Commit Graph

117 Commits

Author SHA1 Message Date
Marc Mutz
2f108fafe9 tst_QSslSocket: clean up
- port Q_FOREACH to C++11 range-for
- port use of inefficient QLists to QVector
- port from QSharedPointer to auto variables except where the
  payload is returned from a function (there ported to
  QSharedPointer::create())

Fixes errors pointed out by my tree's static checks.

In sslErrors(), fixed an unwanted double-detach problem by
adding a strategic qAsConst().

Change-Id: I8148e23b73337f6f1a721e009f2974536d8447cc
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
2016-08-19 19:03:54 +00:00
Lars Knoll
60985aa42b Use qtConfig throughout in qtbase
Use the new qtConfig macro in all pro/pri files.

This required adding some feature entries, and adding
{private,public}Feature to every referenced already existing entry.

Change-Id: I164214dad1154df6ad84e86d99ed14994ef97cf4
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
2016-08-19 04:28:05 +00:00
Liang Qi
17198e03ab Merge remote-tracking branch 'origin/5.7' into dev
Conflicts:
	qmake/doc/src/qmake-manual.qdoc
	src/corelib/global/qglobal.cpp
	src/corelib/tools/qstring.cpp
	src/network/socket/qabstractsocket.cpp
	src/network/socket/qnativesocketengine_unix.cpp
	src/plugins/platforms/eglfs/api/qeglfsglobal.h

Change-Id: Id5dfdbd30fa996f9b4b66a0b030b7d3b8c0ef288
2016-08-16 07:58:32 +02:00
Liang Qi
6b8f422c5e Merge remote-tracking branch 'origin/5.6' into 5.7
Conflicts:
	src/corelib/global/qglobal.cpp
	src/corelib/io/qsettings.cpp
	src/corelib/itemmodels/qstringlistmodel.cpp
	tests/auto/gui/image/qimagewriter/tst_qimagewriter.cpp

Change-Id: I1c6c306ef42c3c0234b19907914b19da706b4a03
2016-08-13 01:05:02 +02:00
Marc Mutz
033ebfae21 QSslDiffieHellmanParameters: make fit for release
- add missing \since 5.8 on free functions
- fix \relates of qHash to point to QSslDHP, not QHash, which is in another module
- API fix: use named instead of unnamed ctors
- share code between ctors
- API fix: add inline move ctor (for now, this requires using a naked d pointer,
  which isn't much of a problem, since the class is immutable).

Change-Id: Ic30f9c3c03b8a3798e0676e38991ead85c587214
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
2016-08-12 12:33:07 +00:00
Marc Mutz
3b0ea78603 tst_QSslSocket::setLocalCertificateChain(): fix resource leak when test fail
The deleteLater() call wasn't reliably reached when tests fail,
so use a QScopedPointer with QScopedPointerDeleteLater deleter.

Change-Id: Ica73bc73c2a0ac1e9b77e4804f2aedcad9b662a0
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2016-08-11 04:34:19 +00:00
Timur Pocheptsov
72adb7f00c tst_qsslsocket::protocolServerSide - try to fix failing ssl3-* *-ssl3
Test is strangely failing on Ubuntu 16.04 with OpenSSL 1.0.2g-fips.

Change-Id: I1498dee4c1d6db0702da3d3689787aed1e3a633f
Reviewed-by: Richard J. Moore <rich@kde.org>
2016-06-24 18:29:48 +00:00
Liang Qi
ea438b2508 Merge remote-tracking branch 'origin/5.7' into dev
Conflicts:
	src/corelib/global/qglobal.cpp
	src/corelib/global/qsysinfo.h
	src/corelib/kernel/qcoreapplication_win.cpp
	src/gui/text/qdistancefield.cpp
	src/gui/text/qdistancefield_p.h
	src/plugins/platforms/windows/qwindowsglcontext.cpp
	src/plugins/platforms/windows/qwindowsglcontext.h

Change-Id: Ib3500acc2b28553bde06758cd9a2e19eb7fe2978
2016-06-21 08:39:41 +02:00
Liang Qi
e32f1a4d61 Merge remote-tracking branch 'origin/5.6' into 5.7
And blacklisted a few tests in tst_QUdpSocket.

