| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
The declaration of q_SSL_ctrl is ifdefed, so ifdef it's usage too.
Change-Id: I99a53af6f4f24ed991d39ab89f18e03b8f38c617
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Despite supporting DH and ECDH key exchange as a client, Qt did not provide
any default parameters which prevented them being used as a server. A
future change should allow the user to control the parameters used, but
these defaults should be okay for most users.
[ChangeLog][Important Behavior Changes] Support for DH and ECDH key exchange
cipher suites when acting as an SSL server has been made possible. This
change means the you can now implement servers that offer forward-secrecy
using Qt.
Task-number: QTBUG-20666
Change-Id: I469163900e4313da9d2d0c3e1e5e47ef46320b17
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
|
|
|
|
|
| |
Task-number: QTBUG-37783
Change-Id: Ie276e597062d8bfc74ef57251ed21a94020e030f
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@digia.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Crash occurs after warnings like:
QSslSocket: cannot call unresolved function SSL_get0_next_proto_negotiated
Task-number: QTBUG-37515
Task-number: QTBUG-33208
Change-Id: I18b803e4709b9d5f6b33717c2ac43179676351a4
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
|
|
|
|
|
| |
Change-Id: I213ac1fb2733e675f3641441fe6c621bab06c1f0
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
| |
Change-Id: I7dbe938bff5ac3ab50a0197f94bdb2f6c22fbd16
Reviewed-by: Kevin Krammer <kevin.krammer@kdab.com>
Reviewed-by: Mitch Curtis <mitch.curtis@digia.com>
|
|
|
|
|
|
|
|
| |
A QSslCipher is not an equivalent representation of a QString, so
the constructor that takes a QString should be explicit.
Change-Id: I4c1329d1eebf91b212616eb5200450c0861d900f
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/gui/image/qimage.cpp
src/gui/text/qtextengine.cpp
src/plugins/platforms/linuxfb/qlinuxfbscreen.cpp
src/printsupport/kernel/qprintengine_win.cpp
Change-Id: I09ce991a57f39bc7b1ad6978d0e0d858df0cd444
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These functions now return a QStringList to reflect the possibility of
there being more than one entry of a given type, but the documentation
did not reflect this.
Task-Number: QTBUG-36304
Change-Id: Iba2eda5e2c3174c8dcea640b5aed9cdc9a432392
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
... which is needed to negotiate the SPDY protocol.
[ChangeLog][QtNetwork][QSslConfiguration] Added support for the Next
Protocol Negotiation (NPN) TLS extension.
Task-number: QTBUG-33208
Change-Id: I3c945f9b7e2d2ffb0814bfdd3e87de1dae6c20ef
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The overload used an evil hack to work around a flaw in the QSslCipher
API rather than fixing the API. The hack was broken by the addition of
support for newer versions of TLS. This change solves the issue properly
by fixing the QSslCipher API then using the fixed version.
Task-Number: QTBUG-34688
Change-Id: Ibf677c374f837f705395741e730d40d8f912d7c6
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
|\ \
| | |
| | |
| | | |
refs/staging/dev
|
| |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/corelib/global/qglobal.h
src/corelib/tools/qstring.cpp
src/gui/image/image.pri
src/gui/image/qimage.cpp
src/plugins/platforms/cocoa/qcocoawindow.h
src/plugins/platforms/cocoa/qcocoawindow.mm
src/plugins/platforms/eglfs/qeglfshooks_stub.cpp
tests/auto/corelib/io/qstandardpaths/tst_qstandardpaths.cpp
Change-Id: I3b9ba029c8f2263b011f204fdf68c3231c6d4ce5
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Qt since approximately 4.4 has set the verify callback on both the SSL
store and the SSL context. Only the latter is actually needed. This is
normally not a problem, but openssl prior to 1.0.2 uses the verify
code to find the intermediate certificates for any local certificate
that has been set which can lead to verification errors for the local
certificate to be emitted.
Task-number: QTBUG-33228
Task-number: QTBUG-7200
Task-number: QTBUG-24234
Change-Id: Ie4115e7f7faa1267ea9b807c01b1ed6604c4a16c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Any cipher that is < 128 bits is excluded from the default SSL
configuration. These ciphers are still included in the list
of availableCiphers() and can be used by applications if required.
