Commit Graph

52 Commits (776ddcab2c6f06d8d66c645eb34038ffaa60e08e)

Author SHA1 Message Date
Frederik Gladhorn f035786021 Merge remote-tracking branch 'origin/5.3' into dev
Change-Id: Ia12ffdb27ecdf25c2a2bdb0eed1945387502108a
2014-07-10 10:11:11 +02:00
Peter Hartmann 916c9d469b QSslCertificate: blacklist NIC certificates from India
Those intermediate certificates were used to issue "unauthorized"
certificates according to
http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html
, and are by default trusted on Windows, so to be safe we blacklist
them here.

Change-Id: I9891c5bee2dd82c22eb0f45e9b04abd25efeb596
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-07-09 21:30:11 +02:00
Richard J. Moore 1a8788d966 Move the PKCS#12 support from QSslSocket to QSslCertificate.
Discussed with Peter and agreed that it's a slightly better fit there.

Change-Id: If8db777336e2273670a23d75d8542b30c07e0d7b
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-05-14 11:08:01 +02:00
Peter Hartmann 3e9904b98b QSslCertificate::isSelfSigned(): add since tag in documentation
Change-Id: I6a4e96fb1a94a1a55eabe6b3e0df09b5d27fd8a2
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-05-11 13:51:03 +02:00
Daniel Molkentin ae7bbe3400 Provide new API: QSslCertificate::isSelfSigned()
Change-Id: I382a017a0b865b849667301aff8b2f87b676ecc6
Reviewed-by: Richard J. Moore <rich@kde.org>
2014-04-30 01:30:08 +02:00
Richard J. Moore fd00bfc788 Correct the documentation of the return types of subjectInfo and issuerInfo.
These functions now return a QStringList to reflect the possibility of
there being more than one entry of a given type, but the documentation
did not reflect this.

Task-Number: QTBUG-36304
Change-Id: Iba2eda5e2c3174c8dcea640b5aed9cdc9a432392
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-02-12 01:41:34 +01:00
Peter Hartmann 7eecbb0718 SSL: blacklist ANSSI intermediate certificate
... because it was used to operate a man-in-the-middle proxy.

Task-number: QTBUG-35474
Change-Id: Ic7f19708b278b866e4f06533cbd84e0ff43357e9
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-12-10 15:14:22 +01:00
Jerome Pasion 4533cc9944 Doc: Adding mark-up to boolean default values.
Default values should have mark-up to denote that they are code.
This commit changes:
-"property is true" to "property is \c true".
-"Returns true" to "Returns \c true".
-"property is false" to "property is \c false".
-"returns true" to "returns \c true".
-"returns false" to "returns \c false".

src/3rdparty and non-documentation instances were ignored.

Task-number: QTBUG-33360
Change-Id: Ie87eaa57af947caa1230602b61c5c46292a4cf4e
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Jerome Pasion <jerome.pasion@digia.com>
2013-10-08 00:46:27 +02:00
BogDan Vatra 934afb5c57 Fix loading of SSL certificate of DER files.
DER certificates should not be opened as text files, so we
only pass the QIODevice::Text flag when the format is
QSsl::Pem.

Change-Id: I4bad98023c397b967d5beeec0aaa6c414e06fd9c
Reviewed-by: Richard J. Moore <rich@kde.org>
2013-02-08 17:37:51 +01:00
Sergio Ahumada 48e0c4df23 Update copyright year in Digia's license headers
Change-Id: Ic804938fc352291d011800d21e549c10acac66fb
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
2013-01-18 09:07:35 +01:00
Peter Hartmann bf5e7fb265 SSL certificates: blacklist mis-issued Turktrust certificates
Those certificates have erroneously set the CA attribute to true,
meaning everybody in possesion of their keys can issue certificates on
their own.

