| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
According to QUIP-18 [1], all tests file should be
LicenseRef-Qt-Commercial OR GPL-3.0-only
[1]: https://contribute.qt-project.org/quips/18
Pick-to: 6.7
Task-number: QTBUG-121787
Change-Id: I9657df5d660820e56c96d511ea49d321c54682e8
Reviewed-by: Christian Ehrlicher <ch.ehrlicher@gmx.de>
|
|
|
|
|
|
|
|
|
|
| |
[ChangeLog][QtNetwork][QSslDiffieHellmanParameters] An empty
Diffie-Hellmann parameter enables auto selection of openssl
backend.
Fixes: QTBUG-117666
Change-Id: Ic2e0529d48542752ca801bcb4d609988e5ddff25
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Since we use runtime plugins now and the test doesn't use any
symbols from openssl
Amends 486b1aec1606d6d778da6203e28640cd79ae0291
Pick-to: 6.6 6.5
Change-Id: Ib66d1ca15835c41fe138c7830ce3edd0bdce0d5f
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
The declaration was moved out of the #if QT_CONFIG(openssl) block at
some point, but the definition was not. This caused compilation errors
when building without OpenSSL configured.
Pick-to: 6.6 6.5
Change-Id: I41ed85fd57f5a912498e0f2517761b81a7b8673c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
|
| |
OpenSSL 3.1.2 can be configured with no-deprecated option, in this
case test fails to build.
Pick-to: 6.6 6.5 6.2
Change-Id: Icaf457f55fb001b632922856dbe4bbb5bdba220e
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
If OpenSSL version is 3.1.1 or above - this version moved the protocol
under security level 0, but the default one is 1.
Pick-to: 6.6 6.5 6.2 5.15
Fixes: QTBUG-116166
Change-Id: Iaabb2cf33e2a9f280d6167233ee16080dee808b0
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
| |
In Schannel it is not guaranteed CertificateBlacklisted will be the
first error emitted. And it really does not make a difference anyway.
Pick-to: 6.6 6.5 6.2
Change-Id: If041f913db9e78ac54e6f8bb2ba1bda110e7d64a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
| |
Change-Id: If107ec596abc6d5fd82206e8deff9875dfb308c8
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
| |
Pick-to: 6.5
Change-Id: I0c21aeea813ee48f8c62689dafce6f7fb9620001
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
|
| |
This reverts commit 9286d46ee25f84d24a509e703e294f792cba1483.
Reason for revert: Should be fixed by 5c6814fb18760f65bab0f8b9cd623ee5c874a58d
Change-Id: I3a161df445af8dcbb61138d57e931a093a319027
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
| |
Task-number: QTBUG-110059
Change-Id: Ibf1d76afd313e390103be4a22e44af7fb41ace1b
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
| |
Task-number: QTBUG-107696
Change-Id: Ic9cecd0c8624e7e8211633ef8a8ce0339662b4f6
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a semantic patch using ClangTidyTransformator as in
qtbase/df9d882d41b741fef7c5beeddb0abe9d904443d8, but extended to
handle typedefs and accesses through pointers, too:
const std::string o = "object";
auto hasTypeIgnoringPointer = [](auto type) { return anyOf(hasType(type), hasType(pointsTo(type))); };
auto derivedFromAnyOfClasses = [&](ArrayRef<StringRef> classes) {
auto exprOfDeclaredType = [&](auto decl) {
return expr(hasTypeIgnoringPointer(hasUnqualifiedDesugaredType(recordType(hasDeclaration(decl))))).bind(o);
};
return exprOfDeclaredType(cxxRecordDecl(isSameOrDerivedFrom(hasAnyName(classes))));
};
auto renameMethod = [&] (ArrayRef<StringRef> classes,
StringRef from, StringRef to) {
return makeRule(cxxMemberCallExpr(on(derivedFromAnyOfClasses(classes)),
callee(cxxMethodDecl(hasName(from), parameterCountIs(0)))),
changeTo(cat(access(o, cat(to)), "()")),
cat("use '", to, "' instead of '", from, "'"));
};
renameMethod(<classes>, "count", "size");
renameMethod(<classes>, "length", "size");
except that the on() matcher has been replaced by one that doesn't
ignoreParens().
a.k.a qt-port-to-std-compatible-api V5 with config Scope: 'Container'.
Added two NOLINTNEXTLINEs in tst_qbitarray and tst_qcontiguouscache,
to avoid porting calls that explicitly test count().
Change-Id: Icfb8808c2ff4a30187e9935a51cad26987451c22
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've been requiring C++17 since Qt 6.0, and our qAsConst use finally
starts to bother us (QTBUG-99313), so time to port away from it
now.
