NTLVMv1 is of historic interest only, since even Windows NT 4.0 already
supported NTLMv2. NTLVMv1 is also considered to be insecure.
Removing the code (that was not compiled in by default anyway) allows us
also to get rid of 3rdparty/des.
Change-Id: I5a9778f4250e1974c270ee6be539332318c09443
Reviewed-by: Richard J. Moore <rich@kde.org>
Done automatically with clang-modernize on linux
(But does not add Q_DECL_OVERRIDE to the function that are marked
as inline because it a compilation error with MSVC2010)
Change-Id: I2196ee26e3e6fe20816834ecea5ea389eeab3171
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
The only reason for copying QSslEllipticCurves into a temporary array
would be to be extra-pedantic about type safety, but in the end,
we can simply force a cast and remove the copy.
Change-Id: Ice8a036fe4b79ba438ce83b5eacf6158eb3f0ce7
Reviewed-by: Richard J. Moore <rich@kde.org>
OpenSSL 1.0.2 introduces SSL_CTX_set_ecdh_auto, which allows us
to stop using one specific temporary curve, and instead makes
the server negotiate the best curve.
Task-number: QTBUG-42925
Change-Id: I3a68f29030bdf04f368bfdf79c888401ce82bdd8
Reviewed-by: Richard J. Moore <rich@kde.org>
[ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic
curves should be used by an elliptic curve cipher.
Change-Id: If5d0d58922768b6f1375836489180e576f5a015a
Done-with: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
If "encrypted" signal is fired the configuration of ssl is not updated.
If someone wants to perform additional checks on the certificate chain
it is now possible to use peerCertificate and peerCertificateChain.
Change-Id: Id5136a8c52727562c36028eaef721cc9ad86619d
Task-number: QTBUG-40401
Reviewed-by: Richard J. Moore <rich@kde.org>
While a POST request with no body may be a pointless thing it does
happen on many websites. Currently this causes QtNetwork to print a
warning to the console and set an invalid content-type. This patch
allows the content-type to be absent when content is.
Task-number: QTBUG-42479
Change-Id: Ia84c89147d2469a9421b9694d062c797987b3194
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Variable dsa is assigned in this block with q_DSA_new instead of rsa.
So this should be the destination of memcpy.
Change-Id: Id5a41d99f1606bf525ad5f819bbc06bb1235bf5b
Reviewed-by: Richard J. Moore <rich@kde.org>
There was still a TODO left in there and the data was never filled.
In addition to filling the data, some pointer checks for addr and port
were added.
Task-number: QTBUG-42244
Change-Id: I8e358b5544edcdb4077a52f433e4bc17d92014ce
Reviewed-by: Andrew Knight <andrew.knight@theqtcompany.com>
This allows apps to ship their own openssl libraries inside the
application bundle.
The change consists of two parts: First, adding
<bundle>/Contents/Frameworks
to the alternative search paths. Second, disabling the preemtive
check for libssl.dylib, libcrypto.dylib in the system paths:
The system's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib
will still be picked up as a fallback in the alternative search
paths, but only after .app/Contents/Frameworks have been inspected.
[ChangeLog][QtNetwork][QSsl] On OS X and iOS, openssl dylib's are
picked up from the 'Frameworks' directory of the app bundle.
Change-Id: I982930f4a6cf5e0114c04ecbc87f27e54ba8bb88
Reviewed-by: Jake Petroules <jake.petroules@petroules.com>
QIODevice makes readData() call only when its read buffer is empty.
Also data argument points to the user or reserved read buffer area.
So, no need in data transfer from read buffer at this point at all.
Task-number: QTBUG-41797
Change-Id: Ieb4afdf7eec37fdf288073e4a060e64424f22b9c
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 1853579dad1bbb44599314213a1d8a203ecae1c9)
Reviewed-by: Alex Trotsenko <alex1973tr@gmail.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
Since QNAM is initialized with defaultConfiguration, we need to
reset the internal configuration used to the current
defaultConfiguration when the state changes and a new configuration
becomes the default.
Task-number: QTBUG-40234
Change-Id: I50f23c62804f29370915eecac2c92301c5f3ead2
Reviewed-by: Kai Koehne <kai.koehne@theqtcompany.com>
Reviewed-by: Alex Blasche <alexander.blasche@digia.com>
When sending a second request with implied credentials the connection
used may be cached as a connection without credentials, and thereby
incorrectly reused later for other connections with different implied
credentials.
This patch updates the credentials a cached http-connection is using
before sending a request on it.
