Commit Graph

180 Commits (ac583b686d0677517e7f8a10ce4e79c7fe227ccf)

Author SHA1 Message Date
Timur Pocheptsov ac583b686d Let's encrypt datagrams
This patch adds DTLS support to QtNetwork module (and its OpenSSL
back-end).

DTLS over UDP is defined by RFC 6347.

The new API consists of

1) QDtlsClientVerifier which checks if a client that sent us ClientHello
   is a real DTLS client by generating a cookie, sending a HelloVerifyRequest
   with this cookie attached, and then verifiying a cookie received back.
   To be deployed in combination with a server-side QUdpSocket.
2) QDtls - initiates and proceeds with a TLS handshake (client or server
   side), with certificates and/or pre-shared key (PSK), and encrypts/decrypts
   datagrams after the handshake has finished.

This patch does not implement yet another UDP socket, instead
it allows use of existing QUdpSocket(s), by adding DTLS support
on top. OpenSSL back-end uses a custom BIO to make it work with
QUdpSocket and give a finer control over IO operations.

On the server side, demultiplexing  is left to client code (could
be done either by connecting QUdpSocket or by extracting address/port
for an incoming datagram and then forwarding/dispatching them to
the corresponding QDtls object).

Task-number: QTPM-779
Change-Id: Ifcdf8586c70c3018b0c5549efc722e795f2c1c52
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2018-06-18 19:54:16 +00:00
Qt Forward Merge Bot ba2b7b8e33 Merge remote-tracking branch 'origin/5.11' into dev
Change-Id: Ib58433da04bffb5dfab5486b80f17f39cc4145fa
2018-05-05 01:00:55 +02:00
Mårten Nordheim 28071ad253 Fix crash in qsslsocket_openssl
We were using the wrong free function in a path which was hit in an
edge case (PKCS#12 certificate without a private key attached).

Change-Id: I5335b5dea7a926b242bed0fd9b989b681a5828d8
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2018-05-04 12:57:46 +00:00
Timur Pocheptsov 30978dc1a5 Add a new (D)TLS configuration
Namespace QSsl: introduce DtlsV1_0/DtlsV1_2/DtlsV1_2OrLater enumerators
into SslProtocol. Implement QSslConfiguration::defaultDtlsConfiguration.
Make some functions shared - now not only QSslSocket needs them,
but also DTLS-related code. This patch-set also enables
protocol-specific set of ciphers (so for DTLS we are using
the correct method - 'DTLS_method').

Change-Id: I828fc898674aa3c0a471e8e5b94575bb50538601
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2018-04-06 05:13:37 +00:00
Mårten Nordheim a7dda3e4b0 Move QWindowsCaRootFetcher to its own file
In preparation for its usage in QDtls.

Change-Id: I7b28ac060e350228839461dc027c809af9ff73a4
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2018-03-23 18:14:59 +00:00
Timur Pocheptsov 04f3534815 Make getErrorsFromOpenSSL thread-safe
If we pass nullptr as a buffer parameter, ERR_error_string uses
a local array with static storage duration, which makes ERR_error_string
non thread-safe. Instead we can use ERR_error_string_n with our
own buffer. As for the size: docs are inconsistent, sometimes
they say 'at least 120 bytes long', sometimes 'at least 256 ...'.
Their code (ERR_error_string implenented via call to ERR_error_string_n)
has buf[256] and so we do. I know this will enrage our Mr. Bot, but I've
removed a stray whitespace.

