Commit Graph

549 Commits (c4f397ee11fc3cea1fc132ebe1db24e3970bb477)

Author SHA1 Message Date
Liang Qi 17d5141113 Merge remote-tracking branch 'origin/5.9' into 5.10
Conflicts:
	src/plugins/platforms/windows/qwindowswindow.cpp
	tests/auto/widgets/kernel/qaction/tst_qaction.cpp

Change-Id: Ia017a825ed2ca2d53ac586f4ae48df6f65818d40
2017-10-30 08:54:05 +01:00
Alex Trotsenko e8d2e831a4 QSslSocket::waitForDisconnected(): flush write buffer before waiting
Otherwise, the plain socket might be blocked indefinitely on waiting for
socket activity.

This issue is tested by tst_QSslSocket::disconnectFromHostWhenConnected()
which was unstable in CI.

Task-number: QTBUG-64016
Change-Id: I6a1a111dea4d1d1adaf55e6a90c0c5f995a270af
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-10-27 19:22:23 +00:00
Liang Qi 01afc8c810 Merge remote-tracking branch 'origin/5.9' into 5.10
Change-Id: I3cf73c53cf131d0babfb558c2507bed0e0fc5f08
2017-10-16 22:21:52 +03:00
Kai Koehne f6cca6ab8a Replace 'an unique' with 'a unique'
Unique begins with a "y" sound, hence a unique is correct.

Change-Id: I9eb6b4d4c9ddab45af931e97c041c24edf163eca
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
2017-10-11 18:44:57 +00:00
Timur Pocheptsov be0a9a7688 Fix loadOpenSslWin32
The libraries are now 'libssl-1_1' and 'libcrypto-1_1', not 'ssleay32' or
'libeay32'. 64-bit versions also have -x64 suffix in their names.

Task-number: QTBUG-62692
Change-Id: Ic15bf8f8271d0f6266cb9d2143e292ddba643ded
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-09-21 12:55:04 +00:00
Timur Pocheptsov 6aa001570d Fix OpenSSL 1.1 build
Fix the 'shared' OpenSSL code for those our users who build with QSSLSOCKET_DEBUG
defined and OpenSSL 1.1 detected: the preprocessor-excluded fragment is using old
API. Also remove never used in this file (and commented out) macro.

Task-number: QTBUG-63170
Change-Id: Id24ccf2955f0a65e4f1dea1ecb06e10245105080
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
2017-09-14 12:18:34 +00:00
Liang Qi 19dd2ca93b Merge remote-tracking branch 'origin/5.9' into 5.10
Conflicts:
	examples/opengl/qopenglwidget/main.cpp
	src/3rdparty/pcre2/src/pcre2_printint.c
	src/plugins/platforms/cocoa/qnsview.mm
	src/widgets/widgets/qcombobox.cpp

Change-Id: I37ced9da1e8056f95851568bcc52cd5dc34f56af
2017-09-06 13:26:31 +02:00
Albert Astals Cid 6e18293299 Forward the readChannelFinished from the plain socket to the ssl socket
Task-number: QTBUG-62257
Change-Id: I12632b7ffd2012adc99b4784892cbb6f79e065f7
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
2017-09-01 15:09:14 +00:00
Liang Qi 112a4af107 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	examples/examples.pro
	qmake/library/qmakebuiltins.cpp
	src/corelib/global/qglobal.cpp
		Re-apply b525ec2 to qrandom.cpp(code movement in 030782e)
	src/corelib/global/qnamespace.qdoc
	src/corelib/global/qrandom.cpp
	src/gui/kernel/qwindow.cpp
		Re-apply a3d59c7 to QWindowPrivate::setVisible() (code movement in d7a9e08)
	src/network/ssl/qsslkey_openssl.cpp
	src/plugins/platforms/android/androidjniinput.cpp
	src/plugins/platforms/xcb/qxcbconnection.cpp
	src/plugins/platforms/xcb/qxcbconnection_xi2.cpp
	src/widgets/widgets/qmenu.cpp
	tests/auto/widgets/kernel/qwidget_window/tst_qwidget_window.cpp

Change-Id: If7ab427804408877a93cbe02079fca58e568bfd3
2017-08-31 14:31:31 +02:00
Alex Trotsenko 5de734bc18 QSslSocketBackendPrivate::transmit(): improve writing to OpenSSL
This patch avoids intermediate copying of the data by using a
new QIODevice::skip() API.