Conflicts:
	src/android/jar/src/org/qtproject/qt5/android/QtNative.java
	src/corelib/global/qglobal.cpp
	src/corelib/global/qsystemdetection.h
	src/corelib/io/qfileselector.cpp
	src/plugins/platforms/eglfs/deviceintegration/eglfs_kms_egldevice/qeglfskmsegldeviceintegration.cpp
	tests/auto/network/socket/qudpsocket/BLACKLIST

Task-number: QTBUG-54205
Change-Id: I11dd1c90186eb1b847d45be87a26041f61d89ef6
2016-06-20 08:00:26 +02:00
Timur Pocheptsov
23173c725c QSslSocket (OpenSSL) - handle abort/close on sslErrors emitted
If a user's code, attached to sslErrors signal, calls abort/close
or disconnectFromHost but our SSL socket was configured not to verify a peer,
no need to continue handshake after calling checkSslErrors
(and finally crashing on invalid 'ssl' pointer).

Task-number: QTBUG-53906
Change-Id: I7f185511d278f9d6f16e7d6c5ba424707141459c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
2016-06-14 07:29:01 +00:00
Liang Qi
511790fd1a Merge remote-tracking branch 'origin/5.7' into dev
Conflicts:
	config_help.txt
	configure
	mkspecs/features/uikit/sdk.prf
	src/corelib/global/qhooks.cpp
	src/corelib/io/qfilesystemwatcher.cpp
	src/corelib/io/qlockfile_unix.cpp
	src/corelib/tools/qalgorithms.h
	src/gui/kernel/qwindowsysteminterface.h
	src/gui/text/qtextdocument_p.cpp
	src/network/access/access.pri
	src/network/access/qnetworkaccessmanager.cpp
	src/network/access/qnetworkreplynsurlconnectionimpl.mm
	src/src.pro
	src/testlib/qtestcase.cpp
	src/widgets/kernel/qwidgetbackingstore_p.h
	src/widgets/styles/qwindowscestyle.cpp
	src/widgets/styles/qwindowsmobilestyle.cpp
	tests/auto/corelib/io/qdiriterator/qdiriterator.pro
	tests/auto/corelib/io/qfileinfo/qfileinfo.pro
	tests/auto/gui/kernel/qwindow/BLACKLIST
	tests/auto/widgets/dialogs/qfilesystemmodel/tst_qfilesystemmodel.cpp
	tools/configure/configureapp.cpp

Change-Id: Ibf7fb9c8cf263a810ade82f821345d0725c57c67
2016-06-13 12:46:46 +02:00
Timur Pocheptsov
f9b7385e24 tst_qsslsocket::protocolServerSide - blacklist on RHEL 7.2
protocolServerSide test fails with 'ssl3-any' and 'tls1.0-any' combo
on RHEL 7.2 with OpenSSL v1.0.1e-fips, it would work as OPENSSL_NO_SSL2
code-path, but OPENSSL_NO_SSL2 is not defined, so socket is in state
connected while it's expected to be unconnected.

Task-number: QTBUG-53608
Change-Id: Ib321b95129a6ab5b0691b40cb4acc612125633b2
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@qt.io>
2016-05-26 10:47:42 +00:00
Timur Pocheptsov
84f8203e38 tst_qsslsocket - re-structure the code
setEmptyDefaultConfiguration - this test (and this was stated explicitly
in comments!) must be the last test to run, otherwise, it can make subsequent
tests fail.

-exitLoop must be in 'protected slots' section not to be executed as a test,
since ... it's aux function, not a test.

Task-number: QTBUG-53608
Task-number: QTBUG-53603
Change-Id: I49d6d57ba927ecc4f20ae2d9325ad02fa46b0922
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@qt.io>
2016-05-26 09:40:08 +00:00
Mikkel Krautz
2cf63c71eb Add settable QSslDiffieHellmanParameters for QSslSocket-based servers.
Only the OpenSSL backend is supported right now.

[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
set custom Diffie-Hellman parameters for QSslSocket-based servers.

Change-Id: I50148873132cd0ec7e414250b107b6b4cbde02ea
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
2016-05-25 20:00:12 +00:00
André Klitzing
0eaac0a3a9 Add support for PSK on server side
[ChangeLog][QtNetwork][QSslSocket] TLS PSK ciphers are possible in server sockets.

Task-number: QTBUG-39077
Change-Id: Iaa854a6f50242deae5492f2e4759c727488995f5
Reviewed-by: Richard J. Moore <rich@kde.org>
2016-05-02 20:33:00 +00:00
Friedemann Kleint
04aa760711 QtNetwork: Remove Windows CE.
Remove #ifdef sections for Q_OS_WINCE and wince .pro file clauses in library,
examples and tests.

