Commit Graph

339 Commits

Author SHA1 Message Date
Alexandru Croitor
440286655e Merge remote-tracking branch 'origin/dev' into wip/cmake
Change-Id: I4a78428a8ea273b6960792e3b8043f816fa37fcf
2019-10-14 17:46:34 +02:00
Alexandru Croitor
f4b4c4f79b Merge remote-tracking branch 'origin/wip/qt6' into wip/cmake
Change-Id: I3a1d7673c3c20019ab12a2ea0a60f1619920a34c
2019-10-11 16:23:19 +02:00
Mårten Nordheim
65cb6f5f29 tst_qsslsocket: Update some QSslConfiguration usage
Following the deprecation of add[Default]CaCertificate[s] let's update
the uses of it. While we're doing this, let's also use QSslConfiguration
more in some places where it makes sense.

Change-Id: I2c9e7c73fee8a405492410378f2babe67d3a3f25
Reviewed-by: Jesus Fernandez <jsfdez@gmail.com>
2019-09-25 14:13:58 +02:00
Daniel Smith
662fec6f0d Update for failures only on dev branch. Use general platform names
This patch was generated with tooling from patchset 31 of
https://codereview.qt-project.org/c/qt/qtqa/+/267034 in interactive
mode. General platform names were chosen if greater than 60% of the
currently active platforms of a given type in COIN recently failed.

Change-Id: Ia4bde7f0ec422bbb727dc9d7151295159094f146
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
2019-08-19 18:22:11 +02:00
Alexandru Croitor
c7ec7cd2a1 Merge branch 'wip/qt6' into wip/cmake
Change-Id: I50ac36b8803c296998149e98cc61e38687cdd14b
2019-08-15 16:53:19 +02:00
Liang Qi
6887ae2ff9 cmake: Enable network test
Task-number: QTBUG-74146
Change-Id: Ib29d1531f89676afb2b4df5032529b731ace029d
Reviewed-by: Qt CMake Build Bot
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
2019-07-29 13:14:55 +00:00
Sona Kurazyan
19f72c17c0 Make network tests build and pass with disabled deprecated APIs
Deprecated APIs of network lib are used only in tests. This change
makes sure, that the tests build and pass with those deprecated APIs
removed or disabled, by:

- Making the parts of the tests testing the deprecated APIs to be
  compiled conditionally, only when the corresponding methods are
  enabled.

- If the test-case tests only the deprecated API, but not the
  corresponding replacement, added tests for the replacement.

Task-number: QTBUG-76541
Change-Id: I78c4913155007fd1d0df2c38e1b9a8b80066adeb
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-07-23 18:48:17 +00:00
Qt Forward Merge Bot
64df0eda36 Merge remote-tracking branch 'origin/5.13' into dev
Conflicts:
	src/corelib/global/qlogging.cpp
	src/gui/painting/qtextureglyphcache_p.h
	src/gui/text/qfontengine.cpp
	src/widgets/widgets/qlineedit.cpp

Change-Id: Ic8798538df466b7141caa8bbf1fb7605eb56be37
2019-07-17 10:44:21 +02:00
Qt Forward Merge Bot
77d126ccb5 Merge remote-tracking branch 'origin/5.12' into 5.13
Conflicts:
	configure.pri

Also required s/solid\.color/solidColor/ in a couple of places in:
	src/gui/painting/qpaintengine_raster.cpp

Change-Id: I29937f63e9779deb6dac7ae77e2948d06ebc0319
2019-07-12 12:23:29 +02:00
Daniel Smith
6c136973fd unblacklist passing tests
These tests have not failed on the removed platforms for at least 60 days

Task-number: QTBUG-76608
Change-Id: If7a9f4db907124e3cd54e3f4b0ad3e20717d1912
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
2019-07-08 11:01:42 +00:00
Mårten Nordheim
1f451da9d7 Revert "Temporarily skip tst_QSslSocket::resume"
This reverts commit 9a25d27b9d58316dee5d2305135d2d74ad5d51e7.

