Not to have warnings about invalid (nullptr) parameters.
Change-Id: I5fdfa7e99df0f3c9907055cf244efa5a56b21c11
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Since switching to the plugin bases system for the tls backends,
Qt again retains some QObjects after QCoreApplication shutdown.
This was previously fixed in QTBUG-84234, so make sure we destroy the
newly introduced QObjects as well.
Task-number: QTBUG-84234
Pick-to: 6.3
Change-Id: I1aaea2c90f7d55793c19259be4f9173b4befb246
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
... instead of QSharedPointer.
QSharedPointer performs twice as many atomic operations per pointer
copy as std::shared_ptr, and this is private API, we're not bound by
BC constraints, so we can port to the more efficient version.
Change-Id: I2e2a02493565a7ca51c86ec0ed66b6ce7c763e41
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Use QByteArray::fromRawData() and QList::fromReadOnlyData() to return
the QList<QByteArray> without allocating memory.
Change-Id: Iefa3250ea2acc79df92400d2d225e450566477e2
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
As per the best practice laid forth in RFC-8996.
TLS 1.2 was recommended from 2008 until TLS 1.3 was released in 2018.
[ChangeLog][QtNetwork][QSslSocket] TLS 1.0, 1.1 and DTLS 1.0 are now
deprecated, as recommended by RFC-8996.
Fixes: QTBUG-92880
Change-Id: I90cebcfb07cfce623af7ac9f2b66ce9d02586b54
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
It was reasonable while backends were a part of QtNetwork.
Now if moving them outside (or just trying to implement
a new backend as a plugin), accessing data-members of
QSslConfigurationPrivate means that any plugin knows
about memory layout actual only for the version of Qt
it was built with/for. Instead, we have to use the
public class. Since it does not have all needed setters
and some data-members have no access at all, we
provide an API in QTlsBackend (which stays a part
of QtNetwork) that knows the actual memory layout.
Task-number: QTBUG-65922
Change-Id: I5ca1de4f982b4b11d9a87c4b40413367dcb83c16
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 31cc0df7607a4d5887812c304aac0001c2cd7705)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
All backend-specific code is now separated and removed
from QSslSocket(Private) code. The original code is mostly
preserved to avoid (as much as possible) regressions (and
to simplify code-review).
Fixes: QTBUG-91173
Task-number: QTBUG-65922
Change-Id: I3ac4ba35d952162c8d6dc62d747cbd62dca0ef78
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 9391ba55149336c395b866b24dc9b844334d50da)
This patch also adds 'isValid()' to know if a backend from a plugin
is in working condition (say, there is 'openssl' plugin but no or
old openssl libraries in some system).
Task-number: QTBUG-65922
Change-Id: I0b846536a069ca8c5a94e7191f11c81bac6ad527
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 573ba145d76f239dbc7464a78aabc06ed4d00419)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
When the read buffer has a max size we do our best not to exceed it.
Usually there's no problem and we just read more when the next
tcp frame arrives. However if there's data leftover after the last
tcp frame arrived then we won't receive any more data. To counter
this QSslSocket would try to invoke QSslSocketPrivate::transmit
indirectly if there were any bytes available on the plain socket.
The problem is that with Schannel the last few remaining bytes
would not be in the plain socket, but in the 'intermediateBuffer'.
So let's make QSslSocket aware of that.
Fixes: QTBUG-90625
Pick-to: 5.15 6.0 6.1
Change-Id: If56e4cce558f99c9a08a1f6818e005a887712ef2
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Norbert Pfeiler <norbert.pfeiler+git@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
which will become parts of TLS plugins in the future.
Task-number: QTBUG-65922
Change-Id: I4ee3c59c435fc34a9f4dacd3ff0e3cfb44251e23
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
QTlsBackend is a factory itself - it creates TLS/X509 objects. Having
an intermediary between Factory->Backend->TLS primitive does not look
very natural thus let's squash the first two parts. Backend is a factory
creating TLS primitives, but its static functions also provide information
about backends availablei and give access to those backends.
Fixes: QTBUG-90606
Task-number: QTBUG-65922
Change-Id: I8409d81fd11fb46e6ab4465b4937a7680a8c2447
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
This is an abstraction for TLS backend and its factory, preparing to transition
to plugin-based design.
Task-number: QTBUG-65922
Change-Id: Ibe810e77fd1b715a6bea66cd3f44312b015ac274
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This API gives the names of available backends and provides a basic
information about features/protocols supported by those backends.
Also, it has the 'loadBackend' functions which allow to select
a particular backend (which are becoming plugins).
At the moment, the implementation is still 'hardcoded', the
follow-up patch will allow to select different backends in runtime.
