Commit Graph

79 Commits

Author SHA1 Message Date
Richard Moore
7898080ca7 Add support for intermediate certificates to server sockets.
Add intermediate certificates to our server sockets, and to our client
certs.

Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba
Task-Number: QTBUG-19825
Task-Number: QTBUG-13281
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2013-02-19 21:37:24 +01:00
Richard Moore
4a07519877 Store the local certificate in a QList.
Instead of storing a single QSslCertificate for a the local cert, store
a list of them. This will allow us to handle server sockets that use a
certificate that is not issued directly from the CA root in future.

Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2013-02-19 21:37:14 +01:00
Frederik Gladhorn
f4900d340a Merge remote-tracking branch 'origin/stable' into dev
Conflicts:
	src/widgets/styles/qmacstyle_mac.mm

Change-Id: If8326db9e7da3cbf45dbf7475fdff9915c7723b1
2013-02-18 16:14:52 +01:00
Giuseppe D'Angelo
e88011357e Merge "Merge remote-tracking branch 'origin/stable' into dev" into refs/staging/dev 2013-02-17 20:31:38 +01:00
Tor Arne Vestbø
2df8884bc6 Skip tst_QSslSocket::setReadBufferSize_task_250027()
It's flakey and is blocking integration. Tracked in QTBUG-29730.

Change-Id: Ia5b8f952314bf2e1aa6dbb5c5c0a97e32e68d0f6
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@digia.com>
2013-02-17 20:31:31 +01:00
Frederik Gladhorn
e432d53883 Only compile SSL tests when openssl is available.
Change-Id: I79fc705f30fb84e86bd7d674d90fbbe2d1a124ba
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-02-13 23:56:41 +01:00
Friedemann Kleint
9a74bbf34f Fix developer-build of qsslsocket_onDemandCertificates_member.
Do not include qsslsocket_p.h unless SSL is present.

Change-Id: I7e56b7758729907892d85f97d5a9d3ccaf7a3314
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2013-02-12 17:56:10 +01:00
BogDan Vatra
934afb5c57 Fix loading of SSL certificate of DER files.
DER certificates should not be opened as text files, so we
only pass the QIODevice::Text flag when the format is
QSsl::Pem.

Change-Id: I4bad98023c397b967d5beeec0aaa6c414e06fd9c
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-02-08 17:37:51 +01:00
Peter Hartmann
7d757fc8fe QSslSocket tests: use qt-project.org as test server instd of codereview
Change-Id: I1f3a860bf1ab24c30001059b7bcbb19fba7cbc1d
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
2013-01-29 13:00:38 +01:00
Sze Howe Koh
7bb43454b8 Fix minor typos in docs, printed messages & comments
Missing apostrophes

Change-Id: I3ef5e9d494fb7a37f8e6075f24cd3a274e572c23
Reviewed-by: Jerome Pasion <jerome.pasion@digia.com>
2013-01-28 18:12:41 +01:00
Peter Hartmann
ce35c0db0d QSslConfiguration: toggle on demand loading of root certs properly
make sure we keep track of when we can load root certs and when we
cannot (we cannot when the developer set the certs explicitly). This is
implemented the same way for QSslSocket already, and needs to be
duplicated because we have 2 methods for setting CA certificates: one in
QSslSocket and one in QSslConfiguration.
In addition, adapt the auto test which checks whether setting a default
QSslConfiguration works: There is no way to set on demand loading
through the API, so it should be enabled by default.

Task-number: QTBUG-29103
Change-Id: I5146128aaa385dfcc0ad1e0ef81a92d9350ec5f2
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-01-23 19:36:07 +01:00
Sergio Ahumada
48e0c4df23 Update copyright year in Digia's license headers
Change-Id: Ic804938fc352291d011800d21e549c10acac66fb
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
2013-01-18 09:07:35 +01:00
Peter Hartmann
bf5e7fb265 SSL certificates: blacklist mis-issued Turktrust certificates
Those certificates have erroneously set the CA attribute to true,
meaning everybody in possesion of their keys can issue certificates on
their own.

