Commit Graph

62 Commits (8e1e275f8f45fab9d035e86c9caba1f03db43373)

Author SHA1 Message Date
Timur Pocheptsov 8e1e275f8f SecureTransport - implement renegotiations
After a handshake was completed, TLS socket is in 'connectionEncrypted' state.
So on a read notification, in 'transmit', we call 'SSLRead' to read supposedly
encrypted application data or TLS internal messages. In case SSLRead finds either
ClientHello or HelloRequest from a server, it attempts in a rather sneaky manner
to renegotiate. And  as it happens here and there with SecureTransport, SSLRead
fails and the work is only half-done, since we have kSSLSessionOptionBreakOnServerAuth
and kSSLSessionOptionBreakOnCertRequested options set to 'true'. We end up with
completely unexpected errors like errSSLClientCertRequested or errSSLPeerAuthCompleted
(yes, this is so normal and totally expected for 'SSLRead' function to verify
certificates and WRITE messages, no need to document this at all!).

If SecureTransport is sneaky, so can be us:

- in a read callback SecureTransport is probing the type of record
  and we can notice a sudden session state change - it goes from
  kSSLConnected (which is set upon handshake completion) to
  kSSLHandshake (which means a (re)handshake is ongoing);
- if this is the case - we lie to SecureTransport about the amount
  of data available (0 bytes), set 'renegotiating' to 'true', return
  errSSLWouldBlock;
- in 'transmit', if SSLRead returns errSSLWouldBlock and 'renegotiating'
  was set, we call 'startHandshake' until isHandshakeComplete() == true
  or some error encountered.

[ChangeLog][QtNetwork][QSslSocket] Implement renegotiation for SecureTransport backend

Task-number: QTBUG-69420
Change-Id: Iaab1336aa3abf3f6ac94b358f3142d2738a18ee9
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-07-27 11:53:06 +00:00
Timur Pocheptsov f8a5902800 SecureTransport - enable ALPN on macOS
Initially macOS SDK 10.13 had a missing symbol (only a function declaration
in a header), while iOS, tvOS and watchOS SDKs all had the required symbol. Now
it appears more recent SDK for macOS also has the function we need and thus we enable
ALPN on macOS (as a result 'h2' protocol can now be negotiated as required by
RFC 7540).

[ChangeLog][QtNetwork][QSslSocket] Enable ALPN (and thus HTTP/2 negotiation) in SecureTransport backend (macOS).

Change-Id: I65bd8262a9571a5495d11f7f5a29d150334cd09c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-07-17 13:32:16 +00:00
Timur Pocheptsov bcbfa36663 SecureTransport - cleanup the code a bit
No need in ugly macro ioErr and if-ery, no need in generic noErr.
SecureTransport has its own,  more specific error codes: errSecIO
and errSecSuccess (which have the equivalent values).

Change-Id: Ifd99fbcbee290fe27caa0c258923f4527c047ba8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2018-07-14 04:06:05 +00:00
Lars Knoll 0f315adf91 Merge remote-tracking branch 'origin/5.10' into dev
Conflicts:
	.qmake.conf
	sc/corelib/io/qfsfileengine_p.h
	src/corelib/io/qstorageinfo_unix.cpp
	src/platformsupport/eglconvenience/qeglpbuffer_p.h
	src/platformsupport/input/libinput/qlibinputkeyboard.cpp
	src/platformsupport/input/libinput/qlibinputpointer.cpp
	src/plugins/platforms/cocoa/qcocoamenu.mm
	src/plugins/platforms/ios/qiosscreen.h
	src/plugins/platforms/ios/qioswindow.h
	src/plugins/platforms/ios/quiview.mm
	src/printsupport/dialogs/qpagesetupdialog_unix_p.h
	src/printsupport/dialogs/qprintpreviewdialog.cpp
	src/printsupport/widgets/qcupsjobwidget_p.h
	src/widgets/widgets/qmenu.cpp
	tests/auto/corelib/tools/qdatetime/tst_qdatetime.cpp
	tests/auto/widgets/itemviews/qtreeview/tst_qtreeview.cpp