Change-Id: I4b8cc7b6b9af1a34fc87a760927a493332cdd0a5
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2018-03-20 05:10:06 +00:00
Liang Qi 305dd1b61f Merge remote-tracking branch 'origin/5.9' into 5.11
Conflicts:
	.qmake.conf
	src/corelib/animation/qvariantanimation.cpp
	src/corelib/global/qglobal.cpp
	src/corelib/global/qlogging.cpp
	src/corelib/io/qprocess_win.cpp
	src/corelib/json/qjsonarray.cpp
	src/corelib/tools/qsimd_p.h
	src/corelib/tools/qtimezoneprivate_p.h
	src/corelib/xml/qxmlstream_p.h
	src/gui/kernel/qsimpledrag.cpp
	src/gui/kernel/qsimpledrag_p.h
	src/plugins/generic/generic.pro
	src/plugins/platforms/cocoa/qcocoamenu.mm
	src/widgets/styles/qmacstyle_mac.mm
	tests/auto/concurrent/qtconcurrentmap/BLACKLIST
	tests/auto/corelib/io/qfileinfo/tst_qfileinfo.cpp
	tests/auto/corelib/tools/qdatetime/tst_qdatetime.cpp
	tests/auto/gui/kernel/qwindow/BLACKLIST
	tests/auto/widgets/dialogs/qmessagebox/BLACKLIST

Change-Id: I508d686cf20f7f8cc6a7119b9bc7c3bbb505c58e
2018-02-14 12:51:24 +01:00
Otto Ryynänen 6d50f746fe Support for Q_OS_ANDROID_EMBEDDED and android-embedded build flags
The Embedded Android build (Boot to Qt Android injection) is defined by
having both Q_OS_ANDROID and Q_OS_ANDROID_EMBEDDED flags defined,
as well as having Qt config android-embedded.
This commit enables the possibility to build embedded Android builds.
(i.e. Qt build for Android baselayer only, without JNI)

Change-Id: I8406e959fdf1c8d9efebbbe53f1a391fa25f336a
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Reviewed-by: Paul Olav Tvete <paul.tvete@qt.io>
2018-01-20 18:16:59 +00:00
Timur Pocheptsov 6aa001570d Fix OpenSSL 1.1 build
Fix the 'shared' OpenSSL code for those our users who build with QSSLSOCKET_DEBUG
defined and OpenSSL 1.1 detected: the preprocessor-excluded fragment is using old
API. Also remove never used in this file (and commented out) macro.

Task-number: QTBUG-63170
Change-Id: Id24ccf2955f0a65e4f1dea1ecb06e10245105080
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
2017-09-14 12:18:34 +00:00
Liang Qi 112a4af107 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	examples/examples.pro
	qmake/library/qmakebuiltins.cpp
	src/corelib/global/qglobal.cpp
		Re-apply b525ec2 to qrandom.cpp(code movement in 030782e)
	src/corelib/global/qnamespace.qdoc
	src/corelib/global/qrandom.cpp
	src/gui/kernel/qwindow.cpp
		Re-apply a3d59c7 to QWindowPrivate::setVisible() (code movement in d7a9e08)
	src/network/ssl/qsslkey_openssl.cpp
	src/plugins/platforms/android/androidjniinput.cpp
	src/plugins/platforms/xcb/qxcbconnection.cpp
	src/plugins/platforms/xcb/qxcbconnection_xi2.cpp
	src/widgets/widgets/qmenu.cpp
	tests/auto/widgets/kernel/qwidget_window/tst_qwidget_window.cpp

Change-Id: If7ab427804408877a93cbe02079fca58e568bfd3
2017-08-31 14:31:31 +02:00
Alex Trotsenko 5de734bc18 QSslSocketBackendPrivate::transmit(): improve writing to OpenSSL
This patch avoids intermediate copying of the data by using a
new QIODevice::skip() API.

Change-Id: I358a83b21e2a58b59481745162fce1894549c0ac
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
2017-08-27 06:17:52 +00:00
Edward Welbourne b9557296cb Fix crash when reading a PKCS12 file with no private key
The only reason our code wants PKCS12 files is for a private key, but
a valid file needn't contain one; and reading a file without lead to a
crash in QSslKeyPrivate::fromEVP_PKEY().  So check for missing key and
fail the load, since the file is useless to us.  Also ensure the
caller's pkey is initialized, as we aren't promised that
PKCS12_parse() will set it when there is no private key.

Add a test for this case (it crashes without the fix) and update the
instructions for how to generate test data to cover it also.
(Corrected the wording there, too; at the interactive prompt,
"providing no password" really provides an empty password.)

