AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use categorized logging for ssl code

Browse Source 
Place all debug output into the 'qt.network.ssl' category.
This allows people to disable certain warnings at runtime.

Task-number: QTBUG-43173
Change-Id: Ide731fae3109f9cd7730cc096ee069a5b99d35f1
Reviewed-by: Richard J. Moore <rich@kde.org>
This commit is contained in:
Kai Koehne 2014-12-08 13:35:47 +01:00
parent 7d2357b0a8
commit f17d7a124f
13 changed files with 185 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/network/ssl/qssl.cpp
View File

@ -33,9 +33,12 @@
#include "qsslkey.h"
#include "qssl_p.h"
QT_BEGIN_NAMESPACE
Q_LOGGING_CATEGORY(lcSsl, "qt.network.ssl");
/*! \namespace QSsl
\brief The QSsl namespace declares enums common to all SSL classes in Qt Network.

58
src/network/ssl/qssl_p.h Normal file
View File

@ -0,0 +1,58 @@
/****************************************************************************
**
** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
** Contact: http://www.qt-project.org/legal
**
** This file is part of the QtNetwork module of the Qt Toolkit.
**
** $QT_BEGIN_LICENSE:LGPL21$
** Commercial License Usage
** Licensees holding valid commercial Qt licenses may use this file in
** accordance with the commercial license agreement provided with the
** Software or, alternatively, in accordance with the terms contained in
** a written agreement between you and Digia. For licensing terms and
** conditions see http://qt.digia.com/licensing. For further information
** use the contact form at http://qt.digia.com/contact-us.
**
** GNU Lesser General Public License Usage
** Alternatively, this file may be used under the terms of the GNU Lesser
** General Public License version 2.1 or version 3 as published by the Free
** Software Foundation and appearing in the file LICENSE.LGPLv21 and
** LICENSE.LGPLv3 included in the packaging of this file. Please review the
** following information to ensure the GNU Lesser General Public License
** requirements will be met: https://www.gnu.org/licenses/lgpl.html and
** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
**
** In addition, as a special exception, Digia gives you certain additional
** rights. These rights are described in the Digia Qt LGPL Exception
** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
**
** $QT_END_LICENSE$
**
****************************************************************************/
#ifndef QSSL_P_H
#define QSSL_P_H
//
// W A R N I N G
// -------------
//
// This file is not part of the Qt API. It exists for the convenience
// of qsslcertificate.cpp. This header file may change from version to version
// without notice, or even be removed.
//
// We mean it.
//
#include <QtCore/QLoggingCategory>
QT_BEGIN_NAMESPACE
Q_DECLARE_LOGGING_CATEGORY(lcSsl)
QT_END_NAMESPACE
#endif // QSSL_P_H

3
src/network/ssl/qsslcertificate.cpp
View File

@ -112,6 +112,7 @@
#include "qsslsocket_winrt_p.h"
#endif
#include "qssl_p.h"
#include "qsslcertificate.h"
#include "qsslcertificate_p.h"
#include "qsslkey_p.h"
@ -524,7 +525,7 @@ QList<QSslCertificate> QSslCertificate::fromPath(const QString &path,
QList<QSslCertificate> QSslCertificate::fromDevice(QIODevice *device, QSsl::EncodingFormat format)
{
if (!device) {
qWarning("QSslCertificate::fromDevice: cannot read from a null device");
qCWarning(lcSsl, "QSslCertificate::fromDevice: cannot read from a null device");
return QList<QSslCertificate>();
}
return fromData(device->readAll(), format);

9
src/network/ssl/qsslcertificate_openssl.cpp
View File

@ -39,6 +39,7 @@
**
****************************************************************************/
#include "qssl_p.h"
#include "qsslsocket_openssl_symbols_p.h"
#include "qsslcertificate_p.h"
#include "qsslkey_p.h"
@ -303,7 +304,7 @@ static QVariant x509UnknownExtensionToValue(X509_EXTENSION *ext)
else
return list;
} else if (meth->i2s && ext_internal) {
//qDebug() << meth->i2s(meth, ext_internal);
//qCDebug(lcSsl) << meth->i2s(meth, ext_internal);
QVariant result(QString::fromUtf8(meth->i2s(meth, ext_internal)));
return result;
} else if (meth->i2r && ext_internal) {
@ -371,7 +372,7 @@ static QVariant x509ExtensionToValue(X509_EXTENSION *ext)
result[QString::fromUtf8(QSslCertificatePrivate::asn1ObjectName(ad->method))] = uri;
} else {
qWarning() << "Strange location type" << name->type;
qCWarning(lcSsl) << "Strange location type" << name->type;
}
}
@ -516,7 +517,7 @@ void QSslCertificatePrivate::init(const QByteArray &data, QSsl::EncodingFormat f
QByteArray QSslCertificatePrivate::QByteArray_from_X509(X509 *x509, QSsl::EncodingFormat format)
{
if (!x509) {
qWarning("QSslSocketBackendPrivate::X509_to_QByteArray: null X509");
qCWarning(lcSsl, "QSslSocketBackendPrivate::X509_to_QByteArray: null X509");
return QByteArray();
}
@ -551,7 +552,7 @@ QByteArray QSslCertificatePrivate::QByteArray_from_X509(X509 *x509, QSsl::Encodi
QString QSslCertificatePrivate::text_from_X509(X509 *x509)
{
if (!x509) {
qWarning("QSslSocketBackendPrivate::text_from_X509: null X509");
qCWarning(lcSsl, "QSslSocketBackendPrivate::text_from_X509: null X509");
return QString();
}

