| author | Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> |
| Mon, 04 Oct 2010 01:19:32 +0300 | |
| changeset 37 | 758a864f9613 |
| parent 33 | 3e2da88830cd |
| permissions | -rw-r--r-- |
| 0 | 1 |
/**************************************************************************** |
2 |
** |
|
|
18
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
3 |
** Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies). |
| 0 | 4 |
** All rights reserved. |
5 |
** Contact: Nokia Corporation (qt-info@nokia.com) |
|
6 |
** |
|
7 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
|
8 |
** |
|
9 |
** $QT_BEGIN_LICENSE:LGPL$ |
|
10 |
** No Commercial Usage |
|
11 |
** This file contains pre-release code and may not be distributed. |
|
12 |
** You may use this file in accordance with the terms and conditions |
|
13 |
** contained in the Technology Preview License Agreement accompanying |
|
14 |
** this package. |
|
15 |
** |
|
16 |
** GNU Lesser General Public License Usage |
|
17 |
** Alternatively, this file may be used under the terms of the GNU Lesser |
|
18 |
** General Public License version 2.1 as published by the Free Software |
|
19 |
** Foundation and appearing in the file LICENSE.LGPL included in the |
|
20 |
** packaging of this file. Please review the following information to |
|
21 |
** ensure the GNU Lesser General Public License version 2.1 requirements |
|
22 |
** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. |
|
23 |
** |
|
24 |
** In addition, as a special exception, Nokia gives you certain additional |
|
25 |
** rights. These rights are described in the Nokia Qt LGPL Exception |
|
26 |
** version 1.1, included in the file LGPL_EXCEPTION.txt in this package. |
|
27 |
** |
|
28 |
** If you have questions regarding the use of this file, please contact |
|
29 |
** Nokia at qt-info@nokia.com. |
|
30 |
** |
|
31 |
** |
|
32 |
** |
|
33 |
** |
|
34 |
** |
|
35 |
** |
|
36 |
** |
|
37 |
** |
|
38 |
** $QT_END_LICENSE$ |
|
39 |
** |
|
40 |
****************************************************************************/ |
|
41 |
||
42 |
//#define QSSLSOCKET_DEBUG |
|
43 |
||
44 |
#include "qsslsocket_openssl_p.h" |
|
45 |
#include "qsslsocket_openssl_symbols_p.h" |
|
46 |
#include "qsslsocket.h" |
|
47 |
#include "qsslcertificate_p.h" |
|
48 |
#include "qsslcipher_p.h" |
|
49 |
||
50 |
#include <QtCore/qdatetime.h> |
|
51 |
#include <QtCore/qdebug.h> |
|
52 |
#include <QtCore/qdir.h> |
|
53 |
#include <QtCore/qdiriterator.h> |
|
54 |
#include <QtCore/qfile.h> |
|
55 |
#include <QtCore/qfileinfo.h> |
|
56 |
#include <QtCore/qmutex.h> |
|
57 |
#include <QtCore/qthread.h> |
|
58 |
#include <QtCore/qurl.h> |
|
59 |
#include <QtCore/qvarlengtharray.h> |
|
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
60 |
#include <QLibrary> // for loading the security lib for the CA store |
| 0 | 61 |
|
62 |
QT_BEGIN_NAMESPACE |
|
63 |
||
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
64 |
#if defined(Q_OS_MAC) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
65 |
#define kSecTrustSettingsDomainSystem 2 // so we do not need to include the header file |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
66 |
PtrSecCertificateGetData QSslSocketPrivate::ptrSecCertificateGetData = 0; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
67 |
PtrSecTrustSettingsCopyCertificates QSslSocketPrivate::ptrSecTrustSettingsCopyCertificates = 0; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
68 |
PtrSecTrustCopyAnchorCertificates QSslSocketPrivate::ptrSecTrustCopyAnchorCertificates = 0; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
69 |
#elif defined(Q_OS_WIN) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
70 |
PtrCertOpenSystemStoreW QSslSocketPrivate::ptrCertOpenSystemStoreW = 0; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
71 |
PtrCertFindCertificateInStore QSslSocketPrivate::ptrCertFindCertificateInStore = 0; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
72 |
PtrCertCloseStore QSslSocketPrivate::ptrCertCloseStore = 0; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
73 |
#elif defined(Q_OS_SYMBIAN) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
74 |
#include <QtCore/private/qcore_symbian_p.h> |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
75 |
#endif |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
76 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
77 |
bool QSslSocketPrivate::s_libraryLoaded = false; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
78 |
bool QSslSocketPrivate::s_loadedCiphersAndCerts = false; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
79 |
|
| 0 | 80 |
// Useful defines |
81 |
#define SSL_ERRORSTR() QString::fromLocal8Bit(q_ERR_error_string(q_ERR_get_error(), NULL)) |
|
82 |
||
83 |
/* \internal |
|
84 |
||
85 |
From OpenSSL's thread(3) manual page: |
|
86 |
||
87 |
OpenSSL can safely be used in multi-threaded applications provided that at |
|
88 |
least two callback functions are set. |
|
89 |
||
90 |
locking_function(int mode, int n, const char *file, int line) is needed to |
|
91 |
perform locking on shared data structures. (Note that OpenSSL uses a |
|
92 |
number of global data structures that will be implicitly shared |
|
93 |
when-whenever ever multiple threads use OpenSSL.) Multi-threaded |
|
94 |
applications will crash at random if it is not set. ... |
|
95 |
... |
|
96 |
id_function(void) is a function that returns a thread ID. It is not |
|
97 |
needed on Windows nor on platforms where getpid() returns a different |
|
98 |
ID for each thread (most notably Linux) |
|
99 |
*/ |
|
100 |
class QOpenSslLocks |
|
101 |
{
|
|
102 |
public: |
|
103 |
inline QOpenSslLocks() |
|
104 |
: initLocker(QMutex::Recursive), |
|
105 |
locksLocker(QMutex::Recursive) |
|
106 |
{
|
|
107 |
QMutexLocker locker(&locksLocker); |
|
108 |
int numLocks = q_CRYPTO_num_locks(); |
|
109 |
locks = new QMutex *[numLocks]; |
|
110 |
memset(locks, 0, numLocks * sizeof(QMutex *)); |
|
111 |
} |
|
112 |
inline ~QOpenSslLocks() |
|
113 |
{
|
|
114 |
QMutexLocker locker(&locksLocker); |
|
115 |
for (int i = 0; i < q_CRYPTO_num_locks(); ++i) |
|
116 |
delete locks[i]; |
|
117 |
delete [] locks; |
|
118 |
||
119 |
QSslSocketPrivate::deinitialize(); |
|
120 |
} |
|
121 |
inline QMutex *lock(int num) |
|
122 |
{
|
|
123 |
QMutexLocker locker(&locksLocker); |
|
124 |
QMutex *tmp = locks[num]; |
|
125 |
if (!tmp) |
|
126 |
tmp = locks[num] = new QMutex(QMutex::Recursive); |
|
127 |
return tmp; |
|
128 |
} |
|
129 |
||
130 |
QMutex *globalLock() |
|
131 |
{
|
|
132 |
return &locksLocker; |
|
133 |
} |
|
134 |
||
135 |
QMutex *initLock() |
|
136 |
{
|
|
137 |
return &initLocker; |
|
138 |
} |
|
139 |
||
140 |
private: |
|
141 |
QMutex initLocker; |
|
142 |
QMutex locksLocker; |
|
143 |
QMutex **locks; |
|
144 |
}; |
|
145 |
Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks) |
|
146 |
||
147 |
extern "C" {
|
|
148 |
static void locking_function(int mode, int lockNumber, const char *, int) |
|
149 |
{
|
|
150 |
QMutex *mutex = openssl_locks()->lock(lockNumber); |
|
151 |
||
152 |
// Lock or unlock it |
|
153 |
if (mode & CRYPTO_LOCK) |
|
154 |
mutex->lock(); |
|
155 |
else |
|
156 |
mutex->unlock(); |
|
157 |
} |
|
158 |
static unsigned long id_function() |
|
159 |
{
|
|
|
30
5dc02b23752f
Revision: 201025
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
18
diff
changeset
|
160 |
return (quintptr)QThread::currentThreadId(); |
| 0 | 161 |
} |
162 |
} // extern "C" |
|
163 |
||
164 |
QSslSocketBackendPrivate::QSslSocketBackendPrivate() |
|
165 |
: ssl(0), |
|
166 |
ctx(0), |
|
|
30
5dc02b23752f
Revision: 201025
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
18
diff
changeset
|
167 |
pkey(0), |
| 0 | 168 |
readBio(0), |
169 |
writeBio(0), |
|
170 |
session(0) |
|
171 |
{
|
|
172 |
// Calls SSL_library_init(). |
|
173 |
ensureInitialized(); |
|
174 |
} |
|
175 |
||
176 |
QSslSocketBackendPrivate::~QSslSocketBackendPrivate() |
|
177 |
{
|
|
178 |
} |
|
179 |
||
180 |
QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher) |
|
181 |
{
|
|
182 |
QSslCipher ciph; |
|
183 |
||
184 |
char buf [256]; |
|
185 |
QString descriptionOneLine = QString::fromLatin1(q_SSL_CIPHER_description(cipher, buf, sizeof(buf))); |
|
186 |
||
187 |
QStringList descriptionList = descriptionOneLine.split(QLatin1String(" "), QString::SkipEmptyParts);
|
|
188 |
if (descriptionList.size() > 5) {
|
|
189 |
// ### crude code. |
|
190 |
ciph.d->isNull = false; |
|
191 |
ciph.d->name = descriptionList.at(0); |
|
192 |
||
193 |
QString protoString = descriptionList.at(1); |
|
194 |
ciph.d->protocolString = protoString; |
|
195 |
ciph.d->protocol = QSsl::UnknownProtocol; |
|
196 |
if (protoString == QLatin1String("SSLv3"))
|
|
197 |
ciph.d->protocol = QSsl::SslV3; |
|
198 |
else if (protoString == QLatin1String("SSLv2"))
|
|
199 |
ciph.d->protocol = QSsl::SslV2; |
|
200 |
else if (protoString == QLatin1String("TLSv1"))
|
|
201 |
ciph.d->protocol = QSsl::TlsV1; |
|
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
202 |
|
| 0 | 203 |
