| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
This makes non-OpenSSL backends able to handle to certificate
extensions.
This also converts the Q_OS_WINRT #ifdef's in the unit test to
QT_NO_OPENSSL as the behavior is the same for any non-OpenSSL
backend.
Change-Id: I6a8306dc5c97a659ec96063d5a59cee2ee9a63a9
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently the peerVerifyError test for QSslSocket makes an assumption
about the order in which SSL errors are emitted by peerVerifyError. This
assumption does not necessarily hold for non-OpenSSL backends.
This change fixes this assumption, and also checks that HostNameMismatch
was found both in the errors emitted by peerVerifyError and by sslErrors.
Change-Id: I856d1ea43b36332db0f178d35fc14a4bb18ad673
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
| |
Some of the QSslSocket tests use OpenSSL-specific symbols. This
change fixes this issue.
Change-Id: Ib67efa42a15facaf0ad34fc0466341a37d945d1e
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| |
|
|
|
|
|
|
|
| |
This adds support for reading and writing ASN.1 boolean
values. It also adds an operator to test two ASN.1 elements
for equality.
Change-Id: I4a22cbf9808533d593fc59d27b63caaf650b1f57
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
| |
This adds a test for a QSslCertificate containing extensions which
are marked as critical.
Change-Id: I314e1f5c9943bcad5d43129a97f9f834882dc6fb
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
This tightens tests performed on a certificate's extensions by checking
isCritical() and isSupported() for all extensions. It also explicitly
checks the keys when value() returns a QVariantMap.
Change-Id: If51c55be25bbcd09cc3a6712ddfea2bf9a01360f
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the infrastructure for reading and writing encrypted private keys
when using non-OpenSSL backends. Each platform must provide its cryptographic
encrypt / decrypt functions.
As WinRT already uses the common parser, this commit includes an
implementation for that platform.
Done-with: Andrew Knight <andrew.knight@digia.com>
Task-number: QTBUG-40688
Change-Id: I0d153425ce63601ff03b784a111e13962061025f
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
| |
This change adds the ability to decode ASN.1 INTEGER fields,
provided they represent a positive number of less than 64-bit.
This is needed for PKCS#12 decoding.
Change-Id: Iafb76f22383278d6773b9e879a8f3ef43c8d2c8f
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QSslKey currently has methods which supposedly allow decoding and
encoding private keys as DER protected by a passphrase. This is
broken by design as explained in QTBUG-41038, as storing the encrypted
DER data alone makes no sense: such a file lacks the necessary
information about the encryption algorithm and initialization vector.
This change:
- explicitly stops using the passphrase when decoding DER in the
constructor. The behavior is unchanged, it is not possible to
read the encrypted DER alone.
- refuses to honor the passphrase to DER encode a private key. The toDer
method now outputs an empty QByteArray instead of garbage.
Task-number: QTBUG-41038
Change-Id: I4281050cf1104f12d154db201a173633bfe22bd9
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
| |
This adds a test for 3DES encrypted keys in addition to the
current DES encrypted keys.
Change-Id: I229e3ef710e9ee23efa2a3275b89d958491de4a2
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
The native handle and import functions are now available for use in other
parts of the winrt backend.
Change-Id: I07e6f95b3411c3dc7c1a7a164544b18e5e435d01
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This internal implementation of QSslKey can be used when OpenSSL is not
available. Encrypted keys are not supported, as the cryptography must
be supplied by a separate library.
With this commit, WinRT is migrated to the new implementation,
but qsslkey_winrt.cpp is left in place so that the missing crypto
implementation can be added later. This also means most of the expected
failures for that platform can be removed from the autotest.
Change-Id: I24a3ad1053bb72311613b28b3ae845aa1645a321
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This changes tests which use QSslCertificate::handle() to determine
if a certificate is null to use QSslCertificate::isNull() instead.
This is required for non-OpenSSL backends which do not actually
expose a private handle.
Change-Id: I9523ba0dd00d47ba337b543ad34840125db99bfb
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| |
|
|
|
|
|
|
|
| |
This moves the socket backend's host name matching functions up to
QSslSocketPrivate so that they can be shared between backends. This
works, as there is no OpenSSL-specific code here.
Change-Id: I73c2081fdc2e60a44c90e90800d1e1877391a626
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This element can be used for backends that do not offer all the
information that is needed when implementing a ssl certificate backend.
WinRT and the SecureTransport lack functionality in this area for
example.
The sources and tests are added for ssl and openssl configurations in order
to be tested. The condition for adding these can be changed as soon
as they are used by an actual implementation
Change-Id: I2b836133105afdc178bf3b1ee7d732bea069effa
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows for opening of public key files. It does not, however,
support opening private keys (or decrypting/encrypting them). This is
due to limitations in the native API.
Nearly all public key tests pass (the native API doesn't support the
40-bit key in the test set). The private key tests are expected to fail.
