| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
fixes minor coding issues for
"Use OpenSSL X509_NAME_ENTRY API to parse UTF8 subjectName/issuerName"
Task-number: QTBUG-7912
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
| |
... to be able to display non-ASCII names from subject and issuerInfo.
Task-number: QTBUG-7912
Merge-request: 922
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| | |
|
| |
|
|
|
|
|
| |
and do not only check leaf certificates, but all intermediates and
the root. Tested manually with the cross-signed intermediates.
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
| |
... to reduce the possibility of blacklisting valid certificates that
happen to have the same serial number as a blacklisted one, which is
unlikely, but possible.
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
blacklist the leaf certificate for now. There might well be more fake
certificates in the wild, for that either the Diginotar.nl root cert
needs to be disabled on the system or OCSP would need to be enabled
(not supported by Qt yet).
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
| |
Enlarge SSL readbuffer as per performance testing results.
Checked from Shane Kearns that larger buffer is OK.
Task-id: http://bugreports.qt.nokia.com/browse/QTBUG-18943
RC id: ou1cimx1#779022
|
| |
|
|
|
|
|
|
|
|
|
| |
Reading incoming data in Symbian is slow when it is done from the native RSocket in 1kB blocks.
Typically other native apps use 16 kB or even 24 kB (browser).
This contributes (among other slow tasks such as writing to mass memory) to the TCP window filling up.
This case, even though it should be recoverable, has proven to be problematic in some scenarios including downloading from Ovi Store via 3G.
The fix just increases the amount of data read, which speeds things up and makes the problematic window fill-up less common.
Reviewed-by: Shane Kearns
Task-number: QTBUG-18943
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
4.7-integration
* '4.7' of scm.dev.nokia.troll.no:qt/oslo-staging-1:
Updating file with CRLF line endings for the updated header
Fix a regression in QList::mid()
update gitignore
remove -fno-stack-protector
Fix make confclean
Update licenseheader text in source files
|
| | |
| |
| |
| |
| |
| |
| | |
Updated version of LGPL and FDL licenseheaders.
Apply release phase licenseheaders for all source files.
Reviewed-by: Trust Me
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
Some proxies can discriminate based on the User-Agent when sent a
CONNECT command for establishing a HTTPS connection.
With this change, if the User-Agent header is set in the QNetworkRequest
then it will be passed to the http socket engine for use in the connect
command sent to the proxy.
As before, "Mozilla/5.0" will be used by default when no user agent
has been set.
Task-number: QTBUG-17223
Reviewed-by: Markus Goetz
|
| |
|
|
|
|
|
|
| |
tested manually with "openssl s_server -cert blacklisted.pem -key
key.pem" and connecting a QSslSocket.
Reviewed-by: Markus Goetz
Task-number: QTBUG-18338
|
| |
|
|
|
|
|
|
|
|
| |
There are some fraudulent certificates in the wild that are not valid;
this patch introduces a blacklist of serial numbers of those
certificates.
Reviewed-by: Richard J. Moore
Reviewed-by: Markus Goetz
Task-number: QTBUG-18338
|
| |
|
|
|
|
|
| |
Do not add the expired certificates on Mac OS X 10.5.
Task-number: QTBUG-14520
Reviewed-by: Markus Goetz
|
| |
|
|
| |
Reviewed-by: Markus Goetz
|
| |
|
|
| |
Reviewed-by: Trust Me
|
| | |
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
4.7-integration
* '4.7' of scm.dev.nokia.troll.no:qt/qt-s60-public: (21 commits)
Fixed handling of QInputMethodEvents with nonzero replacementLength.
Fixed namespace issues related to epocroot.cpp
Corrected ASCII comparison and removed extra braces
Add symbian scope for qfiledialog_symbian.cpp
Resolve EPOCROOT in qt.conf using same logic as in .pro
Make epocroot resolving compatible with more build environments
Fix for QtOpenGL RVCT4 compilation error
Removed extra cpp and done changes based on comments
Correct flags for Symbian file dialogs
Fix for WServ 64 crash on Symbian.
Use include(original mkspec) instead of copying of mkspec to default
Fixed code style of d92cbfc5, reported by git push.
Switched qdesktopservices to use SchemeHandler for Symbian^3 and later.
Removed unnecessary Q_OS_SYMBIAN flags from qdesktopservices_s60.cpp.
Documented usage of dialogs on Symbian
Native file dialog on Symbian^3
Add Location as self signable capability in patch_capabilities.pl
Localize .loc and .pkg content based on TRANSLATIONS
Bump Qt version to 4.7.2.
SSL: Fix for systemCaCertificates being called first on symbian
...
|
| | |\
| | |
| | |
| | |
| | |
| | | |
Conflicts:
tools/qdoc3/test/qt-build-docs.qdocconf
tools/qdoc3/test/qt.qdocconf
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
On symbian, thread names must be unique (actually kernel object names)
When a thread exits, there may still be open handles, for example a
debugger or RUndertaker so the thread name cannot be reused immediately.
