diff options
author | Olivier Goffart <olivier.goffart@nokia.com> | 2011-03-15 17:44:28 (GMT) |
---|---|---|
committer | Olivier Goffart <olivier.goffart@nokia.com> | 2011-03-15 17:44:35 (GMT) |
commit | ad0f3996a9674def59766726db34191844d2af0a (patch) | |
tree | d029eeb8b988786a8859f98455e5bc3d9651cb80 /src | |
parent | c0cd8db0498daaa8151d1f80143b6849016bdc7c (diff) | |
parent | 5e47ee6a97f54f1cdac577f76cd338b40e624f32 (diff) | |
download | Qt-ad0f3996a9674def59766726db34191844d2af0a.zip Qt-ad0f3996a9674def59766726db34191844d2af0a.tar.gz Qt-ad0f3996a9674def59766726db34191844d2af0a.tar.bz2 |
Merge earth-team into master
Diffstat (limited to 'src')
24 files changed, 203 insertions, 66 deletions
diff --git a/src/corelib/global/qglobal.h b/src/corelib/global/qglobal.h index cf44b49..78e49d5 100644 --- a/src/corelib/global/qglobal.h +++ b/src/corelib/global/qglobal.h @@ -1685,7 +1685,7 @@ inline void qUnused(T &x) { (void)x; } #endif #ifndef qPrintable -# define qPrintable(string) (string).toLocal8Bit().constData() +# define qPrintable(string) QString(string).toLocal8Bit().constData() #endif Q_CORE_EXPORT void qDebug(const char *, ...) /* print debug message */ diff --git a/src/corelib/io/qtextstream.cpp b/src/corelib/io/qtextstream.cpp index b630502..a5837cb 100644 --- a/src/corelib/io/qtextstream.cpp +++ b/src/corelib/io/qtextstream.cpp @@ -1264,6 +1264,7 @@ qint64 QTextStream::pos() const return qint64(-1); } thatd->readBufferOffset = oldReadBufferOffset; + thatd->readConverterSavedStateOffset = 0; // Return the device position. return d->device->pos(); diff --git a/src/corelib/tools/qbytearray.cpp b/src/corelib/tools/qbytearray.cpp index b281c1b..4799abd 100644 --- a/src/corelib/tools/qbytearray.cpp +++ b/src/corelib/tools/qbytearray.cpp @@ -687,12 +687,12 @@ QByteArray::Data QByteArray::shared_empty = { Q_BASIC_ATOMIC_INITIALIZER(1), values. To set all the bytes to a particular value, call fill(). To obtain a pointer to the actual character data, call data() or - constData(). These functions return a pointer to the beginning of - the data. The pointer is guaranteed to remain valid until a - non-const function is called on the QByteArray. It is also - guaranteed that the data ends with a '\\0' byte. This '\\0' byte - is automatically provided by QByteArray and is not counted in - size(). + constData(). These functions return a pointer to the beginning of the data. + The pointer is guaranteed to remain valid until a non-const function is + called on the QByteArray. It is also guaranteed that the data ends with a + '\\0' byte unless the QByteArray was created from a \l{fromRawData()}{raw + data}. This '\\0' byte is automatically provided by QByteArray and is not + counted in size(). QByteArray provides the following basic functions for modifying the byte data: append(), prepend(), insert(), replace(), and @@ -925,11 +925,13 @@ QByteArray &QByteArray::operator=(const char *str) Returns the number of bytes in this byte array. - The last byte in the byte array is at position size() - 1. In - addition, QByteArray ensures that the byte at position size() is - always '\\0', so that you can use the return value of data() and - constData() as arguments to functions that expect '\\0'-terminated - strings. + The last byte in the byte array is at position size() - 1. In addition, + QByteArray ensures that the byte at position size() is always '\\0', so + that you can use the return value of data() and constData() as arguments to + functions that expect '\\0'-terminated strings. If the QByteArray object + was created from a \l{fromRawData()}{raw data} that didn't include the + trailing null-termination character then QByteArray doesn't add it + automaticall unless the \l{deep copy} is created. Example: \snippet doc/src/snippets/code/src_corelib_tools_qbytearray.cpp 6 @@ -1060,10 +1062,11 @@ QByteArray &QByteArray::operator=(const char *str) /*! \fn const char *QByteArray::constData() const - Returns a pointer to the data stored in the byte array. The - pointer can be used to access the bytes that compose the array. - The data is '\\0'-terminated. The pointer remains valid as long - as the byte array isn't reallocated or destroyed. + Returns a pointer to the data stored in the byte array. The pointer can be + used to access the bytes that compose the array. The data is + '\\0'-terminated unless the QByteArray object was created from raw data. + The pointer remains valid as long as the byte array isn't reallocated or + destroyed. This function is mostly useful to pass a byte array to a function that accepts a \c{const char *}. @@ -1072,7 +1075,7 @@ QByteArray &QByteArray::operator=(const char *str) but most functions that take \c{char *} arguments assume that the data ends at the first '\\0' they encounter. - \sa data(), operator[]() + \sa data(), operator[](), fromRawData() */ /*! \fn void QByteArray::detach() diff --git a/src/corelib/tools/qstringbuilder.cpp b/src/corelib/tools/qstringbuilder.cpp index 53368eb..7d75de7 100644 --- a/src/corelib/tools/qstringbuilder.cpp +++ b/src/corelib/tools/qstringbuilder.cpp @@ -150,8 +150,8 @@ QT_BEGIN_NAMESPACE void QAbstractConcatenable::convertFromAscii(const char *a, int len, QChar *&out) { #ifndef QT_NO_TEXTCODEC - if (QString::codecForCStrings) { - QString tmp = QString::fromAscii(a); + if (QString::codecForCStrings && len) { + QString tmp = QString::fromAscii(a, len > 0 ? len - 1 : -1); memcpy(out, reinterpret_cast<const char *>(tmp.constData()), sizeof(QChar) * tmp.size()); out += tmp.length(); return; diff --git a/src/corelib/tools/qstringbuilder.h b/src/corelib/tools/qstringbuilder.h index 8d9537c..d230d67 100644 --- a/src/corelib/tools/qstringbuilder.h +++ b/src/corelib/tools/qstringbuilder.h @@ -270,10 +270,11 @@ template <> struct QConcatenable<QByteArray> : private QAbstractConcatenable { typedef QByteArray type; enum { ExactSize = false }; - static int size(const QByteArray &ba) { return qstrnlen(ba.constData(), ba.size()); } + static int size(const QByteArray &ba) { return ba.size(); } static inline void appendTo(const QByteArray &ba, QChar *&out) { - QAbstractConcatenable::convertFromAscii(ba.constData(), -1, out); + // adding 1 because convertFromAscii expects the size including the null-termination + QAbstractConcatenable::convertFromAscii(ba.constData(), ba.size() + 1, out); } }; #endif diff --git a/src/gui/kernel/qwidget_mac.mm b/src/gui/kernel/qwidget_mac.mm index 9a5a5f1..14a90ef 100644 --- a/src/gui/kernel/qwidget_mac.mm +++ b/src/gui/kernel/qwidget_mac.mm @@ -3239,6 +3239,8 @@ void QWidgetPrivate::setWindowIcon_sys(bool forceReset) ReleaseIconRef(previousIcon); #else QMacCocoaAutoReleasePool pool; + if (icon.isNull()) + return; NSButton *iconButton = [qt_mac_window_for(q) standardWindowButton:NSWindowDocumentIconButton]; if (iconButton == nil) { QCFString string(q->windowTitle()); diff --git a/src/gui/kernel/qwidget_x11.cpp b/src/gui/kernel/qwidget_x11.cpp index 4bff5ac..c6753fc 100644 --- a/src/gui/kernel/qwidget_x11.cpp +++ b/src/gui/kernel/qwidget_x11.cpp @@ -346,7 +346,7 @@ Q_GUI_EXPORT void qt_x11_enforce_cursor(QWidget * w) qt_x11_enforce_cursor(w, false); } -Q_GUI_EXPORT void qt_x11_wait_for_window_manager(QWidget* w) +void qt_x11_wait_for_window_manager(QWidget *w, bool sendPostedEvents) { if (!w || (!w->isWindow() && !w->internalWinId())) return; @@ -361,7 +361,8 @@ Q_GUI_EXPORT void qt_x11_wait_for_window_manager(QWidget* w) WId winid = w->internalWinId(); // first deliver events that are already in the local queue - QApplication::sendPostedEvents(); + if (sendPostedEvents) + QApplication::sendPostedEvents(); // the normal sequence is: // ... ConfigureNotify ... ReparentNotify ... MapNotify ... Expose @@ -396,6 +397,11 @@ Q_GUI_EXPORT