Commit Graph

47 Commits (0eaac0a3a95f8a74c06d062d3aa7928cbb09d493)

Author SHA1 Message Date
André Klitzing 0eaac0a3a9 Add support for PSK on server side
[ChangeLog][QtNetwork][QSslSocket] TLS PSK ciphers are possible in server sockets.

Task-number: QTBUG-39077
Change-Id: Iaa854a6f50242deae5492f2e4759c727488995f5
Reviewed-by: Richard J. Moore <rich@kde.org>
2016-05-02 20:33:00 +00:00
Timur Pocheptsov 765eab5103 qsslsocket/qsslcontext - add ALPN (OpenSSL only)
Application-Layer Protocol Negotiation (ALPN) - is a reworked revision
of Next Protocol Negotiation (NPN) we have in our OpenSSL code.
Can be used as a part of HTTP2 negotiation during TLS handshake.

Change-Id: I484ec528c81d4887a64749095ec292dfaec18330
Reviewed-by: Richard J. Moore <rich@kde.org>
2016-03-21 15:01:12 +00:00
Andre Somers 0df5c366e5 Use QFlags::setFlag where prudent in qtbase
QFlags::setFlag is most useful to replace explicit constructs like

if (condition) {
   someFlags |= TheConditionFlag;
} else {
   someFlags &= ~TheConditionFlag;
}

with

someFlags.setFlag(TheConditionFlag, condition);

Change-Id: Ie4586681c83e0af812d5bbf14965aad51941a960
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
2016-02-12 19:32:05 +00:00
Jani Heikkinen 1a88b2f768 Updated license headers
From Qt 5.7 -> LGPL v2.1 isn't an option anymore, see
http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/

Updated license headers to use new LGPL header instead of LGPL21 one
(in those files which will be under LGPL v3)

Change-Id: I046ec3e47b1876cd7b4b0353a576b352e3a946d9
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
2016-01-15 12:25:24 +00:00
Sebastian Lösch 73ad2bf32f Make ephemeral server key available
When using cipher algorithms with forward secrecy an ephemeral key is
used to generate the symmetric session key. Beside the SSL certificate's
key, this ephemeral key is of cryptographic interest.

The ephemeral key is chosen by the server side - currently statically in
the Qt implementation - so it is only of interest on the client side to
check it. Therefore the ephemeral key is the null key if the connection
is set up in server mode or a cipher without forward secrecy is used.

Change-Id: If241247dbb8490a91233ae47f2b38952c6591bf4
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
2016-01-04 18:10:14 +00:00
Giuseppe D'Angelo 92cda94742 QSslSocket: move default cipher, EC and default CA APIs to QSslConfiguration
QSslConfiguration is better suited for these APIs. The ones
in QSslSocket that already have a counterpart have been deprecated.

[ChangeLog][QtNetwork][SSL/TLS Support] Most of the QSslSocket
functions to deal with ciphersuites, certification authorities
as well as elliptic curves have been deprecated in favor of the
corresponding counterparts in QSslConfiguration.

Task-number: QTBUG-46558
Change-Id: I1de03379efcbcab931c20e876e252769fe4279e0
Reviewed-by: Liang Qi <liang.qi@theqtcompany.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Jani Heikkinen <jani.heikkinen@theqtcompany.com>
2015-06-11 04:18:37 +00:00
Jani Heikkinen 83a5694dc2 Update copyright headers
Qt copyrights are now in The Qt Company, so we could update the source
code headers accordingly. In the same go we should also fix the links to
point to qt.io.

