Commit Graph

345 Commits

Author SHA1 Message Date
Shawn Rutledge
6430d6e3ec Use qt.io rather than qt-project.org for network tests
Mainly because of a change in certificates which is causing failing
tests.  This patch is cherry-picked from
https://codereview.qt-project.org/104619/

Change-Id: I8304e5ac4107428a250b71be5df7b5399a811017
Reviewed-by: Richard J. Moore <rich@kde.org>
2015-01-28 11:10:19 +00:00
Giuseppe D'Angelo
bd26defd9b QSslSocket: introduce support for TLS PSK (client side)
[ChangeLog][QtNetwork][QSslSocket] It is now possible to use TLS PSK
ciphersuites in client sockets.

Task-number: QTBUG-39077
Change-Id: I5523a2be33d46230c6f4106c322fab8a5afa37b4
Reviewed-by: Richard J. Moore <rich@kde.org>
2015-01-23 00:35:21 +01:00
Giuseppe D'Angelo
2ec2dbed67 QSslEllipticCurve: add fromLongName
Since the conversion to a long name was already there, also support
creation from a long name.

Change-Id: Iad712db7447fb0a0a18f600b7db54da5b5b87154
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
2015-01-21 10:41:39 +01:00
Rainer Keller
668a3a4da1 Autotest: Use QFINDTESTDATA to find test data
Change-Id: Ie6c659f6d8e8b3eeaf2453f0cba6189d56f86581
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2015-01-19 15:53:51 +01:00
André Klitzing
962ea5690c Add elliptic curve support to QSsl
Add possibility to get length and other information of EC based
certificates. Also it is possible to parse those public/private
keys from PEM and DER encoded files.

Based on patch by Remco Bloemen

[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
parse elliptic curve certificates.

Change-Id: I4b11f726296aecda89c3cbd195d7c817ae6fc47b
Task-number: QTBUG-18972
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2015-01-18 10:18:43 +01:00
Friedemann Kleint
205f68f8ad Fix assorted MSVC warnings in tests.
tst_collections.cpp
tst_collections.cpp(3138) : warning C4305: 'argument' : truncation from 'size_t' to 'bool'
        tst_collections.cpp(3190) : see reference to function template instantiation 'void testContainerTypedefs<QVector<int>>(Container)' being compiled
        with[Container=QVector<int>]
(repeated)
tst_qringbuffer.cpp(297) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data
tst_qringbuffer.cpp(300) : warning C4309: '=' : truncation of constant value
tst_qringbuffer.cpp(306) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data
tst_qrawfont.cpp(947) : warning C4309: 'argument' : truncation of constant value
tst_qsslsocket_onDemandCertificates_member.cpp(217) : warning C4189: 'rootCertLoadingAllowed' : local variable is initialized but not referenced

Change-Id: I6143d4ad121088a0d5bdd6dd2637eb3641a26096
Reviewed-by: Kai Koehne <kai.koehne@theqtcompany.com>
2015-01-17 12:06:59 +01:00
Jeremy Lainé
14d1097f45 ssl: store socket in setEmptyDefaultConfiguration
The setEmptyDefaultConfiguration test creates a socket and connects its
sslErrors signal to tst_QSslSocket's ignoreErrorSlot slot. This slot
expects the socket to have been stored in tst_QsslSocket's "socket"
member, which was not being done. This patch fixes this problem.

It does beg the question of whether having a "socket" member in the
tst_QSslSocket class is a good idea as it is error prone.

Change-Id: Ic59d1789c5f1ed240c3f0c37981f6ecc35572f0d
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-12-13 08:32:19 +01:00
Simon Hausmann
015002fec9 Merge remote-tracking branch 'origin/5.4' into dev
Conflicts:
	doc/global/template/style/online.css
	mkspecs/android-g++/qmake.conf

Change-Id: Ib39ea7bd42f5ae12e82a3bc59a66787a16bdfc61
2014-12-10 07:58:06 +01:00
Jeremy Lainé
0a1d7f6151 ssl: merge and tighten sslErrors and peerVerifyError tests
The sslErrors and peerVerifyError test the same situation: connect to a
server which is using the fluke certificate, using the incorrect host name.
They connect respectively to qt-test-server:993 and the.server.ip.address:443.

The sslErrors is prone to backend-dependent failures concerning the order
in which SSL errors are received, just like the peerVerifyError test was
until recently.

This change merges these two tests into one, which is run against the same
two servers as previously. It also adds a check to ensure that sslErrors
and peerVerifyError emit the same SSL errors (regardless of order).

This also fixes the included headers for non-OpenSSL backends.

Change-Id: Ibd5f60d24f1682989378e87729389e4b8f9efac5
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-12-09 16:58:08 +01:00
Frederik Gladhorn
3de7382044 Merge remote-tracking branch 'origin/5.4.0' into 5.4
Conflicts:
	dist/changes-5.4.0

7231e1fbe2 went into 5.4 instead of the
5.4.0 branch, thus the conflict.

Change-Id: I70b8597ab52506490dcaf700427183950d42cbd1
2014-11-27 18:12:10 +01:00
Giuseppe D'Angelo
ffbfd8eda6 SSL: Add support for selecting which curves should be used by an elliptic cipher
[ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic
curves should be used by an elliptic curve cipher.

Change-Id: If5d0d58922768b6f1375836489180e576f5a015a
Done-with: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-11-26 22:07:56 +01:00
Tony Sarajärvi
aed71b6832 Blacklist one tst_qsslsocket test
Task-number: QTBUG-29941
Change-Id: Ieb3418a2d6d88ebd399964b5df20d9fe4d6ca37b
Reviewed-by: Simo Fält <simo.falt@digia.com>
2014-11-26 10:47:08 +01:00
Alejandro Exojo
f88ab80c8a Use camel case in PKCS#12 function
This makes it follow the coding style, which says to camel case acronyms too,
and makes it consistent with the rest of the class.

Change-Id: I4a1b21de1815530e476fc5aa8a0d41c724fc8021
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: hjk <hjk121@nokiamail.com>
2014-11-24 08:50:05 +01:00
Paul Olav Tvete
85a4aaa5ce Fix invalid qmake syntax
Task-number: QTBUG-42549
Change-Id: I57ba3150e3a3b915faf0356d8a3f89801eb4963e
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
Reviewed-by: Timur Pocheptsov <Timur.Pocheptsov@digia.com>
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@theqtcompany.com>
2014-11-19 10:34:24 +01:00
Allan Sandfeld Jensen
3fd2d9eff8 Update QSsl::SecureProtocols to not include Sslv3
After the poodle vulnerability SSLv3 should like SSLv2 no longer be
considered safe, so when a user request a safe protocol we should
only allow TLS versions.

[ChangeLog][QtNetwork][QSsl] QSsl::SecureProtocols now also excludes SSLv3

Change-Id: If825f6beb599294b028d706903b39db6b20be519
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-10-24 12:46:26 +02:00
Marc Mutz
32dfbd6dbf Add qHash(QSslError) overload
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslError), so
make it public.

Also included both .error() and .certificate() in the hash, as
both of these are used to determine equality (the WinRT version
only used .error()).

[ChangeLog][QtNetwork][QSslError] Can now be used in QSet/QHash.

Change-Id: Ieb7995bed491ff011d4be9dad544248b56fd4f73
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
2014-10-19 07:32:41 +02:00
Marc Mutz
e8bdc949fc Add qHash(QSslCertificate) overload
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslCertificate), so
make it public.

Also, the implementation in qsslsocket_winrt.cpp simply hashed
the handle(), which violates the principle that equal instances
must hash to the same value. Also, for some platforms, the
implementation returns nullptr unconditionally, which, while not
violating the above-mentioned principle, will make all users of
the hash have worst-case complexity.