The QSKIP is no longer needed as the imap server's certificate
was updated

Task-number: QTBUG-76610
Change-Id: I1007ce50d6f7f6258fdeb8894c66678a660b03ca
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-07-03 13:04:54 +02:00
Sona Kurazyan
ff2b2032a0 Remove usages of deprecated APIs from QtAlgorithms
Task-number: QTBUG-76491
Change-Id: I9dab736a0cbd2e86588919640c26e8ce6b3674d0
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
2019-06-29 21:58:36 +02:00
Liang Qi
aedc59b1c3 Merge remote-tracking branch 'origin/5.12' into 5.13
Conflicts:
	src/corelib/io/qstorageinfo_unix.cpp
	src/network/ssl/qsslsocket_openssl.cpp

Change-Id: Ibc9ce799bef62d60d616beaa9fbde8ebeadfbc20
2019-06-25 15:47:42 +02:00
Liang Qi
ef37ab9970 Merge remote-tracking branch 'origin/5.12' into dev
Conflicts:
	.qmake.conf
	src/gui/painting/qdrawhelper.cpp
	src/gui/text/qdistancefield.cpp
	src/gui/text/qdistancefield_p.h
	src/network/ssl/qsslsocket_openssl.cpp
	src/plugins/platforms/android/qandroidinputcontext.cpp
	src/widgets/styles/qstylesheetstyle.cpp

Done-With: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: Ia7daad21f077ea889898f17734ec46303e71fe6b
2019-06-25 13:04:27 +02:00
Mårten Nordheim
a489e11b97 Temporarily skip tst_QSslSocket::resume
Will be reverted once ready

Change-Id: Id03df7dea1dd65579ec83606fddf2a73a45a0d64
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-06-24 15:18:48 +02:00
Mårten Nordheim
42f3b18ec9 SSL: Update an about-to-expire certificate
Change-Id: I9e29baf529b74ae33fa0ee7250e5af6b1873e86f
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-06-24 15:18:47 +02:00
Edward Welbourne
84e89c1e9e Convert uses of QTime as a timer to QElapsedTimer
Change-Id: I2297f61efa5adf9ea5194c7f3ff68574cbcf452c
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
2019-06-14 10:42:33 +02:00
Mårten Nordheim
fc9ae22c88 tst_qsslsocket: fix racy test
In this threaded setup the server can sometimes have the data before it
calls "waitForReadyRead", what happens then is that we fail the wait and
as a result the test fails overall.

Let's check if we actually got some data after all and then continue if
we did. Since both the client and the server currently wait the same
amount of time (2s) the max timeout for the client was increased by
0.5s so it has some time to notice that the server got the message.

Change-Id: Ib5915958853413047aa5a7574712585bcae28f79
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit e79b1dcdf5)
Reviewed-by: Simo Fält <simo.falt@qt.io>
(cherry picked from commit d53b8b77bc)

Change-Id: I2f6ffb8e0a9b4d591edb6925e48baffcefc14511
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-06-13 04:18:18 +00:00
Mårten Nordheim
2e7b7e4c90 QSslSocket: add and set the TLSv1.3-specific PSK callback
If this callback is not set then OpenSSL will call the callback
used for <= TLS 1.2 unconditionally when connecting. If using PSK it
will call it again later once the preshared key is needed.
We don't currently handle the TLSv1.3 PSK, but we definitely should.
But for now we can work around it - when psk_use_session_callback is
called we simply change the PSK callback to a dummy function whose only
purpose is to restore the old callback.

This is mostly done to keep behavior the same as it is now for users
(and to keep our tests running).

Later we can add a new signal and handle this new feature properly.

Reviewed-by: Simo Fält <simo.falt@qt.io>
(cherry picked from commit d8efc8d718)

Task-number: QTBUG-67463
Change-Id: I4aca4ae73ec4be7c4f82a85e8864de103f35a834
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-06-13 04:16:09 +00:00
Allan Sandfeld Jensen
a0446b1398 Remove blacklisting of tst_qsslsocket_onDemandCertificates_member
It is constantly passing according to grafana.

Change-Id: I4953cd54e27adde8dad79e9a0f025960802e6c7a
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-03-27 16:57:06 +00:00
Mårten Nordheim
d8efc8d718 QSslSocket: add and set the TLSv1.3-specific PSK callback
If this callback is not set then OpenSSL will call the callback
used for <= TLS 1.2 unconditionally when connecting. If using PSK it
will call it again later once the preshared key is needed.
We don't currently handle the TLSv1.3 PSK, but we definitely should.
But for now we can work around it - when psk_use_session_callback is
called we simply change the PSK callback to a dummy function whose only
purpose is to restore the old callback.

This is mostly done to keep behavior the same as it is now for users
(and to keep our tests running).

Later we can add a new signal and handle this new feature properly.

Task-number: QTBUG-67463
Change-Id: I4aca4ae73ec4be7c4f82a85e8864de103f35a834
Reviewed-by: Simo Fält <simo.falt@qt.io>
2019-06-12 22:59:14 +02:00
Mårten Nordheim
d53b8b77bc tst_qsslsocket: fix racy test
In this threaded setup the server can sometimes have the data before it
calls "waitForReadyRead", what happens then is that we fail the wait and
as a result the test fails overall.

