This change lets you call QHostInfo::lookupHost() with a null receiver
in order to warm up the DNS cache. This allows you to try to get the
DNS request in flight early.
Change-Id: Icfdd28146479aa534ae9ceb472f75e08aaa39cd2
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Add an encrypted signal to QNAM and QNetworkReply to allow applications
to perform additional checks on the certificate chain beyond those done
as part of the standard SSL validation. This allows things like
certificate change notification to be implemented for QNAM as they can
be for QSSLSocket currently.
Change-Id: I693e3e6fec8b7040379b7e7f1f819550e6b2617f
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Add intermediate certificates to our server sockets, and to our client
certs.
Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba
Task-Number: QTBUG-19825
Task-Number: QTBUG-13281
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Instead of storing a single QSslCertificate for a the local cert, store
a list of them. This will allow us to handle server sockets that use a
certificate that is not issued directly from the CA root in future.
Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Qt5 requires Mac OS 10.6, so we can remove checks such as
if MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6
Change-Id: Iea21727a277291148704ecf9677ed0b68c24920f
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
... because almost everybody gets it wrong almost every time.
Change-Id: I54938ef094323ba8de02186b585b11b9579f3ca4
Reviewed-by: Richard J. Moore <rich@kde.org>
... like e.g. in QAbstractSocket::connectToHost().
We can set the scheme on the query URL based on well-known ports; even
if the port is not well-known, we can just query the URL anyhow and let
the netstatus API resolve the right proxy for us.
In addition, return early for local schemes like "file" and "qrc".
Task-number: QTBUG-29425
Change-Id: I900f1ecbac6dd380bb8a77470b39de2c07aa7f6e
Reviewed-by: Andrey Leonov <aleonov@rim.com>
Reviewed-by: Rafael Roquetto <rafael.roquetto@kdab.com>
When OpenSSL is built using MSVC then the library names are
named ssleay32.dll and libeay32. However, when OpenSSL is built
with GCC then different library names are used like libssl-10.dll
and libcrypto-10.dll (depending on the version of OpenSSL used)
Change-Id: Icb79a5f82d2a511752bfc904f53a58423ce4b86b
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
This fixes a compilation error with GCC 4.7
which was introduced in b5652df775
In function ‘SSL_SESSION* q_SSL_get1_session(const SSL*)’:
invalid conversion from ‘const SSL* {aka const ssl_st*}’ to ‘SSL* {aka ssl_st*}’ [-fpermissive]
Change-Id: I909f7fb4295b2019283a7af66a038d4711e5f7cb
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@rim.com>
DER certificates should not be opened as text files, so we
only pass the QIODevice::Text flag when the format is
QSsl::Pem.
Change-Id: I4bad98023c397b967d5beeec0aaa6c414e06fd9c
Reviewed-by: Richard J. Moore <rich@kde.org>
i.e. make it obvious that they come from Qt.
This helps when debugging and trying to differ user created threads
from Qt threads.
Change-Id: Idd6804246d6676b17cf15de6b644a5be629aa023
Reviewed-by: Rafael Roquetto <rafael.roquetto@kdab.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
This improves performance since a network round trip can be avoided.
Change-Id: I1aaff7e48ef9638cb137de0f43942c3a4dd2884a
Initial-patch-by: Markus Goetz <markus@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
This change increases the size of the DNS cache in QHostInfo from 64
entries to 128. Given the figures in the google chrome performance paper
http://www.igvita.com/posa/high-performance-networking-in-google-chrome/
this should mean we can cache enough entries to handle 4 tabs at once.
Change-Id: I34e32e9e0966473591c59ca5f222623a354650d2
Reviewed-by: Peter Hartmann <phartmann@rim.com>
This is supposed to workaround a race condition in the underlying
netstatus API: Sometimes we get an event that the Wifi interface
changed, but it is not up, e.g. no gateway (yet). In that case we need
to check back (currently: 300 ms) whether the interface has come
up or not.
This commit can be reverted again once the race condition in the
netstatus API has been resolved.
