FCL/sf/mw/qt: src/network/ssl/qsslsocket_openssl.cpp@56cd8111b7f7 (annotated)

0 1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	1	/****************************************************************************
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	2	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	3	** Copyright (C) 2009 Nokia Corporation and/or its subsidiary(-ies).
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	4	** All rights reserved.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	5	** Contact: Nokia Corporation (qt-info@nokia.com)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	6	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	7	** This file is part of the QtNetwork module of the Qt Toolkit.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	8	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	9	** $QT_BEGIN_LICENSE:LGPL$
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	10	** No Commercial Usage
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	11	** This file contains pre-release code and may not be distributed.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	12	** You may use this file in accordance with the terms and conditions
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	13	** contained in the Technology Preview License Agreement accompanying
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	14	** this package.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	15	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	16	** GNU Lesser General Public License Usage
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	17	** Alternatively, this file may be used under the terms of the GNU Lesser
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	18	** General Public License version 2.1 as published by the Free Software
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	19	** Foundation and appearing in the file LICENSE.LGPL included in the
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	20	** packaging of this file. Please review the following information to
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	21	** ensure the GNU Lesser General Public License version 2.1 requirements
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	22	** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	23	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	24	** In addition, as a special exception, Nokia gives you certain additional
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	25	** rights. These rights are described in the Nokia Qt LGPL Exception
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	26	** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	27	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	28	** If you have questions regarding the use of this file, please contact
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	29	** Nokia at qt-info@nokia.com.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	30	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	31	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	32	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	33	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	34	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	35	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	36	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	37	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	38	** $QT_END_LICENSE$
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	39	**
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	40	****************************************************************************/
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	41
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	42	//#define QSSLSOCKET_DEBUG
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	43
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	44	#include "qsslsocket_openssl_p.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	45	#include "qsslsocket_openssl_symbols_p.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	46	#include "qsslsocket.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	47	#include "qsslcertificate_p.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	48	#include "qsslcipher_p.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	49
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	50	#include <QtCore/qdatetime.h>
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	51	#include <QtCore/qdebug.h>
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	52	#include <QtCore/qdir.h>
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	53	#include <QtCore/qdiriterator.h>
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	54	#include <QtCore/qfile.h>
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	55	#include <QtCore/qfileinfo.h>
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	56	#include <QtCore/qmutex.h>
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	57	#include <QtCore/qthread.h>
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	58	#include <QtCore/qurl.h>
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	59	#include <QtCore/qvarlengtharray.h>
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	60
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	61	static void initNetworkResources()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	62	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	63	// Initialize resources
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	64	Q_INIT_RESOURCE(network);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	65	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	66
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	67	QT_BEGIN_NAMESPACE
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	68
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	69	// Useful defines
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	70	#define SSL_ERRORSTR() QString::fromLocal8Bit(q_ERR_error_string(q_ERR_get_error(), NULL))
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	71
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	72	/* \internal
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	73
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	74	From OpenSSL's thread(3) manual page:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	75
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	76	OpenSSL can safely be used in multi-threaded applications provided that at
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	77	least two callback functions are set.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	78
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	79	locking_function(int mode, int n, const char *file, int line) is needed to
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	80	perform locking on shared data structures. (Note that OpenSSL uses a
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	81	number of global data structures that will be implicitly shared
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	82	when-whenever ever multiple threads use OpenSSL.) Multi-threaded
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	83	applications will crash at random if it is not set. ...
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	84	...
