This adds tests to check the behavior of a QSslSocket-based server when
presented with various client certificates.
Change-Id: I431157e46cfb00880ae8b7a33015cce50e56b6bb
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Move these types to QAsn1Element so that they can use the toString()
method which guards against malicious ASN.1.
Change-Id: I7d6155147a6fc2d41da6f3ae87551b6cb75aa9ce
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
We don't currently use this class for critical things like hostname
verification however we still want to ensure that it is not possible
to trick it using ASN.1 strings with embedded NUL characters. This will
avoid problems in the future.
Change-Id: Ibf3bc142a94fc9cad5f06db50f375399a087f9dc
Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org>
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Add support for SSL on iOS/OS X by adding a SecureTransport based
backend.
[ChangeLog][QtNetwork][QSslSocket] A new SSL backend for iOS and OS X,
implemented with Apple's Secure Transport (Security Framework).
Change-Id: I7466db471be2a8a2170f9af9d6ad4c7b6425738b
Reviewed-by: Richard J. Moore <rich@kde.org>
Mainly because of a change in certificates which is causing failing
tests.
Change-Id: I8304e5ac4107428a250b71be5df7b5399a811017
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@digia.com>
Mainly because of a change in certificates which is causing failing
tests. This patch is cherry-picked from
https://codereview.qt-project.org/104619/
Change-Id: I8304e5ac4107428a250b71be5df7b5399a811017
Reviewed-by: Richard J. Moore <rich@kde.org>
[ChangeLog][QtNetwork][QSslSocket] It is now possible to use TLS PSK
ciphersuites in client sockets.
Task-number: QTBUG-39077
Change-Id: I5523a2be33d46230c6f4106c322fab8a5afa37b4
Reviewed-by: Richard J. Moore <rich@kde.org>
The documentation says that QUdpSocket emits readyRead() only for one
datagram and that if you don't read it, the class will not emit again.
That should be implemented by disabling of the socket notifier once we
have the datagram already read, but was broken.
In turn, that breakage caused a live-lock of the event loop: since we
didn't disable the notifier nor read the pending datagram, the event
loop would fire every time for the same datagram.
The re-enabling of the notifier was already working.
Task-number: QTBUG-43857
Change-Id: Ic5d393bfd36e48a193fcffff13bb32ad390b5fe8
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Since the conversion to a long name was already there, also support
creation from a long name.
Change-Id: Iad712db7447fb0a0a18f600b7db54da5b5b87154
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Change-Id: Ie6c659f6d8e8b3eeaf2453f0cba6189d56f86581
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Add possibility to get length and other information of EC based
certificates. Also it is possible to parse those public/private
keys from PEM and DER encoded files.
Based on patch by Remco Bloemen
[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
parse elliptic curve certificates.
Change-Id: I4b11f726296aecda89c3cbd195d7c817ae6fc47b
Task-number: QTBUG-18972
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
tst_collections.cpp
tst_collections.cpp(3138) : warning C4305: 'argument' : truncation from 'size_t' to 'bool'
tst_collections.cpp(3190) : see reference to function template instantiation 'void testContainerTypedefs<QVector<int>>(Container)' being compiled
with[Container=QVector<int>]
(repeated)
tst_qringbuffer.cpp(297) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data
tst_qringbuffer.cpp(300) : warning C4309: '=' : truncation of constant value
tst_qringbuffer.cpp(306) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data
tst_qrawfont.cpp(947) : warning C4309: 'argument' : truncation of constant value
tst_qsslsocket_onDemandCertificates_member.cpp(217) : warning C4189: 'rootCertLoadingAllowed' : local variable is initialized but not referenced
Change-Id: I6143d4ad121088a0d5bdd6dd2637eb3641a26096
Reviewed-by: Kai Koehne <kai.koehne@theqtcompany.com>
Some of these tests are verifying things that are not supported
on Android, so we XFAIL these cases when we see the appropriate
error message.
Change-Id: I8245266f061c902515bb12251521159a8e19bfb7
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Linux gracefully allows us to do that and treat the v6 socket as if it
were v4. Other OS (notably OS X) aren't so forgiving.
Change-Id: I13dd3274be2a4b13e8b1eef93cbc2dd17b648f96
Reviewed-by: Richard J. Moore <rich@kde.org>
We want to use "localhost" if the server's address is "any", as some OS
can't send datagrams to "any" (e.g., OS X and FreeBSD).
Change-Id: I1004bc2282e7f930cdb7ed394aa9f4b5a1cfcf82
Reviewed-by: Richard J. Moore <rich@kde.org>
On my Mac Mini, port 5000 is in use, which means the broadcasting test
fails.
Change-Id: Ifb0883263e277f388342430349ea7315d42f324a
Reviewed-by: Richard J. Moore <rich@kde.org>
It was unconditional. Someone forgot to check for IPv6 support before
skipping IPv6 tests.
Change-Id: I7b11528ad02560f0db9defde3c64f76f48a6c1f8
Reviewed-by: Richard J. Moore <rich@kde.org>
QUdpSocket doesn't support binding to QHostAddress::Any and then joining
an IPv4 multicat group since QHostAddress::Any is really an IPv6 socket
with v6only = false. The test did check this case, but failed to ignore
the warning.