7
src/network/ssl/qsslcertificate_qt.cpp
View File

@ -40,7 +40,7 @@
****************************************************************************/
#include "qssl_p.h"
#include "qsslcertificate.h"
#include "qsslcertificate_p.h"
#include "qsslkey.h"
@ -83,8 +83,9 @@ bool QSslCertificate::isSelfSigned() const
if (d->null)
return false;
qWarning("QSslCertificate::isSelfSigned: This function does not check, whether the certificate "
"is actually signed. It just checks whether issuer and subject are identical");
qCWarning(lcSsl,
"QSslCertificate::isSelfSigned: This function does not check, whether the certificate "
"is actually signed. It just checks whether issuer and subject are identical");
return d->subjectMatchesIssuer;
}

4
src/network/ssl/qsslconfiguration.cpp
View File

@ -32,6 +32,7 @@
**
****************************************************************************/
#include "qssl_p.h"
#include "qsslconfiguration.h"
#include "qsslconfiguration_p.h"
#include "qsslsocket.h"
@ -341,7 +342,8 @@ int QSslConfiguration::peerVerifyDepth() const
void QSslConfiguration::setPeerVerifyDepth(int depth)
{
if (depth < 0) {
qWarning("QSslConfiguration::setPeerVerifyDepth: cannot set negative depth of %d", depth);
qCWarning(lcSsl,
"QSslConfiguration::setPeerVerifyDepth: cannot set negative depth of %d", depth);
return;
}
d->peerVerifyDepth = depth;

11
src/network/ssl/qsslcontext_openssl.cpp
View File

@ -36,6 +36,7 @@
#include <QtNetwork/qsslsocket.h>
#include <QtCore/qmutex.h>
#include "private/qssl_p.h"
#include "private/qsslcontext_openssl_p.h"
#include "private/qsslsocket_p.h"
#include "private/qsslsocket_openssl_p.h"
@ -357,7 +358,7 @@ static int next_proto_cb(SSL *, unsigned char **out, unsigned char *outlen,
ctx->status = QSslConfiguration::NextProtocolNegotiationUnsupported;
break;
default:
qWarning("OpenSSL sent unknown NPN status");
qCWarning(lcSsl, "OpenSSL sent unknown NPN status");
}
return SSL_TLSEXT_ERR_OK;
@ -384,7 +385,7 @@ SSL* QSslContext::createSsl()
if (session) {
// Try to resume the last session we cached
if (!q_SSL_set_session(ssl, session)) {
qWarning("could not set SSL session");
qCWarning(lcSsl, "could not set SSL session");
q_SSL_SESSION_free(session);
session = 0;
}
@ -396,8 +397,8 @@ SSL* QSslContext::createSsl()
m_supportedNPNVersions.clear();
for (int a = 0; a < protocols.count(); ++a) {
if (protocols.at(a).size() > 255) {
qWarning() << "TLS NPN extension" << protocols.at(a)
<< "is too long and will be truncated to 255 characters.";
qCWarning(lcSsl) << "TLS NPN extension" << protocols.at(a)
<< "is too long and will be truncated to 255 characters.";
protocols[a] = protocols.at(a).left(255);
}
m_supportedNPNVersions.append(protocols.at(a).size()).append(protocols.at(a));
@ -433,7 +434,7 @@ bool QSslContext::cacheSession(SSL* ssl)
m_sessionASN1.resize(sessionSize);
unsigned char *data = reinterpret_cast<unsigned char *>(m_sessionASN1.data());
if (!q_i2d_SSL_SESSION(session, &data))
qWarning("could not store persistent version of SSL session");
qCWarning(lcSsl, "could not store persistent version of SSL session");
m_sessionTicketLifeTimeHint = session->tlsext_tick_lifetime_hint;
}
}

3
src/network/ssl/qsslkey_winrt.cpp
View File

@ -39,6 +39,7 @@
**
****************************************************************************/
#include "qssl_p.h"
#include "qsslkey.h"
#include "qsslkey_p.h"
#include "qsslcertificate_p.h"
@ -144,7 +145,7 @@ static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, QByteArray data, const
if (padding > 0 && padding <= blockLength)
resultLength -= padding;
else
qWarning("Invalid padding length of %u; decryption likely failed.", padding);
qCWarning(lcSsl, "Invalid padding length of %u; decryption likely failed.", padding);
}
return QByteArray(reinterpret_cast<const char *>(resultData), resultLength);

