| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Weird macro had inverted notion of type safety: instead of casting
parameters and return values (they are pointers) to work with generic
OPENSSL_sk_xxx functions, it was ... casting a function pointer to an invalid
type to get ... nothing, but UB. Home-brewed (un)'safestack'!!!
Change-Id: Ib91a7ba4cd472f370836797e422456f91a4385b0
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 9fc2f1f076b953ff0979fb73ed6e70ac9bde278c)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also since we have to properly support 'no-ssl' configure option
(alas, we support QSslCertificate on such builds) - introduce
a minimal crippled QTlsBackendCertOnly, which depends on
X509CertificateGeneric.
Fixes: QTBUG-90954
Task-number: QTBUG-65922
Change-Id: Ib9d62903f16b7c0eaaa23e319a822c24a7631dc6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 41fc143635c25f937a557f09890601f6c7d38736)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
| |
Fix:
qsslcertificate_qt.cpp.obj : error LNK2001: Unresolved symbol ""public: static struct QMetaObject const QTlsBackend::staticMetaObject" (?staticMetaObject@QTlsBackend@@2UQMetaObject@@B)".
Pick-to: 6.1
Task-number: QTBUG-90953
Change-Id: I4eb99c2ee4be67dfdf07e52219b73c6b14436344
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch also adds 'isValid()' to know if a backend from a plugin
is in working condition (say, there is 'openssl' plugin but no or
old openssl libraries in some system).
Task-number: QTBUG-65922
Change-Id: I0b846536a069ca8c5a94e7191f11c81bac6ad527
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 573ba145d76f239dbc7464a78aabc06ed4d00419)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The idea is to have QSslKey(Private) backend-neutral and hide
all library-specific code inside plugins.
Fixes: QTBUG-90953
Task-number: QTBUG-65922
Change-Id: I2eeee3b2b72c78c2e24f2fb914abce3caa913be8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 0352cf8e1bf57615b9faf3f6f383896444e762ac)
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Enumerators initially were to be flags, but this changed later, no
initialisers needed now.
Change-Id: I72b24f979e207e21d6f42a11cf0ae8887df473d3
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit b6778832636fc8f6911eb30bc9767ea6caaf6642)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To enable QSslCertificate to use TLS plugins. All backend-specific
code is to be moved from QSslCertificate(Private) making them
backend-neutral.
Task-number: QTBUG-90954
Task-number: QTBUG-65922
Change-Id: Ic9d5abf91e42ce81fe56239f95ae97b64035e950
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 405337ee7276be4b76e86745c0694c51283b6b07)
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-90662
Change-Id: If31847f8f2b8b57a8a8624d0406a030b5752f1c8
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the read buffer has a max size we do our best not to exceed it.
Usually there's no problem and we just read more when the next
tcp frame arrives. However if there's data leftover after the last
tcp frame arrived then we won't receive any more data. To counter
this QSslSocket would try to invoke QSslSocketPrivate::transmit
indirectly if there were any bytes available on the plain socket.
The problem is that with Schannel the last few remaining bytes
would not be in the plain socket, but in the 'intermediateBuffer'.
So let's make QSslSocket aware of that.
Fixes: QTBUG-90625
Pick-to: 5.15 6.0 6.1
Change-Id: If56e4cce558f99c9a08a1f6818e005a887712ef2
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Norbert Pfeiler <norbert.pfeiler+git@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
| |
sizeof(1) should be fine, but it looks weird, so let's just use the type
instead.
Change-Id: I543462a837b0214883ca389be0e7e6ba2057cdd0
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
| |
qtlskey_schannel.cpp(183): error C3861: 'lcSsl': identifier not found
Change-Id: I406860f87a7b7f93ac2c0ca3d426dfa88615a90e
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
| |
While rebasing and resolving conflicts, I've acidentally removed a
declaration of supportsTls13() making a call expression invalid.