Since qAsConst has exactly the same semantics as std::as_const (down
to rvalue treatment, constexpr'ness and noexcept'ness), there's really
nothing more to it than a global search-and-replace, with manual
unstaging of the actual definition and documentation in dist/,
src/corelib/doc/ and src/corelib/global/.
Task-number: QTBUG-99313
Change-Id: I4c7114444a325ad4e62d0fcbfd347d2bbfb21541
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is semantic patch using ClangTidyTransformator:
auto QtContainerClass = expr(hasType(namedDecl(hasAnyName(<classes>)))).bind(o)
makeRule(cxxMemberCallExpr(on(QtContainerClass),
callee(cxxMethodDecl(hasAnyName({"count", "length"),
parameterCountIs(0))))),
changeTo(cat(access(o, cat("size"), "()"))),
cat("use 'size()' instead of 'count()/length()'"))
a.k.a qt-port-to-std-compatible-api with config Scope: 'Container'.
<classes> are:
// sequential:
"QByteArray",
"QList",
"QQueue",
"QStack",
"QString",
"QVarLengthArray",
"QVector",
// associative:
"QHash",
"QMultiHash",
"QMap",
"QMultiMap",
"QSet",
// Qt has no QMultiSet
Change-Id: Ibe8837be96e8d30d1846881ecd65180c1bc459af
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test was not really good to start with - it was assuming the presence of
particular ciphersuites. Furthermore, it was ignoring the fact that
TLS 1.2 and TLS 1.3 set ciphersuites differently in OpenSSL.
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106018
Task-number: QTBUG-95123
Change-Id: I6c8ba20154cdeb9275878462ab945729d6c82ecc
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL 3 by default disables TLS < 1.2 in the conf files. We're not
going to work against that, so we bump the version of TLS used.
Keep the client-side TLS 1.0 Or Later just to keep testing that this
part works.
Task-number: QTBUG-95123
Task-number: QTBUG-106018
Pick-to: 6.4 6.3 6.2 5.15
Change-Id: Ia6cb10495875de232d69a886832ae74c5f5ac15f
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial problem was in server not starting encryption, because
its certificate was rejected by OpenSSL (v3) saying 'weak md'.
After the certificate was replaced, we got another problem - due
to the fixed TLS v.1 protocol for both client and server - handshake
is interrupted early with 'tls v1 alert' and error message
saying about not found signature algorithms. Don't fix the protocol
version, use proper QSsl::SecureProtocols (default).
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106018
Task-number: QTBUG-95123
Change-Id: I0f22f5304f4405933ad511195bc61c640518e7d8
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The certificate was using SHA-1 for signing its certificate, which is
considered 'not good enough' by some TLS libraries.
Regenerate it with SHA-512 and a larger RSA key.
Also include the files needed to generate it.
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106018
Task-number: QTBUG-95123
Change-Id: I535e047d540e663c8cec334695196044173949fc
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL v3 by default sets SECLEVEL = 2 unless overridden in conf files.
SECLEVEL >= 1 means TLS <= 1.1 is disabled. Remove cases that were
previously expected to work. Arguably, we should not test deprecated
protocols at all, but the cases expecting a failure still work
and logically correct.
Task-number: QTBUG-95123
Task-number: QTBUG-106018
Pick-to: 6.4 6.3 6.2 5.15
Change-Id: Ifa59fa902b433338dbed7abf086cfdef9470384c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
| |
The certificate was updated recently and doesn't have the same
deprecated hash functions and small key size as the old one did.
Change-Id: I301ad50a96a30483b92a6e30f61e78e8d6b955ca
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the current license disclaimer in files by
a SPDX-License-Identifier.
Files that have to be modified by hand are modified.
License files are organized under LICENSES directory.
Task-number: QTBUG-67283
Change-Id: Id880c92784c40f3bbde861c0d93f58151c18b9f1
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TLS v1.0 and v1.1 enums are all deprecated since 6.3. At the same
time, the test requires their use, because none of the peers seeem to
implement TLS v1.2, yet (cf. e.g. QTQAINFRA-4499).
Fix by copying the relevant enum values into global variables and
using those. This is a selective way to deal with the issue. The use
of the enums is so widespread in the test that the alternative would
have been to globally suppress deprecation warnings, which, however,
may suppress warnings we may actually want to fix.