73
src/network/ssl/qsslsocket.cpp
View File

@ -281,6 +281,7 @@
\sa peerVerifyError()
*/
#include "qssl_p.h"
#include "qsslsocket.h"
#include "qsslcipher.h"
#ifndef QT_NO_OPENSSL
@ -334,7 +335,7 @@ QSslSocket::QSslSocket(QObject *parent)
{
Q_D(QSslSocket);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::QSslSocket(" << parent << "), this =" << (void *)this;
qCDebug(lcSsl) << "QSslSocket::QSslSocket(" << parent << "), this =" << (void *)this;
#endif
d->q_ptr = this;
d->init();
@ -347,7 +348,7 @@ QSslSocket::~QSslSocket()
{
Q_D(QSslSocket);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::~QSslSocket(), this =" << (void *)this;
qCDebug(lcSsl) << "QSslSocket::~QSslSocket(), this =" << (void *)this;
#endif
delete d->plainSocket;
d->plainSocket = 0;
@ -416,7 +417,8 @@ void QSslSocket::connectToHostEncrypted(const QString &hostName, quint16 port, O
{
Q_D(QSslSocket);
if (d->state == ConnectedState || d->state == ConnectingState) {
qWarning("QSslSocket::connectToHostEncrypted() called when already connecting/connected");
qCWarning(lcSsl,
"QSslSocket::connectToHostEncrypted() called when already connecting/connected");
return;
}
@ -446,7 +448,8 @@ void QSslSocket::connectToHostEncrypted(const QString &hostName, quint16 port,
{
Q_D(QSslSocket);
if (d->state == ConnectedState || d->state == ConnectingState) {
qWarning("QSslSocket::connectToHostEncrypted() called when already connecting/connected");
qCWarning(lcSsl,
"QSslSocket::connectToHostEncrypted() called when already connecting/connected");
return;
}
@ -476,7 +479,7 @@ bool QSslSocket::setSocketDescriptor(qintptr socketDescriptor, SocketState state
{
Q_D(QSslSocket);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::setSocketDescriptor(" << socketDescriptor << ','
qCDebug(lcSsl) << "QSslSocket::setSocketDescriptor(" << socketDescriptor << ','
<< state << ',' << openMode << ')';
#endif
if (!d->plainSocket)
@ -660,7 +663,7 @@ void QSslSocket::setPeerVerifyDepth(int depth)
{
Q_D(QSslSocket);
if (depth < 0) {
qWarning("QSslSocket::setPeerVerifyDepth: cannot set negative depth of %d", depth);
qCWarning(lcSsl, "QSslSocket::setPeerVerifyDepth: cannot set negative depth of %d", depth);
return;
}
d->configuration.peerVerifyDepth = depth;
@ -771,7 +774,7 @@ bool QSslSocket::canReadLine() const
void QSslSocket::close()
{
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::close()";
qCDebug(lcSsl) << "QSslSocket::close()";
#endif
Q_D(QSslSocket);
if (encryptedBytesToWrite())
@ -815,7 +818,7 @@ bool QSslSocket::flush()
{
Q_D(QSslSocket);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::flush()";
qCDebug(lcSsl) << "QSslSocket::flush()";
#endif
if (d->mode != UnencryptedMode)
// encrypt any unencrypted bytes in our buffer
@ -849,7 +852,7 @@ void QSslSocket::abort()
{
Q_D(QSslSocket);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::abort()";
qCDebug(lcSsl) << "QSslSocket::abort()";
#endif
if (d->plainSocket)
d->plainSocket->abort();
@ -1605,7 +1608,7 @@ bool QSslSocket::waitForDisconnected(int msecs)
// require calling connectToHost() before waitForDisconnected()
if (state() == UnconnectedState) {
qWarning("QSslSocket::waitForDisconnected() is not allowed in UnconnectedState");
qCWarning(lcSsl, "QSslSocket::waitForDisconnected() is not allowed in UnconnectedState");
return false;
}
@ -1721,15 +1724,17 @@ void QSslSocket::startClientEncryption()
{
Q_D(QSslSocket);
if (d->mode != UnencryptedMode) {
qWarning("QSslSocket::startClientEncryption: cannot start handshake on non-plain connection");
qCWarning(lcSsl,
"QSslSocket::startClientEncryption: cannot start handshake on non-plain connection");
return;
}
if (state() != ConnectedState) {
qWarning("QSslSocket::startClientEncryption: cannot start handshake when not connected");
qCWarning(lcSsl,
"QSslSocket::startClientEncryption: cannot start handshake when not connected");
return;
}
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::startClientEncryption()";
qCDebug(lcSsl) << "QSslSocket::startClientEncryption()";
#endif
d->mode = SslClientMode;
emit modeChanged(d->mode);
@ -1760,11 +1765,11 @@ void QSslSocket::startServerEncryption()
{
Q_D(QSslSocket);
if (d->mode != UnencryptedMode) {
qWarning("QSslSocket::startServerEncryption: cannot start handshake on non-plain connection");
qCWarning(lcSsl, "QSslSocket::startServerEncryption: cannot start handshake on non-plain connection");
return;
}
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::startServerEncryption()";
qCDebug(lcSsl) << "QSslSocket::startServerEncryption()";
#endif
d->mode = SslServerMode;
emit modeChanged(d->mode);