Task-number: QTBUG-28937

Change-Id: Iff351e590ad3e6ab802e6fa1d65a9a9a9f7683de
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2013-01-04 15:19:17 +01:00
Richard Moore 543e2d5e01 Fix typo in docs.
Change-Id: I37ccb10d40d2a848b7c251286d29aeb85411e912
Reviewed-by: hjk <qthjk@ovi.com>
2012-12-21 01:12:30 +01:00
Giuseppe D'Angelo 930207fc1f Add more qtbase implictly-shared classes to the list
QText*Format and QDns* ones are still missing.

Change-Id: I8e87fba596e87289ca935717e0a90bfc0b0a26c0
Reviewed-by: hjk <qthjk@ovi.com>
2012-11-30 21:57:49 +01:00
Iikka Eklund be15856f61 Change copyrights from Nokia to Digia
Change copyrights and license headers from Nokia to Digia

Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
2012-09-22 19:20:11 +02:00
Marc Mutz b0aa023aa2 QtNetwork: add member-swap to shared classes
Implemented as in other shared classes (e.g. QPen).

Change-Id: Ib3d87ff99603e617cc8810489f9f5e9fe054cd2a
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-07-06 16:08:02 +02:00
Martin Petersson 6c59cdecee QSslCertificate::fromPath fix wildcard handling
The reqExp used to handle wildcards in the path was broken. So we
always searched the working directory and not the specified path.
Autotest where passing because of a hack used for Windows paths
where we removed the first two chars in the path string.

This fix will not use nativeSeparators thus removing the Windows hack
and fix the regExp to match wildcard chars.

Task-number: QTBUG-23573
Change-Id: I56fadbb67f25b8ce9c0f17cb6232e0bdb9148b1c
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-07-03 01:09:33 +02:00
Richard Moore 0b8021f5cb Change QSslCertificate::toText() to return a QString.
A couple of people reviewing the toText() method (which is new in 5.0)
have said that since the string returned is human readable it should
be a QString not a QByteArray. This change follows their advice.

Change-Id: Ibade9a24870805f7fbe2d299abeb9c6e964f0cf4
Reviewed-by: Girish Ramakrishnan <girish.1.ramakrishnan@nokia.com>
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
2012-05-21 03:10:43 +02:00
Casper van Donderen 7eca53b51a Doc: Modularize QtNetwork documentation.
This change moves the snippets and imagesto the modularized directories.

Change-Id: If14912692a7f72d7de345eaf88d9ec9752310fca
Reviewed-by: Marius Storm-Olsen <marius.storm-olsen@nokia.com>
2012-05-09 08:35:43 +02:00
Richard Moore e2a77de726 Various minor fixes for qdoc warnings.
Change-Id: I54c5ab6e1bfb1816bb510be9e2bfa1e3362faa36
Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
2012-05-06 20:42:00 +02:00
Shane Kearns bd7cd34673 Document new APIs in 5.0
The \since 5.0 directive was missing from many places.

Task-number: QTBUG-24001
Change-Id: I191ba8891ae66d78f923164bcab2fccb16eabef9
Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
2012-05-03 19:34:58 +02:00
Shane Kearns 7b9a0457be Document QSslCertificate deprecated functions
With the new functions linked

Task-number: QTBUG-24001
Change-Id: I9fd2de746a6342a1f4f182189e7f2529f092c003
Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
2012-05-03 19:34:37 +02:00
Richard Moore 2b1e0940fd Trivial doc fix.
Change-Id: I837c74d38b9f73aed41c3839421f5faad9d22f3f
Reviewed-by: Casper van Donderen <casper.vandonderen@nokia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
2012-04-16 18:35:49 +02:00
Martin Petersson 4c0df9feb2 QtNetwork: blacklist two more certificates
The comodogate 72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0
certificate is a test certificate and the MD5 Collisions was created
as a proof of concept deliberately made to be expired at the time
of it's creation.

Task-number: QTBUG-24654
Change-Id: Ic8eb417363569fe50bf19cd229658f5e371862f7
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-03-08 19:00:39 +01:00
Shane Kearns 00821ec710 QSslCertificate - make lazy initialisation thread safe
QSslCertificate can be copied around into multiple threads,
without detaching. For example, the https worker threads inside
QNetworkAccessManager.
There are const methods, which lazily initialise members of
the private class without detaching (i.e. caching results of
expensive function calls)
These functions now lock the d pointer using QMutexPool to
avoid concurrency related crashes.

autotest crashes 20% of the time in release builds without
the fix, passes 100 times in a row with the fix.

