Commit Graph

77 Commits

Author SHA1 Message Date
Simon Hausmann
e2f66f9215 Merge remote-tracking branch 'origin/5.5' into dev
Conflicts:
	src/corelib/global/qnamespace.qdoc
	src/corelib/io/qwindowspipereader.cpp
	src/corelib/io/qwindowspipereader_p.h
	src/corelib/statemachine/qstatemachine.cpp
	src/corelib/statemachine/qstatemachine_p.h
	src/plugins/platforms/xcb/qxcbconnection.h
	tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
	tests/auto/tools/qmake/tst_qmake.cpp
	tests/manual/touch/main.cpp

Change-Id: I917d694890e79ee3da7d65134b5b085e23e0dd62
2015-06-03 10:23:56 +02:00
Friedemann Kleint
06de0da1e8 Make warnings of QIODevice more verbose.
Include class name, object name and file name when available.
For the bug in question:

QIODevice::read: device not open

becomes

QIODevice::read (QTcpSocket, "QFtpDTP Passive state socket"): device not open

Adding a static function also makes it easier to set a breakpoint
and find the culprit.

Task-number: QTBUG-46112
Change-Id: Ic181d8ab292912d1acbcc3cb84d9679fe4842ca0
Reviewed-by: Laszlo Papp <lpapp@kde.org>
Reviewed-by: Alex Trotsenko <alex1973tr@gmail.com>
Reviewed-by: Kai Koehne <kai.koehne@theqtcompany.com>
2015-05-23 08:59:20 +00:00
Richard J. Moore
00f0a4119c Add the ability to prefer the cipher preferences specified by the server.
Currently the cipher preferred by the client will always be used for SSL
connections. This change makes it so that by default the ciphers
specified by the server will be used (like the Apache SSLHonorCipherOrder
option). This behavior can be disabled using a new SslOption.

[ChangeLog][QtNetwork][QSslSocket] QSslSocket will now default to using
the cipher preferences of the server socket when used as an SSL server.
This can be disabled using the QSslConfiguration.

Change-Id: I2d16d10145cf88a7412f30ef960d87024777de1c
Reviewed-by: Peter Hartmann <peter-qt@hartmann.tk>
2015-04-25 12:10:50 +00:00
Timur Pocheptsov
63e017ee77 QSslSocket test - adapt 'verifyClientCertificate' for Secure Transport
Secure Transport relies on keychains, both client/server are constantly
updating default keychain and as a result tests are failing: when
verification is expected to fail, it succeeds; when the number of certificates
is expected to be 1 - it's 2 (Secure Transport can find certificates in a keychain).
This makes verifyClientCertificate test quite useless at the moment - QSKIP it.

Change-Id: I578398b4912a86dc60f585ac5a1bdd0098914005
Reviewed-by: Richard J. Moore <rich@kde.org>
2015-02-13 20:43:09 +00:00
Jani Heikkinen
83a5694dc2 Update copyright headers
Qt copyrights are now in The Qt Company, so we could update the source
code headers accordingly. In the same go we should also fix the links to
point to qt.io.

Outdated header.LGPL removed (use header.LGPL21 instead)

Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing
combination. New header.LGPL-COMM taken in the use file which were
using old header.LGPL3 (src/plugins/platforms/android/extract.cpp)

Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license
combination

Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe
Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
2015-02-11 06:49:51 +00:00
Jeremy Lainé
06524c11dc ssl: add test for server-side QSslSocket::PeerVerifyMode
This adds tests to check the behavior of a QSslSocket-based server when
presented with various client certificates.

Change-Id: I431157e46cfb00880ae8b7a33015cce50e56b6bb
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
2015-02-07 06:51:05 +00:00
Jeremy Lainé
5382312e5c Add SecureTransport based SSL backend for iOS and OS X
Add support for SSL on iOS/OS X by adding a SecureTransport based
backend.

[ChangeLog][QtNetwork][QSslSocket] A new SSL backend for iOS and OS X,
implemented with Apple's Secure Transport (Security Framework).

Change-Id: I7466db471be2a8a2170f9af9d6ad4c7b6425738b
Reviewed-by: Richard J. Moore <rich@kde.org>
2015-02-02 14:02:56 +00:00
Shawn Rutledge
fe8900405d Use qt.io rather than qt-project.org for network tests
Mainly because of a change in certificates which is causing failing
tests.

