Commit Graph

23 Commits (4ceef8a3a6d64474344cac4a6ed4b32b09d38367)

Author SHA1 Message Date
Allan Sandfeld Jensen 6f0df02d00 Replace Qt CONSTEXPR defines with constexpr
Both normal and relaxed constexpr are required by our new minimum of
C++17.

Change-Id: Ic028b88a2e7a6cb7d5925f3133b9d54859a81744
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>
2020-08-14 15:52:58 +02:00
Timur Pocheptsov 73158a9cb0 CA fetcher (Windows) - relax the logic a bit
In case a certificate chain is missing an intermediate,
for a certificate having "Authority Information Access"
extension it's possible to fetch this intermediate and
build the chain up to the trusted root. Unfortunately,
it's not always possible to install the root certificate
in the system "ROOT" store and then an application
wants to set it in the socket's configuration,
using setCaCertificates(). But this call also
disables CA fetcher ('no on demand root loading').
It makes sense to relax this logic for such
certificates and try to fetch the intermediate CA
and then have the complete chain verified.

Pick-to: 5.15
Fixes: QTBUG-84173
Change-Id: I5b9b4271767eba6f5fd2b5cf05e942360c6aa245
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-05-29 16:58:43 +02:00
Lars Knoll c6cdf38e75 Change qHash() to work with size_t instead of uint
This is required, so that QHash and QSet can hold more
than 2^32 items on 64 bit platforms.

The actual hashing functions for strings are still 32bit, this will
be changed in a follow-up commit.

Change-Id: I4372125252486075ff3a0b45ecfa818359fe103b
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-04-09 20:03:25 +02:00
Marc Mutz b41c9a8996 Inline QMutexPool into its only remaining user
Also reduce the pool size from 131 to 17, and use QBasicMutex
instead of recursive ones.

Change-Id: I3bf0374cce5ff2c07427070aba6128a22c9b70e4
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
2019-07-08 08:13:58 +00:00
Allan Sandfeld Jensen 8d7c97d428 Remove remaining Q_DECL_NOEXCEPT/Q_DECL_NOTHROW usage
Change-Id: I91ac9e714a465cab226b211812aa46e8fe5ff2ab
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2019-04-04 18:01:38 +00:00
Mårten Nordheim 58c9c4b609 Ssl: Add support for IP-address in alternate subject name
While it's not common it still occurs, perhaps especially with 127.0.0.1

Can be tested by attempting to connect to https://1.1.1.1/ using Qt.

Change-Id: Idad56476597ab570b8347236ff700fa66ab5b1f4
Fixes: QTBUG-71828
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-01-24 15:24:14 +00:00
Lars Knoll 4e507464e4 Use a QMultiMap for issuer/subjectInfo
The map can contain multiple entries for one key,
so a multi map is the correct data structure.

Change-Id: I852ba3548f46415d8078fd0e8fdd7953ec6c370b
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2018-12-12 07:43:30 +00:00
Lorn Potter cd60b78765 wasm: enable Network for nothread
Task-number: QTBUG-70208
Change-Id: Ib73ca0d3c0736336bf517ffb968cbdbab4610319
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io>
2018-09-28 02:22:21 +00:00
Mårten Nordheim 89d4c600a5 Ssl: clang-tidy modernize-use-nullptr
And reflow the text where it exceeds the 100 column limit.

Change-Id: I0d270c6a74a4c6ecba30e4e4d38a5d8f2cf81040
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-08-09 05:34:51 +00:00
Timur Pocheptsov 8d7edf18eb QSslCertificate (OpenSSL) use the correct *_free function
When releasing a STACK_OF(GENERAL_NAME). Actually, GENERAL_NAME_free is
a special function, not the same as OPENSSL_sk_free.