Change-Id: If561091db36f0354b61fa050ff9f72b29eddce53
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
| |
which will become parts of TLS plugins in the future.
Task-number: QTBUG-65922
Change-Id: I4ee3c59c435fc34a9f4dacd3ff0e3cfb44251e23
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QTlsBackend is a factory itself - it creates TLS/X509 objects. Having
an intermediary between Factory->Backend->TLS primitive does not look
very natural thus let's squash the first two parts. Backend is a factory
creating TLS primitives, but its static functions also provide information
about backends availablei and give access to those backends.
Fixes: QTBUG-90606
Task-number: QTBUG-65922
Change-Id: I8409d81fd11fb46e6ab4465b4937a7680a8c2447
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of Qt 6 restructring for the extras modules, this change exposes
the Jni APIs which are very important for Android platform. This patch
adds the APIs QJniObject, QJniEnvironment, QJniExceptionCleaner based
from private QtCore and QtAndroidExtras.
The Jni interface is cross-platform which justifies the name, but
currently, this API is used mainly for Android, and the naming comes
generic without Android keyword to avoid any future limitation on
supporting other platforms.
[ChangeLog][QtCore] Add new QJniObject, QJniEnvironment and
QJniExceptionCleaner APIs.
Task-number: QTBUG-89482
Fixes: QTBUG-89633
Change-Id: I4382dd53a225375759b9d042f6035a4a9810572b
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
|
|
|
|
|
|
|
| |
Amends 7cf8e5ada9eac00b200141fdc80a2e76c0422411
Change-Id: I6e188675ab53fd173bd75defe9d190a509f4adad
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
| |
This is an abstraction for TLS backend and its factory, preparing to transition
to plugin-based design.
Task-number: QTBUG-65922
Change-Id: Ibe810e77fd1b715a6bea66cd3f44312b015ac274
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This API gives the names of available backends and provides a basic
information about features/protocols supported by those backends.
Also, it has the 'loadBackend' functions which allow to select
a particular backend (which are becoming plugins).
At the moment, the implementation is still 'hardcoded', the
follow-up patch will allow to select different backends in runtime.
Task-number: QTBUG-65922
Change-Id: I05877de9c02857594e76b24d52e7578bdb01df69
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL adds an '-arm'/'-arm64' suffix to the DLL names when building
for VC-WIN32-ARM or VC-WIN64-ARM. This needs to be accounted for in Qt
to find the OpenSSL DLLs correctly.
Fixes: QTBUG-89647
Pick-to: 5.15
Change-Id: Ibc9b81e06f8e64c0676f335e13024fa7fe3a4fa3
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
| |
Fixes oss-fuzz issue 29276.
Pick-to: 5.12 5.15 6.0
Change-Id: I57b0c26e5377bd6b82d9f044ae1d1d13acec996a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the qmake project files for most of Qt.
Leave the qmake project files for examples, because we still test those
in the CI to ensure qmake does not regress.
Also leave the qmake project files for utils and other minor parts that
lack CMake project files.
Task-number: QTBUG-88742
Change-Id: I6cdf059e6204816f617f9624f3ea9822703f73cc
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
An invalid (as input data) certificate may have non-zero number of invalid (nullptr)
extensions (if OpenSSL failed to parse them, for example).
Fixes: QTBUG-89547
Pick-to: 6.0 5.15 5.12
Change-Id: I4b93ac9f482f850f02d01b0aea10560dc11b688d
Reviewed-by: Lars Schmertmann <lars.schmertmann@governikus.de>
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Another case when an OpenSSL's call can dump some errors into the shared
error queue discovered. An invalid certificate with non-null X509 * may
result in several errors appended to the queue.
Pick-to: 6.0 5.15
Change-Id: I1278b371bd1edf2d656760c371bfb6da5dcab6ec
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
| |
Something defined is always greater than undefined
Pick-to: 6.0
Fixes: QTBUG-89530
Change-Id: I7633dd4233f7b13c3c5be17352841ec873531ef9
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
| |
Compiler (gcc) keeps nagging and complaining about an address of function
to be never nullptr in any particular instantiation, when argument is an
address of a function.
