Private libraries and WrapOpenSSL were linked conditional to
QT_FEATURE_private_tests in the CMake file.
qsslkey_p.h and open ssl symbols were included conditional to developer
build. A developer build fails, with test enabled and private tests
disabled.
=> Change the CMake condition to QT_FEATURE_developer_build, to resolve
mismatch between CMake and cpp file.
Pick-to: 6.6 6.5
Change-Id: I3ac93b02701e467a0b548c35d441d35a45c4568b
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
OpenSSL 3.1.2 can be configured with no-deprecated option, in this
case test fails to build.
Pick-to: 6.6 6.5 6.2
Change-Id: Icaf457f55fb001b632922856dbe4bbb5bdba220e
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Remove all "#undef QT_NO_FOREACH" white-listing from source files.
Previous commits have removed all remaining Q_FOREACH/foreach uses in
this sub-tree.
Also remove one source file from NO_PCH_SOURCES in CMakeLists.txt.
Task-number: QTBUG-115839
Change-Id: I02cf994eda720c028e613407342fbd6658fa62b1
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
The toString() method's parameter is a const&, the loop body doesn't
change the container; and the container the parameter refers to isn't
changed during iteration.
Drive-by, remove braces from single-line if blocks.
Task-number: QTBUG-115839
Change-Id: I363e1ed37c0f75fa6a9f8eac3393a6c10d756c1b
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Straightforward ports where the container could be made const.
Use C arrays instead of QList if the data is known at compile time.
Drive-by, where appropriate make the for-loop variable a const& (e.g.
QString) instead of copying it for no reason.
Task-number: QTBUG-115839
Change-Id: I273a386e414e5923e750072f0407226efcd4531e
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
In both cases, the container is a member of the unittest, initialized in
initTestCase(), then not changed after that. So use std::as_const.
Task-number: QTBUG-115839
Change-Id: I3b66127e10ac94137260d99f354de9f66a74bec7
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
The containers are created locally in the top level test functions, they
can't be made const due to the way they are filled, however the loop
body don't change them; even if the code in a loop would cause
re-entrance du due to signal emittance or events processing, those
containers aren't affected and aren't changed during iteration because
the top-level test functions themselves aren't re-entered, hence
use std::as_const.
Drive-by change: take QHostAddress by const& when it's used as a
for-loop variable (it has a QExplicitlySharedDataPointer d-pointer).
Task-number: QTBUG-115839
Change-Id: I443169e10d973aba2f62854aba200fc2dc2c80aa
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
The loops were iterating over a temporary, so use a local const auto
variable to hold it, and use ranged-for.
Drive-by, make the for-loop variable const& instead of copying it,
for any object that has a d-pointer (QNetworkAddressEntry, QHostAddress,
QNetworkInterface).
Task-number: QTBUG-115839
Change-Id: If96c0b2a6142fe2fa2ed45ed7e2435cc1f80e005
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
If OpenSSL version is 3.1.1 or above - this version moved the protocol
under security level 0, but the default one is 1.
Pick-to: 6.6 6.5 6.2 5.15
Fixes: QTBUG-116166
Change-Id: Iaabb2cf33e2a9f280d6167233ee16080dee808b0
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Starting from OpenSSL v 3.1.1 DTLS 1.0 is only available, if the
security level is 0, which is not the case most of the time. So
we consider this version number to be a 'threshold' after which
we don't test v 1.0 anymore.
Pick-to: 6.5 6.6 6.2 5.15
Task-number: QTBUG-116166
Change-Id: I9763703f36ae742e1d3c7cb17872cf8d0d82ab85
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
The density of Q_FOREACH uses in this and some other modules is still
extremely high, too high for anyone to tackle in a short amount of
time. Even if they're not concentrated in just a few TUs, we need to
make progress on a global QT_NO_FOREACH default, so grab the nettle
and stick to our strategy:
Mark the whole of Qt with QT_NO_FOREACH, to prevent new uses from
creeping in, and whitelist the affected TUs by #undef'ing
QT_NO_FOREACH locally, at the top of each file. For TUs that are part
of a larger executable, this requires these files to be compiled
separately, so add them to NO_PCH_SOURCES (which implies
NO_UNITY_BUILD_SOURCES, too).
In tst_qglobal.cpp and tst_qcollections.cpp change the comment on the
#undef QT_NO_FOREACH to indicate that these actually test the macro.
Task-number: QTBUG-115839
Change-Id: Iecc444eb7d43d7e4d037f6e155abe0e14a00a5d6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
All of these fall into the trivial category: loops over (readily made)
const local containers. As such, they cannot possibly depend on the
safety copy that Q_FOREACH performs, so are safe to port as-is to
ranged for loops.
There may be more where these came from, but these were the ones that
stood out as immediately obvious when scanning the 100s of uses in
qtbase, so I preferred to directly fix them over white-listing their
files with QT_NO_FOREACH (which still may be necessary for some files,
as this patch may not port all uses in that file).
