| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
[ChangeLog][QtNetwork][QSslSocket] It is now possible to use TLS PSK
ciphersuites in client sockets.
Task-number: QTBUG-39077
Change-Id: I5523a2be33d46230c6f4106c322fab8a5afa37b4
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
| |
Make it easier for the compiler to apply the
Named Return Value Optimization (NRVO) in the
shortName()/longName() functions by not returning
different objects in different return statements.
Change-Id: I1b6fa7e6121bc1c843378be33499728c56c97f92
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
const functions
Rationale: the case of an invalid QSslEllipticCurve is already
dealt with before we'd call ensureInitialized(). But in order
to have a non-invalid QSslEllipticCurve, we must have called
one of the constructor functions first. There, we already call
ensureInitialized(), so we don't need to do it here again.
Change-Id: I96bdb5db63ec0165e6b8fac9469b5d81c6b2cdae
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
| |
|
|
|
| |
Change-Id: I94701ddb78a822adf35aea57f9e171a747745f6b
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
| |
|
|
|
| |
Change-Id: I66b8b85e6c02b0e53391079d5048017d5e63ac8b
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
| |
|
|
|
|
|
|
| |
Since the conversion to a long name was already there, also support
creation from a long name.
Change-Id: Iad712db7447fb0a0a18f600b7db54da5b5b87154
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add possibility to get length and other information of EC based
certificates. Also it is possible to parse those public/private
keys from PEM and DER encoded files.
Based on patch by Remco Bloemen
[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
parse elliptic curve certificates.
Change-Id: I4b11f726296aecda89c3cbd195d7c817ae6fc47b
Task-number: QTBUG-18972
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
| |
Change-Id: I726041ec5e92d371bc5afb9b7f8cb854bfd41451
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/tools/qbytearray.cpp
src/gui/kernel/qplatformsystemtrayicon.cpp
src/gui/kernel/qplatformsystemtrayicon.h
src/plugins/platforms/xcb/xcb-plugin.pro
Change-Id: I00355d3908b678af8a61c38f9e814a63df808c79
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The order is:
1) own header
2) own private header, if any
3) other headers
Commit f17d7a124f0fa817a7e1a2dda6f48098432c0dc0 broke the order.
Change-Id: I7225024691db91fd936a057accdad65bacb3f979
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/global/qglobal.h
src/platformsupport/platformcompositor/qopenglcompositor.cpp
src/platformsupport/platformcompositor/qopenglcompositorbackingstore.cpp
tests/auto/gui/kernel/qwindow/tst_qwindow.cpp
Change-Id: I5422868500be695584a496dbbbc719d146bc572d
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Place all debug output into the 'qt.network.ssl' category.
This allows people to disable certain warnings at runtime.
Task-number: QTBUG-43173
Change-Id: Ide731fae3109f9cd7730cc096ee069a5b99d35f1
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
doc/global/template/style/online.css
mkspecs/android-g++/qmake.conf
Change-Id: Ib39ea7bd42f5ae12e82a3bc59a66787a16bdfc61
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
dist/changes-5.4.0
7231e1fbe24102f2a93b34dfa70e3dca884440d2 went into 5.4 instead of the
5.4.0 branch, thus the conflict.
Change-Id: I70b8597ab52506490dcaf700427183950d42cbd1
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This makes it follow the coding style, which says to camel case acronyms too,
and makes it consistent with the rest of the class.
Change-Id: I4a1b21de1815530e476fc5aa8a0d41c724fc8021
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: hjk <hjk121@nokiamail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Done automatically with clang-modernize on linux
(But does not add Q_DECL_OVERRIDE to the function that are marked
as inline because it a compilation error with MSVC2010)
Change-Id: I2196ee26e3e6fe20816834ecea5ea389eeab3171
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The only reason for copying QSslEllipticCurves into a temporary array
would be to be extra-pedantic about type safety, but in the end,
we can simply force a cast and remove the copy.
