summaryrefslogtreecommitdiffstats
path: root/src/network/ssl
Commit message (Collapse)AuthorAgeFilesLines
* Please valgrind by not accessing uninitialized memoryAllan Sandfeld Jensen2015-03-141-2/+3
| | | | | | | | Fix access or uninitialized memory. It is safe in this case, but causes valgrind's memcheck to complain unnecessarily. Change-Id: I01ad09d282b07f7099ad6bed85f4327b3c7c677f Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Secure Transport - handle errSSLBadCert in server modeTimur Pocheptsov2015-03-122-4/+18
| | | | | | | | | | | Suddenly :(( With Security Framework v 7.0 dated by 17/02 SSLHandshake works differently when our server socket is requesting a client side authentication and client provides no certificate. Despite of kTryAuthenticate (this means, auth. _can_ fail) server receives an error from SSLHandshake too early. We have to handle this in startHandshake (when serveMode && canIgnore). Change-Id: Ie55540078e2944e80cf2f4ade8b000acf29d6ca2 Reviewed-by: Richard J. Moore <rich@kde.org>
* Silence MSVC warning about 64-bit conversion (loss of data)Thiago Macieira2015-03-121-1/+1
| | | | | | | | | | | One of the reasons why we use "int" everywhere: to avoid this annoyance about different types and having to explicitly cast to silence the compiler. qsslsocket_openssl.cpp(690) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data Change-Id: Ia0aac2f09e9245339951ffff13c8bdad334ce108 Reviewed-by: Richard J. Moore <rich@kde.org>
* QtNetwork: Fix const correctness in old style castsThiago Macieira2015-03-122-5/+5
| | | | | | | Found with GCC's -Wcast-qual. Change-Id: Ia0aac2f09e9245339951ffff13c946859c282001 Reviewed-by: Richard J. Moore <rich@kde.org>
* Fix bind+connect in both TCP and UDPThiago Macieira2015-03-042-0/+24
| | | | | | | | | | | | | | | | | This has been known to be broken for a while. Now it works: you can bind and you'll retain the port (and the file descriptor) for the connect call. Incidentally, in fixing the binding for more than one IP for the hostname (with event loop), this commit fixes the setSocketDescriptor XFAIL. [ChangeLog][QtNetwork] Fixed a bug that caused both QTcpSocket and QUdpSocket to close the socket and lose any bound ports before connecting. Now bind()/setSocketDescriptor() followed by connect() will retain the original file descriptor. Task-number: QTBUG-26538 Change-Id: I691caed7e8fd16a9cf687b5995afbf3006bf453a Reviewed-by: Richard J. Moore <rich@kde.org>
* QSslSocket: fix compilation errorNikita Baryshnikov2015-03-043-3/+3
| | | | | | | | invalid conversion from ‘unsigned char**’ to ‘const unsigned char**’ Task-number: QTBUG-44744 Change-Id: I6263db106fe28c6aa04db8ca79421b3a9fc5adc9 Reviewed-by: Richard J. Moore <rich@kde.org>
* QSslSocket: Factor out error message about failure to set the elliptic curves.Friedemann Kleint2015-02-251-2/+7
| | | | | Change-Id: Ic5305216536ee3938c389336c979b5c90fc886e4 Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
* Remove BlackBerry PlayBook support.Rafael Roquetto2015-02-201-1/+0
| | | | | | | | | | | | | | | | | Reasons: - the PlayBook NDK is old and its compiler does not keep up with newest C++11 improvements inside Qt code. - the PlayBook NDK diverges considerably from the standard BB10 NDK, making it non-trivial to keep a common codebase. - It's a defunct platform. - Maintenance time is limited. [ChangeLog][Platform Specific Changes] Removed BlackBerry PlayBook support. Change-Id: Ia338aff55f4e4b747ebdecb0e1463a369a656c03 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Bernd Weimer <bernd.weimer@pelagicore.com> Reviewed-by: Rafael Roquetto <rafael.roquetto@kdab.com>
* Fixed license headersJani Heikkinen2015-02-177-7/+7
| | | | | Change-Id: Ibebe1318d1c2de97601aa07269705c87737083ee Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
* Use d2i_DHparams instead of poking around inside the DH struct.Richard J. Moore2015-02-163-41/+14
| | | | | | | | This change is a step closer to working with openssl 1.2 which makes this struct opaque. Change-Id: I3897142657edc0fa4053142b6ef743c2b00c013e Reviewed-by: Peter Hartmann <peter-qt@hartmann.tk>
