
Commit message (Collapse)AuthorAgeFilesLines
* BlackBerry: change SSL root cert folderPeter Hartmann2013-01-141-1/+1
| | | | | | | | | Currently /etc/openssl/certs is symlinked to /var/certmgr/web/user_trusted, but this will be changed in the future. /etc/openssl/certs is the folder to be used to read the root certs. Change-Id: Ic037e5075ec7ee50c132fe08dc69abbe585e32e4 Reviewed-by: Sean Harmer <sean.harmer@kdab.com>
* Fix compile when verify is already definedAndy Shaw2013-01-141-0/+4
| | | | | | | | | | On Mac if AssertMacros.h has already been included then it defines verify which conflicts with the verify static function. Therefore we just undef this if is already defined. Task-number: QTBUG-27316 Change-Id: I5960e504c4efa4fc4ff65ba66bbd7decb33ffc62 Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@digia.com>
* SSL certificates: blacklist mis-issued Turktrust certificatesPeter Hartmann2013-01-041-0/+3
| | | | | | | | | | | | Those certificates have erroneously set the CA attribute to true, meaning everybody in possesion of their keys can issue certificates on their own. Task-number: QTBUG-28937 Change-Id: Iff351e590ad3e6ab802e6fa1d65a9a9a9f7683de Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* Move the Q_DECLARE_METATYPE for QList<QSslError> to qsslerror.hStephen Kelly2013-01-032-4/+4
| | | | | | | | | | | | | Otherwise it is possible to assert if qRegisterMetaType<QList<QSslError> >("QList<QSslError>") is called in a TU which does not include the Q_DECLARE_METATYPE invocation. Change-Id: Ice1ffbb0f8d0a745d2bffc8b4e13ca31621e8ca4 Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Fix typo in docs.Richard Moore2012-12-211-1/+1
| | | | | Change-Id: I37ccb10d40d2a848b7c251286d29aeb85411e912 Reviewed-by: hjk <qthjk@ovi.com>
* Fix binary incompatibility between openssl versionsShane Kearns2012-12-103-3/+15
| | | | | | | | | | | | | | OpenSSL changed the layout of X509_STORE_CTX between 0.9 and 1.0 So we have to consider this struct as private implementation, and use the access functions instead. This bug would cause certificate verification problems if a different version of openssl is loaded at runtime to the headers Qt was compiled against. Task-number: QTBUG-28343 Change-Id: I47fc24336f7d9c80f08f9c8ba6debc51a5591258 Reviewed-by: Richard J. Moore <rich@kde.org>
* Add more qtbase implictly-shared classes to the listGiuseppe D'Angelo2012-11-306-0/+6
| | | | | | | QText*Format and QDns* ones are still missing. Change-Id: I8e87fba596e87289ca935717e0a90bfc0b0a26c0 Reviewed-by: hjk <qthjk@ovi.com>
* Fix typo in SSL error message.Friedemann Kleint2012-11-271-2/+2
| | | | | Change-Id: If72d80979e1d2ea909227785cd691be39d75c8ab Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* Remove qSort usages from SSL codeGiuseppe D'Angelo2012-11-081-2/+4
| | | | | Change-Id: Ie080cd3d0a6ac37fad625759946a71134c989c83 Reviewed-by: Richard J. Moore <rich@kde.org>
* QSslSocket: Allow disconnections within the connected() signalJocelyn Turcotte2012-10-251-3/+5
| | | | | | | | | | | | | When doing happy eyeballs style network state lookup, we might have to close an SSL socket from its connected signal. This can cause the warning: QSslSocket::startClientEncryption: cannot start handshake when not connected The signal should be emitted after we called startClientEncryption to avoid this warning. In that case it will initialize the encryption and ramp it down right after. Change-Id: I0c8c79cad7f91f0088b87c5e4ee8aafbc688411c Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* documentation fixesMarcel Krems2012-09-271-1/+1
| | | | | Change-Id: If165933df41e518f5ba6065792676260fd2492b6 Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
* wrap QLibrary related code with QT_NO_LIBRARYJing Bai2012-09-241-0/+2
| | | | | | | | To fix a compile error when QT_NO_LIBRARY is defined. Change-Id: Ie72b60b8204641fa05f4cdbf66e908cb3526217e Reviewed-by: Jing Bai <jing.bai@digia.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Change copyrights from Nokia to DigiaIikka Eklund2012-09-2226-623/+623
| | | | | | | | Change copyrights and license headers from Nokia to Digia Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e Reviewed-by: Lars Knoll <lars.knoll@digia.com> Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
* Fix build under MinGW after 1e3269c0863bfac26be9e9239b6427ea77c6175bKonstantin Ritt2012-09-221-0/+2
| | | | | | Change-Id: I3c8c28ba1016af6351afa5118893133d373cb4e6 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Fix typo in docs.Frederik Gladhorn2012-09-191-1/+1