Task-number: QTBUG-65922
Change-Id: I05877de9c02857594e76b24d52e7578bdb01df69
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
At the same time I'll add a generic protection against being called in
unprotected mode in the schannel backend (openssl already has it in a
different form).
Pick-to: 5.15 6.0
Change-Id: I97c1be6239c27e306de0af7ad568fbcfde09da71
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
It works as follows:
- user calls write(const QByteArray &);
- this function keeps a pointer to the chunk and calls a regular
write(data, len);
- write(data, len) calls a virtual writeData();
- subclass calls a new QIODevicePrivate::write();
- QIODevicePrivate::write() makes a shallow copy of
the byte array.
Proposed solution is fully compatible with existing subclasses.
By replacing a call to d->writeBuffer.append() with d->write(),
subclasses can improve their performance.
Bump the TypeInformationVersion field in qtHookData, to notify the
Qt Creator developers that the offset of QFilePrivate::fileName was
changed and dumpers should be adapted.
Change-Id: I24713386cc74a9f37e5223c617e4b1ba97f968dc
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
- Remove obsolete functions and enumeration values
- Remove QObject * parameter from QMetaProperty accessors
- Fix renamed enumerations in QSsl
- Fix list items to be \li
- Fix function signatures and variable names
Change-Id: I37c7e6bf2c8ff92bc7b82620bae0a27796f866ab
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
QAbstractSocket::abort() is not a virtual function and
QSslSocket::abort() does not override it. Having two alternatives
requires a dynamic typecasting and violates the principles of object-
oriented programming.
Due to the BC, we were unable to fix that in Qt5. Now, we can modify
QSslSocket::close() to handle QAbstractSocket::abort() requests and
remove the duplicate.
Change-Id: I49d6f32a571ae6e35b08cb366816f917e580dae8
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
QIODevice::skip() called a virtual QIODevicePrivate::skip() to
implement an efficient skipping on I/O devices for the internal
subclasses. The user subclasses cannot inherit QIODevicePrivate, so
this functionality was not externally accessible.
This patch replaces QIODevicePrivate::skip() with a virtual protected
QIODevice::skipData(). While the basic implementation simply discards
the data by reading into a dummy buffer, users can reimplement this
function to improve the performance in their subclasses.
[ChangeLog][QtCore][QIODevice] Added virtual protected skipData().
Now, subclasses can implement device-specific skipping of data.
Change-Id: I9522f7f7ab9d03ac06e972a525f8ec2fa909a617
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
The CA fetcher on Windows works on a separate thread, it can take
quite some time to finish its job and if a connection was meanwhile
closed (via 'abort', 'close' or 'disconnectFromHost') but the socket
is still alive/re-used - we don't want to be fooled by the previous
fetch 'finished' signal, only if it's fetching for the same certificate.
Change-Id: Ibd0a70000ad10cff10207d37d7b47c38e615d0f1
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
QAbstractSocket::flush stopped being virtual and, instead, QAbstractSocketPrivate::flush
is now virtual. So the code in QSslSocket is essentially a duplicate.
Change-Id: Iebb33c8490268270b90a662ab64b1ae47c4cbac7
Reviewed-by: Alex Trotsenko <alex1973tr@gmail.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
This is required to remove the ; from the macro with Qt 6.
Task-number: QTBUG-82978
Change-Id: I3f0b6717956ca8fa486bed9817b89dfa19f5e0e1
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Not to pollute the global namespace with rather generic names
(especially in case QT_NAMESPACE is none); also drop the
(now)redundant 'Q' prefix in the names.
Change-Id: I57ea7e3996cced705f7ddbdbc1e0231191b31c43
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
They were deprecated with replacements in QSslConfiguration proposed (and
some without alternative, which we'll provide if there is any demand
in such an API). Special thanks to M.N. for a nice hint on how to
amend the test without introducing a new API.
Change-Id: I7841a5b3f30469d8204b61cb65921c34275e0650
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Macros and the await helper function from qfunctions_winrt(_p).h are
needed in other Qt modules which use UWP APIs on desktop windows.
Task-number: QTBUG-84434
Change-Id: Ice09c11436ad151c17bdccd2c7defadd08c13925
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Use 'errorOccurred' instead of 'error' and 'sslHandshakeErrors'
instead of 'sslErrors'.
Fixes: QTBUG-82605
Change-Id: I19d4845b16c7b636af7b0658d4fbbba4eef9d029
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
In case a certificate chain is missing an intermediate,
for a certificate having "Authority Information Access"
extension it's possible to fetch this intermediate and
build the chain up to the trusted root. Unfortunately,
it's not always possible to install the root certificate
in the system "ROOT" store and then an application
wants to set it in the socket's configuration,
using setCaCertificates(). But this call also
disables CA fetcher ('no on demand root loading').
It makes sense to relax this logic for such
certificates and try to fetch the intermediate CA
and then have the complete chain verified.