Task-number: QTBUG-62335
Change-Id: I617508b903f6d9dee40d539b7136b0be8bc2c747
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-08-17 06:43:49 +00:00
Alex Trotsenko 8566487286 QSslSocketBackendPrivate::transmit(): improve reading from OpenSSL
This patch avoids intermediate copying of the data by writing SSL
decryption data directly into the outer socket's read buffer.

Change-Id: I19e5b6087595f280436a99fb2ca93cc6793c8f36
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
2017-07-27 19:26:40 +00:00
Richard J. Moore cfbe03a6e0 QSslSocket: OpenSSL 1.1 backend
This patch-set implements a new QSslSocket backend based on OpenSSL 1.1.

1. General.

The code in this patch was organized to achieve these (somewhat contradicting)
objectives:
- keep the new code free of #if-ery, as far as possible;
- make it easy to clean away dead code when we're eventually able to retire
  out-dated OpenSSL versions;
- reduce the amount of code duplication.

If changes in some file/component were insignificant (~5 one-liners per file),
we still use pp-checks like: #if QT_CONFIG(opensslv11) ... #else ... #endif -
the logic is simple and it's still easy to clean the code if we remove the legacy
back-end. Where it saved #if-ery, we also introduced 'forward-compatible'
macros implementing equivalents of 1.1 functions using older OpenSSL.

In case some class contains a lot of version-specific ifdefs (particularly where
nested #if-ery was complex) we choose to split code into: "pre11" h/cpp files,
"shared" h/cpp files (they preserve their original names, e.g qsslsocket_openssl.cpp)
and "11" h/cpp files. If in future we remove the legacy back-end, "pre11" should be
removed; "shared" and "11" parts - merged.

2. Configuration.

We introduced a new feature 'opensslv11' which complements the pre-existing
'openssl' and 'openssl-linked' features. The 'opensslv11' feature is enabled
by a simple test which either compiles successfully or ends in a compilation
error, depending on a value of the OPENSSL_VERSION_NUMBER constant. If the
feature was enabled, we also append an additional compilation flag
-DOPENSSL_API_COMPAT=0x10100000L to make sure our new code does not contain
deprecated structures, function calls, macro-invocations from OpenSSL < 1.1.

Change-Id: I2064efbe9685def5d2bb2233a66f7581954fb74a
Reviewed-by: André Klitzing <aklitzing@gmail.com>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
2017-07-04 18:03:59 +00:00
Marc Mutz dc8bfab82e Use list-initialization more
Fixes a few ugly code pieces I added over the years.

Change-Id: I5c06b73e858add04ea184120c6df71720baf9be3
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
2017-04-20 17:02:59 +00:00
Liang Qi ae2695535a Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	src/corelib/io/qfilesystemengine_win.cpp
	src/gui/text/qdistancefield.cpp
	src/plugins/platforms/xcb/qxcbconnection.h

Change-Id: I1be4a6f440ccb7599991159e3cb9de60990e4b1e
2017-03-20 09:00:44 +01:00
Ulf Hermann d6330a19b2 Use QT_CONFIG(library) instead of QT_NO_LIBRARY
For the windows file system engine, we add an extra macro to use
library loading if configured to do so, but avoid it on WinRT, as
none of the symbols would be found.

We also QT_REQUIRE_CONFIG(library) in the library headers and
exclude the sources from the build if library loading is disabled.
This, in turn, makes it necessary to clean up some header inclusions.

Change-Id: I2b152cb5b47a2658996b6f4702b038536a5704ec
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
2017-03-06 11:27:20 +00:00
Timur Pocheptsov dbb2374d20 Workaround the broken 'OPENSSL_config' (Windows)
In old versions of OpenSSL this function can try to access a config file
sometimes resulting in EACCES. While handling ENOENT correctly, OPENSSL_config
unconditionally calls std::exit on EACCES, which is unacceptable, especially if we
have a Qt-app which is not using SSL at all (but, for example, is using QNAM).
To workaround this, we pre-test if this file can be opened and if not and the
last error is ERR_R_SYS_LIB we just skip q_OPENSSL_add_all_algorithms call.

