Since the conversion to a long name was already there, also support
creation from a long name.
Change-Id: Iad712db7447fb0a0a18f600b7db54da5b5b87154
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Change-Id: Ie6c659f6d8e8b3eeaf2453f0cba6189d56f86581
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Add possibility to get length and other information of EC based
certificates. Also it is possible to parse those public/private
keys from PEM and DER encoded files.
Based on patch by Remco Bloemen
[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
parse elliptic curve certificates.
Change-Id: I4b11f726296aecda89c3cbd195d7c817ae6fc47b
Task-number: QTBUG-18972
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
tst_collections.cpp
tst_collections.cpp(3138) : warning C4305: 'argument' : truncation from 'size_t' to 'bool'
tst_collections.cpp(3190) : see reference to function template instantiation 'void testContainerTypedefs<QVector<int>>(Container)' being compiled
with[Container=QVector<int>]
(repeated)
tst_qringbuffer.cpp(297) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data
tst_qringbuffer.cpp(300) : warning C4309: '=' : truncation of constant value
tst_qringbuffer.cpp(306) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data
tst_qrawfont.cpp(947) : warning C4309: 'argument' : truncation of constant value
tst_qsslsocket_onDemandCertificates_member.cpp(217) : warning C4189: 'rootCertLoadingAllowed' : local variable is initialized but not referenced
Change-Id: I6143d4ad121088a0d5bdd6dd2637eb3641a26096
Reviewed-by: Kai Koehne <kai.koehne@theqtcompany.com>
Some of these tests are verifying things that are not supported
on Android, so we XFAIL these cases when we see the appropriate
error message.
Change-Id: I8245266f061c902515bb12251521159a8e19bfb7
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Linux gracefully allows us to do that and treat the v6 socket as if it
were v4. Other OS (notably OS X) aren't so forgiving.
Change-Id: I13dd3274be2a4b13e8b1eef93cbc2dd17b648f96
Reviewed-by: Richard J. Moore <rich@kde.org>
We want to use "localhost" if the server's address is "any", as some OS
can't send datagrams to "any" (e.g., OS X and FreeBSD).
Change-Id: I1004bc2282e7f930cdb7ed394aa9f4b5a1cfcf82
Reviewed-by: Richard J. Moore <rich@kde.org>
On my Mac Mini, port 5000 is in use, which means the broadcasting test
fails.
Change-Id: Ifb0883263e277f388342430349ea7315d42f324a
Reviewed-by: Richard J. Moore <rich@kde.org>
It was unconditional. Someone forgot to check for IPv6 support before
skipping IPv6 tests.
Change-Id: I7b11528ad02560f0db9defde3c64f76f48a6c1f8
Reviewed-by: Richard J. Moore <rich@kde.org>
QUdpSocket doesn't support binding to QHostAddress::Any and then joining
an IPv4 multicat group since QHostAddress::Any is really an IPv6 socket
with v6only = false. The test did check this case, but failed to ignore
the warning.
Change-Id: I62d782408319a6e566e0ff1a6081b706ac1f669c
Reviewed-by: Richard J. Moore <rich@kde.org>
With IPv6, you cannot bind to a multicast address. You need to bind to a
local address only. The previous tests either checked this or didn't
check the result of bind().
Change-Id: Ief70887d8988fc1bc4394cf6ff34b5d560e5748e
Reviewed-by: Richard J. Moore <rich@kde.org>
Sending 100*8 packets of each type of message is WAY overkill. That's a
stress test without limiting. My Linux system starts reporting EAGAIN on
the socket, so reduce the amount of data sent.
Change-Id: I153f44cf3b91d37526dac580b400114cc80b1769
Reviewed-by: Richard J. Moore <rich@kde.org>
IPv6 has no such thing, so don't try to bind to an IPv6 address to send
broadcasts (even though that works) and it's a poor idea to bind to IPv6
to receive broadcasts. Moreover, skip any IPv6 network addresses
(broadcast() is invalid).
Change-Id: I2829b042c000158565adfd92db682f37d67dacae
Reviewed-by: Richard J. Moore <rich@kde.org>
If you don't have /etc/lsb-release, you'd get
sh: line 0: [: =: unary operator expected
Change-Id: Idb5c79f799879e4d32cd640ef74fb388227f831e
Reviewed-by: Richard J. Moore <rich@kde.org>
It doesn't make sense because there is no command to ask the proxy
server to join a multicast group. At best, we could write a datagram via
proxy without joining, but we definitely can't receive.
Change-Id: Icc6b54572a053fb7821dfca1f4111f2046ff8686
Reviewed-by: Richard J. Moore <rich@kde.org>
The Qt bug tracker URL changes as part of the qt.io transition
Change-Id: Icb4ab198943b93639b5e3a8d99262303785c6459
Reviewed-by: Kai Koehne <kai.koehne@theqtcompany.com>
The setEmptyDefaultConfiguration test creates a socket and connects its
sslErrors signal to tst_QSslSocket's ignoreErrorSlot slot. This slot
expects the socket to have been stored in tst_QsslSocket's "socket"
member, which was not being done. This patch fixes this problem.
It does beg the question of whether having a "socket" member in the
tst_QSslSocket class is a good idea as it is error prone.
Change-Id: Ic59d1789c5f1ed240c3f0c37981f6ecc35572f0d
Reviewed-by: Richard J. Moore <rich@kde.org>
The sslErrors and peerVerifyError test the same situation: connect to a
server which is using the fluke certificate, using the incorrect host name.
They connect respectively to qt-test-server:993 and the.server.ip.address:443.
The sslErrors is prone to backend-dependent failures concerning the order
in which SSL errors are received, just like the peerVerifyError test was
until recently.
This change merges these two tests into one, which is run against the same
two servers as previously. It also adds a check to ensure that sslErrors
and peerVerifyError emit the same SSL errors (regardless of order).
This also fixes the included headers for non-OpenSSL backends.
Change-Id: Ibd5f60d24f1682989378e87729389e4b8f9efac5
Reviewed-by: Richard J. Moore <rich@kde.org>
Conflicts:
dist/changes-5.4.0
7231e1fbe2 went into 5.4 instead of the
5.4.0 branch, thus the conflict.
Change-Id: I70b8597ab52506490dcaf700427183950d42cbd1
[ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic
curves should be used by an elliptic curve cipher.
Change-Id: If5d0d58922768b6f1375836489180e576f5a015a
Done-with: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
This makes it follow the coding style, which says to camel case acronyms too,
and makes it consistent with the rest of the class.
