The original test was using QSslSocket::waitForEncrypted function, which
is apparently a bad idea on Windows: connecting to 'www.qt.io' we have
to verify certs and there is no guarantee a given Windows VM has the required
CA certificate ready in its cert store. In such cases we start a background
thread (aka CA fetcher's thread) and it calls a (potentially blocking for
a significant amount of time) function (CryptoAPI). When finished, this
thread reports the results via queued connection, which does not work
if we are sitting in a tiny-loop inside waitForEncrypted. Re-factor
the test to use signals/slots and a normally running event loop.
Also, the last test makes a wrong assumption about Windows - fixed.
Task-number: QTBUG-63481
Change-Id: I4abe9cda2a6c52d841ac858cccb6bf068e550cb8
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Conflicts:
examples/examples.pro
qmake/library/qmakebuiltins.cpp
src/corelib/global/qglobal.cpp
Re-apply b525ec2 to qrandom.cpp(code movement in 030782e)
src/corelib/global/qnamespace.qdoc
src/corelib/global/qrandom.cpp
src/gui/kernel/qwindow.cpp
Re-apply a3d59c7 to QWindowPrivate::setVisible() (code movement in d7a9e08)
src/network/ssl/qsslkey_openssl.cpp
src/plugins/platforms/android/androidjniinput.cpp
src/plugins/platforms/xcb/qxcbconnection.cpp
src/plugins/platforms/xcb/qxcbconnection_xi2.cpp
src/widgets/widgets/qmenu.cpp
tests/auto/widgets/kernel/qwidget_window/tst_qwidget_window.cpp
Change-Id: If7ab427804408877a93cbe02079fca58e568bfd3
The only reason our code wants PKCS12 files is for a private key, but
a valid file needn't contain one; and reading a file without lead to a
crash in QSslKeyPrivate::fromEVP_PKEY(). So check for missing key and
fail the load, since the file is useless to us. Also ensure the
caller's pkey is initialized, as we aren't promised that
PKCS12_parse() will set it when there is no private key.
Add a test for this case (it crashes without the fix) and update the
instructions for how to generate test data to cover it also.
(Corrected the wording there, too; at the interactive prompt,
"providing no password" really provides an empty password.)
Task-number: QTBUG-62335
Change-Id: I617508b903f6d9dee40d539b7136b0be8bc2c747
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
The original test is quite unfortunate - it has cipher names hardcoded,
and it fails with OpenSSL 1.1 - no matching cipher found for 'RC4-SHA'
and QSslContext::initSsl fails with 'Invalid or empty cipher list'.
We skip this test entry for 1.1.
Change-Id: I810b80a62d9e27a60db71fd412af0c80630d976c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
ASN UTCTime uses two characters to encode a year (YY). When converting it
into QDate, it's quite naive to just add 2000. According to RFC 2459,
these YY represent dates in the range [1950, 2049].
This patch also introduces a helper function doing the checked conversion
from a string to int (to be reused in the following-up patches).
Task-number: QTBUG-61934
Change-Id: I3f6f471d24e8357b83b2f5973023b2b842751389
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Several tests are not valid for 1.1 anymore:
1. SSL2 was removed, but there is no OPENSSL_NO_SSL2 and the 'protocolServerSide'
test is trying to use QSsl::SSLv2 and thus is failing.
2. We now use the generic TLS_server/client_method instead of version specific
methods we have in pre-1.1 back-end. So, for example, a client socket with
QSsl::TLS_V1_0 in its SSL configuration will be able to negotiate
TLS 1.2 if our server socket wants it, while with TLSv1_client_method
(OpenSSL < 1.1) our test was expecting SSL handshake to fail.
Change-Id: I18efd5921c79b189e4d9529be09299a361a8a81d
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
As QAbstractSocket::readData does and as the documentation of QIODevice says
"this function returns -1 in those cases (that is, reading on a closed
socket..."
