Commit Graph

208 Commits (d245e3a7883ccb2c8beabbca5094de54ec963644)

Author SHA1 Message Date
Timur Pocheptsov 6998ed4c96 Introduce a mini-version of qsslsocket_openssl_symbols_p.h/.cpp
For auto-tests that were temporarily disabled. Similar to
network-settings.h, header-only stuff.

Fixes: QTBUG-92866
Fixes: QTBUG-92877
Change-Id: I15b5c0b41f0d8bfe59b09c844884ff6d99e6d41a
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2021-06-09 20:55:49 +02:00
Timur Pocheptsov eab0bb73a5 tst_QSslSocket::readBufferMaxSize() - workaround the flaky test
Task-number: QTBUG-94186
Change-Id: I8c82f1fede8f9512f531f4ff17508b9e71ebf0b7
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2021-06-03 17:05:44 +02:00
Timur Pocheptsov 810e755c18 Fix auto-tests that are fooled by the presence of more than one plugin
It's possible that Qt is built with OpenSSL and some other backend.
The ifdefs generated are not mutually exclusive anymore, as it was
in the past. So tests should rely on the actual backend they have
working at runtime.

In the process of fixing the auto-tests, modernized feature #if-ery and
some associated compilation issues.

Fixes: QTBUG-92875
Change-Id: I2be1b924d506fd36dc4e2c6c9158b5023ff87f32
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
2021-05-27 06:41:26 +02:00
Timur Pocheptsov d385158d52 Move plugin code from QtNetwork to qtbase/plugins
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).

For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).

[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.

[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.

Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2021-04-22 22:51:54 +02:00
Timur Pocheptsov b477d823ad Convert QSslSocket(Backend)Private into plugin
All backend-specific code is now separated and removed
from QSslSocket(Private) code. The original code is mostly
preserved to avoid (as much as possible) regressions (and
to simplify code-review).

Fixes: QTBUG-91173
Task-number: QTBUG-65922
Change-Id: I3ac4ba35d952162c8d6dc62d747cbd62dca0ef78
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 9391ba55149336c395b866b24dc9b844334d50da)
2021-03-17 16:25:37 +01:00
Timur Pocheptsov 1a2dd92767 TLS backend: merge with its factory
QTlsBackend is a factory itself - it creates TLS/X509 objects. Having
an intermediary between Factory->Backend->TLS primitive does not look
very natural thus let's squash the first two parts. Backend is a factory
creating TLS primitives, but its static functions also provide information
about backends availablei and give access to those backends.

Fixes: QTBUG-90606
Task-number: QTBUG-65922
Change-Id: I8409d81fd11fb46e6ab4465b4937a7680a8c2447
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2021-01-28 16:21:07 +01:00
Timur Pocheptsov 7cf8e5ada9 QSsl: add a new private API
This is an abstraction for TLS backend and its factory, preparing to transition
to plugin-based design.

Task-number: QTBUG-65922
Change-Id: Ibe810e77fd1b715a6bea66cd3f44312b015ac274
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2021-01-22 09:09:46 +01:00
Timur Pocheptsov ee89f3a6e3 QSslSocket - introduce the API providing information about backends
This API gives the names of available backends and provides a basic
information about features/protocols supported by those backends.
Also, it has the 'loadBackend' functions which allow to select
a particular backend (which are becoming plugins).

At the moment, the implementation is still 'hardcoded', the
follow-up patch will allow to select different backends in runtime.

Task-number: QTBUG-65922
Change-Id: I05877de9c02857594e76b24d52e7578bdb01df69
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2021-01-21 23:01:33 +01:00
Timur Pocheptsov 3d5f86e77d tst_QSslSocket::setSslConfiguration - skip if SecureTransport is in use
SecureTransport does not allow deprecated digest algorithms, and
(depending on ST version) it may or may not accept our server's
certificate.
Funnily enough, they 'fluctuate' between versions again and again.

Fixes: QTBUG-89922
Change-Id: Ie5fbfca316806bd5000ce2d128b81b718bb36624
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2021-01-08 20:33:24 +00:00
David Skoland 27d96b4789 Replace QtTest headers with QTest
Complete search and replace of QtTest and QtTest/QtTest with QTest, as
QtTest includes the whole module. Replace all such instances with
correct header includes. See Jira task for more discussion.

