| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Server Name Identification.
We were just passing it to Schannel's API, which took a utf-16 string
and then forwarded it to the network without changes. So instead
we specifically pass it through QUrl and request it to encode any
Unicode characters.
Fixes: QTBUG-141061
Fixes: QTBUG-113028
Pick-to: 6.10 6.8
Change-Id: I33679c68e8e984deb92ff117bf5dd9d4fa4e351b
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have QT_FEATURE_ssl dependent on one of QT_FEATURE_(openssl/securetransport/schannel),
but it's also possible to provide -no-ssl option to the configure script. This essentially
disables/switches OFF QT_FEATURE_ssl, but it does not affect QT_FEATURE_whatevertls,
which has its own 'no' option, like -no-securetransport or -no-openssl. This potentially
leaves us with inconsistent source code checks for features, which are assuming QT_CONFIG(openssl)
also implies QT_CONFIG(ssl). To resolve this problem, make dtls and TLS plugins require
QT_FEATURE_ssl (in addition to QT_FEATURE_openssl/securetransport/schannel).
Fixes: QTBUG-140203
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: I276d952283eb7a67ba7b9196a0a5a400b9504656
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A mix of QT_ENABLE_STRICT_MODE_UP_TO and QT_NO_CAST_FROM_ASCII
Disabling implicit conversions from ASCII makes it easier to avoid
unnecessary (unexpected) conversions.
And disabling contextless connects helps avoid annoying lifetime issues.
Change-Id: I4f695f2fe993e3e69fe49b0d7965a427150d69ae
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
In Darwin specific code.
Amends c70bb357cce860385ea8c61b337f24165fa04db6
Pick-to: 6.10 6.9 6.8
Change-Id: I2bf8471d7d9c191d407c9e2be9aec2ff35887756
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
The plugin is not yet built with the constructor disabled,
so it is an easy thing to miss.
Amends 1493a6e8841dcfb8354f841585ac08ed35e9363b.
Change-Id: I4ed5c9ed2282b96b04603a7a8ff07f5964ff5f2d
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
By rewriting to match the comment above.
Amends 3bc5f8c08107bcf8b5c274411850a67aed92372d.
Pick-to: 6.10 6.9 6.8
Change-Id: I8d4a61437a8cee977237b73cd6439785235e670f
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Functions are declared as extern "C", which prevents them from being
mangled. Since they are onyly passed as callacks to openssl, but we
don't need to prevent mangling, we can remove the extern "C" statements
from them
Pick-to: 6.10
Task-number: QTBUG-138543
Change-Id: I0f4cca0cf799ebb6b2df980d2a607c6b336aa8c9
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce support for the post-quantum digital signature algorithm
ML-DSA, which is selected by NIST for standardization as part of their
post-quantum cryptography (PQC) project. It's designed to be secure
against attacks from both classical and future quantum computers and is
intended to replace traditional digital algorithms like RSA.
The OpenSSL backend now handles the three security levels (ML-DSA-44,
ML-DSA-65, and ML-DSA-87) when OpenSSL 3.5 or newer is used or when any
provider (like oqsprovider) with ML-DSA support is configured.
[ChangeLog][QtNetwork][QSsl] Added support for the ML-DSA signature
algorithm.
Change-Id: I96fa7e2c95d7c431229816aa9a9a14ebcf46ee40
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Red Hat family distros haven't used /usr/share/ssl since 2004:
https://bugzilla.redhat.com/show_bug.cgi?id=143392
/etc/ssl/certs has never been a canonical location on Red Hat
family distros, and as of
https://fedoraproject.org/wiki/Changes/dropingOfCertPemFile is
being removed. The same change also removes
/etc/pki/tls/certs/ca-bundle.crt . This updates both magic lists
with the modern canonical locations for Red Hat and derived
distros. The tls-ca-bundle.pem bundle has been around in Fedora
since around 2013:
https://src.fedoraproject.org/rpms/ca-certificates/c/d538ada99cda951da7da3a72dc5eea06f02be212
The directory-hash dir has been around since around 2021:
https://src.fedoraproject.org/rpms/ca-certificates/c/1c8b67fb5ab3954a308d019461bb30d50412087e
Original patch from Adam Williamson <awilliam@redhat.com>
Pick-to: 6.10 6.9
Change-Id: I6b6060f66ae1bfd4b50db6852ecc490bf54cbb58
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
| |
|
|
|
|
|
|
|
| |
The rest was handled separately.