Change-Id: I1e64673f6a6d792a640bd6cb28b2bb5a0f18dc36
Reviewed-by: Aleix Pol
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
This reverts commit 96c27f0dfa.
We now use a custom keychain that should fix the original
problem with the test.
Change-Id: I52e4105f34a46ad7080750d9a62480ebe3a56e68
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
The fix is outdated - the tests it was fixing - pass on 10.11.
Change-Id: I8b42c1d3d2f1279382b15c20587dcc93cf1b6b40
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Mixing different protocols on client-server sockets works differently
on 10.11, making previously successful handshakes failing now.
Failure is specific to 10.11 with SecureTransport.
Change-Id: I35374b40fa3d167802775b526cf6465ae78749cf
Task-number: QTBUG-48860
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
RFC6125 section 6.4.2 specify we need to convert the IDN to ascii
before comparison. Note that we don't need to toLower anymore
because toAce takes care of it.
Section 7.2 recommands that we dod not attempt to check for wildcard
character embedded within the A-labels or U-labels of an
internationalized domain name. So we reject names that contiains a
'*' but starts with 'xn--'.
Change-Id: Ib0830520a1f82bbf9fd11818718277a479527ee3
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Replace outdated LGPL21 with LGPL license header.
Use GPL-EXCEPT for all autotests.
Also use canonical contact url.
Change-Id: I6e5cc8a4285569c4f862730a980f492b8a933a72
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
don't attempt to hand-craft a library export any more. instead, use the
configure system's built-in mechanism, and refer to it via QMAKE_USE.
this also allows us to rely on transitive dependencies in the autotest.
as a side effect, this makes the openssl-linked feature imply the
openssl one.
Change-Id: I5dd209b63bc8fbbc62852f6ffc472d4452ea2e68
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
The verifySessionProtocol() method in the SecureTransport backend did not
properly handle TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater.
This commit teaches verifySessionProtocol() about them.
It also adds TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater to the
protocolServerSide() test in tst_qsslsocket.
Change-Id: I394766c75dbea4d89bf3d6b9c3f3c89530ac0749
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This commit simplifies defaultParameters() to simply construct an empty
QSslDiffieHellmanParameters and assigning the DER-form of the DH parameters
to QSslDiffieHellmanParametersPrivate's derData field.
This creates a valid QSslDiffieHellmanParameters instance, but skips any
potentially expensive verification steps.
The previous implementation of defaultParameters() would use the public
fromEncoded() method to construct an instance of the default parameters.
This triggers a verification of the passed-in data, which can be expensive.
To ensure our defaultParameters() QSslDiffieHellmanParameters instance does
pass verification, this commit adds an autotest to verify that.
Fixes QTBUG-57815.
Change-Id: I6b1d9dbbfde526b232c319195ddbad42326be27c
Task-number: QTBUG-57815
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
this actually fixes the build when ssl is not enabled, as the openssl
features are in the not included network-private module.
Change-Id: Ibafae9867af493da184a45cf3981628d475d37a6
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
1. QSslSocketBackendPrivate::transmit was ignoring 'readBufferMaxSize';
as a result, we can have a user trying to set read buffer's size
to a small value (and more important - reading slowly in a small
chunks from this socket), but SSL itself socket reading 'too fast',
potentially growing its internal buffer to a huge size. This also
results in auto-tests failing - whenever we're trying to limit read
rate in some test.
2. Update qsslsocket auto-test.
Task-number: QTBUG-43388
Task-number: QTBUG-55170
Change-Id: Iedece26df0ac5b3b7cad62cc8c98aedc28e7ca5b
Reviewed-by: Richard J. Moore <rich@kde.org>
Move the different parts of configure.json/.pri into the libraries where
they belong.
Gui is not yet fully modularized, and contains many things related to
the different QPA plugins.