Change-Id: I358a83b21e2a58b59481745162fce1894549c0ac
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
2017-08-27 06:17:52 +00:00
Edward Welbourne b9557296cb Fix crash when reading a PKCS12 file with no private key
The only reason our code wants PKCS12 files is for a private key, but
a valid file needn't contain one; and reading a file without lead to a
crash in QSslKeyPrivate::fromEVP_PKEY().  So check for missing key and
fail the load, since the file is useless to us.  Also ensure the
caller's pkey is initialized, as we aren't promised that
PKCS12_parse() will set it when there is no private key.

Add a test for this case (it crashes without the fix) and update the
instructions for how to generate test data to cover it also.
(Corrected the wording there, too; at the interactive prompt,
"providing no password" really provides an empty password.)

Task-number: QTBUG-62335
Change-Id: I617508b903f6d9dee40d539b7136b0be8bc2c747
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-08-17 06:43:49 +00:00
Alex Trotsenko 8853f2bad4 QSslSocket: stabilize triggering for write
QSslSocket::writeData() accumulates outgoing data. It might be called
multiple times during the event processing (most likely from the long
loops which serialize the data).

As this function produces a notification event on each call, it's
possible to get a huge number of slot invocations on the next event
loop run, when we are interested in a single flush.

So, this patch protects the code against uncontrolled signal emission
that results in the lesser resource usage.

Change-Id: If7cf5b0e239abf0bd88a0dfaa8c1183cbd49e5ed
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
2017-08-03 09:28:11 +00:00
Alex Trotsenko 8566487286 QSslSocketBackendPrivate::transmit(): improve reading from OpenSSL
This patch avoids intermediate copying of the data by writing SSL
decryption data directly into the outer socket's read buffer.

Change-Id: I19e5b6087595f280436a99fb2ca93cc6793c8f36
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
2017-07-27 19:26:40 +00:00
Simon Hausmann 407302fb1b Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	src/corelib/io/qwindowspipewriter.cpp
	src/widgets/styles/qcommonstyle.cpp

Change-Id: I0d33efdc4dc256e234abc490a18ccda72cd1d9e6
2017-07-19 09:47:29 +02:00
Timur Pocheptsov 07c0e0fdcf QAsn1Element - fix toDateTime function
ASN UTCTime uses two characters to encode a year (YY). When converting it
into QDate, it's quite naive to just add 2000. According to RFC 2459,
these YY represent dates in the range [1950, 2049].
This patch also introduces a helper function doing the checked conversion
from a string to int (to be reused in the following-up patches).

Task-number: QTBUG-61934
Change-Id: I3f6f471d24e8357b83b2f5973023b2b842751389
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-07-18 13:09:16 +00:00
Andre Hartmann 8a8788f4df QSslCertificatePrivate: make use of QByteArray::toHex(separator)
Qt 5.9 introduced a QByteArray::toHex() overload that
inserts a separator char after each byte. The function
colonSeparatedHex() could not be replaced completely,
as it skips leading zeros also.

Change-Id: Ic1d5d4771a0a5171f0e7e9813b83eb4c1f59f085
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-07-10 20:16:58 +00:00
Liang Qi 7f269a5db8 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	.qmake.conf

Change-Id: I43531e087bb810889d5c1fbfcdffb29b78804839
2017-07-06 13:54:25 +02:00
Richard J. Moore cfbe03a6e0 QSslSocket: OpenSSL 1.1 backend
This patch-set implements a new QSslSocket backend based on OpenSSL 1.1.

1. General.

The code in this patch was organized to achieve these (somewhat contradicting)
objectives:
- keep the new code free of #if-ery, as far as possible;
- make it easy to clean away dead code when we're eventually able to retire
  out-dated OpenSSL versions;
- reduce the amount of code duplication.

If changes in some file/component were insignificant (~5 one-liners per file),
we still use pp-checks like: #if QT_CONFIG(opensslv11) ... #else ... #endif -
the logic is simple and it's still easy to clean the code if we remove the legacy
back-end. Where it saved #if-ery, we also introduced 'forward-compatible'
macros implementing equivalents of 1.1 functions using older OpenSSL.

In case some class contains a lot of version-specific ifdefs (particularly where
nested #if-ery was complex) we choose to split code into: "pre11" h/cpp files,
"shared" h/cpp files (they preserve their original names, e.g qsslsocket_openssl.cpp)
and "11" h/cpp files. If in future we remove the legacy back-end, "pre11" should be
removed; "shared" and "11" parts - merged.

