summaryrefslogtreecommitdiffstats
path: root/tests/auto/network/ssl/qsslsocket
Commit message (Collapse)AuthorAgeFilesLines
* QSslSocket::verify: do not alter the default configurationTimur Pocheptsov2020-12-072-3/+97
| | | | | | | | | | | | | | | | | | | QSslCertificate::verify() has an undocumented and not very desirable property - on some platorms it updates the default configuration, which can be surprising. For example, we deprecated QSslSocket::setDefaultCaCertificates() and recommend using QSslConfiguration::defaultConfiguration(), QSslConfiguration::setDefaultConfiguration(), and QSslConfiguration::setCaCertificates(). If an application does this to select CA roots it trusts explicitly, and then for some reason is calling verify, the application can have its QSslSockets successfully connecting to a host, whose root was not trusted by the application. Also, on Windows, defaultCaCertificates() include system roots already, no need to have them twice. [ChangeLog][QtCore][QtNetwork] QSslSocket::verify - do not change the default configuration Fixes: QTBUG-88639 Change-Id: I1cd40b259d0a6dcd15c78d1e7c027ff10859595c Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit 1158ff67b492853b72199ed78bfcf24132e1c7ff)
* QSslCipher - improve its code coverage and auto-testsTimur Pocheptsov2020-12-011-28/+16
| | | | | | | | | | | | | tst_qsslcipher was quite useless - now we test that default constructed QSslCipher reports expected values. Test the non-default from the different auto-test, where we are sure we have really useful ciphersuites (with different parameters obtained from a TLS backend, where it's possible). Change-Id: Iff14a0580fed889cf9e0873bee01d968773626db Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> (cherry picked from commit 1a2e2921d268f09b6cb5ca91c85614192b8e2e0e) Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* QSslConfiguration - improve code coverageTimur Pocheptsov2020-11-301-2/+27
| | | | | | | | | By adding auto-tests that were missing/not triggering the paths found by LCOV. Change-Id: I472f59e8e7292786c80d7c8dcebde53a2982e1ec Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit 1157167a5c69e253fdeb6c8ad532c5d52e150769)
* Schannel: Properly handle request for certificateMårten Nordheim2020-09-141-8/+0
| | | | | | | | | | | | | | | Certain servers, like smtp.live.com, will send a request for a certificate even though they don't require one. In Schannel this manifests as a warning/info status (SEC_I_INCOMPLETE_CREDENTIALS). In the cases where it's not needed we should suppress the warning and try to connect anyway, which is done by calling InitializeSecurityContext again when we get the status. Change-Id: I3c48140f2949d8557251a49a2b66946da9395736 Reviewed-by: Joshua GPBeta <studiocghibli@gmail.com> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> (cherry picked from commit 2253d5eca6de707080af9af11bc0dcfdea846fc5) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* QSsl: workaround a 'very secure' OpenSSL version (CentOS 8.x et al)Timur Pocheptsov2020-09-141-0/+9
| | | | | | | | | | | | | | CentOS it seems not only backported some OpenSSL 3 functions, but also raised the default security level to 2, making some of our keys (and MDs?) 'too weak' and failing auto-tests here and there as a result. For our auto-test we lower the level to 1, as it is expected to be. Fixes: QTBUG-86336 Change-Id: I7062a1b292e8b60eb9c2b2e82bd002f09f9da603 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit 605d2163f1dcd7e1ad701ade913cb476b91865b1) Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* tst_QSslSocket - stop using qrand (to suppress a warning)Timur Pocheptsov2020-06-101-7/+6
