| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was a time when qsslsocket.h declared its private slots as
Q_PRIVATE_SLOT(d, void _q_connectedSlot())
But now they are correctly declared as
Q_PRIVATE_SLOT(d_func(), void _q_connectedSlot())
so the "#define d d_ptr" hack isn't needed.
Specifically, the define would break moc-generated code that refers
to the member d of a structure (which a future moc revision does,
namely QByteArrayData::d).
Change-Id: Ic94fa4d523fb17e8088973cfc0d090d5cce97267
Reviewed-by: Jonas Gastal <jgastal@profusion.mobi>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
QSslSocket overrides one version of QAbstractSocket::connectToHost.
Since these functions were made virtual, this now hides the other
overloads.
Added a using statement to make the other overloads visible.
Change-Id: Ia48fdc9bd67936c75c25bb24dabd26a723bb7a05
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
| |
This file was removed in commit ba9302b8a9b6b50f37987261c1ade9af2ade2d3c
Change-Id: Ib3a70877f6f6848c8cf072faf13da93abbe186f2
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSL context was destroyed on disconnect. This makes it impossible to
decrypt buffered encrypted data. So if there is encrypted data in the
receive buffers, then don't destroy the ssl context until the socket is
destroyed.
Task-Number: QTBUG-23607
Change-Id: I16a7b4fa006647ec73049c90cdbc72686696850f
Reviewed-by: Jonas Gastal <jgastal@profusion.mobi>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Always use <qt_windows.h> as the last file to be included.
- Remove it from some headers, use Qt::HANDLE instead of HANDLE.
- Clean up #ifdef, use Q_OS_WIN for Windows/Windows CE.
- Add NOMINMAX to qt_windows.h to avoid problems with the
min/max macros.
- Remove <windows.h> from qplatformdefs.h (VS2005)
Change-Id: Ic44e2cb3eafce38e1ad645c3bf85745439398e50
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Joerg Bornemann <joerg.bornemann@nokia.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Create new QAbstractSocket::SocketError value that denotes a error in
the SSL library: SslInternalError
Create QAbstractSocket::SocketError value that denotes a error in data
provided by user cauding an SSL library error: SslInvalidUserDataError
Change-Id: I466a9389d9d7052efd8eddd1a2d6067ba26dfddb
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <ext-shane.2.kearns@nokia.com>
|
|
|
|
|
|
|
|
|
| |
Implementating this would cause massive SC breakage and give little
gain.
Change-Id: I56a6d302fdd0e8b53d1f9154f3eaf9e1ee429f9d
Reviewed-by: Giuseppe D'Angelo <dangelog@gmail.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The intention is to add additional pause modes over time, this will
be easier if we can just test if a particular reason for pausing is
turned on. If we don't do this we'll end up having to check for each
enum value every time we check what is enabled.
Change-Id: I6b08f0e819b5593e3f6463c3dd175eff8625e155
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@nokia.com>
Reviewed-by: Shane Kearns <ext-shane.2.kearns@nokia.com>
|
|
|
|
|
|
|
|
|
|
| |
As in the past, to avoid rewriting various autotests that contain
line-number information, an extra blank line has been inserted at the
end of the license text to ensure that this commit does not change the
total number of lines in the license header.
Change-Id: I311e001373776812699d6efc045b5f742890c689
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
|
|
|
|
|
|
|
|
| |
Per ### Qt5 comment and the fact that it was already virtual on
QAbstractSocket.
Change-Id: If2d2b2f9cdec1ef4c5bf625e3ce0d6f2d9a7bdfd
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
| |
Change-Id: I1f128eb9f99ef4d25590bd034762cb8a0e68b075
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
| |
Change-Id: Iaa9cfd709c0ca4192760117ba5ec6d3992804d6a
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pause and resume is currently only supported upon emitting the
QSslSocket::sslErrors() signal. The API was added in QAbstractSocket to
also support QAbstractSocket::proxyAuthenticationRequired() in the
future.
This is the first patch to support that feature on the socket level,
another patch will follow to support sslErrors() and
authenticationRequired() in QNetworkAccessManager / QNetworkReply.
Task-number: QTBUG-19032
Change-Id: Ide2918268590ab9a01454ab26cb7fdca3dc840ab
Reviewed-by: Shane Kearns <ext-shane.2.kearns@nokia.com>
|
|
|
|
|
|
|
|
|
|
| |
These defines were there to aid in the commercial
licensing scheme we used long ago, and are no longer needed.
Keep a QT_MODULE(x) define so other modules continue compiling.
Change-Id: I8fd76cd5270df8f14aee746b6cf32ebf7c23fec7
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
|
|
|
|
|
|
|
| |
Replace Nokia contact email address with Qt Project website.
Change-Id: I431bbbf76d7c27d8b502f87947675c116994c415
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
|
|
|
|
|
|
|
|
| |
It was checked in a few places, but it didn't actually remove QTextStream,
so it was pretty useless.