@ -1841,12 +1846,12 @@ void QSslSocket::connectToHost(const QString &hostName, quint16 port, OpenMode o
d->initialized = false;
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::connectToHost("
qCDebug(lcSsl) << "QSslSocket::connectToHost("
<< hostName << ',' << port << ',' << openMode << ')';
#endif
if (!d->plainSocket) {
#ifdef QSSLSOCKET_DEBUG
qDebug() << "\tcreating internal plain socket";
qCDebug(lcSsl) << "\tcreating internal plain socket";
#endif
d->createPlainSocket(openMode);
}
@ -1865,7 +1870,7 @@ void QSslSocket::disconnectFromHost()
{
Q_D(QSslSocket);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::disconnectFromHost()";
qCDebug(lcSsl) << "QSslSocket::disconnectFromHost()";
#endif
if (!d->plainSocket)
return;
@ -1909,7 +1914,7 @@ qint64 QSslSocket::readData(char *data, qint64 maxlen)
if (d->mode == UnencryptedMode && !d->autoStartHandshake) {
readBytes = d->plainSocket->read(data, maxlen);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::readData(" << (void *)data << ',' << maxlen << ") =="
qCDebug(lcSsl) << "QSslSocket::readData(" << (void *)data << ',' << maxlen << ") =="
<< readBytes;
#endif
} else {
@ -1928,7 +1933,7 @@ qint64 QSslSocket::writeData(const char *data, qint64 len)
{
Q_D(QSslSocket);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::writeData(" << (void *)data << ',' << len << ')';
qCDebug(lcSsl) << "QSslSocket::writeData(" << (void *)data << ',' << len << ')';
#endif
if (d->mode == UnencryptedMode && !d->autoStartHandshake)
return d->plainSocket->write(data, len);
@ -2231,10 +2236,10 @@ void QSslSocketPrivate::_q_connectedSlot()
cachedSocketDescriptor = plainSocket->socketDescriptor();
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::_q_connectedSlot()";
qDebug() << "\tstate =" << q->state();
qDebug() << "\tpeer =" << q->peerName() << q->peerAddress() << q->peerPort();
qDebug() << "\tlocal =" << QHostInfo::fromName(q->localAddress().toString()).hostName()
qCDebug(lcSsl) << "QSslSocket::_q_connectedSlot()";
qCDebug(lcSsl) << "\tstate =" << q->state();
qCDebug(lcSsl) << "\tpeer =" << q->peerName() << q->peerAddress() << q->peerPort();
qCDebug(lcSsl) << "\tlocal =" << QHostInfo::fromName(q->localAddress().toString()).hostName()
<< q->localAddress() << q->localPort();
#endif
@ -2256,8 +2261,8 @@ void QSslSocketPrivate::_q_hostFoundSlot()
{
Q_Q(QSslSocket);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::_q_hostFoundSlot()";
qDebug() << "\tstate =" << q->state();
qCDebug(lcSsl) << "QSslSocket::_q_hostFoundSlot()";
qCDebug(lcSsl) << "\tstate =" << q->state();
#endif
emit q->hostFound();
}
@ -2269,8 +2274,8 @@ void QSslSocketPrivate::_q_disconnectedSlot()
{
Q_Q(QSslSocket);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::_q_disconnectedSlot()";
qDebug() << "\tstate =" << q->state();
qCDebug(lcSsl) << "QSslSocket::_q_disconnectedSlot()";
qCDebug(lcSsl) << "\tstate =" << q->state();
#endif
disconnected();
emit q->disconnected();
@ -2283,7 +2288,7 @@ void QSslSocketPrivate::_q_stateChangedSlot(QAbstractSocket::SocketState state)
{
Q_Q(QSslSocket);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::_q_stateChangedSlot(" << state << ')';
qCDebug(lcSsl) << "QSslSocket::_q_stateChangedSlot(" << state << ')';
#endif
q->setSocketState(state);
emit q->stateChanged(state);
@ -2296,9 +2301,9 @@ void QSslSocketPrivate::_q_errorSlot(QAbstractSocket::SocketError error)
{
Q_Q(QSslSocket);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::_q_errorSlot(" << error << ')';
qDebug() << "\tstate =" << q->state();
qDebug() << "\terrorString =" << q->errorString();
qCDebug(lcSsl) << "QSslSocket::_q_errorSlot(" << error << ')';
qCDebug(lcSsl) << "\tstate =" << q->state();
qCDebug(lcSsl) << "\terrorString =" << q->errorString();
#endif
q->setSocketError(plainSocket->error());
q->setErrorString(plainSocket->errorString());
@ -2312,7 +2317,7 @@ void QSslSocketPrivate::_q_readyReadSlot()
{
Q_Q(QSslSocket);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::_q_readyReadSlot() -" << plainSocket->bytesAvailable() << "bytes available";
qCDebug(lcSsl) << "QSslSocket::_q_readyReadSlot() -" << plainSocket->bytesAvailable() << "bytes available";
#endif
if (mode == QSslSocket::UnencryptedMode) {
if (readyReadEmittedPointer)
@ -2331,7 +2336,7 @@ void QSslSocketPrivate::_q_bytesWrittenSlot(qint64 written)
{
Q_Q(QSslSocket);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocket::_q_bytesWrittenSlot(" << written << ')';
qCDebug(lcSsl) << "QSslSocket::_q_bytesWrittenSlot(" << written << ')';
#endif
if (mode == QSslSocket::UnencryptedMode)

