Commit Graph

270 Commits

Author SHA1 Message Date
Timur Pocheptsov
5ba5a7b5bc DTLS cookie auto-test - do not check the exact UDP socket errors
It was observed on OpenSUSE VM in CI - apparently, even after succesfull
read from UDP socket error was not UnknownSocketError. While it's under
investigation, the DTLS auto-test should limit itself by DTLS things and
barely test IO success (socket-wise) when needed.

Change-Id: I0773a02c591432b0d6c894f4131f70e41dc7ed72
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2018-06-28 03:28:50 +00:00
Timur Pocheptsov
73b9242d7e tst_QSslSocket::qtbug18498_peek() - fix several problems
It all started from the compiler's warnings about 'this' captured but
not used in lambdas. While fixing this it was noticed that 'client' socket
has a lifetime longer than the test case itself (the socket has a parent,
which is tst_QSslSocket object). The 'server' socket was simply leaked.
So there is no guarantee that some of them (or both) later, after the
test failed in one of QVERIFY, for example, does not emit 'encrypted'
upon receiving more data; this will result: in reading/writing from/to
invalid memory location (captured local 'encryptedCount') and/or probably
exiting event loop when it's not expected to do so.

Change-Id: I51de0493d989a5ba36de2cef58d35526c0e26cda
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2018-06-28 03:28:38 +00:00
Timur Pocheptsov
5417949fe2 Add tst_QDtls auto-test
The test is somewhat similar to tst_QSslSocket but is smaller (in scope, will
grow in future), it has no QTcpSocket/QAbstractSocket-specific things and
has more DTLS-specific code. At the moment it does not use our network
test server, all work is done in the same process with two QUdpSockets
and two QDtls objects. We test (both on client/server ends):
 - parameters validation (for all functions that do this) and
   the correctness of error codes/handshake states
 - handshake procedure (with/out certificates and with pre-shared keys)
 - timeouts and re-transmissions during (D)TLS handshake
 - peer verification (and related verification errors)
 - aborted/resumed handshake
 - encrypted I/O
 - DTLS shutdown

For now, this test is OpenSSL-only.

Task-number: QTBUG-67597
Change-Id: I27006bfe3d6c02b89596889e8482a782c630402a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2018-06-21 17:01:25 +00:00
Timur Pocheptsov
d77d4fc548 QDtlsClientVerifier - add auto-test
This part of DTLS is relatively easy to test: we never do a complete
handshake. Certificates, verification, ciphers,  etc. - do not matter
at this stage (to be tested in tst_QDtls). Errors are mostly insignificant
and can be ignored or handled trivially.

The test is OpenSSL-only: SecureTransport failed to correctly implement/
support server-side DTLS, the problem reported quite some time ago and
no fixes from Apple so far.

Task-number: QTBUG-67597
Change-Id: I21ad4907de444ef95d5d83b50083ffe211a184f8
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-06-19 05:31:30 +00:00
Liang Qi
7e1b504f31 Merge remote-tracking branch 'origin/5.11' into dev
Conflicts:
	mkspecs/features/qt_module_headers.prf
	tests/auto/widgets/itemviews/qheaderview/tst_qheaderview.cpp
	tests/auto/widgets/kernel/qwidget/BLACKLIST

Change-Id: I2a08952d28d1d0e3d73f521a3d44700ce79ff16c
2018-05-14 14:51:46 +02:00
Mårten Nordheim
5134ff882a OpenSSL v1.1.1: fix qtbug18498_peek
Previously the test worked because the client was the last party to know
when encryption was established. However, due to changes in the TLSv1.3
handshake the server is now the last one.

In either case, relying on both to be encrypted when one of them is
finished is not great, so now we only quit the event loop when both
client and server have emitted 'encrypted'.

Change-Id: Ic1fc75671206d866f7ea983805fd58a99657aac6
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2018-05-11 08:42:17 +00:00
Liang Qi
b5a956601f Merge remote-tracking branch 'origin/5.11' into dev
Conflicts:
	src/plugins/sqldrivers/sqlite/qsql_sqlite.cpp
	tests/auto/corelib/io/qresourceengine/qresourceengine_test.pro

Change-Id: I3169f709cc2a1b75007cb23c02c4c79b74feeb04
2018-05-08 20:43:45 +02:00
Kari Oikarinen
c580644fe9 tests/auto/network: Avoid unconditional qWait()s
Replace with QSignalSpy or QTRY_COMPARE when possible.