Fixes: QTBUG-88831
Change-Id: I981cfae18a1cabcabcabee376016b086d9d01f44
Pick-to: 6.0
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
2020-12-22 15:20:30 +01:00
Timur Pocheptsov 1158ff67b4 QSslSocket::verify: do not alter the default configuration
QSslCertificate::verify() has an undocumented and not very desirable property -
on some platorms it updates the default configuration, which can be surprising.
For example, we deprecated QSslSocket::setDefaultCaCertificates() and recommend
using QSslConfiguration::defaultConfiguration(), QSslConfiguration::setDefaultConfiguration(),
and QSslConfiguration::setCaCertificates(). If an application does this to select
CA roots it trusts explicitly, and then for some reason is calling verify, the
application can have its QSslSockets successfully connecting to a host, whose
root was not trusted by the application. Also, on Windows, defaultCaCertificates()
include system roots already, no need to have them twice.

[ChangeLog][QtCore][QtNetwork] QSslSocket::verify - do not change the default configuration

Pick-to: 5.15
Pick-to: 6.0
Pick-to: 6.0.0
Fixes: QTBUG-88639
Change-Id: I1cd40b259d0a6dcd15c78d1e7c027ff10859595c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-11-30 23:11:05 +01:00
Timur Pocheptsov 1157167a5c QSslConfiguration - improve code coverage
By adding auto-tests that were missing/not triggering the paths found
by LCOV.

Pick-to: 5.15
Pick-to: 6.0
Change-Id: I472f59e8e7292786c80d7c8dcebde53a2982e1ec
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-11-23 18:38:53 +01:00
Timur Pocheptsov 1a2e2921d2 QSslCipher - improve its code coverage and auto-tests
tst_qsslcipher was quite useless - now we test that default constructed
QSslCipher reports expected values. Test the non-default from the
different auto-test,  where we are sure we have really useful
ciphersuites (with different parameters obtained from a TLS backend,
where it's possible).

Pick-to: 6.0
Pick-to: 5.15
Change-Id: Iff14a0580fed889cf9e0873bee01d968773626db
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2020-11-20 14:38:59 +01:00
Timur Pocheptsov 10893c984b QSslSocket (autotest) - defuse a time bomb
Interesting, it only exploded now - initially we were too fast (faster than
500 ms) so never noticed. Now that more tests with the similar event loop
handling were introduced, the last one was catching a single-shot timer
signal, accessing long dead object).

Fixes: QTBUG-87612
Change-Id: I52446fa7b08ef90a4742af3662da7837a8602941
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-10-16 05:21:34 +02:00
Mårten Nordheim 51faa0700d Schannel: TLS1.3 support
It's not possible to connect to microsoft.com with Schannel TLS 1.3 for
some reason (also tested with Internet Explorer), but other sites work
fine. Must be something they have to iron out for later.

In my experience this needs a preview release of Windows. One of my
machines is opted into the dev channel of Windows where they enabled TLS
1.3 by default, and it works well in my tests except for the part above.
On my other machine, after enabling TLS 1.3 through the registry, I fail
to complete the handshake with any site. So around March/April next year
is when this code would activate for most people.

MinGW apparently defines NTDDI_VERSION as the one for Windows Server
2003, so it currently doesn't build the new TLS 1.3 code. In Qt (as a
project) we could consider setting this higher, but that's out of scope
for this patch!

Fixes: QTBUG-81294
Change-Id: If329959c3a30ecbfbb8c0d335cc39ccb6d012890
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2020-10-14 15:58:16 +02:00
Allan Sandfeld Jensen 564b59d903 Another round of replacing 0 with nullptr
This time based on grepping to also include documentation, tests and
examples previously missed by the automatic tool.

Change-Id: Ied1703f4bcc470fbc275f759ed5b7c588a5c4e9f
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
2020-10-07 23:02:47 +02:00
Lars Schmertmann 8d057fea98 Add test case for QSslSocket to show the wrong behavior
Task-number: QTBUG-81661
Change-Id: I4ed2ad3a22bd5439751328d915e9984eb89397d1
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2020-10-02 13:22:38 +02:00
Mårten Nordheim 2253d5eca6 Schannel: Properly handle request for certificate
Certain servers, like smtp.live.com, will send a request for a
certificate even though they don't require one. In Schannel this
manifests as a warning/info status (SEC_I_INCOMPLETE_CREDENTIALS).
In the cases where it's not needed we should suppress the warning and
try to connect anyway, which is done by calling
InitializeSecurityContext again when we get the status.