To calculate a meaningful hash, therefore, the certificate needs
to be inspected deeper than just the handle.

For OpenSSL, we use X509::sha1_hash, which also X509_cmp uses
internally to determine inequality (it checks more stuff, but
if X059::sha1_hash is different, X509_cmp() returns non-zero,
which is sufficient for the purposes of qHash()). sha1_hash may
not be up-to-date, though, so we call X509_cmp to make it valid.
Ugh.

For WinRT/Qt, we use the DER encoding, as that is the native
storage format used in QSslCertificate. This is not equivalent
to the implementation used in qsslsocket_winrt.cpp before, but
since handle() == handle() => toDer() == toDer(), it should not
be a problem.

[ChangeLog][QtNetwork][QSslCertificate] Can now be used as a key in QSet/QHash.

Change-Id: I10858fe648c70fc9535af6913dd3b7f3b2cf0eba
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
2014-10-19 07:32:37 +02:00
Marc Mutz
10e5bcf9d0 tst_QSslError: cleanup unused functions
Change-Id: I4db7399e533805e1dddaa76d5a609d2006a97da6
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
2014-09-26 00:39:37 +02:00
Matti Paaso
974c210835 Update license headers and add new license files
- Renamed LICENSE.LGPL to LICENSE.LGPLv21
- Added LICENSE.LGPLv3
- Removed LICENSE.GPL

Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2
Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
2014-09-24 12:26:19 +02:00
Jeremy Lainé
070fcf9ce1 ssl: common certificate parser support for extensions
This makes non-OpenSSL backends able to handle to certificate
extensions.

This also converts the Q_OS_WINRT #ifdef's in the unit test to
QT_NO_OPENSSL as the behavior is the same for any non-OpenSSL
backend.

Change-Id: I6a8306dc5c97a659ec96063d5a59cee2ee9a63a9
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-09-05 14:20:44 +02:00
Jeremy Lainé
863f598b65 ssl: make peerVerifyError test agnostic of error order
Currently the peerVerifyError test for QSslSocket makes an assumption
about the order in which SSL errors are emitted by peerVerifyError. This
assumption does not necessarily hold for non-OpenSSL backends.

This change fixes this assumption, and also checks that HostNameMismatch
was found both in the errors emitted by peerVerifyError and by sslErrors.

Change-Id: I856d1ea43b36332db0f178d35fc14a4bb18ad673
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-09-05 12:20:25 +02:00
Jeremy Lainé
7b1dad8021 ssl: enable non-OpenSSL backends to compile QSslSocket tests
Some of the QSslSocket tests use OpenSSL-specific symbols. This
change fixes this issue.

Change-Id: Ib67efa42a15facaf0ad34fc0466341a37d945d1e
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
2014-09-05 12:20:02 +02:00
Jeremy Lainé
bdb30abcd2 ssl: add support for ASN.1 boolean values
This adds support for reading and writing ASN.1 boolean
values. It also adds an operator to test two ASN.1 elements
for equality.

Change-Id: I4a22cbf9808533d593fc59d27b63caaf650b1f57
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-09-03 17:28:02 +02:00
Jeremy Lainé
f750979b70 ssl: check critical certificate extensions
This adds a test for a QSslCertificate containing extensions which
are marked as critical.

Change-Id: I314e1f5c9943bcad5d43129a97f9f834882dc6fb
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-09-03 16:10:45 +02:00
Jeremy Lainé
a02d798bbd ssl: tighten QSslCertificateExtension tests
This tightens tests performed on a certificate's extensions by checking
isCritical() and isSupported() for all extensions. It also explicitly
checks the keys when value() returns a QVariantMap.

Change-Id: If51c55be25bbcd09cc3a6712ddfea2bf9a01360f
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-09-03 15:07:49 +02:00
Jeremy Lainé
cd3dece750 ssl: common key parser support for encrypted keys
This adds the infrastructure for reading and writing encrypted private keys
when using non-OpenSSL backends. Each platform must provide its cryptographic
encrypt / decrypt functions.

As WinRT already uses the common parser, this commit includes an
implementation for that platform.

Done-with: Andrew Knight <andrew.knight@digia.com>
Task-number: QTBUG-40688
Change-Id: I0d153425ce63601ff03b784a111e13962061025f
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-09-02 23:16:25 +02:00
Jeremy Lainé
31938846ae qasn1element: add QAsn1Element::toInteger
This change adds the ability to decode ASN.1 INTEGER fields,
provided they represent a positive number of less than 64-bit.

This is needed for PKCS#12 decoding.

Change-Id: Iafb76f22383278d6773b9e879a8f3ef43c8d2c8f
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
2014-09-02 09:52:08 +02:00
Jeremy Lainé
5c3a499c9f ssl: disable (broken) i/o on DER encoded keys
QSslKey currently has methods which supposedly allow decoding and
encoding private keys as DER protected by a passphrase. This is
broken by design as explained in QTBUG-41038, as storing the encrypted
DER data alone makes no sense: such a file lacks the necessary
information about the encryption algorithm and initialization vector.

This change:

- explicitly stops using the passphrase when decoding DER in the
  constructor. The behavior is unchanged, it is not possible to
  read the encrypted DER alone.

- refuses to honor the passphrase to DER encode a private key. The toDer
  method now outputs an empty QByteArray instead of garbage.

Task-number: QTBUG-41038
Change-Id: I4281050cf1104f12d154db201a173633bfe22bd9
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-08-30 17:36:23 +02:00
Jeremy Lainé
2fd0afc1f8 ssl: add a test for 3DES encrypted keys
This adds a test for 3DES encrypted keys in addition to the
current DES encrypted keys.

Change-Id: I229e3ef710e9ee23efa2a3275b89d958491de4a2
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-08-30 17:24:05 +02:00
Oliver Wolff
5328ec7e10 winrt: complete QSslCertificate implementation
The native handle and import functions are now available for use in other
parts of the winrt backend.

Change-Id: I07e6f95b3411c3dc7c1a7a164544b18e5e435d01
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
2014-08-30 08:20:51 +02:00
Jeremy Lainé
6a4cb8d62b ssl: Add common key parser for backends
This internal implementation of QSslKey can be used when OpenSSL is not
available. Encrypted keys are not supported, as the cryptography must
be supplied by a separate library.

With this commit, WinRT is migrated to the new implementation,
but qsslkey_winrt.cpp is left in place so that the missing crypto
implementation can be added later. This also means most of the expected
failures for that platform can be removed from the autotest.

Change-Id: I24a3ad1053bb72311613b28b3ae845aa1645a321
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-08-29 23:18:22 +02:00
Jeremy Lainé
d4dc3159c7 Check certificate nullity instead of handle
This changes tests which use QSslCertificate::handle() to determine
if a certificate is null to use QSslCertificate::isNull() instead.

This is required for non-OpenSSL backends which do not actually
expose a private handle.

Change-Id: I9523ba0dd00d47ba337b543ad34840125db99bfb
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
2014-08-28 13:33:46 +02:00
Andrew Knight
ecbf6dfbf5 ssl: Share the host name matching utilities
This moves the socket backend's host name matching functions up to
QSslSocketPrivate so that they can be shared between backends. This
works, as there is no OpenSSL-specific code here.

Change-Id: I73c2081fdc2e60a44c90e90800d1e1877391a626
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-08-27 15:03:58 +02:00
Jeremy Lainé
4040bc21ab Added QAsn1Element
This element can be used for backends that do not offer all the
information that is needed when implementing a ssl certificate backend.
WinRT and the SecureTransport lack functionality in this area for
example.