Change-Id: I8304e5ac4107428a250b71be5df7b5399a811017
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@digia.com>
2015-01-28 12:50:32 +00:00
Giuseppe D'Angelo
bd26defd9b QSslSocket: introduce support for TLS PSK (client side)
[ChangeLog][QtNetwork][QSslSocket] It is now possible to use TLS PSK
ciphersuites in client sockets.

Task-number: QTBUG-39077
Change-Id: I5523a2be33d46230c6f4106c322fab8a5afa37b4
Reviewed-by: Richard J. Moore <rich@kde.org>
2015-01-23 00:35:21 +01:00
Jeremy Lainé
14d1097f45 ssl: store socket in setEmptyDefaultConfiguration
The setEmptyDefaultConfiguration test creates a socket and connects its
sslErrors signal to tst_QSslSocket's ignoreErrorSlot slot. This slot
expects the socket to have been stored in tst_QsslSocket's "socket"
member, which was not being done. This patch fixes this problem.

It does beg the question of whether having a "socket" member in the
tst_QSslSocket class is a good idea as it is error prone.

Change-Id: Ic59d1789c5f1ed240c3f0c37981f6ecc35572f0d
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-12-13 08:32:19 +01:00
Jeremy Lainé
0a1d7f6151 ssl: merge and tighten sslErrors and peerVerifyError tests
The sslErrors and peerVerifyError test the same situation: connect to a
server which is using the fluke certificate, using the incorrect host name.
They connect respectively to qt-test-server:993 and the.server.ip.address:443.

The sslErrors is prone to backend-dependent failures concerning the order
in which SSL errors are received, just like the peerVerifyError test was
until recently.

This change merges these two tests into one, which is run against the same
two servers as previously. It also adds a check to ensure that sslErrors
and peerVerifyError emit the same SSL errors (regardless of order).

This also fixes the included headers for non-OpenSSL backends.

Change-Id: Ibd5f60d24f1682989378e87729389e4b8f9efac5
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-12-09 16:58:08 +01:00
Allan Sandfeld Jensen
3fd2d9eff8 Update QSsl::SecureProtocols to not include Sslv3
After the poodle vulnerability SSLv3 should like SSLv2 no longer be
considered safe, so when a user request a safe protocol we should
only allow TLS versions.

[ChangeLog][QtNetwork][QSsl] QSsl::SecureProtocols now also excludes SSLv3

Change-Id: If825f6beb599294b028d706903b39db6b20be519
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-10-24 12:46:26 +02:00
Matti Paaso
974c210835 Update license headers and add new license files
- Renamed LICENSE.LGPL to LICENSE.LGPLv21
- Added LICENSE.LGPLv3
- Removed LICENSE.GPL

Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2
Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
2014-09-24 12:26:19 +02:00
Jeremy Lainé
863f598b65 ssl: make peerVerifyError test agnostic of error order
Currently the peerVerifyError test for QSslSocket makes an assumption
about the order in which SSL errors are emitted by peerVerifyError. This
assumption does not necessarily hold for non-OpenSSL backends.

This change fixes this assumption, and also checks that HostNameMismatch
was found both in the errors emitted by peerVerifyError and by sslErrors.

Change-Id: I856d1ea43b36332db0f178d35fc14a4bb18ad673
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-09-05 12:20:25 +02:00
Jeremy Lainé
7b1dad8021 ssl: enable non-OpenSSL backends to compile QSslSocket tests
Some of the QSslSocket tests use OpenSSL-specific symbols. This
change fixes this issue.

Change-Id: Ib67efa42a15facaf0ad34fc0466341a37d945d1e
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
2014-09-05 12:20:02 +02:00
Jeremy Lainé
d4dc3159c7 Check certificate nullity instead of handle
This changes tests which use QSslCertificate::handle() to determine
if a certificate is null to use QSslCertificate::isNull() instead.

This is required for non-OpenSSL backends which do not actually
expose a private handle.

Change-Id: I9523ba0dd00d47ba337b543ad34840125db99bfb
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
2014-08-28 13:33:46 +02:00
Andrew Knight
ecbf6dfbf5 ssl: Share the host name matching utilities
This moves the socket backend's host name matching functions up to
QSslSocketPrivate so that they can be shared between backends. This
works, as there is no OpenSSL-specific code here.