Change-Id: Ice8a036fe4b79ba438ce83b5eacf6158eb3f0ce7
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OpenSSL 1.0.2 introduces SSL_CTX_set_ecdh_auto, which allows us
to stop using one specific temporary curve, and instead makes
the server negotiate the best curve.
Task-number: QTBUG-42925
Change-Id: I3a68f29030bdf04f368bfdf79c888401ce82bdd8
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic
curves should be used by an elliptic curve cipher.
Change-Id: If5d0d58922768b6f1375836489180e576f5a015a
Done-with: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/corelib/io/qiodevice.cpp
src/plugins/bearer/linux_common/qofonoservice_linux.cpp
src/plugins/bearer/linux_common/qofonoservice_linux_p.h
src/plugins/platforms/android/qandroidplatformtheme.cpp
src/tools/bootstrap/bootstrap.pro
src/widgets/styles/qmacstyle_mac.mm
Change-Id: Ia02aab6c4598ce74e9c30bb4666d5e2ef000f99b
|
| | |\|
| | |
| | |
| | | |
Change-Id: I95f235a66ce2e9b1fa435c0f911c6f7e811755f0
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Variable dsa is assigned in this block with q_DSA_new instead of rsa.
So this should be the destination of memcpy.
Change-Id: Id5a41d99f1606bf525ad5f819bbc06bb1235bf5b
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows apps to ship their own openssl libraries inside the
application bundle.
The change consists of two parts: First, adding
<bundle>/Contents/Frameworks
to the alternative search paths. Second, disabling the preemtive
check for libssl.dylib, libcrypto.dylib in the system paths:
The system's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib
will still be picked up as a fallback in the alternative search
paths, but only after .app/Contents/Frameworks have been inspected.
[ChangeLog][QtNetwork][QSsl] On OS X and iOS, openssl dylib's are
picked up from the 'Frameworks' directory of the app bundle.
Change-Id: I982930f4a6cf5e0114c04ecbc87f27e54ba8bb88
Reviewed-by: Jake Petroules <jake.petroules@petroules.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
QIODevice makes readData() call only when its read buffer is empty.
Also data argument points to the user or reserved read buffer area.
So, no need in data transfer from read buffer at this point at all.
Task-number: QTBUG-41797
Change-Id: Ieb4afdf7eec37fdf288073e4a060e64424f22b9c
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 1853579dad1bbb44599314213a1d8a203ecae1c9)
Reviewed-by: Alex Trotsenko <alex1973tr@gmail.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes errors like
qsslsocket_openssl_symbols.cpp:111:6: error:
unused function 'qsslSocketUnresolvedSymbolWarning'
[-Werror,-Wunused-function]
void qsslSocketUnresolvedSymbolWarning(const char *functionName)
^
1 error generated.
Change-Id: I164518de583f080724ab9a7165c885602a1c6231
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
src/gui/text/qfontdatabase.cpp
Change-Id: I6ac1f55faa22b8e7b591386fb67f0333d0ea443d
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After the poodle vulnerability SSLv3 should like SSLv2 no longer be
considered safe, so when a user request a safe protocol we should
only allow TLS versions.
[ChangeLog][QtNetwork][QSsl] QSsl::SecureProtocols now also excludes SSLv3
Change-Id: If825f6beb599294b028d706903b39db6b20be519
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| | |
Change-Id: If7e51514ed6832750e3ad967e4d322ccf920d2bb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslError), so
make it public.
Also included both .error() and .certificate() in the hash, as
both of these are used to determine equality (the WinRT version
only used .error()).
[ChangeLog][QtNetwork][QSslError] Can now be used in QSet/QHash.
Change-Id: Ieb7995bed491ff011d4be9dad544248b56fd4f73
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslCertificate), so
make it public.
Also, the implementation in qsslsocket_winrt.cpp simply hashed
the handle(), which violates the principle that equal instances
must hash to the same value. Also, for some platforms, the
implementation returns nullptr unconditionally, which, while not
violating the above-mentioned principle, will make all users of
the hash have worst-case complexity.
