Adds support for Schannel, an SSL backend for Windows, as an
alternative to OpenSSL.
[ChangeLog][QtNetwork][Ssl] Added support for Schannel on Desktop
Windows. To build Qt with Schannel support use '-schannel' during
configure.
Task-number: QTBUG-62637
Change-Id: Ic4fb8ed3657dab994f9f4a4ac5cbddc7001a0a46
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
The formatting of the output from QSslCertificate::toText has
changed slightly from before, so it no longer matches the test's
data.
From what I can tell we just do a manual sanity check and create
a new file with the new output and then augment the test.
Task-number: QTBUG-67463
Change-Id: I751e5a3f9a28015f97c895cea47384704fd68e38
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Apparently this (undocumented) TESTDATA feature creates resource files,
but lets you use wildcards as well, which is very handy.
The reason I didn't know/realize this when adapting the tests to use a
".qrc"-file* was because some of the test-cases were using relative
paths instead of the 'testDataDir' variable.
This commit fixes the remaining uses of relative paths, removes a
usage of QDir::setCurrent, and adapts QSslSocket to use TESTDATA.
* in now-reverted commit e1600c1a73
Change-Id: Iee6d88f1e0810eeaadac90e7d44bc6db84bfeabf
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
Then we don't need to add a leading slash. (minor clean-up)
Change-Id: I86af224841009fda838e7cb89d47d324963328c9
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
This reverts commit e1600c1a73.
The commit missed the fact that TESTDATA exists. Which supports
wildcards and then can automatically pick up new files when added (as
long as they match a wildcard) and then you don't need to maintain a
giant qrc file.
Change-Id: Ie31fadb5ef6e8dfe6105f4f9764292f78cffb512
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
The reason for each is given in the skip. It's mostly about the
server-side encryption, which is unimplemented for WinRT.
Change-Id: I036b95a4526e02fd047e193f2b3c9130bec08144
Reviewed-by: Oliver Wolff <oliver.wolff@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This lets the tests run on devices which previously did not have access
to the files used (WinRT, mobile devices).
Change-Id: Ibdd85862eee6ab1a7d4da87ca321ee9bc9880bfa
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
The only reason our code wants PKCS12 files is for a private key, but
a valid file needn't contain one; and reading a file without lead to a
crash in QSslKeyPrivate::fromEVP_PKEY(). So check for missing key and
fail the load, since the file is useless to us. Also ensure the
caller's pkey is initialized, as we aren't promised that
PKCS12_parse() will set it when there is no private key.
Add a test for this case (it crashes without the fix) and update the
instructions for how to generate test data to cover it also.
(Corrected the wording there, too; at the interactive prompt,
"providing no password" really provides an empty password.)
Task-number: QTBUG-62335
Change-Id: I617508b903f6d9dee40d539b7136b0be8bc2c747
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Remove #ifdef sections for Q_OS_WINCE and wince .pro file clauses in library,
examples and tests.
Task-number: QTBUG-51673
Change-Id: I3706336395620522ceda414d7437295d9ec64f16
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
From Qt 5.7 -> tools & applications are lisenced under GPL v3 with some
exceptions, see
http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/
Updated license headers to use new GPL-EXCEPT header instead of LGPL21 one
(in those files which will be under GPL 3 with exceptions)
Change-Id: I42a473ddc97101492a60b9287d90979d9eb35ae1
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
As a follow-up for 5c1b9bbdf1 disable the
test on all platforms, since it fails on newer openssl. This was now
also happening on Windows, so until a fix is there, skip the test.
Change-Id: I6c8822c0ac5411b1114e9cd426219574ab1c9b54
Reviewed-by: Simon Hausmann <simon.hausmann@theqtcompany.com>
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@theqtcompany.com>
Use QByteArray/QString addition instead in loops and for
test row names.
Change-Id: I7974ace5b34f2da43e7511044e80de1e733245ac
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@theqtcompany.com>
Prefer QCOMPARE over QVERIFY for equality and use QLatin1String().
Change-Id: If226a0fc7b25be3e6774c7e36ca1e6f99234e5dd
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@theqtcompany.com>
Use character literals where applicable.
Change-Id: I1a026c320079ee5ca6f70be835d5a541deee2dd1
Reviewed-by: Simon Hausmann <simon.hausmann@theqtcompany.com>
The keyword no longer has a meaning for the new CI.
Change-Id: Ibcea4c7a82fb7f982cf4569fdff19f82066543d1
Reviewed-by: Simon Hausmann <simon.hausmann@theqtcompany.com>
SecureTransport does not implement QSslCertificatePrivate thus some
tests relying on generic version fail. Skip them for now.
Change-Id: I483340b37786a8a556e954b2c538e4f48a342be9
Reviewed-by: Morten Johan Sørvig <morten.sorvig@theqtcompany.com>
- Replace Q[TRY]_VERIFY(pointer == 0) by Q[TRY]_VERIFY(!pointer).
- Replace Q[TRY]_VERIFY(smartPointer == 0) by
Q[TRY]_VERIFY(smartPointer.isNull()).
- Replace Q[TRY]_VERIFY(a == b) by Q[TRY]_COMPARE(a, b) and
add casts where necessary. The values will then be logged
should a test fail.
Change-Id: Icaa1edafcc6e2779fbd6dbc2c058544d6e07f1e9
Reviewed-by: Richard J. Moore <rich@kde.org>
The QSslCertificate tests only covered certificates with RSA keys, this
extends the test coverage to DSA and EC keys.