Calling QSslSocket::setDefaultCiphers(QSslSocket::availableCiphers())
will restore the old behavior.
Note that in doing so I spotted that calling defaultCiphers() before
doing other actions with SSL had an existing bug that I've addressed
as part of the change.
[ChangeLog][Important Behavior Changes] The default set of
ciphers used by QSslSocket has been changed to exclude ciphers that are
using key lengths smaller than 128 bits. These ciphers are still available
and can be enabled by applications if required.
Change-Id: If2241dda67b624e5febf788efa1369f38c6b1dba
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|/
|
|
|
|
|
|
| |
the diff -w for this commit is empty.
Started-by: Thiago Macieira <thiago.macieira@intel.com>
Change-Id: I77bb84e71c63ce75e0709e5b94bee18e3ce6ab9e
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
| |
... because it was used to operate a man-in-the-middle proxy.
Task-number: QTBUG-35474
Change-Id: Ic7f19708b278b866e4f06533cbd84e0ff43357e9
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
| |
to reflect the fact that this returns and sets the whole session
ticket, and not just the session ID.
Change-Id: I00fe2bc4197dbcd7a02b3ae4f2f84e3a2a7edad0
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
| |
Change-Id: Ie8eaa71bee87654c21218a23efd7e9d65b71f022
Reviewed-by: Joerg Bornemann <joerg.bornemann@digia.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
| |
"windows" only worked more or less by accident (it's the opposite of
"console" and just happens to be the default on windows).
Change-Id: Ib60c8ae5aea04f28207c05cc0005183dd6eb6244
Reviewed-by: Joerg Bornemann <joerg.bornemann@digia.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Default values should have mark-up to denote that they are code.
This commit changes:
-"property is true" to "property is \c true".
-"Returns true" to "Returns \c true".
-"property is false" to "property is \c false".
-"returns true" to "returns \c true".
-"returns false" to "returns \c false".
src/3rdparty and non-documentation instances were ignored.
Task-number: QTBUG-33360
Change-Id: Ie87eaa57af947caa1230602b61c5c46292a4cf4e
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Jerome Pasion <jerome.pasion@digia.com>
|
|
|
|
|
|
|
|
|
| |
This was removed by commit 4c8d8a72ec65f409394075ef50401265e495c1dd
But without it Playbook OS 2.1.0.1753 could not access ssh properly.
Change-Id: I18e136eaede2a5dffeb10b5fe31023b9aef709cb
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
|
|
|
|
|
|
|
| |
QPair is documented to initialize members
Change-Id: I1dccfd265521ca3ca1a648b161c0a163c72e2f2e
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
| |
Warning message was repeated multiple times inside the library.
Change-Id: Idcd417dda22de189893db597acfc36c2aa99d078
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes them in many ways:
- use Q_UNLIKELY to mark an error case
- reduce QtNetwork library size by 40315 bytes
- fix DEFINEFUNC9 which had wrong logic, happily it was not used
anywhere
Change-Id: Ic46a569f85aa22a00ecd88158e60c52f4665ec4c
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
| |
Updating the SSL_write code to correctly handle
SSL_ERROR_WANT_WRITE and SSL_ERROR_WANT_READ, which are not actual errors.
Change-Id: Icd7369b438ef402bf438c3fcc64514a1f9f45452
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
configure
mkspecs/macx-xcode/Info.plist.app
mkspecs/macx-xcode/Info.plist.lib
qmake/doc/qmake.qdocconf
src/corelib/global/qglobal.h
tests/auto/other/exceptionsafety/exceptionsafety.pro
tests/auto/widgets/widgets/qcombobox/tst_qcombobox.cpp
Change-Id: I3c769a4a82dc2e99a12c69123fbf17613fd2ac2a
|
| |
| |
| |
| |
| |
| |
| |
| | |
On Android, when not using Ministro, we cannot read certificates
from the file system, so we have to get them through Java APIs instead.
Change-Id: I415329fcb45836735c1112dbe832214b3c73dc9a
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@digia.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The c_rehash'ed symlinks are always there on QNX, so no need to check
at every app start for the feature. This saves ~ 17ms at each app
start.