if (descriptionList.at(2).startsWith(QLatin1String("Kx=")))
|
204 |
ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3); |
|
205 |
if (descriptionList.at(3).startsWith(QLatin1String("Au=")))
|
|
206 |
ciph.d->authenticationMethod = descriptionList.at(3).mid(3); |
|
207 |
if (descriptionList.at(4).startsWith(QLatin1String("Enc=")))
|
|
208 |
ciph.d->encryptionMethod = descriptionList.at(4).mid(4); |
|
209 |
ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export"));
|
|
210 |
||
211 |
ciph.d->bits = cipher->strength_bits; |
|
212 |
ciph.d->supportedBits = cipher->alg_bits; |
|
213 |
||
214 |
} |
|
215 |
return ciph; |
|
216 |
} |
|
217 |
||
218 |
// ### This list is shared between all threads, and protected by a |
|
219 |
// mutex. Investigate using thread local storage instead. |
|
220 |
struct QSslErrorList |
|
221 |
{
|
|
222 |
QMutex mutex; |
|
223 |
QList<QPair<int, int> > errors; |
|
224 |
}; |
|
225 |
Q_GLOBAL_STATIC(QSslErrorList, _q_sslErrorList) |
|
226 |
static int q_X509Callback(int ok, X509_STORE_CTX *ctx) |
|
227 |
{
|
|
228 |
if (!ok) {
|
|
229 |
// Store the error and at which depth the error was detected. |
|
230 |
_q_sslErrorList()->errors << qMakePair<int, int>(ctx->error, ctx->error_depth); |
|
231 |
} |
|
232 |
// Always return OK to allow verification to continue. We're handle the |
|
233 |
// errors gracefully after collecting all errors, after verification has |
|
234 |
// completed. |
|
235 |
return 1; |
|
236 |
} |
|
237 |
||
238 |
bool QSslSocketBackendPrivate::initSslContext() |
|
239 |
{
|
|
240 |
Q_Q(QSslSocket); |
|
241 |
||
242 |
// Create and initialize SSL context. Accept SSLv2, SSLv3 and TLSv1. |
|
243 |
bool client = (mode == QSslSocket::SslClientMode); |
|
244 |
||
245 |
bool reinitialized = false; |
|
246 |
init_context: |
|
247 |
switch (configuration.protocol) {
|
|
248 |
case QSsl::SslV2: |
|
249 |
ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); |
|
250 |
break; |
|
251 |
case QSsl::SslV3: |
|
252 |
ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); |
|
253 |
break; |
|
254 |
case QSsl::AnyProtocol: |
|
255 |
default: |
|
256 |
ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); |
|
257 |
break; |
|
258 |
case QSsl::TlsV1: |
|
259 |
ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); |
|
260 |
break; |
|
261 |
} |
|
262 |
if (!ctx) {
|
|
263 |
// After stopping Flash 10 the SSL library looses its ciphers. Try re-adding them |
|
264 |
// by re-initializing the library. |
|
265 |
if (!reinitialized) {
|
|
266 |
reinitialized = true; |
|
267 |
if (q_SSL_library_init() == 1) |
|
268 |
goto init_context; |
|
269 |
} |
|
270 |
||
271 |
// ### Bad error code |
|
272 |
q->setErrorString(QSslSocket::tr("Error creating SSL context (%1)").arg(SSL_ERRORSTR()));
|
|
273 |
q->setSocketError(QAbstractSocket::UnknownSocketError); |
|
274 |
emit q->error(QAbstractSocket::UnknownSocketError); |
|
275 |
return false; |
|
276 |
} |
|
277 |
||
278 |
// Enable all bug workarounds. |
|
279 |
q_SSL_CTX_set_options(ctx, SSL_OP_ALL); |
|
280 |
||
281 |
// Initialize ciphers |
|
282 |
QByteArray cipherString; |
|
283 |
int first = true; |
|
284 |
QList<QSslCipher> ciphers = configuration.ciphers; |
|
285 |
if (ciphers.isEmpty()) |
|
286 |
ciphers = defaultCiphers(); |
|
287 |
foreach (const QSslCipher &cipher, ciphers) {
|
|
288 |
if (first) |
|
289 |
first = false; |
|
290 |
else |
|
291 |
cipherString.append(':');
|
|
292 |
cipherString.append(cipher.name().toLatin1()); |
|
293 |
} |
|
294 |
||
295 |
if (!q_SSL_CTX_set_cipher_list(ctx, cipherString.data())) {
|
|
296 |
// ### Bad error code |
|
297 |
q->setErrorString(QSslSocket::tr("Invalid or empty cipher list (%1)").arg(SSL_ERRORSTR()));
|
|
298 |
q->setSocketError(QAbstractSocket::UnknownSocketError); |
|
299 |
emit q->error(QAbstractSocket::UnknownSocketError); |
|
300 |
return false; |
|
301 |
} |
|
302 |
||
303 |
// Add all our CAs to this store. |
|
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
304 |
QList<QSslCertificate> expiredCerts; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
305 |
foreach (const QSslCertificate &caCertificate, q->caCertificates()) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
306 |
// add expired certs later, so that the |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
307 |
// valid ones are used before the expired ones |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
308 |
if (! caCertificate.isValid()) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
309 |
expiredCerts.append(caCertificate); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
310 |
} else {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
311 |
q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle()); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
312 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
313 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
314 |
// now add the expired certs |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
315 |
foreach (const QSslCertificate &caCertificate, expiredCerts) {
|
| 0 | 316 |
q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle()); |
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
317 |
} |
| 0 | 318 |
|
319 |
// Register a custom callback to get all verification errors. |
|
320 |
X509_STORE_set_verify_cb_func(ctx->cert_store, q_X509Callback); |
|
321 |
||
322 |
if (!configuration.localCertificate.isNull()) {
|
|
323 |
// Require a private key as well. |
|
324 |
if (configuration.privateKey.isNull()) {
|
|
325 |
q->setErrorString(QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(SSL_ERRORSTR()));
|
|
326 |
emit q->error(QAbstractSocket::UnknownSocketError); |
|
327 |
return false; |
|
328 |
} |
|
329 |
||
330 |
// Load certificate |
|
331 |
if (!q_SSL_CTX_use_certificate(ctx, (X509 *)configuration.localCertificate.handle())) {
|
|
332 |
q->setErrorString(QSslSocket::tr("Error loading local certificate, %1").arg(SSL_ERRORSTR()));
|
|
333 |
emit q->error(QAbstractSocket::UnknownSocketError); |
|
334 |
return false; |
|
335 |
} |
|
336 |
||
337 |
// Load private key |
|
|
30
5dc02b23752f
Revision: 201025
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
18
diff
changeset
|
338 |
pkey = q_EVP_PKEY_new(); |
|
5dc02b23752f
Revision: 201025
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
18
diff
changeset
|
339 |
// before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. |
|
5dc02b23752f
Revision: 201025
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
18
diff
changeset
|
340 |
// this lead to a memory leak. Now we use the *_set1_* functions which do not |
|
5dc02b23752f
Revision: 201025
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
18
diff
changeset
|
341 |
// take ownership of the RSA/DSA key instance because the QSslKey already has ownership. |
| 0 | 342 |
if (configuration.privateKey.algorithm() == QSsl::Rsa) |
|
30
5dc02b23752f
Revision: 201025
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
18
diff
changeset
|
343 |
q_EVP_PKEY_set1_RSA(pkey, (RSA *)configuration.privateKey.handle()); |
| 0 | 344 |
else |
|
30
5dc02b23752f
Revision: 201025
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
18
diff
changeset
|
345 |
q_EVP_PKEY_set1_DSA(pkey, (DSA *)configuration.privateKey.handle()); |
| 0 | 346 |
if (!q_SSL_CTX_use_PrivateKey(ctx, pkey)) {
|
347 |
q->setErrorString(QSslSocket::tr("Error loading private key, %1").arg(SSL_ERRORSTR()));
|
|
348 |
emit q->error(QAbstractSocket::UnknownSocketError); |
|
349 |
return false; |
|
350 |
} |
|
351 |
||
352 |
// Check if the certificate matches the private key. |
|
353 |
if (!q_SSL_CTX_check_private_key(ctx)) {
|
|
|
3
41300fa6a67c
Revision: 201003
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
0
diff
changeset
|
354 |
q->setErrorString(QSslSocket::tr("Private key does not certify public key, %1").arg(SSL_ERRORSTR()));
|
| 0 | 355 |
emit q->error(QAbstractSocket::UnknownSocketError); |
356 |
return false; |
|
357 |
} |
|
358 |
} |
|
359 |
||
360 |
// Initialize peer verification. |
|
361 |
if (configuration.peerVerifyMode == QSslSocket::VerifyNone) {
|
|
362 |
q_SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); |
|
363 |
} else {
|
|
364 |
q_SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, q_X509Callback); |
|
365 |
} |
|
366 |
||
367 |
// Set verification depth. |
|
368 |
if (configuration.peerVerifyDepth != 0) |
|
369 |
q_SSL_CTX_set_verify_depth(ctx, configuration.peerVerifyDepth); |
|
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
370 |
|
| 0 | 371 |
// Create and initialize SSL session |
372 |
if (!(ssl = q_SSL_new(ctx))) {
|
|
373 |
// ### Bad error code |
|
374 |
q->setErrorString(QSslSocket::tr("Error creating SSL session, %1").arg(SSL_ERRORSTR()));
|
|
375 |
q->setSocketError(QAbstractSocket::UnknownSocketError); |
|
376 |
emit q->error(QAbstractSocket::UnknownSocketError); |
|
377 |
return false; |
|
378 |
} |
|
379 |
||
380 |
// Clear the session. |
|
381 |
q_SSL_clear(ssl); |
|
382 |
errorList.clear(); |
|
383 |
||
384 |
// Initialize memory BIOs for encryption and decryption. |
|
385 |