| | | | | | | | | | | | Whoever wrote this test, was a PROPER hacker: trying to force a TLS implementation not to properly compress some data, they generated a sequence of bytes in a very fancy manner, something like 255 0 0 0 255 0 0 0 123 0 0 0 255 0 0 0 - yeah, it's really a random sequence of bytes, surely, it's impossible to compress! Meh. Change-Id: Ia10ae18a40b5b8f006c45147b06fe5be6efcb129 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit 7d989648151c577c1706ca85acf70edca4b91363) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* tst_QSslSocket - do not test the deprecated APITimur Pocheptsov2020-06-101-108/+2
| | | | | | | | | | | We deprecated several setters on QSslSocket, no need to test them then (and I'm removing them in Qt 6 anyway, so changing the test is the phase 1). Change-Id: I5807abfb280cbacd4fcc19468793f9d1f3b2ff20 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit d9b2115060aa8eb79c7ad3ab57c99c4a3c15467c) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* QSslSocket::setSslSonfiguration - set d.configuration properlyTimur Pocheptsov2020-05-201-0/+20
| | | | | | | | | | | | | | | We end up with an absurd situation: QSslConfiguration conf; //we set CA certs so that on demand loading is disabled: conf.setCaCertificates({...}); QSslSocket s; s.setSslConfiguration(conf); Q_ASSERT(conf == s.sslConfiguration); // this assert fails. Change-Id: I272bed145434082acc6ead95fe3640d222b21131 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit 920487bf6b4d06ce9fef82e99e262ee0dd7d2ea3) Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* More qOverload cleanups in qtbaseTimur Pocheptsov2020-03-241-2/+1
| | | | | | Task-number: QTBUG-82605 Change-Id: I1c3c14ed82911ed5483258c11e76f5dd7744fa12 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* QAbstractSocket: deprecate 'error' signal, use 'errorOccurred' insteadAlexander Akulich2020-02-271-22/+22
| | | | | | | [ChangeLog][Deprecation Notice] QAbstractSocket::error() (the signal) is deprecated; superseded by errorOccurred() Change-Id: I11e9c774d7c6096d1e9b37c451cf0b99188b6aad Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* Revert "QAbstractSocket: deprecate 'error' member-function"Alexander Akulich2020-02-261-14/+14
| | | | | | | | | | | | | | This reverts commit 94b3dd77f29a00ebbd1efdc66d75f57e1c75b152. The patch fixes ambiguity between a getter and a signal by changing the getter name, but we still have to rename the signal to follow the signals naming convention. Revert the commit to keep the getter as is and change the signal name instead. Change-Id: I0dd60cf1ae9d1bd95beeb8ad58661ca4b1fb63b9 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Merge remote-tracking branch 'origin/5.14' into 5.15Qt Forward Merge Bot2020-01-281-2/+2
|\ | | | | | | | | | | | | Conflicts: src/gui/image/qpnghandler.cpp Change-Id: I8630f363457bb613d8fb88470a71d95d97cdb301
| * Flatten version-specific blacklisting on macOS to all macOS versionsTor Arne Vestbø2020-01-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | We don't know which versions these blacklistings actually apply on unless we actually get macOS 10.14 and 10.15 into the CI and running tests, so let's start with that, and then granularize the blacklists after that. Task-number: QTBUG-75786 Change-Id: Id79642afa50cb20efa2cd209286b6933918d3a4a Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
* | Merge remote-tracking branch 'origin/5.14' into 5.15Qt Forward Merge Bot2020-01-151-1/+2
|\| | | | | | | Change-Id: I8dbcf23835d52d3aa7d018ed250814d60c68aa83
| * Skip instead of fail tests when test server is not availableTor Arne Vestbø2020-01-141-1/+2
| | | | | | | | | | | | | | | | | | | | We were being inconsistent in how we handled this, some tests skipping while others using QVERIFY. It makes more sense to skip the tests, since the problem is a missing pre-condition of the test, not the test itself being bad or exposing real failures in the implementation. Change-Id: I20eacfe12dbce0b0d926e48cbe2d2772819fa4a5 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* | QSslSocket: deprecate sslErrors() getterTimur Pocheptsov2020-01-101-4/+4
