diff options
| author | Olivier Goffart <olivier.goffart@nokia.com> | 2010-08-13 08:09:53 (GMT) |
|---|---|---|
| committer | Olivier Goffart <olivier.goffart@nokia.com> | 2010-08-13 08:33:13 (GMT) |
| commit | 5114fcb45d584ea50da7397088f084dfd74922b9 (patch) | |
| tree | 18cb40f048186ebf0eac568e2ae53ec092044c55 /src/network/ssl | |
| parent | 55e47566dd1ac83ff674401dfd6284f07490cd8b (diff) | |
| parent | ee62807198a2525577c14f718b98d07ae0ec7bec (diff) | |
| download | Qt-5114fcb45d584ea50da7397088f084dfd74922b9.zip Qt-5114fcb45d584ea50da7397088f084dfd74922b9.tar.gz Qt-5114fcb45d584ea50da7397088f084dfd74922b9.tar.bz2 | |
Merge remote branch 'origin/4.7' into qt-master-from-4.7
Conflicts:
src/gui/painting/qpainter.cpp
src/gui/text/qtextengine.cpp
tests/auto/qimage/tst_qimage.cpp
tests/auto/qpainter/tst_qpainter.cpp
tools/qdoc3/test/assistant.qdocconf
tools/qdoc3/test/designer.qdocconf
tools/qdoc3/test/linguist.qdocconf
tools/qdoc3/test/qmake.qdocconf
tools/qdoc3/test/qt-build-docs.qdocconf
tools/qdoc3/test/qt-html-templates.qdocconf
tools/qdoc3/test/qt-html-templates_zh_CN.qdocconf
tools/qdoc3/test/qt.qdocconf
Diffstat (limited to 'src/network/ssl')
| -rw-r--r-- | src/network/ssl/qsslsocket.cpp | 2 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 7 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl_symbols.cpp | 121 |
3 files changed, 78 insertions, 52 deletions
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index f73068e..91265f3 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -210,7 +210,7 @@ valid. On failure, QSslSocket will emit the QSslSocket::sslErrors() signal. This mode is the default for clients. - \value AutoVerifyPeer QSslSocket will automaticaly use QueryPeer for + \value AutoVerifyPeer QSslSocket will automatically use QueryPeer for server sockets and VerifyPeer for client sockets. \sa QSslSocket::peerVerifyMode() diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index b4d030c..94b1568 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -750,7 +750,7 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates() ptrCertCloseStore(hSystemStore, 0); } } -#elif defined(Q_OS_UNIX) +#elif defined(Q_OS_UNIX) && !defined(Q_OS_SYMBIAN) systemCerts.append(QSslCertificate::fromPath(QLatin1String("/var/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // AIX systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Solaris systemCerts.append(QSslCertificate::fromPath(QLatin1String("/opt/openssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // HP-UX @@ -1288,6 +1288,11 @@ bool QSslSocketBackendPrivate::isMatchingHostname(const QString &cn, const QStri if (hostname.midRef(hostname.indexOf(QLatin1Char('.'))) != cn.midRef(firstCnDot)) return false; + // Check if the hostname is an IP address, if so then wildcards are not allowed + QHostAddress addr(hostname); + if (!addr.isNull()) + return false; + // Ok, I guess this was a wildcard CN and the hostname matches. return true; } diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index 09ecd4d..d1225c1 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -761,74 +761,95 @@ bool q_resolveOpenSslSymbols() //============================================================================== QDateTime q_getTimeFromASN1(const ASN1_TIME *aTime) { - char lBuffer[24]; - char *pBuffer = lBuffer; - size_t lTimeLength = aTime->length; char *pString = (char *) aTime->data; if (aTime->type == V_ASN1_UTCTIME) { + + char lBuffer[24]; + char *pBuffer = lBuffer; + if ((lTimeLength < 11) || (lTimeLength > 17)) return QDateTime(); memcpy(pBuffer, pString, 10); pBuffer += 10; pString += 10; - } else { - if (lTimeLength < 13) - return QDateTime(); - - memcpy(pBuffer, pString, 12); - pBuffer += 12; - pString += 12; - } - if ((*pString == 'Z') || (*pString == '-') || (*pString == '+')) { - *pBuffer++ = '0'; - *pBuffer++ = '0'; - } else { - *pBuffer++ = *pString++; - *pBuffer++ = *pString++; - // Skip any fractional seconds... - if (*pString == '.') { - pString++; - while ((*pString >= '0') && (*pString <= '9')) + if ((*pString == 'Z') || (*pString == '-') || (*pString == '+')) { + *pBuffer++ = '0'; + *pBuffer++ = '0'; + } else { + *pBuffer++ = *pString++; + *pBuffer++ = *pString++; + // Skip any fractional seconds... + if (*pString == '.') { pString++; + while ((*pString >= '0') && (*pString <= '9')) + pString++; + } } - } - *pBuffer++ = 'Z'; - *pBuffer++ = '\0'; + *pBuffer++ = 'Z'; + *pBuffer++ = '\0'; - time_t lSecondsFromUCT; - if (*pString == 'Z') { - lSecondsFromUCT = 0; - } else { - if ((*pString != '+') && (*pString != '-')) - return QDateTime(); + time_t lSecondsFromUCT; + if (*pString == 'Z') { + lSecondsFromUCT = 0; + } else { + if ((*pString != '+') && (*pString != '-')) + return QDateTime(); + + lSecondsFromUCT = ((pString[1] - '0') * 10 + (pString[2] - '0')) * 60; + lSecondsFromUCT += (pString[3] - '0') * 10 + (pString[4] - '0'); + lSecondsFromUCT *= 60; + if (*pString == '-') + lSecondsFromUCT = -lSecondsFromUCT; + } + + tm lTime; + lTime.tm_sec = ((lBuffer[10] - '0') * 10) + (lBuffer[11] - '0'); + lTime.tm_min = ((lBuffer[8] - '0') * 10) + (lBuffer[9] - '0'); + lTime.tm_hour = ((lBuffer[6] - '0') * 10) + (lBuffer[7] - '0'); + lTime.tm_mday = ((lBuffer[4] - '0') * 10) + (lBuffer[5] - '0'); + lTime.tm_mon = (((lBuffer[2] - '0') * 10) + (lBuffer[3] - '0')) - 1; + lTime.tm_year = ((lBuffer[0] - '0') * 10) + (lBuffer[1] - '0'); + if (lTime.tm_year < 50) + lTime.tm_year += 100; // RFC 2459 + + QDate resDate(lTime.tm_year + 1900, lTime.tm_mon + 1, lTime.tm_mday); + QTime resTime(lTime.tm_hour, lTime.tm_min, lTime.tm_sec); + + QDateTime result(resDate, resTime, Qt::UTC); + result = result.addSecs(lSecondsFromUCT); + return result; + + } else if (aTime->type == V_ASN1_GENERALIZEDTIME) { - lSecondsFromUCT = ((pString[1] - '0') * 10 + (pString[2] - '0')) * 60; - lSecondsFromUCT += (pString[3] - '0') * 10 + (pString[4] - '0'); - lSecondsFromUCT *= 60; - if (*pString == '-') - lSecondsFromUCT = -lSecondsFromUCT; + if (lTimeLength < 15) + return QDateTime(); // hopefully never triggered + + // generalized time is always YYYYMMDDHHMMSSZ (RFC 2459, section 4.1.2.5.2) + tm lTime; + lTime.tm_sec = ((pString[12] - '0') * 10) + (pString[13] - '0'); + lTime.tm_min = ((pString[10] - '0') * 10) + (pString[11] - '0'); + lTime.tm_hour = ((pString[8] - '0') * 10) + (pString[9] - '0'); + lTime.tm_mday = ((pString[6] - '0') * 10) + (pString[7] - '0'); + lTime.tm_mon = (((pString[4] - '0') * 10) + (pString[5] - '0')); + lTime.tm_year = ((pString[0] - '0') * 1000) + ((pString[1] - '0') * 100) + + ((pString[2] - '0') * 10) + (pString[3] - '0'); + + QDate resDate(lTime.tm_year, lTime.tm_mon, lTime.tm_mday); + QTime resTime(lTime.tm_hour, lTime.tm_min, lTime.tm_sec); + + QDateTime result(resDate, resTime, Qt::UTC); + return result; + + } else { + qWarning("unsupported date format detected"); + return QDateTime(); } - tm lTime; - lTime.tm_sec = ((lBuffer[10] - '0') * 10) + (lBuffer[11] - '0'); - lTime.tm_min = ((lBuffer[8] - '0') * 10) + (lBuffer[9] - '0'); - lTime.tm_hour = ((lBuffer[6] - '0') * 10) + (lBuffer[7] - '0'); - lTime.tm_mday = ((lBuffer[4] - '0') * 10) + (lBuffer[5] - '0'); - lTime.tm_mon = (((lBuffer[2] - '0') * 10) + (lBuffer[3] - '0')) - 1; - lTime.tm_year = ((lBuffer[0] - '0') * 10) + (lBuffer[1] - '0'); - if (lTime.tm_year < 50) - lTime.tm_year += 100; // RFC 2459 - - QDate resDate(lTime.tm_year + 1900, lTime.tm_mon + 1, lTime.tm_mday); - QTime resTime(lTime.tm_hour, lTime.tm_min, lTime.tm_sec); - QDateTime result(resDate, resTime, Qt::UTC); - result = result.addSecs(lSecondsFromUCT); - return result; } QT_END_NAMESPACE |