| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
openssl3 uses uint64_t for the options argument in SSL_CTX_set_options,
older ones used long.
sizeof(long) is not the same on any platform as sizeof(uint64_t)
Fixes: QTBUG-105041
Change-Id: If148ffd883f50b58bc284c6f2609337d80fb5c58
Pick-to: 5.15 6.2 6.3 6.4
Reviewed-by: Dmitry Shachnev <[email protected]>
Reviewed-by: Timur Pocheptsov <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CMakeLists.txt and .cmake files of significant size
(more than 2 lines according to our check in tst_license.pl)
now have the copyright and license header.
Existing copyright statements remain intact
Task-number: QTBUG-88621
Change-Id: I3b98cdc55ead806ec81ce09af9271f9b95af97fa
Reviewed-by: Jörg Bornemann <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There's no reason to. It's not a Qt module, it's just a plugin and
does not expose any public headers.
Amends d754e43721e4f40a8dffa8b69ef883ca383a4a61
Pick-to: 6.4
Task-number: QTBUG-96283
Change-Id: Idf56c82025b81fd6614ef7e1efeb015e89c84f93
Reviewed-by: Alexey Edelev <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When configuring Qt statically with OpenSSL support on macOS,
configuring a user project would fail, because WrapOpenSSLHeaders could
not be found.
Configuration fails, because we don't record OPENSSL_ROOT_DIR anywhere,
and WrapOpenSSLHeaders is a required dependency of the OpenSSL plugin.
Make the WrapOpenSSLHeaders dependency optional like WrapVulkanHeaders
for QtGui.
Note that when Qt is statically configured with -openssl-linked on
macOS, configuration of user projects will still fail like described
above.
Pick-to: 6.4
Fixes: QTBUG-96283
Change-Id: I0893e18767387ea849c7e5661f5421b71e3f64ab
Reviewed-by: Qt CI Bot <[email protected]>
Reviewed-by: Alexandru Croitor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
We don't need to format the error messages into a QString just to
clear the error queue. Just looping over q_ERR_get_error() does the
trick, too, and isn't less readable.
Pick-to: 6.3
Change-Id: Idc42f8c4ae4374d952cb357fca6c0fca0e04d086
Reviewed-by: Timur Pocheptsov <[email protected]>
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
| |
Use the QLatin1String overload of QString::append().
Pick-to: 6.3
Change-Id: Id8ddfd72199cfb627c2d6648ce3011979f92094e
Reviewed-by: Sona Kurazyan <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the current license disclaimer in files by
a SPDX-License-Identifier.
Files that have to be modified by hand are modified.
License files are organized under LICENSES directory.
Task-number: QTBUG-67283
Change-Id: Id880c92784c40f3bbde861c0d93f58151c18b9f1
Reviewed-by: Qt CI Bot <[email protected]>
Reviewed-by: Lars Knoll <[email protected]>
Reviewed-by: Jörg Bornemann <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
Including moc files directly into their classes' TU tends to improve
codegen and enables extended compiler warnings, e.g. about unused
private functions or fields.
Pick-to: 6.3 6.2
Task-number: QTBUG-102886
Change-Id: I4390ba334e6d29c8ad600270d96112251e0392f7
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
| |
Task-number: QTBUG-98434
Change-Id: I0bb9d534ee42ccbf7d353e251ef58901a86923b4
Reviewed-by: Qt CI Bot <[email protected]>
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
| |
Task-number: QTBUG-98434
Change-Id: Ic235b92377203f7a1429ae7fd784c4a1fa893e9f
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
Required for porting away from QLatin1Char/QLatin1String in scope of
QTBUG-98434.
As a drive-by, fix qsizetype -> int narrowing conversion warnings for
the touched lines.
Change-Id: I121f87214b77aeab1dfd3e62dc5adaa6255cc0e0
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
To make a failure to load libssl or libcrypto more obvious (so that,
for example, failing auto-tests are immediately correctly diagnosed).
Pick-to: 6.3 6.2
Change-Id: I2b1874cc6a04005d286382bb9cd28ee3681aa4e4
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It expands to the first available of
- constinit (C++20)
- [[clang::require_constant_initialization]] (Clang)
- __constinit (GCC >= 10)
Use it around the code (on and near static QBasicAtomic; this patch
makes no attempt to find all statics in qtbase).
[ChangeLog][QtCore][QtGlobal] Added macro Q_CONSTINIT.
Fixes: QTBUG-100484
Change-Id: I11e0363a7acb3464476859d12ec7f94319d82be7
Reviewed-by: Thiago Macieira <[email protected]>
Reviewed-by: Qt CI Bot <[email protected]>
|
| |
|
|
|
|
|
|
| |
As a drive-by, remove superfluous includes from qnetworkmanagerservice.h
and obey the coding conventions for includes in a few more places.