2. Configuration.

We introduced a new feature 'opensslv11' which complements the pre-existing
'openssl' and 'openssl-linked' features. The 'opensslv11' feature is enabled
by a simple test which either compiles successfully or ends in a compilation
error, depending on a value of the OPENSSL_VERSION_NUMBER constant. If the
feature was enabled, we also append an additional compilation flag
-DOPENSSL_API_COMPAT=0x10100000L to make sure our new code does not contain
deprecated structures, function calls, macro-invocations from OpenSSL < 1.1.

Change-Id: I2064efbe9685def5d2bb2233a66f7581954fb74a
Reviewed-by: André Klitzing <aklitzing@gmail.com>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
2017-07-04 18:03:59 +00:00
Timur Pocheptsov 0d97babf2f QSslSocket - fix two memory management issues (Secure Transport)
I noticed we never release 'items' imported by SecPKCS12Import.
But looking at the actual code (SecImportExport.c), it appears
we own these 'items' and must release them. And this leads to a crash
(on over-release) which reveals  another bug: a value from a dictionary
obtained with 'Get' method should follow the 'get rule' - we do not
own it and QCFType RAII object is not needed.

Change-Id: I219015fadedb256c401e50cf7e955f3d7e0a6c5f
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-07-04 05:02:11 +00:00
Liang Qi ce09ef4313 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	src/corelib/io/qprocess_unix.cpp
	src/corelib/io/qprocess_win.cpp
	src/plugins/platforms/android/qandroidplatformintegration.h
	src/plugins/platforms/windows/qwindowscontext.cpp
	src/plugins/platforms/windows/windows.pri
	src/tools/uic/cpp/cppwriteinitialization.cpp
	src/widgets/doc/src/widgets-and-layouts/gallery.qdoc

Change-Id: I8d0834c77f350ea7540140c2c7f372814afc2d0f
2017-06-19 16:12:34 +02:00
Timur Pocheptsov 96955dbe10 qsslsocket_mac - check that SecCertificateRef is not null
That's the only place there we can potentially pass a null pointer
to CFArrayAppendValue (all other calls are conditionally-protected).
This results in (surprise! ... ?) Objective-C exception (while we call
something that is a pure-C API). So far we cannot reproduce this crash and
can only speculate: probably this happens with invalid (can be either
really invalid or the result of our generic QSslCertificate's failure to read/
parse)) custom CA certificates appended to a QSslConfiguration object by
applications  using QSslSocket/QNAM. The fix will probably make a handshake to
fail, but this seems to be better than a crash anyway.

Task-number: QTBUG-58213
Change-Id: Ie4f9ab2138bc383adc9f9ed55ed61be2d3cf7020
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-06-13 04:33:54 +00:00
Albert Astals Cid f78a189da5 QSSLSocket::readData return -1 when socket is not connected
As QAbstractSocket::readData does and as the documentation of QIODevice says
"this function returns -1 in those cases (that is, reading on a closed
socket..."

Change-Id: I1e64673f6a6d792a640bd6cb28b2bb5a0f18dc36
Reviewed-by: Aleix Pol
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-06-08 04:00:54 +00:00
Liang Qi 7cbee56296 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	src/widgets/widgets/qmenu.cpp

Change-Id: I6d3baf56eb24501cddb129a3cb6b958ccc25a308
2017-06-07 14:02:43 +02:00
Timur Pocheptsov 4fb1745639 Ssl socket - fix broken certificate verification
On iOS QSslConfiguration always has an empty list of system CA certificates.
Calling SecTrustSetAnchorCertificatesOnly(.., TRUE) on iOS  results in
SecTrustEvaluate failing to verify a valid certificate, since there
are no 'anchors' at all. We can use SecTrustSetAnchorCerificatesOnly(.. TRUE)
on macOS only, where we do extract/copy system certificates using
SecTrustSettingsCopyCertificates and save them in a QSslConfiguration's
list.

Task-number: QTBUG-61053
Change-Id: I70d4e46273d78414baaac8531273def707c3eebc
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-06-02 12:34:22 +00:00
Jüri Valdmann 8632614947 QSslCertificate: don't init() if SSL is not supported
QSslCertificate used SSL without checking if SSL is available.

This patch adds such checks to the constructors.

