As QAbstractSocket::readData does and as the documentation of QIODevice says
"this function returns -1 in those cases (that is, reading on a closed
socket..."
Change-Id: I1e64673f6a6d792a640bd6cb28b2bb5a0f18dc36
Reviewed-by: Aleix Pol
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
This reverts commit 96c27f0dfa.
We now use a custom keychain that should fix the original
problem with the test.
Change-Id: I52e4105f34a46ad7080750d9a62480ebe3a56e68
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
The fix is outdated - the tests it was fixing - pass on 10.11.
Change-Id: I8b42c1d3d2f1279382b15c20587dcc93cf1b6b40
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Mixing different protocols on client-server sockets works differently
on 10.11, making previously successful handshakes failing now.
Failure is specific to 10.11 with SecureTransport.
Change-Id: I35374b40fa3d167802775b526cf6465ae78749cf
Task-number: QTBUG-48860
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
RFC6125 section 6.4.2 specify we need to convert the IDN to ascii
before comparison. Note that we don't need to toLower anymore
because toAce takes care of it.
Section 7.2 recommands that we dod not attempt to check for wildcard
character embedded within the A-labels or U-labels of an
internationalized domain name. So we reject names that contiains a
'*' but starts with 'xn--'.
Change-Id: Ib0830520a1f82bbf9fd11818718277a479527ee3
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Replace outdated LGPL21 with LGPL license header.
Use GPL-EXCEPT for all autotests.
Also use canonical contact url.
Change-Id: I6e5cc8a4285569c4f862730a980f492b8a933a72
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
don't attempt to hand-craft a library export any more. instead, use the
configure system's built-in mechanism, and refer to it via QMAKE_USE.
this also allows us to rely on transitive dependencies in the autotest.
as a side effect, this makes the openssl-linked feature imply the
openssl one.
Change-Id: I5dd209b63bc8fbbc62852f6ffc472d4452ea2e68
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
The verifySessionProtocol() method in the SecureTransport backend did not
properly handle TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater.
This commit teaches verifySessionProtocol() about them.
It also adds TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater to the
protocolServerSide() test in tst_qsslsocket.
Change-Id: I394766c75dbea4d89bf3d6b9c3f3c89530ac0749
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This commit simplifies defaultParameters() to simply construct an empty
QSslDiffieHellmanParameters and assigning the DER-form of the DH parameters
to QSslDiffieHellmanParametersPrivate's derData field.
This creates a valid QSslDiffieHellmanParameters instance, but skips any
potentially expensive verification steps.
The previous implementation of defaultParameters() would use the public
fromEncoded() method to construct an instance of the default parameters.
This triggers a verification of the passed-in data, which can be expensive.
To ensure our defaultParameters() QSslDiffieHellmanParameters instance does
pass verification, this commit adds an autotest to verify that.
Fixes QTBUG-57815.
Change-Id: I6b1d9dbbfde526b232c319195ddbad42326be27c
Task-number: QTBUG-57815
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
this actually fixes the build when ssl is not enabled, as the openssl
features are in the not included network-private module.
Change-Id: Ibafae9867af493da184a45cf3981628d475d37a6
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
1. QSslSocketBackendPrivate::transmit was ignoring 'readBufferMaxSize';
as a result, we can have a user trying to set read buffer's size
to a small value (and more important - reading slowly in a small
chunks from this socket), but SSL itself socket reading 'too fast',
potentially growing its internal buffer to a huge size. This also
results in auto-tests failing - whenever we're trying to limit read
rate in some test.
2. Update qsslsocket auto-test.
Task-number: QTBUG-43388
Task-number: QTBUG-55170
Change-Id: Iedece26df0ac5b3b7cad62cc8c98aedc28e7ca5b
Reviewed-by: Richard J. Moore <rich@kde.org>
Move the different parts of configure.json/.pri into the libraries where
they belong.
Gui is not yet fully modularized, and contains many things related to
the different QPA plugins.
Done-with: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
Change-Id: I6659bb29354ed1f36b95b8c69e7fce58f642053f
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
- port Q_FOREACH to C++11 range-for
- port use of inefficient QLists to QVector
- port from QSharedPointer to auto variables except where the
payload is returned from a function (there ported to
QSharedPointer::create())
Fixes errors pointed out by my tree's static checks.
In sslErrors(), fixed an unwanted double-detach problem by
adding a strategic qAsConst().
Change-Id: I8148e23b73337f6f1a721e009f2974536d8447cc
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
Use the new qtConfig macro in all pro/pri files.
This required adding some feature entries, and adding
{private,public}Feature to every referenced already existing entry.
Change-Id: I164214dad1154df6ad84e86d99ed14994ef97cf4
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
- add missing \since 5.8 on free functions
- fix \relates of qHash to point to QSslDHP, not QHash, which is in another module
- API fix: use named instead of unnamed ctors
- share code between ctors
- API fix: add inline move ctor (for now, this requires using a naked d pointer,
which isn't much of a problem, since the class is immutable).
Change-Id: Ic30f9c3c03b8a3798e0676e38991ead85c587214
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
The deleteLater() call wasn't reliably reached when tests fail,
so use a QScopedPointer with QScopedPointerDeleteLater deleter.
Change-Id: Ica73bc73c2a0ac1e9b77e4804f2aedcad9b662a0
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
In a TLS handshake the ephemeral server key is saved in the ssl
configuration. Clients who want to get the length or algorithm of the
key only get "Opaque" and "-1" as a result because the key is always
stored as "Opaque". This change converts the key to specific type so
more details are available and the client don't need to convert the
handle by hand.