Pick-to: 5.15
Change-Id: I3c48140f2949d8557251a49a2b66946da9395736
Reviewed-by: Joshua GPBeta <studiocghibli@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2020-09-14 17:14:00 +02:00
Timur Pocheptsov 605d2163f1 QSsl: workaround a 'very secure' OpenSSL version (CentOS 8.x et al)
CentOS it seems not only backported some OpenSSL 3 functions,
but also raised the default security level to 2, making some of
our keys (and MDs?) 'too weak' and failing auto-tests here and
there as a result. For our auto-test we lower the level to 1,
as it is expected to be.

Fixes: QTBUG-86336
Pick-to: 5.15
Change-Id: I7062a1b292e8b60eb9c2b2e82bd002f09f9da603
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-09-12 05:36:08 +02:00
Lars Knoll 6ae7a02104 Remove most compiler warnings about missing overrides
Remove around 1000 compiler warnings about missing overrides
in our auto tests.

This significantly reduce the compiler warning noise in our auto
tests, so that one can actually better see the real problems
inbetween.

Change-Id: Id0c04dba43fcaf55d8cd2b5c6697358857c31bf9
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
2020-09-11 00:20:47 +02:00
Mårten Nordheim 467d215b32 Disable cipherstring-setting test for schannel
And put a note about it in the documentation

Change-Id: I29126e4a80f83c256190e03b8fe01f3c869fd46d
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2020-08-24 17:43:39 +02:00
Timur Pocheptsov 37d9e44cd0 QSslConfiguration::setCiphers - introduce the overload taking QString
We had such an overloaded version in QSslSocket, it was deprecated without
providing any alternative. Now this function has some use and may be
introduced in Qt6, as QSslConfiguration::setCiphers(const QString &).
Last but not the least - a useless and strange auto-test was removed
(it was creating a list of 5 QSslCiphers each with isNull() == true).
That's becasue '!MD5' or 'ALL' (for example) is not a cipher to be found
in supportedCiphers.

Change-Id: I47eb4c0faa9b52885e883751dd992cd9cb3d26fe
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-07-01 11:26:15 +02:00
Timur Pocheptsov 45c0f45e04 Move QAlertLevel and QAlertType enums into the namespace QSsl
Not to pollute the global namespace with rather generic names
(especially in case QT_NAMESPACE is none); also drop the
(now)redundant 'Q' prefix in the names.

Change-Id: I57ea7e3996cced705f7ddbdbc1e0231191b31c43
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-06-29 17:08:13 +02:00
Jarek Kobus d13b6bd496 Use QList instead of QVector in network tests
Task-number: QTBUG-84469
Change-Id: Ic96dc8d29b5d720810ca636284f5fd37e4307acd
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
2020-06-25 07:54:44 +02:00
Timur Pocheptsov 7d98964815 tst_QSslSocket - stop using qrand (to suppress a warning)
Whoever wrote this test, was a PROPER hacker: trying to force a TLS implementation
not to properly compress some data, they generated a sequence of bytes in a very fancy manner,
something like 255 0 0 0 255 0 0 0 123 0 0 0 255 0 0 0 - yeah, it's really a random sequence
of bytes, surely, it's impossible to compress! Meh.

Pick-to: 5.15
Change-Id: Ia10ae18a40b5b8f006c45147b06fe5be6efcb129
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-06-10 22:55:49 +02:00
Timur Pocheptsov d9b2115060 tst_QSslSocket - do not test the deprecated API
We deprecated several setters on QSslSocket, no need to test
them then (and I'm removing them in Qt 6 anyway, so changing
the test is the phase 1).

Pick-to: 5.15
Change-Id: I5807abfb280cbacd4fcc19468793f9d1f3b2ff20
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-06-10 16:47:48 +02:00
Oliver Wolff 45b0f1be68 Remove winrt
Macros and the await helper function from qfunctions_winrt(_p).h are
needed in other Qt modules which use UWP APIs on desktop windows.

Task-number: QTBUG-84434
Change-Id: Ice09c11436ad151c17bdccd2c7defadd08c13925
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
2020-06-06 20:25:49 +02:00
Timur Pocheptsov 6d6bfcb9ad QtNetwork remove deprecated signals
Use 'errorOccurred' instead of 'error' and 'sslHandshakeErrors'
instead of 'sslErrors'.