91
src/network/ssl/qsslsocket_openssl.cpp
View File

@ -49,6 +49,7 @@
//#define QSSLSOCKET_DEBUG
//#define QT_DECRYPT_SSL_TRAFFIC
#include "qssl_p.h"
#include "qsslsocket_openssl_p.h"
#include "qsslsocket_openssl_symbols_p.h"
#include "qsslsocket.h"
@ -250,24 +251,24 @@ int q_X509Callback(int ok, X509_STORE_CTX *ctx)
// Store the error and at which depth the error was detected.
_q_sslErrorList()->errors << qMakePair<int, int>(q_X509_STORE_CTX_get_error(ctx), q_X509_STORE_CTX_get_error_depth(ctx));
#ifdef QSSLSOCKET_DEBUG
qDebug() << "verification error: dumping bad certificate";
qDebug() << QSslCertificatePrivate::QSslCertificate_from_X509(q_X509_STORE_CTX_get_current_cert(ctx)).toPem();
qDebug() << "dumping chain";
qCDebug(lcSsl) << "verification error: dumping bad certificate";
qCDebug(lcSsl) << QSslCertificatePrivate::QSslCertificate_from_X509(q_X509_STORE_CTX_get_current_cert(ctx)).toPem();
qCDebug(lcSsl) << "dumping chain";
foreach (QSslCertificate cert, QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(q_X509_STORE_CTX_get_chain(ctx))) {
QString certFormat(QStringLiteral("O=%1 CN=%2 L=%3 OU=%4 C=%5 ST=%6"));
qDebug() << "Issuer:" << "O=" << cert.issuerInfo(QSslCertificate::Organization)
qCDebug(lcSsl) << "Issuer:" << "O=" << cert.issuerInfo(QSslCertificate::Organization)
<< "CN=" << cert.issuerInfo(QSslCertificate::CommonName)
<< "L=" << cert.issuerInfo(QSslCertificate::LocalityName)
<< "OU=" << cert.issuerInfo(QSslCertificate::OrganizationalUnitName)
<< "C=" << cert.issuerInfo(QSslCertificate::CountryName)
<< "ST=" << cert.issuerInfo(QSslCertificate::StateOrProvinceName);
qDebug() << "Subject:" << "O=" << cert.subjectInfo(QSslCertificate::Organization)
qCDebug(lcSsl) << "Subject:" << "O=" << cert.subjectInfo(QSslCertificate::Organization)
<< "CN=" << cert.subjectInfo(QSslCertificate::CommonName)
<< "L=" << cert.subjectInfo(QSslCertificate::LocalityName)
<< "OU=" << cert.subjectInfo(QSslCertificate::OrganizationalUnitName)
<< "C=" << cert.subjectInfo(QSslCertificate::CountryName)
<< "ST=" << cert.subjectInfo(QSslCertificate::StateOrProvinceName);
qDebug() << "Valid:" << cert.effectiveDate() << "-" << cert.expiryDate();
qCDebug(lcSsl) << "Valid:" << cert.effectiveDate() << "-" << cert.expiryDate();
}
#endif
}
@ -361,7 +362,7 @@ bool QSslSocketBackendPrivate::initSslContext()
&& !QHostAddress().setAddress(tlsHostName)
&& !(configuration.sslOptions & QSsl::SslOptionDisableServerNameIndication)) {
if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.data()))
qWarning("could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled");
qCWarning(lcSsl, "could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled");
}
}
#endif
@ -487,16 +488,16 @@ void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
if (securityLib.load()) {
ptrSecCertificateCopyData = (PtrSecCertificateCopyData) securityLib.resolve("SecCertificateCopyData");
if (!ptrSecCertificateCopyData)
qWarning("could not resolve symbols in security library"); // should never happen
qCWarning(lcSsl, "could not resolve symbols in security library"); // should never happen
ptrSecTrustSettingsCopyCertificates = (PtrSecTrustSettingsCopyCertificates) securityLib.resolve("SecTrustSettingsCopyCertificates");
if (!ptrSecTrustSettingsCopyCertificates) { // method was introduced in Leopard, use legacy method if it's not there
ptrSecTrustCopyAnchorCertificates = (PtrSecTrustCopyAnchorCertificates) securityLib.resolve("SecTrustCopyAnchorCertificates");
if (!ptrSecTrustCopyAnchorCertificates)
qWarning("could not resolve symbols in security library"); // should never happen
qCWarning(lcSsl, "could not resolve symbols in security library"); // should never happen
}
} else {
qWarning("could not load security library");
qCWarning(lcSsl, "could not load security library");
}
#elif defined(Q_OS_WIN)
HINSTANCE hLib = LoadLibraryW(L"Crypt32");
@ -511,9 +512,9 @@ void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore");
#endif
if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore)
qWarning("could not resolve symbols in crypt32 library"); // should never happen
qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen
} else {
qWarning("could not load crypt32 library"); // should never happen
qCWarning(lcSsl, "could not load crypt32 library"); // should never happen
}
#elif defined(Q_OS_QNX)
s_loadRootCertsOnDemand = true;
@ -657,7 +658,7 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
data = ptrSecCertificateCopyData(cfCert);
if (data == NULL) {
qWarning("error retrieving a CA certificate from the system store");
qCWarning(lcSsl, "error retrieving a CA certificate from the system store");
} else {
QByteArray rawCert = QByteArray::fromRawData((const char *)CFDataGetBytePtr(data), CFDataGetLength(data));
systemCerts.append(QSslCertificate::fromData(rawCert, QSsl::Der));
@ -668,7 +669,7 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