readBio = q_BIO_new(q_BIO_s_mem()); |
|
386 |
writeBio = q_BIO_new(q_BIO_s_mem()); |
|
387 |
if (!readBio || !writeBio) {
|
|
388 |
// ### Bad error code |
|
389 |
q->setErrorString(QSslSocket::tr("Error creating SSL session: %1").arg(SSL_ERRORSTR()));
|
|
390 |
q->setSocketError(QAbstractSocket::UnknownSocketError); |
|
391 |
emit q->error(QAbstractSocket::UnknownSocketError); |
|
392 |
return false; |
|
393 |
} |
|
394 |
||
395 |
// Assign the bios. |
|
396 |
q_SSL_set_bio(ssl, readBio, writeBio); |
|
397 |
||
398 |
if (mode == QSslSocket::SslClientMode) |
|
399 |
q_SSL_set_connect_state(ssl); |
|
400 |
else |
|
401 |
q_SSL_set_accept_state(ssl); |
|
402 |
||
403 |
return true; |
|
404 |
} |
|
405 |
||
406 |
/*! |
|
407 |
\internal |
|
408 |
*/ |
|
409 |
void QSslSocketPrivate::deinitialize() |
|
410 |
{
|
|
411 |
q_CRYPTO_set_id_callback(0); |
|
412 |
q_CRYPTO_set_locking_callback(0); |
|
413 |
} |
|
414 |
||
415 |
/*! |
|
416 |
\internal |
|
417 |
||
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
418 |
Does the minimum amount of initialization to determine whether SSL |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
419 |
is supported or not. |
| 0 | 420 |
*/ |
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
421 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
422 |
bool QSslSocketPrivate::supportsSsl() |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
423 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
424 |
return ensureLibraryLoaded(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
425 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
426 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
427 |
bool QSslSocketPrivate::ensureLibraryLoaded() |
| 0 | 428 |
{
|
429 |
if (!q_resolveOpenSslSymbols()) |
|
430 |
return false; |
|
431 |
||
432 |
// Check if the library itself needs to be initialized. |
|
433 |
QMutexLocker locker(openssl_locks()->initLock()); |
|
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
434 |
if (!s_libraryLoaded) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
435 |
s_libraryLoaded = true; |
| 0 | 436 |
|
437 |
// Initialize OpenSSL. |
|
438 |
q_CRYPTO_set_id_callback(id_function); |
|
439 |
q_CRYPTO_set_locking_callback(locking_function); |
|
440 |
if (q_SSL_library_init() != 1) |
|
441 |
return false; |
|
442 |
q_SSL_load_error_strings(); |
|
443 |
q_OpenSSL_add_all_algorithms(); |
|
444 |
||
445 |
// Initialize OpenSSL's random seed. |
|
446 |
if (!q_RAND_status()) {
|
|
447 |
struct {
|
|
448 |
int msec; |
|
449 |
int sec; |
|
450 |
void *stack; |
|
451 |
} randomish; |
|
452 |
||
453 |
int attempts = 500; |
|
454 |
do {
|
|
455 |
if (attempts < 500) {
|
|
456 |
#ifdef Q_OS_UNIX |
|
457 |
struct timespec ts = {0, 33333333};
|
|
458 |
nanosleep(&ts, 0); |
|
459 |
#else |
|
460 |
Sleep(3); |
|
461 |
#endif |
|
462 |
randomish.msec = attempts; |
|
463 |
} |
|
464 |
randomish.stack = (void *)&randomish; |
|
465 |
randomish.msec = QTime::currentTime().msec(); |
|
466 |
randomish.sec = QTime::currentTime().second(); |
|
467 |
q_RAND_seed((const char *)&randomish, sizeof(randomish)); |
|
468 |
} while (!q_RAND_status() && --attempts); |
|
469 |
if (!attempts) |
|
470 |
return false; |
|
471 |
} |
|
472 |
} |
|
473 |
return true; |
|
474 |
} |
|
475 |
||
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
476 |
void QSslSocketPrivate::ensureCiphersAndCertsLoaded() |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
477 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
478 |
QMutexLocker locker(openssl_locks()->initLock()); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
479 |
if (s_loadedCiphersAndCerts) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
480 |
return; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
481 |
s_loadedCiphersAndCerts = true; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
482 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
483 |
resetDefaultCiphers(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
484 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
485 |
//load symbols needed to receive certificates from system store |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
486 |
#if defined(Q_OS_MAC) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
487 |
QLibrary securityLib("/System/Library/Frameworks/Security.framework/Versions/Current/Security");
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
488 |
if (securityLib.load()) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
489 |
ptrSecCertificateGetData = (PtrSecCertificateGetData) securityLib.resolve("SecCertificateGetData");
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
490 |
if (!ptrSecCertificateGetData) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
491 |
qWarning("could not resolve symbols in security library"); // should never happen
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
492 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
493 |
ptrSecTrustSettingsCopyCertificates = (PtrSecTrustSettingsCopyCertificates) securityLib.resolve("SecTrustSettingsCopyCertificates");
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
494 |
if (!ptrSecTrustSettingsCopyCertificates) { // method was introduced in Leopard, use legacy method if it's not there
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
495 |
ptrSecTrustCopyAnchorCertificates = (PtrSecTrustCopyAnchorCertificates) securityLib.resolve("SecTrustCopyAnchorCertificates");
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
496 |
if (!ptrSecTrustCopyAnchorCertificates) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
497 |
qWarning("could not resolve symbols in security library"); // should never happen
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
498 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
499 |
} else {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
500 |
qWarning("could not load security library");
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
501 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
502 |
#elif defined(Q_OS_WIN) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
503 |
HINSTANCE hLib = LoadLibraryW(L"Crypt32"); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
504 |
if (hLib) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
505 |
#if defined(Q_OS_WINCE) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
506 |
ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, L"CertOpenStore"); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
507 |
ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, L"CertFindCertificateInStore"); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
508 |
ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, L"CertCloseStore"); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
509 |
#else |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
510 |
ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
511 |
ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
512 |
ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
513 |
#endif |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
514 |
if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
515 |
qWarning("could not resolve symbols in crypt32 library"); // should never happen
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
516 |
} else {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
517 |
qWarning("could not load crypt32 library"); // should never happen
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
518 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
519 |
#endif |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
520 |
setDefaultCaCertificates(systemCaCertificates()); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
521 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
522 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
523 |
/*! |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
524 |
\internal |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
525 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
526 |
Declared static in QSslSocketPrivate, makes sure the SSL libraries have |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
527 |
been initialized. |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
528 |
*/ |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
529 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
530 |
void QSslSocketPrivate::ensureInitialized() |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
531 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
532 |
if (!supportsSsl()) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
533 |
return; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
534 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
535 |
ensureCiphersAndCertsLoaded(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
536 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
537 |
|
| 0 | 538 |
/*! |
539 |
\internal |
|
540 |
||
541 |
Declared static in QSslSocketPrivate, backend-dependent loading of |
|
542 |
application-wide global ciphers. |
|
543 |