Change-Id: I62d782408319a6e566e0ff1a6081b706ac1f669c
Reviewed-by: Richard J. Moore <rich@kde.org>
With IPv6, you cannot bind to a multicast address. You need to bind to a
local address only. The previous tests either checked this or didn't
check the result of bind().
Change-Id: Ief70887d8988fc1bc4394cf6ff34b5d560e5748e
Reviewed-by: Richard J. Moore <rich@kde.org>
Sending 100*8 packets of each type of message is WAY overkill. That's a
stress test without limiting. My Linux system starts reporting EAGAIN on
the socket, so reduce the amount of data sent.
Change-Id: I153f44cf3b91d37526dac580b400114cc80b1769
Reviewed-by: Richard J. Moore <rich@kde.org>
IPv6 has no such thing, so don't try to bind to an IPv6 address to send
broadcasts (even though that works) and it's a poor idea to bind to IPv6
to receive broadcasts. Moreover, skip any IPv6 network addresses
(broadcast() is invalid).
Change-Id: I2829b042c000158565adfd92db682f37d67dacae
Reviewed-by: Richard J. Moore <rich@kde.org>
If you don't have /etc/lsb-release, you'd get
sh: line 0: [: =: unary operator expected
Change-Id: Idb5c79f799879e4d32cd640ef74fb388227f831e
Reviewed-by: Richard J. Moore <rich@kde.org>
It doesn't make sense because there is no command to ask the proxy
server to join a multicast group. At best, we could write a datagram via
proxy without joining, but we definitely can't receive.
Change-Id: Icc6b54572a053fb7821dfca1f4111f2046ff8686
Reviewed-by: Richard J. Moore <rich@kde.org>
The Qt bug tracker URL changes as part of the qt.io transition
Change-Id: Icb4ab198943b93639b5e3a8d99262303785c6459
Reviewed-by: Kai Koehne <kai.koehne@theqtcompany.com>
The setEmptyDefaultConfiguration test creates a socket and connects its
sslErrors signal to tst_QSslSocket's ignoreErrorSlot slot. This slot
expects the socket to have been stored in tst_QsslSocket's "socket"
member, which was not being done. This patch fixes this problem.
It does beg the question of whether having a "socket" member in the
tst_QSslSocket class is a good idea as it is error prone.
Change-Id: Ic59d1789c5f1ed240c3f0c37981f6ecc35572f0d
Reviewed-by: Richard J. Moore <rich@kde.org>
The sslErrors and peerVerifyError test the same situation: connect to a
server which is using the fluke certificate, using the incorrect host name.
They connect respectively to qt-test-server:993 and the.server.ip.address:443.
The sslErrors is prone to backend-dependent failures concerning the order
in which SSL errors are received, just like the peerVerifyError test was
until recently.
This change merges these two tests into one, which is run against the same
two servers as previously. It also adds a check to ensure that sslErrors
and peerVerifyError emit the same SSL errors (regardless of order).
This also fixes the included headers for non-OpenSSL backends.
Change-Id: Ibd5f60d24f1682989378e87729389e4b8f9efac5
Reviewed-by: Richard J. Moore <rich@kde.org>
Conflicts:
dist/changes-5.4.0
7231e1fbe2 went into 5.4 instead of the
5.4.0 branch, thus the conflict.
Change-Id: I70b8597ab52506490dcaf700427183950d42cbd1
[ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic
curves should be used by an elliptic curve cipher.
Change-Id: If5d0d58922768b6f1375836489180e576f5a015a
Done-with: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
This makes it follow the coding style, which says to camel case acronyms too,
and makes it consistent with the rest of the class.
Change-Id: I4a1b21de1815530e476fc5aa8a0d41c724fc8021
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: hjk <hjk121@nokiamail.com>
This patch is cherry-picked from
c38f1f19b8 and
d29d727d72
Task-number: QTBUG-32435
Change-Id: I6dbbb668b96737a5791bc688949a00bc09f1357f
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@theqtcompany.com>
This patch is cherry-picked from
63ae74f365 and
07f234d2a8
Task-number: QTBUG-42528
Change-Id: I5f86679e62a4be48ce25afa5a4987a2b6678a357
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@theqtcompany.com>
After the poodle vulnerability SSLv3 should like SSLv2 no longer be
considered safe, so when a user request a safe protocol we should
only allow TLS versions.
[ChangeLog][QtNetwork][QSsl] QSsl::SecureProtocols now also excludes SSLv3
Change-Id: If825f6beb599294b028d706903b39db6b20be519
Reviewed-by: Richard J. Moore <rich@kde.org>
QNetworkDiskCache don't handle to set CookieHeader. so All Set-Cookie's value is invalid.
The root of cause is that metaDataChanged() don't work because of no slot for it.
Add the slot for it and renamed to _q_metaDataChanged.
Task-number: QTBUG-41514
Change-Id: I5cec017e59a1de69c6e89c0bc7209a73dcdc11da
Reviewed-by: Jeongmin Kim <jm86.kim@lge.com>
Reviewed-by: Jung Dong-Heon <clamp03@gmail.com>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>