Change-Id: I4a1b21de1815530e476fc5aa8a0d41c724fc8021
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: hjk <hjk121@nokiamail.com>
This patch is cherry-picked from
c38f1f19b8 and
d29d727d72
Task-number: QTBUG-32435
Change-Id: I6dbbb668b96737a5791bc688949a00bc09f1357f
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@theqtcompany.com>
This patch is cherry-picked from
63ae74f365 and
07f234d2a8
Task-number: QTBUG-42528
Change-Id: I5f86679e62a4be48ce25afa5a4987a2b6678a357
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@theqtcompany.com>
After the poodle vulnerability SSLv3 should like SSLv2 no longer be
considered safe, so when a user request a safe protocol we should
only allow TLS versions.
[ChangeLog][QtNetwork][QSsl] QSsl::SecureProtocols now also excludes SSLv3
Change-Id: If825f6beb599294b028d706903b39db6b20be519
Reviewed-by: Richard J. Moore <rich@kde.org>
QNetworkDiskCache don't handle to set CookieHeader. so All Set-Cookie's value is invalid.
The root of cause is that metaDataChanged() don't work because of no slot for it.
Add the slot for it and renamed to _q_metaDataChanged.
Task-number: QTBUG-41514
Change-Id: I5cec017e59a1de69c6e89c0bc7209a73dcdc11da
Reviewed-by: Jeongmin Kim <jm86.kim@lge.com>
Reviewed-by: Jung Dong-Heon <clamp03@gmail.com>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslError), so
make it public.
Also included both .error() and .certificate() in the hash, as
both of these are used to determine equality (the WinRT version
only used .error()).
[ChangeLog][QtNetwork][QSslError] Can now be used in QSet/QHash.
Change-Id: Ieb7995bed491ff011d4be9dad544248b56fd4f73
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslCertificate), so
make it public.
Also, the implementation in qsslsocket_winrt.cpp simply hashed
the handle(), which violates the principle that equal instances
must hash to the same value. Also, for some platforms, the
implementation returns nullptr unconditionally, which, while not
violating the above-mentioned principle, will make all users of
the hash have worst-case complexity.
To calculate a meaningful hash, therefore, the certificate needs
to be inspected deeper than just the handle.
For OpenSSL, we use X509::sha1_hash, which also X509_cmp uses
internally to determine inequality (it checks more stuff, but
if X059::sha1_hash is different, X509_cmp() returns non-zero,
which is sufficient for the purposes of qHash()). sha1_hash may
not be up-to-date, though, so we call X509_cmp to make it valid.
Ugh.
For WinRT/Qt, we use the DER encoding, as that is the native
storage format used in QSslCertificate. This is not equivalent
to the implementation used in qsslsocket_winrt.cpp before, but
since handle() == handle() => toDer() == toDer(), it should not
be a problem.
[ChangeLog][QtNetwork][QSslCertificate] Can now be used as a key in QSet/QHash.
Change-Id: I10858fe648c70fc9535af6913dd3b7f3b2cf0eba
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
... so that a user can have more fine-grained uploadProgress signal
emissions if desired.
Change-Id: I9f77fd80c100dbe249beaf3057e6e8974680ec59
Reviewed-by: Markus Goetz <markus@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
My previous fix for CPU load issues between HTTP thread
and user thread was fragile if the upload QIODevice
emitted readyRead() multiple times.
[ChangeLog][QtNetwork][QNetworkAccessManager] Fix behavior of upload QIODevice
that generate data on readyRead() for HTTP PUT/POST
Change-Id: Idb1c2d5a382a704d8cc08fe03c55c883bfc95aa7
Reviewed-by: Christian Kamm <kamm@incasoftware.de>
Reviewed-by: Richard J. Moore <rich@kde.org>
Remove an useless check which spontaneously allow direct reads from the
socket engine.
Change-Id: Ia3d2a572d6f1563d613fe2f00d0d6849df259827
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
tst_qcolumnview fails on OS X # QTBUG-41341
tst_qaccessibility fails on OS X # QTBUG-41340
tst_qnetworkreply fails on OS X # QTBUG-41320
tst_qfontcombobox fails on OS X # QTBUG-41318
tst_macplist fails on OS X # QTBUG-41314
tst_qgraphicsitem fails on OS X # QTBUG-41342
tst_qmdiarea fails on OS X # QTBUG-41343
tst_qtableview fails on OS X # QTBUG-41344
Change-Id: I2626aa61417336805872a807c4a6065b7e0ddb02
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
device is private, always null and class has no friends, so no need to have it at all
Change-Id: I320d47f1a712a3202c08b494563533e29d185501
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Heuristic with last-modified time in Qt has some problems.
1) Remove redundant expirationDate.isInvalid() check
expirationDate.isInvalid is already checked. So I removed.
2) Add dateHeader.isInvalid() check
The dateHeader is used in expiration calculation.
I add invalid check for the dateHeader.
*. The dateHeader is the origin server's Date
3) Change diff time calculation.
The expirationDate is calculated with time diff.
Previous calculation is
// The lastModified is earlier than the currentDateTime.
// The diff has negative value.
int diff = currentDateTime.secsTo(lastModified);
// The expirationDate is earlier than lastModified
// , currentDateTime and dateHeader.
expirationDate = lastModified.addSecs(diff / 10);
*. currentDateTime: current time
*. lastModified: last modified date in server
It means that files are not cached with the heuristic.
I changed diff calculation.
int diff = lastModified.secsTo(dateHeader);
freshness_lifetime = diff / 10; // RFC 2616 13.2.4
4) httpRequest.headerField setting
If current_age is larger than 1 day, the cache MUST attach Warning 113.
*. The current_age is value of age in header
or elapsed time from dateHeader in Qt source code.
Previous code does not check current_age is larger than 1 day correctly.
// dt = 1970-01-01T00:00:00 + current_age
dt.setTime_t(current_age);
// currentDateTime is much bigger than 1970-01-01T00:00:00
if (dt.daysTo(currentDateTime) > 1)
Task-number: QTBUG-40836
Change-Id: I4b00c3b287e6fafeea6b02681533fe75a198247e
Reviewed-by: Jung Dong-Heon <dongheon.jung@lge.com>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
In some cases, e.g. when bad credentials are provided in an ftp URI,
QNetworkAccessAuthenticationManager::cacheCredentials is called with a
null authenticator. This authenticator should not be cached, because
it is useless, and leads to inconsistencies in the use of the cache
Task-number: QTBUG-40622
Change-Id: If2a0a422b915f268648f5eef1d68601446123371
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
This makes non-OpenSSL backends able to handle to certificate
extensions.
This also converts the Q_OS_WINRT #ifdef's in the unit test to
QT_NO_OPENSSL as the behavior is the same for any non-OpenSSL
backend.