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	85	id_function(void) is a function that returns a thread ID. It is not
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	86	needed on Windows nor on platforms where getpid() returns a different
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	87	ID for each thread (most notably Linux)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	88	*/
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	89	class QOpenSslLocks
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	90	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	91	public:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	92	inline QOpenSslLocks()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	93	: initLocker(QMutex::Recursive),
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	94	locksLocker(QMutex::Recursive)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	95	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	96	QMutexLocker locker(&locksLocker);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	97	int numLocks = q_CRYPTO_num_locks();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	98	locks = new QMutex *[numLocks];
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	99	memset(locks, 0, numLocks * sizeof(QMutex *));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	100	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	101	inline ~QOpenSslLocks()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	102	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	103	QMutexLocker locker(&locksLocker);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	104	for (int i = 0; i < q_CRYPTO_num_locks(); ++i)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	105	delete locks[i];
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	106	delete [] locks;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	107
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	108	QSslSocketPrivate::deinitialize();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	109	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	110	inline QMutex *lock(int num)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	111	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	112	QMutexLocker locker(&locksLocker);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	113	QMutex *tmp = locks[num];
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	114	if (!tmp)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	115	tmp = locks[num] = new QMutex(QMutex::Recursive);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	116	return tmp;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	117	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	118
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	119	QMutex *globalLock()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	120	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	121	return &locksLocker;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	122	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	123
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	124	QMutex *initLock()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	125	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	126	return &initLocker;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	127	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	128
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	129	private:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	130	QMutex initLocker;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	131	QMutex locksLocker;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	132	QMutex **locks;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	133	};
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	134	Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	135
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	136	extern "C" {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	137	static void locking_function(int mode, int lockNumber, const char *, int)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	138	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	139	QMutex *mutex = openssl_locks()->lock(lockNumber);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	140
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	141	// Lock or unlock it
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	142	if (mode & CRYPTO_LOCK)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	143	mutex->lock();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	144	else
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	145	mutex->unlock();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	146	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	147	static unsigned long id_function()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	148	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	149	return (unsigned long)QThread::currentThreadId();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	150	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	151	} // extern "C"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	152
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	153	QSslSocketBackendPrivate::QSslSocketBackendPrivate()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	154	: ssl(0),
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	155	ctx(0),
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	156	readBio(0),
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	157	writeBio(0),
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	158	session(0)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	159	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	160	// Calls SSL_library_init().
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	161	ensureInitialized();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	162	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	163
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	164	QSslSocketBackendPrivate::~QSslSocketBackendPrivate()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	165	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	166	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	167
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	168	QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	169	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	170	QSslCipher ciph;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	171
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	172	char buf [256];
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	173	QString descriptionOneLine = QString::fromLatin1(q_SSL_CIPHER_description(cipher, buf, sizeof(buf)));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	174
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	175	QStringList descriptionList = descriptionOneLine.split(QLatin1String(" "), QString::SkipEmptyParts);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	176	if (descriptionList.size() > 5) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	177	// ### crude code.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	178	ciph.d->isNull = false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	179	ciph.d->name = descriptionList.at(0);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	180
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	181	QString protoString = descriptionList.at(1);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	182	ciph.d->protocolString = protoString;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	183	ciph.d->protocol = QSsl::UnknownProtocol;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	184	if (protoString == QLatin1String("SSLv3"))
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	185	ciph.d->protocol = QSsl::SslV3;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	186	else if (protoString == QLatin1String("SSLv2"))
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	187	ciph.d->protocol = QSsl::SslV2;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	188	else if (protoString == QLatin1String("TLSv1"))
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	189	ciph.d->protocol = QSsl::TlsV1;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	190
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	191	if (descriptionList.at(2).startsWith(QLatin1String("Kx=")))
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	192	ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	193	if (descriptionList.at(3).startsWith(QLatin1String("Au=")))
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	194	ciph.d->authenticationMethod = descriptionList.at(3).mid(3);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	195	if (descriptionList.at(4).startsWith(QLatin1String("Enc=")))
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	196	ciph.d->encryptionMethod = descriptionList.at(4).mid(4);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	197	ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export"));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	198
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	199	ciph.d->bits = cipher->strength_bits;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	200	ciph.d->supportedBits = cipher->alg_bits;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	201
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	202	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	203	return ciph;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	204	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	205
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	206	// ### This list is shared between all threads, and protected by a
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	207	// mutex. Investigate using thread local storage instead.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	208	struct QSslErrorList
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	209	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	210	QMutex mutex;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	211	QList<QPair<int, int> > errors;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	212	};
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	213	Q_GLOBAL_STATIC(QSslErrorList, _q_sslErrorList)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	214	static int q_X509Callback(int ok, X509_STORE_CTX *ctx)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	215	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	216	if (!ok) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	217	// Store the error and at which depth the error was detected.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	218	_q_sslErrorList()->errors << qMakePair<int, int>(ctx->error, ctx->error_depth);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	219	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	220	// Always return OK to allow verification to continue. We're handle the
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	221	// errors gracefully after collecting all errors, after verification has
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	222	// completed.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	223	return 1;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	224	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	225
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	226	bool QSslSocketBackendPrivate::initSslContext()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	227	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	228	Q_Q(QSslSocket);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	229
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	230	// Create and initialize SSL context. Accept SSLv2, SSLv3 and TLSv1.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	231	bool client = (mode == QSslSocket::SslClientMode);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	232
