Merge remote branch 'qt-mainline/master'

Conflicts:
	configure

7 files changed, 46 insertions, 42 deletions

diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index 150f77e..70d7dd8 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -47,18 +47,6 @@
 
 QT_BEGIN_NAMESPACE
 
-template<> void QSharedDataPointer<QSslConfigurationPrivate>::detach()
-{
-    if (d && d->ref == 1)
-        return;
-    QSslConfigurationPrivate *x = (d ? new QSslConfigurationPrivate(*d)
-                                   : new QSslConfigurationPrivate);
-    x->ref.ref();
-    if (d && !d->ref.deref())
-        delete d;
-    d = x;
-}
-
 /*!
     \class QSslConfiguration
     \brief The QSslConfiguration class holds the configuration and state of an SSL connection
@@ -126,7 +114,7 @@ template<> void QSharedDataPointer<QSslConfigurationPrivate>::detach()
     Once any setter methods are called, isNull() will return false.
 */
 QSslConfiguration::QSslConfiguration()
-    : d(0)
+    : d(new QSslConfigurationPrivate)
 {
 }
 
@@ -176,7 +164,7 @@ bool QSslConfiguration::operator==(const QSslConfiguration &other) const
         d->privateKey == other.d->privateKey &&
         d->sessionCipher == other.d->sessionCipher &&
         d->ciphers == other.d->ciphers &&
-        d->caCertificates == d->caCertificates &&
+        d->caCertificates == other.d->caCertificates &&
         d->protocol == other.d->protocol &&
         d->peerVerifyMode == other.d->peerVerifyMode &&
         d->peerVerifyDepth == other.d->peerVerifyDepth;
@@ -203,7 +191,15 @@ bool QSslConfiguration::operator==(const QSslConfiguration &other) const
 */
 bool QSslConfiguration::isNull() const
 {
-    return d == 0;
+    return (d->protocol == QSsl::SecureProtocols &&
+            d->peerVerifyMode == QSslSocket::AutoVerifyPeer &&
+            d->peerVerifyDepth == 0 &&
+            d->caCertificates.count() == 0 &&
+            d->ciphers.count() == 0 &&
+            d->localCertificate.isNull() &&
+            d->privateKey.isNull() &&
+            d->peerCertificate.isNull() &&
+            d->peerCertificateChain.count() == 0);
 }
 
 /*!
@@ -213,7 +209,7 @@ bool QSslConfiguration::isNull() const
 */
 QSsl::SslProtocol QSslConfiguration::protocol() const
 {
-    return d ? d->protocol : QSsl::SecureProtocols;
+    return d->protocol;
 }
 
 /*!
@@ -243,7 +239,7 @@ void QSslConfiguration::setProtocol(QSsl::SslProtocol protocol)
 */
 QSslSocket::PeerVerifyMode QSslConfiguration::peerVerifyMode() const
 {
-    return d ? d->peerVerifyMode : QSslSocket::AutoVerifyPeer;
+    return d->peerVerifyMode;
 }
 
 /*!
@@ -276,7 +272,7 @@ void QSslConfiguration::setPeerVerifyMode(QSslSocket::PeerVerifyMode mode)
 */
 int QSslConfiguration::peerVerifyDepth() const
 {
-    return d ? d->peerVerifyDepth : 0;
+    return d->peerVerifyDepth;
 }
 
 /*!
@@ -307,7 +303,7 @@ void QSslConfiguration::setPeerVerifyDepth(int depth)
 */
 QSslCertificate QSslConfiguration::localCertificate() const
 {
-    return d ? d->localCertificate : QSslCertificate();
+    return d->localCertificate;
 }
 
 /*!
@@ -361,7 +357,7 @@ void QSslConfiguration::setLocalCertificate(const QSslCertificate &certificate)
 */
 QSslCertificate QSslConfiguration::peerCertificate() const
 {
-    return d ? d->peerCertificate : QSslCertificate();
+    return d->peerCertificate;
 }
 
 /*!
@@ -393,7 +389,7 @@ QSslCertificate QSslConfiguration::peerCertificate() const
 */
 QList<QSslCertificate> QSslConfiguration::peerCertificateChain() const
 {
-    return d ? d->peerCertificateChain : QList<QSslCertificate>();
+    return d->peerCertificateChain;
 }
 
 /*!
@@ -411,7 +407,7 @@ QList<QSslCertificate> QSslConfiguration::peerCertificateChain() const
 */
 QSslCipher QSslConfiguration::sessionCipher() const
 {
-    return d ? d->sessionCipher : QSslCipher();
+    return d->sessionCipher;
 }
 
 /*!
@@ -422,7 +418,7 @@ QSslCipher QSslConfiguration::sessionCipher() const
 */
 QSslKey QSslConfiguration::privateKey() const
 {
-    return d ? d->privateKey : QSslKey();
+    return d->privateKey;
 }
 
 /*!
@@ -464,7 +460,7 @@ void QSslConfiguration::setPrivateKey(const QSslKey &key)
 */
 QList<QSslCipher> QSslConfiguration::ciphers() const
 {
-    return d ? d->ciphers : QList<QSslCipher>();
+    return d->ciphers;
 }
 
 /*!
@@ -494,7 +490,7 @@ void QSslConfiguration::setCiphers(const QList<QSslCipher> &ciphers)
 */
 QList<QSslCertificate> QSslConfiguration::caCertificates() const
 {
-    return d ? d->caCertificates : QList<QSslCertificate>();
+    return d->caCertificates;
 }
 
 /*!
diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h
index 69dd145..143566b 100644
--- a/src/network/ssl/qsslconfiguration.h
+++ b/src/network/ssl/qsslconfiguration.h
@@ -86,7 +86,7 @@ public:
     inline bool operator!=(const QSslConfiguration &other) const
     { return !(*this == other); }
 
-    bool isNull() const;
+    bool isNull() const; // ### Qt 5: remove; who would need this?
 