Task-number: QTBUG-51673
Change-Id: I3706336395620522ceda414d7437295d9ec64f16
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
2016-03-29 20:28:18 +00:00
Timur Pocheptsov
765eab5103 qsslsocket/qsslcontext - add ALPN (OpenSSL only)
Application-Layer Protocol Negotiation (ALPN) - is a reworked revision
of Next Protocol Negotiation (NPN) we have in our OpenSSL code.
Can be used as a part of HTTP2 negotiation during TLS handshake.

Change-Id: I484ec528c81d4887a64749095ec292dfaec18330
Reviewed-by: Richard J. Moore <rich@kde.org>
2016-03-21 15:01:12 +00:00
Jani Heikkinen
f776595cc1 Updated license headers
From Qt 5.7 -> tools & applications are lisenced under GPL v3 with some
exceptions, see
http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/

Updated license headers to use new GPL-EXCEPT header instead of LGPL21 one
(in those files which will be under GPL 3 with exceptions)

Change-Id: I42a473ddc97101492a60b9287d90979d9eb35ae1
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
2016-01-21 18:55:18 +00:00
Sebastian Lösch
73ad2bf32f Make ephemeral server key available
When using cipher algorithms with forward secrecy an ephemeral key is
used to generate the symmetric session key. Beside the SSL certificate's
key, this ephemeral key is of cryptographic interest.

The ephemeral key is chosen by the server side - currently statically in
the Qt implementation - so it is only of interest on the client side to
check it. Therefore the ephemeral key is the null key if the connection
is set up in server mode or a cipher without forward secrecy is used.

Change-Id: If241247dbb8490a91233ae47f2b38952c6591bf4
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
2016-01-04 18:10:14 +00:00
Liang Qi
beb65dcd79 Merge remote-tracking branch 'origin/5.6' into dev
Conflicts:
	src/gui/painting/painting.pri
	src/plugins/platforms/xcb/qxcbconnection.cpp
	tests/auto/corelib/thread/qthreadstorage/qthreadstorage.pro
	tests/auto/corelib/tools/qlocale/test/test.pro
	tests/auto/gui/kernel/qwindow/tst_qwindow.cpp
	tools/configure/environment.cpp

Change-Id: I9c40f458b89b2c206de2d2c24e90b5f679c93495
2015-12-18 08:37:31 +01:00
Maurice Kalinowski
acdd57cb43 Fix compilation for WinRT
TEST_HELPER_INSTALLS cannot be used on platforms with no
QProcess support.

Change-Id: I2a6a283d94ca4487fc628449c53fc37140dd291d
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
2015-12-14 08:43:15 +00:00
Friedemann Kleint
1289bc8172 Tests: Remove empty init/cleanup slots, constructors and destructors.
Move some code (like registrations of meta types) from init() to
initTestCase() in the process.

Change-Id: I57db5156647cfadab554fbed853b2e68b2815f3b
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@theqtcompany.com>
2015-12-10 05:26:05 +00:00
Frederik Gladhorn
77da617dc8 Merge remote-tracking branch 'origin/5.5' into dev
Conflicts:
	doc/global/qt-cpp-defines.qdocconf
	src/3rdparty/forkfd/forkfd.c
	src/corelib/codecs/qtextcodec.cpp
	src/corelib/kernel/qmetatype.cpp
	src/corelib/tools/qset.qdoc
	src/gui/accessible/qaccessible.cpp
	src/gui/image/qpixmapcache.cpp
	src/opengl/qgl.cpp
	src/tools/qdoc/generator.cpp
	src/widgets/kernel/qwidget.cpp
	tests/auto/widgets/widgets/qcombobox/tst_qcombobox.cpp

Change-Id: I4fbe1fa756a54c6843aa75f4ef70a1069ba7b085
2015-08-06 10:54:01 +02:00
Friedemann Kleint
57dbdcd92f tests/auto/network: Replace Q[TRY]_VERIFY(a == b) by Q[TRY]_COMPARE(a, b).
- Replace Q[TRY]_VERIFY(pointer == 0) by Q[TRY]_VERIFY(!pointer).
- Replace Q[TRY]_VERIFY(smartPointer == 0)  by
          Q[TRY]_VERIFY(smartPointer.isNull()).
- Replace Q[TRY]_VERIFY(a == b) by  Q[TRY]_COMPARE(a, b) and
  add casts where necessary. The values will then be logged
  should a test fail.