Task-number: QTBUG-63992
Change-Id: I18dc8837301424855487a12ee62451a5aeb21bf0
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2018-05-08 12:35:40 +00:00
Qt Forward Merge Bot
ba2b7b8e33 Merge remote-tracking branch 'origin/5.11' into dev
Change-Id: Ib58433da04bffb5dfab5486b80f17f39cc4145fa
2018-05-05 01:00:55 +02:00
Mårten Nordheim
ef242e0b34 OpenSSL 1.1.1: Fix tst_QSslCertificate::toText
The formatting of the output from QSslCertificate::toText has
changed slightly from before, so it no longer matches the test's
data.

From what I can tell we just do a manual sanity check and create
a new file with the new output and then augment the test.

Task-number: QTBUG-67463
Change-Id: I751e5a3f9a28015f97c895cea47384704fd68e38
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2018-05-04 12:57:47 +00:00
Mårten Nordheim
72bb1d95fd Introduce QPasswordDigestor functions
Added a few functions to derive keys from passwords. Currently it
supports PBKDF1 and PBKDF2 as defined in
RFC 8018 ( https://tools.ietf.org/html/rfc8018 ).

[ChangeLog][QtNetwork][QPasswordDigestor] Added QPasswordDigestor

Task-number: QTBUG-30550
Change-Id: I2166b518bd8b54e3486514166e76fd9ba2f219c8
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-04-23 12:55:45 +00:00
Mårten Nordheim
c45802e33a QSslKey: Implement PKCS#8 support for the generic backend
This patch adds the ability to decode keys which are encoded with PKCS#8
using the generic back-end (used in winrt and secure transport).

It works on both WinRT and macOS; however QSslKey seems unused in the
WinRT backend and it seems only RSA keys can be used for certificates
on macOS. Meaning that DSA and Ec, which in theory* should represent
their unencrypted versions, can't currently be tested properly.

* Can also be confirmed by loading the key using the ST or WinRT
backend, calling toPem(), writing the output to a file and then loading
the unencrypted key using openssl.

[ChangeLog][QtNetwork][QSslKey] Added support for PKCS#8-encoded keys
in the generic SSL back-end (used for SecureTransport on macOS and for
WinRT). Note that it does not support keys encrypted with a PKCS#12
algorithm.

Task-number: QTBUG-59068
Change-Id: Ib27338edc7dbcb5c5e4b02addfdb4b62ac93a4c3
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-04-23 12:55:38 +00:00
Lars Knoll
4f158ccee5 Merge remote-tracking branch 'origin/5.11' into dev
Change-Id: I9f802cb9b4d9ccba77ca39428a5cb1afd2d01642
2018-04-12 22:00:35 +02:00
Mårten Nordheim
f8e551cf08 Fix loading pkcs#8 encrypted DER-encoded keys in openssl
When we load DER-encoded keys in the openssl-backend we always turn it
into PEM-encoded keys (essentially we prepend and append a header and
footer and use 'toBase64' on the DER data).

The problem comes from the header and footer which is simply chosen
based on which key algorithm was chosen by the user. Which would be
wrong when the key is a PKCS#8 key. This caused OpenSSL to fail when
trying to read it. Surprisingly it still loads correctly for unencrypted
keys with the wrong header, but not for encrypted keys.

This patch adds a small function which checks if a key is an encrypted
PKCS#8 key and then uses this function to figure out if a PKCS#8 header
and footer should be used (note that I only do this for encrypted PKCS#8
keys since, as previously mentioned, unencrypted keys are read correctly
by openssl).

The passphrase is now also passed to the QSslKeyPrivate::decodeDer
function so DER-encoded files can actually be decrypted.

[ChangeLog][QtNetwork][QSslKey] The openssl backend can now load
encrypted PKCS#8 DER-encoded keys.

Task-number: QTBUG-17718
Change-Id: I52eedf19bde297c9aa7fb050e835b3fc0db724e2
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-04-11 14:30:08 +00:00
Timur Pocheptsov
e3cea2a7b9 QSslSocket (OpenSSL 1.1) - respect requested protocol version
Properly handle single protocol TLS configurations. Previously,
due to the use of generic (non version-specific) client/server method
they worked as ranges of protocols instead. This also fixes a couple
of previously broken tests.

