Commit Graph

63 Commits (28ff65f4dc67349ff88e4cd161b6bced7e9bf477)

Author SHA1 Message Date
Peter Hartmann 28ff65f4dc QNX: hardcode on-demand SSL root cert loading
The c_rehash'ed symlinks are always there on QNX, so no need to check
at every app start for the feature. This saves ~ 17ms at each app
start.

Task-number: QTBUG-32549
Change-Id: Ia9df60aba9d1bd70868b7004b847867a2128f600
Reviewed-by: Andreas Holzammer <andreas.holzammer@kdab.com>
Reviewed-by: Rafael Roquetto <rafael.roquetto@kdab.com>
2013-07-26 09:52:29 +02:00
aavit a3a43abc04 Fixes: QtNetwork compilation for OpenSSL < 1.0.0
Incorporate some more of the API changes between OpenSSL versions
0.9.8 and 1.0.0.

Task-number: QTBUG-31140

Change-Id: Ie719b34e3ec8751f0fbc07d315e82816c110762c
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2013-05-23 22:00:46 +02:00
Jake Petroules f7eea69a2a Utilize the new Q_OS_MACX define.
All occurrences of `#if defined(Q_OS_MAC) && !defined(Q_OS_IOS)` have
been replaced with `#if defined(Q_OS_MACX)`.

Change-Id: I5055d9bd1845136beb8ed1c79a8f0f2c0897751a
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@digia.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2013-05-09 12:17:59 +02:00
Peter Hartmann e145b67fbd SSL internals: do not write after shutting down the socket
... but rather throw an error, so the HTTP layer can recover from a SSL
shutdown gracefully. In case the other side sent us a shutdown, we should
not send one as well, as it results in an error.

Change-Id: Ie7a56cf3008b6ead912aade18dbec67846e2a87e
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-04-23 23:22:43 +02:00
Peter Hartmann 835e720c7e SSL internals: fix memory corruption using QSslConfigurationPrivate
We are passing a QSslConfigurationPrivate that is allocated on the stack
(in QSslSocketBackendPrivate::initSslContext()) to
QSslConfiguration::QSslConfiguration(QSslConfigurationPrivate *dd).
When the SSL context is destroyed, this object is not there any more.
So now we create a deep copy of the configuration like we do in
QSslSocket::sslConfiguration().

Task-number: QTBUG-30648
Change-Id: Iaefaa9c00fd6bfb707eba5ac59e9508bf951f8a5
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-04-18 22:02:18 +02:00
Peter Hartmann 1f180e9690 SSL code: store SSL parameters for debugging, guarded by define
... so SSL traffic can be decrypted with e.g. tcpdump / Wireshark.
For this to work, the define needs to be uncommented and QtNetwork
recompiled. This will create a file in /tmp/qt-ssl-keys which can
be fed into Wireshark.
A recent version of Wireshark is needed for this to work.

Change-Id: I4e41fd2e6122260cd96d443b1360edc71b08b5fd
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-03-22 19:52:26 +01:00
Paul Olav Tvete 97fcf3bc98 Introducing the Qt Android port
Based on the Necessitas project by Bogdan Vatra.
Contributors to the Qt5 project:

BogDan Vatra <bogdan@kde.org>
Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@digia.com>
hjk <hjk121@nokiamail.com>
Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Paul Olav Tvete <paul.tvete@digia.com>
Robin Burchell <robin+qt@viroteck.net>
Samuel Rødal <samuel.rodal@digia.com>
Yoann Lopes <yoann.lopes@digia.com>

The full history of the Qt5 port can be found in refs/old-heads/android,
SHA-1 249ca9ca2c7d876b91b31df9434dde47f9065d0d

Change-Id: Iff1a7b2dbb707c986f2639e65e39ed8f22430120
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
2013-03-05 08:31:23 +01:00
Tor Arne Vestbø 0768920dbd Remove ifdefs for supporting Mac OS <= 10.5
Qt5 requires Mac OS 10.6, so we can remove checks such as
if MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6