Outdated header.LGPL removed (use header.LGPL21 instead)

Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing
combination. New header.LGPL-COMM taken in the use file which were
using old header.LGPL3 (src/plugins/platforms/android/extract.cpp)

Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license
combination

Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe
Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
2015-02-11 06:49:51 +00:00
Frederik Gladhorn fc35f71434 Merge remote-tracking branch 'origin/5.4' into dev
Conflicts:
	src/3rdparty/harfbuzz-ng/harfbuzz-ng.pro
	src/gui/image/qimage_conversions.cpp
	src/gui/opengl/qopenglextensions_p.h
	src/gui/text/qtextengine.cpp
	src/network/ssl/qsslsocket_openssl.cpp
	src/plugins/platforms/eglfs/qeglfshooks_stub.cpp
	src/plugins/platforms/eglfs/qeglfsscreen.cpp
	src/plugins/platforms/eglfs/qeglfswindow.cpp
	src/plugins/platforms/windows/qwindowsfontdatabase.cpp
	src/plugins/platforms/windows/qwindowsfontdatabase_ft.cpp
	src/plugins/platforms/windows/qwindowsnativeinterface.cpp
	src/plugins/platforms/windows/qwindowsscreen.cpp
	src/plugins/platforms/windows/qwindowswindow.cpp
	src/plugins/platforms/windows/qwindowswindow.h
	src/plugins/platforms/xcb/qxcbdrag.h
	src/widgets/itemviews/qabstractitemview.cpp
	src/widgets/kernel/qwidget.cpp
	src/widgets/util/qsystemtrayicon_p.h
	tests/auto/corelib/itemmodels/qsortfilterproxymodel/tst_qsortfilterproxymodel.cpp

Thanks to Friedemann Kleint for resolving the qwindowsfontdatabase.cpp
conflicts.

Change-Id: I937232c30523d5121c195d947d92aec6f129b03e
2015-02-10 09:42:25 +01:00
Konstantin Ritt 131b3cffc8 [QSSL] Pass params of shareable type by const-ref rather than by value
Change-Id: I9c09a3e2dfb90eb22d4509ac6c450a0bb5da48f6
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2015-01-28 17:05:44 +00:00
David Faure 027d2fc846 Doc: add missing since 5.4 for new sessionProtocol() methods.
They were added in 233a2f37bf, which is in
5.4, but the \since information was missing.

Change-Id: I346a049cad75647fdcd7b64df80dc169bb4ec70a
Reviewed-by: Richard J. Moore <rich@kde.org>
2015-01-19 20:50:48 +01:00
Simon Hausmann e281537f20 Merge remote-tracking branch 'origin/5.4' into dev
Conflicts:
	src/corelib/global/qglobal.h
	src/platformsupport/platformcompositor/qopenglcompositor.cpp
	src/platformsupport/platformcompositor/qopenglcompositorbackingstore.cpp
	tests/auto/gui/kernel/qwindow/tst_qwindow.cpp

Change-Id: I5422868500be695584a496dbbbc719d146bc572d
2014-12-18 12:12:58 +01:00
Kai Koehne f17d7a124f Use categorized logging for ssl code
Place all debug output into the 'qt.network.ssl' category.
This allows people to disable certain warnings at runtime.

Task-number: QTBUG-43173
Change-Id: Ide731fae3109f9cd7730cc096ee069a5b99d35f1
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-12-10 11:07:46 +01:00
Giuseppe D'Angelo ffbfd8eda6 SSL: Add support for selecting which curves should be used by an elliptic cipher
[ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic
curves should be used by an elliptic curve cipher.

Change-Id: If5d0d58922768b6f1375836489180e576f5a015a
Done-with: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-11-26 22:07:56 +01:00
Matti Paaso 974c210835 Update license headers and add new license files
- Renamed LICENSE.LGPL to LICENSE.LGPLv21
- Added LICENSE.LGPLv3
- Removed LICENSE.GPL

Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2
Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
2014-09-24 12:26:19 +02:00
Sergio Ahumada 27016b89ae Merge remote-tracking branch 'origin/stable' into dev
Change-Id: Idec54e19963e8d88c711cb179cffc81596323899
2014-03-13 15:57:11 +01:00
Kurt Pattyn 1f4cda9a70 Replace Note: with \note in documentation
Change-Id: I213ac1fb2733e675f3641441fe6c621bab06c1f0
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-03-13 13:25:58 +01:00
Richard J. Moore 233a2f37bf Add support for finding the version of SSL/TLS in use.
Previously we allowed you to specify which version(s) you wanted to use,
but did not provide access to the version that was actually negotiated.