* QSsl: teach the SecureTransport backend about TlsV1_0OrLater, TlsV1_1OrLater ↵Mikkel Krautz2015-02-151-0/+21
| | | | | | | and TlsV1_2OrLater Change-Id: I001ffebef30b47b63cae6ea9487d9e96ca85ff92 Reviewed-by: Richard J. Moore <rich@kde.org>
* Secure Transport - enable client authenticationTimur Pocheptsov2015-02-131-35/+45
| | | | | | | | | Enable certificate/trust validation when socket is in server mode. Change-Id: I8fbba587a9484084495722219d83cca57973a3e6 Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org> Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Timur Pocheptsov <Timur.Pocheptsov@digia.com>
* QSsl: add TlsV1_0OrLater, TlsV1_1OrLater, TlsV1_2OrLaterMikkel Krautz2015-02-135-0/+44
| | | | | Change-Id: I90b99fb515dcf559824f673d2304081238541c4c Reviewed-by: Richard J. Moore <rich@kde.org>
* Network: Fix operator<<(QDebug, ...) operationsKai Koehne2015-02-124-11/+17
| | | | | | | | | | | | Use the QDebugStateSaver saver(debug); debug.resetFormat().nospace(); idiom to unify the formatting and whitespace handling. Change-Id: Id346d63b3f589b60ca19e4459271d587f1a0c003 Reviewed-by: Richard J. Moore <rich@kde.org>
* Use a union for different openssl typesAndré Klitzing2015-02-112-15/+10
| | | | | | | | | Since the algorithm can only be one the underlying structure can share the same memory. Change-Id: Ifeaa1a2d5c4ad3566cbbf847445b805876275260 Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Update copyright headersJani Heikkinen2015-02-1150-635/+475
| | | | | | | | | | | | | | | | | | Qt copyrights are now in The Qt Company, so we could update the source code headers accordingly. In the same go we should also fix the links to point to qt.io. Outdated header.LGPL removed (use header.LGPL21 instead) Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing combination. New header.LGPL-COMM taken in the use file which were using old header.LGPL3 (src/plugins/platforms/android/extract.cpp) Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license combination Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
* Merge remote-tracking branch 'origin/5.4' into devFrederik Gladhorn2015-02-105-7/+34
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: src/3rdparty/harfbuzz-ng/harfbuzz-ng.pro src/gui/image/qimage_conversions.cpp src/gui/opengl/qopenglextensions_p.h src/gui/text/qtextengine.cpp src/network/ssl/qsslsocket_openssl.cpp src/plugins/platforms/eglfs/qeglfshooks_stub.cpp src/plugins/platforms/eglfs/qeglfsscreen.cpp src/plugins/platforms/eglfs/qeglfswindow.cpp src/plugins/platforms/windows/qwindowsfontdatabase.cpp src/plugins/platforms/windows/qwindowsfontdatabase_ft.cpp src/plugins/platforms/windows/qwindowsnativeinterface.cpp src/plugins/platforms/windows/qwindowsscreen.cpp src/plugins/platforms/windows/qwindowswindow.cpp src/plugins/platforms/windows/qwindowswindow.h src/plugins/platforms/xcb/qxcbdrag.h src/widgets/itemviews/qabstractitemview.cpp src/widgets/kernel/qwidget.cpp src/widgets/util/qsystemtrayicon_p.h tests/auto/corelib/itemmodels/qsortfilterproxymodel/tst_qsortfilterproxymodel.cpp Thanks to Friedemann Kleint for resolving the qwindowsfontdatabase.cpp conflicts. Change-Id: I937232c30523d5121c195d947d92aec6f129b03e
| * SSL NPN negotiation: Do not abort on unmatched protocolsPeter Hartmann2015-02-051-7/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... but choose HTTP/1.1 and continue connecting anyhow. According to the NPN spec, actually we should choose SPDY: "In the event that the client doesn't support any of server's protocols, or the server doesn't advertise any, it SHOULD select the first protocol that it supports." However, some tested servers did not advertise anything and did not support SPDY, so blindly trying the newest protocol would fail. We are conservative in that case and choose HTTP. Task-number: QTBUG-40714 Change-Id: Ia8aaf01fea74e13d9e4416306f85f1890b25559e Reviewed-by: Richard J. Moore <rich@kde.org>
| * Merge remote-tracking branch 'origin/5.4.1' into 5.4Frederik Gladhorn2015-01-293-0/+19