Change-Id: I60f90fc2c1805e528640d391b20c676b6eeeb49e
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
Test is strangely failing on Ubuntu 16.04 with OpenSSL 1.0.2g-fips.
Change-Id: I1498dee4c1d6db0702da3d3689787aed1e3a633f
Reviewed-by: Richard J. Moore <rich@kde.org>
And blacklisted a few tests in tst_QUdpSocket.
Conflicts:
src/android/jar/src/org/qtproject/qt5/android/QtNative.java
src/corelib/global/qglobal.cpp
src/corelib/global/qsystemdetection.h
src/corelib/io/qfileselector.cpp
src/plugins/platforms/eglfs/deviceintegration/eglfs_kms_egldevice/qeglfskmsegldeviceintegration.cpp
tests/auto/network/socket/qudpsocket/BLACKLIST
Task-number: QTBUG-54205
Change-Id: I11dd1c90186eb1b847d45be87a26041f61d89ef6
If a user's code, attached to sslErrors signal, calls abort/close
or disconnectFromHost but our SSL socket was configured not to verify a peer,
no need to continue handshake after calling checkSslErrors
(and finally crashing on invalid 'ssl' pointer).
Task-number: QTBUG-53906
Change-Id: I7f185511d278f9d6f16e7d6c5ba424707141459c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
protocolServerSide test fails with 'ssl3-any' and 'tls1.0-any' combo
on RHEL 7.2 with OpenSSL v1.0.1e-fips, it would work as OPENSSL_NO_SSL2
code-path, but OPENSSL_NO_SSL2 is not defined, so socket is in state
connected while it's expected to be unconnected.
Task-number: QTBUG-53608
Change-Id: Ib321b95129a6ab5b0691b40cb4acc612125633b2
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@qt.io>
setEmptyDefaultConfiguration - this test (and this was stated explicitly
in comments!) must be the last test to run, otherwise, it can make subsequent
tests fail.
-exitLoop must be in 'protected slots' section not to be executed as a test,
since ... it's aux function, not a test.
Task-number: QTBUG-53608
Task-number: QTBUG-53603
Change-Id: I49d6d57ba927ecc4f20ae2d9325ad02fa46b0922
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@qt.io>
Only the OpenSSL backend is supported right now.
[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
set custom Diffie-Hellman parameters for QSslSocket-based servers.
Change-Id: I50148873132cd0ec7e414250b107b6b4cbde02ea
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
[ChangeLog][QtNetwork][QSslSocket] TLS PSK ciphers are possible in server sockets.
Task-number: QTBUG-39077
Change-Id: Iaa854a6f50242deae5492f2e4759c727488995f5
Reviewed-by: Richard J. Moore <rich@kde.org>
Remove #ifdef sections for Q_OS_WINCE and wince .pro file clauses in library,
examples and tests.
Task-number: QTBUG-51673
Change-Id: I3706336395620522ceda414d7437295d9ec64f16
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
Application-Layer Protocol Negotiation (ALPN) - is a reworked revision
of Next Protocol Negotiation (NPN) we have in our OpenSSL code.
Can be used as a part of HTTP2 negotiation during TLS handshake.
Change-Id: I484ec528c81d4887a64749095ec292dfaec18330
Reviewed-by: Richard J. Moore <rich@kde.org>
From Qt 5.7 -> tools & applications are lisenced under GPL v3 with some
exceptions, see
http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/
Updated license headers to use new GPL-EXCEPT header instead of LGPL21 one
(in those files which will be under GPL 3 with exceptions)
Change-Id: I42a473ddc97101492a60b9287d90979d9eb35ae1
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
When using cipher algorithms with forward secrecy an ephemeral key is
used to generate the symmetric session key. Beside the SSL certificate's
key, this ephemeral key is of cryptographic interest.
The ephemeral key is chosen by the server side - currently statically in
the Qt implementation - so it is only of interest on the client side to
check it. Therefore the ephemeral key is the null key if the connection
is set up in server mode or a cipher without forward secrecy is used.
Change-Id: If241247dbb8490a91233ae47f2b38952c6591bf4
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
TEST_HELPER_INSTALLS cannot be used on platforms with no
QProcess support.
Change-Id: I2a6a283d94ca4487fc628449c53fc37140dd291d
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
Move some code (like registrations of meta types) from init() to
initTestCase() in the process.
Change-Id: I57db5156647cfadab554fbed853b2e68b2815f3b
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@theqtcompany.com>
The platform is no longer supported or actively maintained, and is
in the way for improvements to the Unix event dispatcher and QProcess
implementations.
Change-Id: I3935488ca12e2139ea5f46068d7665a453e20526
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
As a follow-up for 5c1b9bbdf1 disable the
test on all platforms, since it fails on newer openssl. This was now
also happening on Windows, so until a fix is there, skip the test.
Change-Id: I6c8822c0ac5411b1114e9cd426219574ab1c9b54
Reviewed-by: Simon Hausmann <simon.hausmann@theqtcompany.com>
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@theqtcompany.com>
Use QByteArray/QString addition instead in loops and for
test row names.
Change-Id: I7974ace5b34f2da43e7511044e80de1e733245ac
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@theqtcompany.com>
Prefer QCOMPARE over QVERIFY for equality and use QLatin1String().
Change-Id: If226a0fc7b25be3e6774c7e36ca1e6f99234e5dd
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@theqtcompany.com>
Use character literals where applicable.
Change-Id: I1a026c320079ee5ca6f70be835d5a541deee2dd1
Reviewed-by: Simon Hausmann <simon.hausmann@theqtcompany.com>