summaryrefslogtreecommitdiffstats
path: root/src/network/ssl
Commit message (Collapse)AuthorAgeFilesLines
* Add support for explicit TLS 1.1 and 1.2Brendan Long2012-08-295-0/+48
| | | | | | | | | | | | Add SslProtocol enums TlsV1_1 and TlsV1_2 and use the appropriate OpenSSL methods when they're selected (TLSv1_1_client_method, TLSv1_2_client_method, TLSv1_1_server_method and TLSv1_2_server_method). This allows us to explicitly use TLS 1.1 or 1.2. Task-number: QTBUG-26866 Change-Id: I159da548546fa746c20e9e96bc0e5b785e4e761b Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* SSL: remove unneeded volatile qualificationsMarc Mutz2012-08-291-2/+2
| | | | | | | | | | These two variables are only ever accessed under mutex protection, and don't otherwise look like they could be changed by the hardware, so remove the volatile qualifier. Change-Id: I714451bb3e80778b971a901d53fe13e1b01dd84f Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* QtNetwork: declare some classes as sharedMarc Mutz2012-08-236-0/+10
| | | | | Change-Id: Ib3eaba59836529ad0cf8e4353b54dd0cd31fd1ad Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* doc: Fixed qdoc errors in SSLMartin Smith2012-08-182-12/+14
| | | | | | | | | Fixed some bad camel case, marked some parameters with \a, and changed a \enum to a \typedef. Removed some obasolete text. Change-Id: I1e69dd9f3b74129230770addc80fe1c125faf268 Reviewed-by: Richard J. Moore <rich@kde.org>
* Add possibility to add OpenSSL, DBUS, MySQL path under WindowsAndreas Holzammer2012-08-071-0/+5
| | | | | | | | | | | Under Windows it's quite possible that OpenSSL, DBUS or MySQL is not installed into a central place. If -I and -L is passed at configure time, it is added to all targets, and if that path contained a conflicting header things would go wrong. Change-Id: Ic3338c49aa6eaa91b3abf5341e709ef604bf7aab Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
* add configure options for debug/release OpenSSLPeter Kümmel2012-07-311-1/+12
| | | | | | | | | msvc cannot use the same library for debug and release builds if openssl libraries are linked statically into the network library. Change-Id: Ic27ede2d9531b94aff4c50c1699947ce72caf286 Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
* QtNetwork: unbreak QT_NO_SSL buildMarc Mutz2012-07-262-10/+8
| | | | | | | | | | | The Q_DECLARE_METATYPE()s were outside of #ifndef QT_NO_SSL for classes that are defined inside. Expand the #ifndef block. Change-Id: I45b73a24032fb2a79fd80d91282b782daa8a8f68 Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com> Reviewed-by: Rafael Roquetto <rafael.roquetto@kdab.com>
* QtNetwork: use nullary version of qRegisterMetaType<T>("T")Marc Mutz2012-07-253-4/+4
| | | | | | | | | | | | | | | | | Using the nullary version has the advantage that multiple calls during a program run are much more efficient, since an inlined atomic is used to store the result. It also ensures that Q_DECLARE_METATYPE(T) has been used, whereas qRegisterMetaType<T>("T") will happily register anything. So I've added the macro where it was missing, or moved it to a central place when it existed hidden. In tst_qnetworkreply, this became a bit tricky, because a private header is conditionally included, so moved the Q_DECLARE_METATYPE() into a conditional section, too. Change-Id: I71484523e4277f4697b7d4b2ddc3505375162727 Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
* QtNetwork: add member-swap to shared classesMarc Mutz2012-07-0612-0/+65
| | | | | | | | Implemented as in other shared classes (e.g. QPen). Change-Id: Ib3d87ff99603e617cc8810489f9f5e9fe054cd2a Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* QSslCertificate::fromPath fix wildcard handlingMartin Petersson2012-07-031-23/+30
