Certain servers, like smtp.live.com, will send a request for a
certificate even though they don't require one. In Schannel this
manifests as a warning/info status (SEC_I_INCOMPLETE_CREDENTIALS).
In the cases where it's not needed we should suppress the warning and
try to connect anyway, which is done by calling
InitializeSecurityContext again when we get the status.
Pick-to: 5.15
Change-Id: I3c48140f2949d8557251a49a2b66946da9395736
Reviewed-by: Joshua GPBeta <studiocghibli@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Fix our API, so that QStringList and QList<QString> are the
same thing.
This required a bit of refactoring in QList and moving the
indexOf(), lastIndexOf() and contains() method into
QListSpecialMethods. In addition, we need to ensure that
the QStringList(const QString&) constructor is still available
for compatibility with Qt 5.
Once those two are done, all methods in QStringList can be moved
into QListSpecialMethods<QString>.
Change-Id: Ib8afbf5b6d9df4d0d47051252233506f62335fa3
Reviewed-by: Andrei Golubev <andrei.golubev@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
CentOS it seems not only backported some OpenSSL 3 functions,
but also raised the default security level to 2, making some of
our keys (and MDs?) 'too weak' and failing auto-tests here and
there as a result. For our auto-test we lower the level to 1,
as it is expected to be.
Fixes: QTBUG-86336
Pick-to: 5.15
Change-Id: I7062a1b292e8b60eb9c2b2e82bd002f09f9da603
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
AFAICT with GSSAPI the normal workflow is to run kinit or similar and
authenticate before running programs relying on it. Therefore
we can try to get the credentials before we choose whether or not
to use Negotiate.
Pick-to: 5.15
Task-number: QTBUG-85123
Change-Id: If0478fdd45389b2939ad87c2f582776fe56959bb
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
The GSSAPI thing is a bit noisy and not useful unless you're
debugging it specifically.
Pick-to: 5.15
Change-Id: I4a8c14159ec889776d06e0970ddf66083d788b63
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
In QAuthenticator "detach()" does not do what you expect.
First off it doesn't detach at all, and secondly it will reset the phase
that the authentication is in. This last part is intended, but it has
one issue: if setUser/setPassword is called with the same arguments
every time we ask for credentials then we never reach a fail-state since
it thinks we will have a new chance to authenticate.
Pick-to: 5.15
Change-Id: I02e2e42242220f3fced3572323e6492429cf173e
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
It's problematic if we have already used these credentials and it
failed. Since then we emit authenticationRequired only for QNAM to
intercept it and "helpfully" suggest we use the same credentials again.
By moving on we can check the cache or ask the user about the necessary
credentials.
Pick-to: 5.15
Change-Id: Idaac5ae71167462369b66194ab6b1f77113d636a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Although this is more of a QNAM thing.
In some cases what we load from the cache might be credentials we have
already tried (and failed with, thus leading us to emit the
authenticationRequired signal). With this patch we will fall through
more often and ask the user for credentials.
Pick-to: 5.15
Change-Id: If2a556883c3ea5b0b225f4df273d38353b552b54
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Windows only so far, need a similar patch for *nix, or an alternate
approach when there is no server set up.
Pick-to: 5.15
Task-number: QTBUG-85123
Change-Id: Iff7a6b1540a2f1984153a237eea07c7bb1970064
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
If we compiled without support for it then we shouldn't consider it an
option either.
Pick-to: 5.15
Change-Id: If6e0a6afa738f375e360bf3d439196b39e47bee8
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
It has been in Qt for some years now and 6.0 marks a good point to
enable it by default. The exception is connectToHostEncrypted where we
still require the users to enable it explicitly since there's no logical
way to disable it.
[ChangeLog][QtNetwork][QNetworkAccessManager] HTTP/2 is now enabled by
default.
Fixes: QTBUG-85902
Change-Id: Ia029a045727cc593d77df9eb3a5888522ad19199
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
It really could only manifest itself if you started a request and then
immediately cancelled it and then started another one to the same
site. But only if in a certain race outcome - the connection that the
backend was establishing had to finish connecting after aborting but
before a new request had been queued!
Change-Id: I7cad2cf4ac1f64cc838498cefa076cd2c6d26701
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Mostly related to qstrlen().
Change-Id: I69e2052c83766e4fc466ed398d0d0eac011a77ec
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Oliver Wolff <oliver.wolff@qt.io>
While it's possible to instantiate safe_delete using a nullptr, the
check in if-statement is 99.9(9) % of time redundant and equal
to if (true && object). Some compilers will issue a compilation
error (if warnings are treated as errors for example).
