| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows for opening of public key files. It does not, however,
support opening private keys (or decrypting/encrypting them). This is
due to limitations in the native API.
Nearly all public key tests pass (the native API doesn't support the
40-bit key in the test set). The private key tests are expected to fail.
Task-number: QTBUG-40688
Change-Id: Id8f2f1ae6526540736ceb2e5371f6a5d80c4ba7b
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
|
| |
|
|
|
|
|
|
|
|
| |
The change creates a stub implementation for WinRT, adding the needed
files and classes to build SSL support on that platform.
Task-number: QTBUG-37497
Change-Id: Idc3e8aa91c5eb8a938705f2385d1074fe6c1d83e
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| |
|
|
|
|
|
|
|
|
| |
These methods assumed incoming data would have LF line endings, and
therefore broke when parsing files with CRLF line endings. This
simply removes the line feed from the header/footer strings, and switches
to QByteArrayLiteral while doing so.
Change-Id: I0c14634243c4bd7d19a6b5ef718b6ed1cc6bcdb2
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
| |
This allows QSslKey to avoid converting to pem format if the backend
supports native der decoding.
Change-Id: I0822a21401ad0ca81c6eeb6c7d53c421e1e2e93a
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to prepare the addition of WinRT and iOS (SecureTransport)
implementations of SSL the structure of some SSL files has to be
redone. Parts of certificate that probably can be reused by other
ports stayed in qsslcertificate.cpp while other parts were moved
to qsslcertificate_openssl.cpp. qsslcontext, qsslkey and qsslsocket
were suffixed by _openssl to show that these are pure openssl
implementations.
Change-Id: I7b022dec49759f882274999c0991bf95788f2a3a
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\
| |
| |
| |
| |
| |
| | |
Conflicts:
src/network/ssl/qsslsocket_openssl_symbols.cpp
Change-Id: Ic62419fa1fee5f4de6c372459d72e6e16f9a810b
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Some Linux distributions disable EC by default which causes compile
errors on those platforms.
Task-number: QTBUG-40394
Change-Id: If5816d473bd1d64b1d4977860db662704a83310f
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
src/gui/text/qfontengine_qpf2.cpp
Change-Id: Ib04f92c41d0edd55d3aef8fb1708d917fba0f2a8
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replaces the raw jni calls with our own jni wrappers. This allows us
to make use of the centralized cache, avoid global data storage and
use a more optimized way to attach to the jni environment.
This change also removes the JNI_OnLoad() function since it's not
used. If we need to add a JNI_OnLoad() function later, we should find a
more suited place for it.
Change-Id: Id84ead10c27d03d19c160304b1f9853b381a103c
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@digia.com>
|
| |\|
| |
| |
| | |
Change-Id: Ia12ffdb27ecdf25c2a2bdb0eed1945387502108a
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Those intermediate certificates were used to issue "unauthorized"
certificates according to
http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html
, and are by default trusted on Windows, so to be safe we blacklist
them here.
Change-Id: I9891c5bee2dd82c22eb0f45e9b04abd25efeb596
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/qnx-x86-qcc/qplatformdefs.h
src/corelib/global/qglobal.h
src/network/socket/qnativesocketengine_winrt.cpp
src/plugins/platforms/android/androidjniaccessibility.cpp
src/plugins/platforms/windows/qwindowswindow.cpp
Manually adjusted:
mkspecs/qnx-armle-v7-qcc/qplatformdefs.h
to include 9ce697f2d54be6d94381c72af28dda79cbc027d4
Thanks goes to Sergio for the qnx mkspecs adjustments.
Change-Id: I53b1fd6bc5bc884e5ee2c2b84975f58171a1cb8e
|
| | |
| |
| |
| |
| |
| |
| | |
This change makes it possible to set a Qt namespace for Android builds.
Change-Id: I79f4ae8200223f36f97e2849aae49e45b8850d23
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@digia.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/features/qt.prf
src/plugins/platforms/xcb/qxcbwindow.h
src/tools/qdoc/qdocindexfiles.cpp
src/widgets/kernel/qwidget_qpa.cpp
Change-Id: I214f57b03bc2ff86cf3b7dfe2966168af93a5a67
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Note added in QNetworkReply and QSslSocket documentation.
Task-number: QTBUG-16770
Change-Id: I2dd8cfb913ec29a96b5465a905cd213713b8d537
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If you do sock->write(data) followed by sock->close() then the data
written is not transmitted unless you flush when using QSslSocket but
is when using QTcpSocket. This change makes QSslSocket work like
QTcpSocket.
Change-Id: Ia2e1c021dc48ac0d573f78da782ea77641c03bc1
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |\|
| |
| |
| | |
Change-Id: Ia36e93771066d8abcf8123dbe2362c5c9d9260fc
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Avoid accessing the internals of the SSL_CIPHER struct since this has
changed size etc. over time leading to binary incompatibilities.