Task-number: QTBUG-32549
Change-Id: Ia9df60aba9d1bd70868b7004b847867a2128f600
Reviewed-by: Andreas Holzammer <andreas.holzammer@kdab.com>
Reviewed-by: Rafael Roquetto <rafael.roquetto@kdab.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CSSM_DATA_PTR was deprecated in 10.7. Replace SecCertificateGetData
with SecCertificateCopyData.
Task-number: QTBUG-32715
Change-Id: I762687370689b5b5c032567240667631b1ffde98
Reviewed-by: Jake Petroules <jake.petroules@petroules.com>
Reviewed-by: Gabriel de Dietrich <gabriel.dedietrich@digia.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I.e. do not try to load file names that are not there anyhow. The
code would search for libcrypto.so.1.0.0 and libssl.so.1.0.0, while
on QNX the libs are called libcrypto.so and libssl.so, and there
are no symlinks with version numbers.
This saves ~ 45 ms in real apps (tested with Facebook, Twitter and
Foursquare), and ~ 24 ms at app startup in an isolated app without
GUI (difference maybe because threads are fighting for CPU or so).
Task-number: QTBUG-32548
Change-Id: I25869538bbfa3c2848541415e8361e0bd7a8fd50
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|\|
| |
| |
| |
| |
| |
| | |
Conflicts:
tests/auto/dbus/qdbusabstractinterface/tst_qdbusabstractinterface.cpp
Change-Id: I18a9d83fc14f4a9afdb1e40523ec51e3fa1d7754
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We need the same code for both the no-sdk and the sdk case for
the OpenSSL code, since this is not covered by a system library,
but by an external dependency in both cases.
Task-number: QTBUG-32130
Change-Id: I976835556fcb0e6c32cfb3da4dd585e45490061b
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|\|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/global/qglobal.h
src/plugins/platforms/cocoa/qnsview.mm
Change-Id: I6fe345df5c417cb7a55a3f91285d9b47a22c04fa
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Incorporate some more of the API changes between OpenSSL versions
0.9.8 and 1.0.0.
Task-number: QTBUG-31140
Change-Id: Ie719b34e3ec8751f0fbc07d315e82816c110762c
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/io/qdatastream.cpp
src/corelib/io/qdatastream.h
src/corelib/json/qjsonwriter.cpp
src/plugins/platforms/cocoa/qcocoawindow.mm
src/plugins/platforms/xcb/qxcbkeyboard.cpp
Change-Id: I46fef1455f5a9f2ce1ec394a3c65881093c51b62
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Several modules, including DBus, MySQL, and OpenSSL have
configure options of the form <MODULE>_PATH, which is used
on Windows (where pkg-config is not present) to specify the
locations of third-party libraries. These switches had been
implemented by adding extra variables which were referenced
in .pro files, to add the appropriate compiler and linker
switches. This is undesirable because it means there are
two independent paths for adding the switches to the build,
which can get out of sync with each other, and indeed this
had happened for some of the DBus tools.
To remedy the situation, all three of the switches were
reworked so that they added values directly to the principal
variables that are used in the project files. This reduces
maintenance, by ensuring that the pkg-config and non-pkg-config
paths appear the same to the rest of the build system.
Change-Id: Iae342f1d14b79fbcfef9fe38aadc803ad3141799
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
All occurrences of `#if defined(Q_OS_MAC) && !defined(Q_OS_IOS)` have
been replaced with `#if defined(Q_OS_MACX)`.
Change-Id: I5055d9bd1845136beb8ed1c79a8f0f2c0897751a
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@digia.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Session tickets can be cached on the client side for hours (e.g.
graph.facebook.com: ~ 24 hours, api.twitter.com: 4 hours), because the
server does not need to maintain state.
We need public API for it so an application can cache the session (e.g.
to disk) and resume a session already with the 1st handshake, saving
one network round trip.
Task-number: QTBUG-20668
Change-Id: I10255932dcd528ee1231538cb72b52b97f9f4a3c
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|\|
| |
| |
| | |
Change-Id: I2a54058b64ac69c78b4120fdaf09b96e025a4c6c
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
... but rather throw an error, so the HTTP layer can recover from a SSL
shutdown gracefully. In case the other side sent us a shutdown, we should
not send one as well, as it results in an error.