Change-Id: Iea298aded5966641327e22e41ad4665a3d0ec5d3
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-05-30 17:12:59 +00:00
Liang Qi 6a772fd201 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	.qmake.conf
	mkspecs/common/msvc-desktop.conf
	mkspecs/win32-g++/qmake.conf
	mkspecs/win32-icc/qmake.conf
	src/platformsupport/fontdatabases/mac/coretext.pri
	src/plugins/platforms/cocoa/qcocoawindow.h
	src/plugins/platforms/cocoa/qcocoawindow.mm

Change-Id: I74a6f7705c9547ed8bbac7260eb4645543e32655
2017-05-29 10:54:41 +02:00
Timur Pocheptsov c21cee827f QSslSocket (OpenSSL) make supportsSsl return false, if v >= 1.1
Our OpenSSL backend allows missing symbols and in general protected
from possible related failures. Unfortunately, for OpenSSL 1.1 this
means not only missing symbols (removed functions), but new incompatible
opaque data-structures and our 1.0 code trying to use them and probably
accessing some data-members via macros - we end up in UB and crashes.
SSLeay, which returns a version number, was removed in 1.1. A failure
to resolve this symbol we consider as a version mismatch and we make
'supportsSsl' to return false.

Task-number: QTCREATORBUG-18137
Change-Id: I5cd270f9c61a729105149779ee7277816f9467d7
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-05-21 09:46:16 +00:00
Liang Qi d1ea481345 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	src/network/access/qnetworkreply.cpp
	tests/auto/corelib/kernel/qmetaobject/tst_qmetaobject.cpp

Change-Id: Iadf766269454087e69fb216fc3857d85b0ddfaad
2017-05-07 13:08:18 +02:00
Timur Pocheptsov 2d2dd85766 QSslSocket (SecureTransport) - use anchors only from QSslConfiguration
Calling SecTrustSetAnchorCertificatesOnly(trust, false) we actually extend
what our user provided in QSslConfiguration as CA certificates (caCertificates,
setCaCertificates) - Secure Transport will also use a default set provided
by the system and SSL handshake can surprisingly (for a user) succeed.
And the default content of these caCertificates, if not altered by setCaCertificates
call - are those system CA certificates.

Task-number: QTBUG-60233
Change-Id: I8c1094bb7eec260f5202a47085f9f75e720eda7b
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-04-26 12:42:40 +00:00
Marc Mutz dc8bfab82e Use list-initialization more
Fixes a few ugly code pieces I added over the years.

Change-Id: I5c06b73e858add04ea184120c6df71720baf9be3
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
2017-04-20 17:02:59 +00:00
Liang Qi 7950b6b283 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	src/corelib/tools/qbytearray.h
	src/corelib/tools/qdatetime.h
	src/corelib/tools/qstring.h
	src/corelib/tools/qversionnumber.h
	src/plugins/platforms/android/qandroidplatformintegration.cpp
	tests/auto/corelib/tools/qhashfunctions/tst_qhashfunctions.cpp

Change-Id: Iefd92a435e687a76cd593099e40d9a9620a1454d
2017-04-20 12:31:27 +02:00
Thiago Macieira 3dcc075f4a Move Q_REQUIRED_RESULT to its correct position
That's before the return type or static, inline, constexpr or such
keywords (if any).

Perl Script:
s/^(\s+)(.*) Q_REQUIRED_RESULT(;)?(\s*\/\/.*)?$/\1Q_REQUIRED_RESULT \2\3\4/

Change-Id: I7814054a102a407d876ffffd14b6a16182f159e2
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
2017-04-20 05:40:59 +00:00
Marc Mutz e91726ef9e QSslSocket/macOS: optimize QUuid usage
- don't create a QString, a QByteArray suffices
- perform the mid() operation on a view type (QLatin1String),
  not on a container
- use QStringBuilder

Change-Id: Ifd74f2bc98606425f9f6cb4da8618e8066a8b12e
Reviewed-by: Milian Wolff <milian.wolff@kdab.com>
2017-04-10 18:00:15 +00:00
Timur Pocheptsov 5377f4ec0e Allow Secure Transport backend to use a temporary keychain
Cherry picked:

this change was first merged into dev, but now we also need it in 5.9
to enable SSL socket tests on the new CI VMs (macOS 10.11, 10.12).
As we do not merge dev->5.9, we need this cherry-pick.