Change-Id: Ib593dc53deb6d2e4b77ea5c896610dc536c61b7c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Android 11's SELinux rules block the RTM_GETLINK requests that
qnetworkinterface_linux.cpp needs to make. So disable this completely
and fall back on the older rimplementation. Bionic has some workarounds
in their getifaddrs() implementation to make this work.
Fixes: QTBUG-86394
Pick-to: 5.15 5.15.1
Change-Id: I87447a0ecdee4dc7b506fffd163180c2b1db7835
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Remove compile warning for -Wdeprecated-declarations.
Change-Id: I747c8a390f26cfc4626e40c4684034c394bbf3c9
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Lars Schmertmann <lars.schmertmann@governikus.de>
It triggers when connecting to localhost (or when using socks proxy) and
is nothing you can act on most of the time, so change it to qCDebug.
Change-Id: I669fbde4fa0ed194703ea6a4dab13790aa771852
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Makes the QNetworkAccessBackendFactory a real interface to be used in
plugins. Requires exporting some classes but they're not made public
yet.
Removes unused features and functions.
Some things are likely still unused due to being specific for HTTP
but the HTTP network replies don't use this backend system.
Changes QNetworkAccessBackend to use a more traditional
read(char*, qint64) function for the "downloaded" data.
And an optional readPointer if supported. So far no backends have it
so it's somewhat useless, but it may be useful going forward.
If not it shall be deleted
Converts all current backends to the new setup
Easy enough, also gets rid of some unused functions.
Task-number: QTBUG-80340
Change-Id: I9339e6c6eb394c471c921f5cafd3af6175936399
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
While we initially wanted to just disable the functionality the way it
is currently built forces people to do a full build of Qt just to enable
it. Instead of doing this half-measure let's just remove the code
completely from QtBase and rather prepare QtNetwork to handle being a
plugin that can be compiled at any time.
Task-number: QTBUG-80340
Change-Id: I19155c8c167cf932088f01b2a9706d0e7ab792d1
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
And put a note about it in the documentation
Change-Id: I29126e4a80f83c256190e03b8fe01f3c869fd46d
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
And not the ssl configuration we have on the reply since it's missing
e.g. the newly received session ticket.
Change-Id: Idfeb09012a847605a76d1fe4fb881c663d019b4a
Reviewed-by: Peter Hartmann <peter@edelhirsch.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
and not just the active one(s). When starting the connection with
HTTP/2 and calling QNetworkReply::ignoreSslErrors() it would previously
only ignore the errors in the single active channel that was used, but
if we then fall back to HTTP/1.1 then we'll use the 5 other channels as
well, and those would then fail due to the ignored ssl errors.
Change-Id: I7aeb5b59897dd3a53579f0d38bd255bc2d97c2bb
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
And don't use int based type mapping anymore.
Change-Id: I456e76d1933ef646a7bd39ce565886b89e938a44
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
And remove one of the type id to name mapping that still
existed in QMetaType. QMetaTypeInterface can provide that,
so there's no need to have a second copy of the data.
qMetaTypeTypeInternal() can still map all the names of all
builtin types to ids. That functionality is for now still
required by moc and can't be removed yet.
Change-Id: Ib4f8e9c71e1e7d99d52da9e44477c9a1f1805e57
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
It works as follows:
- user calls write(const QByteArray &);
- this function keeps a pointer to the chunk and calls a regular
write(data, len);
- write(data, len) calls a virtual writeData();
- subclass calls a new QIODevicePrivate::write();
- QIODevicePrivate::write() makes a shallow copy of
the byte array.
Proposed solution is fully compatible with existing subclasses.
By replacing a call to d->writeBuffer.append() with d->write(),
subclasses can improve their performance.
Bump the TypeInformationVersion field in qtHookData, to notify the
Qt Creator developers that the offset of QFilePrivate::fileName was
changed and dumpers should be adapted.
Change-Id: I24713386cc74a9f37e5223c617e4b1ba97f968dc
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
- Remove obsolete functions and enumeration values
- Remove QObject * parameter from QMetaProperty accessors
- Fix renamed enumerations in QSsl
- Fix list items to be \li
- Fix function signatures and variable names
Change-Id: I37c7e6bf2c8ff92bc7b82620bae0a27796f866ab
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
QAbstractSocket::abort() is not a virtual function and
QSslSocket::abort() does not override it. Having two alternatives
requires a dynamic typecasting and violates the principles of object-
oriented programming.
