| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For now the new feature depends on openssl as that is the only supported
implementation. Once we get an implementation for SecureTransport, we
can change the condition.
The feature needs to be public because qdtls.h is a public header.
Change-Id: Ie3e4acbeb2888f2fb13453b3ecdc19bacc83f6e6
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds DTLS support to QtNetwork module (and its OpenSSL
back-end).
DTLS over UDP is defined by RFC 6347.
The new API consists of
1) QDtlsClientVerifier which checks if a client that sent us ClientHello
is a real DTLS client by generating a cookie, sending a HelloVerifyRequest
with this cookie attached, and then verifiying a cookie received back.
To be deployed in combination with a server-side QUdpSocket.
2) QDtls - initiates and proceeds with a TLS handshake (client or server
side), with certificates and/or pre-shared key (PSK), and encrypts/decrypts
datagrams after the handshake has finished.
This patch does not implement yet another UDP socket, instead
it allows use of existing QUdpSocket(s), by adding DTLS support
on top. OpenSSL back-end uses a custom BIO to make it work with
QUdpSocket and give a finer control over IO operations.
On the server side, demultiplexing is left to client code (could
be done either by connecting QUdpSocket or by extracting address/port
for an incoming datagram and then forwarding/dispatching them to
the corresponding QDtls object).
Task-number: QTPM-779
Change-Id: Ifcdf8586c70c3018b0c5549efc722e795f2c1c52
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
the json format uses single strings for library sources, as that leads
to less noisy source text. however, this implies the need for de-quoting
and subsequent re-quoting whenever the values are processed. so change
the internal representation to regular qmake string lists as the first
thing when processing the lib source, and re-quote only when outputting
the values.
CFLAGS are excluded, because we'll deal with them differently.
Change-Id: I4ab43d98085ea9f6601fd21ac2afb5bce4f7e2a9
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
.qmake.conf
src/corelib/kernel/qeventdispatcher_cf.mm
src/gui/kernel/qguiapplication_p.h
src/gui/kernel/qwindowsysteminterface.cpp
src/gui/kernel/qwindowsysteminterface.h
src/plugins/platforms/cocoa/qcocoawindow.mm
src/plugins/platforms/cocoa/qnswindowdelegate.mm
src/plugins/platforms/ios/qioseventdispatcher.mm
src/plugins/platforms/windows/qwindowsdrag.h
src/plugins/platforms/windows/qwindowsinternalmimedata.h
src/plugins/platforms/windows/qwindowsmime.cpp
src/plugins/platforms/winrt/qwinrtscreen.cpp
Change-Id: Ic817f265c2386e83839d2bb9ef7419cb29705246
|
| |
| |
| |
| |
| |
| | |
Task-number: QTBUG-67464
Change-Id: Ib971a5da82b31bce9ac1c9ac623ad7d5302cfaec
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
|
| |
| |
| |
| |
| |
| |
| | |
No reason to duplicate the info there in a paranthesis.
Change-Id: Ie01be382d36bbc8e7f2eff4cc7ae0df207869c25
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
qhostaddress.cpp(263): warning #68: integer conversion resulted in a
change of sign
length = -1;
^
I changed the length member from int to quint8 in commit
8656ee950b4f57eae605180fd8328441b3e670b9 but I never tested ICC.
Change-Id: I052407b777ec43f78378fffd15311669b490ed7b
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
No need to start with 'connectToHost' from 'connectToHostEncrytped'
- we will fail to start client encryption later anyway. This can happen
if we, for example, fail to resolve some symbols or libraries are missing.
Task-number: QTBUG-65142
Change-Id: I0614d5cdf875aaf5b992d8ab6024bcaf3f84b915
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|\|
| |
| |
| | |
Change-Id: I8d8b03ea46c537b091b72dc7b68aa6aa3a627ba6
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
kernel/qnetworkinterface_linux.cpp:204:17: error: comparison of integers of different signs: '__u32' (aka 'unsigned int') and 'qsizetype' (aka 'int') [-Werror,-Wsign-compare]
if (NLMSG_OK(hdr, len))
^~~~~~~~~~~~~~~~~~
This amends 09cb23f342fd2eae7ca85a99fa0a10b7ab103443.