Task-number: QTBUG-67584
Change-Id: Ied23113a4fab6b407a34c953e3bd33eab153bb67
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-04-11 12:10:01 +00:00
Timur Pocheptsov
fdc28956c9 Revert "tst_QSslSocket::signatureAlgorithm - fix for OpenSSL 1.1"
This reverts commit e2694fa602.
I'm reverting this patch - I'll fix QSslSocket instead to respect
the requested protocol version.

Change-Id: Ia4bb09a8801c58bc76837518934ac7a3eedd3c07
Reviewed-by: Lars Schmertmann <lars.schmertmann@governikus.de>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-04-10 13:17:02 +00:00
Qt Forward Merge Bot
e027c7241f Merge remote-tracking branch 'origin/5.11' into dev
Change-Id: I0120f804522c0c652e9537b6e9fe08189f071ed2
2018-04-10 01:00:26 +02:00
Mårten Nordheim
5c4e5032b5 Unblacklist qsslkey for Linux
Except RHEL-6.6 and 7.4

It was blacklisted in f3939d943e, along
with a lot of other entries. No specifics are known about why it was
blacklisted originally, but now it only fails on RHEL because they
use OpenSSL 1.0.1.

Change-Id: I6d1d1b7b7bf5386b2115b8780163550cf03bbad7
Reviewed-by: Gatis Paeglis <gatis.paeglis@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2018-04-09 09:34:50 +00:00
Timur Pocheptsov
e2694fa602 tst_QSslSocket::signatureAlgorithm - fix for OpenSSL 1.1
The test creates client and server sockets with mismatching protocol versions,
trying different combinations, for example: 1) server (TLS 1.0) vs
client (TLS 1.2) or 2) server (TLS 1.2) vs client (TLS 1.1), etc.
Since TLS v < 1.2 does not support signature algorithms, they are ignored
and handshake is always successful. But our new OpenSSL 1.1 backend uses
generic TLS_client_method and TLS_server_method when creating SSL_CTX.
This means, both server and client will support TLS v. 1.2, they
will have no shared signature algorithms, thus handshake will fail
with an error string similar to this:

"tls1_set_server_sigalgs:no shared signature algorithms".

For OpenSSL 1.1 this test makes no sense.

Task-number: QTBUG-67456
Change-Id: Ibb2a12eea5e5c0ebaeee7d0719cc721ecf4763e6
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-04-05 15:15:01 +00:00
Edward Welbourne
c0272f98df Expand Config to Configuration in method names
Commit f55c73ede2 added various backendConfig methods;
API review for 5.11 pointed out that Config should not be abbreviated.

Change-Id: I3b294b44a030b2a6e4cdd034fa27583c228dfe42
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2018-03-13 14:10:50 +00:00
Christian Ehrlicher
92fc338de0 qtbase: cleanup BLACKLIST files
Cleanup BLACKLIST files which contain entries for CI-systems
which are no longer active:
 - opensuse-13.1
 - opensuse-42.1
 - osx-10.8
 - osx-10.9
 - osx-10.10
 - rhel-7.1
 - rhel-7.2
 - rhel-7.3
 - ubuntu-14.04
 - windows msvc-2010

Change-Id: I25590b0807a4454f9dc92aa4ea61300f7c9af56b
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@qt.io>
2018-02-13 15:20:33 +00:00
Lars Schmertmann
f55c73ede2 Introduce QSslConfiguration::backendConfig
With this change it is possible to use all supported
configurations in different backends without any new interfaces.

Change-Id: Ib233539a970681d30ae3907258730e491f8d3531
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2018-01-26 11:34:02 +00:00
Mårten Nordheim
b14934547a Use TESTDATA for QSsl* tests
Apparently this (undocumented) TESTDATA feature creates resource files,
but lets you use wildcards as well, which is very handy.

The reason I didn't know/realize this when adapting the tests to use a
".qrc"-file* was because some of the test-cases were using relative
paths instead of the 'testDataDir' variable.

This commit fixes the remaining uses of relative paths, removes a
usage of QDir::setCurrent, and adapts QSslSocket to use TESTDATA.