void qt_x11_wait_for_window_manager(QWidget* w) } while(1); } +Q_GUI_EXPORT void qt_x11_wait_for_window_manager(QWidget *w) +{ + qt_x11_wait_for_window_manager(w, true); +} + void qt_change_net_wm_state(const QWidget* w, bool set, Atom one, Atom two = 0) { if (!w->isVisible()) // not managed by the window manager diff --git a/src/gui/styles/qmacstyle_mac.mm b/src/gui/styles/qmacstyle_mac.mm index 64722c7..2d21628 100644 --- a/src/gui/styles/qmacstyle_mac.mm +++ b/src/gui/styles/qmacstyle_mac.mm @@ -3084,7 +3084,7 @@ void QMacStyle::drawPrimitive(PrimitiveElement pe, const QStyleOption *opt, QPai } break; case PE_PanelScrollAreaCorner: { - const QBrush brush(qApp->palette().brush(QPalette::Base)); + const QBrush brush(opt->palette.brush(QPalette::Base)); p->fillRect(opt->rect, brush); p->setPen(QPen(QColor(217, 217, 217))); p->drawLine(opt->rect.topLeft(), opt->rect.topRight()); diff --git a/src/gui/util/qsystemtrayicon_win.cpp b/src/gui/util/qsystemtrayicon_win.cpp index 2b7935b..5a0e179 100644 --- a/src/gui/util/qsystemtrayicon_win.cpp +++ b/src/gui/util/qsystemtrayicon_win.cpp @@ -305,6 +305,7 @@ bool QSystemTrayIconSys::winEvent( MSG *m, long *result ) case WM_CONTEXTMENU: if (q->contextMenu()) { q->contextMenu()->popup(gpos); + q->contextMenu()->activateWindow(); } emit q->activated(QSystemTrayIcon::Context); break; diff --git a/src/gui/widgets/qsplashscreen.cpp b/src/gui/widgets/qsplashscreen.cpp index 75280cb..9c486bf 100644 --- a/src/gui/widgets/qsplashscreen.cpp +++ b/src/gui/widgets/qsplashscreen.cpp @@ -223,8 +223,8 @@ void QSplashScreen::finish(QWidget *mainWin) { if (mainWin) { #if defined(Q_WS_X11) - extern void qt_x11_wait_for_window_manager(QWidget *mainWin); - qt_x11_wait_for_window_manager(mainWin); + extern void qt_x11_wait_for_window_manager(QWidget *mainWin, bool); + qt_x11_wait_for_window_manager(mainWin, false); #endif } close(); diff --git a/src/network/access/qhttpnetworkconnection.cpp b/src/network/access/qhttpnetworkconnection.cpp index 3502113..29ae5b0 100644 --- a/src/network/access/qhttpnetworkconnection.cpp +++ b/src/network/access/qhttpnetworkconnection.cpp @@ -487,7 +487,7 @@ void QHttpNetworkConnectionPrivate::requeueRequest(const HttpMessagePair &pair) QMetaObject::invokeMethod(q, "_q_startNextRequest", Qt::QueuedConnection); } -void QHttpNetworkConnectionPrivate::dequeueAndSendRequest(QAbstractSocket *socket) +bool QHttpNetworkConnectionPrivate::dequeueRequest(QAbstractSocket *socket) { Q_ASSERT(socket); @@ -500,8 +500,7 @@ void QHttpNetworkConnectionPrivate::dequeueAndSendRequest(QAbstractSocket *socke prepareRequest(messagePair); channels[i].request = messagePair.first; channels[i].reply = messagePair.second; - channels[i].sendRequest(); - return; + return true; } if (!lowPriorityQueue.isEmpty()) { @@ -511,9 +510,9 @@ void QHttpNetworkConnectionPrivate::dequeueAndSendRequest(QAbstractSocket *socke prepareRequest(messagePair); channels[i].request = messagePair.first; channels[i].reply = messagePair.second; - channels[i].sendRequest(); - return; + return true; } + return false; } // this is called from _q_startNextRequest and when a request has been sent down a socket from the channel @@ -765,7 +764,7 @@ void QHttpNetworkConnectionPrivate::_q_startNextRequest() //resend the necessary ones. for (int i = 0; i < channelCount; ++i) { - if (channels[i].resendCurrent) { + if (channels[i].resendCurrent && (channels[i].state != QHttpNetworkConnectionChannel::ClosingState)) { channels[i].resendCurrent = false; channels[i].state = QHttpNetworkConnectionChannel::IdleState; @@ -784,17 +783,8 @@ void QHttpNetworkConnectionPrivate::_q_startNextRequest() // try to get a free AND connected socket for (int i = 0; i < channelCount; ++i) { if (!channels[i].reply && !channels[i].isSocketBusy() && channels[i].socket->state() == QAbstractSocket::ConnectedState) { - dequeueAndSendRequest(channels[i].socket); - } - } - - // return