QNetworkReply: add possibility to ignore specific SSL errors

the same method was also added to QSslSocket. previously, it was only possible to ignore all SSL errors; now, it is also possible to only ignore specific SSL errors, given by a QList of QSslErrors. Moreover, it is possible to call this newly added method right after connecting, not just when we get the SSL error. Reviewed-by: Thiago Task-number: 257322
author: Peter Hartmann <peter.hartmann@trolltech.com> 2009-07-02 09:32:49 (GMT)
committer: Peter Hartmann <peter.hartmann@trolltech.com> 2009-07-22 16:07:13 (GMT)
commit: 8e05fd54935be488165abe6762e69aabb9adf232 (patch)
tree: cbb6e29ccb10950233077f0d6e9cb8879bcf3727 /tests
parent: d63f3c4c3940b4293c8763d5bfc01ed430075efb (diff)
download: Qt-8e05fd54935be488165abe6762e69aabb9adf232.zip
Qt-8e05fd54935be488165abe6762e69aabb9adf232.tar.gz
Qt-8e05fd54935be488165abe6762e69aabb9adf232.tar.bz2
2 files changed, 170 insertions, 2 deletions
diff --git a/tests/auto/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/qnetworkreply/tst_qnetworkreply.cpp
index b67c727..788be1e 100644
--- a/tests/auto/qnetworkreply/tst_qnetworkreply.cpp
+++ b/tests/auto/qnetworkreply/tst_qnetworkreply.cpp
@@ -114,6 +114,7 @@ class tst_QNetworkReply: public QObject
     MyCookieJar *cookieJar;
 #ifndef QT_NO_OPENSSL
     QSslConfiguration storedSslConfiguration;
+    QList<QSslError> storedExpectedSslErrors;
 #endif
 
 public:
@@ -126,9 +127,11 @@ public Q_SLOTS:
     void gotError();
     void authenticationRequired(QNetworkReply*,QAuthenticator*);
     void proxyAuthenticationRequired(const QNetworkProxy &,QAuthenticator*);
+
 #ifndef QT_NO_OPENSSL
     void sslErrors(QNetworkReply*,const QList<QSslError> &);
     void storeSslConfiguration();
+    void ignoreSslErrorListSlot(QNetworkReply *reply, const QList<QSslError> &);
 #endif
 
 protected Q_SLOTS:
@@ -247,6 +250,13 @@ private Q_SLOTS:
     void httpConnectionCount();
     void httpDownloadPerformance_data();
     void httpDownloadPerformance();
+
+#ifndef QT_NO_OPENSSL
+    void ignoreSslErrorsList_data();
+    void ignoreSslErrorsList();
+    void ignoreSslErrorsListWithSlot_data();
+    void ignoreSslErrorsListWithSlot();
+#endif
 };
 
 QT_BEGIN_NAMESPACE
@@ -3540,7 +3550,7 @@ void tst_QNetworkReply::httpProxyCommands_data()
         << QUrl("http://0.0.0.0:4443/http-request")
         << QByteArray("HTTP/1.0 200 OK\r\nProxy-Connection: close\r\nContent-Length: 1\r\n\r\n1")
         << "GET http://0.0.0.0:4443/http-request HTTP/1.";
-#ifndef QT_NO_SSL
+#ifndef QT_NO_OPENSSL
     QTest::newRow("https")
         << QUrl("https://0.0.0.0:4443/https-request")
         << QByteArray("HTTP/1.0 200 Connection Established\r\n\r\n")
@@ -3832,5 +3842,81 @@ void tst_QNetworkReply::httpDownloadPerformance()
     delete reply;
 }
 