S60 has an RUndertaker instance in a background thread, which is used
to display the "application closed" messages when a crash happens.
Until that thread has run and checked the thread exit to see if it was
a crash or not, the thread remains open.
When systemCaCertificates is called as the first API call, it calls itself
via ensureinitialised() to set the default CA certs. This double call
should be addressed by QTBUG-15218.
In any case, QSslSocket::systemCaCertificates() is intended to refresh
from the system - if application code calls it too quickly in succession it
could also trigger this bug.
Task-number: QTBUG-15126
Reviewed-by: Markus Goetz
|
| | |/
|/| |
|
| |\ \
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
4.7-integration
* '4.7' of scm.dev.nokia.troll.no:qt/oslo-staging-1:
Minor adjustments to merge-request 915
Implement brush transformations for directfb.
Add FreeBSD's certificate bundle to the certificates list.
SSL internals: upon error, read all errors from OpenSSL
Added an example for QTest::touchEvent to the documentation.
Push and pop the thread-default context for the current thread
Fix compilation by s/intptr_t/quintptr/
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The FreeBSD base system does not ship a certificate bundle, but the
ca_root_nss port provides one extracted from Mozilla's root CA list.
As discussed in QTBUG-14013, it should be preferrable to have bundle
files than separate certificate files, so the path for the certificate
has been added directly.
Signed-off-by: Raphael Kubo da Costa <kubito@gmail.com>
Merge-request: 896
Reviewed-by: Thiago Macieira <thiago.macieira@nokia.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
... and not only the last one. One call to OpenSSL can produce several
errors, which we should always read all. Otherwise, malicious clients
could intentionally poison the error queue.
Inspired-by: Merge request 2290
Reviewed-by: Olivier Goffart
Reviewed-by: Markus Goetz
Task-number: QTBUG-14513
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added error handling to the certificate retrieval thread
Made the certificate retrieval thread process critical (so if it crashes
the process will crash instead of hang)
Filter the certificate list to only fetch CA certificates which are in
X.509 format (symbian also allows WAP formats, but Qt does not support
these).
Put the TPtr8 for asynch function parameter in the class data so it does
not go out of scope while the function is in progress. Previously it was
on the stack so it could be corrupted before the certificate server had
finished using it.
Task-number: QTBUG-15005
Task-number: QTBUG-15126
Reviewed-by: Markus Goetz
|
| |
|
|
|
|
|
|
|
|
| |
This will be used by QNAM to prevent event loop recursion while
emitting signals that often spin an event loop, e.g.
authenticationRequired() displaying a dialog for the user.
Reviewed-by: Peter Hartmann
Reviewed-by: Prasanth
Task-Number: QTBUG-13234
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| | |
Task-number: QTBUG-14213
Reviewed-by: David Boddie
|
| |/
|
|
|
| |
Task-number: http://bugs.meego.com/show_bug.cgi?id=7777
Reviewed-by: Markus Goetz
|
| |
|
|
|
|
|
|
|
|
| |
... by only reading in a certificate once. Before, we were adding all
files from all directories; since they often contained symlinks, the
same certificate was added several times.
Reviewed-by: Markus Goetz
Reviewed-by: Thiago Macieira
Task-number: QTBUG-14013
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch fixes the hanging issues on some Symbian devices that occurs while
retrieving certificates from the Symbian certificate store. The hanging was
caused by the certificate info array not being closed before exiting the
thread. This alone wouldn't make the existing implementation work, so the patch
replaces it with a pure Symbian style implementation which doesn't seem to be
affected (probably some OpenC threads issue).
Merge-request: 808
Reviewed-by: Shane Kearns
Reviewed-by: Simon Hausmann <simon.hausmann@nokia.com>
Task: QTBUG-13033
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
qmake/Makefile.win32
src/corelib/io/qfsfileengine_win.cpp
src/corelib/kernel/qeventdispatcher_win.cpp
src/gui/dialogs/qfiledialog_win.cpp
src/gui/inputmethod/qcoefepinputcontext_s60.cpp
src/gui/text/qfontdatabase_win.cpp
src/gui/util/qsystemtrayicon_win.cpp
src/script/utils/qscriptdate.cpp
tests/auto/qinputcontext/tst_qinputcontext.cpp
tests/auto/qscriptengine/tst_qscriptengine.cpp
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This was a security hole that has been there for a while, but the
public awareness have recently rised so the threat is more imminent
now.
The solution is to fix all places where we dynamically load system
libraries. More specifically, we now load all system libraries with
an absolute path that points to a library in the system directory
(usually c:\windows\system32).
We therefore introduce a small class named QSystemLibrary that only loads
libraries located in the system path. This shares some of the API with
QLibrary (in order to make the patch as small as possible).
We don't fix QLibrary due to risk of regressions. In
addition, applications can fix the code that calls QLibrary themselves.
The problem does not apply to Windows CE, since the search order is
documented as not searching in the current directory.
However, it touches some CE-specific code - therefore QSystemLibrary
is sometimes used on WinCE (however, it will just do a normal
LoadLibrary() since its safe anyway).