| | | | | Change-Id: Icfafa00062b442903579dd7993c75fffb60187f9 Reviewed-by: Peter Hartmann <phartmann@rim.com>
* Disable SSL compression by default.Richard Moore2012-09-182-3/+5
| | | | | | | | | Disable SSL compression by default since this appears to be the a likely cause of the currently hyped CRIME attack. Change-Id: I515fcc46f5199acf938e9e880a4345f2d405b2a3 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Peter Hartmann <phartmann@rim.com>
* network: Fix missing or improper include guard in headersSergio Ahumada2012-09-154-5/+9
| | | | | | | | | | Use an include guard in headers to ensure the header is not included more than once. Make the header guard match its file name. Also, cpp files should include their own headers first (but below config.h) Change-Id: Iecf5da23c0f8e6d457f67657b88ef7557bde9669 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Add support for explicit TLS 1.1 and 1.2Brendan Long2012-08-295-0/+48
| | | | | | | | | | | | Add SslProtocol enums TlsV1_1 and TlsV1_2 and use the appropriate OpenSSL methods when they're selected (TLSv1_1_client_method, TLSv1_2_client_method, TLSv1_1_server_method and TLSv1_2_server_method). This allows us to explicitly use TLS 1.1 or 1.2. Task-number: QTBUG-26866 Change-Id: I159da548546fa746c20e9e96bc0e5b785e4e761b Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* SSL: remove unneeded volatile qualificationsMarc Mutz2012-08-291-2/+2
| | | | | | | | | | These two variables are only ever accessed under mutex protection, and don't otherwise look like they could be changed by the hardware, so remove the volatile qualifier. Change-Id: I714451bb3e80778b971a901d53fe13e1b01dd84f Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* QtNetwork: declare some classes as sharedMarc Mutz2012-08-236-0/+10
| | | | | Change-Id: Ib3eaba59836529ad0cf8e4353b54dd0cd31fd1ad Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* doc: Fixed qdoc errors in SSLMartin Smith2012-08-182-12/+14
| | | | | | | | | Fixed some bad camel case, marked some parameters with \a, and changed a \enum to a \typedef. Removed some obasolete text. Change-Id: I1e69dd9f3b74129230770addc80fe1c125faf268 Reviewed-by: Richard J. Moore <rich@kde.org>
* Add possibility to add OpenSSL, DBUS, MySQL path under WindowsAndreas Holzammer2012-08-071-0/+5
| | | | | | | | | | | Under Windows it's quite possible that OpenSSL, DBUS or MySQL is not installed into a central place. If -I and -L is passed at configure time, it is added to all targets, and if that path contained a conflicting header things would go wrong. Change-Id: Ic3338c49aa6eaa91b3abf5341e709ef604bf7aab Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
* add configure options for debug/release OpenSSLPeter Kümmel2012-07-311-1/+12
| | | | | | | | | msvc cannot use the same library for debug and release builds if openssl libraries are linked statically into the network library. Change-Id: Ic27ede2d9531b94aff4c50c1699947ce72caf286 Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
* QtNetwork: unbreak QT_NO_SSL buildMarc Mutz2012-07-262-10/+8
| | | | | | | | | | | The Q_DECLARE_METATYPE()s were outside of #ifndef QT_NO_SSL for classes that are defined inside. Expand the #ifndef block. Change-Id: I45b73a24032fb2a79fd80d91282b782daa8a8f68 Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com> Reviewed-by: Rafael Roquetto <rafael.roquetto@kdab.com>
* QtNetwork: use nullary version of qRegisterMetaType<T>("T")Marc Mutz2012-07-253-4/+4
| | | | | | | | | | | | | | | | | Using the nullary version has the advantage that multiple calls during a program run are much more efficient, since an inlined atomic is used to store the result. It also ensures that Q_DECLARE_METATYPE(T) has been used, whereas qRegisterMetaType<T>("T") will happily register anything. So I've added the macro where it was missing, or moved it to a central place when it existed hidden. In tst_qnetworkreply, this became a bit tricky, because a private header is conditionally included, so moved the Q_DECLARE_METATYPE() into a conditional section, too. Change-Id: I71484523e4277f4697b7d4b2ddc3505375162727 Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
* QtNetwork: add member-swap to shared classesMarc Mutz2012-07-0612-0/+65
| | | | | | | | Implemented as in other shared classes (e.g. QPen). Change-Id: Ib3d87ff99603e617cc8810489f9f5e9fe054cd2a Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* QSslCertificate::fromPath fix wildcard handlingMartin Petersson2012-07-031-23/+30
