summaryrefslogtreecommitdiffstats
path: root/tests/auto/qsslsocket/tst_qsslsocket.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'tests/auto/qsslsocket/tst_qsslsocket.cpp')
-rw-r--r--tests/auto/qsslsocket/tst_qsslsocket.cpp72
1 files changed, 57 insertions, 15 deletions
diff --git a/tests/auto/qsslsocket/tst_qsslsocket.cpp b/tests/auto/qsslsocket/tst_qsslsocket.cpp
index ccfe0f3..b508d47 100644
--- a/tests/auto/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/qsslsocket/tst_qsslsocket.cpp
@@ -67,6 +67,7 @@ typedef QList<QSslError::SslError> SslErrorList;
Q_DECLARE_METATYPE(SslErrorList)
Q_DECLARE_METATYPE(QSslError)
Q_DECLARE_METATYPE(QSsl::SslProtocol)
+Q_DECLARE_METATYPE(QSslConfiguration)
#endif
#if defined Q_OS_HPUX && defined Q_CC_GNU
@@ -152,6 +153,8 @@ private slots:
void setLocalCertificate();
void setPrivateKey();
void setSocketDescriptor();
+ void setSslConfiguration_data();
+ void setSslConfiguration();
void waitForEncrypted();
void waitForConnectedEncryptedReadyRead();
void startClientEncryption();
@@ -185,7 +188,7 @@ private slots:
void ignoreSslErrorsListWithSlot();
void readFromClosedSocket();
void writeBigChunk();
- void blacklist();
+ void blacklistedCertificates();
void setEmptyDefaultConfiguration();
static void exitLoop()
@@ -534,6 +537,8 @@ void tst_QSslSocket::sslErrors()
QSslSocketPtr socket = newSocket();
socket->connectToHostEncrypted(host, port);
+ if (!socket->waitForConnected())
+ QEXPECT_FAIL("imap.trolltech.com", "server not open to internet", Continue);
socket->waitForEncrypted(5000);
SslErrorList output;
@@ -542,7 +547,7 @@ void tst_QSslSocket::sslErrors()
}
#ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND
- if (output.last() == QSslError::CertificateUntrusted)
+ if (output.count() && output.last() == QSslError::CertificateUntrusted)
output.takeLast();
#endif
QCOMPARE(output, expected);
@@ -651,7 +656,7 @@ void tst_QSslSocket::sessionCipher()
connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot()));
QVERIFY(socket->sessionCipher().isNull());
socket->connectToHost(QtNetworkSettings::serverName(), 443 /* https */);
- QVERIFY(socket->waitForConnected(5000));
+ QVERIFY(socket->waitForConnected(10000));
QVERIFY(socket->sessionCipher().isNull());
socket->startClientEncryption();
QVERIFY(socket->waitForEncrypted(5000));
@@ -685,7 +690,7 @@ void tst_QSslSocket::localCertificate()
socket->setPrivateKey(QLatin1String(SRCDIR "certs/fluke.key"));
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
- QVERIFY(socket->waitForEncrypted(5000));
+ QVERIFY(socket->waitForEncrypted(10000));
}
void tst_QSslSocket::mode()
@@ -926,13 +931,15 @@ void tst_QSslSocket::protocolServerSide_data()
QTest::newRow("ssl3-tls1") << QSsl::SslV3 << QSsl::TlsV1 << false;
QTest::newRow("ssl3-tls1ssl3") << QSsl::SslV3 << QSsl::TlsV1SslV3 << true;
QTest::newRow("ssl3-secure") << QSsl::SslV3 << QSsl::SecureProtocols << true;
- QTest::newRow("ssl3-any") << QSsl::SslV3 << QSsl::AnyProtocol << true;
+ QTest::newRow("ssl3-any") << QSsl::SslV3 << QSsl::AnyProtocol << false; // we wont set a SNI header here because we connect to a
+ // numerical IP, so OpenSSL will send a SSL 2 handshake
QTest::newRow("tls1-ssl2") << QSsl::TlsV1 << QSsl::SslV2 << false;
QTest::newRow("tls1-ssl3") << QSsl::TlsV1 << QSsl::SslV3 << false;
QTest::newRow("tls1-tls1ssl3") << QSsl::TlsV1 << QSsl::TlsV1SslV3 << true;
QTest::newRow("tls1-secure") << QSsl::TlsV1 << QSsl::SecureProtocols << true;
- QTest::newRow("tls1-any") << QSsl::TlsV1 << QSsl::AnyProtocol << true;
+ QTest::newRow("tls1-any") << QSsl::TlsV1 << QSsl::AnyProtocol << false; // we wont set a SNI header here because we connect to a
+ // numerical IP, so OpenSSL will send a SSL 2 handshake
QTest::newRow("tls1ssl3-ssl2") << QSsl::TlsV1SslV3 << QSsl::SslV2 << false;