Task-number: QTBUG-57679
Change-Id: I3ed300bb95e8be35bd9cd06b6dbc6e59c7c6a4ee
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-04-15 04:46:04 +00:00
Richard J. Moore cfbe03a6e0 QSslSocket: OpenSSL 1.1 backend
This patch-set implements a new QSslSocket backend based on OpenSSL 1.1.

1. General.

The code in this patch was organized to achieve these (somewhat contradicting)
objectives:
- keep the new code free of #if-ery, as far as possible;
- make it easy to clean away dead code when we're eventually able to retire
  out-dated OpenSSL versions;
- reduce the amount of code duplication.

If changes in some file/component were insignificant (~5 one-liners per file),
we still use pp-checks like: #if QT_CONFIG(opensslv11) ... #else ... #endif -
the logic is simple and it's still easy to clean the code if we remove the legacy
back-end. Where it saved #if-ery, we also introduced 'forward-compatible'
macros implementing equivalents of 1.1 functions using older OpenSSL.

In case some class contains a lot of version-specific ifdefs (particularly where
nested #if-ery was complex) we choose to split code into: "pre11" h/cpp files,
"shared" h/cpp files (they preserve their original names, e.g qsslsocket_openssl.cpp)
and "11" h/cpp files. If in future we remove the legacy back-end, "pre11" should be
removed; "shared" and "11" parts - merged.

2. Configuration.

We introduced a new feature 'opensslv11' which complements the pre-existing
'openssl' and 'openssl-linked' features. The 'opensslv11' feature is enabled
by a simple test which either compiles successfully or ends in a compilation
error, depending on a value of the OPENSSL_VERSION_NUMBER constant. If the
feature was enabled, we also append an additional compilation flag
-DOPENSSL_API_COMPAT=0x10100000L to make sure our new code does not contain
deprecated structures, function calls, macro-invocations from OpenSSL < 1.1.

Change-Id: I2064efbe9685def5d2bb2233a66f7581954fb74a
Reviewed-by: André Klitzing <aklitzing@gmail.com>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
2017-07-04 18:03:59 +00:00
Anton Kudryavtsev 01d526d18b QtNetwork: use const (and const APIs) more
For CoW types, prefer const methods to avoid needless detach()ing.

Mark predictNextRequest() as const, because this method
does not modify the object.

Change-Id: Ic94e2b31445ece46ab1423bf5b5f4e66d9a5b6ca
Reviewed-by: Edward Welbourne <edward.welbourne@theqtcompany.com>
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
2016-04-27 08:36:05 +00:00
Jani Heikkinen 1a88b2f768 Updated license headers
From Qt 5.7 -> LGPL v2.1 isn't an option anymore, see
http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/

Updated license headers to use new LGPL header instead of LGPL21 one
(in those files which will be under LGPL v3)

Change-Id: I046ec3e47b1876cd7b4b0353a576b352e3a946d9
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
2016-01-15 12:25:24 +00:00
Sérgio Martins b3fc0443a0 network: Use QList::reserve(), reduces reallocations.
Change-Id: Ie0e8cbd28802826206d7e92584b5d56bb844fb09
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
2015-06-27 11:48:40 +00:00
Thiago Macieira 08e45154fb QtNetwork: Fix const correctness in old style casts
Found with GCC's -Wcast-qual.

Change-Id: Ia0aac2f09e9245339951ffff13c946859c282001
Reviewed-by: Richard J. Moore <rich@kde.org>
2015-03-12 02:46:59 +00:00
Jani Heikkinen cb95fff1c7 Fixed license headers
Change-Id: Ibebe1318d1c2de97601aa07269705c87737083ee
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
2015-02-17 18:46:09 +00:00
Jani Heikkinen 83a5694dc2 Update copyright headers
Qt copyrights are now in The Qt Company, so we could update the source
code headers accordingly. In the same go we should also fix the links to
point to qt.io.

