| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
ASN UTCTime uses two characters to encode a year (YY). When converting it
into QDate, it's quite naive to just add 2000. According to RFC 2459,
these YY represent dates in the range [1950, 2049].
This patch also introduces a helper function doing the checked conversion
from a string to int (to be reused in the following-up patches).
Task-number: QTBUG-61934
Change-Id: I3f6f471d24e8357b83b2f5973023b2b842751389
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Move all the logic into socket.pri and clean-up source
code. Build local socket/server only if feature 'localserver'
was enabled.
Task-number: QTBUG-61672
Change-Id: I9f9d1a262df4bb020c8706c7cb5a66b926e0240f
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I noticed we never release 'items' imported by SecPKCS12Import.
But looking at the actual code (SecImportExport.c), it appears
we own these 'items' and must release them. And this leads to a crash
(on over-release) which reveals another bug: a value from a dictionary
obtained with 'Get' method should follow the 'get rule' - we do not
own it and QCFType RAII object is not needed.
Change-Id: I219015fadedb256c401e50cf7e955f3d7e0a6c5f
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If an application proxy has been set or the usage of the system proxy
configuration has been turned off then these should be respected rather
than querying the system for the proxy. By using proxyForQuery() over
systemProxyForQuery() it ensures that it first checks if there is an
application proxy set before falling back to the system proxy, if using
the system proxy has not been turned off.
Task-number: QTBUG-61692
Change-Id: I65ed3e6bd7b3449cd4ae3757e583aa8d7724221b
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
| |
Fixes GCC 7 warning:
socket\qnativesocketengine_win.cpp:888:21: warning: this statement may fall through [-Wimplicit-fallthrough=]
Change-Id: Idb4dce511b3ab634339ac1283d88def283a92028
Reviewed-by: Oliver Wolff <oliver.wolff@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
| |
The old SDK does not consider the macro value a constant expression, so
the build fails.
Change-Id: I95bdcd9ad34ee4da81016ff07e70439ed229f853
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
That's the only place there we can potentially pass a null pointer
to CFArrayAppendValue (all other calls are conditionally-protected).
This results in (surprise! ... ?) Objective-C exception (while we call
something that is a pure-C API). So far we cannot reproduce this crash and
can only speculate: probably this happens with invalid (can be either
really invalid or the result of our generic QSslCertificate's failure to read/
parse)) custom CA certificates appended to a QSslConfiguration object by
applications using QSslSocket/QNAM. The fix will probably make a handshake to
fail, but this seems to be better than a crash anyway.
Task-number: QTBUG-58213
Change-Id: Ie4f9ab2138bc383adc9f9ed55ed61be2d3cf7020
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
| |
Change-Id: I78deb7156900a3a0e79890062a40752b5d2561c3
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
| |
Change-Id: I0f47ffeb1a7dbda7dadbd78b2ea04167c42a503d
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On iOS QSslConfiguration always has an empty list of system CA certificates.
Calling SecTrustSetAnchorCertificatesOnly(.., TRUE) on iOS results in
SecTrustEvaluate failing to verify a valid certificate, since there
are no 'anchors' at all. We can use SecTrustSetAnchorCerificatesOnly(.. TRUE)
on macOS only, where we do extract/copy system certificates using
SecTrustSettingsCopyCertificates and save them in a QSslConfiguration's
list.
Task-number: QTBUG-61053
Change-Id: I70d4e46273d78414baaac8531273def707c3eebc
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of defering one more time by emitting the signal, we can add
the data to the list of available data/pending datagrams. For TCP
readNotification can be invoked directly so that emission of the
readyRead signal is tightly coupled to the availability of new data.
For UDP sockets calling readNotification directly stops handling of
more data and thus cannot be done.
With the old approach it was possible, that the last bit of TCP data
was lost, because the socket was closed while the data was still being
processed/transferred from the worker to the engine.
Task-number: QTBUG-61078
Change-Id: I9330b87876be853d310dc9e8e817ab344939d5dd
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@qt.io>
|
|
|
|
|
|
|
|
|
| |
QSslCertificate used SSL without checking if SSL is available.
This patch adds such checks to the constructors.
