Previous blacklisting 5c4e5032b5 only
covered RHEL 6.6 and RHEL 7.4. The problem however exists in all
6.x and 7.x distros as they have the same openssl.
This however leaves us the problem with future RHEL 8. This will
keep blacklisting these tests there as well. We need a way to blacklist
versions with a wildcard so that we could say RHEL-7.*
Task-number: QTBUG-46203
Change-Id: I2cc52ba2eac949214ecaa02e19d9e623d5befc49
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
for SecureTransport backend. OpenSSL, while reading
RSA/DSA, is internally calling EVP_BytesToKey that
essentially does the same thing this patch does in
'deriveAesKey' and thus able to correctly decrypt
whatever it first encrypted (while generating/
encrypting keys).
Fixes: QTBUG-54422
Change-Id: Ia9f7599c5b19bf364c179f2abd2aab7ea5359a65
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Given the current feature disparity, it makes sense to give our users
ability to detect if they can use some feature or not in their application
code, using our 'modern' QT_CONFIG(securetransport). Accordingly, use this
new syntax in our own auto-tests.
Change-Id: Ib33b03e7e602e9f8b0db8251377c89dbaada1049
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Currently docker is only used for the "echo" test, and then only the
echo server. The SOCKS5 tests have been disabled from when our current
test server was new.
Change-Id: I21b0c5f10e722a42a0880b2500d1bcbc609a03bf
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
'accept' breaks the order, making the static table unsorted and thus
std::lower_bound cannot find it and we always index it in a dynamic
table. Also, make this static table accessible to auto-test.
Plus fix some warnings quite annoyingly visible in qt-creator.
Fixes: QTBUG-74161
Change-Id: I47410f2ef974ac92797c9804aa55cb5c36a436c4
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Check if QSslKey::handle() returns data representing the
same key information as that passed to the constructor.
Task-number: QTBUG-64495
Change-Id: I1a91264e6f6d92d259b51fca9de00fcbfd5cc845
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
It's flaky and has been for a while. However it is somewhat more flaky
when using the docker setup.
Task-number: QTBUG-74162
Change-Id: I49f346a39271b48395e0e17fa6821d73a24f81d4
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
To work with docker test server.
Change-Id: I50a1c7b632748d7648dafd70356aa849614e4e12
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Change-Id: Id456fa8ea6ab4f23b6b83c5f6388e96443ccf9e0
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
The iptables container launches with extra capabilities to actually be
able to make changes to the tables.
Change-Id: I892fd18853ce882709e21791e6c88217e5029d53
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This commit adds support for single-sign-on SPNEGO/Negotiate
authentication to QAuthenticator, using SSPI on Windows and GSSAPI on
other platforms (if KRB5 GSSAPI is available).
[ChangeLog][QtNetwork][QAuthenticator] Add support for SPNEGO/Negotiate
Task-number: QTBUG-4117
Change-Id: Ie246b887db3fd6201b7ed30b023feca292cd6530
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
and make it work with our new docker-based test server
Change-Id: I98b5b5b1e2cdca46b7f15be72aa1483d9455403d
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
It fails on CI (Windows 10). Given our qabstractsocket disables
read notifications/stops emitting readyRead if it already has pending data
(unbuffered, aka UDP socket type) - make sure we do not suffer from this.
The change does not affect the test's logic (unless the logic was to fail),
it just makes it more fail-proof.
Change-Id: I6c9b7ded20478f675260872a2a7032b4f356f197
Fixes: QTBUG-73884
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Conflicts:
tests/auto/widgets/itemviews/qheaderview/tst_qheaderview.cpp
Added tests/auto/testlib/selftests/expected_crashes_5.txt to work
round the output of the crashes test (which exercises UB, see
QTBUG-73903) being truncated on one test platform.
Change-Id: I9cd3f2639b4e50c3c4513e14629a40bdca8f8273
1. Fix erroneous logic, which was triggered in 'h2' mode (non-TLS connection)
- after the initial protocol upgrade/POST request was handled, the server
(on Windows specifically) was erroneously handling upcoming DATA frames by replying
with another redirect response.
2. Make the test less heavy by sending 1 MB of Qt::Uninitialize instead of 10 MB
- theoretically this could cause a timeout before the redirected request finished
successfully.
Task-number: QTBUG-73873
Change-Id: I961e0a5f50252988edd46d0e73baf96ee22eef3f
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
[ChangeLog][qmake] A new feature "cmdline" was added that implies
"CONFIG += console" and "CONFIG -= app_bundle".
Task-number: QTBUG-27079
Change-Id: I6e52b07c9341c904bb1424fc717057432f9360e1
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
to make it work with our new docker-based test server.
Change-Id: I76345a2d3d768b8a571f2c85e69f6a21e9a96d7e
Reviewed-by: Ryan Chu <ryan.chu@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
[ChangeLog][QtNetwork][SSL] The Schannel backend now supports ALPN and
thus HTTP/2.