Task-number: QTBUG-32423
Task-number: QTBUG-23363
Change-Id: I8cb399484e3a62be7d511f4b8b22c876825c87d4
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
|
| |\ \
| | |
| | |
| | | |
refs/staging/dev
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/gui/kernel/qguiapplication.cpp
Change-Id: Ibe75603dc8a51769db6550ea3f07bc8d19b0be85
|
| | | |\
| | | |
| | | |
| | | | |
Change-Id: I9300572e2b74f0564b2589cbd0fbdf24850f68df
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
OpenSSL has a bug when validating a chain with two certificates.
If a certificate exists twice (which is a valid use case for renewed
CAs), and the first one it hits is expired (which depends on the order
on data structure internal to OpenSSL), it will fail to validate the
chain.
This is only a bandaid fix, which trades improved chain validation
for error reporting accuracy. However given that reissuing of CA certs
is a real problem that is only getting worse, this fix is needed.
See also: https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html#WARNINGS
[ChangeLog][QtNetwork][QSslSocket] Added a workaround to an OpenSSL problem
that may cause errors when the trust store contains two certificates of the
issuing CA, one of which is expired.
Task-number: QTBUG-38896
Change-Id: I8f17972ac94555648098624e470fff0eff2e7940
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@digia.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Discussed with Peter and agreed that it's a slightly better fit there.
Change-Id: If8db777336e2273670a23d75d8542b30c07e0d7b
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add support for loading certificates and keys from PKCS#12 bundles
(also known as pfx files).
Task-number: QTBUG-1565
[ChangeLog][QtNetwork][QSslSocket] Support for loading PKCS#12
bundles was added. These are often used to transport keys and
certificates conveniently, particularly when making use of
client certificates.
Change-Id: Idaeb2cb4dac4b19881a5c99c7c0a7eea00c2b207
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I6a4e96fb1a94a1a55eabe6b3e0df09b5d27fd8a2
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
mkspecs/qnx-x86-qcc/qplatformdefs.h
src/corelib/global/qglobal.h
src/opengl/gl2paintengineex/qpaintengineex_opengl2.cpp
src/opengl/qgl.cpp
src/opengl/qglpixelbuffer.cpp
src/opengl/qglshaderprogram.cpp
tests/auto/opengl/qglthreads/tst_qglthreads.cpp
Change-Id: Iaba137884d3526a139000ca26fee02bb27b5cdb5
|
| | |/
| |
| |
| |
| |
| |
| | |
The declaration of q_SSL_ctrl is ifdefed, so ifdef it's usage too.
Change-Id: I99a53af6f4f24ed991d39ab89f18e03b8f38c617
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| | |
Change-Id: I382a017a0b865b849667301aff8b2f87b676ecc6
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/qnx-armv7le-qcc/qplatformdefs.h
src/printsupport/kernel/qcups.cpp
src/widgets/styles/qstyle.h
tests/auto/widgets/itemviews/qlistwidget/tst_qlistwidget.cpp
Change-Id: Ia41e13051169a6d4a8a1267548e7d47b859bb267
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Despite supporting DH and ECDH key exchange as a client, Qt did not provide
any default parameters which prevented them being used as a server. A
future change should allow the user to control the parameters used, but
these defaults should be okay for most users.
[ChangeLog][Important Behavior Changes] Support for DH and ECDH key exchange
cipher suites when acting as an SSL server has been made possible. This
change means the you can now implement servers that offer forward-secrecy
using Qt.
Task-number: QTBUG-20666
Change-Id: I469163900e4313da9d2d0c3e1e5e47ef46320b17
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| | |
| |
| |
| |
| |
| | |
Task-number: QTBUG-37783
Change-Id: Ie276e597062d8bfc74ef57251ed21a94020e030f
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@digia.com>
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
src/gui/image/qjpeghandler.cpp
Change-Id: I9db3acea7d5c82f5da679c8eaeb29431136665f0
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Crash occurs after warnings like:
QSslSocket: cannot call unresolved function SSL_get0_next_proto_negotiated
Task-number: QTBUG-37515
Task-number: QTBUG-33208
Change-Id: I18b803e4709b9d5f6b33717c2ac43179676351a4
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |\|
| |
| |
| | |
Change-Id: Idec54e19963e8d88c711cb179cffc81596323899
|
| | |
| |
| |
| |
| |
| | |
Change-Id: I213ac1fb2733e675f3641441fe6c621bab06c1f0
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| | |
Change-Id: I7dbe938bff5ac3ab50a0197f94bdb2f6c22fbd16
Reviewed-by: Kevin Krammer <kevin.krammer@kdab.com>
Reviewed-by: Mitch Curtis <mitch.curtis@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Many bugs originate due to mismatches between the build-time and
run-time versions of openssl but they're hard to debug as we don't
provide access to the build-time info. This addresses that weakness.