Task-number: QTBUG-43843
Change-Id: I309172d3b5e7847f67a87ba33c406d4751bc60ca
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-02-11 19:04:28 +00:00
Liang Qi ea438b2508 Merge remote-tracking branch 'origin/5.7' into dev
Conflicts:
	src/corelib/global/qglobal.cpp
	src/corelib/global/qsysinfo.h
	src/corelib/kernel/qcoreapplication_win.cpp
	src/gui/text/qdistancefield.cpp
	src/gui/text/qdistancefield_p.h
	src/plugins/platforms/windows/qwindowsglcontext.cpp
	src/plugins/platforms/windows/qwindowsglcontext.h

Change-Id: Ib3500acc2b28553bde06758cd9a2e19eb7fe2978
2016-06-21 08:39:41 +02:00
Liang Qi e32f1a4d61 Merge remote-tracking branch 'origin/5.6' into 5.7
And blacklisted a few tests in tst_QUdpSocket.

Conflicts:
	src/android/jar/src/org/qtproject/qt5/android/QtNative.java
	src/corelib/global/qglobal.cpp
	src/corelib/global/qsystemdetection.h
	src/corelib/io/qfileselector.cpp
	src/plugins/platforms/eglfs/deviceintegration/eglfs_kms_egldevice/qeglfskmsegldeviceintegration.cpp
	tests/auto/network/socket/qudpsocket/BLACKLIST

Task-number: QTBUG-54205
Change-Id: I11dd1c90186eb1b847d45be87a26041f61d89ef6
2016-06-20 08:00:26 +02:00
Timur Pocheptsov 23173c725c QSslSocket (OpenSSL) - handle abort/close on sslErrors emitted
If a user's code, attached to sslErrors signal, calls abort/close
or disconnectFromHost but our SSL socket was configured not to verify a peer,
no need to continue handshake after calling checkSslErrors
(and finally crashing on invalid 'ssl' pointer).

Task-number: QTBUG-53906
Change-Id: I7f185511d278f9d6f16e7d6c5ba424707141459c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
2016-06-14 07:29:01 +00:00
Liang Qi 511790fd1a Merge remote-tracking branch 'origin/5.7' into dev
Conflicts:
	config_help.txt
	configure
	mkspecs/features/uikit/sdk.prf
	src/corelib/global/qhooks.cpp
	src/corelib/io/qfilesystemwatcher.cpp
	src/corelib/io/qlockfile_unix.cpp
	src/corelib/tools/qalgorithms.h
	src/gui/kernel/qwindowsysteminterface.h
	src/gui/text/qtextdocument_p.cpp
	src/network/access/access.pri
	src/network/access/qnetworkaccessmanager.cpp
	src/network/access/qnetworkreplynsurlconnectionimpl.mm
	src/src.pro
	src/testlib/qtestcase.cpp
	src/widgets/kernel/qwidgetbackingstore_p.h
	src/widgets/styles/qwindowscestyle.cpp
	src/widgets/styles/qwindowsmobilestyle.cpp
	tests/auto/corelib/io/qdiriterator/qdiriterator.pro
	tests/auto/corelib/io/qfileinfo/qfileinfo.pro
	tests/auto/gui/kernel/qwindow/BLACKLIST
	tests/auto/widgets/dialogs/qfilesystemmodel/tst_qfilesystemmodel.cpp
	tools/configure/configureapp.cpp

Change-Id: Ibf7fb9c8cf263a810ade82f821345d0725c57c67
2016-06-13 12:46:46 +02:00
Liang Qi cbe332405a Merge remote-tracking branch 'origin/5.6' into 5.7
Conflicts:
	configure
	mkspecs/macx-ios-clang/features/default_pre.prf
	mkspecs/macx-ios-clang/features/sdk.prf
	mkspecs/unsupported/freebsd-g++46/qplatformdefs.h
	src/widgets/styles/qgtkstyle.cpp
	tests/auto/corelib/io/qdiriterator/qdiriterator.pro
	tests/auto/corelib/io/qfileinfo/qfileinfo.pro

Change-Id: Ia943555d1e59234a66f7dc65bdfda838e40001b5
2016-06-10 23:27:10 +02:00
Martin Porcelli 5f3a262a73 QSslSocket: Data is sent after a certificate is downloaded on Windows.
QSslSocket was not transmitting existing data after finishing its
handshake if it had to download a certificate on Windows.