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	233	bool reinitialized = false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	234	init_context:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	235	switch (configuration.protocol) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	236	case QSsl::SslV2:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	237	ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	238	break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	239	case QSsl::SslV3:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	240	ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	241	break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	242	case QSsl::AnyProtocol:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	243	default:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	244	ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	245	break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	246	case QSsl::TlsV1:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	247	ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	248	break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	249	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	250	if (!ctx) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	251	// After stopping Flash 10 the SSL library looses its ciphers. Try re-adding them
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	252	// by re-initializing the library.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	253	if (!reinitialized) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	254	reinitialized = true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	255	if (q_SSL_library_init() == 1)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	256	goto init_context;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	257	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	258
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	259	// ### Bad error code
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	260	q->setErrorString(QSslSocket::tr("Error creating SSL context (%1)").arg(SSL_ERRORSTR()));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	261	q->setSocketError(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	262	emit q->error(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	263	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	264	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	265
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	266	// Enable all bug workarounds.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	267	q_SSL_CTX_set_options(ctx, SSL_OP_ALL);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	268
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	269	// Initialize ciphers
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	270	QByteArray cipherString;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	271	int first = true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	272	QList<QSslCipher> ciphers = configuration.ciphers;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	273	if (ciphers.isEmpty())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	274	ciphers = defaultCiphers();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	275	foreach (const QSslCipher &cipher, ciphers) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	276	if (first)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	277	first = false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	278	else
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	279	cipherString.append(':');
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	280	cipherString.append(cipher.name().toLatin1());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	281	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	282
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	283	if (!q_SSL_CTX_set_cipher_list(ctx, cipherString.data())) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	284	// ### Bad error code
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	285	q->setErrorString(QSslSocket::tr("Invalid or empty cipher list (%1)").arg(SSL_ERRORSTR()));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	286	q->setSocketError(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	287	emit q->error(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	288	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	289	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	290
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	291	// Add all our CAs to this store.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	292	foreach (const QSslCertificate &caCertificate, q->caCertificates())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	293	q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	294
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	295	// Register a custom callback to get all verification errors.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	296	X509_STORE_set_verify_cb_func(ctx->cert_store, q_X509Callback);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	297
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	298	if (!configuration.localCertificate.isNull()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	299	// Require a private key as well.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	300	if (configuration.privateKey.isNull()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	301	q->setErrorString(QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(SSL_ERRORSTR()));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	302	emit q->error(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	303	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	304	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	305
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	306	// Load certificate
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	307	if (!q_SSL_CTX_use_certificate(ctx, (X509 *)configuration.localCertificate.handle())) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	308	q->setErrorString(QSslSocket::tr("Error loading local certificate, %1").arg(SSL_ERRORSTR()));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	309	emit q->error(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	310	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	311	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	312
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	313	// Load private key
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	314	EVP_PKEY *pkey = q_EVP_PKEY_new();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	315	if (configuration.privateKey.algorithm() == QSsl::Rsa)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	316	q_EVP_PKEY_assign_RSA(pkey, (RSA *)configuration.privateKey.handle());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	317	else
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	318	q_EVP_PKEY_assign_DSA(pkey, (DSA *)configuration.privateKey.handle());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	319	if (!q_SSL_CTX_use_PrivateKey(ctx, pkey)) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	320	q->setErrorString(QSslSocket::tr("Error loading private key, %1").arg(SSL_ERRORSTR()));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	321	emit q->error(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	322	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	323	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	324
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	325	// Check if the certificate matches the private key.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	326	if (!q_SSL_CTX_check_private_key(ctx)) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	327	q->setErrorString(QSslSocket::tr("Private key does not certificate public key, %1").arg(SSL_ERRORSTR()));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	328	emit q->error(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	329	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	330	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	331	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	332
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	333	// Initialize peer verification.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	334	if (configuration.peerVerifyMode == QSslSocket::VerifyNone) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	335	q_SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	336	} else {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	337	q_SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, q_X509Callback);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	338	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	339
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	340	// Set verification depth.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	341	if (configuration.peerVerifyDepth != 0)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	342	q_SSL_CTX_set_verify_depth(ctx, configuration.peerVerifyDepth);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	343
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	344	// Create and initialize SSL session
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	345	if (!(ssl = q_SSL_new(ctx))) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	346	// ### Bad error code
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	347	q->setErrorString(QSslSocket::tr("Error creating SSL session, %1").arg(SSL_ERRORSTR()));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	348	q->setSocketError(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	349	emit q->error(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	350	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	351	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	352
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	353	// Clear the session.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	354	q_SSL_clear(ssl);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	355	errorList.clear();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	356
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	357	// Initialize memory BIOs for encryption and decryption.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	358	readBio = q_BIO_new(q_BIO_s_mem());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	359	writeBio = q_BIO_new(q_BIO_s_mem());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	360	if (!readBio \|\| !writeBio) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	361	// ### Bad error code
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	362	q->setErrorString(QSslSocket::tr("Error creating SSL session: %1").arg(SSL_ERRORSTR()));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	363	q->setSocketError(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	364	emit q->error(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	365	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	366	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	367
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	368	// Assign the bios.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	369	q_SSL_set_bio(ssl, readBio, writeBio);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	370
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	371	if (mode == QSslSocket::SslClientMode)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	372	q_SSL_set_connect_state(ssl);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	373	else
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	374	q_SSL_set_accept_state(ssl);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	375
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	376	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	377	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	378
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	379	/*!