+#ifndef QT_NO_OPENSSL
+void tst_QNetworkReply::ignoreSslErrorsList_data()
+{
+    QTest::addColumn<QString>("url");
+    QTest::addColumn<QList<QSslError> >("expectedSslErrors");
+    QTest::addColumn<QNetworkReply::NetworkError>("expectedNetworkError");
+
+    QList<QSslError> expectedSslErrors;
+    // apparently, because of some weird behaviour of SRCDIR, the file name below needs to start with a slash
+    QList<QSslCertificate> certs = QSslCertificate::fromPath(QLatin1String(SRCDIR "/../qsslsocket/certs/qt-test-server-cacert.pem"));
+    QSslError rightError(QSslError::SelfSignedCertificate, certs.at(0));
+    QSslError wrongError(QSslError::SelfSignedCertificate);
+
+    QTest::newRow("SSL-failure-empty-list") << "https://" + QtNetworkSettings::serverName() + "/index.html" << expectedSslErrors << QNetworkReply::SslHandshakeFailedError;
+    expectedSslErrors.append(wrongError);
+    QTest::newRow("SSL-failure-wrong-error") << "https://" + QtNetworkSettings::serverName() + "/index.html" << expectedSslErrors << QNetworkReply::SslHandshakeFailedError;
+    expectedSslErrors.append(rightError);
+    QTest::newRow("allErrorsInExpectedList1") << "https://" + QtNetworkSettings::serverName() + "/index.html" << expectedSslErrors << QNetworkReply::NoError;
+    expectedSslErrors.removeAll(wrongError);
+    QTest::newRow("allErrorsInExpectedList2") << "https://" + QtNetworkSettings::serverName() + "/index.html" << expectedSslErrors << QNetworkReply::NoError;
+    expectedSslErrors.removeAll(rightError);
+    QTest::newRow("SSL-failure-empty-list-again") << "https://" + QtNetworkSettings::serverName() + "/index.html" << expectedSslErrors << QNetworkReply::SslHandshakeFailedError;
+}
+
+void tst_QNetworkReply::ignoreSslErrorsList()
+{
+    QFETCH(QString, url);
+    QNetworkRequest request(url);
+    QNetworkReply *reply = manager.get(request);
+
+    QFETCH(QList<QSslError>, expectedSslErrors);
+    reply->ignoreSslErrors(expectedSslErrors);
+
+    connect(reply, SIGNAL(finished()), &QTestEventLoop::instance(), SLOT(exitLoop()));
+    QTestEventLoop::instance().enterLoop(10);
+    QVERIFY(!QTestEventLoop::instance().timeout());
+
+    QFETCH(QNetworkReply::NetworkError, expectedNetworkError);
+    QCOMPARE(reply->error(), expectedNetworkError);
+}
+
+void tst_QNetworkReply::ignoreSslErrorsListWithSlot_data()
+{
+    ignoreSslErrorsList_data();
+}
+
+// this is not a test, just a slot called in the test below
+void tst_QNetworkReply::ignoreSslErrorListSlot(QNetworkReply *reply, const QList<QSslError> &)
+{
+    reply->ignoreSslErrors(storedExpectedSslErrors);
+}
+
+// do the same as in ignoreSslErrorsList, but ignore the errors in the slot
+void tst_QNetworkReply::ignoreSslErrorsListWithSlot()
+{
+    QFETCH(QString, url);
+    QNetworkRequest request(url);
+    QNetworkReply *reply = manager.get(request);
+
+    QFETCH(QList<QSslError>, expectedSslErrors);
+    // store the errors to ignore them later in the slot connected below
+    storedExpectedSslErrors = expectedSslErrors;
+    connect(&manager, SIGNAL(sslErrors(QNetworkReply *, const QList<QSslError> &)),
+            this, SLOT(ignoreSslErrorListSlot(QNetworkReply *, const QList<QSslError> &)));
+
+
+    connect(reply, SIGNAL(finished()), &QTestEventLoop::instance(), SLOT(exitLoop()));
+    QTestEventLoop::instance().enterLoop(10);
+    QVERIFY(!QTestEventLoop::instance().timeout());
+
+    QFETCH(QNetworkReply::NetworkError, expectedNetworkError);
+    QCOMPARE(reply->error(), expectedNetworkError);
+}
+
+#endif // QT_NO_OPENSSL
+
 QTEST_MAIN(tst_QNetworkReply)
 #include "tst_qnetworkreply.moc"
diff --git a/tests/auto/qsslsocket/tst_qsslsocket.cpp b/tests/auto/qsslsocket/tst_qsslsocket.cpp
index bc9d1ca..23eee29 100644
--- a/tests/auto/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/qsslsocket/tst_qsslsocket.cpp
@@ -173,6 +173,10 @@ private slots:
     void disconnectFromHostWhenConnecting();
     void disconnectFromHostWhenConnected();
     void resetProxy();
+    void ignoreSslErrorsList_data();
+    void ignoreSslErrorsList();
+    void ignoreSslErrorsListWithSlot_data();
+    void ignoreSslErrorsListWithSlot();
 
     static void exitLoop()
     {
@@ -194,9 +198,11 @@ protected slots:
         if (errors.size() == 1 && errors.first().error() == QSslError::CertificateUntrusted)
             socket->ignoreSslErrors();
     }
+    void ignoreErrorListSlot(const QList<QSslError> &errors);
 
 private:
     QSslSocket *socket;
+    QList<QSslError> storedExpectedSslErrors;
 #endif // QT_NO_OPENSSL
 private:
     static int loopLevel;
@@ -609,7 +615,7 @@ void tst_QSslSocket::connectToHostEncryptedWithVerificationPeerName()
     QSslSocketPtr socket = newSocket();
     this->socket = socket;
 