Change-Id: I73c2081fdc2e60a44c90e90800d1e1877391a626
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-08-27 15:03:58 +02:00
Richard J. Moore
1a8788d966 Move the PKCS#12 support from QSslSocket to QSslCertificate.
Discussed with Peter and agreed that it's a slightly better fit there.

Change-Id: If8db777336e2273670a23d75d8542b30c07e0d7b
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-05-14 11:08:01 +02:00
Richard J. Moore
50e8e95385 Add support for loading PKCS#12 bundles.
Add support for loading certificates and keys from PKCS#12 bundles
(also known as pfx files).

Task-number: QTBUG-1565

[ChangeLog][QtNetwork][QSslSocket] Support for loading PKCS#12
bundles was added. These are often used to transport keys and
certificates conveniently, particularly when making use of
client certificates.

Change-Id: Idaeb2cb4dac4b19881a5c99c7c0a7eea00c2b207
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
2014-05-11 23:50:03 +02:00
Frederik Gladhorn
dda9b5325f Add missing #ifndef QT_NO_SSL
Change-Id: I2912dcca77270582f6e989b8b3fb72b82f6f70d6
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-04-25 10:55:31 +02:00
Richard J. Moore
814a1c7b2b Support for DH and ECDH key exchange for QSslSocket servers
Despite supporting DH and ECDH key exchange as a client, Qt did not provide
any default parameters which prevented them being used as a server. A
future change should allow the user to control the parameters used, but
these defaults should be okay for most users.

[ChangeLog][Important Behavior Changes] Support for DH and ECDH key exchange
cipher suites when acting as an SSL server has been made possible. This
change means the you can now implement servers that offer forward-secrecy
using Qt.

Task-number: QTBUG-20666
Change-Id: I469163900e4313da9d2d0c3e1e5e47ef46320b17
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-04-09 20:53:06 +02:00
Friedemann Kleint
5b00bb39f2 Polish tst_qsslsocket a bit.
Output the SSL library version, output socket error string on connection
failure consistently, silence numerous warnings about QIODevice not
being open in tst_QSslSocket::constructing.

Change-Id: Ia23d42de5b2daca55b2f6f50af025d61e99c52a0
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-03-26 07:22:35 +01:00
Frederik Gladhorn
46791c08e1 Merge "Merge remote-tracking branch 'origin/stable' into dev" into refs/staging/dev 2014-01-21 17:57:54 +01:00
Richard J. Moore
5c19fad8c1 Ensure weak ciphers are not part of the default SSL configuration.
Any cipher that is < 128 bits is excluded from the default SSL
configuration. These ciphers are still included in the list
of availableCiphers() and can be used by applications if required.
Calling QSslSocket::setDefaultCiphers(QSslSocket::availableCiphers())
will restore the old behavior.

Note that in doing so I spotted that calling defaultCiphers() before
doing other actions with SSL had an existing bug that I've addressed
as part of the change.

[ChangeLog][Important Behavior Changes] The default set of
ciphers used by QSslSocket has been changed to exclude ciphers that are
using key lengths smaller than 128 bits. These ciphers are still available
and can be enabled by applications if required.

Change-Id: If2241dda67b624e5febf788efa1369f38c6b1dba
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2014-01-21 03:41:34 +01:00
Frederik Gladhorn
9033977d39 Merge remote-tracking branch 'origin/stable' into dev
Conflicts:
	src/corelib/global/qglobal.h
	src/corelib/tools/qstring.cpp
	src/gui/image/image.pri
	src/gui/image/qimage.cpp
	src/plugins/platforms/cocoa/qcocoawindow.h
	src/plugins/platforms/cocoa/qcocoawindow.mm
	src/plugins/platforms/eglfs/qeglfshooks_stub.cpp
	tests/auto/corelib/io/qstandardpaths/tst_qstandardpaths.cpp

Change-Id: I3b9ba029c8f2263b011f204fdf68c3231c6d4ce5
2014-01-20 18:18:59 +01:00
Richard J. Moore
7c8131763d Prevent spurious SSL errors from local certificates.
Qt since approximately 4.4 has set the verify callback on both the SSL
store and the SSL context. Only the latter is actually needed. This is
normally not a problem, but openssl prior to 1.0.2 uses the verify
code to find the intermediate certificates for any local certificate
that has been set which can lead to verification errors for the local
certificate to be emitted.