Due to the BC, we were unable to fix that in Qt5. Now, we can modify
QSslSocket::close() to handle QAbstractSocket::abort() requests and
remove the duplicate.
Change-Id: I49d6f32a571ae6e35b08cb366816f917e580dae8
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
1. Remove a useless forward declaration of a non-existing class.
2. Simplify the cipher filtering.
3. A missing private key (when local cert is present) found
by the Qt, not OpenSSL, so no need in asking OpenSSL for errors
in queue.
3. Fix a potential double-free (for opaque keys).
4. read/write BIOs normally owned by SSL object, but if
we fail to allocate any of them, we return early,
potentially failing to free the one that was allocated.
Change-Id: Ifb52fbc9fd1a38f101bd7ff02e79b82d6eb7e5b0
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
After calling this function, the user expects that the connection is
terminated, I/O device is closed and the socket is ready for a new
attempt. But, if the socket was disconnected before the call, close()
is not called and I/O device remains opened.
Because QAbstractSocket::close() and QIODevice::close() can handle
reentering, we can call close() unconditionally, which makes
the behavior obvious.
Change-Id: I90a9cbb1a1fe8f866b55ef0bd68d286b34e853f5
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
QtNetwork requires the socket library as a public dependency. Similar
to Windows's ws2_32 library.
Task-number: QTBUG-83202
Change-Id: I92bb48fddc2cbea07700cde65b4737500b9820f7
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Now that I need this stuff both in OpenSSL and woldSSL code, makes sense
to introduce such helpers as a separate change (instead of duplicating
the code in wolfSSL patch).
Change-Id: I9ce600ebe709d103209372ea4c2bdb6fa6b6ce3a
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
One warning about unused variable (dataLeftover), which was at some
point replaced by the class variable 'decoderHasData'.
The second warning was a fault of logic: checking that the unsigned
value retValue was greater than or equal to zero. Which only came about
because they initially did different things but the branches got merged
and the logic became flawed.
Change-Id: Ia3a04516c1b7b5f962226998bf3f4d101dd38148
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
We extend configurejson2cmake to read the "commandline"
information from configure.json. This data is then translated to CMake function
calls and written it into commandline.cmake files.
We extend QtProcessConfigureArgs.cmake to pick up those commandline.cmake
files to feed our command line handling code, which is a
re-implementation of the command line handling in qt_configure.prf.
The command line handler sets INPUT_xxx variables, similar to
configure/qmake's config.input.xxx variables. The INPUT_xxx values are
translated
- to -DFEATURE_xxx=ON/OFF arguments if the input represents a feature,
- to corresponding CMake variables if such a variable is known,
- or to -DINPUT_xxx=yyy CMake arguments.
Configure arguments that have an entry in
cmake/configure-cmake-mapping.md are actually implemented. Other
arguments are likely to need more work.
Task-number: QTBUG-85373
Change-Id: Ia96baa673fc1fb88e73ba05a1afb473aa074b37d
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Move the QIODevice::OpenMode enum into a base class, so that
we can remove the full QIODevice (and thus QObject) dependency
from qdatastream.h and qtextstream.h.
This is required so that we can include QDataStream in qmetatype.h
without getting circular dependencies.
As a nice side effect, QDataStream and QTextStream can now inherit
QIODeviceBase and provide the OpenMode enum directly in their
class scope.
Change-Id: Ifa68b7b1d8d95687ed032f6c9206f92e63bfacdf
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@qt.io>
Both normal and relaxed constexpr are required by our new minimum of
C++17.
Change-Id: Ic028b88a2e7a6cb7d5925f3133b9d54859a81744
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>
Also take this opportunity to reshuffle the content-encodings in the
intended ordering since the ordering is used to signify priority.
Task-number: QTBUG-83269
Change-Id: I022eecf1ba03b54dbd9c98a9d63d05fb05fd2124
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Not following redirects is not a feature, but just a hastle for everyone.
The main issue with switching this default is that applications that
actually do manual redirect handling will break in various ways.
FollowRedirectsAttribute was removed as it no longer serves any
purpose beyond duplicating the default value.
[ChangeLog][Network] QNetworkAccessManager now follows redirects by
default with the NoLessSafeRedirectPolicy.
[ChangeLog][Potentially Source-Incompatible Changes]
QNetworkRequest::FollowRedirectsAttribute was removed and has been
superseded by QNetworkRequest::RedirectsPolicyAttribute
Fixes: QTBUG-85901
Change-Id: Ic5b776180a4b84ac4fc895158bb5a66a3c91a042
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>