Change-Id: Iea298aded5966641327e22e41ad4665a3d0ec5d3
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Same as with receiving data, the "newConnection callback" might be
triggered late and cause a crash if it accesses data of a destroyed
object. By moving the handling of this callback to a worker without
much logic we can prevent these late callbacks from doing any harm.
The signals are no longer connected and thus do not trigger any
problems.
Change-Id: Ic61584f12a46506abe12d7b21403d0c0970c0aae
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our OpenSSL backend allows missing symbols and in general protected
from possible related failures. Unfortunately, for OpenSSL 1.1 this
means not only missing symbols (removed functions), but new incompatible
opaque data-structures and our 1.0 code trying to use them and probably
accessing some data-members via macros - we end up in UB and crashes.
SSLeay, which returns a version number, was removed in 1.1. A failure
to resolve this symbol we consider as a version mismatch and we make
'supportsSsl' to return false.
Task-number: QTCREATORBUG-18137
Change-Id: I5cd270f9c61a729105149779ee7277816f9467d7
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
The table is woefully outdated. Instead of shipping stale documentation
I think it's better to just reference the generic API for this.
Change-Id: I619113ab5140ccf65b774e69e836b27001bb0a18
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Topi Reiniö <topi.reinio@qt.io>
|
|
|
|
|
|
|
|
|
| |
ProtocolInvalidOperationError are meant for actual replies from the
server indicating that the operation is not valid (HTTP 400 Bad
Request).
Change-Id: I9ad33fff8b634979bdbafffd14bbc57e4b21d6bf
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
| |
Change-Id: Ie0868b2d2ec30513e870861514b252a79dff4998
Reviewed-by: Paul Olav Tvete <paul.tvete@qt.io>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Calling SecTrustSetAnchorCertificatesOnly(trust, false) we actually extend
what our user provided in QSslConfiguration as CA certificates (caCertificates,
setCaCertificates) - Secure Transport will also use a default set provided
by the system and SSL handshake can surprisingly (for a user) succeed.
And the default content of these caCertificates, if not altered by setCaCertificates
call - are those system CA certificates.
Task-number: QTBUG-60233
Change-Id: I8c1094bb7eec260f5202a47085f9f75e720eda7b
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
| |
qnetworkreply.cpp:307: warning: Can't link to 'QNetworkRequest::UserVerifiedRedirectsPolicy'
Change-Id: Ic96f834f3ca9984f626833e45e69f6322b83d12d
Reviewed-by: Martin Smith <martin.smith@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
That's before the return type or static, inline, constexpr or such
keywords (if any).
Perl Script:
s/^(\s+)(.*) Q_REQUIRED_RESULT(;)?(\s*\/\/.*)?$/\1Q_REQUIRED_RESULT \2\3\4/
Change-Id: I7814054a102a407d876ffffd14b6a16182f159e2
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
A signal emitted after the first 'isOpen' check on QNetworkReply can
trigger a slot that aborts/closes our reply. So before we can append
any data to reply's buffer, we have to re-check that we're still open.
Task-number: QTBUG-59909
Change-Id: I781d5a4fd5fc30d485af63f45cf36c254378af64
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Alex Trotsenko <alex1973tr@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
| |
qhstspolicy.cpp:105: warning: Undocumented parameter 'flags' in QHstsPolicy::QHstsPolicy()
qhstspolicy.cpp:105: warning: No such parameter 'includeSubDomains' in QHstsPolicy::QHstsPolicy()
qnetworkaccessmanager.cpp:732: warning: Undocumented parameter 'knownHosts' in QNetworkAccessManager::addStrictTransportSecurityHosts()
Change-Id: I24217d328df12febab30e19e2abd351e87007959
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@qt.io>
|
|\
| |
| |
| | |
Change-Id: I3bd83a839b16822035ed56a5cffe77bd6bc3f08d
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The QNetworkAccessCache was keeping the connection alive and it was
trying to reuse it for subsequent calls to download files from the
same server. After closing the connection, it is not usable anymore
and a new one should be created.