fast if there is nothing to do - if (highPriorityQueue.isEmpty() && lowPriorityQueue.isEmpty()) - return; - // try to get a free unconnected socket - for (int i = 0; i < channelCount; ++i) { - if (!channels[i].reply && !channels[i].isSocketBusy()) { - dequeueAndSendRequest(channels[i].socket); + if (dequeueRequest(channels[i].socket)) + channels[i].sendRequest(); } } @@ -811,6 +801,21 @@ void QHttpNetworkConnectionPrivate::_q_startNextRequest() for (int i = 0; i < channelCount; i++) if (channels[i].socket->state() == QAbstractSocket::ConnectedState) fillPipeline(channels[i].socket); + + // If there is not already any connected channels we need to connect a new one. + // We do not pair the channel with the request until we know if it is + // connected or not. This is to reuse connected channels before we connect new once. + int queuedRequest = highPriorityQueue.count() + lowPriorityQueue.count(); + for (int i = 0; i < channelCount; ++i) { + if (channels[i].socket->state() == QAbstractSocket::ConnectingState) + queuedRequest--; + if ( queuedRequest <=0 ) + break; + if (!channels[i].reply && !channels[i].isSocketBusy() && (channels[i].socket->state() == QAbstractSocket::UnconnectedState)) { + channels[i].ensureConnection(); + queuedRequest--; + } + } } diff --git a/src/network/access/qhttpnetworkconnection_p.h b/src/network/access/qhttpnetworkconnection_p.h index d4748c1..874ea22 100644 --- a/src/network/access/qhttpnetworkconnection_p.h +++ b/src/network/access/qhttpnetworkconnection_p.h @@ -161,7 +161,7 @@ public: QHttpNetworkReply *queueRequest(const QHttpNetworkRequest &request); void requeueRequest(const HttpMessagePair &pair); // e.g. after pipeline broke - void dequeueAndSendRequest(QAbstractSocket *socket); + bool dequeueRequest(QAbstractSocket *socket); void prepareRequest(HttpMessagePair &request); void fillPipeline(QAbstractSocket *socket); diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp index 41bc64a..23dd518 100644 --- a/src/network/access/qhttpnetworkconnectionchannel.cpp +++ b/src/network/access/qhttpnetworkconnectionchannel.cpp @@ -145,10 +145,12 @@ void QHttpNetworkConnectionChannel::init() void QHttpNetworkConnectionChannel::close() { - socket->blockSignals(true); + if (socket->state() == QAbstractSocket::UnconnectedState) + state = QHttpNetworkConnectionChannel::IdleState; + else + state = QHttpNetworkConnectionChannel::ClosingState; + socket->close(); - socket->blockSignals(false); - state = QHttpNetworkConnectionChannel::IdleState; } @@ -500,6 +502,7 @@ void QHttpNetworkConnectionChannel::_q_receiveReply() // called when unexpectedly reading a -1 or when data is expected but socket is closed void QHttpNetworkConnectionChannel::handleUnexpectedEOF() { + Q_ASSERT(reply); if (reconnectAttempts <= 0) { // too many errors reading/receiving/parsing the status, close the socket and emit error requeueCurrentlyPipelinedRequests(); @@ -522,7 +525,8 @@ bool QHttpNetworkConnectionChannel::ensureConnection() // resend this request after we receive the disconnected signal if (socketState == QAbstractSocket::ClosingState) { - resendCurrent = true; + if (reply) + resendCurrent = true; return false; } @@ -644,6 +648,7 @@ bool QHttpNetworkConnectionChannel::expand(bool dataComplete) void QHttpNetworkConnectionChannel::allDone() { + Q_ASSERT(reply); #ifndef QT_NO_COMPRESS // expand the whole data. if (reply->d_func()->expectContent() && reply->d_func()->autoDecompress && !reply->d_func()->streamEnd) { @@ -679,7 +684,8 @@ void QHttpNetworkConnectionChannel::allDone() reconnectAttempts = 2; // now the channel can be seen as free/idle again, all signal emissions for the reply have been done - this->state = QHttpNetworkConnectionChannel::IdleState; + if (state != QHttpNetworkConnectionChannel::ClosingState) + state = QHttpNetworkConnectionChannel::IdleState; // if