Since day one Secure Transport socket has two annoying problems on macOS:
when we call SecPKCS12Import, we indeed import certs and keys into the default keychain
and also (which is more serious) later a dialog can pop up, asking for permission
to use a private key (this is especially annoying if you're running SSL autotests or
have a server application). Apparently, it's possible to work around those problems
if we create our own (temporary) keychain and pass it in the 'options' parameter
to SecPKCS12Import.

[ChangeLog][QtNetwork] Allow QSslSocket to use a temporary keychain on macOS.

Task-number: QTBUG-56102
Change-Id: Ic3a56c905100dc80d907a25fe6ebfa232dcf5b9e
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 17927392cf)
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-04-04 10:44:29 +00:00
Liang Qi b48a13fd68 Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	examples/examples.pro
	tests/auto/corelib/tools/qchar/tst_qchar.cpp
	tests/auto/other/qaccessibility/accessiblewidgets.h

Change-Id: I426696c40ab57d14dc295b8103152cede79f244c
2017-03-28 09:28:31 +02:00
Liang Qi 7702fe8602 Merge remote-tracking branch 'origin/5.8' into 5.9
Change-Id: Icdd71e9713725bda9c305e338f5c8b41a92ed8e8
2017-03-27 10:42:08 +02:00
Olivier Goffart d82d2f6716 QSslSocket: fix connection to a international domain name
RFC6125 section 6.4.2 specify we need to convert the IDN to ascii
before comparison. Note that we don't need to toLower anymore
because toAce takes care of it.

Section 7.2 recommands that we dod not attempt to check for wildcard
character embedded within the A-labels or U-labels of an
internationalized domain name. So we reject names that contiains a
'*' but starts with 'xn--'.

Change-Id: Ib0830520a1f82bbf9fd11818718277a479527ee3
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-03-23 16:11:15 +00:00
Liang Qi ae2695535a Merge remote-tracking branch 'origin/5.9' into dev
Conflicts:
	src/corelib/io/qfilesystemengine_win.cpp
	src/gui/text/qdistancefield.cpp
	src/plugins/platforms/xcb/qxcbconnection.h

Change-Id: I1be4a6f440ccb7599991159e3cb9de60990e4b1e
2017-03-20 09:00:44 +01:00
Timur Pocheptsov 3e3defb5c3 Secure Transport - add a missing cipher
Secure Transport supports more ciphers then we can convert into QSslCipher.
This results in our tests failing, since after the successful SSL handshake
sessionCipher is 'unknown'. This patch adds missing AES256-GCM-SHA384 and also,
to make new cipher addition easier in future, sorts cipher suites as it's done
in CipherSuite.h (ST framework's header) - grouped by RFC they were introduced
in + sorted within their group.

As a bonus (thanks to Eddy for spotting this problem) - some copy & paste (?)
typos were fixed (mismatched names).

Task-number: QTBUG-59480
Change-Id: I61e984da8b37f1c0787305a26fc289e2e7c2b4ad
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-03-16 08:50:12 +00:00
Liang Qi d51c3ecf8e Merge remote-tracking branch 'origin/5.8' into 5.9
Conflicts:
	examples/network/network.pro
	mkspecs/features/mac/default_post.prf
	src/corelib/io/qfilesystemengine_win.cpp
	src/corelib/io/qprocess.cpp
	src/corelib/io/qprocess.h
	src/corelib/io/qprocess_p.h
	src/corelib/io/qprocess_unix.cpp
	src/corelib/io/qprocess_win.cpp
	src/corelib/thread/qmutex.cpp
	src/platformsupport/fontdatabases/windows/windows.pri
	src/plugins/platforms/eglfs/eglfsdeviceintegration.pro
	tests/auto/corelib/io/io.pro

Change-Id: I8a27e0e141454818bba9c433200a4e84a88d147e
2017-03-13 15:55:44 +01:00
Ulf Hermann d6330a19b2 Use QT_CONFIG(library) instead of QT_NO_LIBRARY
For the windows file system engine, we add an extra macro to use
library loading if configured to do so, but avoid it on WinRT, as
none of the symbols would be found.

We also QT_REQUIRE_CONFIG(library) in the library headers and
exclude the sources from the build if library loading is disabled.
This, in turn, makes it necessary to clean up some header inclusions.