Task-number: QTBUG-39456
Change-Id: I1609234136a89c32e00432a67720cd62a73a488a
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
Fixes errors like
qsslsocket_openssl_symbols.cpp:111:6: error:
unused function 'qsslSocketUnresolvedSymbolWarning'
[-Werror,-Wunused-function]
void qsslSocketUnresolvedSymbolWarning(const char *functionName)
^
1 error generated.
Change-Id: I164518de583f080724ab9a7165c885602a1c6231
Reviewed-by: Richard J. Moore <rich@kde.org>
If requestedServerName is a full path e.g. "/tmp/some/long/path" the
temp path will end up "/tmp/some/long/path.balblabla/tmp/some/long/path"
and it might fail because it doesn't fit in addr.sun_path.
Change-Id: I6a138fd92be9e0b3b432ab9ac977d04cb330f3fd
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
The temp socket is in a safe place. There is no need to set any
permissions at this point.
Change-Id: I18ea4b71b7c20db65dc46c57ddc5d34d8b93f577
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
Mode is always != 0 at this point (QLocalServer::WorldAccessOption is
a combination of the bits tested later).
Change-Id: I5abfb4e49fdc7903e21398525af05989f40d7f94
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
Reviewed-by: BogDan Vatra <bogdan@kde.org>
After the poodle vulnerability SSLv3 should like SSLv2 no longer be
considered safe, so when a user request a safe protocol we should
only allow TLS versions.
[ChangeLog][QtNetwork][QSsl] QSsl::SecureProtocols now also excludes SSLv3
Change-Id: If825f6beb599294b028d706903b39db6b20be519
Reviewed-by: Richard J. Moore <rich@kde.org>
QNetworkDiskCache don't handle to set CookieHeader. so All Set-Cookie's value is invalid.
The root of cause is that metaDataChanged() don't work because of no slot for it.
Add the slot for it and renamed to _q_metaDataChanged.
Task-number: QTBUG-41514
Change-Id: I5cec017e59a1de69c6e89c0bc7209a73dcdc11da
Reviewed-by: Jeongmin Kim <jm86.kim@lge.com>
Reviewed-by: Jung Dong-Heon <clamp03@gmail.com>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Set the reply state to "finished" also on errors.
Do a proper string compare to correctly translate
the error codes.
Task-number: QTBUG-42023
Change-Id: I222cc06a47b1f9f89095e8f935f316bf94fd0cd6
Reviewed-by: Caroline Chao <caroline.chao@theqtcompany.com>
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@digia.com>
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslError), so
make it public.
Also included both .error() and .certificate() in the hash, as
both of these are used to determine equality (the WinRT version
only used .error()).
[ChangeLog][QtNetwork][QSslError] Can now be used in QSet/QHash.
Change-Id: Ieb7995bed491ff011d4be9dad544248b56fd4f73
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
qsslsocket_winrt.cpp defined it locally, which runs the risk of
clashes with a potential user-defined qHash(QSslCertificate), so
make it public.
Also, the implementation in qsslsocket_winrt.cpp simply hashed
the handle(), which violates the principle that equal instances
must hash to the same value. Also, for some platforms, the
implementation returns nullptr unconditionally, which, while not
violating the above-mentioned principle, will make all users of
the hash have worst-case complexity.
To calculate a meaningful hash, therefore, the certificate needs
to be inspected deeper than just the handle.
For OpenSSL, we use X509::sha1_hash, which also X509_cmp uses
internally to determine inequality (it checks more stuff, but
if X059::sha1_hash is different, X509_cmp() returns non-zero,
which is sufficient for the purposes of qHash()). sha1_hash may
not be up-to-date, though, so we call X509_cmp to make it valid.
Ugh.
For WinRT/Qt, we use the DER encoding, as that is the native
storage format used in QSslCertificate. This is not equivalent
to the implementation used in qsslsocket_winrt.cpp before, but
since handle() == handle() => toDer() == toDer(), it should not
be a problem.
[ChangeLog][QtNetwork][QSslCertificate] Can now be used as a key in QSet/QHash.
Change-Id: I10858fe648c70fc9535af6913dd3b7f3b2cf0eba
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Calling if_nametoindex with an empty string will always return 0, but
on ARM linux platforms this call seems to be very expensive (~30ms),
adding a large overhead to calls such as QUdpSocket::writeDatagram()
Task-number: QTBUG-37092
Change-Id: Iad00867585d9534af1ddaee936dd4e4dc5e03611
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
When creating SSL context failed due to unsupported protocol being
demanded, no explanation was given. It's because
QSslContext::fromConfiguration() extracted explanation for error message
from OpenSSL, which at that point hasn't even been called yet. This
patch adds explicit message informing that an unsupported protocol was
chosen.