[ChangeLog][QtNetwork][QSslSocket] Add support for finding the version
of SSL/TLS in use by a connection.

Task-number: QTBUG-28471
Change-Id: I6d50d2bc9f1ce7f98192e67992178fe7e41c0575
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-03-10 22:18:23 +01:00
Peter Hartmann 42cfb5fe4d SSL: add support for the Next Protocol Negotiation extension
... which is needed to negotiate the SPDY protocol.

[ChangeLog][QtNetwork][QSslConfiguration] Added support for the Next
Protocol Negotiation (NPN) TLS extension.

Task-number: QTBUG-33208

Change-Id: I3c945f9b7e2d2ffb0814bfdd3e87de1dae6c20ef
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
2014-02-11 15:37:10 +01:00
Richard J. Moore 5c19fad8c1 Ensure weak ciphers are not part of the default SSL configuration.
Any cipher that is < 128 bits is excluded from the default SSL
configuration. These ciphers are still included in the list
of availableCiphers() and can be used by applications if required.
Calling QSslSocket::setDefaultCiphers(QSslSocket::availableCiphers())
will restore the old behavior.

Note that in doing so I spotted that calling defaultCiphers() before
doing other actions with SSL had an existing bug that I've addressed
as part of the change.

[ChangeLog][Important Behavior Changes] The default set of
ciphers used by QSslSocket has been changed to exclude ciphers that are
using key lengths smaller than 128 bits. These ciphers are still available
and can be enabled by applications if required.

Change-Id: If2241dda67b624e5febf788efa1369f38c6b1dba
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2014-01-21 03:41:34 +01:00
Peter Hartmann becdfa6fab QSslConfiguration: rename [get]session() to [get]sessionTicket()
to reflect the fact that this returns and sets the whole session
ticket, and not just the session ID.

Change-Id: I00fe2bc4197dbcd7a02b3ae4f2f84e3a2a7edad0
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-11-08 18:58:27 +01:00
Jerome Pasion 4533cc9944 Doc: Adding mark-up to boolean default values.
Default values should have mark-up to denote that they are code.
This commit changes:
-"property is true" to "property is \c true".
-"Returns true" to "Returns \c true".
-"property is false" to "property is \c false".
-"returns true" to "returns \c true".
-"returns false" to "returns \c false".

src/3rdparty and non-documentation instances were ignored.

Task-number: QTBUG-33360
Change-Id: Ie87eaa57af947caa1230602b61c5c46292a4cf4e
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Jerome Pasion <jerome.pasion@digia.com>
2013-10-08 00:46:27 +02:00
Peter Hartmann 3be197881f QSslConfiguration: add API to persist and resume SSL sessions
Session tickets can be cached on the client side for hours (e.g.
graph.facebook.com: ~ 24 hours, api.twitter.com: 4 hours), because the
server does not need to maintain state.
We need public API for it so an application can cache the session (e.g.
to disk) and resume a session already with the 1st handshake, saving
one network round trip.

Task-number: QTBUG-20668
Change-Id: I10255932dcd528ee1231538cb72b52b97f9f4a3c
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-05-10 09:15:55 +02:00
Richard Moore 7898080ca7 Add support for intermediate certificates to server sockets.
Add intermediate certificates to our server sockets, and to our client
certs.

Change-Id: Ib5aa575473f9e84f337bebe35099506dd7d7e2ba
Task-Number: QTBUG-19825
Task-Number: QTBUG-13281
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2013-02-19 21:37:24 +01:00
Richard Moore 4a07519877 Store the local certificate in a QList.
Instead of storing a single QSslCertificate for a the local cert, store
a list of them. This will allow us to handle server sockets that use a
certificate that is not issued directly from the CA root in future.

Change-Id: I9a36b9a99daa9c0bdd17f61b4ce1a7da746f2e96
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2013-02-19 21:37:14 +01:00
Peter Hartmann b5652df775 SSL: Implement session sharing and use it from QNetworkAccessManager
This improves performance since a network round trip can be avoided.