Task-number: QTBUG-20452
Change-Id: I64a01af8159216f2dd6215a08669890f6c029ca8
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2012-03-06 12:25:22 +01:00
Jason McDonald 5635823e17 Remove "All rights reserved" line from license headers.
As in the past, to avoid rewriting various autotests that contain
line-number information, an extra blank line has been inserted at the
end of the license text to ensure that this commit does not change the
total number of lines in the license header.

Change-Id: I311e001373776812699d6efc045b5f742890c689
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-01-30 03:54:59 +01:00
Jason McDonald 629d6eda5c Update contact information in license headers.
Replace Nokia contact email address with Qt Project website.

Change-Id: I431bbbf76d7c27d8b502f87947675c116994c415
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-01-23 04:04:33 +01:00
David Faure f65a10b733 Remove unused QT_NO_TEXTSTREAM.
It was checked in a few places, but it didn't actually remove QTextStream,
so it was pretty useless.

Change-Id: I8eaf28893cd6c7acbe1c0b69d58de90742aee755
Reviewed-by: João Abecasis <joao.abecasis@nokia.com>
2012-01-11 22:17:46 +01:00
Jason McDonald 1fdfc2abfe Update copyright year in license headers.
Change-Id: I02f2c620296fcd91d4967d58767ea33fc4e1e7dc
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
2012-01-05 06:36:56 +01:00
Peter Hartmann 57c31045df SSL certificate blacklist: reformat serial numbers to hexadecimal
Since recently QSslCertificate::serialNumber() always returns the
hexadecimal format, so we need to adapt to that when checking the
serial numbers for the blacklisted certificates.

Change-Id: I43bdb1be77faad7ad79a835c896fc39477452e75
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
2011-11-25 17:00:56 +01:00
Richard Moore 6f115edd74 Always use the hex format for certificate serial numbers.
In Qt 4.x the serial number is reported by a mixture of the hex value
and the number, The hex is what is used by other tools, and we should do
the same.

Change-Id: Ia0361d43fb5b920d053c95e932e0c8a012436e5e
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-11-15 10:16:12 +01:00
Richard Moore e66d3d9899 Deprecate QSslCertificate::isValid() replace with isBlacklisted()
Currently isValid wrongly gives the impression it checks a certificate
for validity - it doesn't. It merely checks if the certificate dates
are valid and if the certificate is blacklisted. Since it's already
easy for users to check the dates, let's just give them access to the
ability to check for blacklisting.

Change-Id: I25be3bde6a01063034702a9574b28469bf4882cd
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-11-14 10:39:47 +01:00
Peter Hartmann 7a78248e9c SSL: blacklist intermediate certificates that issued weak certs
... as did browser vendors.
Tested manually with affected CA certificates.

Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit e1d6df4e5931ee49b4b68dd5a33146f5639268b7)

Change-Id: I5bf6c147abf6d2de0f313d65faa2d9a1e9684cea
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-11-08 15:52:28 +01:00
Richard Moore 6248b869d0 SSL certificates: add functionality to read extensions
... by adding a new class QSslCertificateExtension and methods in
QSslCertificate to support extensions. This is needed e.g. for OCSP
(checking revocation status of a certificate) or Extended Validation
certificates.

Change-Id: I5c5d9513fa640cd487786bb9a5af734afebd0828
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2011-11-06 21:00:39 +01:00
Peter Hartmann a6e0e7909b QSslCertificate: block all DigiNotar (intermediate and root) certs
and do not only check leaf certificates, but all intermediates and
the root. Tested manually with the cross-signed intermediates.