Change-Id: Iecb4883122efe97ef0ed850271e6c51bab568e9c
2018-01-02 09:58:44 +01:00
Lars Knoll db92f2f3aa Merge remote-tracking branch 'origin/5.9' into 5.10
Conflicts:
	.qmake.conf
	mkspecs/win32-g++/qmake.conf
	src/corelib/global/qglobal_p.h
	src/corelib/global/qoperatingsystemversion_p.h
	src/corelib/io/qfilesystemengine_win.cpp
	src/network/bearer/qbearerengine.cpp
	src/platformsupport/input/libinput/qlibinputpointer.cpp
	src/sql/doc/snippets/code/doc_src_sql-driver.cpp
	src/widgets/kernel/qwidget_p.h
	src/widgets/kernel/qwidgetwindow.cpp
	src/widgets/styles/qfusionstyle.cpp
	tests/auto/corelib/io/qfileinfo/tst_qfileinfo.cpp

Change-Id: I80e2722f481b12fff5d967c28f89208c0e9a1dd8
2017-12-30 12:09:53 +01:00
Timur Pocheptsov 2086c183c1 Fix/workaround a quirk in SecureTransport
We set anchors from QSslConfiguration::caCertificates. On macOS these
anchors are by default copied from the system store, so I expected
setting 'trust those anchors only' should not break anything.
Somehow, on 10.11 SecTrustEvaluate fails to evaluate a valid
certificate chain (apparently because it has an intermediate
certificate, it's just a guess, since their API/docs are too poor
to explain well what was the real cause) as I can see connecting,
for example, to google.com - we have a chain with a valid root,
say it's GetTrust CA and we have it also in our list of anchors we set
on trust, but evaluation fails with: kSecTrustResultRecoverableTrustFailure:

"This means that you should not trust the chain as-is, but that
the chain could be trusted with some minor change to the evaluation
context, such as ignoring expired certificates or adding an
additional anchor to the set of trusted anchors."

Since none of certs is expired, and the required anchor already set,
this must be some bug in SecureTransport. For macOS (deployment
target) < 10.12 we fallback to the original version of the code
(the one that unfortunately does not allow us to limit the set
of trusted anchors by what client code wants to trust).

Change-Id: Ie42fd77c3eb6ef7469812aa0d7efff88a003c0b8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-12-14 04:54:35 +00:00
Mikkel Krautz 55f8d7dfe5 qsslsocket_mac: handle 'OrLater' SslProtocols in verifySessionProtocol()
The verifySessionProtocol() method in the SecureTransport backend did not
properly handle TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater.

This commit teaches verifySessionProtocol() about them.
It also adds TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater to the
protocolServerSide() test in tst_qsslsocket.

Backport from 5.10 to 5.9 (LTS).

Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 9c765522d1)
Change-Id: I58c53bdf43e0f19b4506f3696d793f657eb4dc6f
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-11-15 21:06:49 +00:00
Timur Pocheptsov 0f0726d36e QSslSocketPrivate (SecureTransport) - add ALPN support
Starting from iOS 11.0 (SDK) Apple has exposed two new functions:
SSLSetALPNProtocols and SSLCopyALPNProtocols. This allows us to
negotiate http/2 (and any other application layer protocol) via TLS on
iOS. Unlike OpenSSL, SecureTransport's version is very limited - we
have to compare protocols manually after the SSL handshake has
finished. Still, this is better than nothing. These two functions are
also declared in macOS SDK starting from 10.13, but unfortunately the
symbols are missing and for now this feature is only enabled on iOS.