The sources and tests are added for ssl and openssl configurations in order
to be tested. The condition for adding these can be changed as soon
as they are used by an actual implementation

Change-Id: I2b836133105afdc178bf3b1ee7d732bea069effa
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
2014-08-24 06:01:05 +02:00
Andrew Knight
8c864ac498 winrt: Add partial SSL key support
This allows for opening of public key files. It does not, however,
support opening private keys (or decrypting/encrypting them). This is
due to limitations in the native API.

Nearly all public key tests pass (the native API doesn't support the
40-bit key in the test set). The private key tests are expected to fail.

Task-number: QTBUG-40688
Change-Id: Id8f2f1ae6526540736ceb2e5371f6a5d80c4ba7b
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
2014-08-13 21:09:51 +02:00
Frederik Gladhorn
f035786021 Merge remote-tracking branch 'origin/5.3' into dev
Change-Id: Ia12ffdb27ecdf25c2a2bdb0eed1945387502108a
2014-07-10 10:11:11 +02:00
Peter Hartmann
916c9d469b QSslCertificate: blacklist NIC certificates from India
Those intermediate certificates were used to issue "unauthorized"
certificates according to
http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html
, and are by default trusted on Windows, so to be safe we blacklist
them here.

Change-Id: I9891c5bee2dd82c22eb0f45e9b04abd25efeb596
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-07-09 21:30:11 +02:00
Richard J. Moore
1a8788d966 Move the PKCS#12 support from QSslSocket to QSslCertificate.
Discussed with Peter and agreed that it's a slightly better fit there.

Change-Id: If8db777336e2273670a23d75d8542b30c07e0d7b
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-05-14 11:08:01 +02:00
Frederik Gladhorn
ff334fd574 Merge "Merge remote-tracking branch 'origin/stable' into dev" into refs/staging/dev 2014-05-13 16:08:01 +02:00
Frederik Gladhorn
b5552bab40 Merge remote-tracking branch 'origin/stable' into dev
Manually changed enum to LibGL in
    src/plugins/platforms/xcb/qglxintegration.cpp

Change-Id: If34ee6cce3d1d51fb4bb1fdfa59c30389ea0d207
2014-05-13 14:21:22 +02:00
Richard J. Moore
50e8e95385 Add support for loading PKCS#12 bundles.
Add support for loading certificates and keys from PKCS#12 bundles
(also known as pfx files).

Task-number: QTBUG-1565

[ChangeLog][QtNetwork][QSslSocket] Support for loading PKCS#12
bundles was added. These are often used to transport keys and
certificates conveniently, particularly when making use of
client certificates.

Change-Id: Idaeb2cb4dac4b19881a5c99c7c0a7eea00c2b207
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
2014-05-11 23:50:03 +02:00
Frederik Gladhorn
1326cd15f7 Merge remote-tracking branch 'origin/stable' into dev
Conflicts:
	mkspecs/qnx-x86-qcc/qplatformdefs.h
	src/corelib/global/qglobal.h
	src/opengl/gl2paintengineex/qpaintengineex_opengl2.cpp
	src/opengl/qgl.cpp
	src/opengl/qglpixelbuffer.cpp
	src/opengl/qglshaderprogram.cpp
	tests/auto/opengl/qglthreads/tst_qglthreads.cpp

Change-Id: Iaba137884d3526a139000ca26fee02bb27b5cdb5
2014-05-06 16:50:03 +02:00
Richard J. Moore
9b1746c499 Add autotest for the QSslCertificate QIODevice constructor.
Change-Id: I92fa083665509932b75ff1037904a6f78a950fd6
Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-05-06 16:35:56 +02:00
Richard J. Moore
1d6695451f Add an autotest the QSslCertificate::version() method works.
Change-Id: Ife5b7206fd3d7af57cfca3c0f28f56bb53ede7a7
Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-05-06 16:35:56 +02:00
Daniel Molkentin
ae7bbe3400 Provide new API: QSslCertificate::isSelfSigned()
Change-Id: I382a017a0b865b849667301aff8b2f87b676ecc6
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-04-30 01:30:08 +02:00
Frederik Gladhorn
dda9b5325f Add missing #ifndef QT_NO_SSL
Change-Id: I2912dcca77270582f6e989b8b3fb72b82f6f70d6
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-04-25 10:55:31 +02:00
Richard J. Moore
814a1c7b2b Support for DH and ECDH key exchange for QSslSocket servers
Despite supporting DH and ECDH key exchange as a client, Qt did not provide
any default parameters which prevented them being used as a server. A
future change should allow the user to control the parameters used, but
these defaults should be okay for most users.

[ChangeLog][Important Behavior Changes] Support for DH and ECDH key exchange
cipher suites when acting as an SSL server has been made possible. This
change means the you can now implement servers that offer forward-secrecy
using Qt.

Task-number: QTBUG-20666
Change-Id: I469163900e4313da9d2d0c3e1e5e47ef46320b17
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-04-09 20:53:06 +02:00
Friedemann Kleint
5b00bb39f2 Polish tst_qsslsocket a bit.
Output the SSL library version, output socket error string on connection
failure consistently, silence numerous warnings about QIODevice not
being open in tst_QSslSocket::constructing.

Change-Id: Ia23d42de5b2daca55b2f6f50af025d61e99c52a0
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-03-26 07:22:35 +01:00
Sergio Ahumada
699ba50744 QtNetwork tests: Remove DEFINES += QT_DISABLE_DEPRECATED_BEFORE=0
Change-Id: If1cc5fafddc41ed19dd818caf294c69cd4969216
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-02-25 16:47:13 +01:00
Frederik Gladhorn
46791c08e1 Merge "Merge remote-tracking branch 'origin/stable' into dev" into refs/staging/dev 2014-01-21 17:57:54 +01:00
Richard J. Moore
5c19fad8c1 Ensure weak ciphers are not part of the default SSL configuration.
Any cipher that is < 128 bits is excluded from the default SSL
configuration. These ciphers are still included in the list
of availableCiphers() and can be used by applications if required.
Calling QSslSocket::setDefaultCiphers(QSslSocket::availableCiphers())
will restore the old behavior.

Note that in doing so I spotted that calling defaultCiphers() before
doing other actions with SSL had an existing bug that I've addressed
as part of the change.

[ChangeLog][Important Behavior Changes] The default set of
ciphers used by QSslSocket has been changed to exclude ciphers that are
using key lengths smaller than 128 bits. These ciphers are still available
and can be enabled by applications if required.

Change-Id: If2241dda67b624e5febf788efa1369f38c6b1dba
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2014-01-21 03:41:34 +01:00
Frederik Gladhorn
9033977d39 Merge remote-tracking branch 'origin/stable' into dev
Conflicts:
	src/corelib/global/qglobal.h
	src/corelib/tools/qstring.cpp
	src/gui/image/image.pri
	src/gui/image/qimage.cpp
	src/plugins/platforms/cocoa/qcocoawindow.h
	src/plugins/platforms/cocoa/qcocoawindow.mm
	src/plugins/platforms/eglfs/qeglfshooks_stub.cpp
	tests/auto/corelib/io/qstandardpaths/tst_qstandardpaths.cpp

Change-Id: I3b9ba029c8f2263b011f204fdf68c3231c6d4ce5
2014-01-20 18:18:59 +01:00
Richard J. Moore
7c8131763d Prevent spurious SSL errors from local certificates.
Qt since approximately 4.4 has set the verify callback on both the SSL
store and the SSL context. Only the latter is actually needed. This is
normally not a problem, but openssl prior to 1.0.2 uses the verify
code to find the intermediate certificates for any local certificate
that has been set which can lead to verification errors for the local
certificate to be emitted.