*/ |
|
544 |
void QSslSocketPrivate::resetDefaultCiphers() |
|
545 |
{
|
|
546 |
SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method()); |
|
547 |
SSL *mySsl = q_SSL_new(myCtx); |
|
548 |
||
549 |
QList<QSslCipher> ciphers; |
|
550 |
||
551 |
STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl); |
|
552 |
for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) {
|
|
553 |
if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
|
|
554 |
if (cipher->valid) {
|
|
555 |
QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher); |
|
556 |
if (!ciph.isNull()) {
|
|
557 |
if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
|
|
558 |
ciphers << ciph; |
|
559 |
} |
|
560 |
} |
|
561 |
} |
|
562 |
} |
|
563 |
||
564 |
q_SSL_CTX_free(myCtx); |
|
565 |
q_SSL_free(mySsl); |
|
566 |
||
567 |
setDefaultSupportedCiphers(ciphers); |
|
568 |
setDefaultCiphers(ciphers); |
|
569 |
} |
|
570 |
||
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
571 |
#if defined(Q_OS_SYMBIAN) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
572 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
573 |
QCertificateRetriever::QCertificateRetriever(QCertificateConsumer* parent) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
574 |
: CActive(EPriorityStandard) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
575 |
, certStore(0) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
576 |
, certFilter(0) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
577 |
, consumer(parent) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
578 |
, currentCertificateIndex(0) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
579 |
, certDescriptor(0, 0) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
580 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
581 |
CActiveScheduler::Add(this); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
582 |
QT_TRAP_THROWING(certStore = CUnifiedCertStore::NewL(qt_s60GetRFs(), EFalse)); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
583 |
QT_TRAP_THROWING(certFilter = CCertAttributeFilter::NewL()); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
584 |
certFilter->SetFormat(EX509Certificate); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
585 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
586 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
587 |
QCertificateRetriever::~QCertificateRetriever() |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
588 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
589 |
delete certFilter; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
590 |
delete certStore; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
591 |
Cancel(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
592 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
593 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
594 |
void QCertificateRetriever::fetch() |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
595 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
596 |
certStore->Initialize(iStatus); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
597 |
state = Initializing; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
598 |
SetActive(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
599 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
600 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
601 |
void QCertificateRetriever::list() |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
602 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
603 |
certStore->List(certs, *certFilter, iStatus); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
604 |
state = Listing; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
605 |
SetActive(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
606 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
607 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
608 |
void QCertificateRetriever::retrieveNextCertificate() |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
609 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
610 |
CCTCertInfo* cert = certs[currentCertificateIndex]; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
611 |
currentCertificate.resize(cert->Size()); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
612 |
certDescriptor.Set((TUint8*)currentCertificate.data(), 0, currentCertificate.size()); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
613 |
certStore->Retrieve(*cert, certDescriptor, iStatus); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
614 |
state = RetrievingCertificates; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
615 |
SetActive(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
616 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
617 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
618 |
void QCertificateRetriever::RunL() |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
619 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
620 |
QT_TRYCATCH_LEAVING(run()); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
621 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
622 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
623 |
void QCertificateRetriever::run() |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
624 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
625 |
switch (state) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
626 |
case Initializing: |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
627 |
list(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
628 |
break; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
629 |
case Listing: |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
630 |
currentCertificateIndex = 0; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
631 |
retrieveNextCertificate(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
632 |
break; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
633 |
case RetrievingCertificates: |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
634 |
consumer->addEncodedCertificate(currentCertificate); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
635 |
currentCertificate = QByteArray(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
636 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
637 |
currentCertificateIndex++; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
638 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
639 |
if (currentCertificateIndex < certs.Count()) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
640 |
retrieveNextCertificate(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
641 |
else |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
642 |
consumer->finish(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
643 |
break; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
644 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
645 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
646 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
647 |
void QCertificateRetriever::DoCancel() |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
648 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
649 |
switch (state) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
650 |
case Initializing: |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
651 |
certStore->CancelInitialize(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
652 |
break; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
653 |
case Listing: |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
654 |
certStore->CancelList(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
655 |
break; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
656 |
case RetrievingCertificates: |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
657 |
certStore->CancelRetrieve(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
658 |
break; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
659 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
660 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
661 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
662 |
QCertificateConsumer::QCertificateConsumer(QObject* parent) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
663 |
: QObject(parent) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
664 |
, retriever(0) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
665 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
666 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
667 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
668 |
QCertificateConsumer::~QCertificateConsumer() |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
669 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
670 |
delete retriever; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
671 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
672 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
673 |
void QCertificateConsumer::finish() |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
674 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
675 |