}
else {
// no detailed error handling here
qWarning("could not retrieve system CA certificates");
qCWarning(lcSsl, "could not retrieve system CA certificates");
}
}
#elif defined(Q_OS_WIN)
@ -742,8 +743,8 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
}
#endif
#ifdef QSSLSOCKET_DEBUG
qDebug() << "systemCaCertificates retrieval time " << timer.elapsed() << "ms";
qDebug() << "imported " << systemCerts.count() << " certificates";
qCDebug(lcSsl) << "systemCaCertificates retrieval time " << timer.elapsed() << "ms";
qCDebug(lcSsl) << "imported " << systemCerts.count() << " certificates";
#endif
return systemCerts;
@ -824,7 +825,7 @@ void QSslSocketBackendPrivate::transmit()
}
}
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocketBackendPrivate::transmit: encrypted" << writtenBytes << "bytes";
qCDebug(lcSsl) << "QSslSocketBackendPrivate::transmit: encrypted" << writtenBytes << "bytes";
#endif
writeBuffer.free(writtenBytes);
totalBytesWritten += writtenBytes;
@ -857,7 +858,7 @@ void QSslSocketBackendPrivate::transmit()
// Write encrypted data from the buffer to the socket.
qint64 actualWritten = plainSocket->write(data.constData(), encryptedBytesRead);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocketBackendPrivate::transmit: wrote" << encryptedBytesRead << "encrypted bytes to the socket" << actualWritten << "actual.";
qCDebug(lcSsl) << "QSslSocketBackendPrivate::transmit: wrote" << encryptedBytesRead << "encrypted bytes to the socket" << actualWritten << "actual.";
#endif
if (actualWritten < 0) {
//plain socket write fails if it was in the pending close state.
@ -878,7 +879,7 @@ void QSslSocketBackendPrivate::transmit()
int encryptedBytesRead = plainSocket->peek(data.data(), pendingBytes);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocketBackendPrivate::transmit: read" << encryptedBytesRead << "encrypted bytes from the socket";
qCDebug(lcSsl) << "QSslSocketBackendPrivate::transmit: read" << encryptedBytesRead << "encrypted bytes from the socket";
#endif
// Write encrypted data from the buffer into the read BIO.
int writtenToBio = q_BIO_write(readBio, data.constData(), encryptedBytesRead);
@ -902,17 +903,17 @@ void QSslSocketBackendPrivate::transmit()
// connect / accept.
if (!connectionEncrypted) {
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocketBackendPrivate::transmit: testing encryption";
qCDebug(lcSsl) << "QSslSocketBackendPrivate::transmit: testing encryption";
#endif
if (startHandshake()) {
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocketBackendPrivate::transmit: encryption established";
qCDebug(lcSsl) << "QSslSocketBackendPrivate::transmit: encryption established";
#endif
connectionEncrypted = true;
transmitting = true;
} else if (plainSocket->state() != QAbstractSocket::ConnectedState) {
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocketBackendPrivate::transmit: connection lost";
qCDebug(lcSsl) << "QSslSocketBackendPrivate::transmit: connection lost";
#endif
break;
} else if (paused) {
@ -920,7 +921,7 @@ void QSslSocketBackendPrivate::transmit()
return;
} else {
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocketBackendPrivate::transmit: encryption not done yet";
qCDebug(lcSsl) << "QSslSocketBackendPrivate::transmit: encryption not done yet";
#endif
}
}
@ -941,7 +942,7 @@ void QSslSocketBackendPrivate::transmit()
// Don't use SSL_pending(). It's very unreliable.
if ((readBytes = q_SSL_read(ssl, data.data(), data.size())) > 0) {
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocketBackendPrivate::transmit: decrypted" << readBytes << "bytes";
qCDebug(lcSsl) << "QSslSocketBackendPrivate::transmit: decrypted" << readBytes << "bytes";
#endif
char *ptr = buffer.reserve(readBytes);
::memcpy(ptr, data.data(), readBytes);
@ -962,7 +963,7 @@ void QSslSocketBackendPrivate::transmit()
case SSL_ERROR_ZERO_RETURN:
// The remote host closed the connection.
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocketBackendPrivate::transmit: remote disconnect";
qCDebug(lcSsl) << "QSslSocketBackendPrivate::transmit: remote disconnect";
#endif
shutdown = true; // the other side shut down, make sure we do not send shutdown ourselves
q->setErrorString(QSslSocket::tr("The TLS/SSL connection has been closed"));
@ -1081,7 +1082,7 @@ bool QSslSocketBackendPrivate::startHandshake()
q->setErrorString(QSslSocket::tr("Error during SSL handshake: %1").arg(getErrorsFromOpenSsl()));
q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QSslSocketBackendPrivate::startHandshake: error!" << q->errorString();
qCDebug(lcSsl) << "QSslSocketBackendPrivate::startHandshake: error!" << q->errorString();
#endif
emit q->error(QAbstractSocket::SslHandshakeFailedError);
q->abort();
@ -1184,7 +1185,7 @@ bool QSslSocketBackendPrivate::startHandshake()
break;
default:
#ifdef QSSLSOCKET_DEBUG
qDebug() << sslErrors.at(i).errorString();