Change-Id: If67e80f2ff4d408608429d53814083777cc8441c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
At the same time I'll add a generic protection against being called in
unprotected mode in the schannel backend (openssl already has it in a
different form).
Pick-to: 5.15 6.0
Change-Id: I97c1be6239c27e306de0af7ad568fbcfde09da71
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QSslCertificate::verify() has an undocumented and not very desirable property -
on some platorms it updates the default configuration, which can be surprising.
For example, we deprecated QSslSocket::setDefaultCaCertificates() and recommend
using QSslConfiguration::defaultConfiguration(), QSslConfiguration::setDefaultConfiguration(),
and QSslConfiguration::setCaCertificates(). If an application does this to select
CA roots it trusts explicitly, and then for some reason is calling verify, the
application can have its QSslSockets successfully connecting to a host, whose
root was not trusted by the application. Also, on Windows, defaultCaCertificates()
include system roots already, no need to have them twice.
[ChangeLog][QtCore][QtNetwork] QSslSocket::verify - do not change the default configuration
Pick-to: 5.15
Pick-to: 6.0
Pick-to: 6.0.0
Fixes: QTBUG-88639
Change-Id: I1cd40b259d0a6dcd15c78d1e7c027ff10859595c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Q_MOVABLE_TYPE was conceived before C++ had move semantics. Now, with
move semantics, its name is misleading. Q_RELOCATABLE_TYPE was
introduced as a synonym to Q_MOVABLE_TYPE. Usage of Q_MOVABLE_TYPE
is discouraged now. This patch replaces all usages of Q_MOVABLE_TYPE
by Q_RELOCATABLE_TYPE in QtBase. As the two are synonymous, this
patch should have no impact on users.
Pick-to: 6.0
Change-Id: Ie653984363198c1aeb1f70f8e0fa189aae38eb5c
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Andrei Golubev <andrei.golubev@qt.io>
|
|
|
|
|
|
|
| |
We can depend on C++14 now.
Change-Id: Iee9796cd22dbfbb70d4bdb25f0eee1662a026d6d
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
As noted by LCOV, the part with q_BIO_free(bio) was never executed
since we were taking the result from QScopedPointer before returning.
While it's a what RAII idiom is for, there is quite a low probability
that SSL_set_bio() one day will start throwing exceptions.
Pick-to: 6.0
Pick-to: 5.15
Change-Id: Id24e480dac34166c627b71bb2972de558c644339
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
| |
With TLS 1.3 the client goes through renegotiation
when using Schannel. The status returned is OK and
we can immediately continue, so do that.
Change-Id: I831eaae318df9d94b5fb7672db7e407d94f9da56
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
| |
Fixes oss-fuzz issue 22272.
Pick-to: 5.15
Change-Id: I8a49b9487f632469402c983e517e817e8e65bef7
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
QSslPreSharedKeyAuthenticator::isEqual() as accessed
by inline operators is not exported.
Amends 57e57d9bcda868abcfb552e1247b391162c0dff9.
Change-Id: Ia0f0de81a371a31422d07af5b11f0db03265504e
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
| |
Make them hidden friends, add a private isEqual helper where needed.
Adjust and add documentation.
Fixes: QTBUG-87976
Change-Id: If7c19eeab5be7452364eb76193981100f5516d6b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-86295
Change-Id: Ib8bcf0a6e2af8a589b44e56b19641f4d2fe6f800
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
|
|
|
|
|
|
|
|
|
| |
Following 77d812683f0ad595606f9833613dd49bb2fda26d QMutexLocker is now a
templated class which should in most cases be deduced automatically.
Doesn't work here because of the global static wrapper.
Change-Id: I62fda0651eac12f3234396cb7e41a26df8cc8b46
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
| |
Since we're going to split QMutex and QRecursiveMutex into
separate classes, make sure QMutexLocker is prepared for that.