Task-number: QTBUG-33228
Task-number: QTBUG-7200
Task-number: QTBUG-24234
Change-Id: Ie4115e7f7faa1267ea9b807c01b1ed6604c4a16c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2014-01-16 21:57:06 +01:00
Frederik Gladhorn
3f3be55835 Merge remote-tracking branch 'origin/stable' into dev
Conflicts:
	src/gui/kernel/qplatformtheme.h
	tests/auto/network/socket/qudpsocket/tst_qudpsocket.cpp
	tests/auto/widgets/widgets/qspinbox/tst_qspinbox.cpp

Change-Id: Iecd3343d6a050b8764f78d809c4a1532aeba69e5
2013-12-16 16:59:33 +01:00
Peter Hartmann
7eecbb0718 SSL: blacklist ANSSI intermediate certificate
... because it was used to operate a man-in-the-middle proxy.

Task-number: QTBUG-35474
Change-Id: Ic7f19708b278b866e4f06533cbd84e0ff43357e9
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-12-10 15:14:22 +01:00
Oliver Wolff
1efe5d4b41 WinRT: Fixed compilation of network autotests and benchmarks
Change-Id: Id689f199cfb22dce231cec36faba57ab958b1bac
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
2013-12-06 15:06:47 +01:00
Sergio Ahumada
7978cef796 tests: Make the QT assignments more explicit
Remove unused 'QT -= gui' and replace some others with
'QT = core ...'

Change-Id: I2d14fae963afc21dbd21a4acdbba2c30cdf8fa61
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
2013-08-21 19:05:52 +02:00
Sergio Ahumada
b0b754632e test: Skip some more qsslsocket flaky tests [part 2]
Task-number: QTBUG-29941
Change-Id: I28e71f952fcade6ab0aa76db71a1e2f408952830
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-08-16 17:08:24 +02:00
Sergio Ahumada
983fa9b5cb test: Skip some more qsslsocket flaky tests
Task-number: QTBUG-29941
Change-Id: Iaf1c4834ef36db284464184639a1ab00928510cf
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2013-08-13 17:08:13 +02:00
Sergio Ahumada
d6522b70ad test: Skip some flaky tests, but only if they are expected to fail
Task-number: QTBUG-29941
Change-Id: Ieca736c26711fa292855b3281229282628dce608
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-08-10 22:31:42 +02:00
Peter Hartmann
e145b67fbd SSL internals: do not write after shutting down the socket
... but rather throw an error, so the HTTP layer can recover from a SSL
shutdown gracefully. In case the other side sent us a shutdown, we should
not send one as well, as it results in an error.

Change-Id: Ie7a56cf3008b6ead912aade18dbec67846e2a87e
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-04-23 23:22:43 +02:00
Samuel Rødal
2ab9b747fc Merge remote-tracking branch 'gerrit/release' into stable
Conflicts:
	configure
	mkspecs/features/qt_module_headers.prf
	mkspecs/features/qt_tool.prf
	src/angle/angle.pro
	src/tools/bootstrap/bootstrap.pro
	tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp

Change-Id: Ide5759fe419a50f1c944211a48f7c66f662684e0
2013-03-21 08:49:01 +01:00
Samuel Rødal
678320788e Skip unstable tst_QSslSocket test case.
The connection to qt-project.org seems to be the one that causes this
particular test case to fail.

Task-number: QTBUG-29941
Change-Id: Ie5e430646997e86e3acb04132cd90a1773a091da
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2013-03-20 16:11:40 +01:00
Oswald Buddenhagen
76c0be34cd Merge branch 'dev' into stable
This starts Qt 5.1 release cycle

Conflicts:
	src/gui/text/qfontdatabase.cpp
	src/gui/text/qharfbuzz_copy_p.h
	src/widgets/kernel/qapplication.cpp
	src/widgets/kernel/qcoreapplication.cpp

Change-Id: I72fbf83ab3c2206aeea1b089428b0fc2a89bd62b
2013-03-20 13:49:28 +01:00
Axel Waggershauser
b11317a643 Whitespace cleanup: remove trailing whitespace
Remove all trailing whitespace from the following list of files:
*.cpp *.h *.conf *.qdoc *.pro *.pri *.mm *.rc *.pl *.qps *.xpm *.txt *README
excluding 3rdparty, test-data and auto generated code.

Note A): the only non 3rdparty c++-files that still
have trailing whitespace after this change are:
* src/corelib/codecs/cp949codetbl_p.h
* src/corelib/codecs/qjpunicode.cpp
* src/corelib/codecs/qbig5codec.cpp
* src/corelib/xml/qxmlstream_p.h
* src/tools/qdoc/qmlparser/qqmljsgrammar.cpp
* src/tools/uic/ui4.cpp
* tests/auto/other/qtokenautomaton/tokenizers/*
* tests/benchmarks/corelib/tools/qstring/data.cpp
* util/lexgen/tokenizer.cpp

Note B): in about 30 files some overlapping 'leading tab' and
'TAB character in non-leading whitespace' issues have been fixed
to make the sanity bot happy. Plus some general ws-fixes here
and there as asked for during review.

Change-Id: Ia713113c34d82442d6ce4d93d8b1cf545075d11d
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
2013-03-16 20:22:50 +01:00
Stephen Kelly
ff84d2258f Don't fail on tst_QSslSocket::setReadBufferSize_task_250027
It is flakey and often blocks integration.

Task-number: QTBUG-29730

Change-Id: I8acfc243ec6a6782b7f7d78fc27827f3fdc1ce52
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
2013-03-15 10:04:03 +01:00
Richard Moore
7898080ca7 Add support for intermediate certificates to server sockets.
Add intermediate certificates to our server sockets, and to our client
certs.

Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba
Task-Number: QTBUG-19825
Task-Number: QTBUG-13281
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2013-02-19 21:37:24 +01:00
Richard Moore
4a07519877 Store the local certificate in a QList.
Instead of storing a single QSslCertificate for a the local cert, store
a list of them. This will allow us to handle server sockets that use a
certificate that is not issued directly from the CA root in future.

Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2013-02-19 21:37:14 +01:00
Frederik Gladhorn
f4900d340a Merge remote-tracking branch 'origin/stable' into dev
Conflicts:
	src/widgets/styles/qmacstyle_mac.mm

Change-Id: If8326db9e7da3cbf45dbf7475fdff9915c7723b1
2013-02-18 16:14:52 +01:00
Giuseppe D'Angelo
e88011357e Merge "Merge remote-tracking branch 'origin/stable' into dev" into refs/staging/dev 2013-02-17 20:31:38 +01:00
Tor Arne Vestbø
2df8884bc6 Skip tst_QSslSocket::setReadBufferSize_task_250027()
It's flakey and is blocking integration. Tracked in QTBUG-29730.

Change-Id: Ia5b8f952314bf2e1aa6dbb5c5c0a97e32e68d0f6
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@digia.com>
2013-02-17 20:31:31 +01:00
Frederik Gladhorn
e432d53883 Only compile SSL tests when openssl is available.
Change-Id: I79fc705f30fb84e86bd7d674d90fbbe2d1a124ba
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-02-13 23:56:41 +01:00
Friedemann Kleint
9a74bbf34f Fix developer-build of qsslsocket_onDemandCertificates_member.
Do not include qsslsocket_p.h unless SSL is present.

Change-Id: I7e56b7758729907892d85f97d5a9d3ccaf7a3314
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2013-02-12 17:56:10 +01:00
BogDan Vatra
934afb5c57 Fix loading of SSL certificate of DER files.
DER certificates should not be opened as text files, so we
only pass the QIODevice::Text flag when the format is
QSsl::Pem.

