| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
| |
| |
| |
| |
| | |
Change-Id: I0f4b372ad3a0cd5e6730ed2e23e738fb06b2aad5
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/android/templates/AndroidManifest.xml
src/network/ssl/qsslsocket_mac.cpp
src/widgets/styles/qstylesheetstyle.cpp
tests/auto/corelib/kernel/qtimer/BLACKLIST
tests/auto/testlib/selftests/blacklisted/tst_blacklisted.cpp
tests/auto/testlib/selftests/expected_blacklisted.lightxml
tests/auto/testlib/selftests/expected_blacklisted.tap
tests/auto/testlib/selftests/expected_blacklisted.teamcity
tests/auto/testlib/selftests/expected_blacklisted.txt
tests/auto/testlib/selftests/expected_blacklisted.xml
tests/auto/testlib/selftests/expected_blacklisted.xunitxml
tests/auto/testlib/selftests/expected_float.tap
tests/auto/testlib/selftests/expected_float.teamcity
tests/auto/testlib/selftests/expected_float.txt
tests/auto/testlib/selftests/expected_float.xunitxml
Done-With: Christian Ehrlicher <ch.ehrlicher@gmx.de>
Done-With: Edward Welbourne <edward.welbourne@qt.io>
Done-With: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: If93cc432a56ae3ac1b6533d0028e4dc497415a52
|
| |
| |
| |
| |
| |
| |
| | |
...for a minor performance gain.
Change-Id: I4bef867055e069926fdc24fa98a6f94b6a0630e2
Reviewed-by: Oliver Wolff <oliver.wolff@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL 1.1.0 and higher requires SSL_shutdown to mark a
session as resumable.
QHttpNetworkConnection/Channel tries to re-use one shared SSL
context (and the session) for its 'channels'. The session is
marked as non-resumable without shutdown sent/received.
This makes it useless for QHttpNetworkConnection.
See: https://github.com/openssl/openssl/issues/1550
Fixes: QTBUG-71967
Change-Id: Iaaceb18c4c5a090f997f9850981a27f04f1f8b06
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is similar to a change we approved recently in OpenSSL back-end.
Similar to OpenSSL, not setting the upper limit on protocols allowed
to negotiate/use, neatly ends up with the highest available, which
is ... TLS 1.2 at the moment, but will silently switch to 1.3 etc.
This was also recommended by Apple's engineer who closed a related
bug report with 'Won't do' - "do not limit the max, you'll always
have the real max supported'. Also, while at the moment we do
not allow QSsl::TlsV1_3 and QSsl::TlsV1_3OrLater, if we managed
to negotiate it - report it properly, not as 'Unknown'.
Task-number: QTBUG-67463
Change-Id: I3f46ea525f06edca03259123809f3b7b1191b1ee
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Alas, we have to do the job ossl_typ.h failed to - undef macros
coming from wincrypt.h (?) and clashing with identifiers/naming
conventions not exactly very wisely chosen by OpenSSL.
Change-Id: I1725c4f769be64dbb391d040b2c1574b20b65151
Fixes: QTBUG-73322
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|\ \
| | |
| | |
| | | |
Change-Id: I8113c6d8735a151bd152e6096f8c8b8e63a05474
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ChangeLog][QtNetwork][SSL] The Schannel backend now supports ALPN and
thus HTTP/2.
Change-Id: I1819a936ec3c9e0118b9dad12681f791262d4db2
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |\ \
| | | |
| | | |
| | | | |
refs/staging/dev
|
| | |\|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Conflicts:
src/android/templates/AndroidManifest.xml
tests/auto/widgets/styles/qstylesheetstyle/tst_qstylesheetstyle.cpp
Change-Id: I4c9679e3a8ebba118fbf4772301ff8fde60455b9
|
| | | |\
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Conflicts:
src/widgets/kernel/qtooltip.cpp
Change-Id: Ic2f9a425359050eb56b3a4e5162cf5e3447058c8
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I225e59bea0a8eac14fd11ef2b091907ae955c447
Reviewed-by: Topi Reiniö <topi.reinio@qt.io>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: Id083c1434fcb3a64af40e6f8df720719c1029ca7
Fixes: QTBUG-73289
Reviewed-by: Liang Qi <liang.qi@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Amends a8412dc020e82b45b54b0b6637b8b88b255c413a.
Task-number: QTBUG-12812
Task-number: QTBUG-17158
Change-Id: Idcdf9ad39a43373097e2c3f31a62ce1b3cb46c22
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If later we try to introduce multiple ocsp support, the API returning
a single response will be somewhat broken and illogical/not clear
how to use at all. Let's return a vector of responses (for now it's
one, can change in future). This makes isNull() redundant on a
response, also, we now need 'subject' - a cert that response was for.
Change-Id: Ibbd9dec163b53906b2fd61fa31c43db7d08adc4d
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
While it's not common it still occurs, perhaps especially with 127.0.0.1
Can be tested by attempting to connect to https://1.1.1.1/ using Qt.