Change-Id: I3ed2f287bfa864f8aca0c231171e804f7d6b8016
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-11-14 16:12:51 +00:00
Allan Sandfeld Jensen fa9d12f4a2 Merge remote-tracking branch 'origin/5.10' into dev
Conflicts:
	src/plugins/platforms/windows/qwindowsmousehandler.cpp
	src/plugins/platforms/xcb/qxcbimage.cpp
	tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
	tests/manual/qtabletevent/regular_widgets/main.cpp

Done-with: Friedemann Kleint<Friedemann.Kleint@qt.io>
Done-with: Mårten Nordheim<marten.nordheim@qt.io>
Change-Id: I5b2499513a92c590ed0756f7d2e93c35a64b7f30
2017-10-24 13:40:55 +02:00
Liang Qi 01afc8c810 Merge remote-tracking branch 'origin/5.9' into 5.10
Change-Id: I3cf73c53cf131d0babfb558c2507bed0e0fc5f08
2017-10-16 22:21:52 +03:00
Kai Koehne f6cca6ab8a Replace 'an unique' with 'a unique'
Unique begins with a "y" sound, hence a unique is correct.

Change-Id: I9eb6b4d4c9ddab45af931e97c041c24edf163eca
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
2017-10-11 18:44:57 +00:00
Kevin Funk 58c14c4a7e Replace Q_NULLPTR with nullptr where possible
Remaining uses of Q_NULLPTR are in:
src/corelib/global/qcompilerdetection.h
  (definition and documentation of Q_NULLPTR)
tests/manual/qcursor/qcursorhighdpi/main.cpp
  (a test executable compilable both under Qt4 and Qt5)

Change-Id: If6b074d91486e9b784138f4514f5c6d072acda9a
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
2017-09-19 11:53:55 +00:00
Liang Qi 7f269a5db8 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	.qmake.conf

Change-Id: I43531e087bb810889d5c1fbfcdffb29b78804839
2017-07-06 13:54:25 +02:00
Timur Pocheptsov 0d97babf2f QSslSocket - fix two memory management issues (Secure Transport)
I noticed we never release 'items' imported by SecPKCS12Import.
But looking at the actual code (SecImportExport.c), it appears
we own these 'items' and must release them. And this leads to a crash
(on over-release) which reveals  another bug: a value from a dictionary
obtained with 'Get' method should follow the 'get rule' - we do not
own it and QCFType RAII object is not needed.

Change-Id: I219015fadedb256c401e50cf7e955f3d7e0a6c5f
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-07-04 05:02:11 +00:00
Liang Qi ce09ef4313 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	src/corelib/io/qprocess_unix.cpp
	src/corelib/io/qprocess_win.cpp
	src/plugins/platforms/android/qandroidplatformintegration.h
	src/plugins/platforms/windows/qwindowscontext.cpp
	src/plugins/platforms/windows/windows.pri
	src/tools/uic/cpp/cppwriteinitialization.cpp
	src/widgets/doc/src/widgets-and-layouts/gallery.qdoc

Change-Id: I8d0834c77f350ea7540140c2c7f372814afc2d0f
2017-06-19 16:12:34 +02:00
Timur Pocheptsov 96955dbe10 qsslsocket_mac - check that SecCertificateRef is not null
That's the only place there we can potentially pass a null pointer
to CFArrayAppendValue (all other calls are conditionally-protected).
This results in (surprise! ... ?) Objective-C exception (while we call
something that is a pure-C API). So far we cannot reproduce this crash and
can only speculate: probably this happens with invalid (can be either
really invalid or the result of our generic QSslCertificate's failure to read/
parse)) custom CA certificates appended to a QSslConfiguration object by
applications  using QSslSocket/QNAM. The fix will probably make a handshake to
fail, but this seems to be better than a crash anyway.

Task-number: QTBUG-58213
Change-Id: Ie4f9ab2138bc383adc9f9ed55ed61be2d3cf7020
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-06-13 04:33:54 +00:00
Liang Qi 7cbee56296 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	src/widgets/widgets/qmenu.cpp

Change-Id: I6d3baf56eb24501cddb129a3cb6b958ccc25a308
2017-06-07 14:02:43 +02:00
Timur Pocheptsov 4fb1745639 Ssl socket - fix broken certificate verification
On iOS QSslConfiguration always has an empty list of system CA certificates.
Calling SecTrustSetAnchorCertificatesOnly(.., TRUE) on iOS  results in
SecTrustEvaluate failing to verify a valid certificate, since there
are no 'anchors' at all. We can use SecTrustSetAnchorCerificatesOnly(.. TRUE)
on macOS only, where we do extract/copy system certificates using
SecTrustSettingsCopyCertificates and save them in a QSslConfiguration's
list.