Task-number: QTBUG-48816
Change-Id: Ie35b5f4ca0f6c3c40fe2394166eb31f9f72dac55
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Richard J. Moore <rich@kde.org>
2016-06-08 07:42:42 +00:00
Liang Qi 990969655c Merge remote-tracking branch 'origin/5.7' into dev
Conflicts:
	config_help.txt
	configure
	src/corelib/io/qprocess_wince.cpp
	src/plugins/platforms/windows/qwindowstheme.cpp
	src/plugins/platforms/xcb/qxcbbackingstore.cpp
	tests/auto/corelib/tools/qtimezone/BLACKLIST
	tests/auto/network/socket/qudpsocket/tst_qudpsocket.cpp
	tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp

Change-Id: I26644d1cb3b78412c8ff285e2a55bea1bd641c01
2016-05-12 08:33:08 +02:00
Marc Mutz f3af7fce4a QtNetwork: eradicate Q_FOREACH loops [rvalues]
... by replacing them with C++11 range-for loops.

This is the simplest of the patch series: Q_FOREACH took a
copy, so we do, too. Except we don't, since we're just
catching the return value that comes out of the function
(RVO). We can't feed the rvalues into range-for, because
they are non-const and would thus detach.

Change-Id: I42c9c44d948ab1512a69d42890187bc3cf2d7e58
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
2016-05-04 05:21:25 +00:00
André Klitzing 0eaac0a3a9 Add support for PSK on server side
[ChangeLog][QtNetwork][QSslSocket] TLS PSK ciphers are possible in server sockets.

Task-number: QTBUG-39077
Change-Id: Iaa854a6f50242deae5492f2e4759c727488995f5
Reviewed-by: Richard J. Moore <rich@kde.org>
2016-05-02 20:33:00 +00:00
Timur Pocheptsov 9f416fad36 qsslsocket/context_openssl - ALPN and NPN, not ALPN or NPN
ALPN and NPN should not be mutually exclusive, it's possible that our
peer does not support ALPN but does support a protocol we can negotiate
via NPN. So use them both.

Change-Id: Ib3c8066d89117efab55ac8435cc2c806c7a1ece0
Reviewed-by: Richard J. Moore <rich@kde.org>
2016-05-02 15:37:38 +00:00
Liang Qi b894a8def5 Merge remote-tracking branch 'origin/5.6' into 5.7
Conflicts:
	mkspecs/features/qml_module.prf
	mkspecs/features/qt_common.prf
	src/gui/text/qzip.cpp
	src/plugins/platforms/cocoa/qnsview.mm
	src/plugins/platforms/windows/array.h
	src/testlib/qtestcase.cpp
	src/widgets/dialogs/qfilesystemmodel.h

Change-Id: Ie41c5868415b81f7693c80e045497035504bb210
2016-04-29 17:55:20 +02:00
Anton Kudryavtsev 01d526d18b QtNetwork: use const (and const APIs) more
For CoW types, prefer const methods to avoid needless detach()ing.

Mark predictNextRequest() as const, because this method
does not modify the object.

Change-Id: Ic94e2b31445ece46ab1423bf5b5f4e66d9a5b6ca
Reviewed-by: Edward Welbourne <edward.welbourne@theqtcompany.com>
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
2016-04-27 08:36:05 +00:00
Marc Mutz 7565b4ec95 QSslSocket: remove unused variable in q_X509Callback()
It's been unused ever since it was added in
bba86a01c9.

Change-Id: I6d5bc27a0744d37f873245c92a4e6ba8fc90c062
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
2016-04-26 16:48:10 +00:00
Marc Mutz bac6da10dd QtNetwork: eradicate Q_FOREACH loops [needing qAsConst()]
... by replacing them with C++11 range-for loops.
To avoid detaches of these mutable Qt containers,
wrap the container in qAsConst().

