| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
... but rather throw an error, so the HTTP layer can recover from a SSL
shutdown gracefully. In case the other side sent us a shutdown, we tried
to send one as well, which results in an error.
(backport of commit e145b67fbd54f147dab0f8e460280a9c8533aa7b)
Change-Id: I57291a5363cb0f6585dbd6aaa521c748766a1fdf
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
... so SSL traffic can be decrypted with e.g. tcpdump / Wireshark.
For this to work, the define needs to be uncommented and QtNetwork
recompiled. This will create a file in /tmp/qt-ssl-keys which can
be fed into Wireshark.
A recent version of Wireshark is needed for this to work.
(cherry-picked from commit 1f180e9690a0a5f6cc849c1988ccda13de1b1e20)
Change-Id: I413ffd2494c780f92ccad7e4fdc11b790966e7ce
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make sure we keep track of when we can load root certs and when we
cannot (we cannot when the developer set the certs explicitly). This is
implemented the same way for QSslSocket already, and needs to be
duplicated because we have 2 methods for setting CA certificates: one in
QSslSocket and one in QSslConfiguration.
In addition, adapt the auto test which checks whether setting a default
QSslConfiguration works: There is no way to set on demand loading
through the API, so it should be enabled by default.
Task-number: QTBUG-29103
(backport of commit ce35c0db0d9dd849c736eabaeb57d597186aaa13)
Change-Id: Idf15c21092c7727e1080b1c261ce055f30dbcf63
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
... because almost everybody gets it wrong almost every time.
(cherry picked from commit eaa18f306341818165c2ee4fc22750da04d5e45e)
Change-Id: I3ca1dfe9723d4d29339c2c0a1ebe421f5929c760
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently /etc/openssl/certs is symlinked to
/var/certmgr/web/user_trusted, but this will be changed in the future.
/etc/openssl/certs is the folder to be used to read the root certs.
(cherry picked from commit 4c8d8a72ec65f409394075ef50401265e495c1dd)
Change-Id: I80820374586b5a9038e8b69206b6c9b05f486a07
Reviewed-by: Sean Harmer <sean.harmer@kdab.com>
|
| |
|
|
|
|
| |
Change-Id: I52bf8ef0447b701b4ebf7d7d240013a72adb9425
Reviewed-by: Akseli Salovaara <akseli.salovaara@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The comodogate 72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0
certificate is a test certificate and the MD5 Collisions was created
as a proof of concept deliberately made to be expired at the time
of it's creation.
Task-number: QTBUG-24654
(cherry picked from commit 4c0df9feb2b44d0c4fcaa5076f00aa08fbc1dda5)
Signed-off-by: Peter Hartmann <phartmann@rim.com>
Apparently this commit was forgotten to cherry-pick to Qt 4.
Change-Id: I86949eaa3c02483b0b66b4a620bfa88aaa9aa99b
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Those certificates have erroneously set the CA attribute to true,
meaning everybody in possesion of their keys can issue certificates on
their own.
backport of bf5e7fb2652669599a508e049b46ebd5cd3206e5 from qtbase
Task-number: QTBUG-28937
Change-Id: Iee57c6f983fee61c13c3b66ed874300ef8e80c23
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL changed the layout of X509_STORE_CTX between 0.9 and 1.0
So we have to consider this struct as private implementation, and use
the access functions instead.
This bug would cause certificate verification problems if a different
version of openssl is loaded at runtime to the headers Qt was compiled
against.
Task-number: QTBUG-28343
Change-Id: I47fc24336f7d9c80f08f9c8ba6debc51a5591258
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit eb2688c4c4f257d0a4d978ba4bf57d6347b15252)
|
| |
|
|
|
|
|
| |
Task-number: QTBUG-25207
Change-Id: I20ab722d3fcb74d90d9010c5c7c303f586e0d7c7
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
| |
Change copyrights and license headers from Nokia to Digia
Change-Id: I280c0a575987d1770e354b4948f1d4d767d711ea
Reviewed-by: Simo Fält <simo.falt@digia.com>
Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Disable SSL compression by default since this appears to be the a likely
cause of the currently hyped CRIME attack.
This is a backport of 5ea896fbc63593f424a7dfbb11387599c0025c74
Change-Id: I6eeefb23c6b140a9633b28ed85879459c474348a
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@rim.com>
|
| |
|
|
|
|
|
| |
Similar work was done in Qt5 in Change Id3b02316
Change-Id: I392d2a5bfffb9a335f28d5dbc5ea27b800fc4487
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@nokia.com>
|
| |
|
|
|
|
|
|
|
| |
msvc cannot use the same library for debug and release builds
if openssl libraries are linked statically into the network library.
Backported from 952788d64bc30c7aac5f9572533241ab8f48fb63
Change-Id: I8332b8293a27b6f9bd87ca1e6ebc63327589ab78
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Replace Nokia contact email address with Qt Project website.
- Remove "All rights reserved" line from license headers.
As in the past, to avoid rewriting various autotests that contain
line-number information, an extra blank line has been inserted at the
end of the license text to ensure that this commit does not change the
total number of lines in the license header.
