| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Updating the SSL_write code to correctly handle
SSL_ERROR_WANT_WRITE and SSL_ERROR_WANT_READ, which are not actual errors.
Change-Id: Icd7369b438ef402bf438c3fcc64514a1f9f45452
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
configure
mkspecs/macx-xcode/Info.plist.app
mkspecs/macx-xcode/Info.plist.lib
qmake/doc/qmake.qdocconf
src/corelib/global/qglobal.h
tests/auto/other/exceptionsafety/exceptionsafety.pro
tests/auto/widgets/widgets/qcombobox/tst_qcombobox.cpp
Change-Id: I3c769a4a82dc2e99a12c69123fbf17613fd2ac2a
|
| | |
| |
| |
| |
| |
| |
| |
| | |
On Android, when not using Ministro, we cannot read certificates
from the file system, so we have to get them through Java APIs instead.
Change-Id: I415329fcb45836735c1112dbe832214b3c73dc9a
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The c_rehash'ed symlinks are always there on QNX, so no need to check
at every app start for the feature. This saves ~ 17ms at each app
start.
Task-number: QTBUG-32549
Change-Id: Ia9df60aba9d1bd70868b7004b847867a2128f600
Reviewed-by: Andreas Holzammer <andreas.holzammer@kdab.com>
Reviewed-by: Rafael Roquetto <rafael.roquetto@kdab.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CSSM_DATA_PTR was deprecated in 10.7. Replace SecCertificateGetData
with SecCertificateCopyData.
Task-number: QTBUG-32715
Change-Id: I762687370689b5b5c032567240667631b1ffde98
Reviewed-by: Jake Petroules <jake.petroules@petroules.com>
Reviewed-by: Gabriel de Dietrich <gabriel.dedietrich@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I.e. do not try to load file names that are not there anyhow. The
code would search for libcrypto.so.1.0.0 and libssl.so.1.0.0, while
on QNX the libs are called libcrypto.so and libssl.so, and there
are no symlinks with version numbers.
This saves ~ 45 ms in real apps (tested with Facebook, Twitter and
Foursquare), and ~ 24 ms at app startup in an isolated app without
GUI (difference maybe because threads are fighting for CPU or so).
Task-number: QTBUG-32548
Change-Id: I25869538bbfa3c2848541415e8361e0bd7a8fd50
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
tests/auto/dbus/qdbusabstractinterface/tst_qdbusabstractinterface.cpp
Change-Id: I18a9d83fc14f4a9afdb1e40523ec51e3fa1d7754
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We need the same code for both the no-sdk and the sdk case for
the OpenSSL code, since this is not covered by a system library,
but by an external dependency in both cases.
Task-number: QTBUG-32130
Change-Id: I976835556fcb0e6c32cfb3da4dd585e45490061b
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/global/qglobal.h
src/plugins/platforms/cocoa/qnsview.mm
Change-Id: I6fe345df5c417cb7a55a3f91285d9b47a22c04fa
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Incorporate some more of the API changes between OpenSSL versions
0.9.8 and 1.0.0.
Task-number: QTBUG-31140
Change-Id: Ie719b34e3ec8751f0fbc07d315e82816c110762c
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/corelib/io/qdatastream.cpp
src/corelib/io/qdatastream.h
src/corelib/json/qjsonwriter.cpp
src/plugins/platforms/cocoa/qcocoawindow.mm
src/plugins/platforms/xcb/qxcbkeyboard.cpp
Change-Id: I46fef1455f5a9f2ce1ec394a3c65881093c51b62
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Several modules, including DBus, MySQL, and OpenSSL have
configure options of the form <MODULE>_PATH, which is used
on Windows (where pkg-config is not present) to specify the
locations of third-party libraries. These switches had been
implemented by adding extra variables which were referenced
in .pro files, to add the appropriate compiler and linker
switches. This is undesirable because it means there are
two independent paths for adding the switches to the build,
which can get out of sync with each other, and indeed this
had happened for some of the DBus tools.
To remedy the situation, all three of the switches were
reworked so that they added values directly to the principal
variables that are used in the project files. This reduces
maintenance, by ensuring that the pkg-config and non-pkg-config
paths appear the same to the rest of the build system.