Task-number: QTBUG-33228
Task-number: QTBUG-7200
Task-number: QTBUG-24234
Change-Id: Ie4115e7f7faa1267ea9b807c01b1ed6604c4a16c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2014-01-16 21:57:06 +01:00
Oliver Wolff
1efe5d4b41 WinRT: Fixed compilation of network autotests and benchmarks
Change-Id: Id689f199cfb22dce231cec36faba57ab958b1bac
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
2013-12-06 15:06:47 +01:00
Sergio Ahumada
b0b754632e test: Skip some more qsslsocket flaky tests [part 2]
Task-number: QTBUG-29941
Change-Id: I28e71f952fcade6ab0aa76db71a1e2f408952830
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-08-16 17:08:24 +02:00
Sergio Ahumada
983fa9b5cb test: Skip some more qsslsocket flaky tests
Task-number: QTBUG-29941
Change-Id: Iaf1c4834ef36db284464184639a1ab00928510cf
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2013-08-13 17:08:13 +02:00
Sergio Ahumada
d6522b70ad test: Skip some flaky tests, but only if they are expected to fail
Task-number: QTBUG-29941
Change-Id: Ieca736c26711fa292855b3281229282628dce608
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-08-10 22:31:42 +02:00
Peter Hartmann
e145b67fbd SSL internals: do not write after shutting down the socket
... but rather throw an error, so the HTTP layer can recover from a SSL
shutdown gracefully. In case the other side sent us a shutdown, we should
not send one as well, as it results in an error.

Change-Id: Ie7a56cf3008b6ead912aade18dbec67846e2a87e
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-04-23 23:22:43 +02:00
Samuel Rødal
2ab9b747fc Merge remote-tracking branch 'gerrit/release' into stable
Conflicts:
	configure
	mkspecs/features/qt_module_headers.prf
	mkspecs/features/qt_tool.prf
	src/angle/angle.pro
	src/tools/bootstrap/bootstrap.pro
	tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp

Change-Id: Ide5759fe419a50f1c944211a48f7c66f662684e0
2013-03-21 08:49:01 +01:00
Samuel Rødal
678320788e Skip unstable tst_QSslSocket test case.
The connection to qt-project.org seems to be the one that causes this
particular test case to fail.

Task-number: QTBUG-29941
Change-Id: Ie5e430646997e86e3acb04132cd90a1773a091da
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2013-03-20 16:11:40 +01:00
Oswald Buddenhagen
76c0be34cd Merge branch 'dev' into stable
This starts Qt 5.1 release cycle

Conflicts:
	src/gui/text/qfontdatabase.cpp
	src/gui/text/qharfbuzz_copy_p.h
	src/widgets/kernel/qapplication.cpp
	src/widgets/kernel/qcoreapplication.cpp

Change-Id: I72fbf83ab3c2206aeea1b089428b0fc2a89bd62b
2013-03-20 13:49:28 +01:00
Stephen Kelly
ff84d2258f Don't fail on tst_QSslSocket::setReadBufferSize_task_250027
It is flakey and often blocks integration.

Task-number: QTBUG-29730

Change-Id: I8acfc243ec6a6782b7f7d78fc27827f3fdc1ce52
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
2013-03-15 10:04:03 +01:00
Richard Moore
7898080ca7 Add support for intermediate certificates to server sockets.
Add intermediate certificates to our server sockets, and to our client
certs.

Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba
Task-Number: QTBUG-19825
Task-Number: QTBUG-13281
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2013-02-19 21:37:24 +01:00
Richard Moore
4a07519877 Store the local certificate in a QList.
Instead of storing a single QSslCertificate for a the local cert, store
a list of them. This will allow us to handle server sockets that use a
certificate that is not issued directly from the CA root in future.

Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2013-02-19 21:37:14 +01:00
Giuseppe D'Angelo
e88011357e Merge "Merge remote-tracking branch 'origin/stable' into dev" into refs/staging/dev 2013-02-17 20:31:38 +01:00
Tor Arne Vestbø
2df8884bc6 Skip tst_QSslSocket::setReadBufferSize_task_250027()
It's flakey and is blocking integration. Tracked in QTBUG-29730.