Task-number: QTBUG-40688
Change-Id: Id8f2f1ae6526540736ceb2e5371f6a5d80c4ba7b
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
|
| |\
| |
| |
| |
| |
| |
| | |
Conflicts:
src/network/ssl/qsslsocket_openssl_symbols.cpp
Change-Id: Ic62419fa1fee5f4de6c372459d72e6e16f9a810b
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes high CPU load for upload devices that don't generate
a constant stream of data. Their readData() function was called all the
time without returning actual data.
This was noticed when implementing an upload device that emits data in
a limited way for bandwidth limiting.
[ChangeLog][QtNetwork][QNetworkAccessManager] Fixed high CPU load when handling
POST/upload QIODevice that generates data on readyRead().
Change-Id: Iefbcb1a21d8aedef1eb11761232dd16a049018dc
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/widgets/kernel/qwidget_qpa.cpp
src/widgets/widgets.pro
Change-Id: I697eec936c4e1a6c360edc8f0b472e23c0461ecb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
At the moment, there is no stream information in the cache file. This
can lead to a problem when current stream version differs from version
cache file written with.
As an example, if file written with Qt 5.1.1, QTimeDate in the metadata
stored as 13-bytes value, but Qt 5.2 and later can read additional 4
bytes which breaks following data, leading to network request just hangs
forever.
Adding stream version fixes this problem.
As cache format changed, cache version bumped.
Task-number: QTBUG-36219
Change-Id: I467d8c9fda82bcf9302192f51e7a00d2f6a9ff66
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
|
| |\|
| |
| |
| | |
Change-Id: Ia12ffdb27ecdf25c2a2bdb0eed1945387502108a
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Those intermediate certificates were used to issue "unauthorized"
certificates according to
http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html
, and are by default trusted on Windows, so to be safe we blacklist
them here.
Change-Id: I9891c5bee2dd82c22eb0f45e9b04abd25efeb596
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Store the file names in variables instead.
Task-number: QTBUG-38890
Change-Id: I65f28bb62674f14aa099e935a9d7a4e9e6e90ba9
Reviewed-by: Joerg Bornemann <joerg.bornemann@digia.com>
Reviewed-by: Shawn Rutledge <shawn.rutledge@digia.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/gui/accessible/qaccessiblecache_mac.mm
src/gui/accessible/qaccessiblecache_p.h
src/plugins/platforms/cocoa/qcocoaaccessibilityelement.h
src/plugins/platforms/cocoa/qcocoawindow.h
src/plugins/platforms/cocoa/qcocoawindow.mm
src/widgets/kernel/qwidget_qpa.cpp
Manually moved change in qwidget_qpa.cpp to qwidget.cpp
(cd07830e3b27da7e96a0a83f91ba08c168b45e62)
Change-Id: Ia51f471f9b53de2f3b07d77ea89db9303ac8961d
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The combination of these unstable tests makes it very
hard to get changes through the CI system due to the
unrelated test failures.
Skip the following test functions:
tst_QIODevice::unget QTBUG-39983 (Mac)
tst_QThreadPool:expiryTimeoutRace QTBUG-3786 (Windows)
tst_QLocalSocket::processConnection QTBUG-39986 (Mac)
tst_QTcpServer::adressReusable QTBUG-39985 (Linux)
Change-Id: I96559bea0d437fd25966b6ccac1ece1490e06241
Reviewed-by: David Faure <david.faure@kdab.com>
Reviewed-by: Shawn Rutledge <shawn.rutledge@digia.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/qnx-x86-qcc/qplatformdefs.h
src/corelib/global/qglobal.h
src/network/socket/qnativesocketengine_winrt.cpp
src/plugins/platforms/android/androidjniaccessibility.cpp
src/plugins/platforms/windows/qwindowswindow.cpp
Manually adjusted:
mkspecs/qnx-armle-v7-qcc/qplatformdefs.h
to include 9ce697f2d54be6d94381c72af28dda79cbc027d4
Thanks goes to Sergio for the qnx mkspecs adjustments.
Change-Id: I53b1fd6bc5bc884e5ee2c2b84975f58171a1cb8e
|
| | |
| |
| |
| |
| |
| |
| | |
No pthread_yield() in the Android NDK.
Change-Id: I5ff77c55f30c172ee7fefb1129bdf475b318449e
Reviewed-by: BogDan Vatra <bogdan@kde.org>
|
| | |
| |
| |
| |
| |
| |
| | |
The sockaddr_in struct is defined in netinet/in.h header.
Change-Id: I67a3421094c96a5e948968a26723ec8c21f85c93
Reviewed-by: BogDan Vatra <bogdan@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We were keeping a dangling pointer to a non-existent QIODevice around
which would lead to a crash.
Task-number: QTBUG-17400
Change-Id: Ie374cbb94bb45c9b0fbef46287b3317f60154123
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
| |
| |
| |
| | |
Change-Id: Ia0c5b29d6e02c9fda0b1da4a2779f1cbe9b1d747
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |\|
| |
| |
| | |
Change-Id: Ia36e93771066d8abcf8123dbe2362c5c9d9260fc
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
... because it fails on the new network test server. The Socks5 tests
in QUdpSocket have already been disabled by commit
aa3eaf9d2ec4927df51e7d773a66f68ec5e4fce9 .