Change-Id: I860dc9b568bc244abc9228486dbb374a1a2b47c4
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit 64adbd0c5775f97343afbe0e7b5fde0d70bdaedd)
Reviewed-on: http://codereview.qt.nokia.com/4291
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-09-07 10:17:11 +02:00
Peter Hartmann 3840ce839f QSslCertificate: also check common name for blacklisted certificates
... to reduce the possibility of blacklisting valid certificates that
happen to have the same serial number as a blacklisted one, which is
unlikely, but possible.

Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit 6b1a8129623e3716f2fc075608b260ce7c381fe2
and adapted to the source incompatible change)

Change-Id: If714c34f6ce028032eee6d68f34d088b6ad5a0cc
Reviewed-on: http://codereview.qt.nokia.com/3895
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-09-02 14:14:15 +02:00
Peter Hartmann 68b322270c QSslCertificate: blacklist fraudulent *.google.com
blacklist the leaf certificate for now. There might well be more fake
certificates in the wild, for that either the Diginotar.nl root cert
needs to be disabled on the system or OCSP would need to be enabled
(not supported by Qt yet).

Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit 70f6a1b91b242174682c30be976c2aa36c450cc7)

Change-Id: I7cd3fdc4c6e85202914764f983a60d301e54aa35
Reviewed-on: http://codereview.qt.nokia.com/3893
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
2011-08-30 18:48:35 +02:00
Peter Hartmann 8ef86d05f1 QSslCertificate: deprecate alternateSubjectNames()
... and add a new method subjectAlternativeNames() instead. This was
a typo in the API.

Change-Id: Id8704c387c9ff8e1af2b9a524ff628f5c053a294
Reviewed-on: http://codereview.qt.nokia.com/2618
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: João Abecasis <joao.abecasis@nokia.com>
2011-08-04 16:13:33 +02:00
Peter Hartmann e11fac22c4 QSslCertificate: extend documentation for new verify method
Change-Id: I47e038299a7e6ef18206839ff59ecef9f0860415
Reviewed-on: http://codereview.qt.nokia.com/1510
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Markus Goetz
2011-07-12 13:57:14 +02:00
Richard Moore 451f3b3785 Add the ability to verify a chain of certificates
Currently it is only possible to verify a certificate chain when
connecting to a server. This change makes it possible to verify a
chain at any time.

Change-Id: Ib70ad7b81418f880e995f391b82ce59561ededb8
Merge-request: 11
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-on: http://codereview.qt.nokia.com/1509
2011-07-12 13:57:14 +02:00
Peter Hartmann 94e110ca5f QSslCertificate: rename "tag" to "attribute", as in the RFC
RFC 2459 "Internet X.509 Public Key Infrastructure" uses the word
"attribute" for fields in a certificate like common name, organization
etc.

Change-Id: I51e595acbe3e146acf81af21cf48e554fa9490e4
Reviewed-on: http://codereview.qt.nokia.com/1453
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
2011-07-12 09:25:06 +02:00
Richard Moore eab215070e SSL: Move the code for extracting the name of an ASN1_OBJECT
Moves the code for extracting the name of an ASN1_OBJECT to a function.
We're going to need this again for implementing support for X509
extensions.

Change-Id: I43276eb375b37f5fef0d981f4003220d7e7b81ba
Merge-request: 18
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-on: http://codereview.qt.nokia.com/1452
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
2011-07-11 17:33:37 +02:00
Richard Moore 852d4b03f6 SSL: Add methods to access the tags of the subject and issuer of a cert
Add methods that return a list of the tags in use in a certificate
issuer or subject. This means that unknown elements of these fields can
be accessed.

Change-Id: I588989e34f541b1d31cc9e97f5a85d1624ece1b1
Merge-request: 18
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-on: http://codereview.qt.nokia.com/1451
2011-07-11 17:33:16 +02:00
Richard Moore 14b56b2be4 SSL: Make the internals of certificate name info match the externals.
The internals of QSslCertificate were using QString but the API used
QByteArray, this commit unifies the code. This means that we don't keep
converting things.