Change-Id: Ib966a60b7a7117d63ed758cba7b556abd90eca0c
Reviewed-by: Mikhail Svetkin <mikhail.svetkin@qt.io>
Reviewed-by: BogDan Vatra <bogdan@kdab.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A custom build of openssl can disable DES or RC2. This
allows to build Qt against those builds.
Change-Id: I9b91c943fab4d217a791381e81a7d87a9ff5031a
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/features/qt_common.prf
src/corelib/tools/qstring.cpp
src/plugins/platforms/windows/qwindowsmousehandler.cpp
src/widgets/widgets/qmainwindowlayout_p.h
Change-Id: I5df613008f6336f69b257d08e49a133d033a9d65
|
| |
| |
| |
| |
| |
| |
| |
| | |
and thus reduce memory consumption, allocations etc.
Task-number: QTBUG-68394
Change-Id: Ibad9b01a1e709e6abafcd9531fbcfc1eafa9cff3
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
kernel/qnetworkinterface_linux.cpp:172:18: error: comparison of integers of different signs: '__u32' (aka 'unsigned int') and 'qsizetype' (aka 'int') [-Werror,-Wsign-compare]
if (!NLMSG_OK(hdr, len))
^~~~~~~~~~~~~~~~~~
kernel/qnetworkinterface_linux.cpp:197:26: error: comparison of integers of different signs: '__u32' (aka 'unsigned int') and 'qsizetype' (aka 'int') [-Werror,-Wsign-compare]
} while (NLMSG_OK(hdr, len));
^~~~~~~~~~~~~~~~~~
Change-Id: I3d0a4efc9fc42dd9b0726f2b62ff494220b8026e
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: BogDan Vatra <bogdan@kdab.com>
|
| |
| |
| |
| |
| | |
Change-Id: I307f67b10759d17f603a340b14266ab47d195497
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/features/qt_module_headers.prf
tests/auto/widgets/itemviews/qheaderview/tst_qheaderview.cpp
tests/auto/widgets/kernel/qwidget/BLACKLIST
Change-Id: I2a08952d28d1d0e3d73f521a3d44700ce79ff16c
|
| |\
| | |
| | |
| | | |
Change-Id: Id6e2acd5e31c1ac858ddf1d8873a6f10694141de
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Introduced by mistake in f55c73ede28d4455f555a28e401407326ac9b954
Change-Id: Ieac8fc0a6bb536e5ef3770a22785fe41d4033ee9
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Didn't compile with it when I was moving it out.
Change-Id: I3645af71ea3295a61f20000a6bc4716b6e996ce5
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\| |
| | |
| | |
| | | |
Change-Id: Ib58433da04bffb5dfab5486b80f17f39cc4145fa
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We were using the wrong free function in a path which was hit in an
edge case (PKCS#12 certificate without a private key attached).
Change-Id: I5335b5dea7a926b242bed0fd9b989b681a5828d8
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\| |
| | |
| | |
| | | |
Change-Id: Ia082e20e2eb4b76afd4c1a1584ff4e5514655d7a
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... but only if the host it came from is an EXACT match. Also only apply
the cookie if the url is an EXACT match.
[ChangeLog][QtNetwork][QNetworkCookieJar] Cookies will no longer be
rejected when the domain matches a TLD. However (to avoid problems
with TLDs), such cookies are only accepted, or sent, when the host name
matches exactly.
Task-number: QTBUG-52040
Change-Id: Ic2ebd9211c48891beb669032591234b57713c31d
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The class is not thread safe, so one instance is not enough for whole
application. Mention that QNetworkAccessManager instance can only be
used from the thread it belongs to because it is a QObject.
Change-Id: I56184e4f8fbd36aca3f6677310431eab88346e6e
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added a few functions to derive keys from passwords. Currently it
supports PBKDF1 and PBKDF2 as defined in
RFC 8018 ( https://tools.ietf.org/html/rfc8018 ).