| | | | | | | | | | | | | | The reqExp used to handle wildcards in the path was broken. So we always searched the working directory and not the specified path. Autotest where passing because of a hack used for Windows paths where we removed the first two chars in the path string. This fix will not use nativeSeparators thus removing the Windows hack and fix the regExp to match wildcard chars. Task-number: QTBUG-23573 Change-Id: I56fadbb67f25b8ce9c0f17cb6232e0bdb9148b1c Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* QtNetwork: remove double buffering on socketsMartin Petersson2012-06-262-20/+14
| | | | | | | | | Removes the readBuffer from the QAbstractSocket since data is already buffered in the QIODevice. Change-Id: I4e50b791fd2852455e526fa2c07089d4d3f0b2a4 Reviewed-by: Prasanth Ullattil <prasanth.ullattil@nokia.com> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Mark the testSslOption method as introduced in Qt 4.8Laszlo Papp2012-06-071-0/+2
| | | | | | Change-Id: Ibe7cb1ca9cdcedd3f09dd4f865907e3f0fa6aef3 Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* Add Blackberry path for SSL certificatesNicolas Arnaud-Cormos2012-06-061-0/+1
| | | | | | Change-Id: Ic01e4bddaa6f1fd94f16952e0818f4369c2ec8ab Reviewed-by: Sean Harmer <sean.harmer@kdab.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Fix deprecated API warningShane Kearns2012-05-231-1/+1
| | | | | | | | | | Check for blacklisting in case the application has blacklisted a cert before windows has (currently unlikely as the blacklist is hardcoded in Qt) Don't need to check for time validity because that's already checked by the windows API. Change-Id: I34da5c4a8a0f8851b9b7668fc421a93c360c8588 Reviewed-by: Richard J. Moore <rich@kde.org>
* Change QSslCertificate::toText() to return a QString.Richard Moore2012-05-213-8/+8
| | | | | | | | | | A couple of people reviewing the toText() method (which is new in 5.0) have said that since the string returned is human readable it should be a QString not a QByteArray. This change follows their advice. Change-Id: Ibade9a24870805f7fbe2d299abeb9c6e964f0cf4 Reviewed-by: Girish Ramakrishnan <girish.1.ramakrishnan@nokia.com> Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
* Doc: Fix \sa usageMarius Storm-Olsen2012-05-111-1/+1
| | | | | | | | | Ensure comma between elements (757 missing), single space and curly- braces around title elements, etc. Change-Id: Id16c3fda7fc47a12a0682f8720214f4990609a97 Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Doc: Modularize QtNetwork documentation.Casper van Donderen2012-05-093-9/+9
| | | | | | | This change moves the snippets and imagesto the modularized directories. Change-Id: If14912692a7f72d7de345eaf88d9ec9752310fca Reviewed-by: Marius Storm-Olsen <marius.storm-olsen@nokia.com>
* Various minor fixes for qdoc warnings.Richard Moore2012-05-062-9/+11
| | | | | Change-Id: I54c5ab6e1bfb1816bb510be9e2bfa1e3362faa36 Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Fix more qdoc warnings in qtnetwork.Richard Moore2012-05-063-1/+9
| | | | | Change-Id: Ibfac6236e9f68b41e34e67ef03cfd590582439be Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Change remaining uses of {to,from}Ascii to {to,from}Latin1 [QtNetwork]Thiago Macieira2012-05-041-1/+1
| | | | | | | | | | | | This operation should be a no-op anyway, since at this point in time, the fromAscii and toAscii functions simply call their fromLatin1 and toLatin1 counterparts. Task-number: QTBUG-21872 Change-Id: I94cc301ea75cc689bcb6e2d417120cf14e36808d Reviewed-by: Lars Knoll <lars.knoll@nokia.com> Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Rename QAbstractSocket::PauseOnNotify -> PauseOnSslErrorsShane Kearns2012-05-042-2/+2
| | | | | | | | | | | | | | | Although we created an enum for pause modes to make 5.x binary compatible with 5.0, the enum value is not well named. In 5.1, we propose to add PauseOnProxyAuthentication to the enum. PauseOnNotify is not clear what it means, while PauseOnSslErrors is. Any new notification in a minor release would need a new enum value otherwise applications would get pauses they did not expect. Task-number: QTBUG-19032 Change-Id: I4dbb7467663b37ca7f0551d24a31bc013968bedc Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
* Fix windows cert fetcher if site presents full chainShane Kearns2012-05-041-1/+3