* in now-reverted commit e1600c1a73

Change-Id: Iee6d88f1e0810eeaadac90e7d44bc6db84bfeabf
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
2018-01-12 11:43:55 +00:00
André Klitzing
e56eb33cf8 Enable brainpool curves in qsslkey tests
Change-Id: Ibdc0a045e0b0469bfb4dc362e3bc3e6b7940d783
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2018-01-10 13:25:25 +00:00
Mårten Nordheim
21c9b6fc58 QSsl* tests: Ensure trailing slash on directory path
Then we don't need to add a leading slash. (minor clean-up)

Change-Id: I86af224841009fda838e7cb89d47d324963328c9
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-01-09 08:52:46 +00:00
Mårten Nordheim
a5c58d503d Revert "Adapt the QSsl* tests to use the resource system"
This reverts commit e1600c1a73.

The commit missed the fact that TESTDATA exists. Which supports
wildcards and then can automatically pick up new files when added (as
long as they match a wildcard) and then you don't need to maintain a
giant qrc file.

Change-Id: Ie31fadb5ef6e8dfe6105f4f9764292f78cffb512
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-01-09 08:52:41 +00:00
Liang Qi
c35342ffeb Merge "Merge remote-tracking branch 'origin/5.10' into dev" into refs/staging/dev 2017-11-30 12:57:22 +00:00
Mårten Nordheim
f6684ed043 Skip QSsl* tests which don't work on WinRT
The reason for each is given in the skip. It's mostly about the
server-side encryption, which is unimplemented for WinRT.

Change-Id: I036b95a4526e02fd047e193f2b3c9130bec08144
Reviewed-by: Oliver Wolff <oliver.wolff@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-11-30 08:30:43 +00:00
Mårten Nordheim
e1600c1a73 Adapt the QSsl* tests to use the resource system
This lets the tests run on devices which previously did not have access
to the files used (WinRT, mobile devices).

Change-Id: Ibdd85862eee6ab1a7d4da87ca321ee9bc9880bfa
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-11-30 08:30:42 +00:00
Liang Qi
87204c856a Merge remote-tracking branch 'origin/5.10' into dev
Conflicts:
	src/corelib/thread/qsemaphore.cpp
	tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
	tests/auto/widgets/itemviews/qtreeview/tst_qtreeview.cpp

Change-Id: Id35b535e88df63fdfe4007ea92ed4a39c4b6d707
2017-11-30 09:16:58 +01:00
Liang Qi
7c4b0aa970 Merge remote-tracking branch 'origin/5.9' into 5.10
Conflicts:
	src/corelib/io/qstandardpaths_win.cpp
	src/plugins/platforms/ios/qioswindow.mm
	src/plugins/platforms/ios/quiview.mm
	tests/auto/widgets/itemviews/qtreeview/tst_qtreeview.cpp

Change-Id: I5deb0a0176a454a9c566e924d074ba60ce04f0bc
2017-11-23 12:52:18 +01:00
Mårten Nordheim
c3a5c482ef Fix tst_QSslSocket::waitForConnectedEncryptedReadyRead
... and unblacklist it.

It was blacklisted some years ago because it was failing too often.
It was failing because the ssl socket had already received and decrypted
all the data it was going to get, meaning the waitForReadyRead call was
just going to block forever.

Change-Id: Ia540735177d4e1be8696f2d752f1d7813faecfe5
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-11-22 13:50:09 +00:00
Mikkel Krautz
55f8d7dfe5 qsslsocket_mac: handle 'OrLater' SslProtocols in verifySessionProtocol()
The verifySessionProtocol() method in the SecureTransport backend did not
properly handle TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater.

This commit teaches verifySessionProtocol() about them.
It also adds TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater to the
protocolServerSide() test in tst_qsslsocket.

Backport from 5.10 to 5.9 (LTS).

Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 9c765522d1)
Change-Id: I58c53bdf43e0f19b4506f3696d793f657eb4dc6f
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-11-15 21:06:49 +00:00
Liang Qi
d0a0a3c041 Merge remote-tracking branch 'origin/5.10' into dev
Conflicts:
	examples/network/fortuneclient/client.cpp
	examples/network/fortuneserver/server.cpp
	src/platformsupport/platformcompositor/qopenglcompositorbackingstore_p.h
	src/plugins/platforms/cocoa/qcocoabackingstore.h
	src/plugins/platforms/cocoa/qcocoaintegration.h
	src/plugins/platforms/cocoa/qcocoascreen.h
	src/plugins/platforms/ios/qiosbackingstore.h
	src/plugins/sqldrivers/oci/qsql_oci.cpp
	src/widgets/kernel/qwidgetwindow.cpp

Change-Id: Ia6dd2c52d4a691b671cf9a2ffca70deccece8f10
2017-10-17 10:34:24 +02:00
Liang Qi
bc5f45052f Merge remote-tracking branch 'origin/5.9' into 5.10
Conflicts:
	src/corelib/global/qconfig-bootstrapped.h
	src/corelib/global/qglobal.h
	src/corelib/tools/qcryptographichash.cpp
	src/corelib/tools/qcryptographichash.h
	src/corelib/tools/qmessageauthenticationcode.cpp
	src/plugins/platforms/windows/qwindowswindow.h
	tests/auto/gui/kernel/qwindow/BLACKLIST
	tests/auto/widgets/itemviews/qitemdelegate/BLACKLIST

Change-Id: Ib68112de985a3d714c2071f47c10e907e4f0229a
2017-10-04 13:41:04 +02:00
Timur Pocheptsov
3faf8f4d48 tst_QSsl(longlongnamefollows) - fix a flakey auto-test
The original test was using QSslSocket::waitForEncrypted function, which
is apparently a bad idea on Windows: connecting to 'www.qt.io' we have
to verify certs and there is no guarantee a given Windows VM has the required
CA certificate ready in its cert store. In such cases we start a background
thread (aka CA fetcher's thread) and it calls a (potentially blocking for
a significant amount of time) function (CryptoAPI). When finished, this
thread reports the results via queued connection, which does not work
if we are sitting in a tiny-loop inside waitForEncrypted. Re-factor
the test to use signals/slots and a normally running event loop.
Also, the last test makes a wrong assumption about Windows - fixed.

Task-number: QTBUG-63481
Change-Id: I4abe9cda2a6c52d841ac858cccb6bf068e550cb8
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-10-03 16:37:30 +00:00
Samuel Gaist
b6f6920654 Change qrand() to QRandomGenerator in the SSL backend
Change-Id: I631649b2ad8d9c2c766e99a12f7ff3a39c79cc7d
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-09-30 18:08:13 +00:00
Liang Qi
19dd2ca93b Merge remote-tracking branch 'origin/5.9' into 5.10
Conflicts:
	examples/opengl/qopenglwidget/main.cpp
	src/3rdparty/pcre2/src/pcre2_printint.c
	src/plugins/platforms/cocoa/qnsview.mm
	src/widgets/widgets/qcombobox.cpp

Change-Id: I37ced9da1e8056f95851568bcc52cd5dc34f56af
2017-09-06 13:26:31 +02:00
Albert Astals Cid
6e18293299 Forward the readChannelFinished from the plain socket to the ssl socket
Task-number: QTBUG-62257
Change-Id: I12632b7ffd2012adc99b4784892cbb6f79e065f7
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
2017-09-01 15:09:14 +00:00
Liang Qi
112a4af107 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	examples/examples.pro
	qmake/library/qmakebuiltins.cpp
	src/corelib/global/qglobal.cpp
		Re-apply b525ec2 to qrandom.cpp(code movement in 030782e)
	src/corelib/global/qnamespace.qdoc
	src/corelib/global/qrandom.cpp
	src/gui/kernel/qwindow.cpp
		Re-apply a3d59c7 to QWindowPrivate::setVisible() (code movement in d7a9e08)
	src/network/ssl/qsslkey_openssl.cpp
	src/plugins/platforms/android/androidjniinput.cpp
	src/plugins/platforms/xcb/qxcbconnection.cpp
	src/plugins/platforms/xcb/qxcbconnection_xi2.cpp
	src/widgets/widgets/qmenu.cpp
	tests/auto/widgets/kernel/qwidget_window/tst_qwidget_window.cpp

Change-Id: If7ab427804408877a93cbe02079fca58e568bfd3
2017-08-31 14:31:31 +02:00
Edward Welbourne
b9557296cb Fix crash when reading a PKCS12 file with no private key
The only reason our code wants PKCS12 files is for a private key, but
a valid file needn't contain one; and reading a file without lead to a
crash in QSslKeyPrivate::fromEVP_PKEY().  So check for missing key and
fail the load, since the file is useless to us.  Also ensure the
caller's pkey is initialized, as we aren't promised that
PKCS12_parse() will set it when there is no private key.