Change-Id: Idad56476597ab570b8347236ff700fa66ab5b1f4
Fixes: QTBUG-71828
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
about why a certificate was revoked (if it was) and the responder's
certificate, if we managed to verify a signature, as was previously
shortly discussed in the 'OCSP stapling' patch-set. Auto-test update
will be in a separate patch.
[ChangeLog][QtNetwork][Ssl] Added class QOcspResponse as a part of
OCSP stapling support.
Change-Id: I4e17fb6fc4c3dae0b8ad04ff2897a4823736d16e
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Adds support for Schannel, an SSL backend for Windows, as an
alternative to OpenSSL.
[ChangeLog][QtNetwork][Ssl] Added support for Schannel on Desktop
Windows. To build Qt with Schannel support use '-schannel' during
configure.
Task-number: QTBUG-62637
Change-Id: Ic4fb8ed3657dab994f9f4a4ac5cbddc7001a0a46
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\ \ \
| | |/
| |/|
| | | |
Change-Id: Ieb57137ee2b7d0c505e3531d5aa1bcb66978847e
|
| |/
| |
| |
| |
| |
| |
| |
| | |
When setting dtls configuration, we should also copy
backendConfig, otherwise this setting will be ignored.
Change-Id: I4df53e8e6d8c2bd0eb7dddb9928b7883c401d60a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
since we'll refuse to continue with a handshake, failing in initSslContext()
on a disabled protocol versions. Then, functions like waitForEncrypted,
connectToHostEncrypted, startServerEncryption and startClientEncryption
should either bail out early (who needs a TCP connection which we'll
abort anyway?) or bail out whenever we can, as soon as a disabled protocol
was found in a configuration. This change also makes the behavior
of different back-ends consistent, since it's a general code-path
that reports the same SslInvalidUserData error. Update auto-test to
... actually test what it claims it tests.
Task-number: QTBUG-72196
Task-number: QTBUG-72179
Change-Id: I548468993410f10c07ce5773b78f38132be8e3e0
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update references in documentation from the obsoleted/deprecated version
because it doesn't make sense here to refer to these versions.
Change-Id: I5e9bdf46191e3ba0c7d91855cb3ccc30097cd412
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Again, 1.0 is required now.
Change-Id: Icca5dc38eb33c1579653d96d6c079b335a401aad
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| | |
We require OpenSSL >= 1.0 now.
Change-Id: I6ffe8b2dd606d600671565ebc8bc8ac2b9e0d6c2
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As per RFC 6176 (2011) and RFC 7568 (2015).
Code-wise, we're left with the decision of what to do with a few
enumerators in QSsl::Protocol; I've made TlsV1SslV3 act as TlsV1,
and adjusted the description of AnyProtocol.
A new test was introduced - deprecatedProtocol() - to test that
we, indeed, do not allow use of SSL v2 and v3. protocol() and
protocolServerSide() were reduced to exclude the (now) no-op
and meaningless tests - neither client nor server side can
start a handshake now, since we bail out early in initSslContext().
[ChangeLog][QtNetwork][SSL] Support for SSLv2 and SSLv3
sockets has been dropped, as per RFC 6176 (2011)
and RFC 7568 (2015).
Change-Id: I2fe4e8c3e82adf7aa10d4bdc9e3f7b8c299f77b6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| | |
The map can contain multiple entries for one key,
so a multi map is the correct data structure.
Change-Id: I852ba3548f46415d8078fd0e8fdd7953ec6c370b
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| | |
Change-Id: I3cfcfba892ff4a0ab4e31f308620b445162bb17b
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
|\|
| |
| |
| | |
Change-Id: I91e684e74c36467efda8ded6ed19791baa0c1a1f
|
| |\
| | |
| | |
| | | |
Change-Id: If49df791f73e9edf616baa094e0f301a44cb853d
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Turns out that also Debian patches OpenSSL 1.0, changing its soname to "1.0.2".
Therefore, try also to load that one.
Amends 2708c6c11d685ab25c12d558961d924c9a4533d2.
Task-number: QTBUG-68156
Change-Id: I37cc060e90422779a6c29a324ab900f0fb99cfa7
Reviewed-by: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When a PAC script is used on macOS, it will only allow connections for
http/https, although a proxy can be used for ws/wss. Therefore we need
to add a means of setting the protocol type for this sort of connection
so that we can pass on the necessary information to the PAC script.
Change-Id: I3fa29fa85a529bd88d9565daa58fe9d748b61a92
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch introduces a private 'API' to enable server-side OCSP responses
and implements a simple OCSP responder, tests OCSP status on a client
side (the test is pretty basic, but for now should suffice).
Change-Id: I4c6cacd4a1b949dd0ef5e6b59322fb0967d02120
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|\ \ \
| | | |
| | | |
| | | | |
refs/staging/dev
|
| |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Conflicts:
src/gui/painting/qdrawhelper.cpp
Change-Id: I4916e07b635e1d3830e9b46ef7914f99bec3098e
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
no need in duplicating DTLS-specific cases.