delete retriever; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
676 |
retriever = 0; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
677 |
emit finished(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
678 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
679 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
680 |
void QCertificateConsumer::start() |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
681 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
682 |
retriever = new QCertificateRetriever(this); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
683 |
Q_CHECK_PTR(retriever); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
684 |
retriever->fetch(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
685 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
686 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
687 |
#endif // defined(Q_OS_SYMBIAN) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
688 |
|
| 0 | 689 |
QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates() |
690 |
{
|
|
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
691 |
ensureInitialized(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
692 |
QList<QSslCertificate> systemCerts; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
693 |
#if defined(Q_OS_MAC) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
694 |
CFArrayRef cfCerts; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
695 |
OSStatus status = 1; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
696 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
697 |
OSStatus SecCertificateGetData ( |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
698 |
SecCertificateRef certificate, |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
699 |
CSSM_DATA_PTR data |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
700 |
); |
| 0 | 701 |
|
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
702 |
if (ptrSecCertificateGetData) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
703 |
if (ptrSecTrustSettingsCopyCertificates) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
704 |
status = ptrSecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
705 |
else if (ptrSecTrustCopyAnchorCertificates) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
706 |
status = ptrSecTrustCopyAnchorCertificates(&cfCerts); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
707 |
if (!status) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
708 |
CFIndex size = CFArrayGetCount(cfCerts); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
709 |
for (CFIndex i = 0; i < size; ++i) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
710 |
SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
711 |
CSSM_DATA data; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
712 |
CSSM_DATA_PTR dataPtr = &data; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
713 |
if (ptrSecCertificateGetData(cfCert, dataPtr)) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
714 |
qWarning("error retrieving a CA certificate from the system store");
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
715 |
} else {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
716 |
int len = data.Length; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
717 |
char *rawData = reinterpret_cast<char *>(data.Data); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
718 |
QByteArray rawCert(rawData, len); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
719 |
systemCerts.append(QSslCertificate::fromData(rawCert, QSsl::Der)); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
720 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
721 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
722 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
723 |
else {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
724 |
// no detailed error handling here |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
725 |
qWarning("could not retrieve system CA certificates");
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
726 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
727 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
728 |
#elif defined(Q_OS_WIN) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
729 |
if (ptrCertOpenSystemStoreW && ptrCertFindCertificateInStore && ptrCertCloseStore) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
730 |
HCERTSTORE hSystemStore; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
731 |
#if defined(Q_OS_WINCE) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
732 |
hSystemStore = ptrCertOpenSystemStoreW(CERT_STORE_PROV_SYSTEM_W, |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
733 |
0, |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
734 |
0, |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
735 |
CERT_STORE_NO_CRYPT_RELEASE_FLAG|CERT_SYSTEM_STORE_CURRENT_USER, |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
736 |
L"ROOT"); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
737 |
#else |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
738 |
hSystemStore = ptrCertOpenSystemStoreW(0, L"ROOT"); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
739 |
#endif |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
740 |
if(hSystemStore) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
741 |
PCCERT_CONTEXT pc = NULL; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
742 |
while(1) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
743 |
pc = ptrCertFindCertificateInStore( hSystemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, pc); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
744 |
if(!pc) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
745 |
break; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
746 |
QByteArray der((const char *)(pc->pbCertEncoded), static_cast<int>(pc->cbCertEncoded)); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
747 |
QSslCertificate cert(der, QSsl::Der); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
748 |
systemCerts.append(cert); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
749 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
750 |
ptrCertCloseStore(hSystemStore, 0); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
751 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
752 |
} |
|
37
758a864f9613
Revision: 201037
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
33
diff
changeset
|
753 |
#elif defined(Q_OS_UNIX) && !defined(Q_OS_SYMBIAN) |
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
754 |
systemCerts.append(QSslCertificate::fromPath(QLatin1String("/var/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // AIX
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
755 |
systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Solaris
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
756 |
systemCerts.append(QSslCertificate::fromPath(QLatin1String("/opt/openssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // HP-UX
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
757 |
systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // (K)ubuntu, OpenSUSE, Mandriva, ...
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
758 |
systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
759 |
systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/lib/ssl/certs/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Gentoo, Mandrake
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
760 |
systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/share/ssl/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Centos, Redhat, SuSE
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
761 |
systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Normal OpenSSL Tarball
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
762 |
#elif defined(Q_OS_SYMBIAN) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
763 |
QThread* certThread = new QThread; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
764 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
765 |
QCertificateConsumer *consumer = new QCertificateConsumer(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
766 |
consumer->moveToThread(certThread); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
767 |
QObject::connect(certThread, SIGNAL(started()), consumer, SLOT(start())); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
768 |
QObject::connect(consumer, SIGNAL(finished()), certThread, SLOT(quit()), Qt::DirectConnection); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
769 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
770 |
certThread->start(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
771 |
certThread->wait(); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
772 |
foreach (const QByteArray &encodedCert, consumer->encodedCertificates()) {
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
773 |
QSslCertificate cert(encodedCert, QSsl::Der); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
774 |
if (!cert.isNull()) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