| | | | | | | | | | | | | | | | | If a website presents the complete certificate chain in the handshake i.e. site -> intermediate CA -> root CA then openssl gives a different error (SelfSignedCertificateInChain) Because of this windows feature, that either means the site is signed by an untrusted CA, or the CA trust status is unknown because we don't have the root cert in the cert store. In any case, calling the windows verification function results in a trusted chain & the root being added to the cert store. Task-number: QTBUG-24827 Change-Id: I2663ea2f86cd0b4dfde105d858ec1b39a340c1f6 Reviewed-by: Richard J. Moore <rich@kde.org>
* Document new APIs in 5.0Shane Kearns2012-05-033-0/+11
| | | | | | | | The \since 5.0 directive was missing from many places. Task-number: QTBUG-24001 Change-Id: I191ba8891ae66d78f923164bcab2fccb16eabef9 Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Document deprecated APIs in QSslShane Kearns2012-05-031-0/+10
| | | | | | | Task-number: QTBUG-24001 Change-Id: I8d0980bd5418e9324d0a0fe55c00b432c0a98fb1 Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Document QSslCertificate deprecated functionsShane Kearns2012-05-031-4/+16
| | | | | | | | With the new functions linked Task-number: QTBUG-24001 Change-Id: I9fd2de746a6342a1f4f182189e7f2529f092c003 Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
* Optimise windows cert fetching and fix test case.Shane Kearns2012-05-031-4/+22
| | | | | | | | | | | | | If we're not going to verify the peer, or we know in advance that windows won't have a CA root then don't ask it to verify the certificate chain. The test case started failing in CI when the windows cert fetcher was integrated due to timing change. I've relaxed the timing requirement of the test to avoid it being unstable. Task-number: QTBUG-24827 Change-Id: I694f193f7d96962667f00aa01b9483b326e3e054 Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
* Fixed compile of QSslSocket with -qtnamespace on Windows.Rohan McGovern2012-05-012-9/+15
| | | | | | | | | | | Q_DECLARE_METATYPE must be outside of the qt namespace. System headers must be included outside of the qt namespace. Change-Id: I2f48b1df87e5edae2baee6ce813af08d3e011dc0 Reviewed-by: Sergio Ahumada <sergio.ahumada@nokia.com> Reviewed-by: Toby Tomkins <toby.tomkins@nokia.com> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* Improved detection of libcrypto and libssl.Niels Weber2012-04-241-12/+51
| | | | | | | | | | | | | | The previous solution didn't work on systems where the libraries aren't in the same location. Now we search for both libcrypto and libssl and load them if their versions match, even if they are in different directories. Task-number: QTBUG-25398 Change-Id: I37164638890586947d07670d8a59fc53a84f9c42 Reviewed-by: Joerg Bornemann <joerg.bornemann@nokia.com> Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Fix bug in qsslsocket peek()Kalle Viironen2012-04-232-0/+54
| | | | | | | | | | | | | | | | | | Calling peek() for qsslsocket caused socket data to be copied into qiodevices buffer and therefore make it unaccessible in qsslsocket. Cherry picked form 4.8-branch & modified to Qt5 API changes (int -> qintptr) Original commits: commit 621f18955082fc73471e75d1f8c35c2dcd4befeb Author: Shane Kearns <ext-shane.2.kearns@nokia.com> commit 68b1d5c17aa38d5921bdade2b0e0cb67c6c90513 Author: Kalle Viironen <kalle.viironen@digia.com> Task-number: QTBUG-18498 Change-Id: I6be4b19baec2f3197537f5e7b61432040ec84ad2 Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* QSslSocket: call to ERR_free_strings to free loaded error stringsMartin Petersson2012-04-203-0/+5
| | | | | | | | | | Since we are calling q_SSL_load_error_strings to load error strings we should call ERR_free_strings to free the memory again. Task-number: QTBUG-15732 Change-Id: Ie41291bb0e1434f82025378edfca51930712a8aa Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* fix qsslsocket build in -permissive mode (assigning const char* to char*)Konstantin Ritt2012-04-191-1/+1