Change-Id: I475c6fb53daa44d60a5054bf3acc8474355b2186
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Usually we embed the private key for the leaf certificate, but in
Schannel _q_makePkcs12 is also used to create a certificate store for
our CA certificates, which we don't have any private key for.
So lift this restriction.
Change-Id: Ic86a2a6725f2c8272c951148eb97e18a964a36f2
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove braces for single-line bodies, space around binary operators
Change-Id: I958396772966428dcd9694279175fd61d6109b40
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch enables OCSP stapling in QSslSocket::SslClientMode (OpenSSL back-end
only). OCSP stapling is described by RFC6066 and based on the original OCSP as
defined by RFC2560. At the moment multiple certificate status protocol is not
supported (not implemented in OpenSSL). SecureTransport does not support OCSP
stapling at the moment.
[ChangeLog][QtNetwork][TLS] Added OCSP-stapling support for OpenSSL backend
Task-number: QTBUG-12812
Task-number: QTBUG-17158
Change-Id: Id2e0f4cc861311d1ece462864e5e30c76184af8c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|\| |
| | |
| | |
| | | |
Change-Id: I04afffdce6b78856d0301eb583f21d334c7466b0
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
SSL_CTX_set_ciphers is new in 1.1.1.
Task-number: QTBUG-71983
Change-Id: If0ae9f95dcc867c62ed0d3a6a60c22c7f5e1cc9f
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is necessary to provide details for the key too,
when the server is using DHE-RSA-AESxxx-SHAxxx.
Amends 7f77dc84fb434f33ffe96f6633792706b80fb0a3.
Change-Id: I8ab15b6987c17c857f54bc368df3c6c1818f428c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/corelib/io/qdir.cpp
src/corelib/kernel/qtimer.cpp
src/corelib/kernel/qtimer.h
Done-With: Edward Welbourne <edward.welbourne@qt.io>
Change-Id: I683d897760ec06593136d77955f8bc87fdef3f9f
|
| |\ \
| | | |
| | | |
| | | | |
Change-Id: Ic1dd39044e19f50e1068d4ac70dacaad6440e570
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
1. Remove the conditional inclusion of DTLS versions, they made difficult
and unnecessary ugly adding new protocols (something like TlsV1_2OrLater + 4).
2. OpenSSL 1.1.1 first introduced TLS 1.3 support. OpenSSL 1.1 back-end is
compatible with OpenSSL 1.1.1, but would fail to extract/report protocol
versions and set versions like 'TLS 1.3 only' or 'TLS 1.3 or better' on a
new context. Given 1.1.1 is deployed/adapted fast by different distros,
and 5.12 is LTS, we fix this issue by introducing QSsl::Tls1_3 and
QSsl::Tls1_3OrLater.
SecureTransport, WinRT and OpenSSL below 1.1.1 will report an error in case
the application requests this protocol (SecureTransport in future will
probably enable TLS 1.3).
Saying all that, TLS 1.3 support is experimental in QSslSocket.
Done-by: Albert Astals Cid <albert.astals.cid@kdab.com>
Done-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: I4a97cc789b62763763cf41c44157ef0a9fd6cbec
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We have linked against Crypt32 for a while.
Change-Id: I7ec9401a63d7405e4b5357d6589501e997e31aca
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\| | |
| | | |
| | | |
| | | | |
Change-Id: Id1e4664d3c942226b76e2c3b338df3116ff89297
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Attempts to use QSslSocket and its OpenSSL 1.1 back-end with OpenSSL 1.1.1
in a very peculiar way (for some reason the reporter calls OPENSSL_no_config())
combined with a bug in OpenSSL 1.1.1 resulted in a QSslSocket dead-locking
in initialization. This was happening because supportsSsl() first reported
false (OpenSSL internally fails to initialize after OPENSSL_no_config()),
but we have s_libraryLoaded set to true too early, thus the first supportsSsl()
returns false, the second - true.
Move setting of s_libraryLoaded later so that we don't claim to support
OpenSSL when an earlier ensureLibraryLoaded() attempt failed.
Task-number: QTBUG-70956
Task-number: QTBUG-71446
Change-Id: I8ad8763d357c84fc38c62e2ce914366367c2b445
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This update removes the requirement for dtls to be present when qdoc
runs so that qdoc can parse qdtls.h.
_#ifndef Q_CLANG_QDOC
QT_REQUIRE_CONFIG(dtls);
_#endif
Change-Id: I69ba5e378bebe86f93830d14e3956eb0d677508e
Reviewed-by: Martin Smith <martin.smith@qt.io>
|
|\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/corelib/animation/qpropertyanimation.cpp
src/gui/image/qicon.cpp
tests/auto/widgets/itemviews/qtableview/tst_qtableview.cpp
Change-Id: I3698172b7b44ebb487cb38f50fd2c4a9f8a35b21
|
| |\|
| | |
| | |
| | | |
Change-Id: Iaf28977e7ecf566b28b9406dcb005d48621169c2
|