Change-Id: I6a8306dc5c97a659ec96063d5a59cee2ee9a63a9
Reviewed-by: Richard J. Moore <rich@kde.org>
Currently the peerVerifyError test for QSslSocket makes an assumption
about the order in which SSL errors are emitted by peerVerifyError. This
assumption does not necessarily hold for non-OpenSSL backends.
This change fixes this assumption, and also checks that HostNameMismatch
was found both in the errors emitted by peerVerifyError and by sslErrors.
Change-Id: I856d1ea43b36332db0f178d35fc14a4bb18ad673
Reviewed-by: Richard J. Moore <rich@kde.org>
Some of the QSslSocket tests use OpenSSL-specific symbols. This
change fixes this issue.
Change-Id: Ib67efa42a15facaf0ad34fc0466341a37d945d1e
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
This adds support for reading and writing ASN.1 boolean
values. It also adds an operator to test two ASN.1 elements
for equality.
Change-Id: I4a22cbf9808533d593fc59d27b63caaf650b1f57
Reviewed-by: Richard J. Moore <rich@kde.org>
This adds a test for a QSslCertificate containing extensions which
are marked as critical.
Change-Id: I314e1f5c9943bcad5d43129a97f9f834882dc6fb
Reviewed-by: Richard J. Moore <rich@kde.org>
This tightens tests performed on a certificate's extensions by checking
isCritical() and isSupported() for all extensions. It also explicitly
checks the keys when value() returns a QVariantMap.
Change-Id: If51c55be25bbcd09cc3a6712ddfea2bf9a01360f
Reviewed-by: Richard J. Moore <rich@kde.org>
This adds the infrastructure for reading and writing encrypted private keys
when using non-OpenSSL backends. Each platform must provide its cryptographic
encrypt / decrypt functions.
As WinRT already uses the common parser, this commit includes an
implementation for that platform.
Done-with: Andrew Knight <andrew.knight@digia.com>
Task-number: QTBUG-40688
Change-Id: I0d153425ce63601ff03b784a111e13962061025f
Reviewed-by: Richard J. Moore <rich@kde.org>
This change adds the ability to decode ASN.1 INTEGER fields,
provided they represent a positive number of less than 64-bit.
This is needed for PKCS#12 decoding.
Change-Id: Iafb76f22383278d6773b9e879a8f3ef43c8d2c8f
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
QSslKey currently has methods which supposedly allow decoding and
encoding private keys as DER protected by a passphrase. This is
broken by design as explained in QTBUG-41038, as storing the encrypted
DER data alone makes no sense: such a file lacks the necessary
information about the encryption algorithm and initialization vector.
This change:
- explicitly stops using the passphrase when decoding DER in the
constructor. The behavior is unchanged, it is not possible to
read the encrypted DER alone.
- refuses to honor the passphrase to DER encode a private key. The toDer
method now outputs an empty QByteArray instead of garbage.
Task-number: QTBUG-41038
Change-Id: I4281050cf1104f12d154db201a173633bfe22bd9
Reviewed-by: Richard J. Moore <rich@kde.org>
This adds a test for 3DES encrypted keys in addition to the
current DES encrypted keys.
Change-Id: I229e3ef710e9ee23efa2a3275b89d958491de4a2
Reviewed-by: Richard J. Moore <rich@kde.org>
The native handle and import functions are now available for use in other
parts of the winrt backend.
Change-Id: I07e6f95b3411c3dc7c1a7a164544b18e5e435d01
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
This internal implementation of QSslKey can be used when OpenSSL is not
available. Encrypted keys are not supported, as the cryptography must
be supplied by a separate library.
With this commit, WinRT is migrated to the new implementation,
but qsslkey_winrt.cpp is left in place so that the missing crypto
implementation can be added later. This also means most of the expected
failures for that platform can be removed from the autotest.
Change-Id: I24a3ad1053bb72311613b28b3ae845aa1645a321
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
This changes tests which use QSslCertificate::handle() to determine
if a certificate is null to use QSslCertificate::isNull() instead.
This is required for non-OpenSSL backends which do not actually
expose a private handle.
Change-Id: I9523ba0dd00d47ba337b543ad34840125db99bfb
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
This moves the socket backend's host name matching functions up to
QSslSocketPrivate so that they can be shared between backends. This
works, as there is no OpenSSL-specific code here.
Change-Id: I73c2081fdc2e60a44c90e90800d1e1877391a626
Reviewed-by: Richard J. Moore <rich@kde.org>
This element can be used for backends that do not offer all the
information that is needed when implementing a ssl certificate backend.
WinRT and the SecureTransport lack functionality in this area for
example.
The sources and tests are added for ssl and openssl configurations in order
to be tested. The condition for adding these can be changed as soon
as they are used by an actual implementation
Change-Id: I2b836133105afdc178bf3b1ee7d732bea069effa
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
In cases where a cached ftp connection fails to connect, or a file
transfer has failed, we should removed the cached connection. Since qnam
has an idea of a single internal QFtp per full operation, when file
transfers failed previously the cached connection would be reused for
subsequent connections and thus fail.
[ChangeLog][QtNetwork][QNetworkAccessManager] QNetworkAccessManager now
properly handles FTP transfer failures by removing failed cached ftp
connections.
Task-number: QTBUG-40797
Change-Id: Ie090a39ceddd7e58a0d8baf7d01f2a08c70162e5
Reviewed-by: Richard J. Moore <rich@kde.org>
This allows for opening of public key files. It does not, however,
support opening private keys (or decrypting/encrypting them). This is
due to limitations in the native API.
Nearly all public key tests pass (the native API doesn't support the
40-bit key in the test set). The private key tests are expected to fail.
Task-number: QTBUG-40688
Change-Id: Id8f2f1ae6526540736ceb2e5371f6a5d80c4ba7b
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
This fixes high CPU load for upload devices that don't generate
a constant stream of data. Their readData() function was called all the
time without returning actual data.
This was noticed when implementing an upload device that emits data in
a limited way for bandwidth limiting.
[ChangeLog][QtNetwork][QNetworkAccessManager] Fixed high CPU load when handling
POST/upload QIODevice that generates data on readyRead().
Change-Id: Iefbcb1a21d8aedef1eb11761232dd16a049018dc
Reviewed-by: Richard J. Moore <rich@kde.org>
At the moment, there is no stream information in the cache file. This
can lead to a problem when current stream version differs from version
cache file written with.
As an example, if file written with Qt 5.1.1, QTimeDate in the metadata
stored as 13-bytes value, but Qt 5.2 and later can read additional 4
bytes which breaks following data, leading to network request just hangs
forever.
Adding stream version fixes this problem.
As cache format changed, cache version bumped.