Done-with: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
Change-Id: I6659bb29354ed1f36b95b8c69e7fce58f642053f
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
- port Q_FOREACH to C++11 range-for
- port use of inefficient QLists to QVector
- port from QSharedPointer to auto variables except where the
payload is returned from a function (there ported to
QSharedPointer::create())
Fixes errors pointed out by my tree's static checks.
In sslErrors(), fixed an unwanted double-detach problem by
adding a strategic qAsConst().
Change-Id: I8148e23b73337f6f1a721e009f2974536d8447cc
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
Use the new qtConfig macro in all pro/pri files.
This required adding some feature entries, and adding
{private,public}Feature to every referenced already existing entry.
Change-Id: I164214dad1154df6ad84e86d99ed14994ef97cf4
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
- add missing \since 5.8 on free functions
- fix \relates of qHash to point to QSslDHP, not QHash, which is in another module
- API fix: use named instead of unnamed ctors
- share code between ctors
- API fix: add inline move ctor (for now, this requires using a naked d pointer,
which isn't much of a problem, since the class is immutable).
Change-Id: Ic30f9c3c03b8a3798e0676e38991ead85c587214
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
The deleteLater() call wasn't reliably reached when tests fail,
so use a QScopedPointer with QScopedPointerDeleteLater deleter.
Change-Id: Ica73bc73c2a0ac1e9b77e4804f2aedcad9b662a0
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
In a TLS handshake the ephemeral server key is saved in the ssl
configuration. Clients who want to get the length or algorithm of the
key only get "Opaque" and "-1" as a result because the key is always
stored as "Opaque". This change converts the key to specific type so
more details are available and the client don't need to convert the
handle by hand.
Change-Id: I60f90fc2c1805e528640d391b20c676b6eeeb49e
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
Test is strangely failing on Ubuntu 16.04 with OpenSSL 1.0.2g-fips.
Change-Id: I1498dee4c1d6db0702da3d3689787aed1e3a633f
Reviewed-by: Richard J. Moore <rich@kde.org>
And blacklisted a few tests in tst_QUdpSocket.
Conflicts:
src/android/jar/src/org/qtproject/qt5/android/QtNative.java
src/corelib/global/qglobal.cpp
src/corelib/global/qsystemdetection.h
src/corelib/io/qfileselector.cpp
src/plugins/platforms/eglfs/deviceintegration/eglfs_kms_egldevice/qeglfskmsegldeviceintegration.cpp
tests/auto/network/socket/qudpsocket/BLACKLIST
Task-number: QTBUG-54205
Change-Id: I11dd1c90186eb1b847d45be87a26041f61d89ef6
If a user's code, attached to sslErrors signal, calls abort/close
or disconnectFromHost but our SSL socket was configured not to verify a peer,
no need to continue handshake after calling checkSslErrors
(and finally crashing on invalid 'ssl' pointer).
Task-number: QTBUG-53906
Change-Id: I7f185511d278f9d6f16e7d6c5ba424707141459c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
protocolServerSide test fails with 'ssl3-any' and 'tls1.0-any' combo
on RHEL 7.2 with OpenSSL v1.0.1e-fips, it would work as OPENSSL_NO_SSL2
code-path, but OPENSSL_NO_SSL2 is not defined, so socket is in state
connected while it's expected to be unconnected.
Task-number: QTBUG-53608
Change-Id: Ib321b95129a6ab5b0691b40cb4acc612125633b2
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@qt.io>
setEmptyDefaultConfiguration - this test (and this was stated explicitly
in comments!) must be the last test to run, otherwise, it can make subsequent
tests fail.
-exitLoop must be in 'protected slots' section not to be executed as a test,
since ... it's aux function, not a test.
Task-number: QTBUG-53608
Task-number: QTBUG-53603
Change-Id: I49d6d57ba927ecc4f20ae2d9325ad02fa46b0922
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@qt.io>
Only the OpenSSL backend is supported right now.
[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
set custom Diffie-Hellman parameters for QSslSocket-based servers.
Change-Id: I50148873132cd0ec7e414250b107b6b4cbde02ea
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