Change-Id: Ibee26f449cf6c1d97cbac6b511972eb44d6f0bd2
Reviewed-by: Richard J. Moore <rich@kde.org>
Preparing the replacement of Q[TRY]_VERIFY(a == b) by
Q[TRY]_COMPARE(a, b) for non-boolean types.
Change-Id: Iab6ec2f0a89a3adc79e18304573994965013dab5
Reviewed-by: Mitch Curtis <mitch.curtis@theqtcompany.com>
Qt copyrights are now in The Qt Company, so we could update the source
code headers accordingly. In the same go we should also fix the links to
point to qt.io.
Outdated header.LGPL removed (use header.LGPL21 instead)
Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing
combination. New header.LGPL-COMM taken in the use file which were
using old header.LGPL3 (src/plugins/platforms/android/extract.cpp)
Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license
combination
Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe
Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
Change-Id: Ie6c659f6d8e8b3eeaf2453f0cba6189d56f86581
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
This makes it follow the coding style, which says to camel case acronyms too,
and makes it consistent with the rest of the class.
Change-Id: I4a1b21de1815530e476fc5aa8a0d41c724fc8021
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: hjk <hjk121@nokiamail.com>
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslCertificate), so
make it public.
Also, the implementation in qsslsocket_winrt.cpp simply hashed
the handle(), which violates the principle that equal instances
must hash to the same value. Also, for some platforms, the
implementation returns nullptr unconditionally, which, while not
violating the above-mentioned principle, will make all users of
the hash have worst-case complexity.
To calculate a meaningful hash, therefore, the certificate needs
to be inspected deeper than just the handle.
For OpenSSL, we use X509::sha1_hash, which also X509_cmp uses
internally to determine inequality (it checks more stuff, but
if X059::sha1_hash is different, X509_cmp() returns non-zero,
which is sufficient for the purposes of qHash()). sha1_hash may
not be up-to-date, though, so we call X509_cmp to make it valid.
Ugh.
For WinRT/Qt, we use the DER encoding, as that is the native
storage format used in QSslCertificate. This is not equivalent
to the implementation used in qsslsocket_winrt.cpp before, but
since handle() == handle() => toDer() == toDer(), it should not
be a problem.
[ChangeLog][QtNetwork][QSslCertificate] Can now be used as a key in QSet/QHash.
Change-Id: I10858fe648c70fc9535af6913dd3b7f3b2cf0eba
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
This makes non-OpenSSL backends able to handle to certificate
extensions.
This also converts the Q_OS_WINRT #ifdef's in the unit test to
QT_NO_OPENSSL as the behavior is the same for any non-OpenSSL
backend.
Change-Id: I6a8306dc5c97a659ec96063d5a59cee2ee9a63a9
Reviewed-by: Richard J. Moore <rich@kde.org>
This adds a test for a QSslCertificate containing extensions which
are marked as critical.
Change-Id: I314e1f5c9943bcad5d43129a97f9f834882dc6fb
Reviewed-by: Richard J. Moore <rich@kde.org>
This tightens tests performed on a certificate's extensions by checking
isCritical() and isSupported() for all extensions. It also explicitly
checks the keys when value() returns a QVariantMap.
Change-Id: If51c55be25bbcd09cc3a6712ddfea2bf9a01360f
Reviewed-by: Richard J. Moore <rich@kde.org>
The native handle and import functions are now available for use in other
parts of the winrt backend.
Change-Id: I07e6f95b3411c3dc7c1a7a164544b18e5e435d01
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
Discussed with Peter and agreed that it's a slightly better fit there.
Change-Id: If8db777336e2273670a23d75d8542b30c07e0d7b
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Change-Id: I92fa083665509932b75ff1037904a6f78a950fd6
Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Change-Id: Ife5b7206fd3d7af57cfca3c0f28f56bb53ede7a7
Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
... because it was used to operate a man-in-the-middle proxy.
Task-number: QTBUG-35474
Change-Id: Ic7f19708b278b866e4f06533cbd84e0ff43357e9
Reviewed-by: Richard J. Moore <rich@kde.org>
DER certificates should not be opened as text files, so we
only pass the QIODevice::Text flag when the format is
QSsl::Pem.
Change-Id: I4bad98023c397b967d5beeec0aaa6c414e06fd9c
Reviewed-by: Richard J. Moore <rich@kde.org>
Those certificates have erroneously set the CA attribute to true,
meaning everybody in possesion of their keys can issue certificates on
their own.
Task-number: QTBUG-28937
Change-Id: Iff351e590ad3e6ab802e6fa1d65a9a9a9f7683de
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Different OpenSSL versions produce slightly different output when
dumping a certificate.
Change-Id: Ida98b24422302e287641be074d6740ca292cf203
Reviewed-by: Richard J. Moore <rich@kde.org>
Change copyrights and license headers from Nokia to Digia
Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
Qt 5.0 beta requires changing the default to the 5.0 API, disabling
the deprecated code. However, tests should test (and often do) the
compatibility API too, so turn it back on.
Task-number: QTBUG-25053
Change-Id: I8129c3ef3cb58541c95a32d083850d9e7f768927
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
Reviewed-by: Olivier Goffart <ogoffart@woboq.com>
The reqExp used to handle wildcards in the path was broken. So we
always searched the working directory and not the specified path.
Autotest where passing because of a hack used for Windows paths
where we removed the first two chars in the path string.
This fix will not use nativeSeparators thus removing the Windows hack
and fix the regExp to match wildcard chars.
Task-number: QTBUG-23573
Change-Id: I56fadbb67f25b8ce9c0f17cb6232e0bdb9148b1c
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
