| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently the peerVerifyError test for QSslSocket makes an assumption
about the order in which SSL errors are emitted by peerVerifyError. This
assumption does not necessarily hold for non-OpenSSL backends.
This change fixes this assumption, and also checks that HostNameMismatch
was found both in the errors emitted by peerVerifyError and by sslErrors.
Change-Id: I856d1ea43b36332db0f178d35fc14a4bb18ad673
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
| |
Some of the QSslSocket tests use OpenSSL-specific symbols. This
change fixes this issue.
Change-Id: Ib67efa42a15facaf0ad34fc0466341a37d945d1e
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This changes tests which use QSslCertificate::handle() to determine
if a certificate is null to use QSslCertificate::isNull() instead.
This is required for non-OpenSSL backends which do not actually
expose a private handle.
Change-Id: I9523ba0dd00d47ba337b543ad34840125db99bfb
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| |
|
|
|
|
|
|
|
| |
This moves the socket backend's host name matching functions up to
QSslSocketPrivate so that they can be shared between backends. This
works, as there is no OpenSSL-specific code here.
Change-Id: I73c2081fdc2e60a44c90e90800d1e1877391a626
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
| |
Discussed with Peter and agreed that it's a slightly better fit there.
Change-Id: If8db777336e2273670a23d75d8542b30c07e0d7b
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for loading certificates and keys from PKCS#12 bundles
(also known as pfx files).
Task-number: QTBUG-1565
[ChangeLog][QtNetwork][QSslSocket] Support for loading PKCS#12
bundles was added. These are often used to transport keys and
certificates conveniently, particularly when making use of
client certificates.
Change-Id: Idaeb2cb4dac4b19881a5c99c7c0a7eea00c2b207
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
|
| |
|
|
|
|
| |
Change-Id: I2912dcca77270582f6e989b8b3fb72b82f6f70d6
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Despite supporting DH and ECDH key exchange as a client, Qt did not provide
any default parameters which prevented them being used as a server. A
future change should allow the user to control the parameters used, but
these defaults should be okay for most users.
[ChangeLog][Important Behavior Changes] Support for DH and ECDH key exchange
cipher suites when acting as an SSL server has been made possible. This
change means the you can now implement servers that offer forward-secrecy
using Qt.
Task-number: QTBUG-20666
Change-Id: I469163900e4313da9d2d0c3e1e5e47ef46320b17
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |
|
|
|
|
|
|
|
| |
Output the SSL library version, output socket error string on connection
failure consistently, silence numerous warnings about QIODevice not
being open in tst_QSslSocket::constructing.
Change-Id: Ia23d42de5b2daca55b2f6f50af025d61e99c52a0
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |
|
|
|
| |
Change-Id: If1cc5fafddc41ed19dd818caf294c69cd4969216
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\
| |
| |
| | |
refs/staging/dev
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/corelib/global/qglobal.h
src/corelib/tools/qstring.cpp
src/gui/image/image.pri
src/gui/image/qimage.cpp
src/plugins/platforms/cocoa/qcocoawindow.h
src/plugins/platforms/cocoa/qcocoawindow.mm
src/plugins/platforms/eglfs/qeglfshooks_stub.cpp
tests/auto/corelib/io/qstandardpaths/tst_qstandardpaths.cpp
Change-Id: I3b9ba029c8f2263b011f204fdf68c3231c6d4ce5
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Qt since approximately 4.4 has set the verify callback on both the SSL
store and the SSL context. Only the latter is actually needed. This is
normally not a problem, but openssl prior to 1.0.2 uses the verify
code to find the intermediate certificates for any local certificate
that has been set which can lead to verification errors for the local
certificate to be emitted.
Task-number: QTBUG-33228
Task-number: QTBUG-7200
Task-number: QTBUG-24234
Change-Id: Ie4115e7f7faa1267ea9b807c01b1ed6604c4a16c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Any cipher that is < 128 bits is excluded from the default SSL
configuration. These ciphers are still included in the list
of availableCiphers() and can be used by applications if required.
Calling QSslSocket::setDefaultCiphers(QSslSocket::availableCiphers())
will restore the old behavior.
Note that in doing so I spotted that calling defaultCiphers() before
doing other actions with SSL had an existing bug that I've addressed
as part of the change.
[ChangeLog][Important Behavior Changes] The default set of
ciphers used by QSslSocket has been changed to exclude ciphers that are
using key lengths smaller than 128 bits. These ciphers are still available
and can be enabled by applications if required.
Change-Id: If2241dda67b624e5febf788efa1369f38c6b1dba
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |/
|
|
|
| |
Change-Id: Id689f199cfb22dce231cec36faba57ab958b1bac
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
|
| |
|
|
|
|
|
|
| |
Remove unused 'QT -= gui' and replace some others with
'QT = core ...'
