| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
The cipher is always valid here, so this check was never needed anyway.
Change-Id: I22be273d166702926b98f0c9443657a1dde65f6e
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
There were still ifdefs for openssl 0.9.7 and openssl 0.9.8f.
[ChangeLog][QtNetwork] Some legacy ifdefs for openssl 0.9.7 and openssl 0.9.8f
were removed, Qt will no longer build with these versions. In addition there
is no support for openssl built with NO_TLSEXT.
Change-Id: I9268515c0a125a2f6d79add8ee1cb40768e7e898
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
|
| |
|
|
|
|
|
|
|
|
| |
The postfix increment(decrement) creates a temp copy of *this before the
modification and then returns that copy. It's needed only when using the
old iterator and then incrementing it.
Change-Id: I7f6702de78f5f987cec3556047e76049b4ee063a
Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com>
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
|
| |
|
|
|
| |
Change-Id: I51733e9a3bb0d5d54dc2f61ac75751d899a84bd1
Reviewed-by: Peter Hartmann <peter-qt@hartmann.tk>
|
| |
|
|
|
|
|
|
|
|
|
| |
The OpenSSL backend for QSslSocket return an incomplete peer certificate
chain when in server mode: it does not include the peer's certificate as
the first element of the chain.
This change fixes this issue.
Change-Id: I2f0815bca2f314a075b48a2d0b5a6d5b7af50722
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
|
| |
|
|
|
|
|
|
|
| |
Move these types to QAsn1Element so that they can use the toString()
method which guards against malicious ASN.1.
Change-Id: I7d6155147a6fc2d41da6f3ae87551b6cb75aa9ce
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We don't currently use this class for critical things like hostname
verification however we still want to ensure that it is not possible
to trick it using ASN.1 strings with embedded NUL characters. This will
avoid problems in the future.
Change-Id: Ibf3bc142a94fc9cad5f06db50f375399a087f9dc
Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org>
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add support for SSL on iOS/OS X by adding a SecureTransport based
backend.
[ChangeLog][QtNetwork][QSslSocket] A new SSL backend for iOS and OS X,
implemented with Apple's Secure Transport (Security Framework).
Change-Id: I7466db471be2a8a2170f9af9d6ad4c7b6425738b
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
| |
Change-Id: I9c09a3e2dfb90eb22d4509ac6c450a0bb5da48f6
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
[ChangeLog][QtNetwork][QSslSocket] It is now possible to use TLS PSK
ciphersuites in client sockets.
Task-number: QTBUG-39077
Change-Id: I5523a2be33d46230c6f4106c322fab8a5afa37b4
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
| |
Make it easier for the compiler to apply the
Named Return Value Optimization (NRVO) in the
shortName()/longName() functions by not returning
different objects in different return statements.
Change-Id: I1b6fa7e6121bc1c843378be33499728c56c97f92
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
const functions
Rationale: the case of an invalid QSslEllipticCurve is already
dealt with before we'd call ensureInitialized(). But in order
to have a non-invalid QSslEllipticCurve, we must have called
one of the constructor functions first. There, we already call
ensureInitialized(), so we don't need to do it here again.
Change-Id: I96bdb5db63ec0165e6b8fac9469b5d81c6b2cdae
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
| |
|
|
|
| |
Change-Id: I94701ddb78a822adf35aea57f9e171a747745f6b
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
| |
|
|
|
| |
Change-Id: I66b8b85e6c02b0e53391079d5048017d5e63ac8b
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
| |
|
|
|
|
|
|
| |
Since the conversion to a long name was already there, also support
creation from a long name.
Change-Id: Iad712db7447fb0a0a18f600b7db54da5b5b87154
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add possibility to get length and other information of EC based
certificates. Also it is possible to parse those public/private
keys from PEM and DER encoded files.
Based on patch by Remco Bloemen
[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
parse elliptic curve certificates.
Change-Id: I4b11f726296aecda89c3cbd195d7c817ae6fc47b
Task-number: QTBUG-18972
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
| |
Change-Id: I726041ec5e92d371bc5afb9b7f8cb854bfd41451
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/tools/qbytearray.cpp
src/gui/kernel/qplatformsystemtrayicon.cpp
src/gui/kernel/qplatformsystemtrayicon.h
src/plugins/platforms/xcb/xcb-plugin.pro
Change-Id: I00355d3908b678af8a61c38f9e814a63df808c79
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The order is:
1) own header
2) own private header, if any
3) other headers
Commit f17d7a124f0fa817a7e1a2dda6f48098432c0dc0 broke the order.
Change-Id: I7225024691db91fd936a057accdad65bacb3f979
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/global/qglobal.h
src/platformsupport/platformcompositor/qopenglcompositor.cpp
src/platformsupport/platformcompositor/qopenglcompositorbackingstore.cpp
tests/auto/gui/kernel/qwindow/tst_qwindow.cpp
Change-Id: I5422868500be695584a496dbbbc719d146bc572d
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Place all debug output into the 'qt.network.ssl' category.
This allows people to disable certain warnings at runtime.