Change-Id: I4bad98023c397b967d5beeec0aaa6c414e06fd9c
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-02-08 17:37:51 +01:00
Peter Hartmann
7d757fc8fe QSslSocket tests: use qt-project.org as test server instd of codereview
Change-Id: I1f3a860bf1ab24c30001059b7bcbb19fba7cbc1d
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
2013-01-29 13:00:38 +01:00
Sze Howe Koh
7bb43454b8 Fix minor typos in docs, printed messages & comments
Missing apostrophes

Change-Id: I3ef5e9d494fb7a37f8e6075f24cd3a274e572c23
Reviewed-by: Jerome Pasion <jerome.pasion@digia.com>
2013-01-28 18:12:41 +01:00
Peter Hartmann
ce35c0db0d QSslConfiguration: toggle on demand loading of root certs properly
make sure we keep track of when we can load root certs and when we
cannot (we cannot when the developer set the certs explicitly). This is
implemented the same way for QSslSocket already, and needs to be
duplicated because we have 2 methods for setting CA certificates: one in
QSslSocket and one in QSslConfiguration.
In addition, adapt the auto test which checks whether setting a default
QSslConfiguration works: There is no way to set on demand loading
through the API, so it should be enabled by default.

Task-number: QTBUG-29103
Change-Id: I5146128aaa385dfcc0ad1e0ef81a92d9350ec5f2
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-01-23 19:36:07 +01:00
Sergio Ahumada
48e0c4df23 Update copyright year in Digia's license headers
Change-Id: Ic804938fc352291d011800d21e549c10acac66fb
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
2013-01-18 09:07:35 +01:00
Peter Hartmann
bf5e7fb265 SSL certificates: blacklist mis-issued Turktrust certificates
Those certificates have erroneously set the CA attribute to true,
meaning everybody in possesion of their keys can issue certificates on
their own.

Task-number: QTBUG-28937

Change-Id: Iff351e590ad3e6ab802e6fa1d65a9a9a9f7683de
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2013-01-04 15:19:17 +01:00
Sergio Ahumada
83188c6499 test: Change trolltech.com:443 to qt-project.org:443
trolltech.com seems to be shut down already

Change-Id: Ic90ce01aeb51b6f154b9bbf4762c365a398c9e3d
Reviewed-by: Simo Fält <simo.falt@digia.com>
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
2013-01-03 11:32:17 +01:00
Stephen Kelly
348c5bd19a Fix some typos in QProcess and QSslSocket unit tests.
The QSslSocket one is both wrong and redundant as there is a
Q_DECLARE_METATYPE for it already.

Change-Id: I63d065abfb3d0e3d82a8b1f29a6752b7676db847
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
2012-12-04 14:41:43 +01:00
Janne Anttila
0c1bbf0386 SSL certificate printing: Fix auto test for OpenSSL 1.0.1 version.
Different OpenSSL versions  produce slightly different output when
dumping a certificate.

Change-Id: Ida98b24422302e287641be074d6740ca292cf203
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-11-02 03:58:16 +01:00
Marc Mutz
a4ffbfefe7 normalise signal/slot signatures [QtNetwork tests]
Change-Id: I2491cfe421a811d00759224da03580b3dcc2a091
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-10-19 00:44:54 +02:00
Iikka Eklund
be15856f61 Change copyrights from Nokia to Digia
Change copyrights and license headers from Nokia to Digia

Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
2012-09-22 19:20:11 +02:00
Richard Moore
5ea896fbc6 Disable SSL compression by default.
Disable SSL compression by default since this appears to be the a likely
cause of the currently hyped CRIME attack.

Change-Id: I515fcc46f5199acf938e9e880a4345f2d405b2a3
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2012-09-18 14:12:17 +02:00
Brendan Long
860f95946b Add support for explicit TLS 1.1 and 1.2
Add SslProtocol enums TlsV1_1 and TlsV1_2 and use the appropriate OpenSSL
methods when they're selected (TLSv1_1_client_method, TLSv1_2_client_method,
TLSv1_1_server_method and TLSv1_2_server_method). This allows us to
explicitly use TLS 1.1 or 1.2.

Task-number: QTBUG-26866
Change-Id: I159da548546fa746c20e9e96bc0e5b785e4e761b
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-08-29 14:22:54 +02:00
Thiago Macieira
672b5b7ab6 Set the Qt API level to compatibility mode in all tests.
Qt 5.0 beta requires changing the default to the 5.0 API, disabling
the deprecated code. However, tests should test (and often do) the
compatibility API too, so turn it back on.

Task-number: QTBUG-25053
Change-Id: I8129c3ef3cb58541c95a32d083850d9e7f768927
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
Reviewed-by: Olivier Goffart <ogoffart@woboq.com>
2012-08-01 15:37:46 +02:00
Marc Mutz
79b742b7e0 QtNetwork: use nullary version of qRegisterMetaType<T>("T")
Using the nullary version has the advantage that multiple calls
during a program run are much more efficient, since an inlined
atomic is used to store the result. It also ensures that
Q_DECLARE_METATYPE(T) has been used, whereas qRegisterMetaType<T>("T")
will happily register anything. So I've added the macro where it
was missing, or moved it to a central place when it existed
hidden.

In tst_qnetworkreply, this became a bit tricky, because a private
header is conditionally included, so moved the Q_DECLARE_METATYPE()
into a conditional section, too.

Change-Id: I71484523e4277f4697b7d4b2ddc3505375162727
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
2012-07-25 19:32:41 +02:00
Martin Petersson
6c59cdecee QSslCertificate::fromPath fix wildcard handling
The reqExp used to handle wildcards in the path was broken. So we
always searched the working directory and not the specified path.
Autotest where passing because of a hack used for Windows paths
where we removed the first two chars in the path string.

This fix will not use nativeSeparators thus removing the Windows hack
and fix the regExp to match wildcard chars.

Task-number: QTBUG-23573
Change-Id: I56fadbb67f25b8ce9c0f17cb6232e0bdb9148b1c
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-07-03 01:09:33 +02:00
Rohan McGovern
f4dd033f41 Fixed qsslsocket_onDemandCertificates_{static,member}
This test had been XFAILing since August 2011, but recently started to
XPASS, possibly due to changes in the SSL setup on the tested host
(qt.nokia.com).

Removed QEXPECT_FAIL and replaced qt.nokia.com with
codereview.qt-project.org as a host expected to have working SSL.  (If
SSL on the latter were broken, it would immediately be detected by
any attempts at git over HTTPS.)

SSL setup can be verified as working by:

  openssl s_client -CApath /etc/ssl/certs \
    -connect codereview.qt-project.org:443 </dev/null

Task-number: QTBUG-20983
Change-Id: I9b4146da6545ab4115d6308044b1d242dd52b7f9
Reviewed-by: Kalle Lehtonen <kalle.ju.lehtonen@nokia.com>
2012-06-28 02:18:42 +02:00
Mitch Curtis
05d980664f Make QIODevice::seek() return false for sequential files.
Task-number: QTBUG-18173
Change-Id: Ie3a96d3a6f60995b8ba7823153778869d0c2dc58
Reviewed-by: Andy Shaw <andy.shaw@digia.com>
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@nokia.com>
2012-06-05 13:12:58 +02:00
Rohan McGovern
dd3e4f1dbe Set explicit testcase.timeout for slow tests
We'd like to decrease the default timeout for tests in the Qt Project CI
so that we waste less time waiting for hanging tests.