To calculate a meaningful hash, therefore, the certificate needs
to be inspected deeper than just the handle.
For OpenSSL, we use X509::sha1_hash, which also X509_cmp uses
internally to determine inequality (it checks more stuff, but
if X059::sha1_hash is different, X509_cmp() returns non-zero,
which is sufficient for the purposes of qHash()). sha1_hash may
not be up-to-date, though, so we call X509_cmp to make it valid.
Ugh.
For WinRT/Qt, we use the DER encoding, as that is the native
storage format used in QSslCertificate. This is not equivalent
to the implementation used in qsslsocket_winrt.cpp before, but
since handle() == handle() => toDer() == toDer(), it should not
be a problem.
[ChangeLog][QtNetwork][QSslCertificate] Can now be used as a key in QSet/QHash.
Change-Id: I10858fe648c70fc9535af6913dd3b7f3b2cf0eba
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When creating SSL context failed due to unsupported protocol being
demanded, no explanation was given. It's because
QSslContext::fromConfiguration() extracted explanation for error message
from OpenSSL, which at that point hasn't even been called yet. This
patch adds explicit message informing that an unsupported protocol was
chosen.
Task-number: QTBUG-41775
Change-Id: I9d2710da4ba314a16837a90afcdc5d9256179bef
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When QSslCertificatePrivate::certificatesFromDer() was passed count ==
-1 to extract unlimied number of certificates from buffer, it also tried
to parse the 0-sized fragment after the last certificate. This has
caused d2i_X509() to report an error on latest OpenSSL.
Task-number: QTBUG-41774
Change-Id: Ifa36b7ac5b4236bd2fb53b9d7fe53c5db3cb078c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |\|
| |
| |
| | |
Change-Id: I05fcd8dc66d9ad0dc76bb7f5bae05c9876bfba14
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For const char*s, operator== is overloaded, so comparing to a (C) string
literal is efficient, since qstrcmp doesn't require the length of the
strings to compare.
OTOH, QByteArrayLiteral, when not using RVO, litters the code with
QByteArray dtor calls, which are not inline. Worse, absent lambdas,
it even allocates memory.
So, just compare with a (C) string literal instead.
Change-Id: Id3bfdc89558ba51911f6317a7a73c287f96e6f24
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/tools/qbytearray.cpp
src/gui/image/qimage.cpp
src/gui/image/qppmhandler.cpp
src/gui/kernel/qguiapplication.cpp
src/gui/painting/qpaintengine_raster.cpp
Change-Id: I7c1a8e7ebdfd7f7ae767fdb932823498a7660765
|
| | |
| |
| |
| |
| | |
Change-Id: I8f812002302d3b74af252fa66e9e13154bbf80e1
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
- Renamed LICENSE.LGPL to LICENSE.LGPLv21
- Added LICENSE.LGPLv3
- Removed LICENSE.GPL
Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2
Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The isAlwaysAskOption was removed in 38621713150b663355ebeb799a5a50d8e39a3c38
so manually removed code in
src/plugins/bearer/connman/qconnmanengine.cpp
Conflicts:
src/corelib/global/qglobal.h
src/corelib/tools/qcollator_macx.cpp
src/corelib/tools/qstring.cpp
src/gui/kernel/qwindow.cpp
src/gui/kernel/qwindow_p.h
src/gui/text/qtextengine.cpp
src/platformsupport/fontdatabases/fontconfig/qfontenginemultifontconfig_p.h
src/plugins/platforms/android/qandroidinputcontext.cpp
src/plugins/platforms/xcb/qglxintegration.cpp
src/plugins/platforms/xcb/qglxintegration.h
src/plugins/platforms/xcb/qxcbconnection_xi2.cpp
src/testlib/qtestcase.cpp
src/testlib/qtestlog.cpp
src/widgets/dialogs/qfiledialog.cpp
src/widgets/kernel/qwindowcontainer.cpp
tests/auto/corelib/tools/qcollator/tst_qcollator.cpp
tests/auto/gui/text/qtextscriptengine/tst_qtextscriptengine.cpp
tests/auto/widgets/kernel/qwidget_window/tst_qwidget_window.cpp
tests/auto/widgets/widgets/qlineedit/tst_qlineedit.cpp
Change-Id: Ic5d4187f682257a17509f6cd28d2836c6cfe2fc8
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I7a4dd22ea3bcebf4c3ec3ad731628fd8f3c247e0
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
QIODevice makes readData() call only when its read buffer is empty.