| | | | | | | | | | | | | | | | | | | | | | To disambiguate &QSslSocket::sslErrors() expression. Add a new getter - sslHandshakeErrors(). [ChangeLog][Deprecation Notice] QSslSocket::sslErrors() (the getter) was deprecated and superseded by sslHandshakeErrors() Task-number: QTBUG-80369 Change-Id: I9dcca3c8499800c122db230753dc19b07654f8a2 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* | QAbstractSocket: deprecate 'error' member-functionTimur Pocheptsov2020-01-101-14/+14
| | | | | | | | | | | | | | | | | | | | | | | | The one that is a getter for the last error found. This is to disambiguate the expression '&QAbstractSocket::error'. Introduce a new member-function socketError as a replacement. [ChangeLog][Deprecation Notice] QAbstractSocket::error() (the getter) is deprecated; superseded by socketError(). Task-number: QTBUG-80369 Change-Id: Ia2e3d108657aaa7929ab0810babe2ede309740ba Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* | Merge remote-tracking branch 'origin/5.14' into 5.15Qt Forward Merge Bot2019-11-081-0/+49
|\| | | | | | | Change-Id: I963b5f48b5d6f3500ca379fbd7f1a4290b570175
| * Merge remote-tracking branch 'origin/5.13' into 5.14Qt Forward Merge Bot2019-11-061-0/+49
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: .qmake.conf mkspecs/features/mac/default_post.prf src/corelib/tools/qsimd_p.h src/platformsupport/fontdatabases/mac/qcoretextfontdatabase.mm util/qfloat16-tables/gen_qfloat16_tables.cpp Change-Id: If48fa8a3bc3c983706b609a6d3822cb67c1352a4
| | * Schannel: no longer keep old ssl errors around when reusing socketMårten Nordheim2019-10-071-0/+49
| | | | | | | | | | | | | | | | | | | | | | | | And add a test for it so it can no longer happen in any current or future implementation. Change-Id: I3214aa90595e291b1e1c66befe185cfe1ea7bc6b Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* | | QSslSocket - remove old OpenSSL backend (< 1.1)Timur Pocheptsov2019-11-011-10/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenSSL 1.0.2 will stop receiving all support at the end of 2019. Qt 5.15 is our next LTS thus makes sense remove OpenSSL 1.0.2 support there. This also allows us quite a significant cleanup of an old heavily if-defed code and all 'pre11' suffixed source files. [ChangeLog][QtNetwork][SSL] Removed OpenSSL 1.0.x support, now 1.1.x is required Change-Id: I70c70c56cbd8aeff793afe793335696d1b1b7408 Reviewed-by: Lars Knoll <lars.knoll@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* | | tst_qsslsocket: Update some QSslConfiguration usageMårten Nordheim2019-09-251-21/+31
|/ / | | | | | | | | | | | | | | | | Following the deprecation of add[Default]CaCertificate[s] let's update the uses of it. While we're doing this, let's also use QSslConfiguration more in some places where it makes sense. Change-Id: I2c9e7c73fee8a405492410378f2babe67d3a3f25 Reviewed-by: Jesus Fernandez <jsfdez@gmail.com>
* | Update for failures only on dev branch. Use general platform namesDaniel Smith2019-08-191-4/+0
| | | | | | | | | | | | | | | | | | | | This patch was generated with tooling from patchset 31 of https://codereview.qt-project.org/c/qt/qtqa/+/267034 in interactive mode. General platform names were chosen if greater than 60% of the currently active platforms of a given type in COIN recently failed. Change-Id: Ia4bde7f0ec422bbb727dc9d7151295159094f146 Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
* | Make network tests build and pass with disabled deprecated APIsSona Kurazyan2019-07-231-49/+198
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Deprecated APIs of network lib are used only in tests. This change makes sure, that the tests build and pass with those deprecated APIs removed or disabled, by: - Making the parts of the tests testing the deprecated APIs to be compiled conditionally, only when the corresponding methods are enabled. - If the test-case tests only the deprecated API, but not the corresponding replacement, added tests for the replacement. Task-number: QTBUG-76541 Change-Id: I78c4913155007fd1d0df2c38e1b9a8b80066adeb Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> Reviewed-by: Alex Blasche <alexander.blasche@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* | Merge remote-tracking branch 'origin/5.13' into devQt Forward Merge Bot2019-07-171-1/+0