QTest::newRow("tls1ssl3-ssl3") << QSsl::TlsV1SslV3 << QSsl::SslV3 << true;
@@ -1044,6 +1051,39 @@ void tst_QSslSocket::setSocketDescriptor()
QVERIFY(client->localPort() != 0);
}
+void tst_QSslSocket::setSslConfiguration_data()
+{
+ QTest::addColumn<QSslConfiguration>("configuration");
+ QTest::addColumn<bool>("works");
+
+ QTest::newRow("empty") << QSslConfiguration() << false;
+ QSslConfiguration conf = QSslConfiguration::defaultConfiguration();
+ QTest::newRow("default") << conf << false; // does not contain test server cert
+ QList<QSslCertificate> testServerCert = QSslCertificate::fromPath(SRCDIR "certs/qt-test-server-cacert.pem");
+ conf.setCaCertificates(testServerCert);
+ QTest::newRow("set-root-cert") << conf << true;
+ conf.setProtocol(QSsl::SecureProtocols);
+ QTest::newRow("secure") << conf << true;
+}
+
+void tst_QSslSocket::setSslConfiguration()
+{
+ if (!QSslSocket::supportsSsl())
+ return;
+
+ QSslSocketPtr socket = newSocket();
+ QFETCH(QSslConfiguration, configuration);
+ socket->setSslConfiguration(configuration);
+ this->socket = socket;
+ socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
+ QFETCH(bool, works);
+ QCOMPARE(socket->waitForEncrypted(10000), works);
+ if (works) {
+ socket->disconnectFromHost();
+ QVERIFY2(socket->waitForDisconnected(), qPrintable(socket->errorString()));
+ }
+}
+
void tst_QSslSocket::waitForEncrypted()
{
if (!QSslSocket::supportsSsl())
@@ -1525,8 +1565,8 @@ protected:
// delayed start of encryption
QTest::qSleep(100);
QSslSocket *socket = server.socket;
- Q_ASSERT(socket);
- Q_ASSERT(socket->isValid());
+ QVERIFY(socket);
+ QVERIFY(socket->isValid());
socket->ignoreSslErrors();
socket->startServerEncryption();
if (!socket->waitForEncrypted(2000))
@@ -1716,7 +1756,7 @@ void tst_QSslSocket::disconnectFromHostWhenConnecting()
QCOMPARE(state, socket->state());
QVERIFY(socket->state() == QAbstractSocket::HostLookupState ||
socket->state() == QAbstractSocket::ConnectingState);
- QVERIFY(socket->waitForDisconnected(5000));
+ QVERIFY(socket->waitForDisconnected(10000));
QCOMPARE(socket->state(), QAbstractSocket::UnconnectedState);
// we did not call close, so the socket must be still open
QVERIFY(socket->isOpen());
@@ -1945,7 +1985,7 @@ void tst_QSslSocket::writeBigChunk()
socket->close();
}
-void tst_QSslSocket::blacklist()
+void tst_QSslSocket::blacklistedCertificates()
{
QFETCH_GLOBAL(bool, setProxy);
if (setProxy)
@@ -1966,14 +2006,15 @@ void tst_QSslSocket::blacklist()
QVERIFY(sender->state() == QAbstractSocket::ConnectedState);
receiver->setObjectName("receiver");
sender->setObjectName("sender");
- receiver->ignoreSslErrors();
receiver->startClientEncryption();
- connect(receiver, SIGNAL(error(QAbstractSocket::SocketError)), SLOT(exitLoop()));
+ connect(receiver, SIGNAL(sslErrors(QList<QSslError>)), SLOT(exitLoop()));
connect(receiver, SIGNAL(encrypted()), SLOT(exitLoop()));
enterLoop(1);
- QCOMPARE(receiver->error(), QAbstractSocket::SslHandshakeFailedError);
- QCOMPARE(receiver->errorString(), QString("The peer certificate is blacklisted"));
+ QList<QSslError> sslErrors = receiver->sslErrors();
+ QVERIFY(sslErrors.count() > 0);
+ // there are more errors (self signed cert and hostname mismatch), but we only care about the blacklist error
+ QCOMPARE(sslErrors.at(0).error(), QSslError::CertificateBlacklisted);
}
void tst_QSslSocket::setEmptyDefaultConfiguration()
@@ -1987,8 +2028,9 @@ void tst_QSslSocket::setEmptyDefaultConfiguration()
QSslConfiguration::setDefaultConfiguration(emptyConf);
QSslSocketPtr socket = newSocket();
+ connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(ignoreErrorSlot()));
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
-
+ QVERIFY2(!socket->waitForEncrypted(4000), qPrintable(socket->errorString()));
}
#endif // QT_NO_OPENSSL
generated by cgit v0.12 at 2025-01-30 14:12:24 (GMT)