Pick-to: 6.3
Change-Id: I4186be72209527fc404f3ba0a5a15f9719c64698
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At some point we decided to support a custom set of ciphersuites specified
by QSslConfiguration (which if you ask me was never a good idea). The law
of unforseen consequiences bit us again: since we now give a set of ciphesuites
to QSslConfiguration and set ciphesuites from the configuration a socket has,
we are limited by the ciphersuites we know about at the moment of 'coding'.
Meaning if an SDK was updated and CipherSuite.h later adds more ciphersuites,
we miss them and 'don't support them', while we ... actually do.
This patch tries to add some more ciphersuites introduced in TLS 1.3 (interesting,
SecureTransport does not support TLS 1.3, but TLS 1.3 suites can be used in TLS
1.2 session).
Pick-to: 6.2 6.3 5.15
Task-number: QTBUG-99368
Change-Id: I439b63845c4893e5621cffaf3bcaf62e2b643c74
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
- avoid calls to private and virtual functions, if the device is not
open;
- avoid repetitive checks in loops;
- add missing checks in readLine() overloads;
- remove check against unsuccessful resize().
Change-Id: I973d5931163b25db1c09c7c3b66f29ea90bb1b29
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
| |
The server's socket may not have been created yet, so use the server's signal
instead.
Switch to QCOMPARE to get better output.
Delete the extra checking for schannel, we don't support Windows 8 anymore.
Pick-to: 6.2
Change-Id: Icd310c32939cb577c9f3438789f667aa0a3a4d85
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
| |
For flush() it's not clear what they wanted to test.
isEncrypted() is tested indirectly in many of the other tests.
Change-Id: Id6dfecbb25b7bba8f1a99518fd9c9e06280aaa9f
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
| |
Pick-to: 6.2
Change-Id: I30409667395bbe568823b8697dded41067a8346c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
| |
It needs to be checked at runtime to know if the current backend
supports it
Pick-to: 6.2
Change-Id: I0998309149b109e2075a008b2b8d8115fa3688cc
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per the best practice laid forth in RFC-8996.
TLS 1.2 was recommended from 2008 until TLS 1.3 was released in 2018.
[ChangeLog][QtNetwork][QSslSocket] TLS 1.0, 1.1 and DTLS 1.0 are now
deprecated, as recommended by RFC-8996.
Fixes: QTBUG-92880
Change-Id: I90cebcfb07cfce623af7ac9f2b66ce9d02586b54
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
| |
Since we're no longer connected, much less encrypted.
Was done in schannel backend, but not in ST or OpenSSL
Pick-to: 6.2
Change-Id: Ia49387be0088f899a0c89091f7e468dba1c0eee6
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
For auto-tests that were temporarily disabled. Similar to
network-settings.h, header-only stuff.
Fixes: QTBUG-92866
Fixes: QTBUG-92877
Change-Id: I15b5c0b41f0d8bfe59b09c844884ff6d99e6d41a
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-94186
Change-Id: I8c82f1fede8f9512f531f4ff17508b9e71ebf0b7
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible that Qt is built with OpenSSL and some other backend.
The ifdefs generated are not mutually exclusive anymore, as it was
in the past. So tests should rely on the actual backend they have
working at runtime.
In the process of fixing the auto-tests, modernized feature #if-ery and
some associated compilation issues.
Fixes: QTBUG-92875
Change-Id: I2be1b924d506fd36dc4e2c6c9158b5023ff87f32
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All backend-specific code is now separated and removed
from QSslSocket(Private) code. The original code is mostly
preserved to avoid (as much as possible) regressions (and
to simplify code-review).
Fixes: QTBUG-91173
Task-number: QTBUG-65922
Change-Id: I3ac4ba35d952162c8d6dc62d747cbd62dca0ef78
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 9391ba55149336c395b866b24dc9b844334d50da)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QTlsBackend is a factory itself - it creates TLS/X509 objects. Having
an intermediary between Factory->Backend->TLS primitive does not look
very natural thus let's squash the first two parts. Backend is a factory
creating TLS primitives, but its static functions also provide information
about backends availablei and give access to those backends.
Fixes: QTBUG-90606
Task-number: QTBUG-65922
Change-Id: I8409d81fd11fb46e6ab4465b4937a7680a8c2447
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
| |
This is an abstraction for TLS backend and its factory, preparing to transition
to plugin-based design.
Task-number: QTBUG-65922
Change-Id: Ibe810e77fd1b715a6bea66cd3f44312b015ac274
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This API gives the names of available backends and provides a basic
information about features/protocols supported by those backends.
Also, it has the 'loadBackend' functions which allow to select
a particular backend (which are becoming plugins).
At the moment, the implementation is still 'hardcoded', the
follow-up patch will allow to select different backends in runtime.