Change-Id: I65b68c0cef7598d06a125e97637040392d4be9ff
Reviewed-by: Thiago Macieira <[email protected]>
|
| |
|
|
|
|
|
| |
'Use size() or length() instead'
Change-Id: I284fce29727c4c1ec9ea38a4e8ea13a9e0af5390
Reviewed-by: Sona Kurazyan <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
TLS backend has become plugins since Qt 6.2.
QtNetwork does not need these links anymore.
Also removes unnecessary condition since openssl tls backend is enabled
only if OpenSSL is enabled.
Pick-to: 6.2 6.3
Change-Id: I4cc0422531d567ad015f9648fbb2bcd51f634cb9
Reviewed-by: Qt CI Bot <[email protected]>
Reviewed-by: Joerg Bornemann <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the certificate didn't change then our trust in it didn't either.
Sadly, cannot have an autotest because we don't have any way
to facilitate a renegotiation at the moment and with TLS 1.3
not having them at all it's unlikely we ever will.
Pick-to: 6.2 5.15
Task-number: QTBUG-92231
Change-Id: Ibaa9b2f627daca05021c574e69526710aacdadae
Reviewed-by: Edward Welbourne <[email protected]>
|
| |
|
|
|
|
| |
Pick-to: 6.2 5.15
Change-Id: I2b13d2f88517abea7e015bfba4fe71dcbada86c0
Reviewed-by: Timur Pocheptsov <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
If we have OPENSSL_NO_DEPRECATED_3_0 defined. This includes RSA, DSA,
EC and DH-related APIs. As of now, we only make sure the code still
compiles.
Pick-to: 6.2 5.15
Fixes: QTBUG-83733
Change-Id: Id455b851421ce0dcdfb0229fa515ba2b2ed690b1
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
The naming updated but the version suffix is hardcoded on windows
and it was overlooked when work was done to support OpenSSL 3.
Fixes: QTBUG-97116
Pick-to: 6.2 5.15 6.2.1
Change-Id: Iec15d772c54ed214940ec5634a0929485478f771
Reviewed-by: Timur Pocheptsov <[email protected]>
|
| |
|
|
|
|
| |
Change-Id: Iec42e4d0f3476bd421861a0139731ff89788ee23
Reviewed-by: Timur Pocheptsov <[email protected]>
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL v3 among other nice things brought some nasty crashes
(essentially, finally breaking what was already not so nice
in 1.x: see, e.g. ASN1_ITEM_free and ASN1_ITEM_ptr that we
have to use to free resources allocated by openssl). Let's,
at least, not use v3 from Qt built with 1.1.1 and vice
versa.
Pick-to: 6.2 5.15
Change-Id: If14a2a0ce2189a1b7967b7ab7248d11d0f2fc423
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
| |
Fixes: QTBUG-96606
Change-Id: Ic2a55fa65c5dc3c057a4da25c218af5a9861410e
Reviewed-by: Timur Pocheptsov <[email protected]>
Reviewed-by: Assam Boudjelthia <[email protected]>
(cherry picked from commit 504df6b135d4ac17aa2290e1aa943d216fb7ef55)
|
| |
|
|
|
|
|
|
| |
It is no longer handled separately from Android.
This effectively reverts commit 6d50f746fe05a7008b63818e77784dd0c99270a1
Change-Id: Ic2d75b8c5a09895810913311ab2fe3355d4d2983
Reviewed-by: Assam Boudjelthia <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
The unversioned libcrypto.dylib that's shipped with macOS 10.15 will
result in a crash if loaded, with a message saying that the unversioned
library should not be loaded, as it doesn't provide a stable ABI.
Task-number: QTBUG-95249
Pick-to: 6.2 5.15
Change-Id: I49325e5d675155e90840cc93623549f725bc77b4
Reviewed-by: Timur Pocheptsov <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's a workaround for the workaround...
If TLS 1.3 was explicitly chosen and the PSK callback is set then
without this patch the callback is never called since, with TLS 1.3, PSK
would only be queried once at the start of a connection.
It can now be re-enabled with an environment variable. A new API should
be added to address the new requirements of PSK with TLS 1.3:
For session resumption the connection MUST use the same hash algorithm
as in the original session. For new sessions the hash algorithm must be
decided ahead of time, or a default will be used (as defined by the
standard). A user can also pass along multiple identity+key pairs and
the server will pick one it recognizes. This is not something we can
currently do with the preSharedKeyAuthenticationRequired callback.
[ChangeLog][Network][QSslSocket][OpenSSL] When using TLS 1.3 we
suppress the first callback from OpenSSL about pre-shared keys, as it
doesn't conform to the past behavior which
preSharedKeyAuthenticationRequired provided. With this update you can
opt-out of that workaround by setting the QT_USE_TLS_1_3_PSK environment
variable
Pick-to: 6.2 6.1 5.15
Task-number: QTBUG-95670
Change-Id: Ia7454bbbf394cbcb859de333b371d0890b42a1c3
Reviewed-by: Timur Pocheptsov <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
They went unnoticed previously because of lazy evaluation, which is
not the case anymore.