Task-number: QTBUG-36219
Change-Id: I467d8c9fda82bcf9302192f51e7a00d2f6a9ff66
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
The combination of these unstable tests makes it very
hard to get changes through the CI system due to the
unrelated test failures.
Skip the following test functions:
tst_QIODevice::unget QTBUG-39983 (Mac)
tst_QThreadPool:expiryTimeoutRace QTBUG-3786 (Windows)
tst_QLocalSocket::processConnection QTBUG-39986 (Mac)
tst_QTcpServer::adressReusable QTBUG-39985 (Linux)
Change-Id: I96559bea0d437fd25966b6ccac1ece1490e06241
Reviewed-by: David Faure <david.faure@kdab.com>
Reviewed-by: Shawn Rutledge <shawn.rutledge@digia.com>
Conflicts:
mkspecs/qnx-x86-qcc/qplatformdefs.h
src/corelib/global/qglobal.h
src/network/socket/qnativesocketengine_winrt.cpp
src/plugins/platforms/android/androidjniaccessibility.cpp
src/plugins/platforms/windows/qwindowswindow.cpp
Manually adjusted:
mkspecs/qnx-armle-v7-qcc/qplatformdefs.h
to include 9ce697f2d5
Thanks goes to Sergio for the qnx mkspecs adjustments.
Change-Id: I53b1fd6bc5bc884e5ee2c2b84975f58171a1cb8e
The sockaddr_in struct is defined in netinet/in.h header.
Change-Id: I67a3421094c96a5e948968a26723ec8c21f85c93
Reviewed-by: BogDan Vatra <bogdan@kde.org>
We were keeping a dangling pointer to a non-existent QIODevice around
which would lead to a crash.
Task-number: QTBUG-17400
Change-Id: Ie374cbb94bb45c9b0fbef46287b3317f60154123
Reviewed-by: Richard J. Moore <rich@kde.org>
... because it fails on the new network test server. The Socks5 tests
in QUdpSocket have already been disabled by commit
aa3eaf9d2e .
Task-number: QTBUG-35490
Change-Id: Ib062adb422ff6e5538f14d15a266d79c3bb53956
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@digia.com>
Recreating QCoreApplication could cause a crash in QNetworkAccessManager
constructor. That was caused by an invalid shutdown detection introduced
in f273d6fbc0.
Task-number: QTBUG-36897
Change-Id: Ib5bba773a2a4fcde690a3a93680aef551aae3a5b
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Discussed with Peter and agreed that it's a slightly better fit there.
Change-Id: If8db777336e2273670a23d75d8542b30c07e0d7b
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Add support for loading certificates and keys from PKCS#12 bundles
(also known as pfx files).
Task-number: QTBUG-1565
[ChangeLog][QtNetwork][QSslSocket] Support for loading PKCS#12
bundles was added. These are often used to transport keys and
certificates conveniently, particularly when making use of
client certificates.
Change-Id: Idaeb2cb4dac4b19881a5c99c7c0a7eea00c2b207
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Change-Id: I92fa083665509932b75ff1037904a6f78a950fd6
Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Change-Id: Ife5b7206fd3d7af57cfca3c0f28f56bb53ede7a7
Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
... because they are too unstable. We can check whether they are more
stable once the new network tests server is in place.
Task-number: QTBUG-38385
Change-Id: I5ced7cc1f89290812aa88f174a41965fd2ef7252
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
Change-Id: I2912dcca77270582f6e989b8b3fb72b82f6f70d6
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Despite supporting DH and ECDH key exchange as a client, Qt did not provide
any default parameters which prevented them being used as a server. A
future change should allow the user to control the parameters used, but
these defaults should be okay for most users.
[ChangeLog][Important Behavior Changes] Support for DH and ECDH key exchange
cipher suites when acting as an SSL server has been made possible. This
change means the you can now implement servers that offer forward-secrecy
using Qt.
Task-number: QTBUG-20666
Change-Id: I469163900e4313da9d2d0c3e1e5e47ef46320b17
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
FAIL! : tst_QNetworkReply::ioPostToHttpUploadProgress() 'args.at(0).toLongLong() != sourceFile.size()' returned FALSE. ()
Task-number: QTBUG-37449
Task-number: QTBUG-24226
Change-Id: Idcc0ceac0332705b1e3a073d40fa8098bea2c9f3
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
... and not only one. This was a problem e.g. when there were several
requests to the same host and the host was not reachable; only one
reply would get an error signal in case we suppressed other errors in
"happy eyeballs" host lookup style.
Task-number: QTBUG-36890
Change-Id: I1b5757498bd644b0d773cf6c43e4950620949c5c
Reviewed-by: Richard J. Moore <rich@kde.org>
Output the SSL library version, output socket error string on connection
failure consistently, silence numerous warnings about QIODevice not
being open in tst_QSslSocket::constructing.
Change-Id: Ia23d42de5b2daca55b2f6f50af025d61e99c52a0
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
tested manually with internal proxy.
Patch-by: Jonathan Lauvernier <Jonathan.Lauvernier@gmail.com>
Change-Id: Ief5b4579b3444ce70eb99637edf771d37d3971fb
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Do not close connection in slot bytesWritten() since that can
cause clients to fail with "Connection Closed". Instead, use
deleteLater() to close properly and prevent leaking the sockets.
FAIL! : tst_QNetworkReply::qtbug28035browserDoesNotLoadQtProjectOrgCorrectly() 'waitForFinish(reply) == Success' returned FALSE. ( QUrl( "http://localhost:58240" ) failed: # 2 "Connection closed" )
..\tst_qnetworkreply.cpp(7067) : failure location
Task-number: QTBUG-37449
Change-Id: Ib92cb62fae523370b2fb45e1ccfa217559732bc8
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Joerg Bornemann <joerg.bornemann@digia.com>
Replacing old troll.no domain with qt-project.org domain. Using troll.no
doesn't work anymore.