Task-number: QTBUG-28937

Change-Id: Iff351e590ad3e6ab802e6fa1d65a9a9a9f7683de
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2013-01-04 15:19:17 +01:00
Sergio Ahumada
83188c6499 test: Change trolltech.com:443 to qt-project.org:443
trolltech.com seems to be shut down already

Change-Id: Ic90ce01aeb51b6f154b9bbf4762c365a398c9e3d
Reviewed-by: Simo Fält <simo.falt@digia.com>
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
2013-01-03 11:32:17 +01:00
Stephen Kelly
348c5bd19a Fix some typos in QProcess and QSslSocket unit tests.
The QSslSocket one is both wrong and redundant as there is a
Q_DECLARE_METATYPE for it already.

Change-Id: I63d065abfb3d0e3d82a8b1f29a6752b7676db847
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
2012-12-04 14:41:43 +01:00
Janne Anttila
0c1bbf0386 SSL certificate printing: Fix auto test for OpenSSL 1.0.1 version.
Different OpenSSL versions  produce slightly different output when
dumping a certificate.

Change-Id: Ida98b24422302e287641be074d6740ca292cf203
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-11-02 03:58:16 +01:00
Marc Mutz
a4ffbfefe7 normalise signal/slot signatures [QtNetwork tests]
Change-Id: I2491cfe421a811d00759224da03580b3dcc2a091
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-10-19 00:44:54 +02:00
Iikka Eklund
be15856f61 Change copyrights from Nokia to Digia
Change copyrights and license headers from Nokia to Digia

Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
2012-09-22 19:20:11 +02:00
Richard Moore
5ea896fbc6 Disable SSL compression by default.
Disable SSL compression by default since this appears to be the a likely
cause of the currently hyped CRIME attack.

Change-Id: I515fcc46f5199acf938e9e880a4345f2d405b2a3
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2012-09-18 14:12:17 +02:00
Brendan Long
860f95946b Add support for explicit TLS 1.1 and 1.2
Add SslProtocol enums TlsV1_1 and TlsV1_2 and use the appropriate OpenSSL
methods when they're selected (TLSv1_1_client_method, TLSv1_2_client_method,
TLSv1_1_server_method and TLSv1_2_server_method). This allows us to
explicitly use TLS 1.1 or 1.2.

Task-number: QTBUG-26866
Change-Id: I159da548546fa746c20e9e96bc0e5b785e4e761b
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-08-29 14:22:54 +02:00
Thiago Macieira
672b5b7ab6 Set the Qt API level to compatibility mode in all tests.
Qt 5.0 beta requires changing the default to the 5.0 API, disabling
the deprecated code. However, tests should test (and often do) the
compatibility API too, so turn it back on.

Task-number: QTBUG-25053
Change-Id: I8129c3ef3cb58541c95a32d083850d9e7f768927
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
Reviewed-by: Olivier Goffart <ogoffart@woboq.com>
2012-08-01 15:37:46 +02:00
Marc Mutz
79b742b7e0 QtNetwork: use nullary version of qRegisterMetaType<T>("T")
Using the nullary version has the advantage that multiple calls
during a program run are much more efficient, since an inlined
atomic is used to store the result. It also ensures that
Q_DECLARE_METATYPE(T) has been used, whereas qRegisterMetaType<T>("T")
will happily register anything. So I've added the macro where it
was missing, or moved it to a central place when it existed
hidden.

In tst_qnetworkreply, this became a bit tricky, because a private
header is conditionally included, so moved the Q_DECLARE_METATYPE()
into a conditional section, too.

Change-Id: I71484523e4277f4697b7d4b2ddc3505375162727
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
2012-07-25 19:32:41 +02:00
Martin Petersson
6c59cdecee QSslCertificate::fromPath fix wildcard handling
The reqExp used to handle wildcards in the path was broken. So we
always searched the working directory and not the specified path.
Autotest where passing because of a hack used for Windows paths
where we removed the first two chars in the path string.

This fix will not use nativeSeparators thus removing the Windows hack
and fix the regExp to match wildcard chars.