Task-number: QTBUG-40368
Change-Id: I1a0d08956a94eb36f39d14112cdcab6c1e2add82
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If networkAccessibility() was queried when the networkAccessibleChanged
signal was emitted then it would report the wrong state and in some
instances it would incorrectly report NotAccessible. This ensures that
it is reflecting what the signal would have been emitted with.
Change-Id: Ib0a7ef9e9ec42c9007340020fd535c8ad36caa49
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
GCC is wrong. Type-punning is when you read something of a given
type as something else. We're not doing that, as it's only read
as integer.
qnativesocketengine_unix.cpp:1011:79: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
Too bad my plan for a good C++ solution was foiled by glibc
developers.
Change-Id: I27b55fdf514247549455fffd14b1a27667745e94
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| | |
c0157a9f035a27a3ba20cab0ca3ca1c6e78f0b14 was incomplete.
Change-Id: I27b55fdf514247549455fffd14b158f54403663d
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If QNAM's general policy is 'Manual' and QNetworkRequest has neither
policy set not FollowRedirectAttribute - do NOT set this 'Manual' policy -
its implicitly implied. This fixes previously unnoticed auto test failure
(was blacklisted) and also makes QNetworkRequest::operator == work correctly.
Change-Id: If17c9af4baf8a470659f82d1a40488078ea8ede0
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cherry picked:
this change was first merged into dev, but now we also need it in 5.9
to enable SSL socket tests on the new CI VMs (macOS 10.11, 10.12).
As we do not merge dev->5.9, we need this cherry-pick.
Since day one Secure Transport socket has two annoying problems on macOS:
when we call SecPKCS12Import, we indeed import certs and keys into the default keychain
and also (which is more serious) later a dialog can pop up, asking for permission
to use a private key (this is especially annoying if you're running SSL autotests or
have a server application). Apparently, it's possible to work around those problems
if we create our own (temporary) keychain and pass it in the 'options' parameter
to SecPKCS12Import.
[ChangeLog][QtNetwork] Allow QSslSocket to use a temporary keychain on macOS.
Task-number: QTBUG-56102
Change-Id: Ic3a56c905100dc80d907a25fe6ebfa232dcf5b9e
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 17927392cf1cecb20cef7cb9cd77131391de087c)
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| | |
Change-Id: I9fd2a7ec402a1d2d99e30f08554d86f18c6424ff
Reviewed-by: Paul Olav Tvete <paul.tvete@qt.io>
|
| |
| |
| |
| |
| |
| |
| | |
... to re-use existing buffers.
Change-Id: I7c42529b8cd4400520a59e658ab76f4f8e965cd4
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously we were always setting SpdyWasUsedAttribute for SPDY/HTTP/2/HTTP/1.1
(true/false) which is confusing. Now if HTTP2AllowedAttribute was set to true on
a request, we set HTTP2WasUsedAttribute. Otherwise, as we did before, we're setting
SpdyWasUsedAttribute.
Change-Id: I0c44cfb5469fef0c12719baa951197ee2accee4a
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| | |
... to avoid allocations.
Change-Id: I5993633d1509495ff6ce3a11274a53504aac7c5e
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|\|
| |
| |
| | |
Change-Id: Icdd71e9713725bda9c305e338f5c8b41a92ed8e8
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
RFC6125 section 6.4.2 specify we need to convert the IDN to ascii
before comparison. Note that we don't need to toLower anymore
because toAce takes care of it.
Section 7.2 recommands that we dod not attempt to check for wildcard
character embedded within the A-labels or U-labels of an
internationalized domain name. So we reject names that contiains a
'*' but starts with 'xn--'.
Change-Id: Ib0830520a1f82bbf9fd11818718277a479527ee3
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\|
| |
| |
| |
| |
| |
| | |
Conflicts:
src/plugins/platforms/eglfs/eglfs-plugin.pro
Change-Id: Id76cdbb41b7758572a3b8ea4dcb40d49bac968db
|
| |
| |
| |
| |
| |
| | |
Task-number: QTBUG-59264
Change-Id: I960d5bff902b06ca5dda447fd60002a756a11e51
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Both SPDY and HTTP/2 work with a single qhttpnetworkchannel (and this means one
socket per qhttpnetworkconnection). Normally, HTTP/1.1 connection is using up to 6
channels/sockets though. At the moment a failure to negotiate SPDY/HTTP/2 leaves us
with a downgraded HTTP/1.1 connection (with only one channel vs. default 6).
