| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Test was not really good to start with - it was assuming the presence of
particular ciphersuites. Furthermore, it was ignoring the fact that
TLS 1.2 and TLS 1.3 set ciphersuites differently in OpenSSL.
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106018
Task-number: QTBUG-95123
Change-Id: I6c8ba20154cdeb9275878462ab945729d6c82ecc
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL 3 by default disables TLS < 1.2 in the conf files. We're not
going to work against that, so we bump the version of TLS used.
Keep the client-side TLS 1.0 Or Later just to keep testing that this
part works.
Task-number: QTBUG-95123
Task-number: QTBUG-106018
Pick-to: 6.4 6.3 6.2 5.15
Change-Id: Ia6cb10495875de232d69a886832ae74c5f5ac15f
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial problem was in server not starting encryption, because
its certificate was rejected by OpenSSL (v3) saying 'weak md'.
After the certificate was replaced, we got another problem - due
to the fixed TLS v.1 protocol for both client and server - handshake
is interrupted early with 'tls v1 alert' and error message
saying about not found signature algorithms. Don't fix the protocol
version, use proper QSsl::SecureProtocols (default).
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106018
Task-number: QTBUG-95123
Change-Id: I0f22f5304f4405933ad511195bc61c640518e7d8
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The certificate was using SHA-1 for signing its certificate, which is
considered 'not good enough' by some TLS libraries.
Regenerate it with SHA-512 and a larger RSA key.
Also include the files needed to generate it.
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106018
Task-number: QTBUG-95123
Change-Id: I535e047d540e663c8cec334695196044173949fc
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL v3 by default sets SECLEVEL = 2 unless overridden in conf files.
SECLEVEL >= 1 means TLS <= 1.1 is disabled. Remove cases that were
previously expected to work. Arguably, we should not test deprecated
protocols at all, but the cases expecting a failure still work
and logically correct.
Task-number: QTBUG-95123
Task-number: QTBUG-106018
Pick-to: 6.4 6.3 6.2 5.15
Change-Id: Ifa59fa902b433338dbed7abf086cfdef9470384c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Otherwise, checks are useles in non-developer build.
Pick-to: 6.4 6.3 6.2
Fixes: QTBUG-106036
Change-Id: I41b6d8f250021ff9fa4981f9df9244c269ed2999
Reviewed-by: Oliver Wolff <oliver.wolff@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
With OpenSSL 3.0.5 we see X509_print giving us the text representation
not matching any of previous ones - mostly a question of spaces
and formatting. Let's add a proper version to compare against and
remove useless 0.9.8, 1.0.0, 1.0.1, - we don't support them anymore
and thus QSslCertificate::toText() will never give a match.
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106017
Change-Id: Ida11321c23e74c7313acc682237ab78408cf2803
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
leaf.p12 is using RC2 for encryption and it's disabled by default
in openssl v3.
Pick-to: 6.4 6.3 6.2 5.15
Fixes: QTBUG-106017
Change-Id: I4edd0d29506d1e50b2b618b6a00cceeb4b156204
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Because this version does not seem to like MD5 which old cert was using.
Fixes: QTBUG-106019
Pick-to: 6.4 6.3 6.2 5.15
Change-Id: Id354d1e32acb0528685b2788ee9c7326c43397bd
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
| |
|
|
|
|
|
|
| |
Guard the test that checks the deprecated protocol versions
Task-number: QTBUG-104858
Change-Id: I1b76e08d8fc985abf758bf86198fe3d33e5497d4
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
| |
Task-number: QTBUG-105718
Change-Id: I5d3ef70a31235868b9be6cb479b7621bf2a8ba39
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Otherwise new clients will not be handled when they try to connect
Amends 29a1fe72a0888eb1f22a5ae9fe1b3d87257f3246
Pick-to: 6.4
Change-Id: Ifff052d1bf27682df2782faa285a257c9b41d86f
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Not just the ones we added to the pending sockets list
Pick-to: 6.4
Change-Id: I0a0016fe39df7ca2fc3f0c4e4111195bc6d90198
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a client doesn't send any data then we would leave the socket open
for as long as it needed, wasting resources. Add timeouts to limit the
amount of time this can happen for.
Since there is a limit on number of sockets that the server will have
queued, having idle sockets stick around forever is a vector for ddos.
Pick-to: 6.4
Change-Id: Ida6251c92c625eeadf2065861b840b14255654b8
Reviewed-by: Ievgenii Meshcheriakov <ievgenii.meshcheriakov@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
SecureTransport ignores any content that comes in until it is large
enough to be a handshake. So a plaintext client may be left hanging
while it is waiting for a response.
Pick-to: 6.4
Change-Id: I501ae61d89d516765c7ba5f0d916d9246fde5d4d
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CMakeLists.txt and .cmake files of significant size
(more than 2 lines according to our check in tst_license.pl)
now have the copyright and license header.
