HTTP Strict Transport Security (HSTS) is a web security policy that
allows a web server to declare that user agents should only interact
with it using secure HTTPS connections. HSTS is described by RFC6797.
This patch introduces a new API in Network Access Manager to enable
this policy or disable it (default - STS is disabled).
We also implement QHstsCache which caches known HTTS hosts, does
host name lookup and domain name matching; QHstsHeaderParser to
parse HSTS headers with HSTS policies.
A new autotest added to test the caching, host name matching
and headers parsing.
[ChangeLog][QtNetwork] Added HTTP Strict Transport Security to QNAM
Task-number: QTPM-238
Change-Id: Iabb5920344bf204a0d3036284f0d60675c29315c
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Use the new qtConfig macro in all pro/pri files.
This required adding some feature entries, and adding
{private,public}Feature to every referenced already existing entry.
Change-Id: I164214dad1154df6ad84e86d99ed14994ef97cf4
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
HTTP/2 does not require TLS connection, it can work in a cleartext mode.
Plus at the moment only OpenSSL backend allows HTTP/2 negotiation
via ALPN/NPN (and none of our CI configurations with OpenSSL supports
these extensions, rendering HTTP/2 auto-test useless). This patch
implements cleartext HTTP/2 ('h2c') in 'direct' mode - this is
allowed if a client has a prior knowledge that HTTP/2 is supported by
a server.
Change-Id: I4978775e9732c40bc77f549b83bb4a5d1761887e
Reviewed-by: Alex Trotsenko <alex1973tr@gmail.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Add autotest for QHttp2ProtocolHandler. This patch contains a very simplistic
"in-process HTTP2 server" for testing the protocol's basic logic/flow control/error
handling and emulating possible scenarios.
Task-number: QTBUG-50956
Change-Id: Ie02d3329c5182277a3c7c84f1bae8d02308e945d
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Currently the only supported SPDY version is 3.0.
The feature needs to be enabled explicitly via
QNetworkRequest::SpdyAllowedAttribute. Whether SPDY actually was used
can be determined via QNetworkRequest::SpdyWasUsedAttribute from a
QNetworkReply once it has been started (i.e. after the encrypted()
signal has been received). Whether SPDY can be used will be
determined during the SSL handshake through the TLS NPN extension
(see separate commit).
The following things from SPDY have not been enabled currently:
* server push is not implemented, it has never been seen in the wild;
in that case we just reject a stream pushed by the server, which is
legit.
* settings are not persisted across SPDY sessions. In practice this
means that the server sends a small message upon session start
telling us e.g. the number of concurrent connections.
* SSL client certificates are not supported.
Task-number: QTBUG-18714
[ChangeLog][QtNetwork] Added support for the SPDY protocol (version
3.0).
Change-Id: I81bbe0495c24ed84e9cf8af3a9dbd63ca1e93d0d
Reviewed-by: Richard J. Moore <rich@kde.org>
Also fixing some includes and re-enabling the test
Change-Id: I4a061e106c2e55db39b8000729737a93e3d7714a
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
All references to QFtp in documentation have been removed, QFtp's
documentaiton was marked internal. The QFtp example was removed.
Task-number: QTBUG-23199
Change-Id: Ifff83cac069fb350e8ebeae63e605850e65c0c30
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>