     QSsl::SslProtocol protocol() const;
     void setProtocol(QSsl::SslProtocol protocol);
diff --git a/src/network/ssl/qsslerror.cpp b/src/network/ssl/qsslerror.cpp
index 198b1f5..ae18b47 100644
--- a/src/network/ssl/qsslerror.cpp
+++ b/src/network/ssl/qsslerror.cpp
@@ -86,6 +86,7 @@
     \value HostNameMismatch
     \value UnspecifiedError
     \value NoSslSupport
+    \value CertificateBlacklisted
 
     \sa QSslError::errorString()
 */
@@ -281,6 +282,9 @@ QString QSslError::errorString() const
         break;
     case NoSslSupport:
         break;
+    case CertificateBlacklisted:
+        errStr = QSslSocket::tr("The peer certificate is blacklisted");
+        break;
     default:
         errStr = QSslSocket::tr("Unknown error");
         break;
diff --git a/src/network/ssl/qsslerror.h b/src/network/ssl/qsslerror.h
index ce4c749..c30c02a 100644
--- a/src/network/ssl/qsslerror.h
+++ b/src/network/ssl/qsslerror.h
@@ -83,6 +83,7 @@ public:
         NoPeerCertificate,
         HostNameMismatch,
         NoSslSupport,
+        CertificateBlacklisted,
         UnspecifiedError = -1
     };
 
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index 98e2dc5..0dbf4b5 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -828,14 +828,8 @@ void QSslSocket::setReadBufferSize(qint64 size)
     Q_D(QSslSocket);
     d->readBufferMaxSize = size;
 
-    // set the plain socket's buffer size to 1k if we have a limit
-    // see also the same logic in QSslSocketPrivate::createPlainSocket
-    if (d->plainSocket) {
-        if (d->mode == UnencryptedMode)
-            d->plainSocket->setReadBufferSize(size);
-        else
-            d->plainSocket->setReadBufferSize(size ? 1024 : 0);
-    }
+    if (d->plainSocket)
+        d->plainSocket->setReadBufferSize(size);
 }
 
 /*!
@@ -902,6 +896,7 @@ void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration)
     d->configuration.peerVerifyDepth = configuration.peerVerifyDepth();
     d->configuration.peerVerifyMode = configuration.peerVerifyMode();
     d->configuration.protocol = configuration.protocol();
+    d->allowRootCertOnDemandLoading = false;
 }
 
 /*!
@@ -2048,6 +2043,10 @@ void QSslSocketPrivate::createPlainSocket(QIODevice::OpenMode openMode)
     q->setPeerName(QString());
 
     plainSocket = new QTcpSocket(q);
+#ifndef QT_NO_BEARERMANAGEMENT
+    //copy network session down to the plain socket (if it has been set)
+    plainSocket->setProperty("_q_networksession", q->property("_q_networksession"));
+#endif
     q->connect(plainSocket, SIGNAL(connected()),
                q, SLOT(_q_connectedSlot()),
                Qt::DirectConnection);
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 10f1f30..78a78a2 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -418,7 +418,8 @@ init_context:
         if (tlsHostName.isEmpty())
             tlsHostName = hostName;
         QByteArray ace = QUrl::toAce(tlsHostName);
-        if (!ace.isEmpty()) {
+        // only send the SNI header if the URL is valid and not an IP
+        if (!ace.isEmpty() && !QHostAddress().setAddress(tlsHostName)) {
             if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.constData()))
                 qWarning("could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled");
         }
@@ -1237,16 +1238,18 @@ bool QSslSocketBackendPrivate::startHandshake()
     X509 *x509 = q_SSL_get_peer_certificate(ssl);
     configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);
     q_X509_free(x509);
-    if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) {
-        q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted"));
-        q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
-        emit q->error(QAbstractSocket::SslHandshakeFailedError);
-        plainSocket->disconnectFromHost();
-        return false;
-    }
 
     // Start translating errors.
     QList<QSslError> errors;
+
+    if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) {
+        QSslError error(QSslError::CertificateBlacklisted, configuration.peerCertificate);
+        errors << error;
+        emit q->peerVerifyError(error);
+        if (q->state() != QAbstractSocket::ConnectedState)
+            return false;
+    }
+
     bool doVerifyPeer = configuration.peerVerifyMode == QSslSocket::VerifyPeer
                         || (configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer
                             && mode == QSslSocket::SslClientMode);
diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
index 7b92f95..4662c56 100644
--- a/src/network/ssl/qsslsocket_p.h
+++ b/src/network/ssl/qsslsocket_p.h
@@ -73,6 +73,7 @@ QT_BEGIN_NAMESPACE
     typedef OSStatus (*PtrSecTrustSettingsCopyCertificates)(int, CFArrayRef*);
     typedef OSStatus (*PtrSecTrustCopyAnchorCertificates)(CFArrayRef*);
 #elif defined(Q_OS_WIN)
+#include <windows.h>
 #include <wincrypt.h>
 #ifndef HCRYPTPROV_LEGACY
 #define HCRYPTPROV_LEGACY HCRYPTPROV