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	380	\internal
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	381	*/
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	382	void QSslSocketPrivate::deinitialize()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	383	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	384	q_CRYPTO_set_id_callback(0);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	385	q_CRYPTO_set_locking_callback(0);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	386	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	387
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	388	/*!
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	389	\internal
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	390
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	391	Declared static in QSslSocketPrivate, makes sure the SSL libraries have
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	392	been initialized.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	393	*/
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	394	bool QSslSocketPrivate::ensureInitialized()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	395	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	396	if (!q_resolveOpenSslSymbols())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	397	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	398
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	399	// Check if the library itself needs to be initialized.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	400	QMutexLocker locker(openssl_locks()->initLock());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	401	static int q_initialized = false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	402	if (!q_initialized) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	403	q_initialized = true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	404
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	405	// Initialize resources
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	406	initNetworkResources();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	407
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	408	// Initialize OpenSSL.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	409	q_CRYPTO_set_id_callback(id_function);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	410	q_CRYPTO_set_locking_callback(locking_function);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	411	if (q_SSL_library_init() != 1)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	412	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	413	q_SSL_load_error_strings();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	414	q_OpenSSL_add_all_algorithms();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	415
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	416	// Initialize OpenSSL's random seed.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	417	if (!q_RAND_status()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	418	struct {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	419	int msec;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	420	int sec;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	421	void *stack;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	422	} randomish;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	423
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	424	int attempts = 500;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	425	do {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	426	if (attempts < 500) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	427	#ifdef Q_OS_UNIX
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	428	struct timespec ts = {0, 33333333};
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	429	nanosleep(&ts, 0);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	430	#else
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	431	Sleep(3);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	432	#endif
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	433	randomish.msec = attempts;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	434	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	435	randomish.stack = (void *)&randomish;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	436	randomish.msec = QTime::currentTime().msec();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	437	randomish.sec = QTime::currentTime().second();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	438	q_RAND_seed((const char *)&randomish, sizeof(randomish));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	439	} while (!q_RAND_status() && --attempts);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	440	if (!attempts)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	441	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	442	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	443
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	444	resetDefaultCiphers();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	445	setDefaultCaCertificates(systemCaCertificates());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	446	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	447	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	448	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	449
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	450	/*!
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	451	\internal
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	452
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	453	Declared static in QSslSocketPrivate, backend-dependent loading of
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	454	application-wide global ciphers.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	455	*/
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	456	void QSslSocketPrivate::resetDefaultCiphers()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	457	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	458	SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	459	SSL *mySsl = q_SSL_new(myCtx);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	460
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	461	QList<QSslCipher> ciphers;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	462
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	463	STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	464	for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	465	if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	466	if (cipher->valid) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	467	QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	468	if (!ciph.isNull()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	469	if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	470	ciphers << ciph;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	471	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	472	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	473	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	474	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	475
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	476	q_SSL_CTX_free(myCtx);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	477	q_SSL_free(mySsl);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	478
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	479	setDefaultSupportedCiphers(ciphers);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	480	setDefaultCiphers(ciphers);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	481	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	482
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	483	QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	484	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	485	// Qt provides a default bundle of certificates
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	486	QFile caBundle(QLatin1String(":/trolltech/network/ssl/qt-ca-bundle.crt"));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	487	if (caBundle.open(QIODevice::ReadOnly \| QIODevice::Text))
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	488	return QSslCertificate::fromDevice(&caBundle);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	489
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	490	// Unreachable; return no bundle.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	491	return QList<QSslCertificate>();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	492	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	493
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	494	void QSslSocketBackendPrivate::startClientEncryption()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	495	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	496	if (!initSslContext()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	497	// ### report error: internal OpenSSL failure
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	498	return;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	499	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	500
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	501	// Start connecting. This will place outgoing data in the BIO, so we
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	502	// follow up with calling transmit().