Change-Id: Ic6fa71b044d1adbdc66c875b47bfdc256a2afc8e
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
The test takes too long and fails:
FAIL! : tst_QFtp::abort(WithoutProxy:get_fluke01) '(int)newData_ba.size() == bytesDone' returned FALSE. ()
tst_qftp.cpp(1886) : failure location
FAIL! : tst_QFtp::abort(WithoutProxy:get_fluke01) Network operation timed out
tst_qftp.cpp(1392) : failure location
FAIL! : tst_QFtp::abort(WithoutProxy:put_fluke01) 'bytesDone != bytesTotal' returned FALSE. ()
tst_qftp.cpp(1406) : failure location
FAIL! : tst_QFtp::abort(WithSocks5Proxy:get_fluke01) '(int)newData_ba.size() == bytesDone' returned FALSE. ()
tst_qftp.cpp(1886) : failure location
FAIL! : tst_QFtp::abort(WithSocks5Proxy:get_fluke01) Network operation timed out
tst_qftp.cpp(1392) : failure location
FAIL! : tst_QFtp::abort(WithoutProxyWithSession:get_fluke01) '(int)newData_ba.size() == bytesDone' returned FALSE. ()
tst_qftp.cpp(1886) : failure location
FAIL! : tst_QFtp::abort(WithoutProxyWithSession:get_fluke01) Network operation timed out
tst_qftp.cpp(1392) : failure location
FAIL! : tst_QFtp::abort(WithoutProxyWithSession:put_fluke01) 'bytesDone != bytesTotal' returned FALSE. ()
tst_qftp.cpp(1406) : failure location
FAIL! : tst_QFtp::abort(WithSocks5ProxyAndSession:get_fluke01) '(int)newData_ba.size() == bytesDone' returned FALSE. ()
tst_qftp.cpp(1886) : failure location
FAIL! : tst_QFtp::abort(WithSocks5ProxyAndSession:get_fluke01) Network operation timed out
tst_qftp.cpp(1392) : failure location
Totals: 327 passed, 10 failed, 4 skipped
QtQA::App::TestRunner: warning: test duration (398 seconds) is dangerously close to maximum permitted time (450 seconds)
QtQA::App::TestRunner: warning: Either modify the test to reduce its runtime, or use a higher timeout.
QtQA::App::TestRunner: test failed, running again to see if it is flaky...
Change-Id: I122641f174927c6b3668df05c79f88e38b88042f
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
- Replace SRCDIR define by QFINDTESTDATA
- Replace QVERIFY by QCOMPARE where applicable
- Introduce QVERIFY2 with message for comparisons
Change-Id: Ib5a6b0f09428587281e1b9521e4d8a8117c1afdb
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
There is no need to even try to run the tests if the network test
server is not present.
Add a validation in initTestCase() since all test functions depend
on the network test server.
Change-Id: I8eca376a718ab5b6e1cc2c57f2e045dd0b58f52b
Reviewed-by: Richard J. Moore <rich@kde.org>
Currently the only supported SPDY version is 3.0.
The feature needs to be enabled explicitly via
QNetworkRequest::SpdyAllowedAttribute. Whether SPDY actually was used
can be determined via QNetworkRequest::SpdyWasUsedAttribute from a
QNetworkReply once it has been started (i.e. after the encrypted()
signal has been received). Whether SPDY can be used will be
determined during the SSL handshake through the TLS NPN extension
(see separate commit).
The following things from SPDY have not been enabled currently:
* server push is not implemented, it has never been seen in the wild;
in that case we just reject a stream pushed by the server, which is
legit.
* settings are not persisted across SPDY sessions. In practice this
means that the server sends a small message upon session start
telling us e.g. the number of concurrent connections.
* SSL client certificates are not supported.
Task-number: QTBUG-18714
[ChangeLog][QtNetwork] Added support for the SPDY protocol (version
3.0).
Change-Id: I81bbe0495c24ed84e9cf8af3a9dbd63ca1e93d0d
Reviewed-by: Richard J. Moore <rich@kde.org>
They cause test failures from time to time.
Change-Id: I917bef340401d25bf54e133be9d9562b3b133c9f
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
Reviewed-by: Niels Weber <niels.weber@digia.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
A few more HTTP status codes from the 4xx and 5xx series have been
added to QNetworkReply::NetworkError.
For content errors, the following codes have been added:
1. 409 - Resource Conflict
2. 410 - Resource Gone
For server related errors, the following codes have been added:
1. 500 - Internal Server Error
2. 501 - Operation Not Implemented
3. 503 - Service Unavailable
Few of the above codes are quite possible when communicating with REST
based services.
NOTE:
=====
* HTTP error status 400 is interpreted as
QNetworkReply::ProtocolInvalidOperationError.
* QNetworkReply::UnknownServerError is returned for all server related
errors (5xx) not listed above.
[ChangeLog][QtNetwork][QNetworkReply] Added more (specific) HTTP status
codes to NetworkError enum.
Task-number: QTBUG-30880
Change-Id: I9d2a133f6b3869f26710c6eb930dd8b08df31108
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Any cipher that is < 128 bits is excluded from the default SSL
configuration. These ciphers are still included in the list
of availableCiphers() and can be used by applications if required.
Calling QSslSocket::setDefaultCiphers(QSslSocket::availableCiphers())
will restore the old behavior.
Note that in doing so I spotted that calling defaultCiphers() before
doing other actions with SSL had an existing bug that I've addressed
as part of the change.
[ChangeLog][Important Behavior Changes] The default set of
ciphers used by QSslSocket has been changed to exclude ciphers that are
using key lengths smaller than 128 bits. These ciphers are still available
and can be enabled by applications if required.
Change-Id: If2241dda67b624e5febf788efa1369f38c6b1dba
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Commit 773dd01 introduced a general mingw platform scope, which
is cleaner and more flexible than matching the spec name.
Change-Id: Ie3a9cb791a83f7c8a51bc4e23069190c452ab521
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Qt since approximately 4.4 has set the verify callback on both the SSL
store and the SSL context. Only the latter is actually needed. This is
normally not a problem, but openssl prior to 1.0.2 uses the verify
code to find the intermediate certificates for any local certificate
that has been set which can lead to verification errors for the local
certificate to be emitted.
Task-number: QTBUG-33228
Task-number: QTBUG-7200
Task-number: QTBUG-24234
Change-Id: Ie4115e7f7faa1267ea9b807c01b1ed6604c4a16c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Otherwise you get:
undefined reference to `vtable for QAbstractSocketEngine'
when -developer-build is not used.
Change-Id: I444140736a6bf736894dc12a20f6a4d48af2678e
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Otherwise you get:
undefined reference to `qt_qhostinfo_clear_cache()'
Change-Id: I32313f290b9e4236440ae01afe12285d4539be60
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
the diff -w for this commit is empty.
Started-by: Thiago Macieira <thiago.macieira@intel.com>
Change-Id: I77bb84e71c63ce75e0709e5b94bee18e3ce6ab9e
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
The tests pass with the new test server image. Once we are using the
new test server we can remove the test for the host not found error.
Change-Id: Iac8ba6d8ce31b0865b33a003086aac0339afe338
Reviewed-by: Richard J. Moore <rich@kde.org>
In a slot connected to readyRead, if the app detects that the
buffer size is too small and increases it, it expects that
readyRead() will be emitted again.
setReadBufferSize() doesn't re-enable the socket notifier when
calling from within readyRead, and readyRead itself was missing
the code to do it.