775 |
systemCerts.append(cert); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
776 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
777 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
778 |
delete consumer; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
779 |
delete certThread; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
780 |
#endif |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
781 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
782 |
return systemCerts; |
| 0 | 783 |
} |
784 |
||
785 |
void QSslSocketBackendPrivate::startClientEncryption() |
|
786 |
{
|
|
787 |
if (!initSslContext()) {
|
|
788 |
// ### report error: internal OpenSSL failure |
|
789 |
return; |
|
790 |
} |
|
791 |
||
792 |
// Start connecting. This will place outgoing data in the BIO, so we |
|
793 |
// follow up with calling transmit(). |
|
794 |
startHandshake(); |
|
795 |
transmit(); |
|
796 |
} |
|
797 |
||
798 |
void QSslSocketBackendPrivate::startServerEncryption() |
|
799 |
{
|
|
800 |
if (!initSslContext()) {
|
|
801 |
// ### report error: internal OpenSSL failure |
|
802 |
return; |
|
803 |
} |
|
804 |
||
805 |
// Start connecting. This will place outgoing data in the BIO, so we |
|
806 |
// follow up with calling transmit(). |
|
807 |
startHandshake(); |
|
808 |
transmit(); |
|
809 |
} |
|
810 |
||
811 |
/*! |
|
812 |
\internal |
|
813 |
||
814 |
Transmits encrypted data between the BIOs and the socket. |
|
815 |
*/ |
|
816 |
void QSslSocketBackendPrivate::transmit() |
|
817 |
{
|
|
818 |
Q_Q(QSslSocket); |
|
819 |
||
820 |
// If we don't have any SSL context, don't bother transmitting. |
|
821 |
if (!ssl) |
|
822 |
return; |
|
823 |
||
824 |
bool transmitting; |
|
825 |
do {
|
|
826 |
transmitting = false; |
|
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
827 |
|
| 0 | 828 |
// If the connection is secure, we can transfer data from the write |
829 |
// buffer (in plain text) to the write BIO through SSL_write. |
|
830 |
if (connectionEncrypted && !writeBuffer.isEmpty()) {
|
|
831 |
qint64 totalBytesWritten = 0; |
|
832 |
int nextDataBlockSize; |
|
833 |
while ((nextDataBlockSize = writeBuffer.nextDataBlockSize()) > 0) {
|
|
834 |
int writtenBytes = q_SSL_write(ssl, writeBuffer.readPointer(), nextDataBlockSize); |
|
835 |
if (writtenBytes <= 0) {
|
|
836 |
// ### Better error handling. |
|
837 |
q->setErrorString(QSslSocket::tr("Unable to write data: %1").arg(SSL_ERRORSTR()));
|
|
838 |
q->setSocketError(QAbstractSocket::UnknownSocketError); |
|
839 |
emit q->error(QAbstractSocket::UnknownSocketError); |
|
840 |
return; |
|
841 |
} |
|
842 |
#ifdef QSSLSOCKET_DEBUG |
|
843 |
qDebug() << "QSslSocketBackendPrivate::transmit: encrypted" << writtenBytes << "bytes"; |
|
844 |
#endif |
|
845 |
writeBuffer.free(writtenBytes); |
|
846 |
totalBytesWritten += writtenBytes; |
|
|
18
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
847 |
|
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
848 |
if (writtenBytes < nextDataBlockSize) {
|
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
849 |
// break out of the writing loop and try again after we had read |
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
850 |
transmitting = true; |
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
851 |
break; |
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
852 |
} |
| 0 | 853 |
} |
854 |
||
855 |
if (totalBytesWritten > 0) {
|
|
856 |
// Don't emit bytesWritten() recursively. |
|
857 |
if (!emittedBytesWritten) {
|
|
858 |
emittedBytesWritten = true; |
|
859 |
emit q->bytesWritten(totalBytesWritten); |
|
860 |
emittedBytesWritten = false; |
|
861 |
} |
|
862 |
} |
|
863 |
} |
|
864 |
||
865 |
// Check if we've got any data to be written to the socket. |
|
866 |
QVarLengthArray<char, 4096> data; |
|
867 |
int pendingBytes; |
|
868 |
while (plainSocket->isValid() && (pendingBytes = q_BIO_pending(writeBio)) > 0) {
|
|
869 |
// Read encrypted data from the write BIO into a buffer. |
|
870 |
data.resize(pendingBytes); |
|
871 |
int encryptedBytesRead = q_BIO_read(writeBio, data.data(), pendingBytes); |
|
872 |
||
873 |
// Write encrypted data from the buffer to the socket. |
|
874 |
plainSocket->write(data.constData(), encryptedBytesRead); |
|
875 |
#ifdef QSSLSOCKET_DEBUG |
|
876 |
qDebug() << "QSslSocketBackendPrivate::transmit: wrote" << encryptedBytesRead << "encrypted bytes to the socket"; |
|
877 |
#endif |
|
878 |
transmitting = true; |
|
879 |
} |
|
880 |
||
881 |
// Check if we've got any data to be read from the socket. |
|
882 |
if (!connectionEncrypted || !readBufferMaxSize || readBuffer.size() < readBufferMaxSize) |
|
883 |
while ((pendingBytes = plainSocket->bytesAvailable()) > 0) {
|
|
884 |
// Read encrypted data from the socket into a buffer. |
|
885 |
data.resize(pendingBytes); |
|
|
18
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
886 |
// just peek() here because q_BIO_write could write less data than expected |
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
887 |
int encryptedBytesRead = plainSocket->peek(data.data(), pendingBytes); |
| 0 | 888 |
#ifdef QSSLSOCKET_DEBUG |
|
18
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
889 |
qDebug() << "QSslSocketBackendPrivate::transmit: read" << encryptedBytesRead << "encrypted bytes from the socket"; |
| 0 | 890 |
#endif |
891 |
// Write encrypted data from the buffer into the read BIO. |
|
|
18
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
892 |
int writtenToBio = q_BIO_write(readBio, data.constData(), encryptedBytesRead); |
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
893 |
|
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
894 |
// do the actual read() here and throw away the results. |
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
895 |
if (writtenToBio > 0) {
|
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
896 |
// ### TODO: make this cheaper by not making it memcpy. E.g. make it work with data=0x0 or make it work with seek |
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
897 |
plainSocket->read(data.data(), writtenToBio); |
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
898 |
} else {
|
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
899 |
// ### Better error handling. |
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
900 |
q->setErrorString(QSslSocket::tr("Unable to decrypt data: %1").arg(SSL_ERRORSTR()));
|
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
901 |
q->setSocketError(QAbstractSocket::UnknownSocketError); |
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
902 |
emit q->error(QAbstractSocket::UnknownSocketError); |
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
903 |
return; |
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
904 |
} |
|
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
905 |
|
| 0 | 906 |
transmitting = true; |
907 |
} |
|
908 |
||
909 |
// If the connection isn't secured yet, this is the time to retry the |
|
910 |
// connect / accept. |
|
911 |
if (!connectionEncrypted) {
|
|
912 |
#ifdef QSSLSOCKET_DEBUG |
|
913 |
qDebug() << "QSslSocketBackendPrivate::transmit: testing encryption"; |
|
914 |
#endif |
|
915 |
if (startHandshake()) {
|
|
916 |
#ifdef QSSLSOCKET_DEBUG |
|
917 |
qDebug() << "QSslSocketBackendPrivate::transmit: encryption established"; |
|
918 |
#endif |
|
919 |
connectionEncrypted = true; |
|
920 |
transmitting = true; |
|
921 |
} else if (plainSocket->state() != QAbstractSocket::ConnectedState) {
|
|
922 |
#ifdef QSSLSOCKET_DEBUG |
|
923 |
qDebug() << "QSslSocketBackendPrivate::transmit: connection lost"; |
|
924 |
#endif |
|
925 |
break; |
|
926 |
} else {
|
|
927 |
#ifdef QSSLSOCKET_DEBUG |
|
928 |
qDebug() << "QSslSocketBackendPrivate::transmit: encryption not done yet"; |
|
929 |
#endif |
|
930 |
} |
|
931 |
} |
|
932 |
||
933 |
// If the request is small and the remote host closes the transmission |
|
934 |
// after sending, there's a chance that startHandshake() will already |
|
935 |
// have triggered a shutdown. |
|
936 |
if (!ssl) |
|
937 |
continue; |
|
938 |
||
939 |
// We always read everything from the SSL decryption buffers, even if |
|
940 |
// we have a readBufferMaxSize. There's no point in leaving data there |
|
941 |
// just so that readBuffer.size() == readBufferMaxSize. |
|
942 |
int readBytes = 0; |
|
943 |
data.resize(4096); |
|
944 |
::memset(data.data(), 0, data.size()); |
|
945 |
do {
|
|
946 |
// Don't use SSL_pending(). It's very unreliable. |
|
947 |
if ((readBytes = q_SSL_read(ssl, data.data(), data.size())) > 0) {
|
|
948 |
#ifdef QSSLSOCKET_DEBUG |
|
949 |
qDebug() << "QSslSocketBackendPrivate::transmit: decrypted" << readBytes << "bytes"; |
|
950 |
#endif |
|
951 |
char *ptr = readBuffer.reserve(readBytes); |
|
952 |
::memcpy(ptr, data.data(), readBytes); |
|
953 |
||
954 |
if (readyReadEmittedPointer) |
|
955 |
*readyReadEmittedPointer = true; |
|
956 |
emit q->readyRead(); |
|
957 |
transmitting = true; |
|
958 |
continue; |
|
959 |
} |
|
960 |
||
961 |
// Error. |
|
962 |
switch (q_SSL_get_error(ssl, readBytes)) {