Change-Id: Iae342f1d14b79fbcfef9fe38aadc803ad3141799
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
All occurrences of `#if defined(Q_OS_MAC) && !defined(Q_OS_IOS)` have
been replaced with `#if defined(Q_OS_MACX)`.
Change-Id: I5055d9bd1845136beb8ed1c79a8f0f2c0897751a
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@digia.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Session tickets can be cached on the client side for hours (e.g.
graph.facebook.com: ~ 24 hours, api.twitter.com: 4 hours), because the
server does not need to maintain state.
We need public API for it so an application can cache the session (e.g.
to disk) and resume a session already with the 1st handshake, saving
one network round trip.
Task-number: QTBUG-20668
Change-Id: I10255932dcd528ee1231538cb72b52b97f9f4a3c
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| | |
Change-Id: I2a54058b64ac69c78b4120fdaf09b96e025a4c6c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
... but rather throw an error, so the HTTP layer can recover from a SSL
shutdown gracefully. In case the other side sent us a shutdown, we should
not send one as well, as it results in an error.
Change-Id: Ie7a56cf3008b6ead912aade18dbec67846e2a87e
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| | |
Change-Id: I059725e3b7d7ffd5a16a0931e6c17200917172b5
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We are passing a QSslConfigurationPrivate that is allocated on the stack
(in QSslSocketBackendPrivate::initSslContext()) to
QSslConfiguration::QSslConfiguration(QSslConfigurationPrivate *dd).
When the SSL context is destroyed, this object is not there any more.
So now we create a deep copy of the configuration like we do in
QSslSocket::sslConfiguration().
Task-number: QTBUG-30648
Change-Id: Iaefaa9c00fd6bfb707eba5ac59e9508bf951f8a5
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |/
|
|
|
|
|
|
|
|
| |
There is already an enum to disable SSL session tickets, which has been
used to disable session sharing for now. However, SSL session sharing
is not the same as SSL session tickets: Session sharing is built into
the SSL protocol, while session tickets is a TLS extension (RFC 5077).
Change-Id: If76b99c94b346cfb00e47366e66098f6334fd9bc
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
... so SSL traffic can be decrypted with e.g. tcpdump / Wireshark.
For this to work, the define needs to be uncommented and QtNetwork
recompiled. This will create a file in /tmp/qt-ssl-keys which can
be fed into Wireshark.
A recent version of Wireshark is needed for this to work.
Change-Id: I4e41fd2e6122260cd96d443b1360edc71b08b5fd
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove all trailing whitespace from the following list of files:
*.cpp *.h *.conf *.qdoc *.pro *.pri *.mm *.rc *.pl *.qps *.xpm *.txt *README
excluding 3rdparty, test-data and auto generated code.
Note A): the only non 3rdparty c++-files that still
have trailing whitespace after this change are:
* src/corelib/codecs/cp949codetbl_p.h
* src/corelib/codecs/qjpunicode.cpp
* src/corelib/codecs/qbig5codec.cpp
* src/corelib/xml/qxmlstream_p.h
* src/tools/qdoc/qmlparser/qqmljsgrammar.cpp
* src/tools/uic/ui4.cpp
* tests/auto/other/qtokenautomaton/tokenizers/*
* tests/benchmarks/corelib/tools/qstring/data.cpp
* util/lexgen/tokenizer.cpp
Note B): in about 30 files some overlapping 'leading tab' and
'TAB character in non-leading whitespace' issues have been fixed
to make the sanity bot happy. Plus some general ws-fixes here
and there as asked for during review.
Change-Id: Ia713113c34d82442d6ce4d93d8b1cf545075d11d
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
|
| |
|
|
|
|
|
|
| |
Introduced Q_OS_ANDROID_NO_SDK which makes more sense than
Q_OS_LINUX_ANDROID when Q_OS_ANDROID also defines Q_OS_LINUX.
Change-Id: Id2aa228b66daffba82776a12c91a264a360afd86
Reviewed-by: Gunnar Sletta <gunnar.sletta@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on the Necessitas project by Bogdan Vatra.