| | | | | | | | | | | | | | The reqExp used to handle wildcards in the path was broken. So we always searched the working directory and not the specified path. Autotest where passing because of a hack used for Windows paths where we removed the first two chars in the path string. This fix will not use nativeSeparators thus removing the Windows hack and fix the regExp to match wildcard chars. Task-number: QTBUG-23573 Change-Id: I56fadbb67f25b8ce9c0f17cb6232e0bdb9148b1c Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* QtNetwork: remove double buffering on socketsMartin Petersson2012-06-262-20/+14
| | | | | | | | | Removes the readBuffer from the QAbstractSocket since data is already buffered in the QIODevice. Change-Id: I4e50b791fd2852455e526fa2c07089d4d3f0b2a4 Reviewed-by: Prasanth Ullattil <prasanth.ullattil@nokia.com> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Mark the testSslOption method as introduced in Qt 4.8Laszlo Papp2012-06-071-0/+2
| | | | | | Change-Id: Ibe7cb1ca9cdcedd3f09dd4f865907e3f0fa6aef3 Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* Add Blackberry path for SSL certificatesNicolas Arnaud-Cormos2012-06-061-0/+1
| | | | | | Change-Id: Ic01e4bddaa6f1fd94f16952e0818f4369c2ec8ab Reviewed-by: Sean Harmer <sean.harmer@kdab.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Fix deprecated API warningShane Kearns2012-05-231-1/+1
| | | | | | | | | | Check for blacklisting in case the application has blacklisted a cert before windows has (currently unlikely as the blacklist is hardcoded in Qt) Don't need to check for time validity because that's already checked by the windows API. Change-Id: I34da5c4a8a0f8851b9b7668fc421a93c360c8588 Reviewed-by: Richard J. Moore <rich@kde.org>
* Change QSslCertificate::toText() to return a QString.Richard Moore2012-05-213-8/+8
| | | | | | | | | | A couple of people reviewing the toText() method (which is new in 5.0) have said that since the string returned is human readable it should be a QString not a QByteArray. This change follows their advice. Change-Id: Ibade9a24870805f7fbe2d299abeb9c6e964f0cf4 Reviewed-by: Girish Ramakrishnan <girish.1.ramakrishnan@nokia.com> Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
* Doc: Fix \sa usageMarius Storm-Olsen2012-05-111-1/+1
| | | | | | | | | Ensure comma between elements (757 missing), single space and curly- braces around title elements, etc. Change-Id: Id16c3fda7fc47a12a0682f8720214f4990609a97 Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Doc: Modularize QtNetwork documentation.Casper van Donderen2012-05-093-9/+9
| | | | | | | This change moves the snippets and imagesto the modularized directories. Change-Id: If14912692a7f72d7de345eaf88d9ec9752310fca Reviewed-by: Marius Storm-Olsen <marius.storm-olsen@nokia.com>
* Various minor fixes for qdoc warnings.Richard Moore2012-05-062-9/+11
| | | | | Change-Id: I54c5ab6e1bfb1816bb510be9e2bfa1e3362faa36 Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Fix more qdoc warnings in qtnetwork.Richard Moore2012-05-063-1/+9
| | | | | Change-Id: Ibfac6236e9f68b41e34e67ef03cfd590582439be Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Change remaining uses of {to,from}Ascii to {to,from}Latin1 [QtNetwork]Thiago Macieira2012-05-041-1/+1
| | | | | | | | | | | | This operation should be a no-op anyway, since at this point in time, the fromAscii and toAscii functions simply call their fromLatin1 and toLatin1 counterparts. Task-number: QTBUG-21872 Change-Id: I94cc301ea75cc689bcb6e2d417120cf14e36808d Reviewed-by: Lars Knoll <lars.knoll@nokia.com> Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Rename QAbstractSocket::PauseOnNotify -> PauseOnSslErrorsShane Kearns2012-05-042-2/+2
| | | | | | | | | | | | | | | Although we created an enum for pause modes to make 5.x binary compatible with 5.0, the enum value is not well named. In 5.1, we propose to add PauseOnProxyAuthentication to the enum. PauseOnNotify is not clear what it means, while PauseOnSslErrors is. Any new notification in a minor release would need a new enum value otherwise applications would get pauses they did not expect. Task-number: QTBUG-19032 Change-Id: I4dbb7467663b37ca7f0551d24a31bc013968bedc Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
* Fix windows cert fetcher if site presents full chainShane Kearns2012-05-041-1/+3