Change-Id: I2d14fae963afc21dbd21a4acdbba2c30cdf8fa61
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
|
| |
|
|
|
|
| |
Task-number: QTBUG-29941
Change-Id: I28e71f952fcade6ab0aa76db71a1e2f408952830
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
| |
Task-number: QTBUG-29941
Change-Id: Iaf1c4834ef36db284464184639a1ab00928510cf
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |
|
|
|
|
| |
Task-number: QTBUG-29941
Change-Id: Ieca736c26711fa292855b3281229282628dce608
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
... but rather throw an error, so the HTTP layer can recover from a SSL
shutdown gracefully. In case the other side sent us a shutdown, we should
not send one as well, as it results in an error.
Change-Id: Ie7a56cf3008b6ead912aade18dbec67846e2a87e
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
configure
mkspecs/features/qt_module_headers.prf
mkspecs/features/qt_tool.prf
src/angle/angle.pro
src/tools/bootstrap/bootstrap.pro
tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp
Change-Id: Ide5759fe419a50f1c944211a48f7c66f662684e0
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The connection to qt-project.org seems to be the one that causes this
particular test case to fail.
Task-number: QTBUG-29941
Change-Id: Ie5e430646997e86e3acb04132cd90a1773a091da
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This starts Qt 5.1 release cycle
Conflicts:
src/gui/text/qfontdatabase.cpp
src/gui/text/qharfbuzz_copy_p.h
src/widgets/kernel/qapplication.cpp
src/widgets/kernel/qcoreapplication.cpp
Change-Id: I72fbf83ab3c2206aeea1b089428b0fc2a89bd62b
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add intermediate certificates to our server sockets, and to our client
certs.
Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba
Task-Number: QTBUG-19825
Task-Number: QTBUG-13281
Reviewed-by: Peter Hartmann <phartmann@rim.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of storing a single QSslCertificate for a the local cert, store
a list of them. This will allow us to handle server sockets that use a
certificate that is not issued directly from the CA root in future.
Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96
Reviewed-by: Peter Hartmann <phartmann@rim.com>
|
| | |\|
| | |
| | |
| | | |
refs/staging/dev
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
It's flakey and is blocking integration. Tracked in QTBUG-29730.
Change-Id: Ia5b8f952314bf2e1aa6dbb5c5c0a97e32e68d0f6
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@digia.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| | |
It is flakey and often blocks integration.
Task-number: QTBUG-29730
Change-Id: I8acfc243ec6a6782b7f7d78fc27827f3fdc1ce52
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
|
| |/
|
|
|
|
|
| |
Missing apostrophes
Change-Id: I3ef5e9d494fb7a37f8e6075f24cd3a274e572c23
Reviewed-by: Jerome Pasion <jerome.pasion@digia.com>
|
| |
|
|
|
| |
Change-Id: Ic804938fc352291d011800d21e549c10acac66fb
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
|
| |
|
|
|
|
|
|
| |
trolltech.com seems to be shut down already
Change-Id: Ic90ce01aeb51b6f154b9bbf4762c365a398c9e3d
Reviewed-by: Simo Fält <simo.falt@digia.com>
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
|
| |
|
|
|
|
|
|
| |
The QSslSocket one is both wrong and redundant as there is a
Q_DECLARE_METATYPE for it already.
Change-Id: I63d065abfb3d0e3d82a8b1f29a6752b7676db847
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
|
| |
|
|
|
| |
Change-Id: I2491cfe421a811d00759224da03580b3dcc2a091
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
| |
Change copyrights and license headers from Nokia to Digia
Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
|
| |
|
|
|
|
|
|
|
| |
Disable SSL compression by default since this appears to be the a likely
cause of the currently hyped CRIME attack.
Change-Id: I515fcc46f5199acf938e9e880a4345f2d405b2a3
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@rim.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add SslProtocol enums TlsV1_1 and TlsV1_2 and use the appropriate OpenSSL
methods when they're selected (TLSv1_1_client_method, TLSv1_2_client_method,
TLSv1_1_server_method and TLSv1_2_server_method). This allows us to
explicitly use TLS 1.1 or 1.2.
Task-number: QTBUG-26866
Change-Id: I159da548546fa746c20e9e96bc0e5b785e4e761b
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Qt 5.0 beta requires changing the default to the 5.0 API, disabling
the deprecated code. However, tests should test (and often do) the
compatibility API too, so turn it back on.
Task-number: QTBUG-25053
Change-Id: I8129c3ef3cb58541c95a32d083850d9e7f768927
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
Reviewed-by: Olivier Goffart <ogoffart@woboq.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the nullary version has the advantage that multiple calls
during a program run are much more efficient, since an inlined
atomic is used to store the result. It also ensures that
Q_DECLARE_METATYPE(T) has been used, whereas qRegisterMetaType<T>("T")
will happily register anything. So I've added the macro where it
was missing, or moved it to a central place when it existed
hidden.
