From 33c9a1e0bcf9c7ced67d5ec62225d6295671d33b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= Date: Tue, 28 Jan 2020 14:47:36 +0100 Subject: Remove some usage of deprecated QSslCertificate::fromPath The changed function was added in September 2019 in 5.15 branch before the new overload was added and the old one was deprecated, so we can freely change it. Amends 1068d579ee848edf08db5ac611b292c76c30a39b Change-Id: Iff9d72c26ce557c28b188e1754daa03fd061d531 Reviewed-by: Timur Pocheptsov --- src/network/ssl/qsslconfiguration.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/network/ssl/qsslconfiguration.cpp') diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index a2e694ec92..d0674042b8 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -660,6 +660,8 @@ void QSslConfiguration::setCaCertificates(const QList &certific } /*! + \since 5.15 + Searches all files in the \a path for certificates encoded in the specified \a format and adds them to this socket's CA certificate database. \a path must be a file or a pattern matching one or more @@ -675,7 +677,7 @@ void QSslConfiguration::setCaCertificates(const QList &certific \sa addCaCertificate(), QSslCertificate::fromPath() */ bool QSslConfiguration::addCaCertificates(const QString &path, QSsl::EncodingFormat format, - QRegExp::PatternSyntax syntax) + QSslCertificate::PatternSyntax syntax) { QList certs = QSslCertificate::fromPath(path, format, syntax); if (certs.isEmpty()) -- cgit v1.2.3 From b36b7abb40f04f265c0453a2f4beb466ed462976 Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Mon, 27 Jan 2020 14:11:08 +0100 Subject: Implement/fix session resumption with TLS 1.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The session we cache at the end of a handshake is non-resumable in TLS 1.3, since NewSessionTicket message appears quite some time after the handshake was complete. OpenSSL has a callback where we can finally obtain a resumable session and inform an application about session ticket updated by emitting a signal. Truism: OpenSSL-only. [ChangeLog][QtNetwork] A new signal introduced to report when a valid session ticket received (TLS 1.3) Fixes: QTBUG-81591 Change-Id: I4d22fad5cc082e431577e20ddbda2835e864b511 Reviewed-by: MÃ¥rten Nordheim Reviewed-by: Timur Pocheptsov --- src/network/ssl/qsslconfiguration.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/network/ssl/qsslconfiguration.cpp') diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index d0674042b8..f5ce02807f 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -782,7 +782,7 @@ bool QSslConfiguration::testSslOption(QSsl::SslOption option) const knowledge of the session allows for eavesdropping on data encrypted with the session parameters. - \sa setSessionTicket(), QSsl::SslOptionDisableSessionPersistence, setSslOption() + \sa setSessionTicket(), QSsl::SslOptionDisableSessionPersistence, setSslOption(), QSslSocket::newSessionTicketReceived() */ QByteArray QSslConfiguration::sessionTicket() const { @@ -797,7 +797,7 @@ QByteArray QSslConfiguration::sessionTicket() const for this to work, and \a sessionTicket must be in ASN.1 format as returned by sessionTicket(). - \sa sessionTicket(), QSsl::SslOptionDisableSessionPersistence, setSslOption() + \sa sessionTicket(), QSsl::SslOptionDisableSessionPersistence, setSslOption(), QSslSocket::newSessionTicketReceived() */ void QSslConfiguration::setSessionTicket(const QByteArray &sessionTicket) { @@ -815,7 +815,7 @@ void QSslConfiguration::setSessionTicket(const QByteArray &sessionTicket) QSsl::SslOptionDisableSessionPersistence was not turned off, this function returns -1. - \sa sessionTicket(), QSsl::SslOptionDisableSessionPersistence, setSslOption() + \sa sessionTicket(), QSsl::SslOptionDisableSessionPersistence, setSslOption(), QSslSocket::newSessionTicketReceived() */ int QSslConfiguration::sessionTicketLifeTimeHint() const { -- cgit v1.2.3