Change-Id: Icaa1edafcc6e2779fbd6dbc2c058544d6e07f1e9
Reviewed-by: Richard J. Moore <rich@kde.org>
2015-07-31 04:29:33 +00:00
Jeremy Lainé
ce87d82d4a ssl: fix comment typo in QSslSocket tests
The comment about non-OpenSSL backends not reproting a specific error
for self-signed certificates contained a typo, this fixes it.

Change-Id: I3010981d5d87d68ebf5e984c003b8bbbfb019b96
Reviewed-by: Timur Pocheptsov <Timur.Pocheptsov@digia.com>
2015-07-28 19:06:05 +00:00
Liang Qi
0aa2d318b1 Merge remote-tracking branch 'origin/5.5' into dev
Conflicts:
	src/corelib/global/qglobal.cpp
	src/corelib/global/qglobal.h
	src/corelib/global/qsysinfo.h
	src/corelib/global/qsystemdetection.h
	src/corelib/kernel/qobjectdefs.h
	src/plugins/plugins.pro
	tests/auto/widgets/itemviews/qlistview/qlistview.pro

Change-Id: Ib55aa79d707c4c1453fb9d697f6cf92211ed665c
2015-07-01 11:05:26 +02:00
Simon Hausmann
f3939d943e Blacklist and skip various tests that are flakey
They didn't show up in the "old" CI runs because they usually pass the second
time they are executed - which the testrunner does. The new CI doesn't do that
anymore, instead we now mark those tests explicitly and will track their record
of passing and failing in the new metrics database.

Change-Id: Id34dd6f792f38995b07b6fec88f833df64de2f8b
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
2015-06-14 10:50:45 +00:00
Oswald Buddenhagen
d32f47b703 fix usage of wince scope
Fix style issues along the way.

Change-Id: Ic6a6de28e198eb0b14c198b802e78845703909b9
Reviewed-by: Joerg Bornemann <joerg.bornemann@theqtcompany.com>
2015-06-05 10:29:10 +00:00
Simon Hausmann
e2f66f9215 Merge remote-tracking branch 'origin/5.5' into dev
Conflicts:
	src/corelib/global/qnamespace.qdoc
	src/corelib/io/qwindowspipereader.cpp
	src/corelib/io/qwindowspipereader_p.h
	src/corelib/statemachine/qstatemachine.cpp
	src/corelib/statemachine/qstatemachine_p.h
	src/plugins/platforms/xcb/qxcbconnection.h
	tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
	tests/auto/tools/qmake/tst_qmake.cpp
	tests/manual/touch/main.cpp

Change-Id: I917d694890e79ee3da7d65134b5b085e23e0dd62
2015-06-03 10:23:56 +02:00
Friedemann Kleint
06de0da1e8 Make warnings of QIODevice more verbose.
Include class name, object name and file name when available.
For the bug in question:

QIODevice::read: device not open

becomes

QIODevice::read (QTcpSocket, "QFtpDTP Passive state socket"): device not open

Adding a static function also makes it easier to set a breakpoint
and find the culprit.

Task-number: QTBUG-46112
Change-Id: Ic181d8ab292912d1acbcc3cb84d9679fe4842ca0
Reviewed-by: Laszlo Papp <lpapp@kde.org>
Reviewed-by: Alex Trotsenko <alex1973tr@gmail.com>
Reviewed-by: Kai Koehne <kai.koehne@theqtcompany.com>
2015-05-23 08:59:20 +00:00
Richard J. Moore
00f0a4119c Add the ability to prefer the cipher preferences specified by the server.
Currently the cipher preferred by the client will always be used for SSL
connections. This change makes it so that by default the ciphers
specified by the server will be used (like the Apache SSLHonorCipherOrder
option). This behavior can be disabled using a new SslOption.

[ChangeLog][QtNetwork][QSslSocket] QSslSocket will now default to using
the cipher preferences of the server socket when used as an SSL server.
This can be disabled using the QSslConfiguration.