Let's check if we actually got some data after all and then continue if
we did. Since both the client and the server currently wait the same
amount of time (2s) the max timeout for the client was increased by
0.5s so it has some time to notice that the server got the message.

Change-Id: Ib5915958853413047aa5a7574712585bcae28f79
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit e79b1dcdf5)
Reviewed-by: Simo Fält <simo.falt@qt.io>
2019-06-12 11:24:08 +00:00
Marc Mutz
d2ed1074d0 tests: remove the last uses of Java-style iterators
... except where they are actually the component under test.

Java-style iterators are scheduled for deprecation.

Change-Id: If4399f7f74c5ffc0f7e65205e422edfa1d908ee8
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
2019-06-13 09:40:26 +02:00
Qt Forward Merge Bot
0a02de62d1 Merge remote-tracking branch 'origin/5.12' into 5.13
Change-Id: Iecdf00ca61d819bde532daa42f093860ec4a499e
2019-03-11 01:00:06 +01:00
Tony Sarajärvi
912bcf0f0d Expand blacklisting of tst_qsslkey to cover all versions of RHELs
Previous blacklisting 5c4e5032b5 only
covered RHEL 6.6 and RHEL 7.4. The problem however exists in all
6.x and 7.x distros as they have the same openssl.

This however leaves us the problem with future RHEL 8. This will
keep blacklisting these tests there as well. We need a way to blacklist
versions with a wildcard so that we could say RHEL-7.*

Task-number: QTBUG-46203
Change-Id: I2cc52ba2eac949214ecaa02e19d9e623d5befc49
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-03-10 14:08:21 +00:00
Mårten Nordheim
698078680f Schannel: Add ALPN support
[ChangeLog][QtNetwork][SSL] The Schannel backend now supports ALPN and
thus HTTP/2.

Change-Id: I1819a936ec3c9e0118b9dad12681f791262d4db2
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-01-28 21:35:11 +00:00
Liang Qi
e3621dd6bd Merge "Merge remote-tracking branch 'origin/5.12' into dev" into refs/staging/dev 2019-01-28 19:30:32 +00:00
Mårten Nordheim
d8d60696da QSslSocket: Fix isMatchingHostname when the CN is an IP Address
Change-Id: Id083c1434fcb3a64af40e6f8df720719c1029ca7
Fixes: QTBUG-73289
Reviewed-by: Liang Qi <liang.qi@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-01-28 14:03:30 +00:00
Liang Qi
980567b3a3 Merge remote-tracking branch 'origin/5.12' into dev
Conflicts:
	src/android/templates/AndroidManifest.xml
	tests/auto/widgets/styles/qstylesheetstyle/tst_qstylesheetstyle.cpp

Change-Id: I4c9679e3a8ebba118fbf4772301ff8fde60455b9
2019-01-26 08:35:40 +01:00
Timur Pocheptsov
a90a238b49 tst_qsslsocket - blacklist several test temporarily
For some reason behavior of SecureTransport has changed from 10.12 to 10.13
and then to 10.14. On 10.13 SecureTransport fails upon receiving the server's
certificate with 'Unrecoverable error', before we can do a manual verification
and accept the certificate as trusted. Analysis of available source code
shows that they, apparently, do not like MD5 hash which our server is using.
Until certificate is updated on the server or we switch completely to
the Docker-based solution we have to BLACKLIST tests that connect to our
current network test-server. Oddly enough, on 10.14 SecureTransport is
less mean.

Task-number: QTBUG-69873
Change-Id: I7da1883e0970a2f6ddd8385f193b76116d6983e0
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2019-01-24 20:38:14 +00:00
Mårten Nordheim
fe1907435d tst_qsslsocket: Make an ALPN test available to other backends
Currently only available for the OpenSSL backend to use but doesn't
actually rely on anything OpenSSL specific.

Move it so it can be used by the Schannel backend in an upcoming patch

Change-Id: Ia29b153bf3f29cff0d62a41ec5dd7d4671a18095
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2019-01-24 15:24:23 +00:00
Mårten Nordheim
58c9c4b609 Ssl: Add support for IP-address in alternate subject name
While it's not common it still occurs, perhaps especially with 127.0.0.1

Can be tested by attempting to connect to https://1.1.1.1/ using Qt.