|\| | | | | | | | | | | | | | | | | | | Conflicts: src/corelib/global/qlogging.cpp src/gui/painting/qtextureglyphcache_p.h src/gui/text/qfontengine.cpp src/widgets/widgets/qlineedit.cpp Change-Id: Ic8798538df466b7141caa8bbf1fb7605eb56be37
| * Merge remote-tracking branch 'origin/5.12' into 5.13Qt Forward Merge Bot2019-07-121-1/+0
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.pri Also required s/solid\.color/solidColor/ in a couple of places in: src/gui/painting/qpaintengine_raster.cpp Change-Id: I29937f63e9779deb6dac7ae77e2948d06ebc0319
| | * Revert "Temporarily skip tst_QSslSocket::resume"Mårten Nordheim2019-07-031-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 9a25d27b9d58316dee5d2305135d2d74ad5d51e7. The QSKIP is no longer needed as the imap server's certificate was updated Task-number: QTBUG-76610 Change-Id: I1007ce50d6f7f6258fdeb8894c66678a660b03ca Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
| * | Merge remote-tracking branch 'origin/5.12' into 5.13Liang Qi2019-06-252-15/+16
| |\| | | | | | | | | | | | | | | | | | | | | | Conflicts: src/corelib/io/qstorageinfo_unix.cpp src/network/ssl/qsslsocket_openssl.cpp Change-Id: Ibc9ce799bef62d60d616beaa9fbde8ebeadfbc20
| * | tst_qsslsocket: fix racy testv5.13.0-rc3v5.13.0Mårten Nordheim2019-06-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In this threaded setup the server can sometimes have the data before it calls "waitForReadyRead", what happens then is that we fail the wait and as a result the test fails overall. Let's check if we actually got some data after all and then continue if we did. Since both the client and the server currently wait the same amount of time (2s) the max timeout for the client was increased by 0.5s so it has some time to notice that the server got the message. Change-Id: Ib5915958853413047aa5a7574712585bcae28f79 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> (cherry picked from commit e79b1dcdf542be3a20d5c21ea163ff857ed875bf) Reviewed-by: Simo Fält <simo.falt@qt.io> (cherry picked from commit d53b8b77bc8de236e148ef2652806015a9a87e2b) Change-Id: I2f6ffb8e0a9b4d591edb6925e48baffcefc14511 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
| * | QSslSocket: add and set the TLSv1.3-specific PSK callbackMårten Nordheim2019-06-131-11/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If this callback is not set then OpenSSL will call the callback used for <= TLS 1.2 unconditionally when connecting. If using PSK it will call it again later once the preshared key is needed. We don't currently handle the TLSv1.3 PSK, but we definitely should. But for now we can work around it - when psk_use_session_callback is called we simply change the PSK callback to a dummy function whose only purpose is to restore the old callback. This is mostly done to keep behavior the same as it is now for users (and to keep our tests running). Later we can add a new signal and handle this new feature properly. Reviewed-by: Simo Fält <simo.falt@qt.io> (cherry picked from commit d8efc8d718e3b3a0464f321e740541f5b221a5d6) Task-number: QTBUG-67463 Change-Id: I4aca4ae73ec4be7c4f82a85e8864de103f35a834 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* | | unblacklist passing testsDaniel Smith2019-07-081-13/+5
| | | | | | | | | | | | | | | | | | | | | | | | These tests have not failed on the removed platforms for at least 60 days Task-number: QTBUG-76608 Change-Id: If7a9f4db907124e3cd54e3f4b0ad3e20717d1912 Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
* | | Remove usages of deprecated APIs from QtAlgorithmsSona Kurazyan2019-06-291-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Task-number: QTBUG-76491 Change-Id: I9dab736a0cbd2e86588919640c26e8ce6b3674d0 Reviewed-by: Alex Blasche <alexander.blasche@qt.io> Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