Also data argument points to the user or reserved read buffer area.
So, no need in data transfer from read buffer at this point at all.
Change-Id: Ieb4afdf7eec37fdf288073e4a060e64424f22b9c
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |\| |
| | |
| | |
| | | |
Change-Id: Id4997327cc01bd4bb397a463bdffbd15e80398ef
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This makes non-OpenSSL backends able to handle to certificate
extensions.
This also converts the Q_OS_WINRT #ifdef's in the unit test to
QT_NO_OPENSSL as the behavior is the same for any non-OpenSSL
backend.
Change-Id: I6a8306dc5c97a659ec96063d5a59cee2ee9a63a9
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds support for reading and writing ASN.1 boolean
values. It also adds an operator to test two ASN.1 elements
for equality.
Change-Id: I4a22cbf9808533d593fc59d27b63caaf650b1f57
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds the infrastructure for reading and writing encrypted private keys
when using non-OpenSSL backends. Each platform must provide its cryptographic
encrypt / decrypt functions.
As WinRT already uses the common parser, this commit includes an
implementation for that platform.
Done-with: Andrew Knight <andrew.knight@digia.com>
Task-number: QTBUG-40688
Change-Id: I0d153425ce63601ff03b784a111e13962061025f
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change adds the ability to decode ASN.1 INTEGER fields,
provided they represent a positive number of less than 64-bit.
This is needed for PKCS#12 decoding.
Change-Id: Iafb76f22383278d6773b9e879a8f3ef43c8d2c8f
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I2c2f5072302d2989362a382bd24cc10617336acf
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I was actually wondering if the test always succeeds (i.e. should
be turned into a Q_ASSERT), but I don't know the codebase enough to
justify such a change.
Change-Id: Id01b8de7244428e9b1c240dc365c66eeef0d6111
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
QSslKey currently has methods which supposedly allow decoding and
encoding private keys as DER protected by a passphrase. This is
broken by design as explained in QTBUG-41038, as storing the encrypted
DER data alone makes no sense: such a file lacks the necessary
information about the encryption algorithm and initialization vector.
This change:
- explicitly stops using the passphrase when decoding DER in the
constructor. The behavior is unchanged, it is not possible to
read the encrypted DER alone.
- refuses to honor the passphrase to DER encode a private key. The toDer
method now outputs an empty QByteArray instead of garbage.
Task-number: QTBUG-41038
Change-Id: I4281050cf1104f12d154db201a173633bfe22bd9
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Move from a stub to a functional SSL socket implementation.
This implementation has some limitations. Due to the way the native
SSL upgrade works, it is not possible to ignore SSL errors after the
handshake has begun. The user must set the ignore flags before
connecting to the host.
Due to missing implementation in the underlying native socket, the
synchronous methods (waitForConnected(), waitForDisconnected()) are not
functional either. Users must rely on the asynchronous methods instead.
This is not a problem in the general case, as HTTP(S) is not affected.
SSL server sockets are not supported by the native API, so it is not
possible to bind an SSL server socket.
Change-Id: Id0b323f273892580b294aa5a6ff601a8241470df
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The native handle and import functions are now available for use in other
parts of the winrt backend.
Change-Id: I07e6f95b3411c3dc7c1a7a164544b18e5e435d01
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
