From 37d9e44cd010c9844b0dbe2b25f307eab15b3ea8 Mon Sep 17 00:00:00 2001
From: Timur Pocheptsov <timur.pocheptsov@qt.io>
Date: Fri, 12 Jun 2020 11:11:08 +0200
Subject: QSslConfiguration::setCiphers - introduce the overload taking QString
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We had such an overloaded version in QSslSocket, it was deprecated without
providing any alternative. Now this function has some use and may be
introduced in Qt6, as QSslConfiguration::setCiphers(const QString &).
Last but not the least - a useless and strange auto-test was removed
(it was creating a list of 5 QSslCiphers each with isNull() == true).
That's becasue '!MD5' or 'ALL' (for example) is not a cipher to be found
in supportedCiphers.

Change-Id: I47eb4c0faa9b52885e883751dd992cd9cb3d26fe
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
---
 .../code/src_network_ssl_qsslconfiguration.cpp     |  7 ++++++
 src/network/ssl/qsslconfiguration.cpp              | 27 ++++++++++++++++++++++
 src/network/ssl/qsslconfiguration.h                |  1 +
 .../auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 26 ++++++++++++++++++---
 4 files changed, 58 insertions(+), 3 deletions(-)

diff --git a/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp b/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp
index 5d90dde5ea..b857a57a63 100644
--- a/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp
+++ b/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp
@@ -53,3 +53,10 @@ QSslConfiguration config = sslSocket.sslConfiguration();
 config.setProtocol(QSsl::TlsV1_0);
 sslSocket.setSslConfiguration(config);
 //! [0]
+
+
+//! [1]
+QSslConfiguration tlsConfig = QSslConfiguration::defaultConfiguration();
+tlsConfig.setCiphers(QStringLiteral("DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA"));
+//! [1]
+
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index a38a998e7d..454b755f41 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -610,6 +610,33 @@ void QSslConfiguration::setCiphers(const QList<QSslCipher> &ciphers)
     d->ciphers = ciphers;
 }
 
+/*!
+    \since 6.0
+
+    Sets the cryptographic cipher suite for this configuration to \a ciphers,
+    which is a colon-separated list of cipher suite names. The ciphers are listed
+    in order of preference, starting with the most preferred cipher. For example:
+
+    \snippet code/src_network_ssl_qsslconfiguration.cpp 1
+
+    Each cipher name in \a ciphers must be the name of a cipher in the
+    list returned by supportedCiphers().  Restricting the cipher suite
+    must be done before the handshake phase, where the session cipher
+    is chosen.
+
+    \sa ciphers()
+*/
+void QSslConfiguration::setCiphers(const QString &ciphers)
+{
+    d->ciphers.clear();
+    const auto cipherNames = ciphers.split(QLatin1Char(':'), Qt::SkipEmptyParts);
+    for (const QString &cipherName : cipherNames) {
+        QSslCipher cipher(cipherName);
+        if (!cipher.isNull())
+            d->ciphers << cipher;
+    }
+}
+
 /*!
     \since 5.5
 
diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h
index 90a876b6c5..706ac5775f 100644
--- a/src/network/ssl/qsslconfiguration.h
+++ b/src/network/ssl/qsslconfiguration.h
@@ -125,6 +125,7 @@ public:
     // Cipher settings
     QList<QSslCipher> ciphers() const;
     void setCiphers(const QList<QSslCipher> &ciphers);
+    void setCiphers(const QString &ciphers);
     static QList<QSslCipher> supportedCiphers();
 
     // Certificate Authority (CA) settings
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index 97a01efdd3..864d8db008 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -804,10 +804,30 @@ void tst_QSslSocket::ciphers()
     socket.setSslConfiguration(sslConfig);
     QCOMPARE(socket.sslConfiguration().ciphers(), QSslConfiguration::defaultConfiguration().ciphers());
 
-    // Task 164356
-    sslConfig.setCiphers({QSslCipher("ALL"), QSslCipher("!ADH"), QSslCipher("!LOW"),
-                          QSslCipher("!EXP"), QSslCipher("!MD5"), QSslCipher("@STRENGTH")});
+    sslConfig = QSslConfiguration::defaultConfiguration();
+    QList<QSslCipher> ciphers;
+    QString ciphersAsString;
+    const auto &supported = sslConfig.supportedCiphers();
+    for (const auto &cipher : supported) {
+        if (cipher.isNull() || !cipher.name().length())
+            continue;
+        if (ciphers.size() > 0)
+            ciphersAsString += QStringLiteral(":");
+        ciphersAsString += cipher.name();
+        ciphers.append(cipher);
+        if (ciphers.size() == 3) // 3 should be enough.
+            break;
+    }
+
+    if (!ciphers.size())
+        QSKIP("No proper ciphersuite was found to test 'setCiphers'");
+
+    sslConfig.setCiphers(ciphersAsString);
+    socket.setSslConfiguration(sslConfig);
+    QCOMPARE(ciphers, socket.sslConfiguration().ciphers());
+    sslConfig.setCiphers(ciphers);
     socket.setSslConfiguration(sslConfig);
+    QCOMPARE(ciphers, socket.sslConfiguration().ciphers());
 }
 
 void tst_QSslSocket::connectToHostEncrypted()
-- 
cgit v1.2.3