it does not need to be sent again we can set it to 0 // the previous code did not do that and we had problems with accidental re-sending of a @@ -729,7 +735,8 @@ void QHttpNetworkConnectionChannel::allDone() QMetaObject::invokeMethod(connection, "_q_startNextRequest", Qt::QueuedConnection); } else if (alreadyPipelinedRequests.isEmpty()) { if (connectionCloseEnabled) - close(); + if (socket->state() != QAbstractSocket::UnconnectedState) + close(); if (qobject_cast<QHttpNetworkConnection*>(connection)) QMetaObject::invokeMethod(connection, "_q_startNextRequest", Qt::QueuedConnection); } @@ -737,6 +744,7 @@ void QHttpNetworkConnectionChannel::allDone() void QHttpNetworkConnectionChannel::detectPipeliningSupport() { + Q_ASSERT(reply); // detect HTTP Pipelining support QByteArray serverHeaderField; if ( @@ -820,6 +828,7 @@ void QHttpNetworkConnectionChannel::handleStatus() bool QHttpNetworkConnectionChannel::resetUploadData() { + Q_ASSERT(reply); QNonContiguousByteDevice* uploadByteDevice = request.uploadByteDevice(); if (!uploadByteDevice) return true; @@ -877,7 +886,8 @@ void QHttpNetworkConnectionChannel::closeAndResendCurrentRequest() { requeueCurrentlyPipelinedRequests(); close(); - resendCurrent = true; + if (reply) + resendCurrent = true; if (qobject_cast<QHttpNetworkConnection*>(connection)) QMetaObject::invokeMethod(connection, "_q_startNextRequest", Qt::QueuedConnection); } @@ -936,6 +946,12 @@ void QHttpNetworkConnectionChannel::_q_bytesWritten(qint64 bytes) void QHttpNetworkConnectionChannel::_q_disconnected() { + if (state == QHttpNetworkConnectionChannel::ClosingState) { + state = QHttpNetworkConnectionChannel::IdleState; + QMetaObject::invokeMethod(connection, "_q_startNextRequest", Qt::QueuedConnection); + return; + } + // read the available data before closing if (isSocketWaiting() || isSocketReading()) { if (reply) { @@ -973,10 +989,10 @@ void QHttpNetworkConnectionChannel::_q_connected() //channels[i].reconnectAttempts = 2; if (!pendingEncrypt) { state = QHttpNetworkConnectionChannel::IdleState; + if (!reply) + connection->d_func()->dequeueRequest(socket); if (reply) sendRequest(); - else - close(); } } @@ -1030,6 +1046,9 @@ void QHttpNetworkConnectionChannel::_q_error(QAbstractSocket::SocketError socket QPointer<QHttpNetworkConnection> that = connection; QString errorString = connection->d_func()->errorDetail(errorCode, socket, socket->errorString()); + // Need to dequeu the request so that we can emit the error. + if (!reply) + connection->d_func()->dequeueRequest(socket); if (reply) { reply->d_func()->errorString = errorString; emit reply->finishedWithError(errorCode, errorString); @@ -1044,7 +1063,11 @@ void QHttpNetworkConnectionChannel::_q_error(QAbstractSocket::SocketError socket #ifndef QT_NO_NETWORKPROXY void QHttpNetworkConnectionChannel::_q_proxyAuthenticationRequired(const QNetworkProxy &proxy, QAuthenticator* auth) { - connection->d_func()->emitProxyAuthenticationRequired(this, proxy, auth); + // Need to dequeue the request before we can emit the error. + if (!reply) + connection->d_func()->dequeueRequest(socket); + if (reply) + connection->d_func()->emitProxyAuthenticationRequired(this, proxy, auth); } #endif @@ -1060,7 +1083,10 @@ void QHttpNetworkConnectionChannel::_q_encrypted() return; // ### error state = QHttpNetworkConnectionChannel::IdleState; pendingEncrypt = false; - sendRequest(); + if (!reply) + connection->d_func()->dequeueRequest(socket); + if (reply) + sendRequest(); } void QHttpNetworkConnectionChannel::_q_sslErrors(const QList<QSslError> &errors) @@ -1071,7 +1097,10 @@ void QHttpNetworkConnectionChannel::_q_sslErrors(const QList<QSslError> &errors) // Also pause the connection because socket notifiers may fire while an user // dialog is displaying connection->d_func()->pauseConnection(); - emit reply->sslErrors(errors); + if (pendingEncrypt && !reply) + connection->d_func()->dequeueRequest(socket); + if (reply) + emit reply->sslErrors(errors); connection->d_func()->resumeConnection(); } diff --git a/src/network/access/qhttpnetworkconnectionchannel_p.h b/src/network/access/qhttpnetworkconnectionchannel_p.h index 8cbc689..893d75e 100644 --- a/src/network/access/qhttpnetworkconnectionchannel_p.h +++ b/src/network/access/qhttpnetworkconnectionchannel_p.h @@ -95,7 +95,8 @@ public: WritingState = 2, // writing the data WaitingState = 4, // waiting for reply ReadingState = 8, // reading the reply - BusyState = (ConnectingState|WritingState|WaitingState|ReadingState) + ClosingState = 16, + BusyState = (ConnectingState|WritingState|WaitingState|ReadingState|ClosingState) }; QAbstractSocket *socket; bool ssl; diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp index e9e7d21..5594296 100644 --- a/src/network/ssl/qssl.cpp +++ b/src/network/ssl/qssl.cpp @@ -101,12 +101,17 @@ QT_BEGIN_NAMESPACE Describes the protocol of the cipher. - \value SslV3 SSLv3 - the default protocol. + \value SslV3 SSLv3 \value SslV2 SSLv2 \value TlsV1 TLSv1 \value UnknownProtocol The cipher's protocol cannot be determined. \value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1. This value is used by QSslSocket only. + \value TlsV1SslV3 On the client side, this will send + a TLS 1.0 Client Hello, enabling TLSv1 and SSLv3 connections. + On the server side, this will enable both SSLv3 and TLSv1 connections. + \value SecureProtocols The default option, using protocols known to be secure; + currently behaves like TlsV1SslV3. Note: most servers using SSL understand both versions (2 and 3), but it is recommended to use the latest version only for security diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h index 4c035fd..24dbb09 100644 --- a/src/network/ssl/qssl.h +++ b/src/network/ssl/qssl.h @@ -75,8 +75,10 @@ namespace QSsl { enum SslProtocol { SslV3, SslV2, - TlsV1, + TlsV1, // ### Qt 5: rename to TlsV1_0 or so AnyProtocol, + TlsV1SslV3, + SecureProtocols, UnknownProtocol = -1 }; } diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index 3592226..150f77e 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -213,7 +213,7 @@ bool QSslConfiguration::isNull() const */ QSsl::SslProtocol QSslConfiguration::protocol() const { - return d ? d->protocol : QSsl::SslV3; + return d ? d->protocol : QSsl::SecureProtocols; } /*! @@ -518,7 +518,7 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific \list \o no local certificate and no private key - \o protocol SSLv3 + \o protocol SecureProtocols (meaning either TLS 1.0 or SSL 3 will be used) \o the system's default CA certificate list \o the cipher list equal to the list of the SSL libraries' supported SSL ciphers diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h index b039e69..a5af51a 100644 --- a/src/network/ssl/qsslconfiguration_p.h +++ b/src/network/ssl/qsslconfiguration_p.h @@ -80,7 +80,7 @@ class QSslConfigurationPrivate: public QSharedData { public: QSslConfigurationPrivate() - : protocol(QSsl::SslV3), + : protocol(QSsl::SecureProtocols), peerVerifyMode(QSslSocket::AutoVerifyPeer), peerVerifyDepth(0) { } diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 61f27fe..98e2dc5 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -56,7 +56,7 @@ QSslSocket establishes a secure, encrypted TCP connection you can use for transmitting encrypted data. It can operate in both client and server mode, and it supports modern SSL protocols, including - SSLv3 and TLSv1. By default, QSslSocket uses SSLv3, but you can + SSLv3 and TLSv1. By default, QSslSocket uses TLSv1, but you can change the SSL protocol by calling setProtocol() as long as you do it before the handshake has started. @@ -552,7 +552,7 @@ bool QSslSocket::isEncrypted() const } /*! - Returns the socket's SSL protocol. By default, \l QSsl::SslV3 