Add an encrypted signal to QNAM and QNetworkReply to allow applications
to perform additional checks on the certificate chain beyond those done
as part of the standard SSL validation. This allows things like
certificate change notification to be implemented for QNAM as they can
be for QSSLSocket currently.
Change-Id: I693e3e6fec8b7040379b7e7f1f819550e6b2617f
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Add intermediate certificates to our server sockets, and to our client
certs.
Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba
Task-Number: QTBUG-19825
Task-Number: QTBUG-13281
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Instead of storing a single QSslCertificate for a the local cert, store
a list of them. This will allow us to handle server sockets that use a
certificate that is not issued directly from the CA root in future.
Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96
Reviewed-by: Peter Hartmann <phartmann@rim.com>
The "mediumfile" is actually 9.6 MB large, and makes the test slow and
even fail on mobile platforms.
Change-Id: I694d9d38e4d09c8e90a03c1141320fe2a757fdd9
Reviewed-by: Richard J. Moore <rich@kde.org>
It's flakey and is blocking integration. Tracked in QTBUG-29730.
Change-Id: Ia5b8f952314bf2e1aa6dbb5c5c0a97e32e68d0f6
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@digia.com>
Do not include qsslsocket_p.h unless SSL is present.
Change-Id: I7e56b7758729907892d85f97d5a9d3ccaf7a3314
Reviewed-by: Peter Hartmann <phartmann@rim.com>
The table is there to know which domains are allowed to set cookies
and which are not. There are more than 2000 new entries since the
list has last been generated.
The split to 64K chunks was made because this is the hard limit for
strings in Visual Studio.
Change-Id: I511aec062af673555e9a69442c055f75bdcd1606
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
DER certificates should not be opened as text files, so we
only pass the QIODevice::Text flag when the format is
QSsl::Pem.
Change-Id: I4bad98023c397b967d5beeec0aaa6c414e06fd9c
Reviewed-by: Richard J. Moore <rich@kde.org>
This improves performance since a network round trip can be avoided.
Change-Id: I1aaff7e48ef9638cb137de0f43942c3a4dd2884a
Initial-patch-by: Markus Goetz <markus@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
VxWorks does not have QProcess support.
Change-Id: I917b769f967e9d71ec5025aae788f3e237b07aeb
Reviewed-by: Samuel Rødal <samuel.rodal@digia.com>
(cherry picked from commit 416e73a0fc)
make sure we keep track of when we can load root certs and when we
cannot (we cannot when the developer set the certs explicitly). This is
implemented the same way for QSslSocket already, and needs to be
duplicated because we have 2 methods for setting CA certificates: one in
QSslSocket and one in QSslConfiguration.
In addition, adapt the auto test which checks whether setting a default
QSslConfiguration works: There is no way to set on demand loading
through the API, so it should be enabled by default.
Task-number: QTBUG-29103
Change-Id: I5146128aaa385dfcc0ad1e0ef81a92d9350ec5f2
Reviewed-by: Richard J. Moore <rich@kde.org>
One of the IPv6 autotests was always disabled instead of being disabled
only when the system has no IPv6 support.
Change-Id: I34dffbeae6ba85a706bfeb0cc4750a4514b73a65
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Adds an auto test that verifies that the replies to POST and PUT
requests are not cached even though they contain a max-age header and
that subsequent GET requests are reloaded from the server.
Change-Id: I188ae1200cb5551e164722c0f479719be8d11bfb
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Those certificates have erroneously set the CA attribute to true,
meaning everybody in possesion of their keys can issue certificates on
their own.
Task-number: QTBUG-28937
Change-Id: Iff351e590ad3e6ab802e6fa1d65a9a9a9f7683de
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
These types are either built-in or 'automatically declared' and so
don't need to be explicitly declared as metatypes.
Change-Id: Ifdce72af844901665c4ebab11507216ba5f00fc1
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
As they are built-in, they are effectively registered at compile-time
already.
Change-Id: I7ae6ba16088eab5d19213fa7b07c2a7760988a86
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
trolltech.com seems to be shut down already
Change-Id: Ic90ce01aeb51b6f154b9bbf4762c365a398c9e3d
Reviewed-by: Simo Fält <simo.falt@digia.com>
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
The QSslSocket one is both wrong and redundant as there is a
Q_DECLARE_METATYPE for it already.
Change-Id: I63d065abfb3d0e3d82a8b1f29a6752b7676db847
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
Also change Trolltech for QtProject in other places
Task-number: QTBUG-23269
Change-Id: Ie4e344f23cab77c575562d18b481b3369ce30491
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Ifdef out waitForBytesWritten on Windows.
See comment in source.
Change-Id: I7a2268d2634c2524cd8291c72dd9708e430e314e
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Different OpenSSL versions produce slightly different output when
dumping a certificate.
Change-Id: Ida98b24422302e287641be074d6740ca292cf203
Reviewed-by: Richard J. Moore <rich@kde.org>
qt.nokia.com is also going to disapper in future, so I think it is better
to use qt-project.org.
Change-Id: Ice550fe657a33609472b8e4b8630d7649f9c9fb5
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
Not having access to a network test server is not a failure per se
but rather an enviromental condition not met at run-time.
Change-Id: Ie7d10ca5fbf2df45fb1fd1ac19718c9fae855c03
Reviewed-by: Caroline Chao <caroline.chao@digia.com>
QSystemSemaphore is persistent after a crash and we'd have to toggle the
Open/Create flag. Waiting for the server being available by trying to
connect is much more reliable.
Change-Id: I510814cef189b43658911f8ade3cf831ae6c7e58
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@digia.com>
Removing the lackey executable that needs QtScript to be built.
This was a qscript bastard that was able to run a client and a server
script. It's replaced by a C++ version with the same functionality.
Nice side effect: the two second wait per test row could be removed.
The client executable is now waiting for the server to be created.
Task-number: QTBUG-24142
Change-Id: I135b75abf6620d3b0af50dc226ea8c81c2bf4149
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@digia.com>
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
Microsoft DNS server used in Digia hosted Qt-Project CI system,
returns 'Server failed' error for 'invalid.' hostname. Because
the purpose of these autotests is to test 'notfound' use case, it should
be ok to use also 'invalid.invalid' hostname in these DNS queries.
Change-Id: I9e9c829f3858e7fa23feffd2ede018b19f676857
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
The programs in the example isn't used in the test.
Examples should be in the right directory and be of a certain
quality.
Change-Id: Id77bd1295efb3387fa54c379eb9c882cdc5b88bd
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@digia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Commit 5230d62fe added a #define NOMINMAX, which conflicts with a
NOMINMAX definition in the MinGW headers. Just use the same definition
as in MinGW to fix the gcc warning.
Change-Id: Ib21dd323ebbdca5d143e394c7631303e0c72541a
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>