qCDebug(lcSsl) << sslErrors.at(i).errorString();
#endif
break;
}
@ -1318,7 +1319,7 @@ void QWindowsCaRootFetcher::start()
PCCERT_CONTEXT wincert = CertCreateCertificateContext(X509_ASN_ENCODING, (const BYTE *)der.constData(), der.length());
if (!wincert) {
#ifdef QSSLSOCKET_DEBUG
qDebug("QWindowsCaRootFetcher failed to convert certificate to windows form");
qCDebug(lcSsl, "QWindowsCaRootFetcher failed to convert certificate to windows form");
#endif
emit finished(cert, QSslCertificate());
deleteLater();
@ -1349,32 +1350,32 @@ void QWindowsCaRootFetcher::start()
0, //reserved
&chain);
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QWindowsCaRootFetcher" << stopwatch.elapsed() << "ms to get chain";
qCDebug(lcSsl) << "QWindowsCaRootFetcher" << stopwatch.elapsed() << "ms to get chain";
#endif
QSslCertificate trustedRoot;
if (result) {
#ifdef QSSLSOCKET_DEBUG
qDebug() << "QWindowsCaRootFetcher - examining windows chains";
qCDebug(lcSsl) << "QWindowsCaRootFetcher - examining windows chains";
if (chain->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR)
qDebug() << " - TRUSTED";
qCDebug(lcSsl) << " - TRUSTED";
else
qDebug() << " - NOT TRUSTED" << chain->TrustStatus.dwErrorStatus;
qCDebug(lcSsl) << " - NOT TRUSTED" << chain->TrustStatus.dwErrorStatus;
if (chain->TrustStatus.dwInfoStatus & CERT_TRUST_IS_SELF_SIGNED)
qDebug() << " - SELF SIGNED";
qDebug() << "QSslSocketBackendPrivate::fetchCaRootForCert - dumping simple chains";
qCDebug(lcSsl) << " - SELF SIGNED";
qCDebug(lcSsl) << "QSslSocketBackendPrivate::fetchCaRootForCert - dumping simple chains";
for (unsigned int i = 0; i < chain->cChain; i++) {
if (chain->rgpChain[i]->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR)
qDebug() << " - TRUSTED SIMPLE CHAIN" << i;
qCDebug(lcSsl) << " - TRUSTED SIMPLE CHAIN" << i;
else
qDebug() << " - UNTRUSTED SIMPLE CHAIN" << i << "reason:" << chain->rgpChain[i]->TrustStatus.dwErrorStatus;
qCDebug(lcSsl) << " - UNTRUSTED SIMPLE CHAIN" << i << "reason:" << chain->rgpChain[i]->TrustStatus.dwErrorStatus;
for (unsigned int j = 0; j < chain->rgpChain[i]->cElement; j++) {
QSslCertificate foundCert(QByteArray((const char *)chain->rgpChain[i]->rgpElement[j]->pCertContext->pbCertEncoded
, chain->rgpChain[i]->rgpElement[j]->pCertContext->cbCertEncoded), QSsl::Der);
qDebug() << " - " << foundCert;
qCDebug(lcSsl) << " - " << foundCert;
}
}
qDebug() << " - and" << chain->cLowerQualityChainContext << "low quality chains"; //expect 0, we haven't asked for them
qCDebug(lcSsl) << " - and" << chain->cLowerQualityChainContext << "low quality chains"; //expect 0, we haven't asked for them
#endif
//based on http://msdn.microsoft.com/en-us/library/windows/desktop/aa377182%28v=vs.85%29.aspx
@ -1493,12 +1494,12 @@ void QSslSocketBackendPrivate::continueHandshake()
QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys");
QFile file(sslKeyFile);
if (!file.open(QIODevice::Append))
qWarning() << "could not open file" << sslKeyFile << "for appending";
qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending";
if (!file.write(debugLineClientRandom))
qWarning() << "could not write to file" << sslKeyFile;
qCWarning(lcSsl) << "could not write to file" << sslKeyFile;
file.close();
} else {
qWarning("could not decrypt SSL traffic");
qCWarning(lcSsl, "could not decrypt SSL traffic");
}
#endif
@ -1557,7 +1558,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(QList<QSslCertificate> certifi
// Setup the store with the default CA certificates
X509_STORE *certStore = q_X509_STORE_new();
if (!certStore) {
qWarning() << "Unable to create certificate store";
qCWarning(lcSsl) << "Unable to create certificate store";
errors << QSslError(QSslError::UnspecifiedError);
return errors;
}
@ -1694,7 +1695,7 @@ bool QSslSocketBackendPrivate::importPkcs12(QIODevice *device,
// Create the PKCS#12 object
PKCS12 *p12 = q_d2i_PKCS12_bio(bio, 0);
if (!p12) {
qWarning("Unable to read PKCS#12 structure, %s", q_ERR_error_string(q_ERR_get_error(), 0));
qCWarning(lcSsl, "Unable to read PKCS#12 structure, %s", q_ERR_error_string(q_ERR_get_error(), 0));
q_BIO_free(bio);
return false;
}
@ -1705,7 +1706,7 @@ bool QSslSocketBackendPrivate::importPkcs12(QIODevice *device,
STACK_OF(X509) *ca = 0;
if (!q_PKCS12_parse(p12, passPhrase.constData(), &pkey, &x509, &ca)) {
qWarning("Unable to parse PKCS#12 structure, %s", q_ERR_error_string(q_ERR_get_error(), 0));
qCWarning(lcSsl, "Unable to parse PKCS#12 structure, %s", q_ERR_error_string(q_ERR_get_error(), 0));
q_PKCS12_free(p12);
q_BIO_free(bio);
return false;
@ -1713,7 +1714,7 @@ bool QSslSocketBackendPrivate::importPkcs12(QIODevice *device,
// Convert to Qt types
if (!key->d->fromEVP_PKEY(pkey)) {
qWarning("Unable to convert private key");
qCWarning(lcSsl, "Unable to convert private key");
q_sk_pop_free(reinterpret_cast<STACK *>(ca), reinterpret_cast<void(*)(void*)>(q_sk_free));
q_X509_free(x509);
q_EVP_PKEY_free(pkey);