Change-Id: Iea21727a277291148704ecf9677ed0b68c24920f
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2013-02-18 00:31:54 +01:00
Frederik Gladhorn e65cd6f379 Merge remote-tracking branch 'origin/stable' into dev
Conflicts:
	src/concurrent/doc/qtconcurrent.qdocconf
	src/corelib/doc/qtcore.qdocconf
	src/corelib/global/qglobal.h
	src/dbus/doc/qtdbus.qdocconf
	src/dbus/qdbusmessage.h
	src/gui/doc/qtgui.qdocconf
	src/gui/image/qimagereader.cpp
	src/network/doc/qtnetwork.qdocconf
	src/opengl/doc/qtopengl.qdocconf
	src/opengl/qgl.h
	src/plugins/platforms/windows/qwindowswindow.cpp
	src/printsupport/doc/qtprintsupport.qdocconf
	src/sql/doc/qtsql.qdocconf
	src/testlib/doc/qttestlib.qdocconf
	src/tools/qdoc/doc/config/qt-cpp-ignore.qdocconf
	src/widgets/doc/qtwidgets.qdocconf
	src/xml/doc/qtxml.qdocconf

Change-Id: Ie9a1fa2cc44bec22a0b942e817a1095ca3414629
2013-02-14 14:24:57 +01:00
Frederik Gladhorn 7f15506548 Remove Nokia from ssl linking exception.
Change-Id: I559d4dd8789a249af855f6fe9bfe013ba1d77132
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
2013-02-11 11:59:22 +01:00
Peter Hartmann b5652df775 SSL: Implement session sharing and use it from QNetworkAccessManager
This improves performance since a network round trip can be avoided.

Change-Id: I1aaff7e48ef9638cb137de0f43942c3a4dd2884a
Initial-patch-by: Markus Goetz <markus@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-02-06 23:24:44 +01:00
Sergio Ahumada 48e0c4df23 Update copyright year in Digia's license headers
Change-Id: Ic804938fc352291d011800d21e549c10acac66fb
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
2013-01-18 09:07:35 +01:00
Shane Kearns eb2688c4c4 Fix binary incompatibility between openssl versions
OpenSSL changed the layout of X509_STORE_CTX between 0.9 and 1.0
So we have to consider this struct as private implementation, and use
the access functions instead.

This bug would cause certificate verification problems if a different
version of openssl is loaded at runtime to the headers Qt was compiled
against.

Task-number: QTBUG-28343
Change-Id: I47fc24336f7d9c80f08f9c8ba6debc51a5591258
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-12-10 20:48:10 +01:00
Friedemann Kleint 30eb0b7281 Fix typo in SSL error message.
Change-Id: If72d80979e1d2ea909227785cd691be39d75c8ab
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-11-27 19:31:21 +01:00
Jing Bai 37e3168abc wrap QLibrary related code with QT_NO_LIBRARY
To fix a compile error when QT_NO_LIBRARY is defined.

Change-Id: Ie72b60b8204641fa05f4cdbf66e908cb3526217e
Reviewed-by: Jing Bai <jing.bai@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-09-24 17:06:48 +02:00
Iikka Eklund be15856f61 Change copyrights from Nokia to Digia
Change copyrights and license headers from Nokia to Digia

Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
2012-09-22 19:20:11 +02:00
Frederik Gladhorn cae8951e30 Fix typo in docs.
Change-Id: Icfafa00062b442903579dd7993c75fffb60187f9
Reviewed-by: Peter Hartmann <phartmann@rim.com>
2012-09-19 19:54:44 +02:00
Brendan Long 860f95946b Add support for explicit TLS 1.1 and 1.2
Add SslProtocol enums TlsV1_1 and TlsV1_2 and use the appropriate OpenSSL
methods when they're selected (TLSv1_1_client_method, TLSv1_2_client_method,
TLSv1_1_server_method and TLSv1_2_server_method). This allows us to
explicitly use TLS 1.1 or 1.2.