Change-Id: Ie7a56cf3008b6ead912aade18dbec67846e2a87e
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|\|
| |
| |
| | |
Change-Id: I059725e3b7d7ffd5a16a0931e6c17200917172b5
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We are passing a QSslConfigurationPrivate that is allocated on the stack
(in QSslSocketBackendPrivate::initSslContext()) to
QSslConfiguration::QSslConfiguration(QSslConfigurationPrivate *dd).
When the SSL context is destroyed, this object is not there any more.
So now we create a deep copy of the configuration like we do in
QSslSocket::sslConfiguration().
Task-number: QTBUG-30648
Change-Id: Iaefaa9c00fd6bfb707eba5ac59e9508bf951f8a5
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|/
|
|
|
|
|
|
|
|
| |
There is already an enum to disable SSL session tickets, which has been
used to disable session sharing for now. However, SSL session sharing
is not the same as SSL session tickets: Session sharing is built into
the SSL protocol, while session tickets is a TLS extension (RFC 5077).
Change-Id: If76b99c94b346cfb00e47366e66098f6334fd9bc
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
| |
... so SSL traffic can be decrypted with e.g. tcpdump / Wireshark.
For this to work, the define needs to be uncommented and QtNetwork
recompiled. This will create a file in /tmp/qt-ssl-keys which can
be fed into Wireshark.
A recent version of Wireshark is needed for this to work.
Change-Id: I4e41fd2e6122260cd96d443b1360edc71b08b5fd
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove all trailing whitespace from the following list of files:
*.cpp *.h *.conf *.qdoc *.pro *.pri *.mm *.rc *.pl *.qps *.xpm *.txt *README
excluding 3rdparty, test-data and auto generated code.
Note A): the only non 3rdparty c++-files that still
have trailing whitespace after this change are:
* src/corelib/codecs/cp949codetbl_p.h
* src/corelib/codecs/qjpunicode.cpp
* src/corelib/codecs/qbig5codec.cpp
* src/corelib/xml/qxmlstream_p.h
* src/tools/qdoc/qmlparser/qqmljsgrammar.cpp
* src/tools/uic/ui4.cpp
* tests/auto/other/qtokenautomaton/tokenizers/*
* tests/benchmarks/corelib/tools/qstring/data.cpp
* util/lexgen/tokenizer.cpp
Note B): in about 30 files some overlapping 'leading tab' and
'TAB character in non-leading whitespace' issues have been fixed
to make the sanity bot happy. Plus some general ws-fixes here
and there as asked for during review.
Change-Id: Ia713113c34d82442d6ce4d93d8b1cf545075d11d
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
|
|
|
|
|
|
|
|
| |
Introduced Q_OS_ANDROID_NO_SDK which makes more sense than
Q_OS_LINUX_ANDROID when Q_OS_ANDROID also defines Q_OS_LINUX.
Change-Id: Id2aa228b66daffba82776a12c91a264a360afd86
Reviewed-by: Gunnar Sletta <gunnar.sletta@digia.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on the Necessitas project by Bogdan Vatra.
Contributors to the Qt5 project:
BogDan Vatra <bogdan@kde.org>
Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@digia.com>
hjk <hjk121@nokiamail.com>
Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Paul Olav Tvete <paul.tvete@digia.com>
Robin Burchell <robin+qt@viroteck.net>
Samuel Rødal <samuel.rodal@digia.com>
Yoann Lopes <yoann.lopes@digia.com>
The full history of the Qt5 port can be found in refs/old-heads/android,
SHA-1 249ca9ca2c7d876b91b31df9434dde47f9065d0d
Change-Id: Iff1a7b2dbb707c986f2639e65e39ed8f22430120
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
|
|
|
|
|
|
|
|
|
|
| |
Add intermediate certificates to our server sockets, and to our client
certs.
Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba
Task-Number: QTBUG-19825
Task-Number: QTBUG-13281
Reviewed-by: Peter Hartmann <phartmann@rim.com>
|
|
|
|
|
|
|
|
|
| |
Instead of storing a single QSslCertificate for a the local cert, store
a list of them. This will allow us to handle server sockets that use a
certificate that is not issued directly from the CA root in future.
Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96
Reviewed-by: Peter Hartmann <phartmann@rim.com>
|