Pick-to: 6.6 6.5
Task-nubmber: QTBUG-115839
Change-Id: I7b7893bec8254f902660dac24167113aca855029
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
Add the boilerplate standalone test prelude to each test, so that they
can be opened with an IDE without the qt-cmake-standalone-test script,
but directly with qt-cmake or cmake.
Boilerplate was added using the following scripts:
https://git.qt.io/alcroito/cmake_refactor
Manual adjustments were made where the code was inserted in the wrong
location.
Task-number: QTBUG-93020
Change-Id: I000cd3b0809b6417c3b1ab520e4de746afee71fc
Reviewed-by: Amir Masoud Abdol <amir.abdol@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Use the new argument to bundle the OpenSSL prebuilt libararies so that
ssl operations are actually tested at runtime.
Task-number: QTBUG-110025
Pick-to: 6.6 6.5
Change-Id: I0d73fed463a1724a9e0ee84ba603aa2ff1bc649b
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
In Schannel it is not guaranteed CertificateBlacklisted will be the
first error emitted. And it really does not make a difference anyway.
Pick-to: 6.6 6.5 6.2
Change-Id: If041f913db9e78ac54e6f8bb2ba1bda110e7d64a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Instead of having one member signaling !openssl
let's just add booleans for openssl, schannel and securetransport.
The latter two of which are not currently used but may be in the future.
As a drive-by, make a compile-time check into a runtime one.
Change-Id: Id2f51f5396383a3f5836ac708996bfce8ae35c91
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
The test function occasionally can fail on CI/Windows, when a
certificate update on www.qt.io requires installing a new root
certificate on the test VM.
This patch blacklists the test class (which has only one test function)
on Windows. It adds diagnostic output, so future failure reasons can
be established from CI artifacts.
Pick-to: 6.5
Task-number: QTBUG-63481
Change-Id: If686d006f379fe6dbfb0d11d80b8455f72fdbb09
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
This reverts commit 9286d46ee2.
Reason for revert: Should be fixed by 5c6814fb18760f65bab0f8b9cd623ee5c874a58d
Change-Id: I3a161df445af8dcbb61138d57e931a093a319027
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
In the process actually handle all time-spec cases in various places
that only handled UTC or LocalTime, or at least note that they don't
where that's not practical. Also tidy up header ordering and ensure
QDateTime's header is included wherever it's used, while adding the
include for QTimeZone where needed.
Task-number: QTBUG-108199
Change-Id: Ic1a5cdf0aaf737bf1396aa8ac58ce2004cef7e19
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
For the case of static builds. Also, remove somewhat funny comment
from the shared tlshelpers.h file.
Fixes: QTBUG-105046
Pick-to: 6.4 6.2
Change-Id: I2fd677a11b64df89c0ad0237e1014f5e80144c24
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
This is a semantic patch using ClangTidyTransformator as in
qtbase/df9d882d41b741fef7c5beeddb0abe9d904443d8, but extended to
handle typedefs and accesses through pointers, too:
const std::string o = "object";
auto hasTypeIgnoringPointer = [](auto type) { return anyOf(hasType(type), hasType(pointsTo(type))); };
auto derivedFromAnyOfClasses = [&](ArrayRef<StringRef> classes) {
auto exprOfDeclaredType = [&](auto decl) {
return expr(hasTypeIgnoringPointer(hasUnqualifiedDesugaredType(recordType(hasDeclaration(decl))))).bind(o);
};
return exprOfDeclaredType(cxxRecordDecl(isSameOrDerivedFrom(hasAnyName(classes))));
};
auto renameMethod = [&] (ArrayRef<StringRef> classes,
StringRef from, StringRef to) {
return makeRule(cxxMemberCallExpr(on(derivedFromAnyOfClasses(classes)),
callee(cxxMethodDecl(hasName(from), parameterCountIs(0)))),
changeTo(cat(access(o, cat(to)), "()")),
cat("use '", to, "' instead of '", from, "'"));
};
renameMethod(<classes>, "count", "size");
renameMethod(<classes>, "length", "size");
except that the on() matcher has been replaced by one that doesn't
ignoreParens().
a.k.a qt-port-to-std-compatible-api V5 with config Scope: 'Container'.
Added two NOLINTNEXTLINEs in tst_qbitarray and tst_qcontiguouscache,
to avoid porting calls that explicitly test count().
Change-Id: Icfb8808c2ff4a30187e9935a51cad26987451c22
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
We've been requiring C++17 since Qt 6.0, and our qAsConst use finally
starts to bother us (QTBUG-99313), so time to port away from it
now.
Since qAsConst has exactly the same semantics as std::as_const (down
to rvalue treatment, constexpr'ness and noexcept'ness), there's really
nothing more to it than a global search-and-replace, with manual
unstaging of the actual definition and documentation in dist/,
src/corelib/doc/ and src/corelib/global/.
Task-number: QTBUG-99313
Change-Id: I4c7114444a325ad4e62d0fcbfd347d2bbfb21541
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
In the presence of QT_CONFIG(opensslv30).
Fixes: QTBUG-107027
Change-Id: I481db3cdf3bbb1aa7127cc5498f0c0217df8c35b
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Test was not really good to start with - it was assuming the presence of
particular ciphersuites. Furthermore, it was ignoring the fact that
TLS 1.2 and TLS 1.3 set ciphersuites differently in OpenSSL.