Task-number: QTBUG-29421
Change-Id: I215ce8aae4848b6e942e77c6425adba90e9cc526
Reviewed-by: Sean Harmer <sean.harmer@kdab.com>
Reviewed-by: Rafael Roquetto <rafael.roquetto@kdab.com>
The macro was made empty in ba3dc5f3b5
and is no longer necessary or used.
Discussed-on: http://lists.qt-project.org/pipermail/development/2013-January/009284.html
Change-Id: Id2bb2e2cabde059305d4af5f12593344ba30f001
Reviewed-by: Laszlo Papp <lpapp@kde.org>
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
Reviewed-by: hjk <hjk121@nokiamail.com>
This avoids an extra division by 1000 when getting the current time.
This can't overflow, under normal circumstances, even on 32-bit: when
adding two values less than 1 billion, the result is less than 2
billion, which is less than 2^31.
Change-Id: I6f8e1aadfe2fcf6ac8da584eab4c1e61aee51cbb
Reviewed-by: David Faure (KDE) <faure@kde.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
make sure we keep track of when we can load root certs and when we
cannot (we cannot when the developer set the certs explicitly). This is
implemented the same way for QSslSocket already, and needs to be
duplicated because we have 2 methods for setting CA certificates: one in
QSslSocket and one in QSslConfiguration.
In addition, adapt the auto test which checks whether setting a default
QSslConfiguration works: There is no way to set on demand loading
through the API, so it should be enabled by default.
Task-number: QTBUG-29103
Change-Id: I5146128aaa385dfcc0ad1e0ef81a92d9350ec5f2
Reviewed-by: Richard J. Moore <rich@kde.org>
The mingw headers lack the IPV6_V6ONLY define, depending where you get
them from. Currently the headers provided by mingw-builds are more
complete than those from mingw.org itself.
I have removed the compile time check, defined the macro if it is
undefined, and it should be just a runtime check for if you are running
on windows XP you get no dual stack binding.
Task-number: QTBUG-28787
Task-number: QTBUG-28971
Task-number: QTBUG-28972
Change-Id: Iafadbb55d367c44ba9f812a24115e65591701b54
Reviewed-by: Ilya Sidorov
Reviewed-by: Peter Hartmann <phartmann@rim.com>
(cherry picked from commit d3c4296198)
Currently /etc/openssl/certs is symlinked to
/var/certmgr/web/user_trusted, but this will be changed in the future.
/etc/openssl/certs is the folder to be used to read the root certs.
Change-Id: Ic037e5075ec7ee50c132fe08dc69abbe585e32e4
Reviewed-by: Sean Harmer <sean.harmer@kdab.com>
On Mac if AssertMacros.h has already been included then it defines
verify which conflicts with the verify static function. Therefore we
just undef this if is already defined.
Task-number: QTBUG-27316
Change-Id: I5960e504c4efa4fc4ff65ba66bbd7decb33ffc62
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@digia.com>
... instead of a zero configuration. That is documented already for
QNetworkAccessManager::setConfiguration().
Task-number: QTBUG-28973
Change-Id: Idba5be990745069667a50c85286cf530580d4efe
Reviewed-by: Lorn Potter <lorn.potter@jollamobile.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
The mingw headers lack the IPV6_V6ONLY define, depending where you get
them from. Currently the headers provided by mingw-builds are more
complete than those from mingw.org itself.
I have removed the compile time check, defined the macro if it is
undefined, and it should be just a runtime check for if you are running
on windows XP you get no dual stack binding.
Task-number: QTBUG-28787
Task-number: QTBUG-28971
Task-number: QTBUG-28972
Change-Id: Iafadbb55d367c44ba9f812a24115e65591701b54
Reviewed-by: Ilya Sidorov
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Those certificates have erroneously set the CA attribute to true,
meaning everybody in possesion of their keys can issue certificates on
their own.
Task-number: QTBUG-28937
Change-Id: Iff351e590ad3e6ab802e6fa1d65a9a9a9f7683de
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Otherwise it is possible to assert if
qRegisterMetaType<QList<QSslError> >("QList<QSslError>")
is called in a TU which does not include the Q_DECLARE_METATYPE
invocation.
Change-Id: Ice1ffbb0f8d0a745d2bffc8b4e13ca31621e8ca4
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