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	503	startHandshake();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	504	transmit();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	505	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	506
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	507	void QSslSocketBackendPrivate::startServerEncryption()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	508	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	509	if (!initSslContext()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	510	// ### report error: internal OpenSSL failure
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	511	return;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	512	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	513
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	514	// Start connecting. This will place outgoing data in the BIO, so we
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	515	// follow up with calling transmit().
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	516	startHandshake();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	517	transmit();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	518	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	519
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	520	/*!
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	521	\internal
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	522
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	523	Transmits encrypted data between the BIOs and the socket.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	524	*/
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	525	void QSslSocketBackendPrivate::transmit()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	526	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	527	Q_Q(QSslSocket);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	528
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	529	// If we don't have any SSL context, don't bother transmitting.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	530	if (!ssl)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	531	return;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	532
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	533	bool transmitting;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	534	do {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	535	transmitting = false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	536
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	537	// If the connection is secure, we can transfer data from the write
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	538	// buffer (in plain text) to the write BIO through SSL_write.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	539	if (connectionEncrypted && !writeBuffer.isEmpty()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	540	qint64 totalBytesWritten = 0;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	541	int nextDataBlockSize;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	542	while ((nextDataBlockSize = writeBuffer.nextDataBlockSize()) > 0) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	543	int writtenBytes = q_SSL_write(ssl, writeBuffer.readPointer(), nextDataBlockSize);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	544	if (writtenBytes <= 0) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	545	// ### Better error handling.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	546	q->setErrorString(QSslSocket::tr("Unable to write data: %1").arg(SSL_ERRORSTR()));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	547	q->setSocketError(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	548	emit q->error(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	549	return;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	550	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	551	#ifdef QSSLSOCKET_DEBUG
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	552	qDebug() << "QSslSocketBackendPrivate::transmit: encrypted" << writtenBytes << "bytes";
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	553	#endif
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	554	writeBuffer.free(writtenBytes);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	555	totalBytesWritten += writtenBytes;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	556	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	557
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	558	if (totalBytesWritten > 0) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	559	// Don't emit bytesWritten() recursively.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	560	if (!emittedBytesWritten) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	561	emittedBytesWritten = true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	562	emit q->bytesWritten(totalBytesWritten);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	563	emittedBytesWritten = false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	564	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	565	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	566	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	567
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	568	// Check if we've got any data to be written to the socket.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	569	QVarLengthArray<char, 4096> data;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	570	int pendingBytes;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	571	while (plainSocket->isValid() && (pendingBytes = q_BIO_pending(writeBio)) > 0) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	572	// Read encrypted data from the write BIO into a buffer.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	573	data.resize(pendingBytes);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	574	int encryptedBytesRead = q_BIO_read(writeBio, data.data(), pendingBytes);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	575
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	576	// Write encrypted data from the buffer to the socket.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	577	plainSocket->write(data.constData(), encryptedBytesRead);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	578	#ifdef QSSLSOCKET_DEBUG
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	579	qDebug() << "QSslSocketBackendPrivate::transmit: wrote" << encryptedBytesRead << "encrypted bytes to the socket";
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	580	#endif
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	581	transmitting = true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	582	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	583
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	584	// Check if we've got any data to be read from the socket.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	585	if (!connectionEncrypted \|\| !readBufferMaxSize \|\| readBuffer.size() < readBufferMaxSize)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	586	while ((pendingBytes = plainSocket->bytesAvailable()) > 0) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	587	// Read encrypted data from the socket into a buffer.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	588	data.resize(pendingBytes);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	589	int decryptedBytesRead = plainSocket->read(data.data(), pendingBytes);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	590	#ifdef QSSLSOCKET_DEBUG
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	591	qDebug() << "QSslSocketBackendPrivate::transmit: read" << decryptedBytesRead << "encrypted bytes from the socket";
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	592	#endif
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	593	// Write encrypted data from the buffer into the read BIO.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	594	q_BIO_write(readBio, data.constData(), decryptedBytesRead);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	595	transmitting = true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	596	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	597
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	598	// If the connection isn't secured yet, this is the time to retry the
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	599	// connect / accept.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	600	if (!connectionEncrypted) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	601	#ifdef QSSLSOCKET_DEBUG
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	602	qDebug() << "QSslSocketBackendPrivate::transmit: testing encryption";
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	603	#endif
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	604	if (startHandshake()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	605	#ifdef QSSLSOCKET_DEBUG
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	606	qDebug() << "QSslSocketBackendPrivate::transmit: encryption established";
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	607	#endif