Task-number: QTBUG-26866
Change-Id: I159da548546fa746c20e9e96bc0e5b785e4e761b
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-08-29 14:22:54 +02:00
Marc Mutz 79b742b7e0 QtNetwork: use nullary version of qRegisterMetaType<T>("T")
Using the nullary version has the advantage that multiple calls
during a program run are much more efficient, since an inlined
atomic is used to store the result. It also ensures that
Q_DECLARE_METATYPE(T) has been used, whereas qRegisterMetaType<T>("T")
will happily register anything. So I've added the macro where it
was missing, or moved it to a central place when it existed
hidden.

In tst_qnetworkreply, this became a bit tricky, because a private
header is conditionally included, so moved the Q_DECLARE_METATYPE()
into a conditional section, too.

Change-Id: I71484523e4277f4697b7d4b2ddc3505375162727
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>
2012-07-25 19:32:41 +02:00
Martin Petersson bf6897edb0 QtNetwork: remove double buffering on sockets
Removes the readBuffer from the QAbstractSocket since data is already
buffered in the QIODevice.

Change-Id: I4e50b791fd2852455e526fa2c07089d4d3f0b2a4
Reviewed-by: Prasanth Ullattil <prasanth.ullattil@nokia.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2012-06-26 11:32:04 +02:00
Shane Kearns 6a7dc02160 Fix deprecated API warning
Check for blacklisting in case the application has blacklisted
a cert before windows has (currently unlikely as the blacklist is
hardcoded in Qt)
Don't need to check for time validity because that's already checked
by the windows API.
Change-Id: I34da5c4a8a0f8851b9b7668fc421a93c360c8588
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-05-23 14:18:34 +02:00
Thiago Macieira dd5b373d41 Change remaining uses of {to,from}Ascii to {to,from}Latin1 [QtNetwork]
This operation should be a no-op anyway, since at this point in time,
the fromAscii and toAscii functions simply call their fromLatin1 and
toLatin1 counterparts.

Task-number: QTBUG-21872
Change-Id: I94cc301ea75cc689bcb6e2d417120cf14e36808d
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-05-04 12:46:05 +02:00
Shane Kearns bb234e238c Rename QAbstractSocket::PauseOnNotify -> PauseOnSslErrors
Although we created an enum for pause modes to make 5.x binary
compatible with 5.0, the enum value is not well named.
In 5.1, we propose to add PauseOnProxyAuthentication to the enum.
PauseOnNotify is not clear what it means, while PauseOnSslErrors is.

Any new notification in a minor release would need a new enum value
otherwise applications would get pauses they did not expect.

Task-number: QTBUG-19032
Change-Id: I4dbb7467663b37ca7f0551d24a31bc013968bedc
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
2012-05-04 03:11:17 +02:00
Shane Kearns 42d4639fd9 Fix windows cert fetcher if site presents full chain
If a website presents the complete certificate chain in the handshake
i.e. site -> intermediate CA -> root CA then openssl gives
a different error (SelfSignedCertificateInChain)

Because of this windows feature, that either means the site is
signed by an untrusted CA, or the CA trust status is unknown because
we don't have the root cert in the cert store.

In any case, calling the windows verification function results
in a trusted chain & the root being added to the cert store.

Task-number: QTBUG-24827
Change-Id: I2663ea2f86cd0b4dfde105d858ec1b39a340c1f6
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-05-04 03:10:39 +02:00
Shane Kearns ee0514d63c Optimise windows cert fetching and fix test case.
If we're not going to verify the peer, or we know in advance that
windows won't have a CA root then don't ask it to verify the
certificate chain.
The test case started failing in CI when the windows cert fetcher
was integrated due to timing change. I've relaxed the timing
requirement of the test to avoid it being unstable.