Fixes: QTBUG-82605
Change-Id: I19d4845b16c7b636af7b0658d4fbbba4eef9d029
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-06-04 15:58:02 +02:00
Timur Pocheptsov 920487bf6b QSslSocket::setSslSonfiguration - set d.configuration properly
We end up with an absurd situation:
QSslConfiguration conf;
//we set CA certs so that on demand loading is disabled:
conf.setCaCertificates({...});
QSslSocket s;
s.setSslConfiguration(conf);
Q_ASSERT(conf == s.sslConfiguration); // this assert fails.

Pick-to: 5.15
Change-Id: I272bed145434082acc6ead95fe3640d222b21131
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-05-08 18:11:03 +02:00
Qt Forward Merge Bot 8823bb8d30 Merge remote-tracking branch 'origin/5.15' into dev
Conflicts:
	examples/opengl/doc/src/cube.qdoc
	src/corelib/global/qlibraryinfo.cpp
	src/corelib/text/qbytearray_p.h
	src/corelib/text/qlocale_data_p.h
	src/corelib/time/qhijricalendar_data_p.h
	src/corelib/time/qjalalicalendar_data_p.h
	src/corelib/time/qromancalendar_data_p.h
	src/network/ssl/qsslcertificate.h
	src/widgets/doc/src/graphicsview.qdoc
	src/widgets/widgets/qcombobox.cpp
	src/widgets/widgets/qcombobox.h
	tests/auto/corelib/tools/qscopeguard/tst_qscopeguard.cpp
	tests/auto/widgets/widgets/qcombobox/tst_qcombobox.cpp
	tests/benchmarks/corelib/io/qdiriterator/qdiriterator.pro
	tests/manual/diaglib/debugproxystyle.cpp
	tests/manual/diaglib/qwidgetdump.cpp
	tests/manual/diaglib/qwindowdump.cpp
	tests/manual/diaglib/textdump.cpp
	util/locale_database/cldr2qlocalexml.py
	util/locale_database/qlocalexml.py
	util/locale_database/qlocalexml2cpp.py

Resolution of util/locale_database/ are based on:
https://codereview.qt-project.org/c/qt/qtbase/+/294250
and src/corelib/{text,time}/*_data_p.h were then regenerated by
running those scripts.

Updated CMakeLists.txt in each of
	tests/auto/corelib/serialization/qcborstreamreader/
	tests/auto/corelib/serialization/qcborvalue/
	tests/auto/gui/kernel/
and generated new ones in each of
	tests/auto/gui/kernel/qaddpostroutine/
	tests/auto/gui/kernel/qhighdpiscaling/
	tests/libfuzzer/corelib/text/qregularexpression/optimize/
	tests/libfuzzer/gui/painting/qcolorspace/fromiccprofile/
	tests/libfuzzer/gui/text/qtextdocument/sethtml/
	tests/libfuzzer/gui/text/qtextdocument/setmarkdown/
	tests/libfuzzer/gui/text/qtextlayout/beginlayout/
by running util/cmake/pro2cmake.py on their changed .pro files.

Changed target name in
	tests/auto/gui/kernel/qaction/qaction.pro
	tests/auto/gui/kernel/qaction/qactiongroup.pro
	tests/auto/gui/kernel/qshortcut/qshortcut.pro
to ensure unique target names for CMake

Changed tst_QComboBox::currentIndex to not test the
currentIndexChanged(QString), as that one does not exist in Qt 6
anymore.

Change-Id: I9a85705484855ae1dc874a81f49d27a50b0dcff7
2020-04-08 20:11:39 +02:00
Timur Pocheptsov 4561370661 More qOverload cleanups in qtbase
Task-number: QTBUG-82605
Change-Id: I1c3c14ed82911ed5483258c11e76f5dd7744fa12
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-03-24 20:58:13 +01:00
Lars Knoll a450cce6b6 Merge remote-tracking branch 'origin/5.15' into dev
Change-Id: I469b0501cc65fc5ce4d797a69ae89405cc69c7f8
2020-02-28 09:48:30 +01:00
Alexander Akulich cb26a4da69 QAbstractSocket: deprecate 'error' signal, use 'errorOccurred' instead
[ChangeLog][Deprecation Notice] QAbstractSocket::error() (the signal) is deprecated; superseded by errorOccurred()

Change-Id: I11e9c774d7c6096d1e9b37c451cf0b99188b6aad
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2020-02-27 13:56:45 +01:00
Alexander Akulich 6d18e4a2b8 Revert "QAbstractSocket: deprecate 'error' member-function"
This reverts commit 94b3dd77f2.