Change-Id: Ia00a3066ad3ba09d5cfae0716adc5691ae96c3fa
Done-with: Thiago
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
For IPv6 addresses don't call toAce as it returns the empty string.
We should reflect the behavior of browsers here, which all accept
cookies from IPv6 addresses.
Original-patch-by: David Tapuska <dtapuska@blackberry.com>
Task-number: QTBUG-35022
Change-Id: Ic00369e923d044ec459822b2405865c13e4185b6
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
If the domain is an IP address, we should not do any magic regarding
leading dots etc.
Task-number: QTBUG-35022
Change-Id: I7722de4e6027666dde27e9e37b6353e3da775d94
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
... because they fail on the new test server. This commit can be
reverted once the Socks5 socket engine is fixed.
Task-number: QTBUG-35490
Change-Id: I85635d4b44d26168d40a56b7a121693297564f0f
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
... because it was used to operate a man-in-the-middle proxy.
Task-number: QTBUG-35474
Change-Id: Ic7f19708b278b866e4f06533cbd84e0ff43357e9
Reviewed-by: Richard J. Moore <rich@kde.org>
It's unexpected that all messages generated by the stream version
of qDebug and friends have a trailing space. It also makes switching
to categorized logging (which only supports the stream version) difficult,
since all autotests checking for debug output would have to be adapted.
Task-number: QTBUG-15256
Change-Id: I8d627a8379dc273d9689f5611184f03607b73823
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
For the conflicts in msvc_nmake.cpp the ifdefs are extended since we
need to support windows phone in the target branch while it is not there
in the current stable branch (as of Qt 5.2).
Conflicts:
configure
qmake/generators/win32/msvc_nmake.cpp
src/3rdparty/angle/src/libEGL/Surface.cpp
src/angle/src/common/common.pri
src/corelib/global/qglobal.h
src/corelib/io/qstandardpaths.cpp
src/plugins/platforms/qnx/qqnxintegration.cpp
src/plugins/platforms/qnx/qqnxscreeneventhandler.h
src/plugins/platforms/xcb/qglxintegration.h
src/widgets/kernel/win.pri
tests/auto/corelib/thread/qreadwritelock/tst_qreadwritelock.cpp
tests/auto/corelib/tools/qdatetime/tst_qdatetime.cpp
tests/auto/gui/text/qtextdocument/tst_qtextdocument.cpp
tools/configure/configureapp.cpp
Change-Id: I00b579eefebaf61d26ab9b00046d2b5bd5958812
to reflect the fact that this returns and sets the whole session
ticket, and not just the session ID.
Change-Id: I00fe2bc4197dbcd7a02b3ae4f2f84e3a2a7edad0
Reviewed-by: Richard J. Moore <rich@kde.org>
Use the correct identifier for the OS X operating system.
Change-Id: I7158a6b77e5e7418bc6b0a565f003500820a346d
Reviewed-by: Jake Petroules <jake.petroules@petroules.com>
Reviewed-by: Eike Ziller <eike.ziller@digia.com>
- Remove irrelevant test subdirs via .pro files
- Follow WinCE codepaths where applicable
- Replace unsupported Win32 APIs with WinRT equivalents
This does not aim to fix any failures in the tests themselves; it only
makes them compile.
Change-Id: Ia82bc0cc402891f8f6238d4c261ee9152b51be80
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@digia.com>
If we end up QSKIP'ing the test 'wronlyFileName' is never created.
Change-Id: I2ccbfdb630b58d7904e73b476a65a82a45ab90d7
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
A handful of tests lack QT_NO_PROCESS guards, making them non-compilable
on Qt builds with no QProcess support. This commit does not change
QProcess-specific tests, which should be left out of the build using the
.pro file mechanism.
Change-Id: Iac8562428abc1f59ccbb23bf5c3a919785e41f12
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@digia.com>
The new test server image will not have a SMTP service installed, and
the network self test does not check for that either.
Change-Id: I1063777832148e184de4ddf21d9154364f644e1e
Reviewed-by: Richard J. Moore <rich@kde.org>
This test works with no Qt version (4 or 5) when testing with the
Squid (HTTP proxy) version deployed on the new test server image.
Task-number: QTBUG-33180
Change-Id: If244526a4baed9f3836dade007fe0f15649a8f86
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
... supported on the new test server. Once the new server image is in
place, we can only allow for the new life time hint of 300 seconds.
Task-number: QTBUG-33040
Change-Id: Id6ad9983789cc6badf3fc2f6628bf79379988201
Reviewed-by: Richard J. Moore <rich@kde.org>
Functions normally found from <sys/socket.h> are available on VxWorks
from <sockLib.h> header.
Change-Id: I2263ec40ba9f37bc95755b633fb43d66ceb2777c
Reviewed-by: Samuel Rødal <samuel.rodal@digia.com>
When readData() is called repeatedly, we need to keep track which
part of the multipart message we are currently reading from.
Hereby we also need to take the boundary size into account, and not
only the size of the multipart; otherwise we would skip a not
completely read part. This would then later lead to advancing the
read pointer by negative indexes and data loss.
Task-number: QTBUG-32534
Change-Id: Ibb6dff16adaf4ea67181d23d1d0c8459e33a0ed0
Reviewed-by: Jonathan Liu <net147@gmail.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
The one in tst_QLocalSocket::writeToClientAndDisconnect just needed
proper ordering: that's what waitForDisconnect is for. At the same time,
we need to make sure we get the same message from all three
implementations of QLocalSocket::waitForDisconnect (and without the
useless space at the end).
Change-Id: I21364263cf908df022df814a6a39fcb5783e84e6
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
The rule for a new override is that it must still work if the old
implementation is called. The catch is that any class that derives from
QProcess and isn't recompiled will still have QIODevice::open in its
virtual table. That is equivalent to overriding open() and calling
QIODevice::open() (like the tests).
In Qt 5.0, QProcess::start() called QIODevice::open directly, not the
virtual open(), so there's no expectation that a user-overridden open()
be called. With that in mind, simply fix QProcess::start to not call the
virtual open at all.
Similarly with QLocalSocket, the calls to open were always non-virtual.
Task-number: QTBUG-32284
Change-Id: I88925f0ba08bc23c849658b54582744997e69a4c
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
This should have been done in the commit that introduced open
(953255abab), but was missing.
Change-Id: I1c2de4ad5fa42aa5b90646e7d4d7d1b1570a0f87
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
- Don't run this test in parallel
- Remove redundant QT=-gui
- Place the insignificant_test marks together
Change-Id: I078fa29a4dccef9af8798792d06d51835b4b8934
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@digia.com>
Flip !Q_OS_IOS conditions to Q_OS_MACX where it seems appropriate,
remove a redundant condition in qtextcodec_p.h.