| | | | | | | | | | | | | | | | | If a website presents the complete certificate chain in the handshake i.e. site -> intermediate CA -> root CA then openssl gives a different error (SelfSignedCertificateInChain) Because of this windows feature, that either means the site is signed by an untrusted CA, or the CA trust status is unknown because we don't have the root cert in the cert store. In any case, calling the windows verification function results in a trusted chain & the root being added to the cert store. Task-number: QTBUG-24827 Change-Id: I2663ea2f86cd0b4dfde105d858ec1b39a340c1f6 Reviewed-by: Richard J. Moore <rich@kde.org>
* Document new APIs in 5.0Shane Kearns2012-05-033-0/+11
| | | | | | | | The \since 5.0 directive was missing from many places. Task-number: QTBUG-24001 Change-Id: I191ba8891ae66d78f923164bcab2fccb16eabef9 Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Document deprecated APIs in QSslShane Kearns2012-05-031-0/+10
| | | | | | | Task-number: QTBUG-24001 Change-Id: I8d0980bd5418e9324d0a0fe55c00b432c0a98fb1 Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Document QSslCertificate deprecated functionsShane Kearns2012-05-031-4/+16
| | | | | | | | With the new functions linked Task-number: QTBUG-24001 Change-Id: I9fd2de746a6342a1f4f182189e7f2529f092c003 Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Optimise windows cert fetching and fix test case.Shane Kearns2012-05-031-4/+22
| | | | | | | | | | | | | If we're not going to verify the peer, or we know in advance that windows won't have a CA root then don't ask it to verify the certificate chain. The test case started failing in CI when the windows cert fetcher was integrated due to timing change. I've relaxed the timing requirement of the test to avoid it being unstable. Task-number: QTBUG-24827 Change-Id: I694f193f7d96962667f00aa01b9483b326e3e054 Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
* Fixed compile of QSslSocket with -qtnamespace on Windows.Rohan McGovern2012-05-012-9/+15
| | | | | | | | | | | Q_DECLARE_METATYPE must be outside of the qt namespace. System headers must be included outside of the qt namespace. Change-Id: I2f48b1df87e5edae2baee6ce813af08d3e011dc0 Reviewed-by: Sergio Ahumada <sergio.ahumada@nokia.com> Reviewed-by: Toby Tomkins <toby.tomkins@nokia.com> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* Improved detection of libcrypto and libssl.Niels Weber2012-04-241-12/+51
| | | | | | | | | | | | | | The previous solution didn't work on systems where the libraries aren't in the same location. Now we search for both libcrypto and libssl and load them if their versions match, even if they are in different directories. Task-number: QTBUG-25398 Change-Id: I37164638890586947d07670d8a59fc53a84f9c42 Reviewed-by: Joerg Bornemann <joerg.bornemann@nokia.com> Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Fix bug in qsslsocket peek()Kalle Viironen2012-04-232-0/+54
| | | | | | | | | | | | | | | | | | Calling peek() for qsslsocket caused socket data to be copied into qiodevices buffer and therefore make it unaccessible in qsslsocket. Cherry picked form 4.8-branch & modified to Qt5 API changes (int -> qintptr) Original commits: commit 621f18955082fc73471e75d1f8c35c2dcd4befeb Author: Shane Kearns <ext-shane.2.kearns@nokia.com> commit 68b1d5c17aa38d5921bdade2b0e0cb67c6c90513 Author: Kalle Viironen <kalle.viironen@digia.com> Task-number: QTBUG-18498 Change-Id: I6be4b19baec2f3197537f5e7b61432040ec84ad2 Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* QSslSocket: call to ERR_free_strings to free loaded error stringsMartin Petersson2012-04-203-0/+5
| | | | | | | | | | Since we are calling q_SSL_load_error_strings to load error strings we should call ERR_free_strings to free the memory again. Task-number: QTBUG-15732 Change-Id: Ie41291bb0e1434f82025378edfca51930712a8aa Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* fix qsslsocket build in -permissive mode (assigning const char* to char*)Konstantin Ritt2012-04-191-1/+1
| | | | | Change-Id: I76269630ebabdf601c2fcb5f65a8dffbd6cdbc5e Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* Change coreservices -> iosIan Dean2012-04-192-5/+5
| | | | | | | | Replace "contains(QT_CONFIG, coreservices)" with "!ios" in config files. Replace "QT_NO_CORESERVICES" with "Q_OS_IOS" in source files. Change-Id: Id3b02316b245a24ce550e0b47596d18a4a409e4f Reviewed-by: Morten Johan Sørvig <morten.sorvig@nokia.com>
* Merge remote-tracking branch 'origin/api_changes'Lars Knoll2012-04-172-3/+3
|\ | | | | | | Change-Id: I964b0a6f5c38351fdfafb8a2a128a349ff8c89d1
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 10:10:20 +0000