Task-number: QTBUG-24827
Change-Id: I694f193f7d96962667f00aa01b9483b326e3e054
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
2012-05-03 16:11:58 +02:00
Rohan McGovern 2149b650ea Fixed compile of QSslSocket with -qtnamespace on Windows.
Q_DECLARE_METATYPE must be outside of the qt namespace.

System headers must be included outside of the qt namespace.

Change-Id: I2f48b1df87e5edae2baee6ce813af08d3e011dc0
Reviewed-by: Sergio Ahumada <sergio.ahumada@nokia.com>
Reviewed-by: Toby Tomkins <toby.tomkins@nokia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-05-01 12:38:07 +02:00
Martin Petersson a8a5b38b00 QSslSocket: call to ERR_free_strings to free loaded error strings
Since we are calling q_SSL_load_error_strings to load error strings
we should call ERR_free_strings to free the memory again.

Task-number: QTBUG-15732
Change-Id: Ie41291bb0e1434f82025378edfca51930712a8aa
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2012-04-20 12:46:47 +02:00
Konstantin Ritt 907909d858 fix qsslsocket build in -permissive mode (assigning const char* to char*)
Change-Id: I76269630ebabdf601c2fcb5f65a8dffbd6cdbc5e
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-04-19 16:44:47 +02:00
Ian Dean 22042dd769 Change coreservices -> ios
Replace "contains(QT_CONFIG, coreservices)" with "!ios" in config files.
Replace "QT_NO_CORESERVICES" with "Q_OS_IOS" in source files.

Change-Id: Id3b02316b245a24ce550e0b47596d18a4a409e4f
Reviewed-by: Morten Johan Sørvig <morten.sorvig@nokia.com>
2012-04-19 01:57:58 +02:00
Qt4iOS 75fb4efeae Added iOS compatibility.
Put MacOS-specific code into #ifdef blocks to enable compilation on iOS.

Change-Id: I0bb3846f457d1b3a56d99fe182b1718bc8429117
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-04-13 08:33:51 +02:00
Shane Kearns 7386ab17df Use windows API to update missing CA roots
Windows ships with a minimal set of CA roots.
When using windows API to verify a certificate, it will fetch the
root certificate from windows update (assuming it is part of the
Microsoft trust program).

As we are using openssl, this does not happen transparently.

If SSL errors occur which indicate a broken chain then attempt
to fix it using the windows API before emitting sslErrors.

If the system CA certs are not in use (a CA bundle has been set
on the socket or as the global configuration), then this is skipped.
This is so an application can continue to use its own cert bundle
rather than trusting the system certs.

Key usage is specified, so that windows will return not trusted
status if the root is not suitable for SSL (server auth or
client auth OID).

Testability:
 - to test, must delete the CA cert(s) from the "third party
   root certification authorities" section of the cert store
   using mmc.exe.
 - If the workaround of installing the windows XP cert bundle was
   performed, then you also need to delete certs from the "trusted
   root certification authorities" section.
   This is dangerous, be careful not to delete the required
   certificates which are documented on MS website
 - Naturally, modifying these areas of the cert store requires
   elevated privilege.

Task-number: QTBUG-24827
Change-Id: I5cfe71c8a10595731f6bbbbabaaefa3313496654
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2012-04-11 15:49:02 +02:00
Martin Petersson 47a62485c0 Use SSL_MODE_RELEASE_BUFFERS in QSslSocket
If SSL_MODE_RELEASE_BUFFERS is available we should tell OpenSSL
to release memory early.
http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html

Task-number: QTBUG-14985
Change-Id: Ib6656ebb3c4d67ca868b317ee83ddbf0983953f9
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Markus Goetz <markus@woboq.com>
2012-03-09 01:42:05 +01:00
Martin Petersson 19a562a923 QSslSocket::verify certificates when on-demand loading is used
Task-number: QTBUG-24350
Change-Id: I5a328efe6606f5d438bb4787a5c02a425ce42aca
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-02-23 16:38:45 +01:00
Shane Kearns c5aba0ac17 Prevent data loss when an ssl socket is closed by remote
SSL context was destroyed on disconnect. This makes it impossible to
decrypt buffered encrypted data. So if there is encrypted data in the
receive buffers, then don't destroy the ssl context until the socket is
destroyed.