Task-number: QTBUG-23573
Change-Id: I56fadbb67f25b8ce9c0f17cb6232e0bdb9148b1c
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-07-03 01:09:33 +02:00
Rohan McGovern
f4dd033f41 Fixed qsslsocket_onDemandCertificates_{static,member}
This test had been XFAILing since August 2011, but recently started to
XPASS, possibly due to changes in the SSL setup on the tested host
(qt.nokia.com).

Removed QEXPECT_FAIL and replaced qt.nokia.com with
codereview.qt-project.org as a host expected to have working SSL.  (If
SSL on the latter were broken, it would immediately be detected by
any attempts at git over HTTPS.)

SSL setup can be verified as working by:

  openssl s_client -CApath /etc/ssl/certs \
    -connect codereview.qt-project.org:443 </dev/null

Task-number: QTBUG-20983
Change-Id: I9b4146da6545ab4115d6308044b1d242dd52b7f9
Reviewed-by: Kalle Lehtonen <kalle.ju.lehtonen@nokia.com>
2012-06-28 02:18:42 +02:00
Mitch Curtis
05d980664f Make QIODevice::seek() return false for sequential files.
Task-number: QTBUG-18173
Change-Id: Ie3a96d3a6f60995b8ba7823153778869d0c2dc58
Reviewed-by: Andy Shaw <andy.shaw@digia.com>
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@nokia.com>
2012-06-05 13:12:58 +02:00
Rohan McGovern
dd3e4f1dbe Set explicit testcase.timeout for slow tests
We'd like to decrease the default timeout for tests in the Qt Project CI
so that we waste less time waiting for hanging tests.

Tests which genuinely take a long time to run, such as these, should
have their timeout explicitly set in their .pro file.

Change-Id: I4fe6249e9efa764b230251d73a1115c24411e168
Reviewed-by: Toby Tomkins <toby.tomkins@nokia.com>
Reviewed-by: Kalle Lehtonen <kalle.ju.lehtonen@nokia.com>
2012-05-29 09:39:18 +02:00
Rohan McGovern
177070cb7b Add CONFIG+=parallel_test to suspected parallel-safe tests.
These tests have passed a parallel stress test on all three of Linux,
Mac, Windows.  Mark them with CONFIG+=parallel_test to allow CI to run
them in parallel, saving time.

Change-Id: I19fd333c3c645a67374ca998f6c8530dd236b0f8
Reviewed-by: Toby Tomkins <toby.tomkins@nokia.com>
2012-05-28 07:33:01 +02:00
Mitch Curtis
083af3c319 Fixed unused function warning in qsslcertificate test.
Change-Id: I4d402e486a8ceb965d008056f5f1bcb227f6f40c
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
2012-05-22 10:27:40 +02:00
Mitch Curtis
3042267a93 Fixed unused function warning in qsslkey test.
Change-Id: I5039e011f3c9b44ed1887424f11e4e146c3eb07f
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-05-21 16:02:06 +02:00
Richard Moore
0b8021f5cb Change QSslCertificate::toText() to return a QString.
A couple of people reviewing the toText() method (which is new in 5.0)
have said that since the string returned is human readable it should
be a QString not a QByteArray. This change follows their advice.

Change-Id: Ibade9a24870805f7fbe2d299abeb9c6e964f0cf4
Reviewed-by: Girish Ramakrishnan <girish.1.ramakrishnan@nokia.com>
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
2012-05-21 03:10:43 +02:00
Shane Kearns
7578a9f69d Fix a QSslSocket test expectation on ubuntu 11.10
Because SSL2 is disabled in ubuntu's openssl binaries, the SSL
connection is expected to succeed rather than fail when the server
side is using SSL3/TLS1.0.
Used the OPENSSL_NO_SSL2 macro to decide this.

Change-Id: I2c35aa5aa0c9432ae78000c81f70086bdc31843d
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-05-10 02:39:30 +02:00
Thiago Macieira
dd5b373d41 Change remaining uses of {to,from}Ascii to {to,from}Latin1 [QtNetwork]
This operation should be a no-op anyway, since at this point in time,
the fromAscii and toAscii functions simply call their fromLatin1 and
toLatin1 counterparts.