Task-number: QTBUG-41775
Change-Id: I9d2710da4ba314a16837a90afcdc5d9256179bef
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
When QSslCertificatePrivate::certificatesFromDer() was passed count ==
-1 to extract unlimied number of certificates from buffer, it also tried
to parse the 0-sized fragment after the last certificate. This has
caused d2i_X509() to report an error on latest OpenSSL.
Task-number: QTBUG-41774
Change-Id: Ifa36b7ac5b4236bd2fb53b9d7fe53c5db3cb078c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
For const char*s, operator== is overloaded, so comparing to a (C) string
literal is efficient, since qstrcmp doesn't require the length of the
strings to compare.
OTOH, QByteArrayLiteral, when not using RVO, litters the code with
QByteArray dtor calls, which are not inline. Worse, absent lambdas,
it even allocates memory.
So, just compare with a (C) string literal instead.
Change-Id: Id3bfdc89558ba51911f6317a7a73c287f96e6f24
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
... so that a user can have more fine-grained uploadProgress signal
emissions if desired.
Change-Id: I9f77fd80c100dbe249beaf3057e6e8974680ec59
Reviewed-by: Markus Goetz <markus@woboq.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
My previous fix for CPU load issues between HTTP thread
and user thread was fragile if the upload QIODevice
emitted readyRead() multiple times.
[ChangeLog][QtNetwork][QNetworkAccessManager] Fix behavior of upload QIODevice
that generate data on readyRead() for HTTP PUT/POST
Change-Id: Idb1c2d5a382a704d8cc08fe03c55c883bfc95aa7
Reviewed-by: Christian Kamm <kamm@incasoftware.de>
Reviewed-by: Richard J. Moore <rich@kde.org>
Remove an useless check which spontaneously allow direct reads from the
socket engine.
Change-Id: Ia3d2a572d6f1563d613fe2f00d0d6849df259827
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
socket(2) is allowed to return 0, so 0 should not be included
when checking for errors.
Change-Id: I0454ea60347d90078d3ab3046969add8d5c37935
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
device is private, always null and class has no friends, so no need to have it at all
Change-Id: I320d47f1a712a3202c08b494563533e29d185501
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
The symptoms were made apparent in the xmlpatterns command line
utility when trying to use the synchronous HTTP code path in
QXmlQuery for fetching schemas.
Change-Id: I93b283fdec4b501a5c1fc646f7ddc30d8407f5ae
Reviewed-by: Markus Goetz <markus@woboq.com>
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
Heuristic with last-modified time in Qt has some problems.
1) Remove redundant expirationDate.isInvalid() check
expirationDate.isInvalid is already checked. So I removed.
2) Add dateHeader.isInvalid() check
The dateHeader is used in expiration calculation.
I add invalid check for the dateHeader.
*. The dateHeader is the origin server's Date
3) Change diff time calculation.
The expirationDate is calculated with time diff.
Previous calculation is
// The lastModified is earlier than the currentDateTime.
// The diff has negative value.
int diff = currentDateTime.secsTo(lastModified);
// The expirationDate is earlier than lastModified
// , currentDateTime and dateHeader.
expirationDate = lastModified.addSecs(diff / 10);
*. currentDateTime: current time
*. lastModified: last modified date in server
It means that files are not cached with the heuristic.
I changed diff calculation.
int diff = lastModified.secsTo(dateHeader);
freshness_lifetime = diff / 10; // RFC 2616 13.2.4
4) httpRequest.headerField setting
If current_age is larger than 1 day, the cache MUST attach Warning 113.
*. The current_age is value of age in header
or elapsed time from dateHeader in Qt source code.
Previous code does not check current_age is larger than 1 day correctly.
// dt = 1970-01-01T00:00:00 + current_age
dt.setTime_t(current_age);
// currentDateTime is much bigger than 1970-01-01T00:00:00
if (dt.daysTo(currentDateTime) > 1)
Task-number: QTBUG-40836
Change-Id: I4b00c3b287e6fafeea6b02681533fe75a198247e
Reviewed-by: Jung Dong-Heon <dongheon.jung@lge.com>
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
Kai Koehne
Olivier Goffart
Giuseppe D'Angelo
Frederik Gladhorn
André Klitzing
Allan Sandfeld Jensen
Oliver Wolff
Kai Koehne
Alex Trotsenko
Lorn Potter
BogDan Vatra
Jeongmin Kim
Morten Johan Sørvig
Shawn Rutledge
Lorn Potter
Marc Mutz
Tom Hirst
Mikołaj Siedlarek
Frederik Gladhorn
Alessandro Portale
Peter Hartmann
Gabriel de Dietrich
Nico Vertriest
Oswald Buddenhagen
Markus Goetz
Matti Paaso
Albert Astals Cid
Pierre Rossi
Dong-Heon Jung