| |\ | | | | | | | | | Change-Id: Idadb5639da6e55e7ac8cc30eedf76d147d8d5d23
| | * Set pendingClose to false on init in QSslSocketMichael Marley2015-01-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes an issue where under certain circumstances, QSslSocket could get stuck in a state where it would disconnect immediately after starting encryption. Since it doesn't make any sense for the socket to be initialized to a state where any connection attempt will fail, the pendingClose value should be set to false. Thanks to Martin Sandsmark for his help debugging this issue. Task-number: QTBUG-43793 Change-Id: I7deebacbac588c21439a8e594db4222095cf3f22 Reviewed-by: Richard J. Moore <rich@kde.org>
| | * Fix compile error if openssl is built with no-ssl3-methodAndré Klitzing2015-01-162-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since openssl 1.0.1k with enabled option no-ssl3-method we need to check for OPENSSL_NO_SSL3_METHOD to use following functions: - SSLv3_method - SSLv3_server_method - SSLv3_client_method Change-Id: Iee83a6f4bacbf5660baa6bdb89eb02ceb9f11614 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
| * | Doc: add missing since 5.4 for new sessionProtocol() methods.David Faure2015-01-192-0/+2
| |/ | | | | | | | | | | | | | | They were added in 233a2f37bfa6c896612cbf9a7db42e8e0da788f5, which is in 5.4, but the \since information was missing. Change-Id: I346a049cad75647fdcd7b64df80dc169bb4ec70a Reviewed-by: Richard J. Moore <rich@kde.org>
* | Remove unnecessary direct access to SSL_CIPHER struct.Richard J. Moore2015-02-081-9/+7
| | | | | | | | | | | | | | The cipher is always valid here, so this check was never needed anyway. Change-Id: I22be273d166702926b98f0c9443657a1dde65f6e Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
* | Remove legacy ifdefs for ancient openssl.Richard J. Moore2015-02-087-64/+9
| | | | | | | | | | | | | | | | | | | | | | There were still ifdefs for openssl 0.9.7 and openssl 0.9.8f. [ChangeLog][QtNetwork] Some legacy ifdefs for openssl 0.9.7 and openssl 0.9.8f were removed, Qt will no longer build with these versions. In addition there is no support for openssl built with NO_TLSEXT. Change-Id: I9268515c0a125a2f6d79add8ee1cb40768e7e898 Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
* | Use prefix instead of postfix for iteratorsMaks Naumov2015-02-081-2/+2
| | | | | | | | | | | | | | | | | | | | The postfix increment(decrement) creates a temp copy of *this before the modification and then returns that copy. It's needed only when using the old iterator and then incrementing it. Change-Id: I7f6702de78f5f987cec3556047e76049b4ee063a Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com> Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
* | Stop accessing the internals of the SSL_CTX structure.Richard J. Moore2015-02-073-1/+4
| | | | | | | | | | Change-Id: I51733e9a3bb0d5d54dc2f61ac75751d899a84bd1 Reviewed-by: Peter Hartmann <peter-qt@hartmann.tk>
* | ssl: fix QSslSocket::peerCertificateChain in server modeJeremy Lainé2015-02-072-12/+21
| | | | | | | | | | | | | | | | | | | | | | The OpenSSL backend for QSslSocket return an incomplete peer certificate chain when in server mode: it does not include the peer's certificate as the first element of the chain. This change fixes this issue. Change-Id: I2f0815bca2f314a075b48a2d0b5a6d5b7af50722 Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
* | Move Rfc822NameType, DnsNameType and UniformResourceIdentifierType.Richard J. Moore2015-02-043-16/+16
| | | | | | | | | | | | | | | | | | Move these types to QAsn1Element so that they can use the toString() method which guards against malicious ASN.1. Change-Id: I7d6155147a6fc2d41da6f3ae87551b6cb75aa9ce Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com> Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