Outdated header.LGPL removed (use header.LGPL21 instead)

Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing
combination. New header.LGPL-COMM taken in the use file which were
using old header.LGPL3 (src/plugins/platforms/android/extract.cpp)

Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license
combination

Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe
Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
2015-02-11 06:49:51 +00:00
Richard J. Moore 9f59341d07 Remove legacy ifdefs for ancient openssl.
There were still ifdefs for openssl 0.9.7 and openssl 0.9.8f.

[ChangeLog][QtNetwork] Some legacy ifdefs for openssl 0.9.7 and openssl 0.9.8f
were removed, Qt will no longer build with these versions. In addition there
is no support for openssl built with NO_TLSEXT.

Change-Id: I9268515c0a125a2f6d79add8ee1cb40768e7e898
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
2015-02-08 20:47:39 +00:00
André Klitzing 962ea5690c Add elliptic curve support to QSsl
Add possibility to get length and other information of EC based
certificates. Also it is possible to parse those public/private
keys from PEM and DER encoded files.

Based on patch by Remco Bloemen

[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
parse elliptic curve certificates.

Change-Id: I4b11f726296aecda89c3cbd195d7c817ae6fc47b
Task-number: QTBUG-18972
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2015-01-18 10:18:43 +01:00
Kai Koehne f17d7a124f Use categorized logging for ssl code
Place all debug output into the 'qt.network.ssl' category.
This allows people to disable certain warnings at runtime.

Task-number: QTBUG-43173
Change-Id: Ide731fae3109f9cd7730cc096ee069a5b99d35f1
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-12-10 11:07:46 +01:00
Marc Mutz e8bdc949fc Add qHash(QSslCertificate) overload
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslCertificate), so
make it public.

Also, the implementation in qsslsocket_winrt.cpp simply hashed
the handle(), which violates the principle that equal instances
must hash to the same value. Also, for some platforms, the
implementation returns nullptr unconditionally, which, while not
violating the above-mentioned principle, will make all users of
the hash have worst-case complexity.

To calculate a meaningful hash, therefore, the certificate needs
to be inspected deeper than just the handle.

For OpenSSL, we use X509::sha1_hash, which also X509_cmp uses
internally to determine inequality (it checks more stuff, but
if X059::sha1_hash is different, X509_cmp() returns non-zero,
which is sufficient for the purposes of qHash()). sha1_hash may
not be up-to-date, though, so we call X509_cmp to make it valid.
Ugh.

For WinRT/Qt, we use the DER encoding, as that is the native
storage format used in QSslCertificate. This is not equivalent
to the implementation used in qsslsocket_winrt.cpp before, but
since handle() == handle() => toDer() == toDer(), it should not
be a problem.

[ChangeLog][QtNetwork][QSslCertificate] Can now be used as a key in QSet/QHash.

Change-Id: I10858fe648c70fc9535af6913dd3b7f3b2cf0eba
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
2014-10-19 07:32:37 +02:00
Mikołaj Siedlarek 9ddf2fb376 Prevent parsing of SSL certificates from 0-size buffers.
When QSslCertificatePrivate::certificatesFromDer() was passed count ==
-1 to extract unlimied number of certificates from buffer, it also tried
to parse the 0-sized fragment after the last certificate.  This has
caused d2i_X509() to report an error on latest OpenSSL.

Task-number: QTBUG-41774
Change-Id: Ifa36b7ac5b4236bd2fb53b9d7fe53c5db3cb078c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-10-10 10:17:07 +02:00
Oliver Wolff 6f1299c0b4 SSL: split ssl files into general and "_openssl" implementation
In order to prepare the addition of WinRT and iOS (SecureTransport)
implementations of SSL the structure of some SSL files has to be
redone. Parts of certificate that probably can be reused by other
ports stayed in qsslcertificate.cpp while other parts were moved
to qsslcertificate_openssl.cpp. qsslcontext, qsslkey and qsslsocket
were suffixed by _openssl to show that these are pure openssl
implementations.

Change-Id: I7b022dec49759f882274999c0991bf95788f2a3a
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-08-09 08:28:56 +02:00