Task-Number: QTBUG-23607
Change-Id: I16a7b4fa006647ec73049c90cdbc72686696850f
Reviewed-by: Jonas Gastal <jgastal@profusion.mobi>
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-02-01 19:18:12 +01:00
Jonas M. Gastal 695dded37b Emit QSslSocket::error in case of openssl gives an error.
Create new QAbstractSocket::SocketError value that denotes a error in
the SSL library: SslInternalError
Create QAbstractSocket::SocketError value that denotes a error in data
provided by user cauding an SSL library error: SslInvalidUserDataError

Change-Id: I466a9389d9d7052efd8eddd1a2d6067ba26dfddb
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <ext-shane.2.kearns@nokia.com>
2012-02-01 02:16:14 +01:00
Richard Moore b3a978d661 Make the pause modes a QFlags.
The intention is to add additional pause modes over time, this will
be easier if we can just test if a particular reason for pausing is
turned on. If we don't do this we'll end up having to check for each
enum value every time we check what is enabled.

Change-Id: I6b08f0e819b5593e3f6463c3dd175eff8625e155
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@nokia.com>
Reviewed-by: Shane Kearns <ext-shane.2.kearns@nokia.com>
2012-01-30 16:39:56 +01:00
Jason McDonald 5635823e17 Remove "All rights reserved" line from license headers.
As in the past, to avoid rewriting various autotests that contain
line-number information, an extra blank line has been inserted at the
end of the license text to ensure that this commit does not change the
total number of lines in the license header.

Change-Id: I311e001373776812699d6efc045b5f742890c689
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-01-30 03:54:59 +01:00
Peter Hartmann 07662f93ac QAbstractSocket / QSslSocket: add API to pause and resume
pause and resume is currently only supported upon emitting the
QSslSocket::sslErrors() signal. The API was added in QAbstractSocket to
also support QAbstractSocket::proxyAuthenticationRequired() in the
future.

This is the first patch to support that feature on the socket level,
another patch will follow to support sslErrors() and
authenticationRequired() in QNetworkAccessManager / QNetworkReply.

Task-number: QTBUG-19032
Change-Id: Ide2918268590ab9a01454ab26cb7fdca3dc840ab
Reviewed-by: Shane Kearns <ext-shane.2.kearns@nokia.com>
2012-01-25 19:35:05 +01:00
Jason McDonald 629d6eda5c Update contact information in license headers.
Replace Nokia contact email address with Qt Project website.

Change-Id: I431bbbf76d7c27d8b502f87947675c116994c415
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-01-23 04:04:33 +01:00
Shane Kearns 1ee9c0925b SSL - dump failed certificate chains when debug logging is enabled
This is to help us debug problems with CA certificates.
Code is not compiled by default, only when QtNetwork is built with
QSSLSOCKET_DEBUG defined

Change-Id: I404c36bf4c6bf1190f480196038197be30b4b5f9
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-01-09 22:08:35 +01:00
Shane Kearns ca5072fb18 Fix renewed SSL certificates being incorrectly reported as expired
OpenSSL tries certificates in the order they are added to the store.
There was logic to add the expired certificates after the valid ones
to ensure the valid certificate is checked first if the OS cert store
contains both the expired and renewed version of the same cert (e.g.
the verisign class 3 cert on windows)

However due to a coding error, the ordering was reversed, ensuring the
problem is always encountered instead of always avoided.

