summaryrefslogtreecommitdiffstats
path: root/tests/auto/qsslsocket
diff options
context:
space:
mode:
authorRohan McGovern <rohan.mcgovern@nokia.com>2011-05-15 23:09:31 (GMT)
committerRohan McGovern <rohan.mcgovern@nokia.com>2011-05-15 23:09:31 (GMT)
commit5aa1cbcdacd19b2e526e358eddac1b7d55a994b5 (patch)
tree4aba78405e3d98081662fcb934f673acd1b79d42 /tests/auto/qsslsocket
parent8592bcc80b7ec245b485fa54f8bd41c4484e93e0 (diff)
parent7e4a9187bb11b794e45d95d2e9fae026d6b0d07d (diff)
downloadQt-5aa1cbcdacd19b2e526e358eddac1b7d55a994b5.zip
Qt-5aa1cbcdacd19b2e526e358eddac1b7d55a994b5.tar.gz
Qt-5aa1cbcdacd19b2e526e358eddac1b7d55a994b5.tar.bz2
Merge remote branch 'origin/4.8' into qa-review-master
Conflicts: tests/auto/qaccessibility/tst_qaccessibility.cpp tests/auto/qsslsocket/tst_qsslsocket.cpp
Diffstat (limited to 'tests/auto/qsslsocket')
-rw-r--r--tests/auto/qsslsocket/certs/fake-login.live.com.key15
-rw-r--r--tests/auto/qsslsocket/certs/fake-login.live.com.pem19
-rw-r--r--tests/auto/qsslsocket/qsslsocket.pro4
-rw-r--r--tests/auto/qsslsocket/tst_qsslsocket.cpp101
4 files changed, 127 insertions, 12 deletions
diff --git a/tests/auto/qsslsocket/certs/fake-login.live.com.key b/tests/auto/qsslsocket/certs/fake-login.live.com.key
new file mode 100644
index 0000000..692a7bd
--- /dev/null
+++ b/tests/auto/qsslsocket/certs/fake-login.live.com.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDOtxdvMa0VHUQYG5q7Tsi1Jj4qKEJppyZEkmuRXOi0fDbd1SwE
+bwHrLGMvDO6OMrYBbq3WDNrtnIfF9CvzUOEch+gjr4hEVQqecU5fb45Wor7yNel3
+/C/gxfbzuXHrsj/gUjNghL2i10+c2NW+hUo/sWO6OusaBT6d6s7ee+YBcQIDAQAB
+AoGAb8cVhu0HuLkgjyCuJMbPRRUu3ED02Iin6sB6JhplQuNAD+grayJTmUVhRJnr
+jTziqhedLHe7Em1oBaSo92MutfMpXvWiccSlbNygI61VgmrJpVB+qIN5H9cQc9ql
+Zymc+nIPa1+i5rsrOzlpUytTh7AsbZ27QG4tQXR/kQejEiECQQD6BgTxBeT8D7x9
+DuukoBaSCkLwx7U7P1NXx15EI3lA1nO51t6UHfvk/jGPp8Sl4wv4alJ7AQxr5uQ/
+vC3kzA/1AkEA06gNu10se8pe3n8qL2RRt+FmVjHkQdD9Mm2Dx9oWCs2A4wOSOrlo
+6/nKYF1CaQNYn9HgsNbHVEUpnICVO18qDQJBALEw/uOJ1+TDikPfBSWgxx4s45Ad
+GNWqZXh6NNZ5hX9r/IwiOZAjR9fcRmeW8IjYRi2BvH6sGY+HDRAWXzgdXtkCQCma
+dOiJTf8fLjqp4E7kdzOfuI/kyqstOze4Uxjrgz2oW1dEEnA8laUcumzqp+0gXUE8
+7d+UuCWWWrGKjMrYz9kCQQDh5E5+b6Djn082Jo6gvyuXWC5eXju6IdmihlJ2SMzD
+s2y3IDjOUtTeQQRDymLneteMz0ha79KeUp6VnAvZCOVe
+-----END RSA PRIVATE KEY-----
diff --git a/tests/auto/qsslsocket/certs/fake-login.live.com.pem b/tests/auto/qsslsocket/certs/fake-login.live.com.pem
new file mode 100644
index 0000000..429f951
--- /dev/null
+++ b/tests/auto/qsslsocket/certs/fake-login.live.com.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAnegAwIBAgIRALC3Ez7Qlvm1b66RyHS9OsAwDQYJKoZIhvcNAQEFBQAw
+XjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMObG9naW4ubGl2ZS5jb20w
+HhcNMTEwMzI1MTMyODUwWhcNMTEwNDI0MTMyODUwWjBeMQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMRcwFQYDVQQDEw5sb2dpbi5saXZlLmNvbTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAzrcXbzGtFR1EGBuau07ItSY+KihCaacmRJJrkVzotHw23dUs
+BG8B6yxjLwzujjK2AW6t1gza7ZyHxfQr81DhHIfoI6+IRFUKnnFOX2+OVqK+8jXp
+d/wv4MX287lx67I/4FIzYIS9otdPnNjVvoVKP7FjujrrGgU+nerO3nvmAXECAwEA
+AaOByzCByDAdBgNVHQ4EFgQUpSOEcmtkQITvBdM2IDfcXnJ0FCAwgZgGA1UdIwSB