Change-Id: I1aaff7e48ef9638cb137de0f43942c3a4dd2884a
Initial-patch-by: Markus Goetz <markus@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-02-06 23:24:44 +01:00
Peter Hartmann ce35c0db0d QSslConfiguration: toggle on demand loading of root certs properly
make sure we keep track of when we can load root certs and when we
cannot (we cannot when the developer set the certs explicitly). This is
implemented the same way for QSslSocket already, and needs to be
duplicated because we have 2 methods for setting CA certificates: one in
QSslSocket and one in QSslConfiguration.
In addition, adapt the auto test which checks whether setting a default
QSslConfiguration works: There is no way to set on demand loading
through the API, so it should be enabled by default.

Task-number: QTBUG-29103
Change-Id: I5146128aaa385dfcc0ad1e0ef81a92d9350ec5f2
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-01-23 19:36:07 +01:00
Sergio Ahumada 48e0c4df23 Update copyright year in Digia's license headers
Change-Id: Ic804938fc352291d011800d21e549c10acac66fb
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
2013-01-18 09:07:35 +01:00
Giuseppe D'Angelo 930207fc1f Add more qtbase implictly-shared classes to the list
QText*Format and QDns* ones are still missing.

Change-Id: I8e87fba596e87289ca935717e0a90bfc0b0a26c0
Reviewed-by: hjk <qthjk@ovi.com>
2012-11-30 21:57:49 +01:00
Iikka Eklund be15856f61 Change copyrights from Nokia to Digia
Change copyrights and license headers from Nokia to Digia

Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
2012-09-22 19:20:11 +02:00
Richard Moore 5ea896fbc6 Disable SSL compression by default.
Disable SSL compression by default since this appears to be the a likely
cause of the currently hyped CRIME attack.

Change-Id: I515fcc46f5199acf938e9e880a4345f2d405b2a3
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2012-09-18 14:12:17 +02:00
Martin Smith 6f09e100c9 doc: Fixed qdoc errors in SSL
Fixed some bad camel case, marked some parameters with \a,
and changed a \enum to a \typedef. Removed some obasolete
text.

Change-Id: I1e69dd9f3b74129230770addc80fe1c125faf268
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-08-18 21:08:33 +02:00
Marc Mutz b0aa023aa2 QtNetwork: add member-swap to shared classes
Implemented as in other shared classes (e.g. QPen).

Change-Id: Ib3d87ff99603e617cc8810489f9f5e9fe054cd2a
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-07-06 16:08:02 +02:00
Laszlo Papp 01d48e07d8 Mark the testSslOption method as introduced in Qt 4.8
Change-Id: Ibe7cb1ca9cdcedd3f09dd4f865907e3f0fa6aef3
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-06-07 00:38:04 +02:00
Marius Storm-Olsen ad97aba452 Doc: Fix \sa usage
Ensure comma between elements (757 missing), single space and curly-
braces around title elements, etc.

Change-Id: Id16c3fda7fc47a12a0682f8720214f4990609a97
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
2012-05-11 01:42:02 +02:00
Casper van Donderen 7eca53b51a Doc: Modularize QtNetwork documentation.
This change moves the snippets and imagesto the modularized directories.

Change-Id: If14912692a7f72d7de345eaf88d9ec9752310fca
Reviewed-by: Marius Storm-Olsen <marius.storm-olsen@nokia.com>
2012-05-09 08:35:43 +02:00
Casper van Donderen 95d83cb1b6 Remove the usage of deprecated qdoc macros.
QDoc now has support for Doxygen style commands for italics, bold
and list items. This change applies that change in QDoc to the
actual documentation.

Task-number: QTBUG-24578
Change-Id: I519bf9c29b14092e3ab6067612f42bf749eeedf5
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
2012-03-02 23:16:25 +01:00
Jason McDonald 5635823e17 Remove "All rights reserved" line from license headers.
As in the past, to avoid rewriting various autotests that contain
line-number information, an extra blank line has been inserted at the
end of the license text to ensure that this commit does not change the
total number of lines in the license header.