Change-Id: Idad56476597ab570b8347236ff700fa66ab5b1f4
Fixes: QTBUG-71828
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-01-24 15:24:14 +00:00
Mårten Nordheim
7cc6f78dd4 Schannel support
Adds support for Schannel, an SSL backend for Windows, as an
alternative to OpenSSL.

[ChangeLog][QtNetwork][Ssl] Added support for Schannel on Desktop
Windows. To build Qt with Schannel support use '-schannel' during
configure.

Task-number: QTBUG-62637
Change-Id: Ic4fb8ed3657dab994f9f4a4ac5cbddc7001a0a46
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-01-22 15:19:48 +00:00
Timur Pocheptsov
0cc9c30479 disabledProtocol() - use the right address when connecting
... as we normally do in other tests, using localhost.

Change-Id: I7969d7bfd50b545adae7e23476d17b6224e9a8fc
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2019-01-09 05:36:45 +00:00
Timur Pocheptsov
3e1758e35d QSsl: do not wait for 'connected'/'encrypted' if a protocol is disabled
since we'll refuse to continue with a handshake, failing in initSslContext()
on a disabled protocol versions. Then, functions like waitForEncrypted,
connectToHostEncrypted, startServerEncryption and startClientEncryption
should either bail out early (who needs a TCP connection which we'll
abort anyway?) or bail out whenever we can, as soon as a disabled protocol
was found in a configuration. This change also makes the behavior
of different back-ends consistent, since it's a general code-path
that reports the same SslInvalidUserData error. Update auto-test to
... actually test what it claims it tests.

Task-number: QTBUG-72196
Task-number: QTBUG-72179
Change-Id: I548468993410f10c07ce5773b78f38132be8e3e0
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2018-12-21 03:28:47 +00:00
Giuseppe D'Angelo
455951f590 OpenSSL: drop support for SSLv2 and SSLv3
As per RFC 6176 (2011) and RFC 7568 (2015).

Code-wise, we're left with the decision of what to do with a few
enumerators in QSsl::Protocol; I've made TlsV1SslV3 act as TlsV1,
and adjusted the description of AnyProtocol.
A new test was introduced - deprecatedProtocol() - to test that
we, indeed, do not allow use of SSL v2 and v3. protocol() and
protocolServerSide() were reduced to exclude the (now) no-op
and meaningless tests - neither client nor server side can
start a handshake now, since we bail out early in initSslContext().

[ChangeLog][QtNetwork][SSL] Support for SSLv2 and SSLv3
sockets has been dropped, as per RFC 6176 (2011)
and RFC 7568 (2015).

Change-Id: I2fe4e8c3e82adf7aa10d4bdc9e3f7b8c299f77b6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2018-12-13 15:59:37 +00:00
Timur Pocheptsov
6a28f67677 Add tst_QOcsp auto-test
This patch introduces a private 'API' to enable server-side OCSP responses
and implements a simple OCSP responder, tests OCSP status on a client
side (the test is pretty basic, but for now should suffice).

Change-Id: I4c6cacd4a1b949dd0ef5e6b59322fb0967d02120
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2018-12-06 05:14:45 +00:00
Lars Schmertmann
079df681ec Amend 7f77dc84fb to simplify the parameters of createPlainTestRows
Change-Id: I61370a46722f729ea53cb365eab556a97ec5ee7b
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-11-24 07:15:16 +00:00
Lars Schmertmann
de83447830 Add support for Diffie-Hellman keys to QSslKey
This is necessary to provide details for the key too,
when the server is using DHE-RSA-AESxxx-SHAxxx.
Amends 7f77dc84fb.

Change-Id: I8ab15b6987c17c857f54bc368df3c6c1818f428c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2018-11-23 22:58:05 +00:00
Liang Qi
bf58c70546 Merge remote-tracking branch 'origin/5.12' into dev
Conflicts:
	src/corelib/io/qdir.cpp
	src/corelib/kernel/qtimer.cpp
	src/corelib/kernel/qtimer.h

Done-With: Edward Welbourne <edward.welbourne@qt.io>
Change-Id: I683d897760ec06593136d77955f8bc87fdef3f9f
2018-11-22 01:53:29 +01:00
Liang Qi
37d3bc9ad7 Merge remote-tracking branch 'origin/5.12.0' into 5.12
Change-Id: Ic1dd39044e19f50e1068d4ac70dacaad6440e570
2018-11-16 08:10:15 +01:00
Liang Qi
58437fb125 Merge remote-tracking branch 'origin/5.12' into dev
Conflicts:
	src/corelib/serialization/qcborcommon.h
	src/corelib/tools/qlocale_data_p.h
	tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp

Done-with: Edward Welbourne <edward.welbourne@qt.io>
Change-Id: Ibed987f6d77a0294f78f67d78625237616082416
2018-11-10 11:38:40 +01:00
Timur Pocheptsov
d786c55b9e Make tst_qsslsocket::protocolServerSide() less flaky
By accident, when we erroneously tried testing TlsV1_3 on macOS with
SecureTransport (which does not support TLS 1.3) we hit this quite
subtle problem: it can happen that a server-side socket is never
created but a client (after TCP connection was established) fails
in TLS initialization and ... stops the loop preventing
SslServer::incomingConnection() from creating its socket. Then we
dereference nullptr.