Task-number: QTBUG-35490
Change-Id: Ib062adb422ff6e5538f14d15a266d79c3bb53956
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@digia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Recreating QCoreApplication could cause a crash in QNetworkAccessManager
constructor. That was caused by an invalid shutdown detection introduced
in f273d6fbc02055ff3999adc0df76360ca0670435.
Task-number: QTBUG-36897
Change-Id: Ib5bba773a2a4fcde690a3a93680aef551aae3a5b
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Discussed with Peter and agreed that it's a slightly better fit there.
Change-Id: If8db777336e2273670a23d75d8542b30c07e0d7b
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |\ \
| | |
| | |
| | | |
refs/staging/dev
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | | |
Manually changed enum to LibGL in
src/plugins/platforms/xcb/qglxintegration.cpp
Change-Id: If34ee6cce3d1d51fb4bb1fdfa59c30389ea0d207
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Change-Id: I92fa083665509932b75ff1037904a6f78a950fd6
Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Change-Id: Ife5b7206fd3d7af57cfca3c0f28f56bb53ede7a7
Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add support for loading certificates and keys from PKCS#12 bundles
(also known as pfx files).
Task-number: QTBUG-1565
[ChangeLog][QtNetwork][QSslSocket] Support for loading PKCS#12
bundles was added. These are often used to transport keys and
certificates conveniently, particularly when making use of
client certificates.
Change-Id: Idaeb2cb4dac4b19881a5c99c7c0a7eea00c2b207
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mkspecs/qnx-x86-qcc/qplatformdefs.h
src/corelib/global/qglobal.h
src/opengl/gl2paintengineex/qpaintengineex_opengl2.cpp
src/opengl/qgl.cpp
src/opengl/qglpixelbuffer.cpp
src/opengl/qglshaderprogram.cpp
tests/auto/opengl/qglthreads/tst_qglthreads.cpp
Change-Id: Iaba137884d3526a139000ca26fee02bb27b5cdb5
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
... because they are too unstable. We can check whether they are more
stable once the new network tests server is in place.
Task-number: QTBUG-38385
Change-Id: I5ced7cc1f89290812aa88f174a41965fd2ef7252
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
|
| | |
| |
| |
| |
| |
| | |
Change-Id: I2912dcca77270582f6e989b8b3fb72b82f6f70d6
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |/
|
|
|
| |
Change-Id: I382a017a0b865b849667301aff8b2f87b676ecc6
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Despite supporting DH and ECDH key exchange as a client, Qt did not provide
any default parameters which prevented them being used as a server. A
future change should allow the user to control the parameters used, but
these defaults should be okay for most users.
[ChangeLog][Important Behavior Changes] Support for DH and ECDH key exchange
cipher suites when acting as an SSL server has been made possible. This
change means the you can now implement servers that offer forward-secrecy
using Qt.
Task-number: QTBUG-20666
Change-Id: I469163900e4313da9d2d0c3e1e5e47ef46320b17
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |
|
|
|
|
|
|
|
|
| |
FAIL! : tst_QNetworkReply::ioPostToHttpUploadProgress() 'args.at(0).toLongLong() != sourceFile.size()' returned FALSE. ()
Task-number: QTBUG-37449
Task-number: QTBUG-24226
Change-Id: Idcc0ceac0332705b1e3a073d40fa8098bea2c9f3
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
... and not only one. This was a problem e.g. when there were several
requests to the same host and the host was not reachable; only one
reply would get an error signal in case we suppressed other errors in
"happy eyeballs" host lookup style.
Task-number: QTBUG-36890
Change-Id: I1b5757498bd644b0d773cf6c43e4950620949c5c
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
Output the SSL library version, output socket error string on connection
failure consistently, silence numerous warnings about QIODevice not
being open in tst_QSslSocket::constructing.
Change-Id: Ia23d42de5b2daca55b2f6f50af025d61e99c52a0
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |
|
|
|
|
|
|
|
| |
tested manually with internal proxy.
Patch-by: Jonathan Lauvernier <Jonathan.Lauvernier@gmail.com>
Change-Id: Ief5b4579b3444ce70eb99637edf771d37d3971fb
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |
|
|
|
|
|
| |
Task-number: QTBUG-37449
Change-Id: Ib3802ddd51b908a68d8c893ce49010aeeb117db8
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not close connection in slot bytesWritten() since that can
cause clients to fail with "Connection Closed". Instead, use
deleteLater() to close properly and prevent leaking the sockets.
FAIL! : tst_QNetworkReply::qtbug28035browserDoesNotLoadQtProjectOrgCorrectly() 'waitForFinish(reply) == Success' returned FALSE. ( QUrl( "http://localhost:58240" ) failed: # 2 "Connection closed" )
..\tst_qnetworkreply.cpp(7067) : failure location
Task-number: QTBUG-37449
Change-Id: Ib92cb62fae523370b2fb45e1ccfa217559732bc8
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Joerg Bornemann <joerg.bornemann@digia.com>
|