+kDCBjYAUpSOEcmtkQITvBdM2IDfcXnJ0FCChYqRgMF4xCzAJBgNVBAYTAkFVMRMw
+EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0
+eSBMdGQxFzAVBgNVBAMTDmxvZ2luLmxpdmUuY29tghEAsLcTPtCW+bVvrpHIdL06
+wDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAD+2HT4GSHHKCdbl9VkX
+zsl+D+drMm2b0ksxz9SgPihP7aW50EEIJDEEihNMTa27mhpeOXHc/sLqDi4ECUao
+/0Ns/5uoVuAIrAKCydmtPsonVFh9XWjyrfUzPOHAc9p2bmJ1i9a3kTsLB6jlrVDO
+VufGzsowHlHZ0TtKf5omojU5
+-----END CERTIFICATE-----
diff --git a/tests/auto/qsslsocket/qsslsocket.pro b/tests/auto/qsslsocket/qsslsocket.pro
index aeeae8f..77517e0 100644
--- a/tests/auto/qsslsocket/qsslsocket.pro
+++ b/tests/auto/qsslsocket/qsslsocket.pro
@@ -23,8 +23,8 @@ wince* {
DEPLOYMENT += certFiles
} else:symbian {
DEFINES += QSSLSOCKET_CERTUNTRUSTED_WORKAROUND
- TARGET.EPOCHEAPSIZE="0x100 0x1000000"
- TARGET.CAPABILITY=NetworkServices
+ TARGET.EPOCHEAPSIZE="0x100 0x3000000"
+ TARGET.CAPABILITY=NetworkServices ReadUserData
certFiles.files = certs ssl.tar.gz
certFiles.path = .
diff --git a/tests/auto/qsslsocket/tst_qsslsocket.cpp b/tests/auto/qsslsocket/tst_qsslsocket.cpp
index 6fbedfa..507af5e 100644
--- a/tests/auto/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/qsslsocket/tst_qsslsocket.cpp
@@ -67,6 +67,7 @@ typedef QList<QSslError::SslError> SslErrorList;
Q_DECLARE_METATYPE(SslErrorList)
Q_DECLARE_METATYPE(QSslError)
Q_DECLARE_METATYPE(QSsl::SslProtocol)
+Q_DECLARE_METATYPE(QSslConfiguration)
#endif
#if defined Q_OS_HPUX && defined Q_CC_GNU
@@ -152,6 +153,8 @@ private slots:
void setLocalCertificate();
void setPrivateKey();
void setSocketDescriptor();
+ void setSslConfiguration_data();
+ void setSslConfiguration();
void waitForEncrypted();
void waitForConnectedEncryptedReadyRead();
void startClientEncryption();
@@ -185,6 +188,7 @@ private slots:
void ignoreSslErrorsListWithSlot();
void readFromClosedSocket();
void writeBigChunk();
+ void blacklistedCertificates();
void setEmptyDefaultConfiguration();
static void exitLoop()
@@ -533,6 +537,8 @@ void tst_QSslSocket::sslErrors()
QSslSocketPtr socket = newSocket();
socket->connectToHostEncrypted(host, port);
+ if (!socket->waitForConnected())
+ QEXPECT_FAIL("imap.trolltech.com", "server not open to internet", Continue);
socket->waitForEncrypted(5000);
SslErrorList output;
@@ -541,7 +547,7 @@ void tst_QSslSocket::sslErrors()
}
#ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND
- if (output.last() == QSslError::CertificateUntrusted)
+ if (output.count() && output.last() == QSslError::CertificateUntrusted)
output.takeLast();
#endif
QCOMPARE(output, expected);
@@ -650,7 +656,7 @@ void tst_QSslSocket::sessionCipher()
connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot()));
QVERIFY(socket->sessionCipher().isNull());
socket->connectToHost(QtNetworkSettings::serverName(), 443 /* https */);
- QVERIFY(socket->waitForConnected(5000));
+ QVERIFY(socket->waitForConnected(10000));
QVERIFY(socket->sessionCipher().isNull());
socket->startClientEncryption();
QVERIFY(socket->waitForEncrypted(5000));
@@ -684,7 +690,7 @@ void tst_QSslSocket::localCertificate()
socket->setPrivateKey(QLatin1String(SRCDIR "certs/fluke.key"));