Contributors to the Qt5 project:
BogDan Vatra <bogdan@kde.org>
Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@digia.com>
hjk <hjk121@nokiamail.com>
Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Paul Olav Tvete <paul.tvete@digia.com>
Robin Burchell <robin+qt@viroteck.net>
Samuel Rødal <samuel.rodal@digia.com>
Yoann Lopes <yoann.lopes@digia.com>
The full history of the Qt5 port can be found in refs/old-heads/android,
SHA-1 249ca9ca2c7d876b91b31df9434dde47f9065d0d
Change-Id: Iff1a7b2dbb707c986f2639e65e39ed8f22430120
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add intermediate certificates to our server sockets, and to our client
certs.
Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba
Task-Number: QTBUG-19825
Task-Number: QTBUG-13281
Reviewed-by: Peter Hartmann <phartmann@rim.com>
|
| |
|
|
|
|
|
|
|
| |
Instead of storing a single QSslCertificate for a the local cert, store
a list of them. This will allow us to handle server sockets that use a
certificate that is not issued directly from the CA root in future.
Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96
Reviewed-by: Peter Hartmann <phartmann@rim.com>
|
| |\
| |
| |
| |
| |
| |
| | |
Conflicts:
src/widgets/styles/qmacstyle_mac.mm
Change-Id: If8326db9e7da3cbf45dbf7475fdff9915c7723b1
|
| | |
| |
| |
| |
| |
| |
| | |
... because almost everybody gets it wrong almost every time.
Change-Id: I54938ef094323ba8de02186b585b11b9579f3ca4
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Qt5 requires Mac OS 10.6, so we can remove checks such as
if MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6
Change-Id: Iea21727a277291148704ecf9677ed0b68c24920f
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/concurrent/doc/qtconcurrent.qdocconf
src/corelib/doc/qtcore.qdocconf
src/corelib/global/qglobal.h
src/dbus/doc/qtdbus.qdocconf
src/dbus/qdbusmessage.h
src/gui/doc/qtgui.qdocconf
src/gui/image/qimagereader.cpp
src/network/doc/qtnetwork.qdocconf
src/opengl/doc/qtopengl.qdocconf
src/opengl/qgl.h
src/plugins/platforms/windows/qwindowswindow.cpp
src/printsupport/doc/qtprintsupport.qdocconf
src/sql/doc/qtsql.qdocconf
src/testlib/doc/qttestlib.qdocconf
src/tools/qdoc/doc/config/qt-cpp-ignore.qdocconf
src/widgets/doc/qtwidgets.qdocconf
src/xml/doc/qtxml.qdocconf
Change-Id: Ie9a1fa2cc44bec22a0b942e817a1095ca3414629
|
| | |
| |
| |
| |
| |
| | |
Change-Id: I559d4dd8789a249af855f6fe9bfe013ba1d77132
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
DER certificates should not be opened as text files, so we
only pass the QIODevice::Text flag when the format is
QSsl::Pem.
Change-Id: I4bad98023c397b967d5beeec0aaa6c414e06fd9c
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When OpenSSL is built using MSVC then the library names are
named ssleay32.dll and libeay32. However, when OpenSSL is built
with GCC then different library names are used like libssl-10.dll
and libcrypto-10.dll (depending on the version of OpenSSL used)
Change-Id: Icb79a5f82d2a511752bfc904f53a58423ce4b86b
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes a compilation error with GCC 4.7
which was introduced in b5652df775efbd1c52eecee5f08e40e600e5d70b
In function ‘SSL_SESSION* q_SSL_get1_session(const SSL*)’:
invalid conversion from ‘const SSL* {aka const ssl_st*}’ to ‘SSL* {aka ssl_st*}’ [-fpermissive]
Change-Id: I909f7fb4295b2019283a7af66a038d4711e5f7cb
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@rim.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This improves performance since a network round trip can be avoided.
Change-Id: I1aaff7e48ef9638cb137de0f43942c3a4dd2884a
Initial-patch-by: Markus Goetz <markus@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| | |
refs/staging/dev
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Follow the conventions at
http://qt-project.org/wiki/Spelling_Module_Names_in_Qt_Documentation
QtCore -> Qt Core
QtDBus -> Qt D-Bus
QtDesigner -> Qt Designer
QtGui -> Qt GUI
QtImageFormats -> Qt Image Formats
QtNetwork -> Qt Network
QtPrintSupport -> Qt Print Support
QtScript -> Qt Script
QtSql -> Qt SQL
QtSvg -> Qt SVG
QtTest -> Qt Test
QtWebKit -> Qt WebKit
QtWidgets -> Qt Widgets
QtXml -> Qt XML
QtConcurrent -> Qt Concurrent (partial)
QtQuick -> Qt Quick (partial)
Also, distinguish between "module" and "library"
Change-Id: Icb8aa695ae60b0e45920b0c8fce4dc763a12b0cd
Reviewed-by: Jerome Pasion <jerome.pasion@digia.com>
|
| |/
|
|
|
|
|
|
|
|
|
| |
The macro was made empty in ba3dc5f3b56d1fab6fe37fe7ae08096d7dc68bcb
and is no longer necessary or used.