Change-Id: I2d16d10145cf88a7412f30ef960d87024777de1c
Reviewed-by: Peter Hartmann <peter-qt@hartmann.tk>
2015-04-25 12:10:50 +00:00
Thiago Macieira
699e7a0869 Remove the tests for Ubuntu Oneiric (11.10)
This system is no longer in the CI rotation and we haven't had reports
of the same issues happening on later versions. Either the issues have
since been fixed or they were never an issue in Qt in the first place.

This commit has the additional benefit of getting rid of the following
shell error when qmake was run:
	sh: line 0: [: =: unary operator expected
as /etc/lsb-release hasn't contained DISTRIB_CODENAME for some time and
proper quoting was never implemented (not even qtcpsocket.pro).

Change-Id: Ia0aac2f09e9245339951ffff13c829e910ee64e9
Reviewed-by: Albert Astals Cid <albert.astals@canonical.com>
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2015-03-17 01:26:13 +00:00
Timur Pocheptsov
63e017ee77 QSslSocket test - adapt 'verifyClientCertificate' for Secure Transport
Secure Transport relies on keychains, both client/server are constantly
updating default keychain and as a result tests are failing: when
verification is expected to fail, it succeeds; when the number of certificates
is expected to be 1 - it's 2 (Secure Transport can find certificates in a keychain).
This makes verifyClientCertificate test quite useless at the moment - QSKIP it.

Change-Id: I578398b4912a86dc60f585ac5a1bdd0098914005
Reviewed-by: Richard J. Moore <rich@kde.org>
2015-02-13 20:43:09 +00:00
Jani Heikkinen
83a5694dc2 Update copyright headers
Qt copyrights are now in The Qt Company, so we could update the source
code headers accordingly. In the same go we should also fix the links to
point to qt.io.

Outdated header.LGPL removed (use header.LGPL21 instead)

Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing
combination. New header.LGPL-COMM taken in the use file which were
using old header.LGPL3 (src/plugins/platforms/android/extract.cpp)

Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license
combination

Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe
Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
2015-02-11 06:49:51 +00:00
Jeremy Lainé
06524c11dc ssl: add test for server-side QSslSocket::PeerVerifyMode
This adds tests to check the behavior of a QSslSocket-based server when
presented with various client certificates.

Change-Id: I431157e46cfb00880ae8b7a33015cce50e56b6bb
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
2015-02-07 06:51:05 +00:00
Jeremy Lainé
5382312e5c Add SecureTransport based SSL backend for iOS and OS X
Add support for SSL on iOS/OS X by adding a SecureTransport based
backend.

[ChangeLog][QtNetwork][QSslSocket] A new SSL backend for iOS and OS X,
implemented with Apple's Secure Transport (Security Framework).

Change-Id: I7466db471be2a8a2170f9af9d6ad4c7b6425738b
Reviewed-by: Richard J. Moore <rich@kde.org>
2015-02-02 14:02:56 +00:00
Shawn Rutledge
fe8900405d Use qt.io rather than qt-project.org for network tests
Mainly because of a change in certificates which is causing failing
tests.

Change-Id: I8304e5ac4107428a250b71be5df7b5399a811017
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@digia.com>
2015-01-28 12:50:32 +00:00
Giuseppe D'Angelo
bd26defd9b QSslSocket: introduce support for TLS PSK (client side)
[ChangeLog][QtNetwork][QSslSocket] It is now possible to use TLS PSK
ciphersuites in client sockets.

Task-number: QTBUG-39077
Change-Id: I5523a2be33d46230c6f4106c322fab8a5afa37b4
Reviewed-by: Richard J. Moore <rich@kde.org>
2015-01-23 00:35:21 +01:00
Jeremy Lainé
14d1097f45 ssl: store socket in setEmptyDefaultConfiguration
The setEmptyDefaultConfiguration test creates a socket and connects its
sslErrors signal to tst_QSslSocket's ignoreErrorSlot slot. This slot
expects the socket to have been stored in tst_QsslSocket's "socket"
member, which was not being done. This patch fixes this problem.

It does beg the question of whether having a "socket" member in the
tst_QSslSocket class is a good idea as it is error prone.

Change-Id: Ic59d1789c5f1ed240c3f0c37981f6ecc35572f0d
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-12-13 08:32:19 +01:00
Simon Hausmann
015002fec9 Merge remote-tracking branch 'origin/5.4' into dev
Conflicts:
	doc/global/template/style/online.css
	mkspecs/android-g++/qmake.conf

Change-Id: Ib39ea7bd42f5ae12e82a3bc59a66787a16bdfc61
2014-12-10 07:58:06 +01:00
Jeremy Lainé
0a1d7f6151 ssl: merge and tighten sslErrors and peerVerifyError tests
The sslErrors and peerVerifyError test the same situation: connect to a
server which is using the fluke certificate, using the incorrect host name.
They connect respectively to qt-test-server:993 and the.server.ip.address:443.