[ChangeLog][QtNetwork][QPasswordDigestor] Added QPasswordDigestor
Task-number: QTBUG-30550
Change-Id: I2166b518bd8b54e3486514166e76fd9ba2f219c8
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch adds the ability to decode keys which are encoded with PKCS#8
using the generic back-end (used in winrt and secure transport).
It works on both WinRT and macOS; however QSslKey seems unused in the
WinRT backend and it seems only RSA keys can be used for certificates
on macOS. Meaning that DSA and Ec, which in theory* should represent
their unencrypted versions, can't currently be tested properly.
* Can also be confirmed by loading the key using the ST or WinRT
backend, calling toPem(), writing the output to a file and then loading
the unencrypted key using openssl.
[ChangeLog][QtNetwork][QSslKey] Added support for PKCS#8-encoded keys
in the generic SSL back-end (used for SecureTransport on macOS and for
WinRT). Note that it does not support keys encrypted with a PKCS#12
algorithm.
Task-number: QTBUG-59068
Change-Id: Ib27338edc7dbcb5c5e4b02addfdb4b62ac93a4c3
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|\| |
| | |
| | |
| | | |
Change-Id: Id32f0ae002772444c0b61cd132ef81f96fe3b895
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Once connection is established the socket emits 'connected', and then
you can start writing. But it will end up in the write-buffer and won't
get sent until 'transmit' is called. Some code (e.g. QWebSocket) relies
on QSslSocket transmitting once it's encrypted. This is done in the
OpenSSL backend but was not done in the WinRT backend.
Task-number: QTBUG-56558
Change-Id: I8cf5d3257f3597a4bb80f35369490a3816506a34
Reviewed-by: Oliver Wolff <oliver.wolff@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\|
| |
| |
| | |
Change-Id: I0bea38585382b5d9c8d7a013bf6bcb3a6008d159
|
| |
| |
| |
| |
| |
| | |
Change-Id: I12a808599dd1fecaebc2e85a96da27a044666009
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
QNetworkRequest is already aware of the Last-Modified header but
has been lacking support for the If-Modified-Since, ETag, If-Match
and If-None-Match headers. These headers are used with HTTP to
signal conditional download requests.
See RFC 7232 for more information.
Change-Id: I248577b28e875fafd3e4c44fb31e8d712b6c14f1
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Anton Kudryavtsev <antkudr@mail.ru>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|\|
| |
| |
| | |
Change-Id: I86f04fc3b2e4291f161a4985adddd6fd6c789d33
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When releasing a STACK_OF(GENERAL_NAME). Actually, GENERAL_NAME_free is
a special function, not the same as OPENSSL_sk_free.
Task-number: QTBUG-57679
Change-Id: I3ed300bb95e8be35bd9cd06b6dbc6e59c7c6a4ee
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
... to make DTLS protocols work more like TLS protocol versions.
Also, handle (as 'unsupported' for now) those new constants in
a switch statement, when creating SSL_CTX (fixing build errors).
Change-Id: Ia444184ca191d8665e37046b0b9120e43ec5893a
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|\|
| |
| |
| | |
Change-Id: I9f802cb9b4d9ccba77ca39428a5cb1afd2d01642
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
1. If a request was redirected or some error was encountered, we
try to reset the uploading byte-device.
2. Disconnecting from the byte-device is not enough, since we have a
queued connection, _q_uploadDataReadyRead() gets called even if
byte-device was deleted and thus sender() can return null -
we have to check this condition.
3. Update auto-test with a case where our server immediately
replies with a redirect status code.
Task-number: QTBUG-67469
Task-number: QTBUG-66913
Change-Id: I9b364cf3dee1717940ddbe50cba37c3398cc9c95
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Properly handle single protocol TLS configurations. Previously,
due to the use of generic (non version-specific) client/server method
they worked as ranges of protocols instead. This also fixes a couple
of previously broken tests.