Fixes: QTBUG-96155
Pick-to: 6.2 5.15
Change-Id: I46026a24b354c1db7c10d84fceae06c4ab7cc0fc
Reviewed-by: Edward Welbourne <[email protected]>
|
| |
|
|
|
|
|
|
| |
For consistency with other plugins.
Pick-to: 6.2
Change-Id: I45507389a42e645c94f1ca3f32262a2181f282f7
Reviewed-by: Kai Koehne <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The intention is to remove TYPE as a keyword completely before 6.2.0
release, but in case if that's not possible due to the large amount
of repositories and examples, just print a deprecation warning for
now and handle both TYPE and PLUGIN_TYPE.
Task-number: QTBUG-95170
Pick-to: 6.2
Change-Id: If0c18345483b9254b0fc21120229fcc2a2fbfbf5
Reviewed-by: Qt CI Bot <[email protected]>
Reviewed-by: Joerg Bornemann <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With OpenSSL v3 it would be possible to compile-out functions,
directly working with entities like RSA, DSA, DH and EC_KEY.
For this you have to define OPENSSL_API_COMPAT >= 0x30000000L.
This would break QSslKey and QSslContext.
To mitigate this potential problem, we switch to the 'generic'
API, that works with EVP_PKEY instead. All functionality
will be preserved, except inability of QSslKey::handle()
to get pointers to RSA, DSA, DH or EC_KEY.
Fixes: QTBUG-95122
Pick-to: 6.2
Change-Id: Ic85b48502421c4330cf4877b52850539c855fa74
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this change, next() was the only way to advance the iterator,
whether the caller was ultimately interested in just the filePath()
(good) or not (bad luck, had to call .fileInfo()).
Add a new function, nextFileInfo(), with returns fileInfo() instead.
Incidentally, the returned object has already been constructed as part
of advance()ing the iterator, so the new function is faster than
next() even if the result is ignored, because we're not calculating a
QString result the caller may not be interested in.
Use the new function around the code.
Fix a couple of cases of next(); fileInfo().filePath() (just use
next()'s return value) as a drive-by.
[ChangeLog][QtCore][QDirIterator] Added nextFileInfo(), which is like
next(), but returns fileInfo() instead of filePath().
Change-Id: I601220575961169b44139fc55b9eae6c3197afb4
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
Disabled (moved into the legacy provider) DES-CBC results in a crash,
when setting key length.
Pick-to: 6.2 6.1 5.15
Change-Id: Ie0b49424f11d8042ebecebfd3b6346263f730551
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
| |
With -static build lcTlsBackend was duplicated.
Pick-to: 6.2
Change-Id: I20ee0f9c7e2027a7033c9fbae628d0d91672e719
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
... instead of QSharedPointer.
QSharedPointer performs twice as many atomic operations per pointer
copy as std::shared_ptr, and this is private API, we're not bound by
BC constraints, so we can port to the more efficient version.
Change-Id: I2e2a02493565a7ca51c86ec0ed66b6ce7c763e41
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
In preparation of porting to shared_ptr.
Add a few strategic moves and remove a rather pointless comment
stating the obvious.
Change-Id: Ie1c0f3431af79bdb204e00d99323bf9f2d100d0d
Reviewed-by: Edward Welbourne <[email protected]>
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As pointed out by Marc Mutz in another review, the Android branches of
its #if-ery amounted to a complicated no-op, so simplify the #if-ery,
add a TODO and then simplify the code thereby freed of the need to
accommodate the #if-ery.
In the process, initialize a set of filenames with the two filenames
that we read certificates from after looping over the set, which might
have left those files being read twice.
Change-Id: I2ee4ee3c3cf40226ee6a50afd6127fa4a71d2834
Reviewed-by: Mårten Nordheim <[email protected]>
Reviewed-by: Edward Welbourne <[email protected]>
Reviewed-by: Marc Mutz <[email protected]>
Reviewed-by: Qt CI Bot <[email protected]>
Reviewed-by: Timur Pocheptsov <[email protected]>
|
| |
|
|
|
| |
Change-Id: Ib43a9b165deb6f3141700961469acf2eb60862ec
Reviewed-by: Marc Mutz <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
All callers use the shared-ptr version these days.
Change-Id: I77e9fc9ccb8a57bfebcad7883e9eaff3780748f0
Reviewed-by: Edward Welbourne <[email protected]>
Reviewed-by: Qt CI Bot <[email protected]>
Reviewed-by: Mårten Nordheim <[email protected]>
Reviewed-by: Timur Pocheptsov <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
SSL_get_peer_certificate was deprecated in OpenSSL v3 and can be 'compiled-out'
using OPENSSL_API_COMPAT. Use SSL_get1_peer_certificate instead.