Task-number: QTBUG-21872
Change-Id: I94cc301ea75cc689bcb6e2d417120cf14e36808d
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-05-04 12:46:05 +02:00
Shane Kearns
bb234e238c Rename QAbstractSocket::PauseOnNotify -> PauseOnSslErrors
Although we created an enum for pause modes to make 5.x binary
compatible with 5.0, the enum value is not well named.
In 5.1, we propose to add PauseOnProxyAuthentication to the enum.
PauseOnNotify is not clear what it means, while PauseOnSslErrors is.

Any new notification in a minor release would need a new enum value
otherwise applications would get pauses they did not expect.

Task-number: QTBUG-19032
Change-Id: I4dbb7467663b37ca7f0551d24a31bc013968bedc
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
2012-05-04 03:11:17 +02:00
Debao Zhang
ade8888603 Don't use obsolete qVariantValue, qVariantCanConvert, etc.
qVariantValue and qVariantCanConvert are Compatibility members, while in
Qt4.8 they are marked as Qt 3 Support Members.

qVariantFromValue and qVariantSetValue are Obsolete members.

Change-Id: Ie8505cad1e0950e40c6f6710fde9f6fb2ac670fd
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@nokia.com>
2012-05-02 08:30:59 +02:00
Jason McDonald
151ec76614 Remove insignification from qsslsocket_onDemandCertificates_* tests
These tests have been passing consistently since they started running
on Windows in CI.

Change-Id: I4505497afc477a7f4fbda0acc29987d0d0cf220a
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-04-30 01:08:09 +02:00
Jason McDonald
3019c9da1a Remove insignification of qsslsocket test on Windows and Mac.
The test has a single stable failure on both of these platforms. Mark
the failure with QEXPECT_FAIL (that was already the case on Ubuntu
11.10) and re-enable the test.

Note also the elimination of duplicate bug numbers.

Task-number: QTBUG-24234
Change-Id: Ica11e7d1f3cd9487647127984fef7c75e0e764fe
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-04-30 01:07:50 +02:00
Jason McDonald
161d381826 Re-enable network tests on Mac OS.
Switch on most of the tests (all but the bearer tests), marking the two
known failures as insignificant tests.

Change-Id: I17f228a938de1a23eddf897f494bfa4e54338dae
Reviewed-by: Sergio Ahumada <sergio.ahumada@nokia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-04-24 16:06:28 +02:00
Kalle Viironen
83c637aa94 Fix bug in qsslsocket peek()
Calling peek() for qsslsocket caused socket data to be copied into
qiodevices buffer and therefore make it unaccessible in qsslsocket.

Cherry picked form 4.8-branch & modified to Qt5 API changes
(int -> qintptr)
Original commits:
commit 621f18955082fc73471e75d1f8c35c2dcd4befeb
Author: Shane Kearns <ext-shane.2.kearns@nokia.com>
commit 68b1d5c17aa38d5921bdade2b0e0cb67c6c90513
Author: Kalle Viironen <kalle.viironen@digia.com>

Task-number: QTBUG-18498
Change-Id: I6be4b19baec2f3197537f5e7b61432040ec84ad2
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2012-04-23 09:45:24 +02:00
Marc Mutz
0defa2782f tst_qsslsocket*: don't inherit from QSharedPointer
QSharedPointer is about to become final.

Instead of inheriting from it to add implicit
conversions to and from QSslSocket*, make
QSslSocketPtr a typedef, and make the
conversions explicit.

Change-Id: I4eebb262ab5aef348f4d676f9e839325d4ed13da
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2012-03-23 11:22:40 +01:00
Shane Kearns
4bdc7e6f8b Mark unstable windows network tests
This is unfortunately still "most of them", because of QTBUG-24451
however some of the unit tests are still possible to test stably.

Also skipped test cases which would hang forever due to QTBUG-24451.