| | | | | Change-Id: I76269630ebabdf601c2fcb5f65a8dffbd6cdbc5e Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* Change coreservices -> iosIan Dean2012-04-192-5/+5
| | | | | | | | Replace "contains(QT_CONFIG, coreservices)" with "!ios" in config files. Replace "QT_NO_CORESERVICES" with "Q_OS_IOS" in source files. Change-Id: Id3b02316b245a24ce550e0b47596d18a4a409e4f Reviewed-by: Morten Johan Sørvig <morten.sorvig@nokia.com>
* Merge remote-tracking branch 'origin/api_changes'Lars Knoll2012-04-172-3/+3
|\ | | | | | | Change-Id: I964b0a6f5c38351fdfafb8a2a128a349ff8c89d1
| * Merge remote-tracking branch 'origin/master' into api_changesLars Knoll2012-04-165-18/+260
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure src/corelib/io/qurl.cpp src/gui/kernel/qwindow.cpp src/tools/moc/generator.cpp src/widgets/kernel/qwidget_qpa.cpp src/widgets/styles/qstyle.h src/widgets/widgets/qtabbar.cpp tests/auto/corelib/codecs/utf8/tst_utf8.cpp Change-Id: Ia457228d6f684ec8184e13e8fcc9d25857b1751e
| * \ Merge remote-tracking branch 'origin/master' into api_changesOswald Buddenhagen2012-04-101-0/+26
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure src/widgets/styles/qwindowsxpstyle.cpp tests/auto/gui/kernel/qwindow/qwindow.pro tests/auto/gui/kernel/qwindow/tst_qwindow.cpp Change-Id: I624b6d26abce9874c610c04954c1c45bc074bef3
| * \ \ Merge master into api_changesKent Hansen2012-03-231-2/+1
| |\ \ \ | | | | | | | | | | | | | | | Change-Id: I93551e4d13a1b0815b359b9415060e9089477db1
| * | | | QtNetwork: make some constructors explicitMarc Mutz2012-03-142-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a semi-automatic search, so I'm reasonably sure that all the exported ones have been caught. Change-Id: Ia00eb9194a5f64002bd7e7b894abf6333d1b825e Reviewed-by: Jonas Gastal <jgastal@profusion.mobi> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* | | | | Trivial doc fix.Richard Moore2012-04-161-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I837c74d38b9f73aed41c3839421f5faad9d22f3f Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* | | | | Minor doc improvements.Richard Moore2012-04-161-0/+9
| |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | Change-Id: Ic14cefcf935fea822c581013f437ae61b820ddd9 Reviewed-by: Giuseppe D'Angelo <dangelog@gmail.com> Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* | | | Added iOS compatibility.Qt4iOS2012-04-132-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Put MacOS-specific code into #ifdef blocks to enable compilation on iOS. Change-Id: I0bb3846f457d1b3a56d99fe182b1718bc8429117 Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* | | | Use windows API to update missing CA rootsShane Kearns2012-04-115-14/+254
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Windows ships with a minimal set of CA roots. When using windows API to verify a certificate, it will fetch the root certificate from windows update (assuming it is part of the Microsoft trust program). As we are using openssl, this does not happen transparently. If SSL errors occur which indicate a broken chain then attempt to fix it using the windows API before emitting sslErrors. If the system CA certs are not in use (a CA bundle has been set on the socket or as the global configuration), then this is skipped. This is so an application can continue to use its own cert bundle rather than trusting the system certs. Key usage is specified, so that windows will return not trusted status if the root is not suitable for SSL (server auth or client auth OID). Testability: - to test, must delete the CA cert(s) from the "third party root certification authorities" section of the cert store using mmc.exe. - If the workaround of installing the windows XP cert bundle was performed, then you also need to delete certs from the "trusted root certification authorities" section. This is dangerous, be careful not to delete the required certificates which are documented on MS website - Naturally, modifying these areas of the cert store requires elevated privilege. Task-number: QTBUG-24827 Change-Id: I5cfe71c8a10595731f6bbbbabaaefa3313496654 Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* | | Find libssl on linux using paths of loaded librariesShane Kearns2012-04-051-0/+26
