From a149659c5c028d4049c60c4f9a30b481a79cfe08 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Fri, 29 Jun 2018 11:33:36 +0200 Subject: Provide access to QSslCertificate on OpenSSL free Windows builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The QSslCertificate class can parse and provide details about SSL certificates without a proper backend, this can for instance be used by QtWebEngine to provide metadata about certificates, even on Windows builds without OpenSSL, as QtWebEngine does not use Qt's SSL stack. Change-Id: Ib48f1ed7315c5bc66721ec87ee651d8372f07f71 Reviewed-by: Timur Pocheptsov Reviewed-by: MÃ¥rten Nordheim --- src/network/ssl/qsslcertificate.cpp | 12 +++++++++ src/network/ssl/qsslcertificate.h | 8 +++--- src/network/ssl/qsslcertificate_p.h | 4 +++ src/network/ssl/qsslcertificate_qt.cpp | 4 +++ src/network/ssl/qsslcertificateextension.h | 5 ---- src/network/ssl/ssl.pri | 41 ++++++++++++++++-------------- 6 files changed, 46 insertions(+), 28 deletions(-) diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 6433b84e80..135dc9f7a9 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -125,7 +125,9 @@ #include "qssl_p.h" #include "qsslcertificate.h" #include "qsslcertificate_p.h" +#ifndef QT_NO_SSL #include "qsslkey_p.h" +#endif #include #include @@ -142,8 +144,12 @@ QT_BEGIN_NAMESPACE QSslCertificate::QSslCertificate(QIODevice *device, QSsl::EncodingFormat format) : d(new QSslCertificatePrivate) { +#ifndef QT_NO_OPENSSL QSslSocketPrivate::ensureInitialized(); if (device && QSslSocket::supportsSsl()) +#else + if (device) +#endif d->init(device->readAll(), format); } @@ -156,8 +162,10 @@ QSslCertificate::QSslCertificate(QIODevice *device, QSsl::EncodingFormat format) QSslCertificate::QSslCertificate(const QByteArray &data, QSsl::EncodingFormat format) : d(new QSslCertificatePrivate) { +#ifndef QT_NO_OPENSSL QSslSocketPrivate::ensureInitialized(); if (QSslSocket::supportsSsl()) +#endif d->init(data, format); } @@ -557,6 +565,8 @@ QList QSslCertificate::fromData(const QByteArray &data, QSsl::E : QSslCertificatePrivate::certificatesFromDer(data); } +#ifndef QT_NO_SSL + /*! Verifies a certificate chain. The chain to be verified is passed in the \a certificateChain parameter. The first certificate in the list should @@ -600,6 +610,8 @@ bool QSslCertificate::importPkcs12(QIODevice *device, return QSslSocketBackendPrivate::importPkcs12(device, key, certificate, caCertificates, passPhrase); } +#endif + // These certificates are known to be fraudulent and were created during the comodo // compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html static const char *const certificate_blacklist[] = { diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h index 6cd66fd20f..553fb8884d 100644 --- a/src/network/ssl/qsslcertificate.h +++ b/src/network/ssl/qsslcertificate.h @@ -55,8 +55,6 @@ #include #include -#ifndef QT_NO_SSL - QT_BEGIN_NAMESPACE class QDateTime; @@ -131,7 +129,9 @@ public: QMultiMap subjectAlternativeNames() const; QDateTime effectiveDate() const; QDateTime expiryDate() const; +#ifndef QT_NO_SSL QSslKey publicKey() const; +#endif QList extensions() const; QByteArray toPem() const; @@ -146,6 +146,7 @@ public: static QList fromData( const QByteArray &data, QSsl::EncodingFormat format = QSsl::Pem); +#ifndef QT_NO_SSL #if QT_VERSION >= QT_VERSION_CHECK(6,0,0) static QList verify(const QList &certificateChain, const QString &hostName = QString()); #else @@ -156,6 +157,7 @@ public: QSslKey *key, QSslCertificate *cert, QList *caCertificates = nullptr, const QByteArray &passPhrase=QByteArray()); +#endif Qt::HANDLE handle() const; @@ -178,6 +180,4 @@ QT_END_NAMESPACE Q_DECLARE_METATYPE(QSslCertificate) -#endif // QT_NO_SSL - #endif diff --git a/src/network/ssl/qsslcertificate_p.h b/src/network/ssl/qsslcertificate_p.h