Task-number: QTBUG-65922
Change-Id: I05877de9c02857594e76b24d52e7578bdb01df69
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
SecureTransport does not allow deprecated digest algorithms, and
(depending on ST version) it may or may not accept our server's
certificate.
Funnily enough, they 'fluctuate' between versions again and again.
Fixes: QTBUG-89922
Change-Id: Ie5fbfca316806bd5000ce2d128b81b718bb36624
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Complete search and replace of QtTest and QtTest/QtTest with QTest, as
QtTest includes the whole module. Replace all such instances with
correct header includes. See Jira task for more discussion.
Fixes: QTBUG-88831
Change-Id: I981cfae18a1cabcabcabee376016b086d9d01f44
Pick-to: 6.0
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QSslCertificate::verify() has an undocumented and not very desirable property -
on some platorms it updates the default configuration, which can be surprising.
For example, we deprecated QSslSocket::setDefaultCaCertificates() and recommend
using QSslConfiguration::defaultConfiguration(), QSslConfiguration::setDefaultConfiguration(),
and QSslConfiguration::setCaCertificates(). If an application does this to select
CA roots it trusts explicitly, and then for some reason is calling verify, the
application can have its QSslSockets successfully connecting to a host, whose
root was not trusted by the application. Also, on Windows, defaultCaCertificates()
include system roots already, no need to have them twice.
[ChangeLog][QtCore][QtNetwork] QSslSocket::verify - do not change the default configuration
Pick-to: 5.15
Pick-to: 6.0
Pick-to: 6.0.0
Fixes: QTBUG-88639
Change-Id: I1cd40b259d0a6dcd15c78d1e7c027ff10859595c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
By adding auto-tests that were missing/not triggering the paths found
by LCOV.
Pick-to: 5.15
Pick-to: 6.0
Change-Id: I472f59e8e7292786c80d7c8dcebde53a2982e1ec
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tst_qsslcipher was quite useless - now we test that default constructed
QSslCipher reports expected values. Test the non-default from the
different auto-test, where we are sure we have really useful
ciphersuites (with different parameters obtained from a TLS backend,
where it's possible).
Pick-to: 6.0
Pick-to: 5.15
Change-Id: Iff14a0580fed889cf9e0873bee01d968773626db
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Interesting, it only exploded now - initially we were too fast (faster than
500 ms) so never noticed. Now that more tests with the similar event loop
handling were introduced, the last one was catching a single-shot timer
signal, accessing long dead object).
Fixes: QTBUG-87612
Change-Id: I52446fa7b08ef90a4742af3662da7837a8602941
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's not possible to connect to microsoft.com with Schannel TLS 1.3 for
some reason (also tested with Internet Explorer), but other sites work
fine. Must be something they have to iron out for later.
In my experience this needs a preview release of Windows. One of my
machines is opted into the dev channel of Windows where they enabled TLS
1.3 by default, and it works well in my tests except for the part above.
On my other machine, after enabling TLS 1.3 through the registry, I fail
to complete the handshake with any site. So around March/April next year
is when this code would activate for most people.
MinGW apparently defines NTDDI_VERSION as the one for Windows Server
2003, so it currently doesn't build the new TLS 1.3 code. In Qt (as a
project) we could consider setting this higher, but that's out of scope
for this patch!
Fixes: QTBUG-81294
Change-Id: If329959c3a30ecbfbb8c0d335cc39ccb6d012890
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
| |
This time based on grepping to also include documentation, tests and
examples previously missed by the automatic tool.
Change-Id: Ied1703f4bcc470fbc275f759ed5b7c588a5c4e9f
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
|
|
|
|
|
|
|
| |
Task-number: QTBUG-81661
Change-Id: I4ed2ad3a22bd5439751328d915e9984eb89397d1
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certain servers, like smtp.live.com, will send a request for a
certificate even though they don't require one. In Schannel this
manifests as a warning/info status (SEC_I_INCOMPLETE_CREDENTIALS).
In the cases where it's not needed we should suppress the warning and
try to connect anyway, which is done by calling
InitializeSecurityContext again when we get the status.
Pick-to: 5.15
Change-Id: I3c48140f2949d8557251a49a2b66946da9395736
Reviewed-by: Joshua GPBeta <studiocghibli@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CentOS it seems not only backported some OpenSSL 3 functions,
but also raised the default security level to 2, making some of
our keys (and MDs?) 'too weak' and failing auto-tests here and
there as a result. For our auto-test we lower the level to 1,
as it is expected to be.
Fixes: QTBUG-86336
Pick-to: 5.15
Change-Id: I7062a1b292e8b60eb9c2b2e82bd002f09f9da603
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|