The sslErrors is prone to backend-dependent failures concerning the order
in which SSL errors are received, just like the peerVerifyError test was
until recently.

This change merges these two tests into one, which is run against the same
two servers as previously. It also adds a check to ensure that sslErrors
and peerVerifyError emit the same SSL errors (regardless of order).

This also fixes the included headers for non-OpenSSL backends.

Change-Id: Ibd5f60d24f1682989378e87729389e4b8f9efac5
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-12-09 16:58:08 +01:00
Tony Sarajärvi
aed71b6832 Blacklist one tst_qsslsocket test
Task-number: QTBUG-29941
Change-Id: Ieb3418a2d6d88ebd399964b5df20d9fe4d6ca37b
Reviewed-by: Simo Fält <simo.falt@digia.com>
2014-11-26 10:47:08 +01:00
Allan Sandfeld Jensen
3fd2d9eff8 Update QSsl::SecureProtocols to not include Sslv3
After the poodle vulnerability SSLv3 should like SSLv2 no longer be
considered safe, so when a user request a safe protocol we should
only allow TLS versions.

[ChangeLog][QtNetwork][QSsl] QSsl::SecureProtocols now also excludes SSLv3

Change-Id: If825f6beb599294b028d706903b39db6b20be519
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-10-24 12:46:26 +02:00
Matti Paaso
974c210835 Update license headers and add new license files
- Renamed LICENSE.LGPL to LICENSE.LGPLv21
- Added LICENSE.LGPLv3
- Removed LICENSE.GPL

Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2
Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
2014-09-24 12:26:19 +02:00
Jeremy Lainé
863f598b65 ssl: make peerVerifyError test agnostic of error order
Currently the peerVerifyError test for QSslSocket makes an assumption
about the order in which SSL errors are emitted by peerVerifyError. This
assumption does not necessarily hold for non-OpenSSL backends.

This change fixes this assumption, and also checks that HostNameMismatch
was found both in the errors emitted by peerVerifyError and by sslErrors.

Change-Id: I856d1ea43b36332db0f178d35fc14a4bb18ad673
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-09-05 12:20:25 +02:00
Jeremy Lainé
7b1dad8021 ssl: enable non-OpenSSL backends to compile QSslSocket tests
Some of the QSslSocket tests use OpenSSL-specific symbols. This
change fixes this issue.

Change-Id: Ib67efa42a15facaf0ad34fc0466341a37d945d1e
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
2014-09-05 12:20:02 +02:00
Jeremy Lainé
d4dc3159c7 Check certificate nullity instead of handle
This changes tests which use QSslCertificate::handle() to determine
if a certificate is null to use QSslCertificate::isNull() instead.

This is required for non-OpenSSL backends which do not actually
expose a private handle.

Change-Id: I9523ba0dd00d47ba337b543ad34840125db99bfb
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
2014-08-28 13:33:46 +02:00
Andrew Knight
ecbf6dfbf5 ssl: Share the host name matching utilities
This moves the socket backend's host name matching functions up to
QSslSocketPrivate so that they can be shared between backends. This
works, as there is no OpenSSL-specific code here.

Change-Id: I73c2081fdc2e60a44c90e90800d1e1877391a626
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-08-27 15:03:58 +02:00
Richard J. Moore
1a8788d966 Move the PKCS#12 support from QSslSocket to QSslCertificate.
Discussed with Peter and agreed that it's a slightly better fit there.

Change-Id: If8db777336e2273670a23d75d8542b30c07e0d7b
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-05-14 11:08:01 +02:00
Richard J. Moore
50e8e95385 Add support for loading PKCS#12 bundles.
Add support for loading certificates and keys from PKCS#12 bundles
(also known as pfx files).

Task-number: QTBUG-1565

[ChangeLog][QtNetwork][QSslSocket] Support for loading PKCS#12
bundles was added. These are often used to transport keys and
certificates conveniently, particularly when making use of
client certificates.

Change-Id: Idaeb2cb4dac4b19881a5c99c7c0a7eea00c2b207
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
2014-05-11 23:50:03 +02:00