summaryrefslogtreecommitdiffstats
path: root/src/network/ssl
diff options
context:
space:
mode:
authorPeter Hartmann <peter.hartmann@nokia.com>2011-03-15 10:20:17 (GMT)
committerPeter Hartmann <peter.hartmann@nokia.com>2011-03-15 10:36:48 (GMT)
commit5e47ee6a97f54f1cdac577f76cd338b40e624f32 (patch)
tree193ffab329f91270006648525fec5287c1b99935 /src/network/ssl
parentc600cbac60c0453815ee2721e0748a991343b5b2 (diff)
downloadQt-5e47ee6a97f54f1cdac577f76cd338b40e624f32.zip
Qt-5e47ee6a97f54f1cdac577f76cd338b40e624f32.tar.gz
Qt-5e47ee6a97f54f1cdac577f76cd338b40e624f32.tar.bz2
SSL: give protocol enum SecureProtocols an own value
... so that an application that uses SecureProtocols can make use of updates to a Qt version without being recompiled. Reviewed-by: Markus Goetz Reviewed-by: Richard J. Moore
Diffstat (limited to 'src/network/ssl')
-rw-r--r--src/network/ssl/qssl.cpp4
-rw-r--r--src/network/ssl/qssl.h2
-rw-r--r--src/network/ssl/qsslconfiguration_p.h2
-rw-r--r--src/network/ssl/qsslsocket_openssl.cpp6
4 files changed, 8 insertions, 6 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
index e3dc84c..5594296 100644
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@@ -110,8 +110,8 @@ QT_BEGIN_NAMESPACE
\value TlsV1SslV3 On the client side, this will send
a TLS 1.0 Client Hello, enabling TLSv1 and SSLv3 connections.
On the server side, this will enable both SSLv3 and TLSv1 connections.
- \value SecureProtocols The default option, using protocols known to be secure.
- Currently set to TlsV1SslV3.
+ \value SecureProtocols The default option, using protocols known to be secure;
+ currently behaves like TlsV1SslV3.
Note: most servers using SSL understand both versions (2 and 3),
but it is recommended to use the latest version only for security
diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h
index 1980659..24dbb09 100644
--- a/src/network/ssl/qssl.h
+++ b/src/network/ssl/qssl.h
@@ -78,7 +78,7 @@ namespace QSsl {
TlsV1, // ### Qt 5: rename to TlsV1_0 or so
AnyProtocol,
TlsV1SslV3,
- SecureProtocols = TlsV1SslV3,
+ SecureProtocols,
UnknownProtocol = -1
};
}
diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h
index 1c6815b..a5af51a 100644
--- a/src/network/ssl/qsslconfiguration_p.h
+++ b/src/network/ssl/qsslconfiguration_p.h
@@ -80,7 +80,7 @@ class QSslConfigurationPrivate: public QSharedData
{
public:
QSslConfigurationPrivate()
- : protocol(QSsl::TlsV1SslV3),
+ : protocol(QSsl::SecureProtocols),
peerVerifyMode(QSslSocket::AutoVerifyPeer),
peerVerifyDepth(0)
{ }
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 664fce2..3d7612a 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -259,7 +259,8 @@ init_context:
case QSsl::SslV3:
ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
break;
- case QSsl::TlsV1SslV3: // TlsV1SslV3 will be disabled below
+ case QSsl::SecureProtocols: // SslV2 will be disabled below
+ case QSsl::TlsV1SslV3: // SslV2 will be disabled below
case QSsl::AnyProtocol:
default:
ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method());
@@ -285,7 +286,7 @@ init_context:
}
// Enable all bug workarounds.
- if (configuration.protocol == QSsl::TlsV1SslV3) {
+ if (configuration.protocol == QSsl::TlsV1SslV3 || configuration.protocol == QSsl::SecureProtocols) {
q_SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2);
} else {
q_SSL_CTX_set_options(ctx, SSL_OP_ALL);
@@ -400,6 +401,7 @@ init_context:
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
if ((configuration.protocol == QSsl::TlsV1SslV3 ||
configuration.protocol == QSsl::TlsV1 ||
+ configuration.protocol == QSsl::SecureProtocols ||
configuration.protocol == QSsl::AnyProtocol) &&
client && q_SSLeay() >= 0x00090806fL) {
// Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format.