Fixes: QTBUG-135730
Pick-to: 6.10 6.9 6.8
Change-Id: Id68d759dd622553bc8b599673940e719a8a750c4
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
The files all deal with cryptography in one way or another,
some more directly than others.
Task-number: QTBUG-135730
Pick-to: 6.10 6.9 6.8
Change-Id: If4a7bba92de5f4577876623c403379008008643a
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The key/certificate lifetime management in our Schannel backend is a
little lacking. We haven't guaranteed that the original contexts are
held alive for the full duration of their usage. Though with default
settings they get persisted to disk so it has been mostly fine.
One problem with that is that the legacy APIs in Windows for this is not
smart enough to figure out that a repeatedly-loaded key is the same one,
so it 'persists' a new file to disk every time we set up a credential
context for a connection. For a busy server this may end up with
creating a ton of small files that don't get deleted (or reused).
By using the ncrypt APIs we don't fully stop persisting _all_ data to
disk, but from testing we now only have one file per key. Regardless of
the amount of connections.
Another patch around lifetimes can be done for dev, and dev only, as
it's quite a bit more extensive, and not fit for picking back to the
LTS branches.
Fixes: QTBUG-136055
Pick-to: 6.10 6.9 6.8
Change-Id: I61398a3773ef8c25aab21df3e78b71f3ab11d488
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
| |
We already have the alias for it, we just never updated the stored
member to use it.
Pick-to: 6.10 6.9 6.8
Change-Id: I850c9f0b899a15603b4c5ac83693019b856effb2
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We were always checking 'client' or 'server' usage depending on our own type,
which breaks for any intermediate certificate with the 'ca' usage set.
We assume that any non-leaf certificate should be a CA (if anything),
and leaf certificates must be for client or server usage.
Pick-to: 6.10 6.9 6.8 6.5
Fixes: QTBUG-137041
Change-Id: I268f3bad669df77351fc458f56e318db75ecac7b
Reviewed-by: Mate Barany <mate.barany@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QSslCertificate::fromPath() does some extra work:
- matching wildcard glob or regular expression patterns
- checks if the string it's called on is a file or a dir
That extra work isn't needed when you already have the path to a
specific certificate file.
E.g. qtlsbackend_openssl.cpp:systemCaCertificates() used to call
fromPath() on *.pem/*.crt files that it got from iterating over system
certifcates dirs.
This also de-duplicates the code in fromPath().
[ChangeLog][QtNetwork][QSslCertificate] Added fromFile() method.
Change-Id: I92ab358e4711866dd4510da42c47905c7dae58b1
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Internally QDirListing uses the name filters to create
QRegularExpression objects which are then used to do the matching. Here
we are looking for files that have ".pem" or ".crt" extensions, so basic
string matching should work the same and is inherently faster.
Pick-to: 6.9
Change-Id: Ib19b1eb8717b21c3b96a52e7036665c40fb24caf
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
| |
... instead of reyling on the QByteArray to QString implicit conversion.
Pick-to: 6.9
Change-Id: Ia9e8026f2962009d9deac044e42b18f6333cfec1
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the PKCS12_ALWAYS_CNG_KSP flag instead of PKCS12_PREFER_CNG_KSP
when importing a PKCS12/PFX file to make sure the private keys are
stored in the Key Storage Provider, so that the
CERT_NCRYPT_KEY_HANDLE_PROP_ID property is set on the associated
certificate and the subsequent query for it succeeds.
Background: If the PFX file contains a Crypto Service Provider (CSP)
bag attribute and PFXImportCertStore is called with the
PKCS12_PREFER_CNG_KSP flag, then the private keys are stored in the
CSP that is referenced in the bag attribute and the key is only
accessible through the deprecated API.