Bearer tests are not run, because they pass when test machine has no
wireless LAN, but fail or hang if it does (QTBUG-24503)

Change-Id: Icf99d45707102d2ef9219ed0b5ad521605716219
Reviewed-by: Sergio Ahumada <sergio.ahumada@nokia.com>
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-03-08 05:31:40 +01:00
Shane Kearns
00821ec710 QSslCertificate - make lazy initialisation thread safe
QSslCertificate can be copied around into multiple threads,
without detaching. For example, the https worker threads inside
QNetworkAccessManager.
There are const methods, which lazily initialise members of
the private class without detaching (i.e. caching results of
expensive function calls)
These functions now lock the d pointer using QMutexPool to
avoid concurrency related crashes.

autotest crashes 20% of the time in release builds without
the fix, passes 100 times in a row with the fix.

Task-number: QTBUG-20452
Change-Id: I64a01af8159216f2dd6215a08669890f6c029ca8
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-03-06 12:25:22 +01:00
Shane Kearns
3f91cde588 Test for QT_NO_SSL instead of QT_NO_OPENSSL
Change the ifdefs in our own code (except openssl backend) to use the
new configure flag.

Change-Id: I8774734771c66b22164b5fae8fdb27814ac3df7b
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-02-21 15:28:40 +01:00
Kurt Korbatits
4121f9df29 Changed qsslkey to work from installation directory
- Changed to use TESTDATA and QFINDTESTDATA instead of SRCDIR

Change-Id: I30bf175c2c9044e1f8556260a032467ca0dfc09f
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
Reviewed-by: Jason McDonald <jason.mcdonald@nokia.com>
2012-02-17 05:24:43 +01:00
Kurt Korbatits
20f6dc615a Changed qsslcertificate unittest to work from install directory
- Changed to use TESTDATA and QFINDTESTDATA instead of SRCDIR

Change-Id: I1957ef287ba2f337b5e0b2c6245d872eacb6316f
Reviewed-by: Jason McDonald <jason.mcdonald@nokia.com>
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-02-17 05:24:40 +01:00
Jason McDonald
6dfb1de099 Eliminate duplicate data row names in network autotests
Change-Id: Icbfc24309a182f37268232fc3c299d35d6d6a0ea
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-02-16 02:00:46 +01:00
Miikka Heikkinen
e0fd9b5b06 Make "nmake check" pass for network tests in Windows.
Marked two tests insignificant due to failures, these need to be
fixed later and then re-enabled:
- tst_qnetworkreply
- tst_qsslsocket

Task-number: QTBUG-24203
Change-Id: I9647833bf15fe5a340d7ef59e1dcb007a92677dc
Reviewed-by: Sergio Ahumada <sergio.ahumada@nokia.com>
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@nokia.com>
2012-02-14 02:48:35 +01:00
Bradley T. Hughes
df516aa9f4 Don't include config.tests/unix/openssl/openssl.pri (again)
This file was removed in commit ba9302b8a9.
Commit 8fad23f326 removed openssl.pri from
src/network/ssl/ssl.pri, but not from the qsslsocket autotest.

Change-Id: Ic1a576ee7f0ee3d68471121ba636b94ce7bae455
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2012-02-03 01:40:07 +01:00
Xizhi Zhu
ba9302b8a9 Remove Symbian specific code from qtbase.
Change-Id: I27d37d914b71e1e43c94e2a975ffec49e1ecd456
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
2012-01-31 07:08:31 +01:00
Shane Kearns
e889d61380 Fix tst_QSslCertificate::toText on windows
Open the comparison file as text mode, so that it does not differ from
the dumped certificate in CRLF vs LF line endings.

Change-Id: I54d6ea6e37044059e89e762435657ebf5fa6cb39
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-01-30 20:18:37 +01:00
Shane Kearns
911ab74161 Fix link error in QSslSocket auto test
This has been broken for months, but invisible because the code causing
the link error is unreachable (due to QSKIP). So the link error only
occurs in debug builds with -O0.

Change-Id: I6093a7803bedf37bfc8c2d9ff0b28b2309b57959
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-01-30 20:18:28 +01:00