| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Red Hat family distros haven't used /usr/share/ssl since 2004:
https://bugzilla.redhat.com/show_bug.cgi?id=143392
/etc/ssl/certs has never been a canonical location on Red Hat
family distros, and as of
https://fedoraproject.org/wiki/Changes/dropingOfCertPemFile is
being removed. The same change also removes
/etc/pki/tls/certs/ca-bundle.crt . This updates both magic lists
with the modern canonical locations for Red Hat and derived
distros. The tls-ca-bundle.pem bundle has been around in Fedora
since around 2013:
https://src.fedoraproject.org/rpms/ca-certificates/c/d538ada99cda951da7da3a72dc5eea06f02be212
The directory-hash dir has been around since around 2021:
https://src.fedoraproject.org/rpms/ca-certificates/c/1c8b67fb5ab3954a308d019461bb30d50412087e
Original patch from Adam Williamson <awilliam@redhat.com>
Pick-to: 6.10 6.9
Change-Id: I6b6060f66ae1bfd4b50db6852ecc490bf54cbb58
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
| |
|
|
|
|
|
|
|
| |
The rest was handled separately.
Fixes: QTBUG-135730
Pick-to: 6.10 6.9 6.8
Change-Id: Id68d759dd622553bc8b599673940e719a8a750c4
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QSslCertificate::fromPath() does some extra work:
- matching wildcard glob or regular expression patterns
- checks if the string it's called on is a file or a dir
That extra work isn't needed when you already have the path to a
specific certificate file.
E.g. qtlsbackend_openssl.cpp:systemCaCertificates() used to call
fromPath() on *.pem/*.crt files that it got from iterating over system
certifcates dirs.
This also de-duplicates the code in fromPath().
[ChangeLog][QtNetwork][QSslCertificate] Added fromFile() method.
Change-Id: I92ab358e4711866dd4510da42c47905c7dae58b1
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Internally QDirListing uses the name filters to create
QRegularExpression objects which are then used to do the matching. Here
we are looking for files that have ".pem" or ".crt" extensions, so basic
string matching should work the same and is inherently faster.
Pick-to: 6.9
Change-Id: Ib19b1eb8717b21c3b96a52e7036665c40fb24caf
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
| |
... instead of reyling on the QByteArray to QString implicit conversion.
Pick-to: 6.9
Change-Id: Ia9e8026f2962009d9deac044e42b18f6333cfec1
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
| |
Looking for certificates, the name filters are {*.pem,*.crt}, so only
list files and symlinks to files.
Change-Id: Ic8cea09e4d8004c35a9ae60dbbee7b41362e2c94
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By extending IteratorFlag so that it replaces both QDir::Filter and
QDirIterator::IteratorFlag enums, but with better defaults (based on how
QDir/Iterator is used in 15-20 years worth of code in Qt and KDE).
Make the QDirListing(QDir ~~) ctor private, also change it to use
QDirIterator::IteratatorFlags; it will be used to port existing code.
If QDir is ported to use QDirListing::IteratorFlags, instead of
QDir::Filters, a public QDirListing(QDir) constructor can then be added.
Pick-to: 6.8
Fixes: QTBUG-125504
Task-number: QTBUG-125859
Change-Id: Ide4ff8279f554029ac30d0579b0e8373ed4337f7
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Use QDirListing in the Bootstrap build instead of QDirIterator.
Drive-by changes:
- more const variables
- use emplace_back() instead of append() where appropriate
Change-Id: Ie1f0d03856e557c4bfabfff38a87edc7da86d091
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QNetworkAccessManager may fail to finish with Windows apps that are
running with low integrity level sandboxing.
The root cause is that such applications are not allowed to open ROOT
system certificate store with write privileges. This causes the
CertOpenSystemStore helper function to fail, because it attempts to open
certificate stores with the option of adding or deleting certificates.
We only use the CertOpenSystemStore with the intent of fetching
certificates from the certificate store, so we do not need write access.
The fix for this issue is threfor to open the system certificate store
as read-only by using the lower-level CertOpenStore function.
The CERT_SYSTEM_STORE_CURRENT_USER flag is provided to CertOpenStore to
keep the documented behavior of CertOpenSystemStore, which states "Only
current user certificates are accessible using this method, not the
local machine store."
Fixes: QTBUG-118192
Pick-to: 6.5 6.6
Change-Id: I529b760398f84137a0e95c8088a71b293d302b54
Reviewed-by: Fredrik Orderud <forderud@gmail.com>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
On these platforms there is a platform-native plugin that can be used
instead. If, as has happened, a developer uses the OpenSSL backend
without OpenSSL being available they may be confused by the output of
OpenSSL without it being of any concern.
Leave the warning level low on other platforms since they have nothing
to fall back to.
Pick-to: 6.4.2 6.4 6.2
Change-Id: Ic36a0429a9e8eed728aa59ec9e028626d6579de1
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've been requiring C++17 since Qt 6.0, and our qAsConst use finally
starts to bother us (QTBUG-99313), so time to port away from it
now.
Since qAsConst has exactly the same semantics as std::as_const (down
to rvalue treatment, constexpr'ness and noexcept'ness), there's really
nothing more to it than a global search-and-replace, with manual
unstaging of the actual definition and documentation in dist/,
src/corelib/doc/ and src/corelib/global/.
Task-number: QTBUG-99313
Change-Id: I4c7114444a325ad4e62d0fcbfd347d2bbfb21541
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add an atomic state variable to perform early return without taking
a recursive lock after ensureCiphersAndCertsLoaded() is complete.