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
- QVERIFY(socket->waitForEncrypted(5000));
+ QVERIFY(socket->waitForEncrypted(10000));
}
void tst_QSslSocket::mode()
@@ -857,9 +863,16 @@ class SslServer : public QTcpServer
{
Q_OBJECT
public:
- SslServer() : socket(0), protocol(QSsl::TlsV1) { }
+ SslServer(const QString &keyFile = SRCDIR "certs/fluke.key", const QString &certFile = SRCDIR "certs/fluke.cert")
+ : socket(0),
+ protocol(QSsl::TlsV1),
+ m_keyFile(keyFile),
+ m_certFile(certFile) { }
QSslSocket *socket;
QSsl::SslProtocol protocol;
+ QString m_keyFile;
+ QString m_certFile;
+
protected:
void incomingConnection(int socketDescriptor)
{
@@ -867,13 +880,13 @@ protected:
socket->setProtocol(protocol);
connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(ignoreErrorSlot()));
- QFile file(SRCDIR "certs/fluke.key");
+ QFile file(m_keyFile);
QVERIFY(file.open(QIODevice::ReadOnly));
QSslKey key(file.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
QVERIFY(!key.isNull());
socket->setPrivateKey(key);
- QList<QSslCertificate> localCert = QSslCertificate::fromPath(SRCDIR "certs/fluke.cert");
+ QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile);
QVERIFY(!localCert.isEmpty());
QVERIFY(localCert.first().handle());
socket->setLocalCertificate(localCert.first());
@@ -918,13 +931,15 @@ void tst_QSslSocket::protocolServerSide_data()
QTest::newRow("ssl3-tls1") << QSsl::SslV3 << QSsl::TlsV1 << false;
QTest::newRow("ssl3-tls1ssl3") << QSsl::SslV3 << QSsl::TlsV1SslV3 << true;
QTest::newRow("ssl3-secure") << QSsl::SslV3 << QSsl::SecureProtocols << true;
- QTest::newRow("ssl3-any") << QSsl::SslV3 << QSsl::AnyProtocol << true;
+ QTest::newRow("ssl3-any") << QSsl::SslV3 << QSsl::AnyProtocol << false; // we wont set a SNI header here because we connect to a
+ // numerical IP, so OpenSSL will send a SSL 2 handshake
QTest::newRow("tls1-ssl2") << QSsl::TlsV1 << QSsl::SslV2 << false;
QTest::newRow("tls1-ssl3") << QSsl::TlsV1 << QSsl::SslV3 << false;
QTest::newRow("tls1-tls1ssl3") << QSsl::TlsV1 << QSsl::TlsV1SslV3 << true;
QTest::newRow("tls1-secure") << QSsl::TlsV1 << QSsl::SecureProtocols << true;
- QTest::newRow("tls1-any") << QSsl::TlsV1 << QSsl::AnyProtocol << true;
+ QTest::newRow("tls1-any") << QSsl::TlsV1 << QSsl::AnyProtocol << false; // we wont set a SNI header here because we connect to a
+ // numerical IP, so OpenSSL will send a SSL 2 handshake
QTest::newRow("tls1ssl3-ssl2") << QSsl::TlsV1SslV3 << QSsl::SslV2 << false;
QTest::newRow("tls1ssl3-ssl3") << QSsl::TlsV1SslV3 << QSsl::SslV3 << true;
@@ -1036,6 +1051,39 @@ void tst_QSslSocket::setSocketDescriptor()
QVERIFY(client->localPort() != 0);
}
+void tst_QSslSocket::setSslConfiguration_data()
+{
+ QTest::addColumn<QSslConfiguration>("configuration");
+ QTest::addColumn<bool>("works");
+
+ QTest::newRow("empty") << QSslConfiguration() << false;
+ QSslConfiguration conf = QSslConfiguration::defaultConfiguration();
+ QTest::newRow("default") << conf << false; // does not contain test server cert
+ QList<QSslCertificate> testServerCert = QSslCertificate::fromPath(SRCDIR "certs/qt-test-server-cacert.pem");
+ conf.setCaCertificates(testServerCert);