Change-Id: If2ad2fa6a7b20f02e40fc49c98e3a72b68d832f2
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
| |
We know it's deprecated, and have a bug report to track it, so we don't
need a compilation warning on each build.
Task-number: QTBUG-119171
Change-Id: Iea9e45ae154761efb0960acf34a79953518024c1
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
| |
Fixes the build with QT_NO_CAST_FROM_BYTEARRAY.
Pick-to: 6.9 6.8 6.5
Change-Id: I7d26235cbb9d26dc4b6d12a68a5ae494574b82a2
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It was added in 44cb71d6fdb0b7285d4ef74a1ef778323aa9e5ee to reduce the
size of the bootstrap lib.
Since commit c7f64d84fbd9b5b3cac41c1d81dc4d0479fc3fa1 removed
QCryptographicHash from the bootstrap lib, the macro is now
redundant (unless it's used by QtLite).
Change-Id: I5459a52507bc9e0a7b982b4382211be9a23c4ad9
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Because they would break communication (or loop infinitely) otherwise
since we use the presence of bytes in the returned buffer to know if
there is still something we need to transmit.
Amends 4e60a6b556d91ab797aebb7422666a685a726755
Pick-to: 6.9
Change-Id: If72c1a142d4567f69d78177250b0218c5ca999fd
Reviewed-by: Even Oscar Andersen <even.oscar.andersen@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
...and fromUtf8() format strings.
QString::arg() is now available on QUtf8StringView, too and can handle
UTF-8 arguments directly.
Change-Id: Ifa8b1ea0f41414d15a6919b1967e0a45e4d7929f
Reviewed-by: Ahmad Samir <a.samirh78@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've encountered that under some circumstances DecryptMessage may
return undocumented SEC_E_DECRYPT_FAILURE status. It's probably a bug
in Schannel on Win 11, as there is no such problem on Win 10.
In such cases, since we didn't handle this specifically, we can end
up in an infinite loop in TlsCryptographSchannel::transmit() when
`intermediateBuffer` is not empty and `bytesRead` is 0.
To fix this, we just add SEC_E_DECRYPT_FAILURE status handling and
will disconnect from the host and emit the error respectively.
Pick-to: 6.8
Change-Id: I340669a967be420c74cb01296629f94c4720c958
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Our workaround with a temporary keychain is not working anymore.
Startring from macOS 15 Security framework supports a new option:
kSecImportToMemoryOnly. Setting it to kCFBooleanTrue allows us to
import PCKS12 without accessing 'login' keychain and thus avoiding
blocking system-alerts requesting keychain access.
Pick-to: 6.8
Fixes: QTBUG-128579
Change-Id: Ic86460b05dbee07194b146cefc45df6a478946b1
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
|
| |
|
|
|
| |
Change-Id: I962924bf959bbe857de8da677c590870893850a3
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
By encrypting multiple 'Messages' before we send them we reduce
the overhead on both ourselves and the receiving end.
This brings some synthetic benchmark I have written from taking
around 50-60+ seconds to around 10.
With OpenSSL it is taking around 2 seconds, so there is still some
headroom, but this should be okay for now.
Change-Id: Ibcbc04a503a4b49197296ceaea2f0c38f528dfc4
Reviewed-by: Mate Barany <mate.barany@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
| |
If we just have a few pointers then the logic becomes slightly simpler
and opens up for some optimizations.
Change-Id: Id482cb918b59421fedb8148e921c2ab7d43c4506
Reviewed-by: Mate Barany <mate.barany@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Put it into a solitary piece to make it easier to review
and reason about its effective scope.
+ I don't have to indent it as much later
Use a small struct wrapping a bool and a byte array as the return type
so we can know if an empty message is actually an error or expected.
Change-Id: I2614ab83a304609538ede7c8e7ea132bf2fa1a19
Reviewed-by: Mate Barany <mate.barany@qt.io>
|
| |
|
|
|
|
|
|
| |
Looking for certificates, the name filters are {*.pem,*.crt}, so only
list files and symlinks to files.