17
src/network/ssl/qsslsocket_openssl_symbols.cpp
View File

@ -47,6 +47,7 @@
**
****************************************************************************/
#include "qssl_p.h"
#include "qsslsocket_openssl_symbols_p.h"
#ifdef Q_OS_WIN
@ -115,12 +116,12 @@ QT_BEGIN_NAMESPACE
namespace {
void qsslSocketUnresolvedSymbolWarning(const char *functionName)
{
qWarning("QSslSocket: cannot call unresolved function %s", functionName);
qCWarning(lcSsl, "QSslSocket: cannot call unresolved function %s", functionName);
}
void qsslSocketCannotResolveSymbolWarning(const char *functionName)
{
qWarning("QSslSocket: cannot resolve %s", functionName);
qCWarning(lcSsl, "QSslSocket: cannot resolve %s", functionName);
}
}
@ -388,11 +389,11 @@ DEFINEFUNC(void, PKCS12_free, PKCS12 *pkcs12, pkcs12, return, DUMMYARG)
#ifdef QT_NO_LIBRARY
bool q_resolveOpenSslSymbols()
{
qWarning("QSslSocket: unable to resolve symbols. "
"QT_NO_LIBRARY is defined which means runtime resolving of "
"libraries won't work.");
qWarning("Either compile Qt statically or with support for runtime resolving "
"of libraries.");
qCWarning(lcSsl, "QSslSocket: unable to resolve symbols. "
"QT_NO_LIBRARY is defined which means runtime resolving of "
"libraries won't work.");
qCWarning(lcSsl, "Either compile Qt statically or with support for runtime resolving "
"of libraries.");
return false;
}
#else
@ -992,7 +993,7 @@ QDateTime q_getTimeFromASN1(const ASN1_TIME *aTime)
return result;
} else {
qWarning("unsupported date format detected");
qCWarning(lcSsl, "unsupported date format detected");
return QDateTime();
}

11
src/network/ssl/qsslsocket_winrt.cpp
View File

@ -39,6 +39,7 @@
**
****************************************************************************/
#include "qssl_p.h"
#include "qsslsocket_winrt_p.h"
#include "qsslsocket.h"
#include "qsslcertificate_p.h"
@ -455,8 +456,9 @@ HRESULT QSslSocketBackendPrivate::onSslUpgrade(IAsyncAction *action, AsyncStatus
Q_Q(QSslSocket);
if (wasDeleted) {
qWarning("SSL upgrade callback received after the delegate was deleted. "
"This may be indicative of an internal bug in the WinRT SSL implementation.");
qCWarning(lcSsl,
"SSL upgrade callback received after the delegate was deleted. "
"This may be indicative of an internal bug in the WinRT SSL implementation.");
return S_OK;
}
@ -477,8 +479,9 @@ HRESULT QSslSocketBackendPrivate::onSslUpgrade(IAsyncAction *action, AsyncStatus
IStreamSocket *socket = reinterpret_cast<IStreamSocket *>(plainSocket->socketDescriptor());
if (qintptr(socket) == -1) {
qWarning("The underlying TCP socket used by the SSL socket is invalid. "
"This may be indicative of an internal bug in the WinRT SSL implementation.");
qCWarning(lcSsl,
"The underlying TCP socket used by the SSL socket is invalid. "
"This may be indicative of an internal bug in the WinRT SSL implementation.");
return S_OK;
}

1
src/network/ssl/ssl.pri
View File

@ -2,6 +2,7 @@
contains(QT_CONFIG, ssl) | contains(QT_CONFIG, openssl) | contains(QT_CONFIG, openssl-linked) {
HEADERS += ssl/qasn1element_p.h \
ssl/qssl.h \
ssl/qssl_p.h \
ssl/qsslcertificate.h \
ssl/qsslcertificate_p.h \
ssl/qsslconfiguration.h \