Task-number: QTBUG-67584
Change-Id: Ied23113a4fab6b407a34c953e3bd33eab153bb67
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When we load DER-encoded keys in the openssl-backend we always turn it
into PEM-encoded keys (essentially we prepend and append a header and
footer and use 'toBase64' on the DER data).
The problem comes from the header and footer which is simply chosen
based on which key algorithm was chosen by the user. Which would be
wrong when the key is a PKCS#8 key. This caused OpenSSL to fail when
trying to read it. Surprisingly it still loads correctly for unencrypted
keys with the wrong header, but not for encrypted keys.
This patch adds a small function which checks if a key is an encrypted
PKCS#8 key and then uses this function to figure out if a PKCS#8 header
and footer should be used (note that I only do this for encrypted PKCS#8
keys since, as previously mentioned, unencrypted keys are read correctly
by openssl).
The passphrase is now also passed to the QSslKeyPrivate::decodeDer
function so DER-encoded files can actually be decrypted.
[ChangeLog][QtNetwork][QSslKey] The openssl backend can now load
encrypted PKCS#8 DER-encoded keys.
Task-number: QTBUG-17718
Change-Id: I52eedf19bde297c9aa7fb050e835b3fc0db724e2
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|\|
| |
| |
| | |
Change-Id: I0120f804522c0c652e9537b6e9fe08189f071ed2
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It would previously only enable TLS v1.0, but it should also enable
SSL v3. According to Microsoft's documentation[0] that is exactly what
"SocketProtectionLevel_Ssl" does.
[0]: https://docs.microsoft.com/en-us/uwp/api/windows.networking.sockets.socketprotectionlevel
Change-Id: Id48f1ad310d994b8379116c9fa2102db858d7f69
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\|
| |
| |
| | |
Change-Id: Idf2bef470663864069bbf7e41af07b534936863a
|
| |
| |
| |
| |
| | |
Change-Id: I1d2f3b0b39de252f5392a2411ff4e3d94fd8593b
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@qt.io>
|
| |
| |
| |
| |
| |
| | |
Change-Id: I4dde73423111ca4af386fa76ac26d1a1161fe493
Reviewed-by: Andre de la Rocha <andre.rocha@qt.io>
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If data is received and the remote immediately closes the connection,
it was possible that data was lost. If a remote closes the connection
make sure that any pending data is processed, before signaling closing
of the socket.
Change-Id: Ia94a616a31184fd28695919baaff99811fe0f1dd
Reviewed-by: Andre de la Rocha <andre.rocha@qt.io>
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@qt.io>
|
|\ \
| | |
| | |
| | | |
refs/staging/dev
|
| |\|
| | |
| | |
| | | |
Change-Id: Ic811cd444e523b904211797112bba6aaec85dddd
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, I erroneously expected HEADERS frame only on a stream,
which is in half-closed (local) or reserved (remote) state. But
'open' state is also valid (RFC7540, 6.2). For example, we start
uploading some data, we have sent HEADERS frame and now are
sending DATA frames, without END_STREAM flag set yet; this stream
is in 'open' state. If a server wants to reply with some error
status code or redirect - it does not have to wait for our END_STREAM
flag, reading all this data that will be discarded anyway.
Task-number: QTBUG-67469
Change-Id: I53e3a5e9b2ab7f7917ae083ba44e862a227db238
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Namespace QSsl: introduce DtlsV1_0/DtlsV1_2/DtlsV1_2OrLater enumerators
into SslProtocol. Implement QSslConfiguration::defaultDtlsConfiguration.
Make some functions shared - now not only QSslSocket needs them,
but also DTLS-related code. This patch-set also enables
protocol-specific set of ciphers (so for DTLS we are using
the correct method - 'DTLS_method').
Change-Id: I828fc898674aa3c0a471e8e5b94575bb50538601
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|\|
| |
| |
| | |
Change-Id: I954bd6418bc862a04691240c0f1766f6ce033640
|
| |
| |
| |
| |
| |
| |
| |
| | |
Amends 594fe5c4636cb783bb7840efff4171e772ae906a.
Change-Id: I0fb5ab79d895cfd9698db9b4a4394481299a7e1a
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
|