Change-Id: I47c5308a6ad220b4c5495e55a3b0d38547bfa8d9
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
2016-04-25 07:38:59 +00:00
Marc Mutz 036b404032 QtNetwork: eradicate Q_FOREACH loops [already const]
... (or trivially marked const) local variables or
parameters, by replacing them with C++11 range-for
loops.

Also ported one indexed loop.

Change-Id: Idddcac48ce7527b1ea674671ceb9aaf4d31fb42e
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
2016-04-25 07:38:50 +00:00
Anton Kudryavtsev 35b0ecf5da QtNetwork: replace Java-style iterators
... with STL-style iterators or with algorithms.
Java-style iterators have overhead.

Introduce local template separate_if algorithm from kleopatra
project to simplify current code.
http://api.kde.org/4.3-api/kdepim-apidocs/kleopatra/html

Done-with: Marc Mutz <marc.mutz@kdab.com>
Change-Id: Ib154f80f46f8041d9cafd81bed0e1982b21541cf
Reviewed-by: Edward Welbourne <edward.welbourne@theqtcompany.com>
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
2016-04-19 11:26:02 +00:00
Liang Qi f285687584 Merge remote-tracking branch 'origin/5.7' into dev
Conflicts:
	examples/corelib/ipc/ipc.pro
	src/plugins/platforms/xcb/qxcbbackingstore.cpp
	tests/auto/corelib/tools/qcommandlineparser/tst_qcommandlineparser.cpp

Change-Id: Ia006e10ff1732fe78f90138c41f05b59b49486cf
2016-04-05 14:22:45 +02:00
Anton Kudryavtsev 3cbe25c9a6 QtNetwork: use QStringRef to optimize memory allocation
Replace substring functions that return QString with
corresponding functions that return QStringRef where
it's possible.

Create QString from QStringRef only where necessary.

Change-Id: I697f776c60003629990cfd197534ffed63bafe2f
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
2016-03-31 07:47:29 +00:00
Eirik Aavitsland 91f8c9cc70 Remove the traces of the discontinued android-no-sdk platform
Cleaning out the workarounds for the discontinued "Embedded Android"
platform of Boot2Qt.

Change-Id: I0ff9d770e82a43457fb7e5da0428f4597ead4038
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@theqtcompany.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
2016-03-30 10:12:34 +00:00
Friedemann Kleint 04aa760711 QtNetwork: Remove Windows CE.
Remove #ifdef sections for Q_OS_WINCE and wince .pro file clauses in library,
examples and tests.

Task-number: QTBUG-51673
Change-Id: I3706336395620522ceda414d7437295d9ec64f16
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
2016-03-29 20:28:18 +00:00
Liang Qi a02863234d Merge remote-tracking branch 'origin/5.7' into dev
Conflicts:
	configure
	mkspecs/common/wince/qplatformdefs.h
	src/plugins/platforms/directfb/qdirectfbbackingstore.cpp
	src/plugins/platforms/xcb/qxcbbackingstore.cpp

Change-Id: Ied4d31264a9afca9514b51a7eb1494c28712793c
2016-03-22 07:28:42 +01:00
Timur Pocheptsov 765eab5103 qsslsocket/qsslcontext - add ALPN (OpenSSL only)
Application-Layer Protocol Negotiation (ALPN) - is a reworked revision
of Next Protocol Negotiation (NPN) we have in our OpenSSL code.
Can be used as a part of HTTP2 negotiation during TLS handshake.