This change does not affect the testability plugin (it is not clearly
documented where that plugin is located, and the plugin should never
be used in production code anyway)
Loading OpenSSL libraries
The ssl libraries are handled specially, and searched in this order
(we cannot expect them to always be in the system folder):
1. Application path
2. System libraries path
3. Trying all paths inside the PATH environment variable
Task-number: QT-3825
Reviewed-by: Thiago Macieira
Reviewed-by: Peter Hartmann
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes Westpoint Security issue with Advisory ID#: wp-10-0001.
Before, we would allow wildcards in IP addresses like *.2.3.4 ; now,
IP addresses must match excatly.
Patch-by: Richard J. Moore <rich@kde.org>
Task-number: QT-3704
|
| | |
| |
| |
| |
| | |
QString::lower() is QT3_SUPPORT, the correct method is
QString::toLower().
|
| | |
| |
| |
| |
| |
| | |
Merge-request: 731
Task-number: QTBUG-4455
Reviewed-by: Peter Hartmann
|
| | |
| |
| |
| |
| | |
Reviewed-by: Markus Goetz
Task-number: QT-3567
|
| | |
| |
| |
| |
| |
| |
| |
| | |
We were accessing the d-pointer of a QSslConfiguration which is
initialized lazily.
Reviewed-by: Markus Goetz
Task-number: QTBUG-13265
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
X509 has two time formats: UTC, where the year is in two-digit format,
and generalized time with four-digit years.
This patch allows dates specified generalized time.
Reviewed-by: Thiago Macieira
Task-number: QTBUG-12489
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
4.7-integration
* '4.7' of scm.dev.nokia.troll.no:qt/oslo-staging-1: (32 commits)
Fix memory leak in QtScript variable object
doc: Changed some titles so lists of contents sort better.
QSslSocket: fix security vulnerability with wildcard IP addresses
doc: Some reorganization of top page topic hierarchy.
Mac: Fix crash when using style to draw on other things than widgets
Doc: Adding radius support for CSS3 and webkit
Correct spelling (UNKOWN -> UNKNOWN) to fix recent test regression
add performance comparisons to qregexp benchmark
configure: fix error message when calling config.status
Fix invalid memory write during recursive timer activation
Added comment about calendarPopup in setCalendarWidget function documentation.
doc: Fixed some qdoc errors.
Correcting spelling mistakes in documentation. Part of fix for QTBUG-11938.
CreateFileMapping returns NULL on error , only tested with INVALID_HANDLE_VALUE.
XmlListModel doc fixes
Mention QML_IMPORT_TRACE in Modules docs
Merge sections about when property and default state
Explain Flipable example further
PathView required some diagonal movement before a drag was initiated.
doc: Fixed some qdoc errors.
...
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes Westpoint Security issue with Advisory ID#: wp-10-0001.
Before, we would allow wildcards in IP addresses like *.2.3.4 ; now,
IP addresses must match excatly.
Patch-by: Richard J. Moore <rich@kde.org>
Task-number: QT-3704
|
| | | |
| | |
| | |
| | |
| | | |
Reviewer: David Boddie
Task number: QTBUG-11938
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
Due to a wrong ifdef sequence, the unix code was being compiled instead
of the symbian code for retrieving the system certificates.
Task-number: QTBUG-12718
Reviewed-by: Peter Hartmann
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The problem was that the QT_BEGIN_NAMESPACE was in the wrong place.
I moved it 10 lines before and the problem is gone.
Task-number: QTBUG-12262
Reviewed-by: Prasanth
|
| | |
| |
| |
| |
| | |
Reviewed-by: Markus Goetz
Task-number: QT-3567
|
| | | |
|
| | |
| |
| |
| |
| | |
QString::lower() is QT3_SUPPORT, the correct method is
QString::toLower().
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
4.7-integration
* '4.7' of scm.dev.nokia.troll.no:qt/oslo-staging-1: (59 commits)
Doc: Cleaning style and adding support for Creator
Add NTLMv2 authentication support to QAuthenticator.
QIODPLB: Sync behavior of ungetBlock() and ungetChar()
QFileIconProvider: Load icons on demand.
Doc: fixing offline style
Fix handling of SSL certificates with wildcard domain names
Doc: fixing examples link
doc: Fixed several qdoc warnings.
doc: Fixed several qdoc warnings.
SSL library loading: load system libs only once
Revert "SSL backend: load libraries for certificates only once"
doc: Fixed several qdoc warnings.
doc: Fixed several qdoc warnings.
doc: Fixed several qdoc warnings.
doc: Fixed several qdoc warnings.
doc: Fixed several qdoc warnings.
Doc: Adding support for Qt Creator style
doc: Fixed last of the declarative/QML qdoc warnings.
qdoc: Marked some missing declarative properties and functions as \internal.
qhelpgenerator: Fix namespace syntax checking.
...
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Merge-request: 731
Task-number: QTBUG-4455
Reviewed-by: Peter Hartmann
|