-    socket->addCaCertificates(QLatin1String("certs/qt-test-server-cacert.pem"));
+    socket->addCaCertificates(QLatin1String(SRCDIR "certs/qt-test-server-cacert.pem"));
 #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND
     connect(&socket, SIGNAL(sslErrors(QList<QSslError>)),
             this, SLOT(untrustedWorkaroundSlot(QList<QSslError>)));
@@ -1537,6 +1543,82 @@ void tst_QSslSocket::resetProxy()
     QVERIFY2(socket2.waitForConnected(10000), qPrintable(socket.errorString()));
 }
 
+void tst_QSslSocket::ignoreSslErrorsList_data()
+{
+    QTest::addColumn<QList<QSslError> >("expectedSslErrors");
+    QTest::addColumn<int>("expectedSslErrorSignalCount");
+
+    // construct the list of errors that we will get with the SSL handshake and that we will ignore
+    QList<QSslError> expectedSslErrors;
+    // fromPath gives us a list of certs, but it actually only contains one
+    QList<QSslCertificate> certs = QSslCertificate::fromPath(QLatin1String(SRCDIR "certs/qt-test-server-cacert.pem"));
+    QSslError rightError(QSslError::SelfSignedCertificate, certs.at(0));
+    QSslError wrongError(QSslError::SelfSignedCertificate);
+
+
+    QTest::newRow("SSL-failure-empty-list") << expectedSslErrors << 1;
+    expectedSslErrors.append(wrongError);
+    QTest::newRow("SSL-failure-wrong-error") << expectedSslErrors << 1;
+    expectedSslErrors.append(rightError);
+    QTest::newRow("allErrorsInExpectedList1") << expectedSslErrors << 0;
+    expectedSslErrors.removeAll(wrongError);
+    QTest::newRow("allErrorsInExpectedList2") << expectedSslErrors << 0;
+    expectedSslErrors.removeAll(rightError);
+    QTest::newRow("SSL-failure-empty-list-again") << expectedSslErrors << 1;
+}
+
+void tst_QSslSocket::ignoreSslErrorsList()
+{
+    QSslSocket socket;
+    connect(&socket, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)),
+            this, SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)));
+
+//    this->socket = &socket;
+    QSslCertificate cert;
+
+    QFETCH(QList<QSslError>, expectedSslErrors);
+    socket.ignoreSslErrors(expectedSslErrors);
+
+    QFETCH(int, expectedSslErrorSignalCount);
+    QSignalSpy sslErrorsSpy(&socket, SIGNAL(error(QAbstractSocket::SocketError)));
+
+    socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
+
+    bool expectEncryptionSuccess = (expectedSslErrorSignalCount == 0);
+    QCOMPARE(socket.waitForEncrypted(10000), expectEncryptionSuccess);
+    QCOMPARE(sslErrorsSpy.count(), expectedSslErrorSignalCount);
+}
+
+void tst_QSslSocket::ignoreSslErrorsListWithSlot_data()
+{
+    ignoreSslErrorsList_data();
+}
+
+// this is not a test, just a slot called in the test below
+void tst_QSslSocket::ignoreErrorListSlot(const QList<QSslError> &)
+{
+    socket->ignoreSslErrors(storedExpectedSslErrors);
+}
+
+void tst_QSslSocket::ignoreSslErrorsListWithSlot()
+{
+    QSslSocket socket;
+    this->socket = &socket;
+
+    QFETCH(QList<QSslError>, expectedSslErrors);
+    // store the errors to ignore them later in the slot connected below
+    storedExpectedSslErrors = expectedSslErrors;
+    connect(&socket, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)),
+            this, SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)));
+    connect(&socket, SIGNAL(sslErrors(const QList<QSslError> &)),
+            this, SLOT(ignoreErrorListSlot(const QList<QSslError> &)));
+    socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
+
+    QFETCH(int, expectedSslErrorSignalCount);
+    bool expectEncryptionSuccess = (expectedSslErrorSignalCount == 0);
+    QCOMPARE(socket.waitForEncrypted(10000), expectEncryptionSuccess);
+}
+
 #endif // QT_NO_OPENSSL
 
 QTEST_MAIN(tst_QSslSocket)
author	Peter Hartmann <peter.hartmann@trolltech.com>	2009-07-02 09:32:49 (GMT)
committer	Peter Hartmann <peter.hartmann@trolltech.com>	2009-07-22 16:07:13 (GMT)
commit	8e05fd54935be488165abe6762e69aabb9adf232 (patch)
tree	cbb6e29ccb10950233077f0d6e9cb8879bcf3727 /tests
parent	d63f3c4c3940b4293c8763d5bfc01ed430075efb (diff)
download	Qt-8e05fd54935be488165abe6762e69aabb9adf232.zip Qt-8e05fd54935be488165abe6762e69aabb9adf232.tar.gz Qt-8e05fd54935be488165abe6762e69aabb9adf232.tar.bz2