is used. + Returns the socket's SSL protocol. By default, \l QSsl::SecureProtocols is used. \sa setProtocol() */ @@ -659,6 +659,34 @@ void QSslSocket::setPeerVerifyDepth(int depth) } /*! + \since 4.8 + + Returns the different hostname for the certificate validation, as set by + setPeerVerifyName or by connectToHostEncrypted. + + \sa setPeerVerifyName(), connectToHostEncrypted() +*/ +QString QSslSocket::peerVerifyName() const +{ + Q_D(const QSslSocket); + return d->verificationPeerName; +} + +/*! + \since 4.8 + + Sets a different hostname for the certificate validation instead of the one used for the TCP + connection. + + \sa connectToHostEncrypted() +*/ +void QSslSocket::setPeerVerifyName(const QString &hostName) +{ + Q_D(QSslSocket); + d->verificationPeerName = hostName; +} + +/*! \reimp Returns the number of decrypted bytes that are immediately available for diff --git a/src/network/ssl/qsslsocket.h b/src/network/ssl/qsslsocket.h index 703a1fb..648fd8c 100644 --- a/src/network/ssl/qsslsocket.h +++ b/src/network/ssl/qsslsocket.h @@ -106,6 +106,9 @@ public: int peerVerifyDepth() const; void setPeerVerifyDepth(int depth); + QString peerVerifyName() const; + void setPeerVerifyName(const QString &hostName); + // From QIODevice qint64 bytesAvailable() const; qint64 bytesToWrite() const; diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 83714ed..3d7612a 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -60,6 +60,12 @@ #include <QtCore/qvarlengtharray.h> #include <QLibrary> // for loading the security lib for the CA store +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) +// Symbian does not seem to have the symbol for SNI defined +#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME +#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +#endif +#endif QT_BEGIN_NAMESPACE #if defined(Q_OS_MAC) @@ -253,6 +259,8 @@ init_context: case QSsl::SslV3: ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); break; + case QSsl::SecureProtocols: // SslV2 will be disabled below + case QSsl::TlsV1SslV3: // SslV2 will be disabled below case QSsl::AnyProtocol: default: ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); @@ -278,7 +286,11 @@ init_context: } // Enable all bug workarounds. - q_SSL_CTX_set_options(ctx, SSL_OP_ALL); + if (configuration.protocol == QSsl::TlsV1SslV3 || configuration.protocol == QSsl::SecureProtocols) { + q_SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2); + } else { + q_SSL_CTX_set_options(ctx, SSL_OP_ALL); + } // Initialize ciphers QByteArray cipherString; @@ -386,6 +398,24 @@ init_context: return false; } +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) + if ((configuration.protocol == QSsl::TlsV1SslV3 || + configuration.protocol == QSsl::TlsV1 || + configuration.protocol == QSsl::SecureProtocols || + configuration.protocol == QSsl::AnyProtocol) && + client && q_SSLeay() >= 0x00090806fL) { + // Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format. + QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName; + if (tlsHostName.isEmpty()) + tlsHostName = hostName; + QByteArray ace = QUrl::toAce(tlsHostName); + if (!ace.isEmpty()) { + if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.constData())) + qWarning("could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled"); + } + } +#endif + // Clear the session. q_SSL_clear(ssl); errorList.clear(); diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h index 5a7963e..ca49fab 100644 --- a/src/network/ssl/qsslsocket_openssl_p.h +++ b/src/network/ssl/qsslsocket_openssl_p.h @@ -79,6 +79,10 @@ #include <openssl/x509_vfy.h> #include <openssl/dsa.h> #include <openssl/rsa.h> +#include <openssl/crypto.h> +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) +#include <openssl/tls1.h> +#endif #if OPENSSL_VERSION_NUMBER >= 0x10000000L typedef _STACK STACK; diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index