Existing copyright statements remain intact
Task-number: QTBUG-88621
Change-Id: I3b98cdc55ead806ec81ce09af9271f9b95af97fa
Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
|
| |
|
|
|
| |
Change-Id: I9b7404e1d3a78fe0726ec0f5ce1461f6c209e90d
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
|
| |
|
|
|
|
|
|
| |
The certificate was updated recently and doesn't have the same
deprecated hash functions and small key size as the old one did.
Change-Id: I301ad50a96a30483b92a6e30f61e78e8d6b955ca
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Many algorithms (ciphers etc.) had become 'legacy' in OpenSSL v3,
meaning they are not available by default. Since we don't mess with
loading providers and don't load the 'legacy' one, we have to
skip tests involving such algorithms.
Pick-to: 6.4 6.3 6.2 5.15
Fixes: QTBUG-104232
Change-Id: Ieceabeb080e531aeb24f733cb8c83ad08a25049c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
| |
Pick-to: 6.4 6.3 6.2 5.15
Change-Id: I233ffee5b720c0554071c1d49d4fb861736b2e2a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Both QtWeSockets and QtHttpServer has a QSslServer class that is useful
elsewhere. They are different though, so the new class has features
from both versions.
[ChangeLog][QtNetwork] Unify QSslServer from QtWebSockets and QtHttpServer into QtNetwork
Task-number: QTBUG-100823
Change-Id: I523f04db39297ceb9b258f673eb12deecfc6886c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
| |
|
|
|
|
| |
Pick-to: 6.2 6.3
Change-Id: I7d37dd58eaede1bd0d1b53fe264b45be83cbca57
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the current license disclaimer in files by
a SPDX-License-Identifier.
Files that have to be modified by hand are modified.
License files are organized under LICENSES directory.
Task-number: QTBUG-67283
Change-Id: Id880c92784c40f3bbde861c0d93f58151c18b9f1
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TLS v1.0 and v1.1 enums are all deprecated since 6.3. At the same
time, the test requires their use, because none of the peers seeem to
implement TLS v1.2, yet (cf. e.g. QTQAINFRA-4499).
Fix by copying the relevant enum values into global variables and
using those. This is a selective way to deal with the issue. The use
of the enums is so widespread in the test that the alternative would
have been to globally suppress deprecation warnings, which, however,
may suppress warnings we may actually want to fix.
Pick-to: 6.3
Change-Id: I4186be72209527fc404f3ba0a5a15f9719c64698
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Most likely related to qemu network configuration which cannot be
modified. Reason is that in QNX there is tool which can be controlled
qemu configuration, and it does not provide options for more finer
grade network configuration.
Pick-to: 6.2 6.3
Task-number: QTBUG-101274
Change-Id: I660466e36252e902a2314fb3f4988c531cda9214
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
| |
Change-Id: Ibc6a948480a904913a5427e6408d4d296784fb4f
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At some point we decided to support a custom set of ciphersuites specified
by QSslConfiguration (which if you ask me was never a good idea). The law
of unforseen consequiences bit us again: since we now give a set of ciphesuites
to QSslConfiguration and set ciphesuites from the configuration a socket has,
we are limited by the ciphersuites we know about at the moment of 'coding'.
Meaning if an SDK was updated and CipherSuite.h later adds more ciphersuites,
we miss them and 'don't support them', while we ... actually do.
This patch tries to add some more ciphersuites introduced in TLS 1.3 (interesting,
SecureTransport does not support TLS 1.3, but TLS 1.3 suites can be used in TLS
1.2 session).
Pick-to: 6.2 6.3 5.15
Task-number: QTBUG-99368
Change-Id: I439b63845c4893e5621cffaf3bcaf62e2b643c74
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
The unversioned libcrypto.dylib that's shipped with macOS 10.15 will
result in a crash if loaded, with a message saying that the unversioned
library should not be loaded, as it doesn't provide a stable ABI.
Task-number: QTBUG-95249
Pick-to: 6.2 5.15
Change-Id: I49325e5d675155e90840cc93623549f725bc77b4
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove SRCDIR defines from tests that don't use them. There is a
standard define called QT_TESTCASE_SOURCEDIR that is available to all
tests and serves the same purpose.
Pick-to: 6.2
Change-Id: I2aa237739c011495e31641cca525dc0eeef3c870
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Helped quite a lot with OpenSSL 3 not accepting some old algorithms.
Pick-to: 6.2 6.1 5.15
Task-number: QTBUG-95123
Change-Id: If4894fa86eba7b002465fa661d436ae6ea751989
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
| |
And re-generate certificates.
Fixes: QTBUG-95429
Pick-to: 6.2 6.1 5.15 5.12
Change-Id: Id970a0a9315d146d6dd1e66c9cff9b7d75657e2d
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The QtTest best practices documentations recommends using output
mechanisms such as qDebug() and qWarning() for diagnostic messages,
and this is also what most of our own tests do.
The QWARN() macro and corresponding internal QTest::qWarn() function
was added when QtTest was first implemented, but was likely meant as
an internal implementation detail, like its cousin QTestLog::info(),
which does not have any corresponding macro.