Change-Id: I8eaf28893cd6c7acbe1c0b69d58de90742aee755
Reviewed-by: João Abecasis <joao.abecasis@nokia.com>
|
|
|
|
|
|
|
|
|
|
| |
This is to help us debug problems with CA certificates.
Code is not compiled by default, only when QtNetwork is built with
QSSLSOCKET_DEBUG defined
Change-Id: I404c36bf4c6bf1190f480196038197be30b4b5f9
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
| |
Change-Id: Ib1dfae4031f00fb331108152a259f6a2756381c9
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL tries certificates in the order they are added to the store.
There was logic to add the expired certificates after the valid ones
to ensure the valid certificate is checked first if the OS cert store
contains both the expired and renewed version of the same cert (e.g.
the verisign class 3 cert on windows)
However due to a coding error, the ordering was reversed, ensuring the
problem is always encountered instead of always avoided.
Task-number: QTBUG-20012
Change-Id: I7c8dba8a09842540a22b44d33c7dcb22bbbc6a58
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At the moment users of Qt must detect if it was compiled with SSL
support by testing for QT_NO_OPENSSL. This means that any code that is
conditionally compiled this way is tied to the presence of the openssl
backend. This commit makes it possible to implement new SSL backends
during the Qt5 lifetime without breaking this code. People can still
test for QT_NO_OPENSSL if they really need openssl, but if they simply
want to know if there's SSL support at all they should use this define
instead.
In addition, this commit changes the public API headers to use the new
define.
Change-Id: Ib57a71aa65836ac9351f120a487bfeb8009d9515
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
|
|
|
|
|
|
|
|
|
| |
Windows x64 uses 64 bits integer for sockets, to ensure compatibility we
should use ptr sized integers for our socket descriptors.
Task-number: QTBUG-19004
Change-Id: I4b56023874a4f1bad107c66c054fecfedde33d88
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
|
|
|
|
|
| |
Change-Id: I02f2c620296fcd91d4967d58767ea33fc4e1e7dc
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes Qt load the default openssl config always, not just
when compiled with OPENSSL_LOAD_CONF. This means that facilities like
openssl engines (and their configuration) are usable. An alternative
would be to call OPENSSL_config(NULL) ourselves, but that's exactly
what the OPENSSL_add_all_algorithms_conf does for us.
Task-number: QTBUG-16018
Change-Id: I4cda701f82627e0541b6225009f4e1249aec9d47
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an ssl socket is closed during connecting, and it is using a proxy
then it is possible for the plain socket to be in pending close state
when transmit() is called.
As errors were not handled, this caused the socket (and https request)
to "hang".
It now propagates the error from plain socket.
Change-Id: I6fb86815a2a63e197cea582f4b153e487543477c
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL's SSL_ctrl() always took a "void *" argument as 4th parameter,
since at least version 0.9.7.
I have no idea why we had "const void *" in there.
Reviewed-by: Richard J. Moore <rich@kde.org>
Task-number: QTBUG-23132
(cherry picked from commit 4db91cbd6147e40f543342f22c05b7baddc52e5a)
Change-Id: Ie570e1cc59b72f13d3e6f3ed6fc1892444a63743
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Robin Burchell <robin+qt@viroteck.net>
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
|
|
|
|
|
|
|
| |
These aren't used, and so they shouldn't be there.
Change-Id: Id4a08d90836c45c140d811b8eca07756e14c56e5
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
|
|
|
|
|
|
|
|
| |
The docs say this is required, but we don't check it and instead
segfault right now.
Change-Id: I825b00a312a481c5383af127333c0c4698188348
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
|
|
|
|
|
|
|
|
| |
Centralise the specification of the default ssloptions to make the code
clearer and more testable.
Change-Id: I4f4bae72736dd063ee4cd64c6375e82d0600a105
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
|
|
|
|
|
|
|
|
|
| |
Since recently QSslCertificate::serialNumber() always returns the
hexadecimal format, so we need to adapt to that when checking the
serial numbers for the blacklisted certificates.
Change-Id: I43bdb1be77faad7ad79a835c896fc39477452e75
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
| |
... and only resolve the functions when the methods are available.
SSL 2 functionality is not always available in OpenSSL anymore.
Change-Id: Ia3178685b26c67ac55447476789e06710b596181
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
|
|
|
|
|
|
|
|
| |
This property is no longer necessary because we can now set the user
agent directly on the proxy.
Task-number: QTBUG-17223
Change-Id: I27cb126dd401f02525290d2317650f55cae9f4ef
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
|
|
|
|
|
|
|
|
|
| |
There's no real reason for the typedef here, QtNetwork
will compile without it and it might conflict with
openssl.
Change-Id: Id352ccc98d84ca9ee9ea3c7b4a942382882173f1
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
|
|
|
|
|
| |
The handling of QSslOptions is complicated not only by the subject, but
also by the fact that some of the openssl directives are negatives. This
commit tries to separate the inherent complexity from the complexity of
the api by allowing us to test them independently.