Change-Id: I29fc149a85b77e786a6e90e5154c62f713476599
Merge-request: 18
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-on: http://codereview.qt.nokia.com/1450
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
2011-07-11 17:33:00 +02:00
Richard Moore 8499fb3a9a SSL: Store x509 name entries that have no short name as their OID.
Previously, x509 name entries that didn't have a shortname would all be
(accidentally) stored with the tag 'UNDEF'. This commit changes things
so that they are stored using the string form of their OID.

Change-Id: I667306cc4f91b1ca84f29b986bc21daadeb089b6
Merge-request: 18
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-on: http://codereview.qt.nokia.com/1449
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
2011-07-11 17:32:47 +02:00
Richard Moore 2cf935b43e Certificates can have each issuer and subject field many times
THIS COMMIT BREAKS SOURCE COMPATIBILITY BETWEEN Qt 4 AND Qt 5

Qt4 assumed that there was only one entry of each type in the subject
and issuer of a certificate. This is incorrect (eg. you can have many
common names). In addition, some of the fields required by RFC3280
were not suppport. This change modifiers the API to return a list of
entries of each type and adds support for the missing fields. It also
updates the commonname matching code for SSL connections to handle
multiple entries.

Change-Id: I9457266a205def0a07c13de47094ff56ead42845
Merge-request: 5
Reviewed-on: http://codereview.qt.nokia.com/796
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@nokia.com>
2011-06-27 20:44:36 +02:00
Peter Hartmann 0da3d7d5d3 SSL certificate printing: increase max certificate size
apparently there are really big certificates around, so 4k might not
always be enough.

Change-Id: I84df82d117469a14b4c6db81e0ceecc1a8ba47b3
Reviewed-on: http://codereview.qt.nokia.com/554
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
2011-06-22 11:01:00 +02:00
Richard Moore ae4b4696a5 Add the ability to convert a certificate to text
Adds a function that will convert a certificate to human readable text
format using the openssl print function. This is useful for debugging
and for displaying the full details of a certificate (including those
parts not supported by the Qt API).

Change-Id: I27238d05df37f8b15ad09f8e761b06344631a9ce
Merge-request: 2
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-on: http://codereview.qt.nokia.com/551
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
2011-06-21 16:12:55 +02:00
Qt Continuous Integration System 6bd691dc54 Merge branch 'master' of git://scm.dev.nokia.troll.no/qt/qtbase-staging
* 'master' of git://scm.dev.nokia.troll.no/qt/qtbase-staging: (21 commits)
  Fixed line endings.
  Update licenseheader text in source files for qtbase Qt module
  New configure.exe binary
  Add -qpa option on Windows
  Use qglobal.h's VERSION number instead of hardcoded current version
  More examples adjusted to Symbian and Maemo5. (cherry picked from commit a97b9620a584c9b1a2e006873183526b3d7e001e)
  Doc: Added some details to the accessibility events API documentation.
  Doc: Fixed qdoc warnings.
  Doc: Fixed qdoc warnings.
  Doc: Made an additional change for clarity.
  Doc: Noted that the example will not work as expected with a mouse.
  Doc: Fixed qdoc warnings.
  Doc: Applying a pending change from previous merges.
  Doc: Fixed qdoc warning.
  Doc: Fixed qdoc warnings.
  Doc: Applied pending fixes to API documentation.
  Doc: Various fixes to documentation, some based on changes in master.
  Doc: Added missing project and desktop files.
  Doc: Documented the value returned when no field can be found.
  Squashed commit of changes from the 4.8-temp branch.
  ...
2011-05-25 01:11:52 +10:00
Jyri Tahtela f9f395c28b Update licenseheader text in source files for qtbase Qt module
Updated version of LGPL and FDL licenseheaders.
Apply release phase licenseheaders for all source files.

Reviewed-by: Trust Me
2011-05-24 12:34:08 +03:00
Pierre Rossi fe54165149 fix coding style for merge request re. utf8 characters in SSL certs
fixes minor coding issues for
"Use OpenSSL X509_NAME_ENTRY API to parse UTF8 subjectName/issuerName"

Task-number: QTBUG-7912
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
(cherry picked from commit 2e8d206fd9f656cd88b797c059ef83ed3df32881)
2011-05-23 17:41:57 +02:00