Change-Id: I484ec528c81d4887a64749095ec292dfaec18330
Reviewed-by: Richard J. Moore <rich@kde.org>
2016-03-21 15:01:12 +00:00
Liang Qi 6cb8121a44 Merge remote-tracking branch 'origin/5.6' into 5.7
Conflicts:
	src/widgets/styles/qgtkstyle_p.cpp
	tests/auto/corelib/io/qtextstream/test/test.pro
	tests/auto/corelib/plugin/plugin.pro

Change-Id: I512bc1b36acf3933ed2b96c00f476ee3819c1f4b
2016-03-21 09:02:57 +01:00
Antonio Larrosa 063ad1c8b6 Don't include by default ciphers that are not supported
There could be cases (mostly when compiled on old systems, since modern
openssl versions don't include such insecure ciphers) in which
defaultCiphers included a cipher that wasn't in the supported ciphers
list. With this patch we make sure that defaultCiphers is a subset of
supportedCiphers

Change-Id: I545ea21f5fd3a6ed13b366cdd56a1393233f9fc9
Reviewed-by: Richard J. Moore <rich@kde.org>
2016-03-14 00:00:43 +00:00
Richard J. Moore 5fe0e41e79 Do not send the trailing dot of a hostname as part of the SNI
The SNI extension must not include the trailing dot, even though this
is legitimate for the host header.

Task-number: QTBUG-51821
Change-Id: Ib7a7d8b1f8f98bc99ae745b03d2b97e507adefaf
Reviewed-by: Daniel Molkentin (ownCloud) <danimo@owncloud.com>
2016-03-13 00:05:38 +00:00
Alex Trotsenko 4d0672ed42 Integrate network sockets into the multichannel infrastructure
Change-Id: I96974a7460c29b46cae8a28aadb3e50cdcdb7beb
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
2016-03-01 15:35:36 +00:00
Marc Mutz 7ca90e985c QSslSocket (OpenSSL): replace QList<QPair> by QVector<Struct>
A QList<QPair<int,int>> is one of the most dangerous ones, because
it fundamentally changes memory layout, and therefore performance
and invariants, when going from 32-bit platforms (array list) to
64-bit (vector-like).

Port to QVector instead, which has a consistent design across all
platforms.

Also port from QPair to a simple struct { code, depth }, because
member names such as 'first' and 'second' have no semantic value
and make code using them very hard to understand.

Change-Id: I86c95d78dbb2e82ec222d6eae8ba11568e3ff0af
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
2016-02-17 16:17:58 +00:00
Marc Mutz 8049e9b3b9 QSslSocket (OpenSSL): use QMutexLocker
... instead of naked QMutex::(un)lock().

Change-Id: I9927e60286231bfc254d99cc88c39301b31df336
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
2016-02-17 16:17:53 +00:00
Alex Trotsenko 57ca755d2e QRingBuffer: add append(const char *, qint64) function
This allows to remove a code duplication in several places.

Change-Id: I49f56e951682dbd2968923654a12cba5199a2502
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
2016-02-01 20:45:21 +00:00
Marc Mutz a63a506d54 QSslContext: provide sharedFromConfiguration()
It's a version of fromConfiguration() that returns the QSslContext
instance in a shared instead of a naked pointer.

Use it in QSslSocketBackend.

The idea here, of course, is to use QSharedPointer<T>::create(),
which co-locates the refcount with the payload in a single memory
allocation, instead of QSharedPointer<T>(new T), which causes
two allocations.

Change-Id: Ia5396fb3b291f2912fca5cd97e0aa1e45e065e55
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2016-01-20 07:44:08 +00:00
Jani Heikkinen 1a88b2f768 Updated license headers
From Qt 5.7 -> LGPL v2.1 isn't an option anymore, see
http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/

Updated license headers to use new LGPL header instead of LGPL21 one
(in those files which will be under LGPL v3)

Change-Id: I046ec3e47b1876cd7b4b0353a576b352e3a946d9
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
2016-01-15 12:25:24 +00:00
Sebastian Lösch 73ad2bf32f Make ephemeral server key available
When using cipher algorithms with forward secrecy an ephemeral key is
used to generate the symmetric session key. Beside the SSL certificate's
key, this ephemeral key is of cryptographic interest.

The ephemeral key is chosen by the server side - currently statically in
the Qt implementation - so it is only of interest on the client side to
check it. Therefore the ephemeral key is the null key if the connection
is set up in server mode or a cipher without forward secrecy is used.

Change-Id: If241247dbb8490a91233ae47f2b38952c6591bf4
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
2016-01-04 18:10:14 +00:00