Change-Id: Ie7ba62011752fcb149b99b26317c54f2a0cfa931
Reviewed-by: Jason McDonald <jason.mcdonald@nokia.com>
|
| |
|
|
|
| |
Change-Id: I3b6b4beedae4323cce5130fd2fcaf2a25c5be5b9
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
| |
Change-Id: I64a7f7aeca3954db615cc69c87048bc6ee386b88
Backport of <b002c7a8c06750e58e6d88f6a6052055eddcc9ed> from Qt5
Reviewed-by: Sean Harmer <sean.harmer@kdab.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
| |
Change-Id: I49bbac754c65f80c9c614072ab2fec9f738a906a
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The previous solution didn't work on systems where the libraries
aren't in the same location.
Now we search for both libcrypto and libssl and load them if their
versions match, even if they are in different directories.
Task-number: QTBUG-25398
Change-Id: I37164638890586947d07670d8a59fc53a84f9c42
(cherry-picked from commit 8643e1992f6c62983345f89d793742b3449a69ea)
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The installed path of libssl may include an element describing the
architecture, e.g. x86_64-linux-gnu or i386-linux-gnu.
In most cases, the libraries already loaded (static dependencies of
Qt, such as libc) will include the path where libssl is installed.
Use dl_iterate_phdr to find the paths. This is a linux specific
function, but it does provide "/lib/<arch>" and "/usr/lib/<arch>"
at the point ssl symbols are being resolved when running the
qsslsocket autotest (which has less dependencies than a typical
Qt app).
Task-number: QTBUG-24694
Change-Id: I9af8081f41bb85c2fcff450a2acda5672a7f7518
Reviewed-by: Harald Fernengel <harald.fernengel@nokia.com>
(cherry picked from commit e5337ad1b1fb02873ce7b5ca8db45f6fd8063352)
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
The fix broke HTTPS transactions with chunked encoding.
It also broke use of a QSslSocket in unencrypted mode where peek
and read calls are mixed.
See change 68b1d5c17aa38d5921bdade2b0e0cb67c6c90513.
Change-Id: Ib115b3737b0e4217496f5def10aaaea3c6452ff8
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
| |
Calling peek() for qsslsocket caused socket data to be copied into
qiodevices buffer and therefore make it unaccessible in qsslsocket.
Task-number: QTBUG-18498
Change-Id: Ie27a90a468be8158bd8afcd259dbb34483623c36
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QSslCertificate can be copied around into multiple threads,
without detaching. For example, the https worker threads inside
QNetworkAccessManager.
There are const methods, which lazily initialise members of
the private class without detaching (i.e. caching results of
expensive function calls)
These functions now lock the d pointer using QMutexPool to
avoid concurrency related crashes.
autotest crashes 20% of the time in release builds without
the fix, passes 100 times in a row with the fix.
Task-number: QTBUG-20452
Change-Id: I64a01af8159216f2dd6215a08669890f6c029ca8
(cherry picked from commit 55bf4ed9468ad467a0b681d2d041edbc2a5a4d21)
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
| |
Change-Id: Ide85353a85750a1ff85d392629855670ec4f67c0
Reviewed-by: Corentin Chary <corentin.chary@gmail.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
SSL context was destroyed on disconnect. This makes it impossible to
decrypt buffered encrypted data. So if there is encrypted data in the
receive buffers, then don't destroy the ssl context until the socket is
destroyed.
Task-Number: QTBUG-23607
Change-Id: I16a7b4fa006647ec73049c90cdbc72686696850f
Reviewed-by: Jonas Gastal <jgastal@profusion.mobi>
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit c5aba0ac17ae6ed8f3847bd30325acdbd1ecaa80)
|
| |
|
|
|
|
|
|
|
| |
Simple search and replace. This commit doesn't touch 3rd-party files,
nor translations (where the change is not so simple and will be handled
in a separate commit).
Change-Id: I4e48513b8078a44a8cd272326685b25338890148
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
master-integration
* 'master' of scm.dev.nokia.troll.no:qt/qt-symbian-staging:
Fix http authentication to a different realm on the same server
Fix race in http connection channel
Don't fetch credentials from cache following a failed proxy authentication
Handle plain socket write errors in SSL
Fix for assertion failure
Fix faulty logic in http connection pipelining
Test case for QTBUG-22875
QThreads on Symbian are named to allow them to be opened externally
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When an ssl socket is closed during connecting, and it is using a proxy
then it is possible for the plain socket to be in pending close state
when transmit() is called.
As errors were not handled, this caused the socket (and https request)
to "hang".
It now propagates the error from plain socket.
Change-Id: I6fb86815a2a63e197cea582f4b153e487543477c
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 2cc78885b0b7d08f965998d156945a077e56c1d8)
|
| |\ \
| |/
|/|
| |
| |
| |
| | |
master-integration
* 'master' of scm.dev.nokia.troll.no:qt/qt-earth-staging:
SSL: fix build with -openssl-linked for OpenSSL 0.9.8*
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL's SSL_ctrl() always took a "void *" argument as 4th parameter,
since at least version 0.9.7.
I have no idea why we had "const void *" in there.