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The installed path of libssl may include an element describing the architecture, e.g. x86_64-linux-gnu or i386-linux-gnu. In most cases, the libraries already loaded (static dependencies of Qt, such as libc) will include the path where libssl is installed. Use dl_iterate_phdr to find the paths. This is a linux specific function, but it does provide "/lib/<arch>" and "/usr/lib/<arch>" at the point ssl symbols are being resolved when running the qsslsocket autotest (which has less dependencies than a typical Qt app). Task-number: QTBUG-24694 Change-Id: I9af8081f41bb85c2fcff450a2acda5672a7f7518 Reviewed-by: Harald Fernengel <harald.fernengel@nokia.com>
* | Fix QT_NO_DEBUG_STREAM buildRichard Moore2012-03-201-2/+1
|/ | | | | Change-Id: I640f93750583d36284f189fa12bac6440664a7a2 Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
* Use SSL_MODE_RELEASE_BUFFERS in QSslSocketMartin Petersson2012-03-092-0/+8
| | | | | | | | | | | | If SSL_MODE_RELEASE_BUFFERS is available we should tell OpenSSL to release memory early. http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html Task-number: QTBUG-14985 Change-Id: Ib6656ebb3c4d67ca868b317ee83ddbf0983953f9 Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Markus Goetz <markus@woboq.com>
* QtNetwork: blacklist two more certificatesMartin Petersson2012-03-081-0/+2
| | | | | | | | | | | The comodogate 72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0 certificate is a test certificate and the MD5 Collisions was created as a proof of concept deliberately made to be expired at the time of it's creation. Task-number: QTBUG-24654 Change-Id: Ic8eb417363569fe50bf19cd229658f5e371862f7 Reviewed-by: Richard J. Moore <rich@kde.org>
* QSslCertificate - make lazy initialisation thread safeShane Kearns2012-03-061-0/+9
| | | | | | | | | | | | | | | | | | | QSslCertificate can be copied around into multiple threads, without detaching. For example, the https worker threads inside QNetworkAccessManager. There are const methods, which lazily initialise members of the private class without detaching (i.e. caching results of expensive function calls) These functions now lock the d pointer using QMutexPool to avoid concurrency related crashes. autotest crashes 20% of the time in release builds without the fix, passes 100 times in a row with the fix. Task-number: QTBUG-20452 Change-Id: I64a01af8159216f2dd6215a08669890f6c029ca8 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Remove the usage of deprecated qdoc macros.Casper van Donderen2012-03-023-42/+42
| | | | | | | | | | | QDoc now has support for Doxygen style commands for italics, bold and list items. This change applies that change in QDoc to the actual documentation. Task-number: QTBUG-24578 Change-Id: I519bf9c29b14092e3ab6067612f42bf749eeedf5 Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
* QSslError: fix wrong #endif placementMarc Mutz2012-02-251-1/+1
| | | | | | | | This would break a namespaced Qt when QT_NO_DEBUG_STREAM was in effect. Unlikely to hit, but nevertheless fixworthy. Change-Id: Ie2a4cf4334a6a610c84233ab1ca89b928386c91a Reviewed-by: Richard J. Moore <rich@kde.org>
* QSslSocket::verify certificates when on-demand loading is usedMartin Petersson2012-02-231-0/+4
| | | | | | Task-number: QTBUG-24350 Change-Id: I5a328efe6606f5d438bb4787a5c02a425ce42aca Reviewed-by: Richard J. Moore <rich@kde.org>
* Test for QT_NO_SSL instead of QT_NO_OPENSSLShane Kearns2012-02-211-1/+1
| | | | | | | | Change the ifdefs in our own code (except openssl backend) to use the new configure flag. Change-Id: I8774734771c66b22164b5fae8fdb27814ac3df7b Reviewed-by: Richard J. Moore <rich@kde.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 07:05:00 +0000