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	608	connectionEncrypted = true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	609	transmitting = true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	610	} else if (plainSocket->state() != QAbstractSocket::ConnectedState) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	611	#ifdef QSSLSOCKET_DEBUG
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	612	qDebug() << "QSslSocketBackendPrivate::transmit: connection lost";
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	613	#endif
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	614	break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	615	} else {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	616	#ifdef QSSLSOCKET_DEBUG
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	617	qDebug() << "QSslSocketBackendPrivate::transmit: encryption not done yet";
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	618	#endif
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	619	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	620	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	621
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	622	// If the request is small and the remote host closes the transmission
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	623	// after sending, there's a chance that startHandshake() will already
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	624	// have triggered a shutdown.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	625	if (!ssl)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	626	continue;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	627
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	628	// We always read everything from the SSL decryption buffers, even if
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	629	// we have a readBufferMaxSize. There's no point in leaving data there
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	630	// just so that readBuffer.size() == readBufferMaxSize.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	631	int readBytes = 0;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	632	data.resize(4096);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	633	::memset(data.data(), 0, data.size());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	634	do {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	635	// Don't use SSL_pending(). It's very unreliable.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	636	if ((readBytes = q_SSL_read(ssl, data.data(), data.size())) > 0) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	637	#ifdef QSSLSOCKET_DEBUG
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	638	qDebug() << "QSslSocketBackendPrivate::transmit: decrypted" << readBytes << "bytes";
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	639	#endif
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	640	char *ptr = readBuffer.reserve(readBytes);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	641	::memcpy(ptr, data.data(), readBytes);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	642
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	643	if (readyReadEmittedPointer)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	644	*readyReadEmittedPointer = true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	645	emit q->readyRead();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	646	transmitting = true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	647	continue;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	648	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	649
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	650	// Error.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	651	switch (q_SSL_get_error(ssl, readBytes)) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	652	case SSL_ERROR_WANT_READ:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	653	case SSL_ERROR_WANT_WRITE:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	654	// Out of data.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	655	break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	656	case SSL_ERROR_ZERO_RETURN:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	657	// The remote host closed the connection.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	658	#ifdef QSSLSOCKET_DEBUG
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	659	qDebug() << "QSslSocketBackendPrivate::transmit: remote disconnect";
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	660	#endif
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	661	plainSocket->disconnectFromHost();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	662	break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	663	default:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	664	// ### Handle errors better.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	665	q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(SSL_ERRORSTR()));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	666	q->setSocketError(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	667	emit q->error(QAbstractSocket::UnknownSocketError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	668	break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	669	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	670	} while (ssl && readBytes > 0);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	671	} while (ssl && ctx && transmitting);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	672	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	673
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	674	static QSslError _q_OpenSSL_to_QSslError(int errorCode, const QSslCertificate &cert)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	675	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	676	QSslError error;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	677	switch (errorCode) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	678	case X509_V_OK:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	679	// X509_V_OK is also reported if the peer had no certificate.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	680	break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	681	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	682	error = QSslError(QSslError::UnableToGetIssuerCertificate, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	683	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	684	error = QSslError(QSslError::UnableToDecryptCertificateSignature, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	685	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	686	error = QSslError(QSslError::UnableToDecodeIssuerPublicKey, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	687	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	688	error = QSslError(QSslError::CertificateSignatureFailed, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	689	case X509_V_ERR_CERT_NOT_YET_VALID:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	690	error = QSslError(QSslError::CertificateNotYetValid, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	691	case X509_V_ERR_CERT_HAS_EXPIRED:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	692	error = QSslError(QSslError::CertificateExpired, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	693	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	694	error = QSslError(QSslError::InvalidNotBeforeField, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	695	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	696	error = QSslError(QSslError::InvalidNotAfterField, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	697	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	698	error = QSslError(QSslError::SelfSignedCertificate, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	699	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	700	error = QSslError(QSslError::SelfSignedCertificateInChain, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	701	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	702	error = QSslError(QSslError::UnableToGetLocalIssuerCertificate, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	703	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	704	error = QSslError(QSslError::UnableToVerifyFirstCertificate, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	705	case X509_V_ERR_CERT_REVOKED:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	706	error = QSslError(QSslError::CertificateRevoked, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	707	case X509_V_ERR_INVALID_CA:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	708	error = QSslError(QSslError::InvalidCaCertificate, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	709	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	710	error = QSslError(QSslError::PathLengthExceeded, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	711	case X509_V_ERR_INVALID_PURPOSE:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	712	error = QSslError(QSslError::InvalidPurpose, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	713	case X509_V_ERR_CERT_UNTRUSTED:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	714	error = QSslError(QSslError::CertificateUntrusted, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	715	case X509_V_ERR_CERT_REJECTED:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	716	error = QSslError(QSslError::CertificateRejected, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	717	default:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	718	error = QSslError(QSslError::UnspecifiedError, cert); break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	719	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	720	return error;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	721	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	722