Reviewed-by: Richard J. Moore <rich@kde.org>
Task-number: QTBUG-23132
|
| |/
|
|
|
|
|
|
|
|
| |
... and only resolve the functions when the methods are available.
SSL 2 functionality is not always available in OpenSSL anymore.
Change-Id: Ia3178685b26c67ac55447476789e06710b596181
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
(cherry picked from commit 09404c072fec2e195d8114dc4d95ce3683c341cf)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This commit adds the ability to perform legacy SSL renegotiation as
a fallback via QSsl::SslOptions. This is something that used to work,
but has been disabled by default in newer versions of openssl. The
need for this has been reported by users (eg. in QTBUG-14983).
Change-Id: I5b80f3ffd07e0c5faddc469f6a8f857bac5740f7
Reviewed-by: Corentin Chary <corentin.chary@gmail.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
(cherry picked from commit 75b2a4960b753766ea2eec4dbd34c67733ca8089)
|
| |
|
|
|
|
|
| |
... as did browser vendors.
Tested manually with affected CA certificates.
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are lots of buggy SSL servers around and to connect to them you
need to disable various features. This commit adds the ability to
disable the SSL ticket extension, the ability to disable the insertion
of empty fragments, and the ability to disable compression.
Task-number: QTBUG-21906
Change-Id: I3e1d0347a46e9030b889bbf15b2aad19b8513b73
Merge-request: 68
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
(cherry picked from commit 78d02e93aca5325fc5be9bfd275862795207abaa)
(commit was cherry-picked from Qt 5 to 4.8 after agreeing with the
author because the merge request was filed against Qt 5.)
|
| |
|
|
|
|
|
| |
and do not only check leaf certificates, but all intermediates and
the root. Tested manually with the cross-signed intermediates.
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
| |
... to reduce the possibility of blacklisting valid certificates that
happen to have the same serial number as a blacklisted one, which is
unlikely, but possible.
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
blacklist the leaf certificate for now. There might well be more fake
certificates in the wild, for that either the Diginotar.nl root cert
needs to be disabled on the system or OCSP would need to be enabled
(not supported by Qt yet).
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
SSL_ctrl's prototype has changed slightly in openssl 1.0.0x - the 4th
argument is now a void* as opposed to a const void*.
gcc 4.6 doesn't allow this as an implicit cast.
Merge-request: 1239
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |\
| |
| |
| |
| |
| |
| | |
Conflicts:
src/opengl/qgl.cpp
src/opengl/qpixmapdata_symbiangl.cpp
src/opengl/qwindowsurface_gl.cpp
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Enlarge SSL readbuffer as per performance testing results.
Checked from Shane Kearns that larger buffer is OK.
Task-id: http://bugreports.qt.nokia.com/browse/QTBUG-18943
RC id: ou1cimx1#779022
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
master-integration
* 'master' of scm.dev.nokia.troll.no:qt/qt-fire-staging:
Adding debug output for not supported gl features
Compile fix in network for ios
Make it possible to compile in a screen plugin name in QWS
Don't redefine EGL defines
Compile fixes in corelib for ios
Export IPHONEOS_DEPLOYMENT_TARGET from qmake
Adding arm armv6 and armv7 as valid archs for mac builds
reset certain global variables on deletion
Made tst_QWidget::repaintWhenChildDeleted() pass.
|
| | | |
| | |
| | |
| | | |
Reviewed-by: Jørgen Lind
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
Conflicts:
doc/src/declarative/righttoleft.qdoc
examples/draganddrop/fridgemagnets/main.cpp
examples/script/context2d/main.cpp
|
| | |\ \
| | |/
| | |
| | |
| | |
| | | |
Conflicts:
src/declarative/declarative.pro
tests/auto/qnetworkproxyfactory/tst_qnetworkproxyfactory.cpp
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reading incoming data in Symbian is slow when it is done from the native RSocket in 1kB blocks.
Typically other native apps use 16 kB or even 24 kB (browser).
This contributes (among other slow tasks such as writing to mass memory) to the TCP window filling up.
This case, even though it should be recoverable, has proven to be problematic in some scenarios including downloading from Ovi Store via 3G.
The fix just increases the amount of data read, which speeds things up and makes the problematic window fill-up less common.
Reviewed-by: Shane Kearns
Task-number: QTBUG-18943
|
| | | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
4.7-integration
* '4.7' of scm.dev.nokia.troll.no:qt/oslo-staging-1:
Updating file with CRLF line endings for the updated header
Fix a regression in QList::mid()
update gitignore
remove -fno-stack-protector
Fix make confclean
Update licenseheader text in source files
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Updated version of LGPL and FDL licenseheaders.
Apply release phase licenseheaders for all source files.
Reviewed-by: Trust Me
|
| | | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some proxies can discriminate based on the User-Agent when sent a
CONNECT command for establishing a HTTPS connection.
With this change, if the User-Agent header is set in the QNetworkRequest
then it will be passed to the http socket engine for use in the connect
command sent to the proxy.
As before, "Mozilla/5.0" will be used by default when no user agent
has been set.
Task-number: QTBUG-17223
Reviewed-by: Markus Goetz
|
| | |\ \ |
|
