Move plugin code from QtNetwork to qtbase/plugins

All TLS (and non-TLS) backends that QSsl classes rely on are now in plugins/tls (as openssl, securetransport, schannel and certonly plugins). For now, I have to disable some tests that were using OpenSSL calls - this to be refactored/re-thought. These include: qsslsocket auto-test (test-case where we work with private keys), qsslkey auto-test (similar to qsslsocket - test-case working with keys using OpenSSL calls). qasn1element moved to plugins too, so its auto-test have to be re-thought. Since now we can have more than one working TLS-backend on a given platform, the presence of OpenSSL also means I force this backend as active before running tests, to make sure features implemented only in OpenSSL-backend are tested. OCSP auto test is disabled for now, since it heavily relies on OpenSSL symbols (to be refactored). [ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend if it is available. [ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore, depending on a platform, more than one TLS backend can be built. E.g., configuring Qt with -openssl does not prevent SecureTransport or Schannel plugin from being built. Fixes: QTBUG-91928 Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3 Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2021-03-25 12:41:08 +0100
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2021-04-22 22:51:54 +0200
commit: d385158d5213ef568b7629e2aa4a818016bbffac (patch)
tree: 2c111b462fe39dffacb3c7f5cdd8db269f87ed6c /src/network/ssl/qtlsbackend.cpp
parent: 6b1a7341fed4b9456ea6bfa2de7412d45ef56c65 (diff)
1 files changed, 31 insertions, 16 deletions
diff --git a/src/network/ssl/qtlsbackend.cpp b/src/network/ssl/qtlsbackend.cpp
index 079cbccbc05..4c412d436f8 100644
--- a/src/network/ssl/qtlsbackend.cpp
+++ b/src/network/ssl/qtlsbackend.cpp
@@ -46,8 +46,6 @@
 #include "qsslcipher_p.h"
 #include "qsslkey_p.h"
 #include "qsslkey.h"
-#else
-#include "qtlsbackend_cert_p.h"
 #endif
 
 #include "qssl_p.h"
@@ -63,7 +61,7 @@
 QT_BEGIN_NAMESPACE
 
 Q_GLOBAL_STATIC_WITH_ARGS(QFactoryLoader, loader,
-                          (QTlsBackend_iid, QStringLiteral("/tlsbackends")))
+                          (QTlsBackend_iid, QStringLiteral("/tls")))
 
 namespace {
 
@@ -104,14 +102,6 @@ public:
         while (loader->instance(index))
             ++index;
 
-        // TLSTODO: obviously, these two below should
-        // disappear as soon as plugins are in place.
-#if QT_CONFIG(ssl)
-        QSslSocketPrivate::registerAdHocFactory();
-#else
-        static QTlsBackendCertOnly certGenerator;
-#endif // QT_CONFIG(ssl)
-
         return loaded = true;
     }
 
@@ -244,6 +234,13 @@ bool TlsCryptograph::isMatchingHostname(const QString &cn, const QString &hostna
     return QSslSocketPrivate::isMatchingHostname(cn, hostname);
 }
 
+void TlsCryptograph::setErrorAndEmit(QSslSocketPrivate *d, QAbstractSocket::SocketError errorCode,
+                                     const QString &errorDescription) const
+{
+    Q_ASSERT(d);
+    d->setErrorAndEmit(errorCode, errorDescription);
+}
+
 #endif // QT_CONFIG(ssl)
 
 #if QT_CONFIG(dtls)
@@ -255,7 +252,8 @@ DtlsBase::~DtlsBase() = default;
 const QString QTlsBackend::builtinBackendNames[] = {
     QStringLiteral("schannel"),
     QStringLiteral("securetransport"),
-    QStringLiteral("openssl")
+    QStringLiteral("openssl"),
+    QStringLiteral("cert-only")
 };
 
 QTlsBackend::QTlsBackend()
@@ -436,18 +434,25 @@ QList<QString> QTlsBackend::availableBackendNames()
 
 QString QTlsBackend::defaultBackendName()
 {
-    // We prefer native as default:
+    // We prefer OpenSSL as default:
     const auto names = availableBackendNames();
-    auto name = builtinBackendNames[nameIndexSchannel];
+    auto name = builtinBackendNames[nameIndexOpenSSL];
     if (names.contains(name))
         return name;
-    name = builtinBackendNames[nameIndexSecureTransport];
+    name = builtinBackendNames[nameIndexSchannel];
     if (names.contains(name))
         return name;
-    name = builtinBackendNames[nameIndexOpenSSL];
+    name = builtinBackendNames[nameIndexSecureTransport];
     if (names.contains(name))
         return name;
 
+    const auto pos = std::find_if(names.begin(), names.end(), [](const auto &name) {
+        return name != builtinBackendNames[nameIndexCertOnly];
+    });
+
+    if (pos != names.end())
+        return *pos;
+
     if (names.size())
         return names[0];
 
@@ -787,6 +792,16 @@ void QTlsBackend::setEphemeralKey(QSslSocketPrivate *d, const QSslKey &key)
     d->configuration.ephemeralServerKey = key;
 }
 
+void QTlsBackend::forceAutotestSecurityLevel()
+{
+}
+
+Q_NETWORK_EXPORT void qt_ForceTlsSecurityLevel()
+{
+    if (auto *backend = QSslSocketPrivate::tlsBackendInUse())
+        backend->forceAutotestSecurityLevel();
+}
+
 #endif // QT_CONFIG(ssl)
 
 QT_END_NAMESPACE
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2021-03-25 12:41:08 +0100
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2021-04-22 22:51:54 +0200
commit	d385158d5213ef568b7629e2aa4a818016bbffac (patch)
tree	2c111b462fe39dffacb3c7f5cdd8db269f87ed6c /src/network/ssl/qtlsbackend.cpp
parent	6b1a7341fed4b9456ea6bfa2de7412d45ef56c65 (diff)