The patch fixes ambiguity between a getter and a signal by changing the
getter name, but we still have to rename the signal to follow the signals
naming convention.

Revert the commit to keep the getter as is and change the signal name instead.

Change-Id: I0dd60cf1ae9d1bd95beeb8ad58661ca4b1fb63b9
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2020-02-26 23:07:52 +03:00
Qt Forward Merge Bot 0a4e5bb265 Merge remote-tracking branch 'origin/5.15' into dev
Conflicts:
	src/widgets/kernel/qshortcut.cpp
	tests/auto/network/access/spdy/tst_spdy.cpp

Change-Id: If76c434beac2c0a393440aa365f89f77439774ce
2020-01-16 11:20:42 +01:00
Qt Forward Merge Bot c3123c757a Merge remote-tracking branch 'origin/5.14' into 5.15
Change-Id: I8dbcf23835d52d3aa7d018ed250814d60c68aa83
2020-01-15 01:00:39 +01:00
Tor Arne Vestbø eb2a7738a4 Skip instead of fail tests when test server is not available
We were being inconsistent in how we handled this, some tests skipping
while others using QVERIFY. It makes more sense to skip the tests, since
the problem is a missing pre-condition of the test, not the test itself
being bad or exposing real failures in the implementation.

Change-Id: I20eacfe12dbce0b0d926e48cbe2d2772819fa4a5
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2020-01-14 00:15:16 +01:00
Qt Forward Merge Bot cccc9d0b95 Merge remote-tracking branch 'origin/5.15' into dev
Conflicts:
	tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp

Change-Id: I4d3041fa291a918c774ffa5eb5c8792a0966451d
2020-01-13 10:13:01 +01:00
Timur Pocheptsov 76c4c5d558 QSslSocket: deprecate sslErrors() getter
To disambiguate &QSslSocket::sslErrors() expression. Add a new
getter - sslHandshakeErrors().

[ChangeLog][Deprecation Notice] QSslSocket::sslErrors() (the getter) was deprecated and superseded by sslHandshakeErrors()

Task-number: QTBUG-80369
Change-Id: I9dcca3c8499800c122db230753dc19b07654f8a2
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-01-10 13:41:59 +01:00
Timur Pocheptsov 94b3dd77f2 QAbstractSocket: deprecate 'error' member-function
The one that is a getter for the last error found. This is to disambiguate
the expression '&QAbstractSocket::error'. Introduce a new member-function
socketError as a replacement.

[ChangeLog][Deprecation Notice] QAbstractSocket::error() (the getter) is deprecated; superseded by socketError().

Task-number: QTBUG-80369
Change-Id: Ia2e3d108657aaa7929ab0810babe2ede309740ba
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-01-10 12:54:53 +01:00
Timur Pocheptsov e5438e8ded QSslSocket (OpenSSL) improve alert messages handling
1. Add a new verification callback. This gives an option
to report errors directly from this callback (by emitting
handshakeInterruptedOnError()). This allows an application
to explain to its peer why the handshake was interrupted (by
sending a corresponding alert message).
2. This also means we want to notice such alerts (in Qt,
from the application's point of view, they are mostly
informational only, no interaction is required). So we
also introduce a new 'info callback', that can notice alert
messages read or written. We also introduce two new enums
describing the level and type of an alert message. QSslSocket
gets three new signals (for incoming/outgoing alerts and
verification errors found early).
3. In case we requested a certificate, but the peer provided
none, we would previously abruptly close the connection without
a proper alert message (and such a situation is not handled
by any verification callbacks, since there is no certificate(s)
to verify essentially). So we now introduce a new verification
option that maps to what OpenSSL calls 'SSL_VERIFY_FAIL_IF_NO_PEER_CERT'.
This way, the proper alert will be generated.

Fixes: QTBUG-68419
Change-Id: I5d1e9298b4040a2d4f867f5b1a3567a2253927b8
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2019-12-03 18:06:02 +01:00
Timur Pocheptsov cd200ad7ae QSsl - delete all mentions of SslV2 and SslV3
Also, change the notion of 'unsupported protocol' for QSslSocket,
previously it was SslV2 and SslV3, now instead it's all versions
of DTLS and UnknownProtocol:
- makes no sense at all to connect using TCP socket and then
  suddenly start using DTLS_client/server_method
- UnknownProtocol is not to be set in a configuration,
  unknown means that some ciphersuite's protocol version
  cannot be established.
- 'disabledProtocols' auto-test becomes 'unsupportedProtocols'
  and tests that QSslSocket fails to start encryption if the
  protocol version is wrong.