Pick-to: 6.2
Task-number: QTBUG-94596
Change-Id: Iedb2e06e673e981cab79d4bf0147ac6f5f90089a
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The workaround I had implemented based on alpha version of OpenSSL v3
and what developers (OpenSSL) said about DH back then is not going to work
in the end - they do remove all DH (struct and related functions) stuff
if you set a proper OPENSSL_API_COMPAT level. A proper re-write is required
to support OpenSSL v3, but then there is no reason to keep dead useless
code.
Pick-to: 6.2
Task-number: QTBUG-94596
Change-Id: Iae092dd08148521649a684879d30e190736e1abe
Reviewed-by: Timur Pocheptsov <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
It was fixed quite some time ago for TLS counterpart (TLS_MAX_VERSION),
but somehow the similar fix was missing for DTLS. OpenSSL v3 deprecated
those constants and they can be compiled out by OPENSSL_API_COMPAT.
Pick-to: 6.2
Task-number: QTBUG-94596
Change-Id: Ia0246170a003db900c430b2fbfc177caf05a395a
Reviewed-by: Edward Welbourne <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pro2cmake.py conversion script faithfully reproduced the .pro files
for the plugins, which specified the libraries as public. But in CMake,
the implications of this are that public usage requirements should then
be propagated to consumers. We don't expect any consumers, since a
plugin is created as a MODULE library in CMake, so for Windows we don't
even have an import library to link with. The only exception to this is
for static builds where plugins are created as STATIC libraries
instead, but only in certain controlled situations do we then link to
plugins. Even then, usage requirements are not expected to propagate to
the consumers, so these relationships should always be specified as
private.
Pick-to: 6.2
Task-number: QTBUG-90819
Change-Id: Ibc7c2bcd3b6a9dc77df40c4c0c22ff254a80f33d
Reviewed-by: Qt CI Bot <[email protected]>
Reviewed-by: Alexandru Croitor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Ministro no longer work on recent Android versions (Android 8+),
and it hasn't been maintained and the repos are not updated, the
existing code is practically a dead code.
[ChangeLog][Android] Remove ministro code since it's been unmaintained
and not working with recent Android versions.
Task-number: QTBUG-85201
Pick-to: 6.2
Change-Id: I18d7b1e209cba3cfd04674060e9bf39aa5a5510f
Reviewed-by: BogDan Vatra <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
As per the best practice laid forth in RFC-8996.
TLS 1.2 was recommended from 2008 until TLS 1.3 was released in 2018.
[ChangeLog][QtNetwork][QSslSocket] TLS 1.0, 1.1 and DTLS 1.0 are now
deprecated, as recommended by RFC-8996.
Fixes: QTBUG-92880
Change-Id: I90cebcfb07cfce623af7ac9f2b66ce9d02586b54
Reviewed-by: Timur Pocheptsov <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
Since we're no longer connected, much less encrypted.
Was done in schannel backend, but not in ST or OpenSSL
Pick-to: 6.2
Change-Id: Ia49387be0088f899a0c89091f7e468dba1c0eee6
Reviewed-by: Timur Pocheptsov <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
With the recent change, 'system' headers gone: not in the test code anymore,
so, for example OPENSSL_VERSION_NUMBER is undefined, making the test
to select a wrong code-path - 'h2c', instead of encrypted h2.
Pick-to: 6.2
Pick-to: 6.1
Change-Id: I3b201e21fac56875c9045c7463e2ae69af4c6470
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
The generated CMake file Config.cmake in cmake/Qt6Network/
is generated from the target name. If it doesn't end with "Plugin",
then it won't be found by Qt6NetworkPlugins.cmake, which is looking
for Qt6*PluginConfig.cmake files.
Fixes: QTBUG-94108
Change-Id: I43f7056b2caede14509c9ec66b10e2037033762b
Reviewed-by: Alexandru Croitor <[email protected]>
|
| |
|
|
|
|
|
|
| |
To report QDtlsClientVerifier implementation supported.
Change-Id: I23812396c0c6a9595769d8ddb9cc2f85cc636ecb
Reviewed-by: Edward Welbourne <[email protected]>
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
| |
Change-Id: I3bf366967d7995621aba1a7c1bec6732f3ef957d
Reviewed-by: Mårten Nordheim <[email protected]>
Reviewed-by: Timur Pocheptsov <[email protected]>
Reviewed-by: Edward Welbourne <[email protected]>
|
|
|
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <[email protected]>
Reviewed-by: Edward Welbourne <[email protected]>
Reviewed-by: Mårten Nordheim <[email protected]>
|