Task-number: QTBUG-43173
Change-Id: Ide731fae3109f9cd7730cc096ee069a5b99d35f1
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
doc/global/template/style/online.css
mkspecs/android-g++/qmake.conf
Change-Id: Ib39ea7bd42f5ae12e82a3bc59a66787a16bdfc61
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
dist/changes-5.4.0
7231e1fbe24102f2a93b34dfa70e3dca884440d2 went into 5.4 instead of the
5.4.0 branch, thus the conflict.
Change-Id: I70b8597ab52506490dcaf700427183950d42cbd1
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This makes it follow the coding style, which says to camel case acronyms too,
and makes it consistent with the rest of the class.
Change-Id: I4a1b21de1815530e476fc5aa8a0d41c724fc8021
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: hjk <hjk121@nokiamail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Done automatically with clang-modernize on linux
(But does not add Q_DECL_OVERRIDE to the function that are marked
as inline because it a compilation error with MSVC2010)
Change-Id: I2196ee26e3e6fe20816834ecea5ea389eeab3171
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The only reason for copying QSslEllipticCurves into a temporary array
would be to be extra-pedantic about type safety, but in the end,
we can simply force a cast and remove the copy.
Change-Id: Ice8a036fe4b79ba438ce83b5eacf6158eb3f0ce7
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OpenSSL 1.0.2 introduces SSL_CTX_set_ecdh_auto, which allows us
to stop using one specific temporary curve, and instead makes
the server negotiate the best curve.
Task-number: QTBUG-42925
Change-Id: I3a68f29030bdf04f368bfdf79c888401ce82bdd8
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic
curves should be used by an elliptic curve cipher.
Change-Id: If5d0d58922768b6f1375836489180e576f5a015a
Done-with: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/corelib/io/qiodevice.cpp
src/plugins/bearer/linux_common/qofonoservice_linux.cpp
src/plugins/bearer/linux_common/qofonoservice_linux_p.h
src/plugins/platforms/android/qandroidplatformtheme.cpp
src/tools/bootstrap/bootstrap.pro
src/widgets/styles/qmacstyle_mac.mm
Change-Id: Ia02aab6c4598ce74e9c30bb4666d5e2ef000f99b
|
| | |\|
| | |
| | |
| | | |
Change-Id: I95f235a66ce2e9b1fa435c0f911c6f7e811755f0
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Variable dsa is assigned in this block with q_DSA_new instead of rsa.
So this should be the destination of memcpy.
Change-Id: Id5a41d99f1606bf525ad5f819bbc06bb1235bf5b
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows apps to ship their own openssl libraries inside the
application bundle.
The change consists of two parts: First, adding
<bundle>/Contents/Frameworks
to the alternative search paths. Second, disabling the preemtive
check for libssl.dylib, libcrypto.dylib in the system paths:
The system's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib
will still be picked up as a fallback in the alternative search
paths, but only after .app/Contents/Frameworks have been inspected.
[ChangeLog][QtNetwork][QSsl] On OS X and iOS, openssl dylib's are
picked up from the 'Frameworks' directory of the app bundle.
Change-Id: I982930f4a6cf5e0114c04ecbc87f27e54ba8bb88
Reviewed-by: Jake Petroules <jake.petroules@petroules.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
QIODevice makes readData() call only when its read buffer is empty.
Also data argument points to the user or reserved read buffer area.
So, no need in data transfer from read buffer at this point at all.
Task-number: QTBUG-41797
Change-Id: Ieb4afdf7eec37fdf288073e4a060e64424f22b9c
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 1853579dad1bbb44599314213a1d8a203ecae1c9)
Reviewed-by: Alex Trotsenko <alex1973tr@gmail.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes errors like
qsslsocket_openssl_symbols.cpp:111:6: error:
unused function 'qsslSocketUnresolvedSymbolWarning'
[-Werror,-Wunused-function]
void qsslSocketUnresolvedSymbolWarning(const char *functionName)
^
1 error generated.
Change-Id: I164518de583f080724ab9a7165c885602a1c6231
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
src/gui/text/qfontdatabase.cpp
Change-Id: I6ac1f55faa22b8e7b591386fb67f0333d0ea443d
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After the poodle vulnerability SSLv3 should like SSLv2 no longer be
considered safe, so when a user request a safe protocol we should
only allow TLS versions.
[ChangeLog][QtNetwork][QSsl] QSsl::SecureProtocols now also excludes SSLv3
Change-Id: If825f6beb599294b028d706903b39db6b20be519
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| | |
Change-Id: If7e51514ed6832750e3ad967e4d322ccf920d2bb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslError), so
make it public.
Also included both .error() and .certificate() in the hash, as
both of these are used to determine equality (the WinRT version
only used .error()).
[ChangeLog][QtNetwork][QSslError] Can now be used in QSet/QHash.
Change-Id: Ieb7995bed491ff011d4be9dad544248b56fd4f73
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslCertificate), so
make it public.