Change-Id: I21c8c0c490f1eb4a9337a7f2f3e907c125489438
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@digia.com>
The TXT record is particular because each RR can contain multiple text
strings. So we need to join each RR's texts too.
To make it easy, I've made everything be QStrings.
Change-Id: Ia0506544b913585e7be860c81077cff8e0dab547
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
The DNS protocol changes the order of the RRs in each reply it sends,
in an effort to balance the load in servers. For most tests, to ensure
that we get always the same result, we simply sort it back.
For MX and SRV, we can't sort because we also need to test that
QDnsLookup sorted correctly according to priority. So instead allow
that test to have multiple alternatives.
Change-Id: I5c119f907b31789de5c9cf2471cc82ecd140d06f
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Session tickets can be cached on the client side for hours (e.g.
graph.facebook.com: ~ 24 hours, api.twitter.com: 4 hours), because the
server does not need to maintain state.
We need public API for it so an application can cache the session (e.g.
to disk) and resume a session already with the 1st handshake, saving
one network round trip.
Task-number: QTBUG-20668
Change-Id: I10255932dcd528ee1231538cb72b52b97f9f4a3c
Reviewed-by: Richard J. Moore <rich@kde.org>
I also modified tst_QDnsLookup the test to use ';' as a separator as
opposed to spaces because I added MX and SRV records with multiple
RRs.
Change-Id: I62c7b6ad342c1bb23c4d9ac9730e35ab422e3ea2
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
... but rather throw an error, so the HTTP layer can recover from a SSL
shutdown gracefully. In case the other side sent us a shutdown, we should
not send one as well, as it results in an error.
Change-Id: Ie7a56cf3008b6ead912aade18dbec67846e2a87e
Reviewed-by: Richard J. Moore <rich@kde.org>
ignoreProxyFor() always returned true if the no_proxy was not set,
which resulted in the first token being an empty QByteArray, causing
the endsWith() check to always evaluate to true.
Add a unit test that is enabled for those platforms that use the generic
system proxy.
Change-Id: I6081ad5e0b8e2c3fee1568835907c32bde5b7772
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
There is already an enum to disable SSL session tickets, which has been
used to disable session sharing for now. However, SSL session sharing
is not the same as SSL session tickets: Session sharing is built into
the SSL protocol, while session tickets is a TLS extension (RFC 5077).
Change-Id: If76b99c94b346cfb00e47366e66098f6334fd9bc
Reviewed-by: Richard J. Moore <rich@kde.org>
... because SkipSingle was removed in Qt5, and a QSKIP would result in
the SSL tests not being executed.
This can be reverted once QTBUG-29972 is fixed.
Change-Id: I3663ee52f00c3f4391ce78cf63bd444656d79cb3
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
In particular, set online state right upon construction of the
QNetworkAccessManager instance. Therefor, QNAM needs an instance of a
QNetworkConfigurationManager internally.
Before, this would only work properly if a network session was created.
Now, networkAccessible() returns the correct status.
Change-Id: I7ff9ccfd18ad376a131fc5977843b55bf185fba0
Reviewed-by: Rafael Roquetto <rafael.roquetto@kdab.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
... but only if the QNetworkConfiguration manager requires one.
Change-Id: I1c69c43438f1df9080d207c8598a42201f759c5b
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
The connection to qt-project.org seems to be the one that causes this
particular test case to fail.
Task-number: QTBUG-29941
Change-Id: Ie5e430646997e86e3acb04132cd90a1773a091da
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Remove all trailing whitespace from the following list of files:
*.cpp *.h *.conf *.qdoc *.pro *.pri *.mm *.rc *.pl *.qps *.xpm *.txt *README
excluding 3rdparty, test-data and auto generated code.
Note A): the only non 3rdparty c++-files that still
have trailing whitespace after this change are:
* src/corelib/codecs/cp949codetbl_p.h
* src/corelib/codecs/qjpunicode.cpp
* src/corelib/codecs/qbig5codec.cpp
* src/corelib/xml/qxmlstream_p.h
* src/tools/qdoc/qmlparser/qqmljsgrammar.cpp
* src/tools/uic/ui4.cpp
* tests/auto/other/qtokenautomaton/tokenizers/*
* tests/benchmarks/corelib/tools/qstring/data.cpp
* util/lexgen/tokenizer.cpp
Note B): in about 30 files some overlapping 'leading tab' and
'TAB character in non-leading whitespace' issues have been fixed
to make the sanity bot happy. Plus some general ws-fixes here
and there as asked for during review.
Change-Id: Ia713113c34d82442d6ce4d93d8b1cf545075d11d
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
It is flakey and often blocks integration.
Task-number: QTBUG-29730
Change-Id: I8acfc243ec6a6782b7f7d78fc27827f3fdc1ce52
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
Add an encrypted signal to QNAM and QNetworkReply to allow applications
to perform additional checks on the certificate chain beyond those done
as part of the standard SSL validation. This allows things like
certificate change notification to be implemented for QNAM as they can
be for QSSLSocket currently.
Change-Id: I693e3e6fec8b7040379b7e7f1f819550e6b2617f
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Add intermediate certificates to our server sockets, and to our client
certs.
Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba
Task-Number: QTBUG-19825
Task-Number: QTBUG-13281
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Instead of storing a single QSslCertificate for a the local cert, store
a list of them. This will allow us to handle server sockets that use a
certificate that is not issued directly from the CA root in future.
Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96
Reviewed-by: Peter Hartmann <phartmann@rim.com>
The "mediumfile" is actually 9.6 MB large, and makes the test slow and
even fail on mobile platforms.
Change-Id: I694d9d38e4d09c8e90a03c1141320fe2a757fdd9
Reviewed-by: Richard J. Moore <rich@kde.org>
It's flakey and is blocking integration. Tracked in QTBUG-29730.
Change-Id: Ia5b8f952314bf2e1aa6dbb5c5c0a97e32e68d0f6
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@digia.com>
Do not include qsslsocket_p.h unless SSL is present.
Change-Id: I7e56b7758729907892d85f97d5a9d3ccaf7a3314
Reviewed-by: Peter Hartmann <phartmann@rim.com>
The table is there to know which domains are allowed to set cookies
and which are not. There are more than 2000 new entries since the
list has last been generated.
The split to 64K chunks was made because this is the hard limit for
strings in Visual Studio.
Change-Id: I511aec062af673555e9a69442c055f75bdcd1606
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
DER certificates should not be opened as text files, so we
only pass the QIODevice::Text flag when the format is
QSsl::Pem.