Change-Id: I1819a936ec3c9e0118b9dad12681f791262d4db2
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
On Windows and macOS, the containers are deployed into a virtual
machine using the host network. All the containers share the same
hostname (qt-test-server), and they are connected to the same network
domain (local).
When running test in such platforms, use the single-name SSL certificate
(qt-test-server.local) for SSL related tests.
Change-Id: Idf33e01e8dd8814510d848b87b59b5fc0edc903e
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@qt.io>
For some reason behavior of SecureTransport has changed from 10.12 to 10.13
and then to 10.14. On 10.13 SecureTransport fails upon receiving the server's
certificate with 'Unrecoverable error', before we can do a manual verification
and accept the certificate as trusted. Analysis of available source code
shows that they, apparently, do not like MD5 hash which our server is using.
Until certificate is updated on the server or we switch completely to
the Docker-based solution we have to BLACKLIST tests that connect to our
current network test-server. Oddly enough, on 10.14 SecureTransport is
less mean.
Task-number: QTBUG-69873
Change-Id: I7da1883e0970a2f6ddd8385f193b76116d6983e0
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Currently only available for the OpenSSL backend to use but doesn't
actually rely on anything OpenSSL specific.
Move it so it can be used by the Schannel backend in an upcoming patch
Change-Id: Ia29b153bf3f29cff0d62a41ec5dd7d4671a18095
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
While it's not common it still occurs, perhaps especially with 127.0.0.1
Can be tested by attempting to connect to https://1.1.1.1/ using Qt.
Change-Id: Idad56476597ab570b8347236ff700fa66ab5b1f4
Fixes: QTBUG-71828
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Adds support for Schannel, an SSL backend for Windows, as an
alternative to OpenSSL.
[ChangeLog][QtNetwork][Ssl] Added support for Schannel on Desktop
Windows. To build Qt with Schannel support use '-schannel' during
configure.
Task-number: QTBUG-62637
Change-Id: Ic4fb8ed3657dab994f9f4a4ac5cbddc7001a0a46
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
... as we normally do in other tests, using localhost.
Change-Id: I7969d7bfd50b545adae7e23476d17b6224e9a8fc
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
The tests of smb protocol only work in the CI network. Therefore,
the docker-based test server for Windows can't pass all the tests of
QNetworkReply.
These two tests should be reworked when adding Samba server to the
docker-based test servers later on.
Task-number: QTBUG-72861
Change-Id: I54e639b5414760ee929d0d28fe10f9e021aff7dc
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@qt.io>
since we'll refuse to continue with a handshake, failing in initSslContext()
on a disabled protocol versions. Then, functions like waitForEncrypted,
connectToHostEncrypted, startServerEncryption and startClientEncryption
should either bail out early (who needs a TCP connection which we'll
abort anyway?) or bail out whenever we can, as soon as a disabled protocol
was found in a configuration. This change also makes the behavior
of different back-ends consistent, since it's a general code-path
that reports the same SslInvalidUserData error. Update auto-test to
... actually test what it claims it tests.
Task-number: QTBUG-72196
Task-number: QTBUG-72179
Change-Id: I548468993410f10c07ce5773b78f38132be8e3e0
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
As per RFC 6176 (2011) and RFC 7568 (2015).
Code-wise, we're left with the decision of what to do with a few
enumerators in QSsl::Protocol; I've made TlsV1SslV3 act as TlsV1,
and adjusted the description of AnyProtocol.
A new test was introduced - deprecatedProtocol() - to test that
we, indeed, do not allow use of SSL v2 and v3. protocol() and
protocolServerSide() were reduced to exclude the (now) no-op
and meaningless tests - neither client nor server side can
start a handshake now, since we bail out early in initSslContext().
[ChangeLog][QtNetwork][SSL] Support for SSLv2 and SSLv3
sockets has been dropped, as per RFC 6176 (2011)
and RFC 7568 (2015).
Change-Id: I2fe4e8c3e82adf7aa10d4bdc9e3f7b8c299f77b6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
This patch introduces a private 'API' to enable server-side OCSP responses
and implements a simple OCSP responder, tests OCSP status on a client
side (the test is pretty basic, but for now should suffice).
Change-Id: I4c6cacd4a1b949dd0ef5e6b59322fb0967d02120
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Some tests were fixed and others were skipped/blacklisted.
Task-number: QTBUG-63152
Change-Id: Ica7df555f8d152ee589865911130525101d4b941
Reviewed-by: Liang Qi <liang.qi@qt.io>
This is necessary to provide details for the key too,
when the server is using DHE-RSA-AESxxx-SHAxxx.
Amends 7f77dc84fb.
Change-Id: I8ab15b6987c17c857f54bc368df3c6c1818f428c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