Task-number: QTBUG-61053
Change-Id: I70d4e46273d78414baaac8531273def707c3eebc
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-06-02 12:34:22 +00:00
Liang Qi d1ea481345 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	src/network/access/qnetworkreply.cpp
	tests/auto/corelib/kernel/qmetaobject/tst_qmetaobject.cpp

Change-Id: Iadf766269454087e69fb216fc3857d85b0ddfaad
2017-05-07 13:08:18 +02:00
Timur Pocheptsov 2d2dd85766 QSslSocket (SecureTransport) - use anchors only from QSslConfiguration
Calling SecTrustSetAnchorCertificatesOnly(trust, false) we actually extend
what our user provided in QSslConfiguration as CA certificates (caCertificates,
setCaCertificates) - Secure Transport will also use a default set provided
by the system and SSL handshake can surprisingly (for a user) succeed.
And the default content of these caCertificates, if not altered by setCaCertificates
call - are those system CA certificates.

Task-number: QTBUG-60233
Change-Id: I8c1094bb7eec260f5202a47085f9f75e720eda7b
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-04-26 12:42:40 +00:00
Marc Mutz e91726ef9e QSslSocket/macOS: optimize QUuid usage
- don't create a QString, a QByteArray suffices
- perform the mid() operation on a view type (QLatin1String),
  not on a container
- use QStringBuilder

Change-Id: Ifd74f2bc98606425f9f6cb4da8618e8066a8b12e
Reviewed-by: Milian Wolff <milian.wolff@kdab.com>
2017-04-10 18:00:15 +00:00
Timur Pocheptsov 5377f4ec0e Allow Secure Transport backend to use a temporary keychain
Cherry picked:

this change was first merged into dev, but now we also need it in 5.9
to enable SSL socket tests on the new CI VMs (macOS 10.11, 10.12).
As we do not merge dev->5.9, we need this cherry-pick.

Since day one Secure Transport socket has two annoying problems on macOS:
when we call SecPKCS12Import, we indeed import certs and keys into the default keychain
and also (which is more serious) later a dialog can pop up, asking for permission
to use a private key (this is especially annoying if you're running SSL autotests or
have a server application). Apparently, it's possible to work around those problems
if we create our own (temporary) keychain and pass it in the 'options' parameter
to SecPKCS12Import.

[ChangeLog][QtNetwork] Allow QSslSocket to use a temporary keychain on macOS.

Task-number: QTBUG-56102
Change-Id: Ic3a56c905100dc80d907a25fe6ebfa232dcf5b9e
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 17927392cf)
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-04-04 10:44:29 +00:00
Liang Qi ae2695535a Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	src/corelib/io/qfilesystemengine_win.cpp
	src/gui/text/qdistancefield.cpp
	src/plugins/platforms/xcb/qxcbconnection.h

Change-Id: I1be4a6f440ccb7599991159e3cb9de60990e4b1e
2017-03-20 09:00:44 +01:00
Timur Pocheptsov 3e3defb5c3 Secure Transport - add a missing cipher
Secure Transport supports more ciphers then we can convert into QSslCipher.
This results in our tests failing, since after the successful SSL handshake
sessionCipher is 'unknown'. This patch adds missing AES256-GCM-SHA384 and also,
to make new cipher addition easier in future, sorts cipher suites as it's done
in CipherSuite.h (ST framework's header) - grouped by RFC they were introduced
in + sorted within their group.

As a bonus (thanks to Eddy for spotting this problem) - some copy & paste (?)
typos were fixed (mismatched names).