Change-Id: Ic8cea09e4d8004c35a9ae60dbbee7b41362e2c94
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
| |
This removes the overhead of constructing a QDir.
Change-Id: I94fdfbe76880f8dfd7d0cd773bfd371331e586f6
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When building qt with QT_NO_DEBUG/WARNING/INFO_OUTPUT set, then the
qDebug/Warning/Info macros expand to `QMessageLogger::noDebug`. That
helper is not defined to take a logging category or category function,
so using `qDebug(lcX, ...)` breaks the build. The correct way to emit
categorized logging is to use the qCDebug/Warning/Info macros.
Task-number: QTBUG-125589
Pick-to: 6.8 6.7 6.5
Change-Id: I968b0e826871a09023c11fec9e51caa5a2c4dc0b
Reviewed-by: Jonas Karlsson <jonas.karlsson@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Address the "A constructor must initialize all data members of the
class" warning.
Found by an Axivion scan.
Task-number: QTBUG-125026
Pick-to: 6.8 6.7 6.5
Change-Id: I46a7dd358d107670846fa35c0b02d2591258438d
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By extending IteratorFlag so that it replaces both QDir::Filter and
QDirIterator::IteratorFlag enums, but with better defaults (based on how
QDir/Iterator is used in 15-20 years worth of code in Qt and KDE).
Make the QDirListing(QDir ~~) ctor private, also change it to use
QDirIterator::IteratatorFlags; it will be used to port existing code.
If QDir is ported to use QDirListing::IteratorFlags, instead of
QDir::Filters, a public QDirListing(QDir) constructor can then be added.
Pick-to: 6.8
Fixes: QTBUG-125504
Task-number: QTBUG-125859
Change-Id: Ide4ff8279f554029ac30d0579b0e8373ed4337f7
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The class has a custom destructor, we should handle the other special
member functions as well.
Found by an Axivion scan.
Pick-to: 6.8 6.5
Task-number: QTBUG-125026
Change-Id: I172aeb02d81a0f66ab724892d9f938a12f371ffa
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Contrary to OpenSSL the new ciphers support in Schannel
would disallow all ciphers when the list was empty.
The pre-existing behavior was to use the default list.
Amends f7792d2b6d3d1e5dd47a8f6429b817b793bcfb9b
Pick-to: 6.7
Change-Id: I0e79013ac86261c4afa4affb28cb1838177c12de
Reviewed-by: Tobias Koenig <tobias.koenig@kdab.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Use QDirListing in the Bootstrap build instead of QDirIterator.
Drive-by changes:
- more const variables
- use emplace_back() instead of append() where appropriate
Change-Id: Ie1f0d03856e557c4bfabfff38a87edc7da86d091
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In reality I think it should be covered elsewhere, before reaching
the TLS code. But this is a simple fix to avoid an unnecessary warning.
This is actually quite similar to the resolution in
ef4ba0285f9c5dd5ee2dca1e0cefee45eba3477c.
Technically checking isWritable would be more correct, but Qt is usually
the one to open the socket, and we open for both read and write anyway.
Fixes: QTBUG-116550
Pick-to: 6.7 6.6 6.5
Change-Id: I4996b18b5b65c434d91543451186f335e201604f
Reviewed-by: Mate Barany <mate.barany@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
| |
Change-Id: I92fddb36cd136fd1bd627955f15d0559b9942d7e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It previously had to kludge a 1900-to-1999 date into a 1950-to-2049
range; it can now tell QDTP to do that for it. In particular, this
fixes a problem with 00-02-29, which failed to parse using 1900 as
base year so couldn't be corrected to 2000-02-29, which is now the
date it finds directly.
Task-number: QTBUG-46843
Change-Id: I7ac936bdfb15b78daed5d237c5d921c800af4951
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit d201c0a2184881a226bce76528047707e9062856.
Reason for revert: QNX have support only for OpenSSL1.1.
QNX will start supporting OpenSSL3 with upcoming QNX8.0 but as long as we want to support QNX7.1 (and even QNX7.0) removing OpenSSL1.1 support from Qt is not an option.