* | Harden QAsn1Element against malicious ASN.1 strings.Richard J. Moore2015-02-041-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | We don't currently use this class for critical things like hostname verification however we still want to ensure that it is not possible to trick it using ASN.1 strings with embedded NUL characters. This will avoid problems in the future. Change-Id: Ibf3bc142a94fc9cad5f06db50f375399a087f9dc Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org> Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com> Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
* | Add SecureTransport based SSL backend for iOS and OS XJeremy Lainé2015-02-027-0/+1677
| | | | | | | | | | | | | | | | | | | | | | Add support for SSL on iOS/OS X by adding a SecureTransport based backend. [ChangeLog][QtNetwork][QSslSocket] A new SSL backend for iOS and OS X, implemented with Apple's Secure Transport (Security Framework). Change-Id: I7466db471be2a8a2170f9af9d6ad4c7b6425738b Reviewed-by: Richard J. Moore <rich@kde.org>
* | [QSSL] Pass params of shareable type by const-ref rather than by valueKonstantin Ritt2015-01-288-4/+20
| | | | | | | | | | | | Change-Id: I9c09a3e2dfb90eb22d4509ac6c450a0bb5da48f6 Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* | QSslSocket: introduce support for TLS PSK (client side)Giuseppe D'Angelo2015-01-2310-0/+581
| | | | | | | | | | | | | | | | | | [ChangeLog][QtNetwork][QSslSocket] It is now possible to use TLS PSK ciphersuites in client sockets. Task-number: QTBUG-39077 Change-Id: I5523a2be33d46230c6f4106c322fab8a5afa37b4 Reviewed-by: Richard J. Moore <rich@kde.org>
* | QSslEllipticCurve: enable NRVO in *Name() methodsMarc Mutz2015-01-211-8/+4
| | | | | | | | | | | | | | | | | | | | Make it easier for the compiler to apply the Named Return Value Optimization (NRVO) in the shortName()/longName() functions by not returning different objects in different return statements. Change-Id: I1b6fa7e6121bc1c843378be33499728c56c97f92 Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
* | QSslEllipticCurve: don't call QSslSocketPrivate::ensureInitialized() in ↵Marc Mutz2015-01-211-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | const functions Rationale: the case of an invalid QSslEllipticCurve is already dealt with before we'd call ensureInitialized(). But in order to have a non-invalid QSslEllipticCurve, we must have called one of the constructor functions first. There, we already call ensureInitialized(), so we don't need to do it here again. Change-Id: I96bdb5db63ec0165e6b8fac9469b5d81c6b2cdae Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
* | QSslEllipticCurve: add missing noexceptMarc Mutz2015-01-212-4/+4
| | | | | | | | | | Change-Id: I94701ddb78a822adf35aea57f9e171a747745f6b Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
* | QSslEllipticCurve: remove unneeded includes from headerMarc Mutz2015-01-211-2/+0
| | | | | | | | | | Change-Id: I66b8b85e6c02b0e53391079d5048017d5e63ac8b Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
* | QSslEllipticCurve: add fromLongNameGiuseppe D'Angelo2015-01-216-0/+43
| | | | | | | | | | | | | | | | Since the conversion to a long name was already there, also support creation from a long name. Change-Id: Iad712db7447fb0a0a18f600b7db54da5b5b87154 Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
* | Add elliptic curve support to QSslAndré Klitzing2015-01-189-9/+167
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add possibility to get length and other information of EC based certificates. Also it is possible to parse those public/private keys from PEM and DER encoded files. Based on patch by Remco Bloemen [ChangeLog][QtNetwork][SSL/TLS support] It is now possible to parse elliptic curve certificates. Change-Id: I4b11f726296aecda89c3cbd195d7c817ae6fc47b Task-number: QTBUG-18972 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* | Add missing qdatastream.h includes.Richard J. Moore2015-01-052-0/+3
| | | | | | | | | | Change-Id: I726041ec5e92d371bc5afb9b7f8cb854bfd41451 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* | Merge remote-tracking branch 'origin/5.4' into devFrederik Gladhorn2014-12-291-2/+2