Change-Id: Ieb9386c69dd9b0b49dc42e26b2878a301f26ded1
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
|
|
|
|
|
|
|
| |
"qsslconfiguration.cpp:204:73: warning: suggest parentheses around
comparison in operand of ‘|’ [-Wparentheses]"
Change-Id: I887ffdf3ef8263c35a8f391b3fc97faee41b7dab
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
|
|
|
|
|
| |
Change-Id: I259b5fde8e4d75d28def8650c4c9208accdf0bbe
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a source-incompatible change.
TlsV1 is ambiguous; what is actually meant is TLS version 1.0. There are
also TLS versions 1.1 and 1.2; we might want to add options for these
once OpenSSL supports them (apparently they will be with OpenSSL version
1.0.1).
Change-Id: I940d020b181b5fa528788ef0c3c47e8ef873796a
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds the ability to perform legacy SSL renegotiation as
a fallback via QSsl::SslOptions. This is something that used to work,
but has been disabled by default in newer versions of openssl. The
need for this has been reported by users (eg. in QTBUG-14983).
Change-Id: I5b80f3ffd07e0c5faddc469f6a8f857bac5740f7
Reviewed-by: Corentin Chary <corentin.chary@gmail.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
|
|
|
|
|
|
|
|
| |
In Qt 4.x the serial number is reported by a mixture of the hex value
and the number, The hex is what is used by other tools, and we should do
the same.
Change-Id: Ia0361d43fb5b920d053c95e932e0c8a012436e5e
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
|
|
|
|
|
|
|
| |
removes several files and cleans up the code, removing all Symbian
specific #ifdef's etc.
Change-Id: Ie457e54cb4b3a992f251383320d47822259c38f1
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Currently isValid wrongly gives the impression it checks a certificate
for validity - it doesn't. It merely checks if the certificate dates
are valid and if the certificate is blacklisted. Since it's already
easy for users to check the dates, let's just give them access to the
ability to check for blacklisting.
Change-Id: I25be3bde6a01063034702a9574b28469bf4882cd
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
|
|
|
|
|
|
|
|
|
|
| |
... as did browser vendors.
Tested manually with affected CA certificates.
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit e1d6df4e5931ee49b4b68dd5a33146f5639268b7)
Change-Id: I5bf6c147abf6d2de0f313d65faa2d9a1e9684cea
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
|
|
|
|
|
|
|
|
|
| |
... by adding a new class QSslCertificateExtension and methods in
QSslCertificate to support extensions. This is needed e.g. for OCSP
(checking revocation status of a certificate) or Extended Validation
certificates.
Change-Id: I5c5d9513fa640cd487786bb9a5af734afebd0828
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
| |
(cherry picked from commit 9d5c920bb23b949a0b98f1268679a0a2c06dd1d9)
Change-Id: Id99040051afe97bca3b1a8e4e3ae5a4c7f617cc9
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
|
| |
Change-Id: Ide409d72d2637b68ec2a85aaca4bc783a7e911e7
Reviewed-by: Bradley T. Hughes <bradley.hughes@nokia.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are lots of buggy SSL servers around and to connect to them you
need to disable various features. This commit adds the ability to
disable the SSL ticket extension, the ability to disable the insertion
of empty fragments, and the ability to disable compression.
Task-number: QTBUG-21906
Change-Id: I3e1d0347a46e9030b889bbf15b2aad19b8513b73
Merge-request: 68
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
|
|
|
|
|
|
|
|
|
|
| |
and do not only check leaf certificates, but all intermediates and
the root. Tested manually with the cross-signed intermediates.
Change-Id: I860dc9b568bc244abc9228486dbb374a1a2b47c4
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit 64adbd0c5775f97343afbe0e7b5fde0d70bdaedd)
Reviewed-on: http://codereview.qt.nokia.com/4291
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
... to reduce the possibility of blacklisting valid certificates that
happen to have the same serial number as a blacklisted one, which is
unlikely, but possible.
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit 6b1a8129623e3716f2fc075608b260ce7c381fe2
and adapted to the source incompatible change)
Change-Id: If714c34f6ce028032eee6d68f34d088b6ad5a0cc
Reviewed-on: http://codereview.qt.nokia.com/3895
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
|
|
|
|
|
|
|
|
|
| |
Merge-request: 48
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Change-Id: Ia5ac3239e6f378f930cb299a5711aa98dbb2f418
Reviewed-on: http://codereview.qt.nokia.com/4012
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Also export two symbols for auto tests since opaque keys
need EVP_PKEY * created by openssl.
Change-Id: Ib7801ddfceb259de7291bfaa5940df87f68af97d
Merge-request: 48
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-on: http://codereview.qt.nokia.com/4011
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This allow to use directly EVP_PKEY * with QSslKey (for
example comming from a PKCS#11 dongle).
Change-Id: Icb1ba5081506a831ec3d8cfffe13ce70939608ea
Merge-request: 48
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-on: http://codereview.qt.nokia.com/4010
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
|