Change-Id: Ia2083eda318779968eb6ee84fff2f56ebe3dadf7
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By parsing QDate and QTime separately it will internally parse the
values as-if-by UTC. This means we avoid the overhead of figuring out
what the local timezone is repeatedly for each certificate.
On Windows, with Schannel, this brings QAsn1Element::toDateTime
from consuming more than 97% of the test time to below 10%.
The test being tst_QSslSocket::systemCaCertificates. It also goes
from taking 1 minute in debug, to 1 second.
As a drive-by: add a (currently) failing test for Feb 29 2000, which
fails because we decode the date as 1900 before adjusting it to 2000.
But there is no 1900-02-29, so it returns an invalid date. As spotted
by Eddy.
Pick-to: 6.6 6.5
Change-Id: Iefa73a01d710129faf6412c4fa8bc2b5d7c98bbb
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL 1.1 reached EOL last September [1]. We will only support
OpenSSL 3.
Cherry-picking aggressively, as there's no purpose at keeping maintained
Qt versions work with an unmaintained library given the security
implications.
[1] https://www.openssl.org/blog/blog/2023/09/11/eol-111/
[ChangeLog][QtNetwork][SSL] Support for OpenSSL 1.1 has been dropped. Qt
now only supports OpenSSL 3.
Change-Id: I51a231a9ca17804739acbd2f22c478d2a8ff9b3b
Fixes: QTBUG-119330
Pick-to: 6.6 6.5 6.2 5.15
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The toLatin1 wasn't necessary, the argument should be QString.
The plugin isn't currently built with the ASCII ctors disabled,
so it passed through CI unnoticed.
Amends 3159b337f01767412f51c649d30a72ac8417989b
Pick-to: 6.6 6.5
Change-Id: Ib63ccaffacc46e5a313551f1e7c0e02ae09b1a01
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Because it happens in some (unknown precondition) cases.
While it would be nice to know what the client is doing to trigger this,
it's not worth crashing over in the meantime.
Fixes: QTBUG-118458
Pick-to: 6.6 6.5 6.2
Change-Id: I261a17578e7cd3a95e591a3228b33561000fd336
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
It's no more defined in opensslv.h, try to use OPENSSL_SHLIB_VERSION
instead.
Pick-to: 6.6 6.5
Fixes: QTBUG-116295
Change-Id: Ie465f4147e0ec95897bd8d35f71241884bf64b4e
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a couple places we already check if the socket is connected,
however we can be connected _and_ have the socket be closed.
The logic behind that I don't really understand, but there are
similar checks for validity in the OpenSSL backend.
This happens when calling close() on a still-connecting
socket. The QIODevice is marked as closed, but the connection
cannot yet be aborted. And when it finishes connecting we
handle the signal, start encryption, and then disconnect.
Pick-to: 6.6 6.5
Fixes: QTBUG-116550
Change-Id: I06c0a2db32bea0b573a99a971b8fb0b66a7a73d5
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Crash reports imply the `certBackend` we extract in
QSslCertificate_from_CERT_CONTEXT is null, which means that
something went wrong when parsing the certificate data we get from
the certificate chain.
We assume the rest is okay since it must be inside the bounds of the
length of the chain.
It's not clear why the certificate would be invalid, but it's better
to avoid the crash for now.
Pick-to: 6.5 6.6
Task-number: QTBUG-118569
Change-Id: I76ce07fc38bf82ef5c93097d839724ddee1edeef
Reviewed-by: Tim Jenssen <tim.jenssen@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
[ChangeLog][QtNetwork][QSslDiffieHellmanParameters] An empty
Diffie-Hellmann parameter enables auto selection of openssl
backend.
Fixes: QTBUG-117666
Change-Id: Ic2e0529d48542752ca801bcb4d609988e5ddff25
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
... by checking if SECBUFFER_APPLICATION_PROTOCOLS is defined.
In this case, we assume that the current environment supports ALPN.
Then we no longer do a blanket block for all mingw configurations.
Pick-to: 6.6
Change-Id: I2eedb813a5bdc3b1a5097053b04aa45d25d175aa
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