Handling these enumerators (SslV2 and SslV2) as errors
not needed anymore. Removed from QSslContext and our
existing backends (qsslsocket_whatever).

TlsV1SslV3 enumerator is not making any sense at all (previously
was [SSL v3, TLS 1.0], then became "the same as TLS v. 1.0", but
now this name is very confusing. Removed.

Task-number: QTBUG-75638
Task-number: QTBUG-76501
Change-Id: I2781ba1c3051a7791b476266d4561d956948974a
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
2019-11-28 14:25:36 +01:00
Qt Forward Merge Bot 78c687f98e Merge remote-tracking branch 'origin/5.14' into 5.15
Change-Id: I963b5f48b5d6f3500ca379fbd7f1a4290b570175
2019-11-08 09:11:02 +01:00
Qt Forward Merge Bot e3cc16e9fb Merge remote-tracking branch 'origin/5.13' into 5.14
Conflicts:
	.qmake.conf
	mkspecs/features/mac/default_post.prf
	src/corelib/tools/qsimd_p.h
	src/platformsupport/fontdatabases/mac/qcoretextfontdatabase.mm
	util/qfloat16-tables/gen_qfloat16_tables.cpp

Change-Id: If48fa8a3bc3c983706b609a6d3822cb67c1352a4
2019-11-06 11:41:19 +01:00
Timur Pocheptsov 1a878e65c2 QSslSocket - remove old OpenSSL backend (< 1.1)
OpenSSL 1.0.2 will stop receiving all support at the end
of 2019. Qt 5.15 is our next LTS thus makes sense remove
OpenSSL 1.0.2 support there. This also allows us quite
a significant cleanup of an old heavily if-defed code
and all 'pre11' suffixed source files.

[ChangeLog][QtNetwork][SSL] Removed OpenSSL 1.0.x support, now 1.1.x is required

Change-Id: I70c70c56cbd8aeff793afe793335696d1b1b7408
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2019-11-01 14:52:09 +01:00
Mårten Nordheim 3dd8f6dc34 Schannel: no longer keep old ssl errors around when reusing socket
And add a test for it so it can no longer happen in any current or
future implementation.

Change-Id: I3214aa90595e291b1e1c66befe185cfe1ea7bc6b
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-10-07 11:34:39 +02:00
Mårten Nordheim 65cb6f5f29 tst_qsslsocket: Update some QSslConfiguration usage
Following the deprecation of add[Default]CaCertificate[s] let's update
the uses of it. While we're doing this, let's also use QSslConfiguration
more in some places where it makes sense.

Change-Id: I2c9e7c73fee8a405492410378f2babe67d3a3f25
Reviewed-by: Jesus Fernandez <jsfdez@gmail.com>
2019-09-25 14:13:58 +02:00
Sona Kurazyan 19f72c17c0 Make network tests build and pass with disabled deprecated APIs
Deprecated APIs of network lib are used only in tests. This change
makes sure, that the tests build and pass with those deprecated APIs
removed or disabled, by:

- Making the parts of the tests testing the deprecated APIs to be
  compiled conditionally, only when the corresponding methods are
  enabled.

- If the test-case tests only the deprecated API, but not the
  corresponding replacement, added tests for the replacement.

Task-number: QTBUG-76541
Change-Id: I78c4913155007fd1d0df2c38e1b9a8b80066adeb
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
2019-07-23 18:48:17 +00:00
Qt Forward Merge Bot 64df0eda36 Merge remote-tracking branch 'origin/5.13' into dev
Conflicts:
	src/corelib/global/qlogging.cpp
	src/gui/painting/qtextureglyphcache_p.h
	src/gui/text/qfontengine.cpp
	src/widgets/widgets/qlineedit.cpp

Change-Id: Ic8798538df466b7141caa8bbf1fb7605eb56be37
2019-07-17 10:44:21 +02:00
Qt Forward Merge Bot 77d126ccb5 Merge remote-tracking branch 'origin/5.12' into 5.13
Conflicts:
	configure.pri

Also required s/solid\.color/solidColor/ in a couple of places in:
	src/gui/painting/qpaintengine_raster.cpp

Change-Id: I29937f63e9779deb6dac7ae77e2948d06ebc0319
2019-07-12 12:23:29 +02:00