* | | Merge remote-tracking branch 'origin/5.12' into devLiang Qi2019-06-252-26/+17
|\ \ \ | | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: .qmake.conf src/gui/painting/qdrawhelper.cpp src/gui/text/qdistancefield.cpp src/gui/text/qdistancefield_p.h src/network/ssl/qsslsocket_openssl.cpp src/plugins/platforms/android/qandroidinputcontext.cpp src/widgets/styles/qstylesheetstyle.cpp Done-With: Timur Pocheptsov <timur.pocheptsov@qt.io> Change-Id: Ia7daad21f077ea889898f17734ec46303e71fe6b
| * | Temporarily skip tst_QSslSocket::resumeMårten Nordheim2019-06-241-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Will be reverted once ready Change-Id: Id03df7dea1dd65579ec83606fddf2a73a45a0d64 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
| * | SSL: Update an about-to-expire certificateMårten Nordheim2019-06-241-15/+15
| | | | | | | | | | | | | | | | | | Change-Id: I9e29baf529b74ae33fa0ee7250e5af6b1873e86f Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
| * | QSslSocket: add and set the TLSv1.3-specific PSK callbackv5.12.4Mårten Nordheim2019-06-121-11/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If this callback is not set then OpenSSL will call the callback used for <= TLS 1.2 unconditionally when connecting. If using PSK it will call it again later once the preshared key is needed. We don't currently handle the TLSv1.3 PSK, but we definitely should. But for now we can work around it - when psk_use_session_callback is called we simply change the PSK callback to a dummy function whose only purpose is to restore the old callback. This is mostly done to keep behavior the same as it is now for users (and to keep our tests running). Later we can add a new signal and handle this new feature properly. Task-number: QTBUG-67463 Change-Id: I4aca4ae73ec4be7c4f82a85e8864de103f35a834 Reviewed-by: Simo Fält <simo.falt@qt.io>
| * | tst_qsslsocket: fix racy testMårten Nordheim2019-06-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In this threaded setup the server can sometimes have the data before it calls "waitForReadyRead", what happens then is that we fail the wait and as a result the test fails overall. Let's check if we actually got some data after all and then continue if we did. Since both the client and the server currently wait the same amount of time (2s) the max timeout for the client was increased by 0.5s so it has some time to notice that the server got the message. Change-Id: Ib5915958853413047aa5a7574712585bcae28f79 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> (cherry picked from commit e79b1dcdf542be3a20d5c21ea163ff857ed875bf) Reviewed-by: Simo Fält <simo.falt@qt.io>
* | | Convert uses of QTime as a timer to QElapsedTimerEdward Welbourne2019-06-141-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I2297f61efa5adf9ea5194c7f3ff68574cbcf452c Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
* | | Granularize blacklist of qsslsocket for WindowsMårten Nordheim2019-05-101-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | Using the information from grafana we can unblacklist all the things which are consistently passing. Change-Id: I79917ca9c40e1df2dab46bb54cc0a2bd4a1a4621 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* | | Expose docker test server as an internal config to all modulesRyan Chu2019-04-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before testserver becomes a stable feature, let's keep testserver.prf in "mkspecs/features/unsupported". The test server's shared files will be stored in "mkspecs/features/data/testserver". Because the path of testserver has been changed, all the tests relying on the docker servers should be updated as well. Change-Id: Id2494d2b58ee2a9522d99ae61c6236021506b876 Reviewed-by: Maurice Kalinowski <maurice.kalinowski@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* | | tst_qsslsocket: fix racy testMårten Nordheim2019-03-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In this threaded setup the server can sometimes have the data before it calls "waitForReadyRead", what happens then is that we fail the wait and as a result the test fails overall. Let's check if we actually got some data after all and then continue if we did. Since both the client and the server currently wait the same amount of time (2s) the max timeout for the client was increased by 0.5s so it has some time to notice that the server got the message. Change-Id: Ib5915958853413047aa5a7574712585bcae28f79 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* | | Convert tst_QSslSocket to work with DockerTimur Pocheptsov2019-03-113-66/+134