Since we initialize channels (and establish connections) in a 'lazy' manner
it's ok to pre-allocate all 6 channels and then either use 1 (if SPDY/HTTP/2
indeed was negotiated) or switch back to 6 in case of failure.
Change-Id: Ia6c3061463c4d634aaed05ce0dde47bfb5e24dd8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Secure Transport supports more ciphers then we can convert into QSslCipher.
This results in our tests failing, since after the successful SSL handshake
sessionCipher is 'unknown'. This patch adds missing AES256-GCM-SHA384 and also,
to make new cipher addition easier in future, sorts cipher suites as it's done
in CipherSuite.h (ST framework's header) - grouped by RFC they were introduced
in + sorted within their group.
As a bonus (thanks to Eddy for spotting this problem) - some copy & paste (?)
typos were fixed (mismatched names).
Task-number: QTBUG-59480
Change-Id: I61e984da8b37f1c0787305a26fc289e2e7c2b4ad
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
examples/network/network.pro
mkspecs/features/mac/default_post.prf
src/corelib/io/qfilesystemengine_win.cpp
src/corelib/io/qprocess.cpp
src/corelib/io/qprocess.h
src/corelib/io/qprocess_p.h
src/corelib/io/qprocess_unix.cpp
src/corelib/io/qprocess_win.cpp
src/corelib/thread/qmutex.cpp
src/platformsupport/fontdatabases/windows/windows.pri
src/plugins/platforms/eglfs/eglfsdeviceintegration.pro
tests/auto/corelib/io/io.pro
Change-Id: I8a27e0e141454818bba9c433200a4e84a88d147e
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For the windows file system engine, we add an extra macro to use
library loading if configured to do so, but avoid it on WinRT, as
none of the symbols would be found.
We also QT_REQUIRE_CONFIG(library) in the library headers and
exclude the sources from the build if library loading is disabled.
This, in turn, makes it necessary to clean up some header inclusions.
Change-Id: I2b152cb5b47a2658996b6f4702b038536a5704ec
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
|
| |
| |
| |
| |
| |
| | |
Task-number: QTBUG-59164
Change-Id: Idd5ceba1eba34cb78c46fffd14a734735991f4fb
Reviewed-by: David Faure <david.faure@kdab.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As pointed out in the previous code-review:
Replace a bool ctor parameter with QFlags<enum> to conform to
Qt API Design Principles (Boolean Parameter Trap).
Since the bool with its many unwanted implicit conversions is
gone from the ctor parameter list now, drop the explicit
keyword again. It was requested because of the boolean parameter
in the first place.
Change-Id: Ibaf287a6a3e38c22f033fd5d9e024c54f30a1fd4
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
For examples and documentation, use new BSD license text that
includes the commercial licenses.
Change-Id: I1cd74bd8e9c8f2746d8702df00780ee100cbebac
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace outdated LGPL21 with LGPL license header.
Use GPL-EXCEPT for all autotests.
Also use canonical contact url.
Change-Id: I6e5cc8a4285569c4f862730a980f492b8a933a72
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Change-Id: I34821150f66255df30d12572b27779e0e729ebc8
Reviewed-by: Samuel Gaist <samuel.gaist@edeltech.ch>
Reviewed-by: Alex Trotsenko <alex1973tr@gmail.com>
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
|\ \ |
|
| |\|
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
mkspecs/features/moc.prf
Change-Id: Ia71c8e3b3185f7c999bf226d0675051b10b8740b
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Make it iterate the addresses available looking for an IPv4 address,
when that's what it needs, instead of just assuming the first entry in
the list (when non-empty) is IPv4.
Based on a suggestion by Dmitry Pankratov.
Task-number: QTBUG-27641
Change-Id: I1920f68ade44a996ea5c2ed691a87ff3e686f35a
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the outdated ones remain for backwards compatibility; some remain
unchanged.
Task-number: QTBUG-30083
Change-Id: Ia596b854d26b00fcb4f48df0da7ad893650ac1c8
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|