Discussed-on: http://lists.qt-project.org/pipermail/development/2013-January/009284.html
Change-Id: Id2bb2e2cabde059305d4af5f12593344ba30f001
Reviewed-by: Laszlo Papp <lpapp@kde.org>
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
Reviewed-by: hjk <hjk121@nokiamail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make sure we keep track of when we can load root certs and when we
cannot (we cannot when the developer set the certs explicitly). This is
implemented the same way for QSslSocket already, and needs to be
duplicated because we have 2 methods for setting CA certificates: one in
QSslSocket and one in QSslConfiguration.
In addition, adapt the auto test which checks whether setting a default
QSslConfiguration works: There is no way to set on demand loading
through the API, so it should be enabled by default.
Task-number: QTBUG-29103
Change-Id: I5146128aaa385dfcc0ad1e0ef81a92d9350ec5f2
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
| |
Change-Id: Ic804938fc352291d011800d21e549c10acac66fb
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
|
| |
|
|
|
|
|
|
|
| |
Currently /etc/openssl/certs is symlinked to
/var/certmgr/web/user_trusted, but this will be changed in the future.
/etc/openssl/certs is the folder to be used to read the root certs.
Change-Id: Ic037e5075ec7ee50c132fe08dc69abbe585e32e4
Reviewed-by: Sean Harmer <sean.harmer@kdab.com>
|
| |
|
|
|
|
|
|
|
|
| |
On Mac if AssertMacros.h has already been included then it defines
verify which conflicts with the verify static function. Therefore we
just undef this if is already defined.
Task-number: QTBUG-27316
Change-Id: I5960e504c4efa4fc4ff65ba66bbd7decb33ffc62
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Those certificates have erroneously set the CA attribute to true,
meaning everybody in possesion of their keys can issue certificates on
their own.
Task-number: QTBUG-28937
Change-Id: Iff351e590ad3e6ab802e6fa1d65a9a9a9f7683de
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise it is possible to assert if
qRegisterMetaType<QList<QSslError> >("QList<QSslError>")
is called in a TU which does not include the Q_DECLARE_METATYPE
invocation.
Change-Id: Ice1ffbb0f8d0a745d2bffc8b4e13ca31621e8ca4
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
| |
Change-Id: I37ccb10d40d2a848b7c251286d29aeb85411e912
Reviewed-by: hjk <qthjk@ovi.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL changed the layout of X509_STORE_CTX between 0.9 and 1.0
So we have to consider this struct as private implementation, and use
the access functions instead.
This bug would cause certificate verification problems if a different
version of openssl is loaded at runtime to the headers Qt was compiled
against.
Task-number: QTBUG-28343
Change-Id: I47fc24336f7d9c80f08f9c8ba6debc51a5591258
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
| |
QText*Format and QDns* ones are still missing.
Change-Id: I8e87fba596e87289ca935717e0a90bfc0b0a26c0
Reviewed-by: hjk <qthjk@ovi.com>
|
| |
|
|
|
| |
Change-Id: If72d80979e1d2ea909227785cd691be39d75c8ab
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
| |
Change-Id: Ie080cd3d0a6ac37fad625759946a71134c989c83
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When doing happy eyeballs style network state lookup, we might have to
close an SSL socket from its connected signal. This can cause the warning:
QSslSocket::startClientEncryption: cannot start handshake when not connected
The signal should be emitted after we called startClientEncryption to
avoid this warning. In that case it will initialize the encryption
and ramp it down right after.
Change-Id: I0c8c79cad7f91f0088b87c5e4ee8aafbc688411c
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
| |
Change-Id: If165933df41e518f5ba6065792676260fd2492b6
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
|