| | | | | | | | | | | | | | | | | | | | | Change-Id: Ifb075763e3a0c6c08677dd2ae7febbbc8e4e48a9 Reviewed-by: Ryan Chu <ryan.chu@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* | | SecureTransport - make 'securetransport' feature publicTimur Pocheptsov2019-03-071-4/+4
| |/ |/| | | | | | | | | | | | | | | | | | | Given the current feature disparity, it makes sense to give our users ability to detect if they can use some feature or not in their application code, using our 'modern' QT_CONFIG(securetransport). Accordingly, use this new syntax in our own auto-tests. Change-Id: Ib33b03e7e602e9f8b0db8251377c89dbaada1049 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* | Schannel: Add ALPN supportMårten Nordheim2019-01-281-3/+19
| | | | | | | | | | | | | | | | [ChangeLog][QtNetwork][SSL] The Schannel backend now supports ALPN and thus HTTP/2. Change-Id: I1819a936ec3c9e0118b9dad12681f791262d4db2 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* | Merge "Merge remote-tracking branch 'origin/5.12' into dev" into ↵Liang Qi2019-01-281-0/+6
|\ \ | | | | | | | | | refs/staging/dev
| * | Merge remote-tracking branch 'origin/5.12' into devLiang Qi2019-01-261-0/+6
| |\| | | | | | | | | | | | | | | | | | | | | | Conflicts: src/android/templates/AndroidManifest.xml tests/auto/widgets/styles/qstylesheetstyle/tst_qstylesheetstyle.cpp Change-Id: I4c9679e3a8ebba118fbf4772301ff8fde60455b9
| | * tst_qsslsocket - blacklist several test temporarilyTimur Pocheptsov2019-01-241-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For some reason behavior of SecureTransport has changed from 10.12 to 10.13 and then to 10.14. On 10.13 SecureTransport fails upon receiving the server's certificate with 'Unrecoverable error', before we can do a manual verification and accept the certificate as trusted. Analysis of available source code shows that they, apparently, do not like MD5 hash which our server is using. Until certificate is updated on the server or we switch completely to the Docker-based solution we have to BLACKLIST tests that connect to our current network test-server. Oddly enough, on 10.14 SecureTransport is less mean. Task-number: QTBUG-69873 Change-Id: I7da1883e0970a2f6ddd8385f193b76116d6983e0 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* | | QSslSocket: Fix isMatchingHostname when the CN is an IP AddressMårten Nordheim2019-01-282-0/+27
|/ / | | | | | | | | | | | | Change-Id: Id083c1434fcb3a64af40e6f8df720719c1029ca7 Fixes: QTBUG-73289 Reviewed-by: Liang Qi <liang.qi@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* | tst_qsslsocket: Make an ALPN test available to other backendsMårten Nordheim2019-01-241-40/+41
| | | | | | | | | | | | | | | | | | | | | | Currently only available for the OpenSSL backend to use but doesn't actually rely on anything OpenSSL specific. Move it so it can be used by the Schannel backend in an upcoming patch Change-Id: Ia29b153bf3f29cff0d62a41ec5dd7d4671a18095 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* | Ssl: Add support for IP-address in alternate subject nameMårten Nordheim2019-01-242-0/+31
| | | | | | | | | | | | | | | | | | | | While it's not common it still occurs, perhaps especially with 127.0.0.1 Can be tested by attempting to connect to https://1.1.1.1/ using Qt. Change-Id: Idad56476597ab570b8347236ff700fa66ab5b1f4 Fixes: QTBUG-71828 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-19 10:25:51 +0000