Also, the implementation in qsslsocket_winrt.cpp simply hashed
the handle(), which violates the principle that equal instances
must hash to the same value. Also, for some platforms, the
implementation returns nullptr unconditionally, which, while not
violating the above-mentioned principle, will make all users of
the hash have worst-case complexity.
To calculate a meaningful hash, therefore, the certificate needs
to be inspected deeper than just the handle.
For OpenSSL, we use X509::sha1_hash, which also X509_cmp uses
internally to determine inequality (it checks more stuff, but
if X059::sha1_hash is different, X509_cmp() returns non-zero,
which is sufficient for the purposes of qHash()). sha1_hash may
not be up-to-date, though, so we call X509_cmp to make it valid.
Ugh.
For WinRT/Qt, we use the DER encoding, as that is the native
storage format used in QSslCertificate. This is not equivalent
to the implementation used in qsslsocket_winrt.cpp before, but
since handle() == handle() => toDer() == toDer(), it should not
be a problem.
[ChangeLog][QtNetwork][QSslCertificate] Can now be used as a key in QSet/QHash.
Change-Id: I10858fe648c70fc9535af6913dd3b7f3b2cf0eba
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When creating SSL context failed due to unsupported protocol being
demanded, no explanation was given. It's because
QSslContext::fromConfiguration() extracted explanation for error message
from OpenSSL, which at that point hasn't even been called yet. This
patch adds explicit message informing that an unsupported protocol was
chosen.
Task-number: QTBUG-41775
Change-Id: I9d2710da4ba314a16837a90afcdc5d9256179bef
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When QSslCertificatePrivate::certificatesFromDer() was passed count ==
-1 to extract unlimied number of certificates from buffer, it also tried
to parse the 0-sized fragment after the last certificate. This has
caused d2i_X509() to report an error on latest OpenSSL.
Task-number: QTBUG-41774
Change-Id: Ifa36b7ac5b4236bd2fb53b9d7fe53c5db3cb078c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |\|
| |
| |
| | |
Change-Id: I05fcd8dc66d9ad0dc76bb7f5bae05c9876bfba14
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For const char*s, operator== is overloaded, so comparing to a (C) string
literal is efficient, since qstrcmp doesn't require the length of the
strings to compare.
OTOH, QByteArrayLiteral, when not using RVO, litters the code with
QByteArray dtor calls, which are not inline. Worse, absent lambdas,
it even allocates memory.
So, just compare with a (C) string literal instead.
Change-Id: Id3bfdc89558ba51911f6317a7a73c287f96e6f24
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/tools/qbytearray.cpp
src/gui/image/qimage.cpp
src/gui/image/qppmhandler.cpp
src/gui/kernel/qguiapplication.cpp
src/gui/painting/qpaintengine_raster.cpp
Change-Id: I7c1a8e7ebdfd7f7ae767fdb932823498a7660765
|
| | |
| |
| |
| |
| | |
Change-Id: I8f812002302d3b74af252fa66e9e13154bbf80e1
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
- Renamed LICENSE.LGPL to LICENSE.LGPLv21
- Added LICENSE.LGPLv3
- Removed LICENSE.GPL
Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2
Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The isAlwaysAskOption was removed in 38621713150b663355ebeb799a5a50d8e39a3c38
so manually removed code in
src/plugins/bearer/connman/qconnmanengine.cpp
Conflicts:
src/corelib/global/qglobal.h
src/corelib/tools/qcollator_macx.cpp
src/corelib/tools/qstring.cpp
src/gui/kernel/qwindow.cpp
src/gui/kernel/qwindow_p.h
src/gui/text/qtextengine.cpp
src/platformsupport/fontdatabases/fontconfig/qfontenginemultifontconfig_p.h
src/plugins/platforms/android/qandroidinputcontext.cpp
src/plugins/platforms/xcb/qglxintegration.cpp
src/plugins/platforms/xcb/qglxintegration.h
src/plugins/platforms/xcb/qxcbconnection_xi2.cpp
src/testlib/qtestcase.cpp
src/testlib/qtestlog.cpp
src/widgets/dialogs/qfiledialog.cpp
src/widgets/kernel/qwindowcontainer.cpp
tests/auto/corelib/tools/qcollator/tst_qcollator.cpp
tests/auto/gui/text/qtextscriptengine/tst_qtextscriptengine.cpp
tests/auto/widgets/kernel/qwidget_window/tst_qwidget_window.cpp
tests/auto/widgets/widgets/qlineedit/tst_qlineedit.cpp
Change-Id: Ic5d4187f682257a17509f6cd28d2836c6cfe2fc8
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I7a4dd22ea3bcebf4c3ec3ad731628fd8f3c247e0
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
QIODevice makes readData() call only when its read buffer is empty.
Also data argument points to the user or reserved read buffer area.
So, no need in data transfer from read buffer at this point at all.
Change-Id: Ieb4afdf7eec37fdf288073e4a060e64424f22b9c
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |\| |
| | |
| | |
| | | |
Change-Id: Id4997327cc01bd4bb397a463bdffbd15e80398ef
|