Task-number: QTBUG-59480
Change-Id: I61e984da8b37f1c0787305a26fc289e2e7c2b4ad
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-03-16 08:50:12 +00:00
Mikkel Krautz 9c765522d1 qsslsocket_mac: handle 'OrLater' SslProtocols in verifySessionProtocol()
The verifySessionProtocol() method in the SecureTransport backend did not
properly handle TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater.

This commit teaches verifySessionProtocol() about them.
It also adds TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater to the
protocolServerSide() test in tst_qsslsocket.

Change-Id: I394766c75dbea4d89bf3d6b9c3f3c89530ac0749
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-02-13 21:44:05 +00:00
Timur Pocheptsov 17927392cf Allow Secure Transport backend to use a temporary keychain
Since day one Secure Transport socket has two annoying problems on macOS:
when we call SecPKCS12Import, we indeed import certs and keys into the default keychain
and also (which is more serious) later a dialog can pop up, asking for permission
to use a private key (this is especially annoying if you're running SSL autotests or
have a server application). Apparently, it's possible to work around those problems
if we create our own (temporary) keychain and pass it in the 'options' parameter
to SecPKCS12Import.

[ChangeLog][QtNetwork] Allow QSslSocket to use a temporary keychain on macOS.

Task-number: QTBUG-56102
Change-Id: Ic3a56c905100dc80d907a25fe6ebfa232dcf5b9e
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-02-11 16:18:49 +00:00
Timur Pocheptsov 84fa396d84 SecureTransport - remove (now) redundant standalone function
It was first introduced when we had to work-around old macOS SDK (<= 10.7) with
missing API; so we split the original code into two functions, one for
iOS (any supported version) and macOS > 10.7, another function (with all
ifdefs needed and old, deprecated API usage) for macOS <= 10.7. Now that
support for those versions was dropped and the second function gone, having
the remaining code in some external function looks illogical. It can be moved
into the member-function back.

Change-Id: Ib6355f225b5df3d92a70bd7679545cc89c450228
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
2017-01-30 11:28:18 +00:00
Liang Qi cdb56c42fc Merge remote-tracking branch 'origin/5.7' into 5.8
Conflicts:
	mkspecs/features/uikit/xcodebuild.mk
	tests/auto/other/lancelot/tst_lancelot.cpp
	tests/auto/widgets/widgets/qmdisubwindow/tst_qmdisubwindow.cpp
	tests/auto/widgets/widgets/qmenubar/tst_qmenubar.cpp

Change-Id: Ia0ae2de86094120281abd445138877c2cc3e882c
2016-09-29 00:38:01 +02:00
Liang Qi e918334045 Merge remote-tracking branch 'origin/5.6' into 5.7
Conflicts:
	src/widgets/dialogs/qcolordialog.cpp
	src/widgets/dialogs/qfiledialog.cpp
	tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp

Change-Id: I34bc8a990f8f526889a95a5c7099ef557b9681ad
2016-09-28 11:51:35 +02:00
Timur Pocheptsov 158781ff25 QSslSocket: respect read buffer's max size (SecureTransport)
1. QSslSocketBackendPrivate::transmit was ignoring 'readBufferMaxSize';
as a result, we can have a user trying to set read buffer's size
to a small value (and more important - reading slowly in a small
chunks from this socket), but SSL itself socket reading 'too fast',
potentially growing its internal buffer to a huge size. This also
results in auto-tests failing - whenever we're trying to limit read
rate in some test.