Tests which genuinely take a long time to run, such as these, should
have their timeout explicitly set in their .pro file.

Change-Id: I4fe6249e9efa764b230251d73a1115c24411e168
Reviewed-by: Toby Tomkins <toby.tomkins@nokia.com>
Reviewed-by: Kalle Lehtonen <kalle.ju.lehtonen@nokia.com>
2012-05-29 09:39:18 +02:00
Rohan McGovern
177070cb7b Add CONFIG+=parallel_test to suspected parallel-safe tests.
These tests have passed a parallel stress test on all three of Linux,
Mac, Windows.  Mark them with CONFIG+=parallel_test to allow CI to run
them in parallel, saving time.

Change-Id: I19fd333c3c645a67374ca998f6c8530dd236b0f8
Reviewed-by: Toby Tomkins <toby.tomkins@nokia.com>
2012-05-28 07:33:01 +02:00
Mitch Curtis
083af3c319 Fixed unused function warning in qsslcertificate test.
Change-Id: I4d402e486a8ceb965d008056f5f1bcb227f6f40c
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
2012-05-22 10:27:40 +02:00
Mitch Curtis
3042267a93 Fixed unused function warning in qsslkey test.
Change-Id: I5039e011f3c9b44ed1887424f11e4e146c3eb07f
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-05-21 16:02:06 +02:00
Richard Moore
0b8021f5cb Change QSslCertificate::toText() to return a QString.
A couple of people reviewing the toText() method (which is new in 5.0)
have said that since the string returned is human readable it should
be a QString not a QByteArray. This change follows their advice.

Change-Id: Ibade9a24870805f7fbe2d299abeb9c6e964f0cf4
Reviewed-by: Girish Ramakrishnan <girish.1.ramakrishnan@nokia.com>
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
2012-05-21 03:10:43 +02:00
Shane Kearns
7578a9f69d Fix a QSslSocket test expectation on ubuntu 11.10
Because SSL2 is disabled in ubuntu's openssl binaries, the SSL
connection is expected to succeed rather than fail when the server
side is using SSL3/TLS1.0.
Used the OPENSSL_NO_SSL2 macro to decide this.

Change-Id: I2c35aa5aa0c9432ae78000c81f70086bdc31843d
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-05-10 02:39:30 +02:00
Thiago Macieira
dd5b373d41 Change remaining uses of {to,from}Ascii to {to,from}Latin1 [QtNetwork]
This operation should be a no-op anyway, since at this point in time,
the fromAscii and toAscii functions simply call their fromLatin1 and
toLatin1 counterparts.

Task-number: QTBUG-21872
Change-Id: I94cc301ea75cc689bcb6e2d417120cf14e36808d
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-05-04 12:46:05 +02:00
Shane Kearns
bb234e238c Rename QAbstractSocket::PauseOnNotify -> PauseOnSslErrors
Although we created an enum for pause modes to make 5.x binary
compatible with 5.0, the enum value is not well named.
In 5.1, we propose to add PauseOnProxyAuthentication to the enum.
PauseOnNotify is not clear what it means, while PauseOnSslErrors is.

Any new notification in a minor release would need a new enum value
otherwise applications would get pauses they did not expect.

Task-number: QTBUG-19032
Change-Id: I4dbb7467663b37ca7f0551d24a31bc013968bedc
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
2012-05-04 03:11:17 +02:00
Debao Zhang
ade8888603 Don't use obsolete qVariantValue, qVariantCanConvert, etc.
qVariantValue and qVariantCanConvert are Compatibility members, while in
Qt4.8 they are marked as Qt 3 Support Members.

qVariantFromValue and qVariantSetValue are Obsolete members.

Change-Id: Ie8505cad1e0950e40c6f6710fde9f6fb2ac670fd
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@nokia.com>
2012-05-02 08:30:59 +02:00
Jason McDonald
151ec76614 Remove insignification from qsslsocket_onDemandCertificates_* tests
These tests have been passing consistently since they started running
on Windows in CI.

Change-Id: I4505497afc477a7f4fbda0acc29987d0d0cf220a
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-04-30 01:08:09 +02:00
Jason McDonald
3019c9da1a Remove insignification of qsslsocket test on Windows and Mac.
The test has a single stable failure on both of these platforms. Mark
the failure with QEXPECT_FAIL (that was already the case on Ubuntu
11.10) and re-enable the test.

Note also the elimination of duplicate bug numbers.

Task-number: QTBUG-24234
Change-Id: Ica11e7d1f3cd9487647127984fef7c75e0e764fe
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-04-30 01:07:50 +02:00
Jason McDonald
161d381826 Re-enable network tests on Mac OS.
Switch on most of the tests (all but the bearer tests), marking the two
known failures as insignificant tests.

Change-Id: I17f228a938de1a23eddf897f494bfa4e54338dae
Reviewed-by: Sergio Ahumada <sergio.ahumada@nokia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-04-24 16:06:28 +02:00
Kalle Viironen
83c637aa94 Fix bug in qsslsocket peek()
Calling peek() for qsslsocket caused socket data to be copied into
qiodevices buffer and therefore make it unaccessible in qsslsocket.

Cherry picked form 4.8-branch & modified to Qt5 API changes
(int -> qintptr)
Original commits:
commit 621f18955082fc73471e75d1f8c35c2dcd4befeb
Author: Shane Kearns <ext-shane.2.kearns@nokia.com>
commit 68b1d5c17aa38d5921bdade2b0e0cb67c6c90513
Author: Kalle Viironen <kalle.viironen@digia.com>

Task-number: QTBUG-18498
Change-Id: I6be4b19baec2f3197537f5e7b61432040ec84ad2
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2012-04-23 09:45:24 +02:00
Marc Mutz
0defa2782f tst_qsslsocket*: don't inherit from QSharedPointer
QSharedPointer is about to become final.

Instead of inheriting from it to add implicit
conversions to and from QSslSocket*, make
QSslSocketPtr a typedef, and make the
conversions explicit.

Change-Id: I4eebb262ab5aef348f4d676f9e839325d4ed13da
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2012-03-23 11:22:40 +01:00
Shane Kearns
4bdc7e6f8b Mark unstable windows network tests
This is unfortunately still "most of them", because of QTBUG-24451
however some of the unit tests are still possible to test stably.

Also skipped test cases which would hang forever due to QTBUG-24451.

Bearer tests are not run, because they pass when test machine has no
wireless LAN, but fail or hang if it does (QTBUG-24503)

Change-Id: Icf99d45707102d2ef9219ed0b5ad521605716219
Reviewed-by: Sergio Ahumada <sergio.ahumada@nokia.com>
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-03-08 05:31:40 +01:00
Shane Kearns
00821ec710 QSslCertificate - make lazy initialisation thread safe
QSslCertificate can be copied around into multiple threads,
without detaching. For example, the https worker threads inside
QNetworkAccessManager.
There are const methods, which lazily initialise members of
the private class without detaching (i.e. caching results of
expensive function calls)
These functions now lock the d pointer using QMutexPool to
avoid concurrency related crashes.

autotest crashes 20% of the time in release builds without
the fix, passes 100 times in a row with the fix.

Task-number: QTBUG-20452
Change-Id: I64a01af8159216f2dd6215a08669890f6c029ca8
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-03-06 12:25:22 +01:00
Shane Kearns
3f91cde588 Test for QT_NO_SSL instead of QT_NO_OPENSSL
Change the ifdefs in our own code (except openssl backend) to use the
new configure flag.