Task-number: QTBUG-71638
Change-Id: I8dc5a4c53022a25aafe2c80a6931087517a48441
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-11-07 12:25:12 +00:00
Timur Pocheptsov
b3ae87fe76 Add missing protocol enumerators, report TLS 1.3 if negotiated
1. Remove the conditional inclusion of DTLS versions, they made difficult
and unnecessary ugly adding new protocols (something like TlsV1_2OrLater + 4).

2. OpenSSL 1.1.1 first introduced TLS 1.3 support. OpenSSL 1.1 back-end is
compatible with OpenSSL 1.1.1, but would fail to extract/report protocol
versions and set versions like 'TLS 1.3 only' or 'TLS 1.3 or better' on a
new context.  Given 1.1.1 is deployed/adapted fast by different distros,
and 5.12 is LTS, we fix this issue by introducing QSsl::Tls1_3 and
QSsl::Tls1_3OrLater.

SecureTransport, WinRT and OpenSSL below 1.1.1 will report an error in case
the application requests this protocol (SecureTransport in future will
probably enable TLS 1.3).

Saying all that, TLS 1.3 support is experimental in QSslSocket.

Done-by: Albert Astals Cid <albert.astals.cid@kdab.com>
Done-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: I4a97cc789b62763763cf41c44157ef0a9fd6cbec
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
2018-11-07 10:32:35 +00:00
Mårten Nordheim
1859a76090 tst_QSslSocket: deduplicate datatags and don't cast to int
Some of the enums were cast to int on comparison. That just makes it
harder to know what the values were.

And verifyClientCertificate had 4 cases which were named the same as 4
others.

Change-Id: I09e8e346a6f416236a92073cf9a8f349938d37ef
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-10-16 10:45:41 +00:00
Allan Sandfeld Jensen
25830cf912 Fix builds without DTLS
Change-Id: Ic7215c7aa0bf6f7b37ae34649d809f2e1e1ee95b
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2018-10-09 13:14:42 +00:00
Timur Pocheptsov
8f58e1319c tst_qdtls: add 'invalidConfiguration' test
Test that we don't silently replace an invalid TLS configuration with
the default one (for now, the only thing that is considered to be
non-valid - is having non-DTLS protocol set).

Change-Id: I6f714b009cf1345a085a3f26d638fc31330f1a94
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2018-08-10 12:18:41 +00:00
Timur Pocheptsov
ab731692e2 QDtls: delay protocol version verification
A weird behavior of the DTLS server example, when linked with 1.0.2,
exposed that client code, requesting an invalid protocol (for example, SSLv3)
can end-up with connection encrypted with DTLS 1.2 (which is not that bad,
but totally surprising). When we check the protocol version early in
setDtlsConfiguration() and find a wrong version, we leave our previous
configuration intact and we will use it later during the handshake.
This is wrong. So now we let our user set whatever wrong configuration they
have and later fail in TLS initialization, saying -
'Unsupported protocol, DTLS was expected'.

Auto-test was reduced - the follow-up patch will introduce a new
'invalidConfiguration' auto-test.

Change-Id: I9be054c6112eea11b7801a1595aaf1d34329e1d2
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2018-08-10 03:55:28 +00:00
Timur Pocheptsov
9f2a671560 Extend 'ignoreExpectedErrors' test
with a case when we fail to ignore/pre-set one of possible
verification errors.

Change-Id: I23b06243b61acef1ef3576c51529f3ef6601ba7d
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-08-02 04:05:27 +00:00
Timur Pocheptsov
5c7d2033e0 QDtls: respect pre-set verification errors
That's actually how ignoreVerificationErrors (and QSslSocket::ignoreSslErrors)
are used to set the expected/known verification errors before handshake.
Auto-test updated too.

Change-Id: I9c700302d81ddb383a4a750fafd594373fb38ace
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2018-07-31 11:20:53 +00:00