Add a test for this case (it crashes without the fix) and update the
instructions for how to generate test data to cover it also.
(Corrected the wording there, too; at the interactive prompt,
"providing no password" really provides an empty password.)

Task-number: QTBUG-62335
Change-Id: I617508b903f6d9dee40d539b7136b0be8bc2c747
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-08-17 06:43:49 +00:00
Timur Pocheptsov
410148ef1e tst_QSslSocket::ephemeralServerKey - fix for OpenSSL 1.1
The original test is quite unfortunate - it has cipher names hardcoded,
and it fails with OpenSSL 1.1 - no matching cipher found for 'RC4-SHA'
and QSslContext::initSsl fails with 'Invalid or empty cipher list'.
We skip this test entry for 1.1.

Change-Id: I810b80a62d9e27a60db71fd412af0c80630d976c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-07-25 13:29:32 +00:00
Simon Hausmann
407302fb1b Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	src/corelib/io/qwindowspipewriter.cpp
	src/widgets/styles/qcommonstyle.cpp

Change-Id: I0d33efdc4dc256e234abc490a18ccda72cd1d9e6
2017-07-19 09:47:29 +02:00
Timur Pocheptsov
07c0e0fdcf QAsn1Element - fix toDateTime function
ASN UTCTime uses two characters to encode a year (YY). When converting it
into QDate, it's quite naive to just add 2000. According to RFC 2459,
these YY represent dates in the range [1950, 2049].
This patch also introduces a helper function doing the checked conversion
from a string to int (to be reused in the following-up patches).

Task-number: QTBUG-61934
Change-Id: I3f6f471d24e8357b83b2f5973023b2b842751389
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-07-18 13:09:16 +00:00
Timur Pocheptsov
3e3466d28c tst_QSslSocket::protocolServerSide - fixes for OpenSSL 1.1
Several tests are not valid for 1.1 anymore:

1. SSL2 was removed, but there is no OPENSSL_NO_SSL2 and the 'protocolServerSide'
   test is trying to use QSsl::SSLv2 and thus is failing.
2. We now use the generic TLS_server/client_method instead of version specific
   methods we have in pre-1.1 back-end. So, for example, a client socket with
   QSsl::TLS_V1_0 in its SSL configuration will be able to negotiate
   TLS 1.2 if our server socket wants it, while with TLSv1_client_method
   (OpenSSL < 1.1) our test was expecting SSL handshake to fail.

Change-Id: I18efd5921c79b189e4d9529be09299a361a8a81d
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-07-11 10:44:08 +00:00
Liang Qi
7f269a5db8 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	.qmake.conf

Change-Id: I43531e087bb810889d5c1fbfcdffb29b78804839
2017-07-06 13:54:25 +02:00
Friedemann Kleint
9656e972d1 Remove remains of wince in .pro files
Task-number: QTBUG-52590
Change-Id: I444fc9eedc8a8e4ad2ede224d66e7c410bedbb48
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
2017-07-03 05:32:51 +00:00
Albert Astals Cid
f78a189da5 QSSLSocket::readData return -1 when socket is not connected
As QAbstractSocket::readData does and as the documentation of QIODevice says
"this function returns -1 in those cases (that is, reading on a closed
socket..."

Change-Id: I1e64673f6a6d792a640bd6cb28b2bb5a0f18dc36
Reviewed-by: Aleix Pol
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-06-08 04:00:54 +00:00
Liang Qi
d1ea481345 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	src/network/access/qnetworkreply.cpp
	tests/auto/corelib/kernel/qmetaobject/tst_qmetaobject.cpp

Change-Id: Iadf766269454087e69fb216fc3857d85b0ddfaad
2017-05-07 13:08:18 +02:00
Timur Pocheptsov
b6968f508c Revert "Blacklist tst_QSslSocket::protocolServerSide on OS X 10.11"
This reverts commit 96c27f0dfa.
We now use a custom keychain that should fix the original
problem with the test.

Change-Id: I52e4105f34a46ad7080750d9a62480ebe3a56e68
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-04-27 12:25:51 +00:00