2. Update qsslsocket auto-test.

Task-number: QTBUG-43388
Task-number: QTBUG-55170
Change-Id: Iedece26df0ac5b3b7cad62cc8c98aedc28e7ca5b
Reviewed-by: Richard J. Moore <rich@kde.org>
2016-09-27 10:27:58 +00:00
Jake Petroules 57378a108c Add support for Apple watchOS
Change-Id: I3f9e00569458a463af2eaa5a3a16a6afd1e9c1ea
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@theqtcompany.com>
2016-08-19 21:05:55 +00:00
Edward Welbourne 782ebeada1 Merge remote-tracking branch 'origin/5.7' into dev
Conflicts:
	qmake/library/qmakebuiltins.cpp
	qmake/library/qmakeevaluator.cpp
	qmake/library/qmakeevaluator.h
	qmake/project.h
QMakeEvaluator:
* evaluateConditional(): one side changed return type, the other
  changed a parameter type.
* split_value_list(): one side changed a parameter adjacent to where ...
* expandVariableReferences(): ... the other killed one overload and
  changed the survivor

	src/corelib/io/qlockfile_unix.cpp
One side changed a #if condition, the other moved NETBSD's part of
what it controlled.

	src/corelib/tools/qdatetime.cpp
One side fixed a reachable Q_UNREACHABLE in toMSecsSinceEpoch(), the
other moved it from the private class to the public one, in the midst
of the "short date-time" optimization, which confused diff entirely.
One side changed a QStringLiteral to QLatin1String, the other rewrote
adjoining code.

	src/network/kernel/qauthenticator.cpp
Both rewrote a line, equivalently; kept the dev version.

	src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm
	src/platformsupport/fontdatabases/mac/qfontengine_coretext_p.h
One side changed #if-ery that the other removed.

	tools/configure/configureapp.cpp
One side added a check to -target parsing; the other killed -target.

	tests/auto/testlib/selftests/expected_cmptest.lightxml
	tests/auto/testlib/selftests/expected_cmptest.teamcity
	tests/auto/testlib/selftests/expected_cmptest.txt
	tests/auto/testlib/selftests/expected_cmptest.xml
	tests/auto/testlib/selftests/expected_cmptest.xunitxml
Regenerated using generate_expected_output.py
I note that quite a few other expected_* come out changed, now.

There was no git-conflict in
	src/widgets/kernel/qformlayout.cpp
but it didn't compile; one side removed some unused methods; the other
found uses for one of them.  Put FixedColumnMatrix<>::removeRow(int)
back for its new user.

Change-Id: I8cc2a71add48c0a848e13cfc47b5a7754e8ca584
2016-07-19 20:14:40 +02:00
Edward Welbourne 82ea53ad24 Merge remote-tracking branch 'origin/5.6' into 5.7
Conflicts:
	qmake/library/qmakeevaluator.cpp

One side changed the iterator to use ranged-for, the other changed its
body; they only conflicted because the latter had to add braces around
the body, intruding on the for-line.  Trivial resolution.

Change-Id: Ib487bc3bd6e3c5225db15f94b9a8f6caaa33456b
2016-07-15 20:47:57 +02:00
Gabriel de Dietrich 8beddf8328 QSslSocketBackendPrivate: Remove QString warnings
Change-Id: I2ab758fe61ea1ba9b84672ac05ac219b85e3de6a
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
2016-07-12 10:46:55 +00:00
Anton Kudryavtsev 2788fccd29 Use QStringLiteral more judiciously
Replace it with QL1S in QStringBuilder expressions
and in overloaded functions.

Replace patterns 'QString::number() + QStringLiteral'
and 'QStringLiteral + QString::number()' with
QString::asprintf.

Saves some text size.

Change-Id: Ib39b2332264dfc3df04e77f2c101b47a1030cef4
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2016-07-08 06:43:02 +00:00
Edward Welbourne b5695bd5be Merge remote-tracking branch 'origin/5.6' into 5.7
Change-Id: Ibd81cd1df4a0650d93fcb556a57be90be2e1f569
2016-07-04 15:58:39 +02:00
Timur Pocheptsov faeaddc1b9 QSslSocket::transmit (macOS/iOS) - do not use invalid context
1. QSslSocketBackendPrivate::transmit can invalidate SSL context
  causing subsequent SSLWrite or SSLRead calls to fail; these report
  errSecParam (as null context is an invalid parameter) spuriously,
  when we should rather report the cause of invalidation.  The OpenSSL
  backend can trigger this when it aborts connection during an SSL
  handshake, on an sslErrors signal.  As transmit() emits readReady(),
  a directly connected slot can trigger the same problem if it aborts or
  closes.