Change-Id: I8774734771c66b22164b5fae8fdb27814ac3df7b
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-02-21 15:28:40 +01:00
Kurt Korbatits
4121f9df29 Changed qsslkey to work from installation directory
- Changed to use TESTDATA and QFINDTESTDATA instead of SRCDIR

Change-Id: I30bf175c2c9044e1f8556260a032467ca0dfc09f
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
Reviewed-by: Jason McDonald <jason.mcdonald@nokia.com>
2012-02-17 05:24:43 +01:00
Kurt Korbatits
20f6dc615a Changed qsslcertificate unittest to work from install directory
- Changed to use TESTDATA and QFINDTESTDATA instead of SRCDIR

Change-Id: I1957ef287ba2f337b5e0b2c6245d872eacb6316f
Reviewed-by: Jason McDonald <jason.mcdonald@nokia.com>
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-02-17 05:24:40 +01:00
Jason McDonald
6dfb1de099 Eliminate duplicate data row names in network autotests
Change-Id: Icbfc24309a182f37268232fc3c299d35d6d6a0ea
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-02-16 02:00:46 +01:00
Miikka Heikkinen
e0fd9b5b06 Make "nmake check" pass for network tests in Windows.
Marked two tests insignificant due to failures, these need to be
fixed later and then re-enabled:
- tst_qnetworkreply
- tst_qsslsocket

Task-number: QTBUG-24203
Change-Id: I9647833bf15fe5a340d7ef59e1dcb007a92677dc
Reviewed-by: Sergio Ahumada <sergio.ahumada@nokia.com>
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@nokia.com>
2012-02-14 02:48:35 +01:00
Bradley T. Hughes
df516aa9f4 Don't include config.tests/unix/openssl/openssl.pri (again)
This file was removed in commit ba9302b8a9.
Commit 8fad23f326 removed openssl.pri from
src/network/ssl/ssl.pri, but not from the qsslsocket autotest.

Change-Id: Ic1a576ee7f0ee3d68471121ba636b94ce7bae455
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2012-02-03 01:40:07 +01:00
Xizhi Zhu
ba9302b8a9 Remove Symbian specific code from qtbase.
Change-Id: I27d37d914b71e1e43c94e2a975ffec49e1ecd456
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
2012-01-31 07:08:31 +01:00
Shane Kearns
e889d61380 Fix tst_QSslCertificate::toText on windows
Open the comparison file as text mode, so that it does not differ from
the dumped certificate in CRLF vs LF line endings.

Change-Id: I54d6ea6e37044059e89e762435657ebf5fa6cb39
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-01-30 20:18:37 +01:00
Shane Kearns
911ab74161 Fix link error in QSslSocket auto test
This has been broken for months, but invisible because the code causing
the link error is unreachable (due to QSKIP). So the link error only
occurs in debug builds with -O0.

Change-Id: I6093a7803bedf37bfc8c2d9ff0b28b2309b57959
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-01-30 20:18:28 +01:00
Jason McDonald
5635823e17 Remove "All rights reserved" line from license headers.
As in the past, to avoid rewriting various autotests that contain
line-number information, an extra blank line has been inserted at the
end of the license text to ensure that this commit does not change the
total number of lines in the license header.

Change-Id: I311e001373776812699d6efc045b5f742890c689
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-01-30 03:54:59 +01:00
Peter Hartmann
07662f93ac QAbstractSocket / QSslSocket: add API to pause and resume
pause and resume is currently only supported upon emitting the
QSslSocket::sslErrors() signal. The API was added in QAbstractSocket to
also support QAbstractSocket::proxyAuthenticationRequired() in the
future.

This is the first patch to support that feature on the socket level,
another patch will follow to support sslErrors() and
authenticationRequired() in QNetworkAccessManager / QNetworkReply.

Task-number: QTBUG-19032
Change-Id: Ide2918268590ab9a01454ab26cb7fdca3dc840ab
Reviewed-by: Shane Kearns <ext-shane.2.kearns@nokia.com>
2012-01-25 19:35:05 +01:00
Jason McDonald
629d6eda5c Update contact information in license headers.
Replace Nokia contact email address with Qt Project website.

Change-Id: I431bbbf76d7c27d8b502f87947675c116994c415
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-01-23 04:04:33 +01:00
Toby Tomkins
d4d14e28e6 Modify SSL Socket test exceptions on Ubuntu 11.10 x64.
Modified exceptions as most tests are now passing correctly. Three exceptions
still remain, two serverSideMode tests (ssl3-any, tls1.0-any) and a
verifyMode test.

Task-number: QTBUG-23575

Change-Id: I847e8c2e3484050b8d07ede9aec955c30f7ef5a1
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-01-16 05:30:36 +01:00
Jonas M. Gastal
bdce610022 Fixes examples/tests to use qinptr in QTcpServer::incomingConnection.
This is a fix for problems introduced by bf7f170.

Change-Id: If5dd8e031ef2efea578b3efb188c2e950e1ba41a
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-by: Bradley T. Hughes <bradley.hughes@nokia.com>
2012-01-13 20:55:00 +01:00
Toby Tomkins
605329eb1b SSL Socket withoutproxy failures on Ubuntu 11.10 x64.
Numerous failures in the qsslsocket autotest suite relating to
connections without using proxies. Some have been skipped due to
the number of failures, other more specific tests have been set
to expect a failure.

Task-number: QTBUG-23575

Change-Id: I35fccc65bcab303646617a57a33f5aa7f7a4323f
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-01-12 06:13:29 +01:00
David Faure
f65a10b733 Remove unused QT_NO_TEXTSTREAM.
It was checked in a few places, but it didn't actually remove QTextStream,
so it was pretty useless.

Change-Id: I8eaf28893cd6c7acbe1c0b69d58de90742aee755
Reviewed-by: João Abecasis <joao.abecasis@nokia.com>
2012-01-11 22:17:46 +01:00
Jonas M. Gastal
bf7f170607 Make socket descriptors qintptr.
Windows x64 uses 64 bits integer for sockets, to ensure compatibility we
should use ptr sized integers for our socket descriptors.

Task-number: QTBUG-19004
Change-Id: I4b56023874a4f1bad107c66c054fecfedde33d88
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
2012-01-05 15:07:51 +01:00
Jason McDonald
1fdfc2abfe Update copyright year in license headers.
Change-Id: I02f2c620296fcd91d4967d58767ea33fc4e1e7dc
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-01-05 06:36:56 +01:00
Sergio Ahumada
628d3f85d2 tests: use contains(QT_CONFIG,private_tests) consistently
These tests used requires(contains(QT_CONFIG,private_tests)) in their
.pro file, but did not subtract themselves from their parent project
SUBDIRS when private_tests weren't enabled.

In the best case, this wastes a little time as qmake iterates over these
projects which won't be built.  In some worse esoteric cases, this may
break compilation or packaging.

Change-Id: If36b1b8f69c3509128786fec67899ae18ffaa2bc
Reviewed-by: Toby Tomkins <toby.tomkins@nokia.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2012-01-02 01:37:42 +01:00
Richard Moore
2757a5fe8c Check we're connected before startClientEncryption()
The docs say this is required, but we don't check it and instead
segfault right now.

Change-Id: I825b00a312a481c5383af127333c0c4698188348
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-12-07 12:55:28 +01:00
Richard Moore
3d3fdcd3a5 Make the default ssloptions testable.
Centralise the specification of the default ssloptions to make the code
clearer and more testable.

Change-Id: I4f4bae72736dd063ee4cd64c6375e82d0600a105
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2011-11-29 14:00:01 +01:00
Jason McDonald
e15548d3e4 Fix sanity check of network test server
Some of Qt's autotests depend on access to a test server.  For each test
that used the test server, tests/auto/network-settings.h created a
global object to verify at startup that host lookups to the test server
will succeed (and abort the test otherwise).