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106018
Task-number: QTBUG-95123
Change-Id: I6c8ba20154cdeb9275878462ab945729d6c82ecc
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
OpenSSL 3 by default disables TLS < 1.2 in the conf files. We're not
going to work against that, so we bump the version of TLS used.
Keep the client-side TLS 1.0 Or Later just to keep testing that this
part works.
Task-number: QTBUG-95123
Task-number: QTBUG-106018
Pick-to: 6.4 6.3 6.2 5.15
Change-Id: Ia6cb10495875de232d69a886832ae74c5f5ac15f
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
The initial problem was in server not starting encryption, because
its certificate was rejected by OpenSSL (v3) saying 'weak md'.
After the certificate was replaced, we got another problem - due
to the fixed TLS v.1 protocol for both client and server - handshake
is interrupted early with 'tls v1 alert' and error message
saying about not found signature algorithms. Don't fix the protocol
version, use proper QSsl::SecureProtocols (default).
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106018
Task-number: QTBUG-95123
Change-Id: I0f22f5304f4405933ad511195bc61c640518e7d8
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
The certificate was using SHA-1 for signing its certificate, which is
considered 'not good enough' by some TLS libraries.
Regenerate it with SHA-512 and a larger RSA key.
Also include the files needed to generate it.
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106018
Task-number: QTBUG-95123
Change-Id: I535e047d540e663c8cec334695196044173949fc
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
OpenSSL v3 by default sets SECLEVEL = 2 unless overridden in conf files.
SECLEVEL >= 1 means TLS <= 1.1 is disabled. Remove cases that were
previously expected to work. Arguably, we should not test deprecated
protocols at all, but the cases expecting a failure still work
and logically correct.
Task-number: QTBUG-95123
Task-number: QTBUG-106018
Pick-to: 6.4 6.3 6.2 5.15
Change-Id: Ifa59fa902b433338dbed7abf086cfdef9470384c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
With OpenSSL 3.0.5 we see X509_print giving us the text representation
not matching any of previous ones - mostly a question of spaces
and formatting. Let's add a proper version to compare against and
remove useless 0.9.8, 1.0.0, 1.0.1, - we don't support them anymore
and thus QSslCertificate::toText() will never give a match.
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106017
Change-Id: Ida11321c23e74c7313acc682237ab78408cf2803
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
leaf.p12 is using RC2 for encryption and it's disabled by default
in openssl v3.
Pick-to: 6.4 6.3 6.2 5.15
Fixes: QTBUG-106017
Change-Id: I4edd0d29506d1e50b2b618b6a00cceeb4b156204
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Because this version does not seem to like MD5 which old cert was using.
Fixes: QTBUG-106019
Pick-to: 6.4 6.3 6.2 5.15
Change-Id: Id354d1e32acb0528685b2788ee9c7326c43397bd
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Guard the test that checks the deprecated protocol versions
Task-number: QTBUG-104858
Change-Id: I1b76e08d8fc985abf758bf86198fe3d33e5497d4
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Otherwise new clients will not be handled when they try to connect
Amends 29a1fe72a0
Pick-to: 6.4
Change-Id: Ifff052d1bf27682df2782faa285a257c9b41d86f
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Not just the ones we added to the pending sockets list
Pick-to: 6.4
Change-Id: I0a0016fe39df7ca2fc3f0c4e4111195bc6d90198
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
If a client doesn't send any data then we would leave the socket open
for as long as it needed, wasting resources. Add timeouts to limit the
amount of time this can happen for.
Since there is a limit on number of sockets that the server will have
queued, having idle sockets stick around forever is a vector for ddos.
Pick-to: 6.4
Change-Id: Ida6251c92c625eeadf2065861b840b14255654b8
Reviewed-by: Ievgenii Meshcheriakov <ievgenii.meshcheriakov@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
SecureTransport ignores any content that comes in until it is large
enough to be a handshake. So a plaintext client may be left hanging
while it is waiting for a response.
Pick-to: 6.4
Change-Id: I501ae61d89d516765c7ba5f0d916d9246fde5d4d
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
CMakeLists.txt and .cmake files of significant size
(more than 2 lines according to our check in tst_license.pl)
now have the copyright and license header.
Existing copyright statements remain intact
Task-number: QTBUG-88621
Change-Id: I3b98cdc55ead806ec81ce09af9271f9b95af97fa
Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
The certificate was updated recently and doesn't have the same
deprecated hash functions and small key size as the old one did.
Change-Id: I301ad50a96a30483b92a6e30f61e78e8d6b955ca
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Many algorithms (ciphers etc.) had become 'legacy' in OpenSSL v3,
meaning they are not available by default. Since we don't mess with
loading providers and don't load the 'legacy' one, we have to
skip tests involving such algorithms.
Pick-to: 6.4 6.3 6.2 5.15
Fixes: QTBUG-104232
Change-Id: Ieceabeb080e531aeb24f733cb8c83ad08a25049c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