2. If during peer verification (and in checkSslErrors) we disconnect
on sslErrors signal, peer verification must be considered failed and
should not continue handshake/set connectionEncrypted.

Task-number: QTBUG-52975
Task-number: QTBUG-53906
Change-Id: Iacd3b489a4156e25ef3460ace40d21f34a946bed
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2016-06-30 08:04:55 +00:00
Jake Petroules 95ea1b1aa8 Remove all code paths related to unsupported Apple platforms.
Now that the minimum deployment target (and thus SDK) is 10.9 for OS X
and 7.0 for iOS, all code paths affecting platform versions lower than
the aforementioned are removed.

Change-Id: Id985c7259c4ac069319d88f2c29c9559ae9e8641
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
2016-06-04 09:24:33 +00:00
Mike Krus 03e9c6f4a6 Add support for Apple tvOS
Pass -xplatform macx-tvos-clang to configure to build.
Builds device and simulator by default.

Added ‘uikit’ platform with the common setup.
Also added QT_PLATFORM_UIKIT define (undocumented).
qmake config defines tvos (but not ios).

tvOS is 64bits only (QT_ARCH is arm64) and requires bitcode to be
embedded in the binary. A new ‘bitcode’ configuration was added.
For ReleaseDevice builds (which get archived and push to the store),
bitcode is actually embedded (-fembed-bitcode passed to clang). For all
other configurations, only using bitcode markers to keep file size
down (-fembed-bitcode-marker).

Build disables Widgets in qtbase, and qtscript (unsupported,
would require fixes to JavaScriptCore source code).

Qpa same as on iOS but disables device orientation, status bar, clipboard,
menus, dialogs which are not supported on tvOS.

Change-Id: I645804fd933be0befddeeb43095a74d2c178b2ba
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@theqtcompany.com>
2016-05-17 16:11:23 +00:00
Anton Kudryavtsev 01d526d18b QtNetwork: use const (and const APIs) more
For CoW types, prefer const methods to avoid needless detach()ing.

Mark predictNextRequest() as const, because this method
does not modify the object.

Change-Id: Ic94e2b31445ece46ab1423bf5b5f4e66d9a5b6ca
Reviewed-by: Edward Welbourne <edward.welbourne@theqtcompany.com>
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
2016-04-27 08:36:05 +00:00
Marc Mutz bac6da10dd QtNetwork: eradicate Q_FOREACH loops [needing qAsConst()]
... by replacing them with C++11 range-for loops.
To avoid detaches of these mutable Qt containers,
wrap the container in qAsConst().

Change-Id: I47c5308a6ad220b4c5495e55a3b0d38547bfa8d9
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
2016-04-25 07:38:59 +00:00
Anton Kudryavtsev f68c62cdfc QSslSocket (Mac): optimize string usage
Wrap C-string in QL1S to prevent memory allocation.

Replace startsWith() with comparing to first element of
(existing) splitting result.

Change-Id: Id47a0c350e4027abecd1394c1ee5dec8f346af00
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Edward Welbourne <edward.welbourne@theqtcompany.com>
2016-04-04 04:58:00 +00:00
Anton Kudryavtsev 3cbe25c9a6 QtNetwork: use QStringRef to optimize memory allocation
Replace substring functions that return QString with
corresponding functions that return QStringRef where
it's possible.

Create QString from QStringRef only where necessary.

Change-Id: I697f776c60003629990cfd197534ffed63bafe2f
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
2016-03-31 07:47:29 +00:00
Alex Trotsenko 4d0672ed42 Integrate network sockets into the multichannel infrastructure
Change-Id: I96974a7460c29b46cae8a28aadb3e50cdcdb7beb
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
2016-03-01 15:35:36 +00:00
Alex Trotsenko 57ca755d2e QRingBuffer: add append(const char *, qint64) function
This allows to remove a code duplication in several places.