There are two problems with that approach:

First, the sanity check happens before main(), and thus before the test
framework has started logging test results.  This means that if the
sanity check aborts the test, the failure message will not be visible in
the test output if logging to a file or will cause the output to be
malformed if logging to the console in XML format.

Second, since Qt 4.7, the host lookup uses a class that connects to the
QCoreApplication instance, which doesn't exist before main(), and this
caused all tests that included network-settings.h to output an error
message from QObject::connect() at the beginning of the test.

Both of these problems are solved by removing the global object from
network-settings.h and instead performing the sanity check in the
initTestCase() function of each test.

Task-number: QTBUG-22876
Change-Id: Id49c1826906327bf571686cc11527f0265e5af44
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2011-11-28 08:13:41 +01:00
Rohan McGovern
1825c9aefc tst_qsslsocket: improve failure message
Cast enum to int so that we get the actual and expected values in the
failure message, rather than merely "Compared values are not the same".

Change-Id: Idc20e050c2e8a07d70f839c0a45044b070c0900e
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Jason McDonald <jason.mcdonald@nokia.com>
2011-11-21 04:55:02 +01:00
Rohan McGovern
ea882ee11f tst_qsslsocket: don't run SSLv2 tests when SSLv2 has been disabled
SSLv2 may be disabled in openssl at compile time.
If so, do not attempt to test it.

Change-Id: I189c8fde5b5dc8e739d54cc1adde1d3e3e217391
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Jason McDonald <jason.mcdonald@nokia.com>
2011-11-21 03:29:01 +01:00
Richard Moore
bf7364f0aa Improve the testability of QSslOptions.
The handling of QSslOptions is complicated not only by the subject, but
also by the fact that some of the openssl directives are negatives. This
commit tries to separate the inherent complexity from the complexity of
the api by allowing us to test them independently.

Change-Id: Ieb9386c69dd9b0b49dc42e26b2878a301f26ded1
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-11-17 13:22:56 +01:00
Peter Hartmann
4dc390e66f SSL namespace: rename TlsV1 to TlsV1_0
This is a source-incompatible change.

TlsV1 is ambiguous; what is actually meant is TLS version 1.0. There are
also TLS versions 1.1 and 1.2; we might want to add options for these
once OpenSSL supports them (apparently they will be with OpenSSL version
1.0.1).

Change-Id: I940d020b181b5fa528788ef0c3c47e8ef873796a
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
2011-11-16 10:32:10 +01:00
Richard Moore
6f115edd74 Always use the hex format for certificate serial numbers.
In Qt 4.x the serial number is reported by a mixture of the hex value
and the number, The hex is what is used by other tools, and we should do
the same.

Change-Id: Ia0361d43fb5b920d053c95e932e0c8a012436e5e
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-11-15 10:16:12 +01:00
Richard Moore
e66d3d9899 Deprecate QSslCertificate::isValid() replace with isBlacklisted()
Currently isValid wrongly gives the impression it checks a certificate
for validity - it doesn't. It merely checks if the certificate dates
are valid and if the certificate is blacklisted. Since it's already
easy for users to check the dates, let's just give them access to the
ability to check for blacklisting.

Change-Id: I25be3bde6a01063034702a9574b28469bf4882cd
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-11-14 10:39:47 +01:00
Richard Moore
9602887db1 SSL certificate extensions: add unit tests
Added tests for each of the supported extensions, and also for the
handling of unknown ones.

Change-Id: I29e0a5c1a411f41c2a554293662a33b56f205c00
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2011-11-06 21:01:03 +01:00
Jo Asplin
006c5a7d73 Moved tests into network/ssl/
This commit moves qsslsocket_onDemandCertificates_member and
qsslsocket_onDemandCertificates_static from tests/auto/ to
tests/auto/network/ssl/.

Change-Id: I1593e113016ce7bb7dffbee82f1196275784d0ac
Reviewed-by: Holger Ihrig <holger.ihrig@nokia.com>
Reviewed-by: Jason McDonald <jason.mcdonald@nokia.com>
2011-11-02 18:51:29 +01:00
Sergio Ahumada
c3313fdd1c Doc: Fixing typo
Fix typos I was able to find in `tests/auto' directory.

Change-Id: Id0bfcc18301381ac8b1ca8d5af17bd926e5913d4
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@nokia.com>
2011-10-26 13:50:12 +02:00
Jo Asplin
1b345e8655 Re-enabled tests
This commit re-enables tests that are assumed to be ok by now, since they:
- Have been passing in CI for a long time recently (more precisely, not failed once in pulse run range 730-829).
- Did not have any known issues associated with them.

Note that not all of these tests were disabled as a result of QTBUG-21402.

Task-number: QTBUG-21402
Change-Id: I80bbf8b351bd9165aa968e98f4dc17e8be6bc7c3
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2011-10-26 02:58:36 +02:00
Rohan McGovern
d04bf8f407 all remaining tests: eliminated usage of qttest_p4.prf
qttest_p4.prf was added as a convenience for Qt's own autotests in Qt4.
It enables various crufty undocumented magic, of dubious value.
Stop using it, and explicitly enable the things from it which we want.

Change-Id: I02fe27b2c1800f929250fa8694ca2976c9661a12
Reviewed-by: Jason McDonald <jason.mcdonald@nokia.com>
2011-10-25 08:42:23 +02:00
Jason McDonald
27f9f136f7 Remove SkipMode parameter from QSKIP calls.
The previous commit removed SkipMode from the testlib APi.  This commit
removes the parameter from all calls to QSKIP.

Task-number: QTBUG-21851, QTBUG-21652
Change-Id: I21c0ee6731c1bc6ac6d962590d9b31d7459dfbc5
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2011-10-21 01:20:29 +02:00
Friedemann Kleint
f18b690cca Tests: Fix compilation on Windows.
Replace Q_WS_... by Q_OS_... in corelib tests.

Change-Id: I14c41dca1ec490b3c49ba2c24e60def14c6de9da
Reviewed-on: http://codereview.qt-project.org/5778
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2011-10-03 07:57:41 +02:00
Jason McDonald
95cebd34eb Remove Symbian-specific code from tests.
Symbian is not a supported platform for Qt5, so this code is no longer
required.

Change-Id: I1172e6a42d518490e63e9599bf10579df08259aa
Reviewed-on: http://codereview.qt-project.org/5657
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2011-09-29 06:41:42 +02:00
Jo Asplin
831a160e00 Disabled tests for refactor->master integration
This change disables failing tests to increase the
likelihood that 'make check' terminates with a zero
exit status. This is done to prevent the CI system
from blocking further commits once qtbase#refactor
is merged into qtbase#master.

Failing tests are marked as insignificant (by putting
'CONFIG += insignificant_test' in the .pro file).

Note: This is a temporary measure that needs to be cleaned up
once the refactor->master integration is complete.
Ideally all disabled tests need to be enabled and passing.
All changes will be marked by the string QTBUG-21402 in a comment
for easy location.

Task-number: QTBUG-21402
Change-Id: Ic4400671671f6d9b75b106a6aa4755b20e74378d
Reviewed-on: http://codereview.qt-project.org/4678
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Gunnar Sletta <gunnar.sletta@nokia.com>
2011-09-13 08:25:05 +02:00
Jo Asplin
c59f9ad776 Moved network autotests into new directory structure
Task-number: QTBUG-21223

Change-Id: I55dbf5c42a1c5d938b9e0c9bf7d90457a6c26bbc
Reviewed-on: http://codereview.qt-project.org/4259
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@nokia.com>
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2011-09-09 09:32:17 +02:00