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	723	bool QSslSocketBackendPrivate::startHandshake()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	724	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	725	Q_Q(QSslSocket);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	726
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	727	// Check if the connection has been established. Get all errors from the
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	728	// verification stage.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	729	_q_sslErrorList()->mutex.lock();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	730	_q_sslErrorList()->errors.clear();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	731	int result = (mode == QSslSocket::SslClientMode) ? q_SSL_connect(ssl) : q_SSL_accept(ssl);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	732
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	733	const QList<QPair<int, int> > &lastErrors = _q_sslErrorList()->errors;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	734	for (int i = 0; i < lastErrors.size(); ++i) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	735	const QPair<int, int> &currentError = lastErrors.at(i);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	736	// Initialize the peer certificate chain in order to find which certificate caused this error
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	737	if (configuration.peerCertificateChain.isEmpty())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	738	configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	739	emit q->peerVerifyError(_q_OpenSSL_to_QSslError(currentError.first,
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	740	configuration.peerCertificateChain.value(currentError.second)));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	741	if (q->state() != QAbstractSocket::ConnectedState)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	742	break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	743	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	744
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	745	errorList << lastErrors;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	746	_q_sslErrorList()->mutex.unlock();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	747
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	748	// Connection aborted during handshake phase.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	749	if (q->state() != QAbstractSocket::ConnectedState)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	750	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	751
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	752	// Check if we're encrypted or not.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	753	if (result <= 0) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	754	switch (q_SSL_get_error(ssl, result)) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	755	case SSL_ERROR_WANT_READ:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	756	case SSL_ERROR_WANT_WRITE:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	757	// The handshake is not yet complete.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	758	break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	759	default:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	760	// ### Handle errors better
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	761	q->setErrorString(QSslSocket::tr("Error during SSL handshake: %1").arg(SSL_ERRORSTR()));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	762	q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	763	#ifdef QSSLSOCKET_DEBUG
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	764	qDebug() << "QSslSocketBackendPrivate::startHandshake: error!" << q->errorString();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	765	#endif
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	766	emit q->error(QAbstractSocket::SslHandshakeFailedError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	767	q->abort();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	768	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	769	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	770	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	771
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	772	// Store the peer certificate and chain. For clients, the peer certificate
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	773	// chain includes the peer certificate; for servers, it doesn't. Both the
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	774	// peer certificate and the chain may be empty if the peer didn't present
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	775	// any certificate.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	776	if (configuration.peerCertificateChain.isEmpty())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	777	configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	778	X509 *x509 = q_SSL_get_peer_certificate(ssl);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	779	configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	780	q_X509_free(x509);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	781
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	782	// Start translating errors.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	783	QList<QSslError> errors;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	784	bool doVerifyPeer = configuration.peerVerifyMode == QSslSocket::VerifyPeer
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	785	\|\| (configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	786	&& mode == QSslSocket::SslClientMode);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	787
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	788	// Check the peer certificate itself. First try the subject's common name
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	789	// (CN) as a wildcard, then try all alternate subject name DNS entries the
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	790	// same way.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	791	if (!configuration.peerCertificate.isNull()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	792	// but only if we're a client connecting to a server
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	793	// if we're the server, don't check CN
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	794	if (mode == QSslSocket::SslClientMode) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	795	QString peerName = (verificationPeerName.isEmpty () ? q->peerName() : verificationPeerName);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	796	QString commonName = configuration.peerCertificate.subjectInfo(QSslCertificate::CommonName);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	797
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	798	QRegExp regexp(commonName, Qt::CaseInsensitive, QRegExp::Wildcard);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	799	if (!regexp.exactMatch(peerName)) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	800	bool matched = false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	801	foreach (QString altName, configuration.peerCertificate
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	802	.alternateSubjectNames().values(QSsl::DnsEntry)) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	803	regexp.setPattern(altName);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	804	if (regexp.exactMatch(peerName)) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	805	matched = true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	806	break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	807	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	808	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	809	if (!matched) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	810	// No matches in common names or alternate names.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	811	QSslError error(QSslError::HostNameMismatch, configuration.peerCertificate);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	812	errors << error;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	813	emit q->peerVerifyError(error);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	814	if (q->state() != QAbstractSocket::ConnectedState)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	815	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	816	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	817	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	818	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	819	} else {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	820	// No peer certificate presented. Report as error if the socket