Pick-to: 5.15
Fixes: QTBUG-84173
Change-Id: I5b9b4271767eba6f5fd2b5cf05e942360c6aa245
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
As it was found recently CA fetcher, while building a chain with a missing
intermediary, may return the root we are already aware of (had in the "ROOT"
store). While this is in general harmless, it can be a bit surprising if
some code is analyzing the list of CA certificates after a handshake.
Pick-to: 5.15
Change-Id: I1df3b537e2a812de17e2c94ad4643cf36e7e946f
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
We end up with an absurd situation:
QSslConfiguration conf;
//we set CA certs so that on demand loading is disabled:
conf.setCaCertificates({...});
QSslSocket s;
s.setSslConfiguration(conf);
Q_ASSERT(conf == s.sslConfiguration); // this assert fails.
Pick-to: 5.15
Change-Id: I272bed145434082acc6ead95fe3640d222b21131
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Do not call SSL_shutdown on a session that is in handshake state (SSL_in_init(s)
returns 1). Also, do not call SSL_shutdown if a session encountered a fatal
error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown
was unsuccessful (returned code != 1), we have to clear the error(s) it queued.
Fixes: QTBUG-83450
Change-Id: I6326119f4e79605429263045ac20605c30dccca3
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
The Qt version was added in 5.14 "for use as eventual replacement for
QString::SplitBehavior." Move another step closer to that goal.
Change-Id: I399b5ea56e9255e775ca1746632f7421519a6616
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
[ChangeLog][Deprecation Notice] QAbstractSocket::error() (the signal) is deprecated; superseded by errorOccurred()
Change-Id: I11e9c774d7c6096d1e9b37c451cf0b99188b6aad
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This reverts commit 94b3dd77f2.
The patch fixes ambiguity between a getter and a signal by changing the
getter name, but we still have to rename the signal to follow the signals
naming convention.
Revert the commit to keep the getter as is and change the signal name instead.
Change-Id: I0dd60cf1ae9d1bd95beeb8ad58661ca4b1fb63b9
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Conflicts:
examples/widgets/graphicsview/boxes/scene.h
src/corelib/Qt5CoreMacros.cmake
src/corelib/Qt6CoreMacros.cmake
src/network/ssl/qsslsocket.cpp
src/network/ssl/qsslsocket.h
src/platformsupport/fontdatabases/windows/qwindowsfontenginedirectwrite.cpp
src/testlib/CMakeLists.txt
src/testlib/.prev_CMakeLists.txt
tests/auto/corelib/tools/qscopeguard/tst_qscopeguard.cpp
Disabled building manual tests with CMake for now, because qmake
doesn't do it, and it confuses people.
Done-With: Alexandru Croitor <alexandru.croitor@qt.io>
Done-With: Volker Hilsheimer <volker.hilsheimer@qt.io>
Change-Id: I865ae347bd01f4e59f16d007b66d175a52f1f152
In Qt6 QNAM will no longer use bearer in any way so we deprecate it now.
Also mark bearermanagement-conditioned sections for removal in Qt6,
the _q_networksession property is part of how QNAM passes the
QNetworkSession around.
Task-number: QTBUG-81609
Change-Id: I04aad9dd96482c6822dffba1b9af7aa58961149c
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
The session we cache at the end of a handshake is non-resumable
in TLS 1.3, since NewSessionTicket message appears quite some time
after the handshake was complete. OpenSSL has a callback where
we can finally obtain a resumable session and inform an application
about session ticket updated by emitting a signal. Truism: OpenSSL-only.
[ChangeLog][QtNetwork] A new signal introduced to report when a valid session ticket received (TLS 1.3)
Fixes: QTBUG-81591
Change-Id: I4d22fad5cc082e431577e20ddbda2835e864b511
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
The changed function was added in September 2019 in 5.15 branch before
the new overload was added and the old one was deprecated, so we can
freely change it.
Amends 1068d579ee
Change-Id: Iff9d72c26ce557c28b188e1754daa03fd061d531
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
To disambiguate &QSslSocket::sslErrors() expression. Add a new
getter - sslHandshakeErrors().
[ChangeLog][Deprecation Notice] QSslSocket::sslErrors() (the getter) was deprecated and superseded by sslHandshakeErrors()
Task-number: QTBUG-80369
Change-Id: I9dcca3c8499800c122db230753dc19b07654f8a2
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
The one that is a getter for the last error found. This is to disambiguate
the expression '&QAbstractSocket::error'. Introduce a new member-function
socketError as a replacement.
[ChangeLog][Deprecation Notice] QAbstractSocket::error() (the getter) is deprecated; superseded by socketError().
Task-number: QTBUG-80369
Change-Id: Ia2e3d108657aaa7929ab0810babe2ede309740ba
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>