[ChangeLog][QtNetwork][QSslSocket] Added accessors for the version
of openssl used at build-time. This will help when debugging
problems caused by a mismatch with the run-time version.
Change-Id: I6a4c21c8f16ab4c90cdf166f38c62fe37bf1f165
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
Previously we allowed you to specify which version(s) you wanted to use,
but did not provide access to the version that was actually negotiated.
[ChangeLog][QtNetwork][QSslSocket] Add support for finding the version
of SSL/TLS in use by a connection.
Task-number: QTBUG-28471
Change-Id: I6d50d2bc9f1ce7f98192e67992178fe7e41c0575
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |
|
|
|
|
|
|
| |
A QSslCipher is not an equivalent representation of a QString, so
the constructor that takes a QString should be explicit.
Change-Id: I4c1329d1eebf91b212616eb5200450c0861d900f
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/gui/image/qimage.cpp
src/gui/text/qtextengine.cpp
src/plugins/platforms/linuxfb/qlinuxfbscreen.cpp
src/printsupport/kernel/qprintengine_win.cpp
Change-Id: I09ce991a57f39bc7b1ad6978d0e0d858df0cd444
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These functions now return a QStringList to reflect the possibility of
there being more than one entry of a given type, but the documentation
did not reflect this.
Task-Number: QTBUG-36304
Change-Id: Iba2eda5e2c3174c8dcea640b5aed9cdc9a432392
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
... which is needed to negotiate the SPDY protocol.
[ChangeLog][QtNetwork][QSslConfiguration] Added support for the Next
Protocol Negotiation (NPN) TLS extension.
Task-number: QTBUG-33208
Change-Id: I3c945f9b7e2d2ffb0814bfdd3e87de1dae6c20ef
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The overload used an evil hack to work around a flaw in the QSslCipher
API rather than fixing the API. The hack was broken by the addition of
support for newer versions of TLS. This change solves the issue properly
by fixing the QSslCipher API then using the fixed version.
Task-Number: QTBUG-34688
Change-Id: Ibf677c374f837f705395741e730d40d8f912d7c6
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |\ \
| | |
| | |
| | | |
refs/staging/dev
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/corelib/global/qglobal.h
src/corelib/tools/qstring.cpp
src/gui/image/image.pri
src/gui/image/qimage.cpp
src/plugins/platforms/cocoa/qcocoawindow.h
src/plugins/platforms/cocoa/qcocoawindow.mm
src/plugins/platforms/eglfs/qeglfshooks_stub.cpp
tests/auto/corelib/io/qstandardpaths/tst_qstandardpaths.cpp
Change-Id: I3b9ba029c8f2263b011f204fdf68c3231c6d4ce5
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Qt since approximately 4.4 has set the verify callback on both the SSL
store and the SSL context. Only the latter is actually needed. This is
normally not a problem, but openssl prior to 1.0.2 uses the verify
code to find the intermediate certificates for any local certificate
that has been set which can lead to verification errors for the local
certificate to be emitted.
Task-number: QTBUG-33228
Task-number: QTBUG-7200
Task-number: QTBUG-24234
Change-Id: Ie4115e7f7faa1267ea9b807c01b1ed6604c4a16c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Any cipher that is < 128 bits is excluded from the default SSL
configuration. These ciphers are still included in the list
of availableCiphers() and can be used by applications if required.
Calling QSslSocket::setDefaultCiphers(QSslSocket::availableCiphers())
will restore the old behavior.
Note that in doing so I spotted that calling defaultCiphers() before
doing other actions with SSL had an existing bug that I've addressed
as part of the change.
[ChangeLog][Important Behavior Changes] The default set of
ciphers used by QSslSocket has been changed to exclude ciphers that are
using key lengths smaller than 128 bits. These ciphers are still available
and can be enabled by applications if required.
Change-Id: If2241dda67b624e5febf788efa1369f38c6b1dba
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |/
|
|
|
|
|
|
| |
the diff -w for this commit is empty.
Started-by: Thiago Macieira <thiago.macieira@intel.com>
Change-Id: I77bb84e71c63ce75e0709e5b94bee18e3ce6ab9e
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
| |
... because it was used to operate a man-in-the-middle proxy.
Task-number: QTBUG-35474
Change-Id: Ic7f19708b278b866e4f06533cbd84e0ff43357e9
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
| |
to reflect the fact that this returns and sets the whole session
ticket, and not just the session ID.
Change-Id: I00fe2bc4197dbcd7a02b3ae4f2f84e3a2a7edad0
Reviewed-by: Richard J. Moore <rich@kde.org>
|