Change-Id: Id5e9a955d1db7c8ee663dd3811ad6448dad0aeae
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
|
|
|
|
|
|
|
| |
Avoid detaching where possible
Change-Id: I438d3e66689aeef05951af86a48af2a6910da7c2
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
|
|
|
|
|
|
|
|
| |
When parsing subjectAltName extension to make it more like OpenSSL
counterpart.
Fixes: QTBUG-86830
Change-Id: If1a4e72ee0b19f2cf40aa53632f9ec1468178c3b
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's not possible to connect to microsoft.com with Schannel TLS 1.3 for
some reason (also tested with Internet Explorer), but other sites work
fine. Must be something they have to iron out for later.
In my experience this needs a preview release of Windows. One of my
machines is opted into the dev channel of Windows where they enabled TLS
1.3 by default, and it works well in my tests except for the part above.
On my other machine, after enabling TLS 1.3 through the registry, I fail
to complete the handshake with any site. So around March/April next year
is when this code would activate for most people.
MinGW apparently defines NTDDI_VERSION as the one for Windows Server
2003, so it currently doesn't build the new TLS 1.3 code. In Qt (as a
project) we could consider setting this higher, but that's out of scope
for this patch!
Fixes: QTBUG-81294
Change-Id: If329959c3a30ecbfbb8c0d335cc39ccb6d012890
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
| |
Change-Id: I3af7747f424ef7837c9c3d4af3e5cbd14922aeb6
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
| |
This code has been deprecated in Qt 5.
Change-Id: Ia8e0bc791ac1f43df7124b4f30db3d0bb9966015
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Rename Android package name org.qtproject.qt5.android to
org.qtproject.qt.android to avoid inconsistency with Qt 6 name.
Also, we include the major version number in the jar target.
Task-number: QTBUG-86969
Change-Id: Ibb68947289be1079911b34ea157bf089cc52c47f
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
| |
These value gaps were there for binary compatibility, but we don't need
those in Qt 6.
Change-Id: I72a40d601b61f90e14562578e88493b0d54ff398
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
| |
Change-Id: I0b4b18e6ea2b78917220e77865fd92eb7a684179
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
| |
... not of QSslSocket.
Change-Id: I9db5debe6a0aaa6a780b0047ae3f551ec3770fb4
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
| |
It was already used many places directly making the code inconsistent.
Change-Id: I3b14bc6c333640fb3ba33c71eba97e78c973e44b
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certain servers, like smtp.live.com, will send a request for a
certificate even though they don't require one. In Schannel this
manifests as a warning/info status (SEC_I_INCOMPLETE_CREDENTIALS).
In the cases where it's not needed we should suppress the warning and
try to connect anyway, which is done by calling
InitializeSecurityContext again when we get the status.
Pick-to: 5.15
Change-Id: I3c48140f2949d8557251a49a2b66946da9395736
Reviewed-by: Joshua GPBeta <studiocghibli@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix our API, so that QStringList and QList<QString> are the
same thing.
This required a bit of refactoring in QList and moving the
indexOf(), lastIndexOf() and contains() method into
QListSpecialMethods. In addition, we need to ensure that
the QStringList(const QString&) constructor is still available
for compatibility with Qt 5.
Once those two are done, all methods in QStringList can be moved
into QListSpecialMethods<QString>.
Change-Id: Ib8afbf5b6d9df4d0d47051252233506f62335fa3
Reviewed-by: Andrei Golubev <andrei.golubev@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CentOS it seems not only backported some OpenSSL 3 functions,
but also raised the default security level to 2, making some of
our keys (and MDs?) 'too weak' and failing auto-tests here and
there as a result. For our auto-test we lower the level to 1,
as it is expected to be.
Fixes: QTBUG-86336
Pick-to: 5.15
Change-Id: I7062a1b292e8b60eb9c2b2e82bd002f09f9da603
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|