+ QTest::newRow("set-root-cert") << conf << true;
+ conf.setProtocol(QSsl::SecureProtocols);
+ QTest::newRow("secure") << conf << true;
+}
+
+void tst_QSslSocket::setSslConfiguration()
+{
+ if (!QSslSocket::supportsSsl())
+ return;
+
+ QSslSocketPtr socket = newSocket();
+ QFETCH(QSslConfiguration, configuration);
+ socket->setSslConfiguration(configuration);
+ this->socket = socket;
+ socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
+ QFETCH(bool, works);
+ QCOMPARE(socket->waitForEncrypted(10000), works);
+ if (works) {
+ socket->disconnectFromHost();
+ QVERIFY2(socket->waitForDisconnected(), qPrintable(socket->errorString()));
+ }
+}
+
void tst_QSslSocket::waitForEncrypted()
{
if (!QSslSocket::supportsSsl())
@@ -1708,7 +1756,7 @@ void tst_QSslSocket::disconnectFromHostWhenConnecting()
QCOMPARE(state, socket->state());
QVERIFY(socket->state() == QAbstractSocket::HostLookupState ||
socket->state() == QAbstractSocket::ConnectingState);
- QVERIFY(socket->waitForDisconnected(5000));
+ QVERIFY(socket->waitForDisconnected(10000));
QCOMPARE(socket->state(), QAbstractSocket::UnconnectedState);
// we did not call close, so the socket must be still open
QVERIFY(socket->isOpen());
@@ -1937,6 +1985,38 @@ void tst_QSslSocket::writeBigChunk()
socket->close();
}
+void tst_QSslSocket::blacklistedCertificates()
+{
+ QFETCH_GLOBAL(bool, setProxy);
+ if (setProxy)
+ return;
+
+ SslServer server(SRCDIR "certs/fake-login.live.com.key", SRCDIR "certs/fake-login.live.com.pem");
+ QSslSocket *receiver = new QSslSocket(this);
+ connect(receiver, SIGNAL(readyRead()), SLOT(exitLoop()));
+
+ // connect two sockets to each other:
+ QVERIFY(server.listen(QHostAddress::LocalHost));
+ receiver->connectToHost("127.0.0.1", server.serverPort());
+ QVERIFY(receiver->waitForConnected(5000));
+ QVERIFY(server.waitForNewConnection(0));
+
+ QSslSocket *sender = server.socket;
+ QVERIFY(sender);
+ QVERIFY(sender->state() == QAbstractSocket::ConnectedState);
+ receiver->setObjectName("receiver");
+ sender->setObjectName("sender");
+ receiver->startClientEncryption();
+
+ connect(receiver, SIGNAL(sslErrors(QList<QSslError>)), SLOT(exitLoop()));
+ connect(receiver, SIGNAL(encrypted()), SLOT(exitLoop()));
+ enterLoop(1);
+ QList<QSslError> sslErrors = receiver->sslErrors();
+ QVERIFY(sslErrors.count() > 0);
+ // there are more errors (self signed cert and hostname mismatch), but we only care about the blacklist error
+ QCOMPARE(sslErrors.at(0).error(), QSslError::CertificateBlacklisted);
+}
+
void tst_QSslSocket::setEmptyDefaultConfiguration()
{
// used to produce a crash in QSslConfigurationPrivate::deepCopyDefaultConfiguration, QTBUG-13265
@@ -1948,8 +2028,9 @@ void tst_QSslSocket::setEmptyDefaultConfiguration()
QSslConfiguration::setDefaultConfiguration(emptyConf);
QSslSocketPtr socket = newSocket();
+ connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(ignoreErrorSlot()));
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
-
+ QVERIFY2(!socket->waitForEncrypted(4000), qPrintable(socket->errorString()));
}
#endif // QT_NO_OPENSSL
generated by cgit v0.12 at 2025-09-03 01:31:24 (GMT)