This theory is backed by our own QtTest self-test (tst_silent)
describing the output from QWARN() as "an internal testlib warning".
The only difference between QWARN() and qWarning(), besides the much
richer feature set of the latter, is that qWarning() will not pass
on file and line number information in release mode, but QWARN() will.
This is an acceptable loss of functionality, considering that the user
can override this behavior by defining QT_MESSAGELOGCONTEXT.
[ChangeLog][QtTest] QWARN() has been deprecated in favor of qWarning()
Pick-to: 6.2
Change-Id: I5a2431ce48c47392244560dd520953b9fc735c85
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
- avoid calls to private and virtual functions, if the device is not
open;
- avoid repetitive checks in loops;
- add missing checks in readLine() overloads;
- remove check against unsuccessful resize().
Change-Id: I973d5931163b25db1c09c7c3b66f29ea90bb1b29
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
|
| |
|
|
|
|
|
|
|
|
| |
as a temporary fix for suddenly expired certificates situation (to
be regenerated).
Pick-to: 6.2 6.1 5.15
Task-number: QTBUG-95429
Change-Id: I00ad11cfd8824eeeffa2991dfcda6a7899726953
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
The server's socket may not have been created yet, so use the server's signal
instead.
Switch to QCOMPARE to get better output.
Delete the extra checking for schannel, we don't support Windows 8 anymore.
Pick-to: 6.2
Change-Id: Icd310c32939cb577c9f3438789f667aa0a3a4d85
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
| |
With MSVC it tries to link with the function in the scope qt::tst_QDtls::*
where it is not found
Pick-to: 6.2
Change-Id: If83a9f69c7b3834248569f6bdf203f5442693080
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
| |
For flush() it's not clear what they wanted to test.
isEncrypted() is tested indirectly in many of the other tests.
Change-Id: Id6dfecbb25b7bba8f1a99518fd9c9e06280aaa9f
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
| |
Pick-to: 6.2
Change-Id: I30409667395bbe568823b8697dded41067a8346c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
| |
It needs to be checked at runtime to know if the current backend
supports it
Pick-to: 6.2
Change-Id: I0998309149b109e2075a008b2b8d8115fa3688cc
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
With MSVC the current way we mark it (potentially) unused ends up with a
warning:
warning C4551: function call missing argument list
We require c++17 core language support so let's use [[maybe_unused]]
instead.
Pick-to: 6.2
Change-Id: I125986b729cb7cd540901702a47365f0491e7887
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
As per the best practice laid forth in RFC-8996.
TLS 1.2 was recommended from 2008 until TLS 1.3 was released in 2018.
[ChangeLog][QtNetwork][QSslSocket] TLS 1.0, 1.1 and DTLS 1.0 are now
deprecated, as recommended by RFC-8996.
Fixes: QTBUG-92880
Change-Id: I90cebcfb07cfce623af7ac9f2b66ce9d02586b54
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Since we're no longer connected, much less encrypted.
Was done in schannel backend, but not in ST or OpenSSL
Pick-to: 6.2
Change-Id: Ia49387be0088f899a0c89091f7e468dba1c0eee6
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
For auto-tests that were temporarily disabled. Similar to
network-settings.h, header-only stuff.
Fixes: QTBUG-92866
Fixes: QTBUG-92877
Change-Id: I15b5c0b41f0d8bfe59b09c844884ff6d99e6d41a
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Instead of relying on some string comparisons and the current knowledge
of which backend supports DTLS, use the proper API we already have in
place to test if a particular class is supported by the active backend.
Change-Id: I58ca0f7b7fcef68ec375cd64b83e51d4335817da
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
| |
Task-number: QTBUG-94186
Change-Id: I8c82f1fede8f9512f531f4ff17508b9e71ebf0b7
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible that Qt is built with OpenSSL and some other backend.
The ifdefs generated are not mutually exclusive anymore, as it was
in the past. So tests should rely on the actual backend they have
working at runtime.
In the process of fixing the auto-tests, modernized feature #if-ery and
some associated compilation issues.
Fixes: QTBUG-92875
Change-Id: I2be1b924d506fd36dc4e2c6c9158b5023ff87f32
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
| |
It was more complex than needed in a few places.
Change-Id: I0609423f82420f72c65637cf398ccd7694ee85e5
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
All backend-specific code is now separated and removed
from QSslSocket(Private) code. The original code is mostly
preserved to avoid (as much as possible) regressions (and
to simplify code-review).
Fixes: QTBUG-91173
Task-number: QTBUG-65922
Change-Id: I3ac4ba35d952162c8d6dc62d747cbd62dca0ef78
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 9391ba55149336c395b866b24dc9b844334d50da)
|
| |
|
|
|
|
|
|
|
|
| |
Renamed the private part of the namespace to QTlsPrivate.
Fixes: QTBUG-91531
Change-Id: Id2d9c458d8d958b35e437eee42889177dad0a7a7
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit e4efa00c72c7011f4e5c27722c2a522b30274610)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