index 0397845f8d..dfdceab502 100644 --- a/src/network/ssl/qsslcertificate_p.h +++ b/src/network/ssl/qsslcertificate_p.h @@ -55,7 +55,9 @@ // We mean it. // +#ifndef QT_NO_SSL #include "qsslsocket_p.h" +#endif #include "qsslcertificateextension.h" #include #include @@ -83,7 +85,9 @@ public: QSslCertificatePrivate() : null(true), x509(0) { +#ifndef QT_NO_SSL QSslSocketPrivate::ensureInitialized(); +#endif } ~QSslCertificatePrivate() diff --git a/src/network/ssl/qsslcertificate_qt.cpp b/src/network/ssl/qsslcertificate_qt.cpp index 1cc2b1f964..4efc477dc3 100644 --- a/src/network/ssl/qsslcertificate_qt.cpp +++ b/src/network/ssl/qsslcertificate_qt.cpp @@ -41,8 +41,10 @@ #include "qsslcertificate_p.h" #include "qssl_p.h" +#ifndef QT_NO_SSL #include "qsslkey.h" #include "qsslkey_p.h" +#endif #include "qsslcertificateextension.h" #include "qsslcertificateextension_p.h" #include "qasn1element_p.h" @@ -145,6 +147,7 @@ Qt::HANDLE QSslCertificate::handle() const } #endif +#ifndef QT_NO_SSL QSslKey QSslCertificate::publicKey() const { QSslKey key; @@ -155,6 +158,7 @@ QSslKey QSslCertificate::publicKey() const } return key; } +#endif QList QSslCertificate::extensions() const { diff --git a/src/network/ssl/qsslcertificateextension.h b/src/network/ssl/qsslcertificateextension.h index 2ce2112687..c2910e1707 100644 --- a/src/network/ssl/qsslcertificateextension.h +++ b/src/network/ssl/qsslcertificateextension.h @@ -48,9 +48,6 @@ QT_BEGIN_NAMESPACE - -#ifndef QT_NO_SSL - class QSslCertificateExtensionPrivate; class Q_NETWORK_EXPORT QSslCertificateExtension @@ -80,8 +77,6 @@ private: Q_DECLARE_SHARED(QSslCertificateExtension) -#endif // QT_NO_SSL - QT_END_NAMESPACE diff --git a/src/network/ssl/ssl.pri b/src/network/ssl/ssl.pri index 8919ec3819..6975264038 100644 --- a/src/network/ssl/ssl.pri +++ b/src/network/ssl/ssl.pri @@ -1,11 +1,22 @@ # OpenSSL support; compile in QSslSocket. + +HEADERS += ssl/qasn1element_p.h \ + ssl/qssl.h \ + ssl/qssl_p.h \ + ssl/qsslcertificate.h \ + ssl/qsslcertificate_p.h \ + ssl/qsslcertificateextension.h \ + ssl/qsslcertificateextension_p.h + +SOURCES += ssl/qasn1element.cpp \ + ssl/qssl.cpp \ + ssl/qsslcertificate.cpp \ + ssl/qsslcertificateextension.cpp + +!qtConfig(openssl): SOURCES += ssl/qsslcertificate_qt.cpp + qtConfig(ssl) { - HEADERS += ssl/qasn1element_p.h \ - ssl/qssl.h \ - ssl/qssl_p.h \ - ssl/qsslcertificate.h \ - ssl/qsslcertificate_p.h \ - ssl/qsslconfiguration.h \ + HEADERS += ssl/qsslconfiguration.h \ ssl/qsslconfiguration_p.h \ ssl/qsslcipher.h \ ssl/qsslcipher_p.h \ @@ -18,26 +29,19 @@ qtConfig(ssl) { ssl/qsslsocket.h \ ssl/qsslsocket_p.h \ ssl/qsslpresharedkeyauthenticator.h \ - ssl/qsslpresharedkeyauthenticator_p.h \ - ssl/qsslcertificateextension.h \ - ssl/qsslcertificateextension_p.h - SOURCES += ssl/qasn1element.cpp \ - ssl/qssl.cpp \ - ssl/qsslcertificate.cpp \ - ssl/qsslconfiguration.cpp \ + ssl/qsslpresharedkeyauthenticator_p.h + SOURCES += ssl/qsslconfiguration.cpp \ ssl/qsslcipher.cpp \ ssl/qssldiffiehellmanparameters.cpp \ ssl/qsslellipticcurve.cpp \ ssl/qsslkey_p.cpp \ ssl/qsslerror.cpp \ ssl/qsslsocket.cpp \ - ssl/qsslpresharedkeyauthenticator.cpp \ - ssl/qsslcertificateextension.cpp + ssl/qsslpresharedkeyauthenticator.cpp winrt { HEADERS += ssl/qsslsocket_winrt_p.h - SOURCES += ssl/qsslcertificate_qt.cpp \ - ssl/qsslcertificate_winrt.cpp \ + SOURCES += ssl/qsslcertificate_winrt.cpp \ ssl/qssldiffiehellmanparameters_dummy.cpp \ ssl/qsslkey_qt.cpp \ ssl/qsslkey_winrt.cpp \ @@ -47,8 +51,7 @@ qtConfig(ssl) { qtConfig(securetransport) { HEADERS += ssl/qsslsocket_mac_p.h - SOURCES += ssl/qsslcertificate_qt.cpp \ - ssl/qssldiffiehellmanparameters_dummy.cpp \ + SOURCES += ssl/qssldiffiehellmanparameters_dummy.cpp \ ssl/qsslkey_qt.cpp \ ssl/qsslkey_mac.cpp \ ssl/qsslsocket_mac_shared.cpp \ -- cgit v1.2.3