|
|
963 |
case SSL_ERROR_WANT_READ: |
|
964 |
case SSL_ERROR_WANT_WRITE: |
|
965 |
// Out of data. |
|
966 |
break; |
|
967 |
case SSL_ERROR_ZERO_RETURN: |
|
968 |
// The remote host closed the connection. |
|
969 |
#ifdef QSSLSOCKET_DEBUG |
|
970 |
qDebug() << "QSslSocketBackendPrivate::transmit: remote disconnect"; |
|
971 |
#endif |
|
972 |
plainSocket->disconnectFromHost(); |
|
973 |
break; |
|
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
974 |
case SSL_ERROR_SYSCALL: // some IO error |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
975 |
case SSL_ERROR_SSL: // error in the SSL library |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
976 |
// we do not know exactly what the error is, nor whether we can recover from it, |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
977 |
// so just return to prevent an endless loop in the outer "while" statement |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
978 |
q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(SSL_ERRORSTR()));
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
979 |
q->setSocketError(QAbstractSocket::UnknownSocketError); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
980 |
emit q->error(QAbstractSocket::UnknownSocketError); |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
981 |
return; |
| 0 | 982 |
default: |
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
983 |
// SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT: can only happen with a |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
984 |
// BIO_s_connect() or BIO_s_accept(), which we do not call. |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
985 |
// SSL_ERROR_WANT_X509_LOOKUP: can only happen with a |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
986 |
// SSL_CTX_set_client_cert_cb(), which we do not call. |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
987 |
// So this default case should never be triggered. |
| 0 | 988 |
q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(SSL_ERRORSTR()));
|
989 |
q->setSocketError(QAbstractSocket::UnknownSocketError); |
|
990 |
emit q->error(QAbstractSocket::UnknownSocketError); |
|
991 |
break; |
|
992 |
} |
|
993 |
} while (ssl && readBytes > 0); |
|
994 |
} while (ssl && ctx && transmitting); |
|
995 |
} |
|
996 |
||
997 |
static QSslError _q_OpenSSL_to_QSslError(int errorCode, const QSslCertificate &cert) |
|
998 |
{
|
|
999 |
QSslError error; |
|
1000 |
switch (errorCode) {
|
|
1001 |
case X509_V_OK: |
|
1002 |
// X509_V_OK is also reported if the peer had no certificate. |
|
1003 |
break; |
|
1004 |
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: |
|
1005 |
error = QSslError(QSslError::UnableToGetIssuerCertificate, cert); break; |
|
1006 |
case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: |
|
1007 |
error = QSslError(QSslError::UnableToDecryptCertificateSignature, cert); break; |
|
1008 |
case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: |
|
1009 |
error = QSslError(QSslError::UnableToDecodeIssuerPublicKey, cert); break; |
|
1010 |
case X509_V_ERR_CERT_SIGNATURE_FAILURE: |
|
1011 |
error = QSslError(QSslError::CertificateSignatureFailed, cert); break; |
|
1012 |
case X509_V_ERR_CERT_NOT_YET_VALID: |
|
1013 |
error = QSslError(QSslError::CertificateNotYetValid, cert); break; |
|
1014 |
case X509_V_ERR_CERT_HAS_EXPIRED: |
|
1015 |
error = QSslError(QSslError::CertificateExpired, cert); break; |
|
1016 |
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: |
|
1017 |
error = QSslError(QSslError::InvalidNotBeforeField, cert); break; |
|
1018 |
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: |
|
1019 |
error = QSslError(QSslError::InvalidNotAfterField, cert); break; |
|
1020 |
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: |
|
1021 |
error = QSslError(QSslError::SelfSignedCertificate, cert); break; |
|
1022 |
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: |
|
1023 |
error = QSslError(QSslError::SelfSignedCertificateInChain, cert); break; |
|
1024 |
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: |
|
1025 |
error = QSslError(QSslError::UnableToGetLocalIssuerCertificate, cert); break; |
|
1026 |
case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: |
|
1027 |
error = QSslError(QSslError::UnableToVerifyFirstCertificate, cert); break; |
|
1028 |
case X509_V_ERR_CERT_REVOKED: |
|
1029 |
error = QSslError(QSslError::CertificateRevoked, cert); break; |
|
1030 |
case X509_V_ERR_INVALID_CA: |
|
1031 |
error = QSslError(QSslError::InvalidCaCertificate, cert); break; |
|
1032 |
case X509_V_ERR_PATH_LENGTH_EXCEEDED: |
|
1033 |
error = QSslError(QSslError::PathLengthExceeded, cert); break; |
|
1034 |
case X509_V_ERR_INVALID_PURPOSE: |
|
1035 |
error = QSslError(QSslError::InvalidPurpose, cert); break; |
|
1036 |
case X509_V_ERR_CERT_UNTRUSTED: |
|
1037 |
error = QSslError(QSslError::CertificateUntrusted, cert); break; |
|
1038 |
case X509_V_ERR_CERT_REJECTED: |
|
1039 |
error = QSslError(QSslError::CertificateRejected, cert); break; |
|
1040 |
default: |
|
1041 |
error = QSslError(QSslError::UnspecifiedError, cert); break; |
|
1042 |
} |
|
1043 |
return error; |
|
1044 |
} |
|
1045 |
||
1046 |
bool QSslSocketBackendPrivate::startHandshake() |
|
1047 |
{
|
|
1048 |
Q_Q(QSslSocket); |
|
1049 |
||
1050 |
// Check if the connection has been established. Get all errors from the |
|
1051 |
// verification stage. |
|
1052 |
_q_sslErrorList()->mutex.lock(); |
|
1053 |
_q_sslErrorList()->errors.clear(); |
|
1054 |
int result = (mode == QSslSocket::SslClientMode) ? q_SSL_connect(ssl) : q_SSL_accept(ssl); |
|
1055 |
||
1056 |
const QList<QPair<int, int> > &lastErrors = _q_sslErrorList()->errors; |
|
1057 |
for (int i = 0; i < lastErrors.size(); ++i) {
|
|
1058 |
const QPair<int, int> ¤tError = lastErrors.at(i); |
|
1059 |
// Initialize the peer certificate chain in order to find which certificate caused this error |
|
1060 |
if (configuration.peerCertificateChain.isEmpty()) |
|
1061 |
configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl)); |
|
1062 |
emit q->peerVerifyError(_q_OpenSSL_to_QSslError(currentError.first, |
|
1063 |
configuration.peerCertificateChain.value(currentError.second))); |
|
1064 |
if (q->state() != QAbstractSocket::ConnectedState) |
|
1065 |
break; |
|
1066 |
} |
|
1067 |
||
1068 |
errorList << lastErrors; |
|
1069 |
_q_sslErrorList()->mutex.unlock(); |
|
1070 |
||
1071 |
// Connection aborted during handshake phase. |
|
1072 |
if (q->state() != QAbstractSocket::ConnectedState) |
|
1073 |
return false; |
|
1074 |
||
1075 |
// Check if we're encrypted or not. |
|
1076 |
if (result <= 0) {
|
|
1077 |
switch (q_SSL_get_error(ssl, result)) {
|
|
1078 |
case SSL_ERROR_WANT_READ: |
|
1079 |
case SSL_ERROR_WANT_WRITE: |
|
1080 |
// The handshake is not yet complete. |
|
1081 |
break; |
|
1082 |
default: |
|
1083 |
// ### Handle errors better |
|
1084 |
q->setErrorString(QSslSocket::tr("Error during SSL handshake: %1").arg(SSL_ERRORSTR()));
|
|
1085 |
q->setSocketError(QAbstractSocket::SslHandshakeFailedError); |
|
1086 |
#ifdef QSSLSOCKET_DEBUG |
|
1087 |
qDebug() << "QSslSocketBackendPrivate::startHandshake: error!" << q->errorString(); |
|
1088 |
#endif |
|
1089 |
emit q->error(QAbstractSocket::SslHandshakeFailedError); |
|
1090 |
q->abort(); |
|
1091 |
} |
|
1092 |
return false; |
|
1093 |
} |
|
1094 |
||
1095 |
// Store the peer certificate and chain. For clients, the peer certificate |
|
1096 |
// chain includes the peer certificate; for servers, it doesn't. Both the |
|
1097 |
// peer certificate and the chain may be empty if the peer didn't present |
|
1098 |
// any certificate. |
|
1099 |
if (configuration.peerCertificateChain.isEmpty()) |
|
1100 |
configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl)); |
|
1101 |
X509 *x509 = q_SSL_get_peer_certificate(ssl); |
|
1102 |
configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509); |
|
1103 |
q_X509_free(x509); |
|
1104 |
||
1105 |
// Start translating errors. |
|
1106 |
QList<QSslError> errors; |
|
1107 |
bool doVerifyPeer = configuration.peerVerifyMode == QSslSocket::VerifyPeer |
|
1108 |
|| (configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer |
|
1109 |
&& mode == QSslSocket::SslClientMode); |
|
1110 |
||
1111 |
// Check the peer certificate itself. First try the subject's common name |
|
1112 |
// (CN) as a wildcard, then try all alternate subject name DNS entries the |
|
1113 |
// same way. |
|
1114 |
if (!configuration.peerCertificate.isNull()) {
|
|
1115 |
// but only if we're a client connecting to a server |
|
1116 |
// if we're the server, don't check CN |
|
1117 |
if (mode == QSslSocket::SslClientMode) {
|
|
1118 |
QString peerName = (verificationPeerName.isEmpty () ? q->peerName() : verificationPeerName); |
|
1119 |
QString commonName = configuration.peerCertificate.subjectInfo(QSslCertificate::CommonName); |
|
1120 |
||
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1121 |
if (!isMatchingHostname(commonName.toLower(), peerName.toLower())) {
|
| 0 | 1122 |
bool matched = false; |
|
18