|\| | | | | | | | | | | | | | | | | | | Conflicts: src/corelib/tools/qbytearray.cpp src/gui/kernel/qplatformsystemtrayicon.cpp src/gui/kernel/qplatformsystemtrayicon.h src/plugins/platforms/xcb/xcb-plugin.pro Change-Id: I00355d3908b678af8a61c38f9e814a63df808c79
| * Fix include headers for qsslcertificate_qt.cppThiago Macieira2014-12-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | The order is: 1) own header 2) own private header, if any 3) other headers Commit f17d7a124f0fa817a7e1a2dda6f48098432c0dc0 broke the order. Change-Id: I7225024691db91fd936a057accdad65bacb3f979 Reviewed-by: Richard J. Moore <rich@kde.org>
* | Merge remote-tracking branch 'origin/5.4' into devSimon Hausmann2014-12-1813-106/+185
|\| | | | | | | | | | | | | | | | | | | Conflicts: src/corelib/global/qglobal.h src/platformsupport/platformcompositor/qopenglcompositor.cpp src/platformsupport/platformcompositor/qopenglcompositorbackingstore.cpp tests/auto/gui/kernel/qwindow/tst_qwindow.cpp Change-Id: I5422868500be695584a496dbbbc719d146bc572d
| * Use categorized logging for ssl codeKai Koehne2014-12-1013-106/+185
| | | | | | | | | | | | | | | | | | Place all debug output into the 'qt.network.ssl' category. This allows people to disable certain warnings at runtime. Task-number: QTBUG-43173 Change-Id: Ide731fae3109f9cd7730cc096ee069a5b99d35f1 Reviewed-by: Richard J. Moore <rich@kde.org>
* | Merge remote-tracking branch 'origin/5.4' into devSimon Hausmann2014-12-106-7/+7
|\| | | | | | | | | | | | | | | Conflicts: doc/global/template/style/online.css mkspecs/android-g++/qmake.conf Change-Id: Ib39ea7bd42f5ae12e82a3bc59a66787a16bdfc61
| * Merge remote-tracking branch 'origin/5.4.0' into 5.4Frederik Gladhorn2014-11-276-7/+7
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: dist/changes-5.4.0 7231e1fbe24102f2a93b34dfa70e3dca884440d2 went into 5.4 instead of the 5.4.0 branch, thus the conflict. Change-Id: I70b8597ab52506490dcaf700427183950d42cbd1
| | * Use camel case in PKCS#12 functionAlejandro Exojo2014-11-246-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | This makes it follow the coding style, which says to camel case acronyms too, and makes it consistent with the rest of the class. Change-Id: I4a1b21de1815530e476fc5aa8a0d41c724fc8021 Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: hjk <hjk121@nokiamail.com>
* | | Add Q_DECL_OVERRIDE in the src subdirectoryOlivier Goffart2014-12-033-28/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Done automatically with clang-modernize on linux (But does not add Q_DECL_OVERRIDE to the function that are marked as inline because it a compilation error with MSVC2010) Change-Id: I2196ee26e3e6fe20816834ecea5ea389eeab3171 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* | | QSslEllipticCurve: remove a copy when setting the curvesGiuseppe D'Angelo2014-12-032-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | The only reason for copying QSslEllipticCurves into a temporary array would be to be extra-pedantic about type safety, but in the end, we can simply force a cast and remove the copy. Change-Id: Ice8a036fe4b79ba438ce83b5eacf6158eb3f0ce7 Reviewed-by: Richard J. Moore <rich@kde.org>
* | | SSL: let a server choose the most appropriate curve for a clientGiuseppe D'Angelo2014-11-291-5/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenSSL 1.0.2 introduces SSL_CTX_set_ecdh_auto, which allows us to stop using one specific temporary curve, and instead makes the server negotiate the best curve. Task-number: QTBUG-42925 Change-Id: I3a68f29030bdf04f368bfdf79c888401ce82bdd8 Reviewed-by: Richard J. Moore <rich@kde.org>
* | | SSL: Add support for selecting which curves should be used by an elliptic cipherGiuseppe D'Angelo2014-11-2615-1/+812
| | | | | | | | | | | | | | | | | | | | | | | | | | | [ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic curves should be used by an elliptic curve cipher. Change-Id: If5d0d58922768b6f1375836489180e576f5a015a Done-with: Marc Mutz <marc.mutz@kdab.com> Reviewed-by: Richard J. Moore <rich@kde.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-27 19:48:20 +0000