Change-Id: I4bad98023c397b967d5beeec0aaa6c414e06fd9c
Reviewed-by: Richard J. Moore <rich@kde.org>
This improves performance since a network round trip can be avoided.
Change-Id: I1aaff7e48ef9638cb137de0f43942c3a4dd2884a
Initial-patch-by: Markus Goetz <markus@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
VxWorks does not have QProcess support.
Change-Id: I917b769f967e9d71ec5025aae788f3e237b07aeb
Reviewed-by: Samuel Rødal <samuel.rodal@digia.com>
(cherry picked from commit 416e73a0fc)
make sure we keep track of when we can load root certs and when we
cannot (we cannot when the developer set the certs explicitly). This is
implemented the same way for QSslSocket already, and needs to be
duplicated because we have 2 methods for setting CA certificates: one in
QSslSocket and one in QSslConfiguration.
In addition, adapt the auto test which checks whether setting a default
QSslConfiguration works: There is no way to set on demand loading
through the API, so it should be enabled by default.
Task-number: QTBUG-29103
Change-Id: I5146128aaa385dfcc0ad1e0ef81a92d9350ec5f2
Reviewed-by: Richard J. Moore <rich@kde.org>
One of the IPv6 autotests was always disabled instead of being disabled
only when the system has no IPv6 support.
Change-Id: I34dffbeae6ba85a706bfeb0cc4750a4514b73a65
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Adds an auto test that verifies that the replies to POST and PUT
requests are not cached even though they contain a max-age header and
that subsequent GET requests are reloaded from the server.
Change-Id: I188ae1200cb5551e164722c0f479719be8d11bfb
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Those certificates have erroneously set the CA attribute to true,
meaning everybody in possesion of their keys can issue certificates on
their own.
Task-number: QTBUG-28937
Change-Id: Iff351e590ad3e6ab802e6fa1d65a9a9a9f7683de
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
These types are either built-in or 'automatically declared' and so
don't need to be explicitly declared as metatypes.
Change-Id: Ifdce72af844901665c4ebab11507216ba5f00fc1
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
As they are built-in, they are effectively registered at compile-time
already.
Change-Id: I7ae6ba16088eab5d19213fa7b07c2a7760988a86
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
trolltech.com seems to be shut down already
Change-Id: Ic90ce01aeb51b6f154b9bbf4762c365a398c9e3d
Reviewed-by: Simo Fält <simo.falt@digia.com>
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
The QSslSocket one is both wrong and redundant as there is a
Q_DECLARE_METATYPE for it already.
Change-Id: I63d065abfb3d0e3d82a8b1f29a6752b7676db847
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
Also change Trolltech for QtProject in other places
Task-number: QTBUG-23269
Change-Id: Ie4e344f23cab77c575562d18b481b3369ce30491
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Ifdef out waitForBytesWritten on Windows.
See comment in source.
Change-Id: I7a2268d2634c2524cd8291c72dd9708e430e314e
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Different OpenSSL versions produce slightly different output when
dumping a certificate.
Change-Id: Ida98b24422302e287641be074d6740ca292cf203
Reviewed-by: Richard J. Moore <rich@kde.org>
qt.nokia.com is also going to disapper in future, so I think it is better
to use qt-project.org.
Change-Id: Ice550fe657a33609472b8e4b8630d7649f9c9fb5
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
Not having access to a network test server is not a failure per se
but rather an enviromental condition not met at run-time.
Change-Id: Ie7d10ca5fbf2df45fb1fd1ac19718c9fae855c03
Reviewed-by: Caroline Chao <caroline.chao@digia.com>
QSystemSemaphore is persistent after a crash and we'd have to toggle the
Open/Create flag. Waiting for the server being available by trying to
connect is much more reliable.
Change-Id: I510814cef189b43658911f8ade3cf831ae6c7e58
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@digia.com>
Removing the lackey executable that needs QtScript to be built.
This was a qscript bastard that was able to run a client and a server
script. It's replaced by a C++ version with the same functionality.
Nice side effect: the two second wait per test row could be removed.
The client executable is now waiting for the server to be created.
Task-number: QTBUG-24142
Change-Id: I135b75abf6620d3b0af50dc226ea8c81c2bf4149
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@digia.com>
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
Microsoft DNS server used in Digia hosted Qt-Project CI system,
returns 'Server failed' error for 'invalid.' hostname. Because
the purpose of these autotests is to test 'notfound' use case, it should
be ok to use also 'invalid.invalid' hostname in these DNS queries.
Change-Id: I9e9c829f3858e7fa23feffd2ede018b19f676857
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
The programs in the example isn't used in the test.
Examples should be in the right directory and be of a certain
quality.
Change-Id: Id77bd1295efb3387fa54c379eb9c882cdc5b88bd
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@digia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Commit 5230d62fe added a #define NOMINMAX, which conflicts with a
NOMINMAX definition in the MinGW headers. Just use the same definition
as in MinGW to fix the gcc warning.
Change-Id: Ib21dd323ebbdca5d143e394c7631303e0c72541a
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Change copyrights and license headers from Nokia to Digia
Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
Disable SSL compression by default since this appears to be the a likely
cause of the currently hyped CRIME attack.
Change-Id: I515fcc46f5199acf938e9e880a4345f2d405b2a3
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@rim.com>
"HTTP/1.1 100 CONTINUE\r\n"
If the header from a server is splitted between two packets
the first packet contains "HTTP/1.1 100" and the second one
contains " CONTINUE\r\n", one space (0x20) is skipped. After
processing the line looks in this way "HTTP/1.1 100CONTINUE".
QHttpNetworkReplyPrivate::readStatus(QAbstractSocket *socket)
is called twice, if a http header is splitted as above.
The function always removes whitespace from the beginning of a packet,
even if it is the second part of a http header.
QHttpNetworkReply returns QNetworkReply::RemoteHostClosedError
due to damaged http header during processing.
Improvement of unit test.
Task-number: QTBUG-27161
Change-Id: Ifc2949f62473209b4032185effbf5078b4130cda
Reviewed-by: Qt Doc Bot <qt_docbot@qt-project.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Changing it outside of the test function definition to avoid running
empty/inapplicable test functions.
Change-Id: I713560cde7f715696984ed082d682900f5f1bcdd
Reviewed-by: Qt Doc Bot <qt_docbot@qt-project.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Caroline Chao <caroline.chao@nokia.com>
Replaced with qt-project.org test domain.
The connectToMultiIP auto test is still disabled due to lack of test infrastructure.
Task-number: QTBUG-23294
Change-Id: Icf01aabb0ae503291abdda4e8f773f8e0a08931a
Reviewed-by: Qt Doc Bot <qt_docbot@qt-project.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>