Task-number: QTBUG-20012
Change-Id: I7c8dba8a09842540a22b44d33c7dcb22bbbc6a58
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-01-06 19:24:23 +01:00
Jason McDonald 1fdfc2abfe Update copyright year in license headers.
Change-Id: I02f2c620296fcd91d4967d58767ea33fc4e1e7dc
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-01-05 06:36:56 +01:00
Shane Kearns 2cc78885b0 Handle plain socket write errors in SSL
When an ssl socket is closed during connecting, and it is using a proxy
then it is possible for the plain socket to be in pending close state
when transmit() is called.
As errors were not handled, this caused the socket (and https request)
to "hang".
It now propagates the error from plain socket.

Change-Id: I6fb86815a2a63e197cea582f4b153e487543477c
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2011-12-22 15:55:21 +01:00
Peter Hartmann 86f5b78394 SSL: fix build with -openssl-linked for OpenSSL 0.9.8*
OpenSSL's SSL_ctrl() always took a "void *" argument as 4th parameter,
since at least version 0.9.7.
I have no idea why we had "const void *" in there.

Reviewed-by: Richard J. Moore <rich@kde.org>
Task-number: QTBUG-23132
(cherry picked from commit 4db91cbd6147e40f543342f22c05b7baddc52e5a)

Change-Id: Ie570e1cc59b72f13d3e6f3ed6fc1892444a63743
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Robin Burchell <robin+qt@viroteck.net>
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
2011-12-22 11:43:55 +01:00
Peter Hartmann 09404c072f SSL: fix build when compiled with -openssl-linked
... and only resolve the functions when the methods are available.
SSL 2 functionality is not always available in OpenSSL anymore.

Change-Id: Ia3178685b26c67ac55447476789e06710b596181
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2011-11-25 14:37:02 +01:00
Richard Moore bf7364f0aa Improve the testability of QSslOptions.
The handling of QSslOptions is complicated not only by the subject, but
also by the fact that some of the openssl directives are negatives. This
commit tries to separate the inherent complexity from the complexity of
the api by allowing us to test them independently.

Change-Id: Ieb9386c69dd9b0b49dc42e26b2878a301f26ded1
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-11-17 13:22:56 +01:00
Peter Hartmann 4dc390e66f SSL namespace: rename TlsV1 to TlsV1_0
This is a source-incompatible change.

TlsV1 is ambiguous; what is actually meant is TLS version 1.0. There are
also TLS versions 1.1 and 1.2; we might want to add options for these
once OpenSSL supports them (apparently they will be with OpenSSL version
1.0.1).

Change-Id: I940d020b181b5fa528788ef0c3c47e8ef873796a
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
2011-11-16 10:32:10 +01:00
Richard Moore 75b2a4960b Add the ability to do unsafe SSL renegotiation as a fallback.
This commit adds the ability to perform legacy SSL renegotiation as
a fallback via QSsl::SslOptions. This is something that used to work,
but has been disabled by default in newer versions of openssl. The
need for this has been reported by users (eg. in QTBUG-14983).

Change-Id: I5b80f3ffd07e0c5faddc469f6a8f857bac5740f7
Reviewed-by: Corentin Chary <corentin.chary@gmail.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-11-15 11:53:44 +01:00
Peter Hartmann 4329030b77 network: remove Symbian specific code
removes several files and cleans up the code, removing all Symbian
specific #ifdef's etc.

Change-Id: Ie457e54cb4b3a992f251383320d47822259c38f1
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
2011-11-14 18:41:17 +01:00
Richard Moore e66d3d9899 Deprecate QSslCertificate::isValid() replace with isBlacklisted()
Currently isValid wrongly gives the impression it checks a certificate
for validity - it doesn't. It merely checks if the certificate dates
are valid and if the certificate is blacklisted. Since it's already
easy for users to check the dates, let's just give them access to the
ability to check for blacklisting.

Change-Id: I25be3bde6a01063034702a9574b28469bf4882cd
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-11-14 10:39:47 +01:00