Make related mutex and state variable function-local static because
they are not used anywhere else.
Taks-number: QTBUG-103559
Change-Id: I1e4c9c4f73204885bce82ba7f2b5e64548c3aac3
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace a combination of a mutex and a state variable by
a function-local variable initialized by lambda.
C++17 standard guarantees that the lambda is called only once and
that any other callers will waiting for initialization to complete.
The mutex that was replaced is also used in ensureCiphersAndCertsLoaded()
but that seems to be a false sharing.
Task-number: QTBUG-103559
Change-Id: Idb269a24b53cf3812ca9630ab4fc87f99ab16d55
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
We don't need to format the error messages into a QString just to
clear the error queue. Just looping over q_ERR_get_error() does the
trick, too, and isn't less readable.
Pick-to: 6.3
Change-Id: Idc42f8c4ae4374d952cb357fca6c0fca0e04d086
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
| |
Use the QLatin1String overload of QString::append().
Pick-to: 6.3
Change-Id: Id8ddfd72199cfb627c2d6648ce3011979f92094e
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the current license disclaimer in files by
a SPDX-License-Identifier.
Files that have to be modified by hand are modified.
License files are organized under LICENSES directory.
Task-number: QTBUG-67283
Change-Id: Id880c92784c40f3bbde861c0d93f58151c18b9f1
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Including moc files directly into their classes' TU tends to improve
codegen and enables extended compiler warnings, e.g. about unused
private functions or fields.
Pick-to: 6.3 6.2
Task-number: QTBUG-102886
Change-Id: I4390ba334e6d29c8ad600270d96112251e0392f7
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
| |
Task-number: QTBUG-98434
Change-Id: I0bb9d534ee42ccbf7d353e251ef58901a86923b4
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
| |
Task-number: QTBUG-98434
Change-Id: Ic235b92377203f7a1429ae7fd784c4a1fa893e9f
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
| |
As a drive-by, remove superfluous includes from qnetworkmanagerservice.h
and obey the coding conventions for includes in a few more places.
Change-Id: I65b68c0cef7598d06a125e97637040392d4be9ff
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
| |
Fixes: QTBUG-96606
Change-Id: Ic2a55fa65c5dc3c057a4da25c218af5a9861410e
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Assam Boudjelthia <assam.boudjelthia@qt.io>
(cherry picked from commit 504df6b135d4ac17aa2290e1aa943d216fb7ef55)
|
| |
|
|
|
|
|
|
| |
It is no longer handled separately from Android.
This effectively reverts commit 6d50f746fe05a7008b63818e77784dd0c99270a1
Change-Id: Ic2d75b8c5a09895810913311ab2fe3355d4d2983
Reviewed-by: Assam Boudjelthia <assam.boudjelthia@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this change, next() was the only way to advance the iterator,
whether the caller was ultimately interested in just the filePath()
(good) or not (bad luck, had to call .fileInfo()).
Add a new function, nextFileInfo(), with returns fileInfo() instead.
Incidentally, the returned object has already been constructed as part
of advance()ing the iterator, so the new function is faster than
next() even if the result is ignored, because we're not calculating a
QString result the caller may not be interested in.
Use the new function around the code.
Fix a couple of cases of next(); fileInfo().filePath() (just use
next()'s return value) as a drive-by.
[ChangeLog][QtCore][QDirIterator] Added nextFileInfo(), which is like
next(), but returns fileInfo() instead of filePath().
Change-Id: I601220575961169b44139fc55b9eae6c3197afb4
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As pointed out by Marc Mutz in another review, the Android branches of
its #if-ery amounted to a complicated no-op, so simplify the #if-ery,
add a TODO and then simplify the code thereby freed of the need to
accommodate the #if-ery.
In the process, initialize a set of filenames with the two filenames
that we read certificates from after looping over the set, which might
have left those files being read twice.
Change-Id: I2ee4ee3c3cf40226ee6a50afd6127fa4a71d2834
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
| |
Change-Id: Ib43a9b165deb6f3141700961469acf2eb60862ec
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Ministro no longer work on recent Android versions (Android 8+),
and it hasn't been maintained and the repos are not updated, the
existing code is practically a dead code.
[ChangeLog][Android] Remove ministro code since it's been unmaintained
and not working with recent Android versions.
Task-number: QTBUG-85201
Pick-to: 6.2
Change-Id: I18d7b1e209cba3cfd04674060e9bf39aa5a5510f
Reviewed-by: BogDan Vatra <bogdan@kdab.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
As per the best practice laid forth in RFC-8996.
TLS 1.2 was recommended from 2008 until TLS 1.3 was released in 2018.
[ChangeLog][QtNetwork][QSslSocket] TLS 1.0, 1.1 and DTLS 1.0 are now
deprecated, as recommended by RFC-8996.
Fixes: QTBUG-92880
Change-Id: I90cebcfb07cfce623af7ac9f2b66ce9d02586b54
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
With the recent change, 'system' headers gone: not in the test code anymore,
so, for example OPENSSL_VERSION_NUMBER is undefined, making the test
to select a wrong code-path - 'h2c', instead of encrypted h2.
Pick-to: 6.2
Pick-to: 6.1
Change-Id: I3b201e21fac56875c9045c7463e2ae69af4c6470
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
| |
To report QDtlsClientVerifier implementation supported.
Change-Id: I23812396c0c6a9595769d8ddb9cc2f85cc636ecb
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
|
|
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