In tst_qnetworkreply, this became a bit tricky, because a private
header is conditionally included, so moved the Q_DECLARE_METATYPE()
into a conditional section, too.
Change-Id: I71484523e4277f4697b7d4b2ddc3505375162727
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
|
| |
|
|
|
|
|
| |
Task-number: QTBUG-18173
Change-Id: Ie3a96d3a6f60995b8ba7823153778869d0c2dc58
Reviewed-by: Andy Shaw <andy.shaw@digia.com>
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@nokia.com>
|
| |
|
|
|
|
|
|
|
|
| |
Because SSL2 is disabled in ubuntu's openssl binaries, the SSL
connection is expected to succeed rather than fail when the server
side is using SSL3/TLS1.0.
Used the OPENSSL_NO_SSL2 macro to decide this.
Change-Id: I2c35aa5aa0c9432ae78000c81f70086bdc31843d
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although we created an enum for pause modes to make 5.x binary
compatible with 5.0, the enum value is not well named.
In 5.1, we propose to add PauseOnProxyAuthentication to the enum.
PauseOnNotify is not clear what it means, while PauseOnSslErrors is.
Any new notification in a minor release would need a new enum value
otherwise applications would get pauses they did not expect.
Task-number: QTBUG-19032
Change-Id: I4dbb7467663b37ca7f0551d24a31bc013968bedc
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
|
| |
|
|
|
|
|
|
|
|
| |
qVariantValue and qVariantCanConvert are Compatibility members, while in
Qt4.8 they are marked as Qt 3 Support Members.
qVariantFromValue and qVariantSetValue are Obsolete members.
Change-Id: Ie8505cad1e0950e40c6f6710fde9f6fb2ac670fd
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The test has a single stable failure on both of these platforms. Mark
the failure with QEXPECT_FAIL (that was already the case on Ubuntu
11.10) and re-enable the test.
Note also the elimination of duplicate bug numbers.
Task-number: QTBUG-24234
Change-Id: Ica11e7d1f3cd9487647127984fef7c75e0e764fe
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
| |
Switch on most of the tests (all but the bearer tests), marking the two
known failures as insignificant tests.
Change-Id: I17f228a938de1a23eddf897f494bfa4e54338dae
Reviewed-by: Sergio Ahumada <sergio.ahumada@nokia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Calling peek() for qsslsocket caused socket data to be copied into
qiodevices buffer and therefore make it unaccessible in qsslsocket.
Cherry picked form 4.8-branch & modified to Qt5 API changes
(int -> qintptr)
Original commits:
commit 621f18955082fc73471e75d1f8c35c2dcd4befeb
Author: Shane Kearns <ext-shane.2.kearns@nokia.com>
commit 68b1d5c17aa38d5921bdade2b0e0cb67c6c90513
Author: Kalle Viironen <kalle.viironen@digia.com>
Task-number: QTBUG-18498
Change-Id: I6be4b19baec2f3197537f5e7b61432040ec84ad2
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
QSharedPointer is about to become final.
Instead of inheriting from it to add implicit
conversions to and from QSslSocket*, make
QSslSocketPtr a typedef, and make the
conversions explicit.
Change-Id: I4eebb262ab5aef348f4d676f9e839325d4ed13da
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is unfortunately still "most of them", because of QTBUG-24451
however some of the unit tests are still possible to test stably.
Also skipped test cases which would hang forever due to QTBUG-24451.
Bearer tests are not run, because they pass when test machine has no
wireless LAN, but fail or hang if it does (QTBUG-24503)
Change-Id: Icf99d45707102d2ef9219ed0b5ad521605716219
Reviewed-by: Sergio Ahumada <sergio.ahumada@nokia.com>
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
|
| |
|
|
|
|
|
|
| |
Change the ifdefs in our own code (except openssl backend) to use the
new configure flag.
Change-Id: I8774734771c66b22164b5fae8fdb27814ac3df7b
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Marked two tests insignificant due to failures, these need to be
fixed later and then re-enabled:
- tst_qnetworkreply
- tst_qsslsocket
Task-number: QTBUG-24203
Change-Id: I9647833bf15fe5a340d7ef59e1dcb007a92677dc
Reviewed-by: Sergio Ahumada <sergio.ahumada@nokia.com>
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@nokia.com>
|
| |
|
|
|
|
|
|
|
| |
This file was removed in commit ba9302b8a9b6b50f37987261c1ade9af2ade2d3c.
Commit 8fad23f3261bdcf9bd0e11980ebfc3b00c2469c6 removed openssl.pri from
src/network/ssl/ssl.pri, but not from the qsslsocket autotest.
Change-Id: Ic1a576ee7f0ee3d68471121ba636b94ce7bae455
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