Change-Id: Ia5b8f952314bf2e1aa6dbb5c5c0a97e32e68d0f6
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@digia.com>
2013-02-17 20:31:31 +01:00
Sze Howe Koh
7bb43454b8 Fix minor typos in docs, printed messages & comments
Missing apostrophes

Change-Id: I3ef5e9d494fb7a37f8e6075f24cd3a274e572c23
Reviewed-by: Jerome Pasion <jerome.pasion@digia.com>
2013-01-28 18:12:41 +01:00
Sergio Ahumada
48e0c4df23 Update copyright year in Digia's license headers
Change-Id: Ic804938fc352291d011800d21e549c10acac66fb
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
2013-01-18 09:07:35 +01:00
Sergio Ahumada
83188c6499 test: Change trolltech.com:443 to qt-project.org:443
trolltech.com seems to be shut down already

Change-Id: Ic90ce01aeb51b6f154b9bbf4762c365a398c9e3d
Reviewed-by: Simo Fält <simo.falt@digia.com>
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
2013-01-03 11:32:17 +01:00
Stephen Kelly
348c5bd19a Fix some typos in QProcess and QSslSocket unit tests.
The QSslSocket one is both wrong and redundant as there is a
Q_DECLARE_METATYPE for it already.

Change-Id: I63d065abfb3d0e3d82a8b1f29a6752b7676db847
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
2012-12-04 14:41:43 +01:00
Marc Mutz
a4ffbfefe7 normalise signal/slot signatures [QtNetwork tests]
Change-Id: I2491cfe421a811d00759224da03580b3dcc2a091
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-10-19 00:44:54 +02:00
Iikka Eklund
be15856f61 Change copyrights from Nokia to Digia
Change copyrights and license headers from Nokia to Digia

Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
2012-09-22 19:20:11 +02:00
Richard Moore
5ea896fbc6 Disable SSL compression by default.
Disable SSL compression by default since this appears to be the a likely
cause of the currently hyped CRIME attack.

Change-Id: I515fcc46f5199acf938e9e880a4345f2d405b2a3
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2012-09-18 14:12:17 +02:00
Brendan Long
860f95946b Add support for explicit TLS 1.1 and 1.2
Add SslProtocol enums TlsV1_1 and TlsV1_2 and use the appropriate OpenSSL
methods when they're selected (TLSv1_1_client_method, TLSv1_2_client_method,
TLSv1_1_server_method and TLSv1_2_server_method). This allows us to
explicitly use TLS 1.1 or 1.2.

Task-number: QTBUG-26866
Change-Id: I159da548546fa746c20e9e96bc0e5b785e4e761b
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-08-29 14:22:54 +02:00
Marc Mutz
79b742b7e0 QtNetwork: use nullary version of qRegisterMetaType<T>("T")
Using the nullary version has the advantage that multiple calls
during a program run are much more efficient, since an inlined
atomic is used to store the result. It also ensures that
Q_DECLARE_METATYPE(T) has been used, whereas qRegisterMetaType<T>("T")
will happily register anything. So I've added the macro where it
was missing, or moved it to a central place when it existed
hidden.

In tst_qnetworkreply, this became a bit tricky, because a private
header is conditionally included, so moved the Q_DECLARE_METATYPE()
into a conditional section, too.

Change-Id: I71484523e4277f4697b7d4b2ddc3505375162727
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
2012-07-25 19:32:41 +02:00
Mitch Curtis
05d980664f Make QIODevice::seek() return false for sequential files.
Task-number: QTBUG-18173
Change-Id: Ie3a96d3a6f60995b8ba7823153778869d0c2dc58
Reviewed-by: Andy Shaw <andy.shaw@digia.com>
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@nokia.com>
2012-06-05 13:12:58 +02:00
Shane Kearns
7578a9f69d Fix a QSslSocket test expectation on ubuntu 11.10
Because SSL2 is disabled in ubuntu's openssl binaries, the SSL
connection is expected to succeed rather than fail when the server
side is using SSL3/TLS1.0.
Used the OPENSSL_NO_SSL2 macro to decide this.

Change-Id: I2c35aa5aa0c9432ae78000c81f70086bdc31843d
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-05-10 02:39:30 +02:00