Change-Id: I2b152cb5b47a2658996b6f4702b038536a5704ec
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
2017-03-06 11:27:20 +00:00
Liang Qi 71264bae08 Merge remote-tracking branch 'origin/5.9' into dev
Change-Id: I84097f8e7b3b2128028bd7693c913d6968b82bfe
2017-03-02 09:04:38 +01:00
Kai Koehne a64c766a3d Network: Use canonical license headers
Replace outdated LGPL21 with LGPL license header.
Use GPL-EXCEPT for all autotests.
Also use canonical contact url.

Change-Id: I6e5cc8a4285569c4f862730a980f492b8a933a72
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
2017-02-28 15:34:01 +00:00
Liang Qi de49839df8 Merge remote-tracking branch 'origin/5.8' into 5.9
Conflicts:
	mkspecs/features/moc.prf

Change-Id: Ia71c8e3b3185f7c999bf226d0675051b10b8740b
2017-02-24 20:01:42 +01:00
Oswald Buddenhagen 5e2367aaa5 use regular configure mechanism for openssl library references
don't attempt to hand-craft a library export any more. instead, use the
configure system's built-in mechanism, and refer to it via QMAKE_USE.
this also allows us to rely on transitive dependencies in the autotest.

as a side effect, this makes the openssl-linked feature imply the
openssl one.

Change-Id: I5dd209b63bc8fbbc62852f6ffc472d4452ea2e68
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
2017-02-22 07:45:59 +00:00
Mikkel Krautz 9c765522d1 qsslsocket_mac: handle 'OrLater' SslProtocols in verifySessionProtocol()
The verifySessionProtocol() method in the SecureTransport backend did not
properly handle TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater.

This commit teaches verifySessionProtocol() about them.
It also adds TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater to the
protocolServerSide() test in tst_qsslsocket.

Change-Id: I394766c75dbea4d89bf3d6b9c3f3c89530ac0749
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2017-02-13 21:44:05 +00:00
Timur Pocheptsov dbb2374d20 Workaround the broken 'OPENSSL_config' (Windows)
In old versions of OpenSSL this function can try to access a config file
sometimes resulting in EACCES. While handling ENOENT correctly, OPENSSL_config
unconditionally calls std::exit on EACCES, which is unacceptable, especially if we
have a Qt-app which is not using SSL at all (but, for example, is using QNAM).
To workaround this, we pre-test if this file can be opened and if not and the
last error is ERR_R_SYS_LIB we just skip q_OPENSSL_add_all_algorithms call.

Task-number: QTBUG-43843
Change-Id: I309172d3b5e7847f67a87ba33c406d4751bc60ca
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-02-11 19:04:28 +00:00
Timur Pocheptsov 17927392cf Allow Secure Transport backend to use a temporary keychain
Since day one Secure Transport socket has two annoying problems on macOS:
when we call SecPKCS12Import, we indeed import certs and keys into the default keychain
and also (which is more serious) later a dialog can pop up, asking for permission
to use a private key (this is especially annoying if you're running SSL autotests or
have a server application). Apparently, it's possible to work around those problems
if we create our own (temporary) keychain and pass it in the 'options' parameter
to SecPKCS12Import.

[ChangeLog][QtNetwork] Allow QSslSocket to use a temporary keychain on macOS.

Task-number: QTBUG-56102
Change-Id: Ic3a56c905100dc80d907a25fe6ebfa232dcf5b9e
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-02-11 16:18:49 +00:00
Friedemann Kleint cc786350ae qsslsocket_openssl_symbols.cpp: Fix signedness warning in DEFINEFUNC2
Fix warning:
qsslsocket_openssl_symbols.cpp157:78:warning: implicit conversion changes signedness: 'int' to 'unsigned long'
note: expanded from macro 'DEFINEFUNC2'

Amends change 2cf63c71eb

Change-Id: I694c5199d272d05f0070288af2e00b6fce42fc91
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 38a446b69e)
2017-01-31 08:29:12 +00:00
Timur Pocheptsov 84fa396d84 SecureTransport - remove (now) redundant standalone function
It was first introduced when we had to work-around old macOS SDK (<= 10.7) with
missing API; so we split the original code into two functions, one for
iOS (any supported version) and macOS > 10.7, another function (with all
ifdefs needed and old, deprecated API usage) for macOS <= 10.7. Now that
support for those versions was dropped and the second function gone, having
the remaining code in some external function looks illogical. It can be moved
into the member-function back.

Change-Id: Ib6355f225b5df3d92a70bd7679545cc89c450228
Reviewed-by: Jake Petroules <jake.petroules@qt.io>
2017-01-30 11:28:18 +00:00