Change-Id: I49f56e951682dbd2968923654a12cba5199a2502
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
2016-02-01 20:45:21 +00:00
Jani Heikkinen 1a88b2f768 Updated license headers
From Qt 5.7 -> LGPL v2.1 isn't an option anymore, see
http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/

Updated license headers to use new LGPL header instead of LGPL21 one
(in those files which will be under LGPL v3)

Change-Id: I046ec3e47b1876cd7b4b0353a576b352e3a946d9
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
2016-01-15 12:25:24 +00:00
Liang Qi 72f5867f14 Merge remote-tracking branch 'origin/5.6' into dev
Conflicts:
	src/corelib/kernel/qcoreapplication.cpp
	src/corelib/kernel/qeventdispatcher_blackberry.cpp
	src/network/bearer/qnetworkconfiguration.cpp
	src/plugins/bearer/blackberry/qbbengine.cpp
	src/plugins/platforms/android/androidjnimain.cpp
	src/plugins/platforms/android/qandroidplatformtheme.cpp
	src/plugins/platforms/qnx/qqnxbpseventfilter.cpp
	src/plugins/platforms/qnx/qqnxfiledialoghelper_bb10.cpp
	src/plugins/platforms/qnx/qqnxinputcontext_imf.cpp
	src/plugins/platforms/qnx/qqnxintegration.cpp
	src/plugins/platforms/qnx/qqnxnavigatorbps.cpp
	src/plugins/platforms/qnx/qqnxvirtualkeyboardbps.cpp
	src/plugins/platforms/qnx/qqnxwindow.cpp
	src/widgets/kernel/qwidgetwindow.cpp
	src/widgets/styles/qwindowsvistastyle.cpp
	src/widgets/styles/qwindowsxpstyle.cpp
	src/widgets/widgets/qtoolbararealayout.cpp
	tests/auto/corelib/global/qflags/qflags.pro
	tests/auto/corelib/itemmodels/qitemmodel/modelstotest.cpp
	tests/auto/corelib/tools/qversionnumber/qversionnumber.pro
	tests/auto/widgets/dialogs/qfilesystemmodel/tst_qfilesystemmodel.cpp

Change-Id: I37be88c6c185bb85404823353e027a0a6acdbce4
2015-12-02 23:33:06 +01:00
Liang Qi 8c57e8c012 Merge remote-tracking branch 'origin/5.5' into 5.6
Conflicts:
	src/network/socket/qnativesocketengine_p.h
	src/network/ssl/qsslsocket_mac.cpp
	src/network/ssl/qsslsocket_mac_p.h
	src/widgets/kernel/qwidget.cpp

Change-Id: I39592cb37d710dfaf8640769ba3c1b637927d7f4
2015-11-27 08:35:45 +01:00
Daniel Molkentin fe3a84138e QSslSocket: evaluate CAs in all keychain categories
This will make sure that certs in the domainUser (login),
and domainAdmin (per machine) keychain are being picked up
in systemCaCertificates() in addition to the (usually immutable)
DomainSystem keychain.

Also consider the trust settings on OS X: If a certificate
is either fully trusted or trusted for the purpose of SSL,
it will be accepted.

[ChangeLog][Platform Specific Changes] OS X now accepts trusted
        certificates from the login and system keychains.

Task-number: QTBUG-32898
Change-Id: Ia23083d5af74388eeee31ba07239735cbbe64368
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
2015-11-24 16:30:21 +00:00
Timur Pocheptsov 2010eff9d7 Secure Transport - make it work on OS X 10.7
SSLSetProtocolVersionMin/Max were introduced _only_ in 10.8 and
we need a workaround for 10.7 - use SSLSetProtocolVersion or SSLSetProtocolVersionEnabled.

Change-Id: I4b7ed9fda21e2c374a98fd777253280e8013ffde
Reviewed-by: Morten Johan Sørvig <morten.sorvig@theqtcompany.com>
2015-11-23 10:47:29 +00:00