Change-Id: I311e001373776812699d6efc045b5f742890c689
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-01-30 03:54:59 +01:00
Jason McDonald 629d6eda5c Update contact information in license headers.
Replace Nokia contact email address with Qt Project website.

Change-Id: I431bbbf76d7c27d8b502f87947675c116994c415
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-01-23 04:04:33 +01:00
Jason McDonald 1fdfc2abfe Update copyright year in license headers.
Change-Id: I02f2c620296fcd91d4967d58767ea33fc4e1e7dc
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-01-05 06:36:56 +01:00
Richard Moore 3d3fdcd3a5 Make the default ssloptions testable.
Centralise the specification of the default ssloptions to make the code
clearer and more testable.

Change-Id: I4f4bae72736dd063ee4cd64c6375e82d0600a105
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2011-11-29 14:00:01 +01:00
Peter Hartmann f1f95d7047 SSL: fix compilation warning with gcc 4.6.1
"qsslconfiguration.cpp:204:73: warning: suggest parentheses around
comparison in operand of ‘|’ [-Wparentheses]"

Change-Id: I887ffdf3ef8263c35a8f391b3fc97faee41b7dab
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
2011-11-16 15:27:23 +01:00
Peter Hartmann 4dc390e66f SSL namespace: rename TlsV1 to TlsV1_0
This is a source-incompatible change.

TlsV1 is ambiguous; what is actually meant is TLS version 1.0. There are
also TLS versions 1.1 and 1.2; we might want to add options for these
once OpenSSL supports them (apparently they will be with OpenSSL version
1.0.1).

Change-Id: I940d020b181b5fa528788ef0c3c47e8ef873796a
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
2011-11-16 10:32:10 +01:00
Richard Moore 75b2a4960b Add the ability to do unsafe SSL renegotiation as a fallback.
This commit adds the ability to perform legacy SSL renegotiation as
a fallback via QSsl::SslOptions. This is something that used to work,
but has been disabled by default in newer versions of openssl. The
need for this has been reported by users (eg. in QTBUG-14983).

Change-Id: I5b80f3ffd07e0c5faddc469f6a8f857bac5740f7
Reviewed-by: Corentin Chary <corentin.chary@gmail.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-11-15 11:53:44 +01:00
Richard Moore 78d02e93ac Add the ability to enable various SSL bug workarounds.
There are lots of buggy SSL servers around and to connect to them you
need to disable various features. This commit adds the ability to
disable the SSL ticket extension, the ability to disable the insertion
of empty fragments, and the ability to disable compression.

Task-number: QTBUG-21906

Change-Id: I3e1d0347a46e9030b889bbf15b2aad19b8513b73
Merge-request: 68
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-10-20 18:20:12 +02:00
Jyri Tahtela f9f395c28b Update licenseheader text in source files for qtbase Qt module
Updated version of LGPL and FDL licenseheaders.
Apply release phase licenseheaders for all source files.

Reviewed-by: Trust Me
2011-05-24 12:34:08 +03:00
Taito Silvola c3ad797d8a QSslConfiguration documentation fix
setPeerVerifyMode() and peerVerifyMode() comments fix

Merge-request: 1220
Reviewed-by: Peter Hartmann
2011-05-05 14:16:30 +02:00
Qt by Nokia 38be0d1383 Initial import from the monolithic Qt.
This is the beginning of revision history for this module. If you
want to look at revision history older than this, please refer to the
Qt Git wiki for how to use Git history grafting. At the time of
writing, this wiki is located here:

http://qt.gitorious.org/qt/pages/GitIntroductionWithQt

If you have already performed the grafting and you don't see any
history beyond this commit, try running "git log" with the "--follow"
argument.

Branched from the monolithic repo, Qt master branch, at commit
896db169ea224deb96c59ce8af800d019de63f12
2011-04-27 12:05:43 +02:00