b9a05f3..b1310cc 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -208,6 +208,9 @@ DEFINEFUNC(long, SSL_get_verify_result, SSL *a, a, return -1, return) DEFINEFUNC(int, SSL_library_init, void, DUMMYARG, return -1, return) DEFINEFUNC(void, SSL_load_error_strings, void, DUMMYARG, return, DUMMYARG) DEFINEFUNC(SSL *, SSL_new, SSL_CTX *a, a, return 0, return) +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) +DEFINEFUNC4(long, SSL_ctrl, SSL *a, a, int cmd, cmd, long larg, larg, const void *parg, parg, return -1, return) +#endif DEFINEFUNC3(int, SSL_read, SSL *a, a, void *b, b, int c, c, return -1, return) DEFINEFUNC3(void, SSL_set_bio, SSL *a, a, BIO *b, b, BIO *c, c, return, DUMMYARG) DEFINEFUNC(void, SSL_set_accept_state, SSL *a, a, return, DUMMYARG) @@ -263,6 +266,7 @@ DEFINEFUNC3(DSA *, d2i_DSAPrivateKey, DSA **a, a, unsigned char **b, b, long c, DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMMYARG) DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG) DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return) +DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return) #ifdef Q_OS_SYMBIAN #define RESOLVEFUNC(func, ordinal, lib) \ @@ -586,6 +590,9 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(SSL_library_init, 137, libs.first ) RESOLVEFUNC(SSL_load_error_strings, 139, libs.first ) RESOLVEFUNC(SSL_new, 140, libs.first ) +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) + RESOLVEFUNC(SSL_ctrl, 95, libs.first ) +#endif RESOLVEFUNC(SSL_read, 143, libs.first ) RESOLVEFUNC(SSL_set_accept_state, 148, libs.first ) RESOLVEFUNC(SSL_set_bio, 149, libs.first ) @@ -600,6 +607,7 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(SSLv3_server_method, 197, libs.first ) RESOLVEFUNC(SSLv23_server_method, 191, libs.first ) RESOLVEFUNC(TLSv1_server_method, 200, libs.first ) + RESOLVEFUNC(SSL_CTX_load_verify_locations, 34, libs.first ) RESOLVEFUNC(X509_NAME_oneline, 1830, libs.second ) RESOLVEFUNC(X509_PUBKEY_get, 1844, libs.second ) RESOLVEFUNC(X509_STORE_free, 1939, libs.second ) @@ -631,7 +639,7 @@ bool q_resolveOpenSslSymbols() #endif RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf, 1153, libs.second ) RESOLVEFUNC(OPENSSL_add_all_algorithms_conf, 1152, libs.second ) - RESOLVEFUNC(SSL_CTX_load_verify_locations, 34, libs.second ) + RESOLVEFUNC(SSLeay, 1504, libs.second ) #else // Q_OS_SYMBIAN #ifdef SSLEAY_MACROS RESOLVEFUNC(ASN1_dup) @@ -711,6 +719,9 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(SSL_library_init) RESOLVEFUNC(SSL_load_error_strings) RESOLVEFUNC(SSL_new) +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) + RESOLVEFUNC(SSL_ctrl) +#endif RESOLVEFUNC(SSL_read) RESOLVEFUNC(SSL_set_accept_state) RESOLVEFUNC(SSL_set_bio) @@ -757,6 +768,7 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf) RESOLVEFUNC(OPENSSL_add_all_algorithms_conf) RESOLVEFUNC(SSL_CTX_load_verify_locations) + RESOLVEFUNC(SSLeay) #endif // Q_OS_SYMBIAN symbolsResolved = true; delete libs.first; diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h index c05dfe11..49830ac 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols_p.h +++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h @@ -316,6 +316,9 @@ long q_SSL_get_verify_result(SSL *a); int q_SSL_library_init(); void q_SSL_load_error_strings(); SSL *q_SSL_new(SSL_CTX *a); +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) +long q_SSL_ctrl(SSL *ssl,int cmd, long larg, const void *parg); +#endif int q_SSL_read(SSL *a, void *b, int c); void q_SSL_set_bio(SSL *a, BIO *b, BIO *c); void q_SSL_set_accept_state(SSL *a); @@ -413,6 +416,7 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); void q_OPENSSL_add_all_algorithms_noconf(); void q_OPENSSL_add_all_algorithms_conf(); int q_SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); +long q_SSLeay(); // Helper function class QDateTime; |