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	821	// expected one.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	822	if (doVerifyPeer) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	823	QSslError error(QSslError::NoPeerCertificate);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	824	errors << error;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	825	emit q->peerVerifyError(error);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	826	if (q->state() != QAbstractSocket::ConnectedState)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	827	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	828	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	829	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	830
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	831	// Translate errors from the error list into QSslErrors.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	832	for (int i = 0; i < errorList.size(); ++i) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	833	const QPair<int, int> &errorAndDepth = errorList.at(i);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	834	int err = errorAndDepth.first;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	835	int depth = errorAndDepth.second;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	836	errors << _q_OpenSSL_to_QSslError(err, configuration.peerCertificateChain.value(depth));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	837	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	838
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	839	if (!errors.isEmpty()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	840	sslErrors = errors;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	841	emit q->sslErrors(errors);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	842
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	843	bool doEmitSslError;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	844	if (!ignoreErrorsList.empty()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	845	// check whether the errors we got are all in the list of expected errors
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	846	// (applies only if the method QSslSocket::ignoreSslErrors(const QList<QSslError> &errors)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	847	// was called)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	848	doEmitSslError = false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	849	for (int a = 0; a < errors.count(); a++) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	850	if (!ignoreErrorsList.contains(errors.at(a))) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	851	doEmitSslError = true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	852	break;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	853	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	854	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	855	} else {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	856	// if QSslSocket::ignoreSslErrors(const QList<QSslError> &errors) was not called and
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	857	// we get an SSL error, emit a signal unless we ignored all errors (by calling
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	858	// QSslSocket::ignoreSslErrors() )
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	859	doEmitSslError = !ignoreAllSslErrors;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	860	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	861	// check whether we need to emit an SSL handshake error
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	862	if (doVerifyPeer && doEmitSslError) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	863	q->setErrorString(sslErrors.first().errorString());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	864	q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	865	emit q->error(QAbstractSocket::SslHandshakeFailedError);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	866	plainSocket->disconnectFromHost();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	867	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	868	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	869	} else {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	870	sslErrors.clear();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	871	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	872
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	873	// if we have a max read buffer size, reset the plain socket's to 1k
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	874	if (readBufferMaxSize)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	875	plainSocket->setReadBufferSize(1024);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	876
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	877	connectionEncrypted = true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	878	emit q->encrypted();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	879	if (autoStartHandshake && pendingClose) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	880	pendingClose = false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	881	q->disconnectFromHost();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	882	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	883	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	884	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	885
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	886	void QSslSocketBackendPrivate::disconnectFromHost()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	887	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	888	if (ssl) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	889	q_SSL_shutdown(ssl);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	890	transmit();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	891	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	892	plainSocket->disconnectFromHost();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	893	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	894
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	895	void QSslSocketBackendPrivate::disconnected()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	896	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	897	if (ssl) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	898	q_SSL_free(ssl);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	899	ssl = 0;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	900	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	901	if (ctx) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	902	q_SSL_CTX_free(ctx);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	903	ctx = 0;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	904	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	905	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	906
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	907	QSslCipher QSslSocketBackendPrivate::sessionCipher() const
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	908	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	909	if (!ssl \|\| !ctx)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	910	return QSslCipher();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	911	#if OPENSSL_VERSION_NUMBER >= 0x10000000L
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	912	// FIXME This is fairly evil, but needed to keep source level compatibility
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	913	// with the OpenSSL 0.9.x implementation at maximum -- some other functions
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	914	// don't take a const SSL_CIPHER* when they should
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	915	SSL_CIPHER sessionCipher = const_cast<SSL_CIPHER >(q_SSL_get_current_cipher(ssl));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	916	#else
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	917	SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	918	#endif
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	919	return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	920	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	921
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	922	QList<QSslCertificate> QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	923	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	924	ensureInitialized();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	925	QList<QSslCertificate> certificates;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	926	for (int i = 0; i < q_sk_X509_num(x509); ++i) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	927	if (X509 *entry = q_sk_X509_value(x509, i))
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	928	certificates << QSslCertificatePrivate::QSslCertificate_from_X509(entry);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	929	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	930	return certificates;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	931	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	932
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	933	QT_END_NAMESPACE

author	Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
	Tue, 26 Jan 2010 12:42:25 +0200
changeset 2	56cd8111b7f7
parent 0	1918ee327afb
child 3	41300fa6a67c
permissions	-rw-r--r--