2f34d5167611
Revision: 201011
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
3
diff
changeset
|
1123 |
foreach (const QString &altName, configuration.peerCertificate |
| 0 | 1124 |
.alternateSubjectNames().values(QSsl::DnsEntry)) {
|
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1125 |
if (isMatchingHostname(altName.toLower(), peerName.toLower())) {
|
| 0 | 1126 |
matched = true; |
1127 |
break; |
|
1128 |
} |
|
1129 |
} |
|
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1130 |
|
| 0 | 1131 |
if (!matched) {
|
1132 |
// No matches in common names or alternate names. |
|
1133 |
QSslError error(QSslError::HostNameMismatch, configuration.peerCertificate); |
|
1134 |
errors << error; |
|
1135 |
emit q->peerVerifyError(error); |
|
1136 |
if (q->state() != QAbstractSocket::ConnectedState) |
|
1137 |
return false; |
|
1138 |
} |
|
1139 |
} |
|
1140 |
} |
|
1141 |
} else {
|
|
1142 |
// No peer certificate presented. Report as error if the socket |
|
1143 |
// expected one. |
|
1144 |
if (doVerifyPeer) {
|
|
1145 |
QSslError error(QSslError::NoPeerCertificate); |
|
1146 |
errors << error; |
|
1147 |
emit q->peerVerifyError(error); |
|
1148 |
if (q->state() != QAbstractSocket::ConnectedState) |
|
1149 |
return false; |
|
1150 |
} |
|
1151 |
} |
|
1152 |
||
1153 |
// Translate errors from the error list into QSslErrors. |
|
1154 |
for (int i = 0; i < errorList.size(); ++i) {
|
|
1155 |
const QPair<int, int> &errorAndDepth = errorList.at(i); |
|
1156 |
int err = errorAndDepth.first; |
|
1157 |
int depth = errorAndDepth.second; |
|
1158 |
errors << _q_OpenSSL_to_QSslError(err, configuration.peerCertificateChain.value(depth)); |
|
1159 |
} |
|
1160 |
||
1161 |
if (!errors.isEmpty()) {
|
|
1162 |
sslErrors = errors; |
|
1163 |
emit q->sslErrors(errors); |
|
1164 |
||
1165 |
bool doEmitSslError; |
|
1166 |
if (!ignoreErrorsList.empty()) {
|
|
1167 |
// check whether the errors we got are all in the list of expected errors |
|
1168 |
// (applies only if the method QSslSocket::ignoreSslErrors(const QList<QSslError> &errors) |
|
1169 |
// was called) |
|
1170 |
doEmitSslError = false; |
|
1171 |
for (int a = 0; a < errors.count(); a++) {
|
|
1172 |
if (!ignoreErrorsList.contains(errors.at(a))) {
|
|
1173 |
doEmitSslError = true; |
|
1174 |
break; |
|
1175 |
} |
|
1176 |
} |
|
1177 |
} else {
|
|
1178 |
// if QSslSocket::ignoreSslErrors(const QList<QSslError> &errors) was not called and |
|
1179 |
// we get an SSL error, emit a signal unless we ignored all errors (by calling |
|
1180 |
// QSslSocket::ignoreSslErrors() ) |
|
1181 |
doEmitSslError = !ignoreAllSslErrors; |
|
1182 |
} |
|
1183 |
// check whether we need to emit an SSL handshake error |
|
1184 |
if (doVerifyPeer && doEmitSslError) {
|
|
1185 |
q->setErrorString(sslErrors.first().errorString()); |
|
1186 |
q->setSocketError(QAbstractSocket::SslHandshakeFailedError); |
|
1187 |
emit q->error(QAbstractSocket::SslHandshakeFailedError); |
|
1188 |
plainSocket->disconnectFromHost(); |
|
1189 |
return false; |
|
1190 |
} |
|
1191 |
} else {
|
|
1192 |
sslErrors.clear(); |
|
1193 |
} |
|
1194 |
||
1195 |
// if we have a max read buffer size, reset the plain socket's to 1k |
|
1196 |
if (readBufferMaxSize) |
|
1197 |
plainSocket->setReadBufferSize(1024); |
|
1198 |
||
1199 |
connectionEncrypted = true; |
|
1200 |
emit q->encrypted(); |
|
1201 |
if (autoStartHandshake && pendingClose) {
|
|
1202 |
pendingClose = false; |
|
1203 |
q->disconnectFromHost(); |
|
1204 |
} |
|
1205 |
return true; |
|
1206 |
} |
|
1207 |
||
1208 |
void QSslSocketBackendPrivate::disconnectFromHost() |
|
1209 |
{
|
|
1210 |
if (ssl) {
|
|
1211 |
q_SSL_shutdown(ssl); |
|
1212 |
transmit(); |
|
1213 |
} |
|
1214 |
plainSocket->disconnectFromHost(); |
|
1215 |
} |
|
1216 |
||
1217 |
void QSslSocketBackendPrivate::disconnected() |
|
1218 |
{
|
|
1219 |
if (ssl) {
|
|
1220 |
q_SSL_free(ssl); |
|
1221 |
ssl = 0; |
|
1222 |
} |
|
1223 |
if (ctx) {
|
|
1224 |
q_SSL_CTX_free(ctx); |
|
1225 |
ctx = 0; |
|
1226 |
} |
|
|
30
5dc02b23752f
Revision: 201025
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
18
diff
changeset
|
1227 |
if (pkey) {
|
|
5dc02b23752f
Revision: 201025
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
18
diff
changeset
|
1228 |
q_EVP_PKEY_free(pkey); |
|
5dc02b23752f
Revision: 201025
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
18
diff
changeset
|
1229 |
pkey = 0; |
|
5dc02b23752f
Revision: 201025
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
18
diff
changeset
|
1230 |
} |
|
5dc02b23752f
Revision: 201025
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
18
diff
changeset
|
1231 |
|
| 0 | 1232 |
} |
1233 |
||
1234 |
QSslCipher QSslSocketBackendPrivate::sessionCipher() const |
|
1235 |
{
|
|
1236 |
if (!ssl || !ctx) |
|
1237 |
return QSslCipher(); |
|
1238 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
|
1239 |
// FIXME This is fairly evil, but needed to keep source level compatibility |
|
1240 |
// with the OpenSSL 0.9.x implementation at maximum -- some other functions |
|
1241 |
// don't take a const SSL_CIPHER* when they should |
|
1242 |
SSL_CIPHER *sessionCipher = const_cast<SSL_CIPHER *>(q_SSL_get_current_cipher(ssl)); |
|
1243 |
#else |
|
1244 |
SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl); |
|
1245 |
#endif |
|
1246 |
return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher(); |
|
1247 |
} |
|
1248 |
||
1249 |
QList<QSslCertificate> QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509) |
|
1250 |
{
|
|
1251 |
ensureInitialized(); |
|
1252 |
QList<QSslCertificate> certificates; |
|
1253 |
for (int i = 0; i < q_sk_X509_num(x509); ++i) {
|
|
1254 |
if (X509 *entry = q_sk_X509_value(x509, i)) |
|
1255 |
certificates << QSslCertificatePrivate::QSslCertificate_from_X509(entry); |
|
1256 |
} |
|
1257 |
return certificates; |
|
1258 |
} |
|
1259 |
||
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1260 |
bool QSslSocketBackendPrivate::isMatchingHostname(const QString &cn, const QString &hostname) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1261 |
{
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1262 |
int wildcard = cn.indexOf(QLatin1Char('*'));
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1263 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1264 |
// Check this is a wildcard cert, if not then just compare the strings |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1265 |
if (wildcard < 0) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1266 |
return cn == hostname; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1267 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1268 |
int firstCnDot = cn.indexOf(QLatin1Char('.'));
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1269 |
int secondCnDot = cn.indexOf(QLatin1Char('.'), firstCnDot+1);
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1270 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1271 |
// Check at least 3 components |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1272 |
if ((-1 == secondCnDot) || (secondCnDot+1 >= cn.length())) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1273 |
return false; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1274 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1275 |
// Check * is last character of 1st component (ie. there's a following .) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1276 |
if (wildcard+1 != firstCnDot) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1277 |
return false; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1278 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1279 |
// Check only one star |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1280 |
if (cn.lastIndexOf(QLatin1Char('*')) != wildcard)
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1281 |
return false; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1282 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1283 |
// Check characters preceding * (if any) match |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1284 |
if (wildcard && (hostname.leftRef(wildcard) != cn.leftRef(wildcard))) |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1285 |
return false; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1286 |
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1287 |
// Check characters following first . match |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1288 |
if (hostname.midRef(hostname.indexOf(QLatin1Char('.'))) != cn.midRef(firstCnDot))
|
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1289 |
return false; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1290 |
|
|
37
758a864f9613
Revision: 201037
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
33
diff
changeset
|
1291 |
// Check if the hostname is an IP address, if so then wildcards are not allowed |
|
758a864f9613
Revision: 201037
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
33
diff
changeset
|
1292 |
QHostAddress addr(hostname); |
|
758a864f9613
Revision: 201037
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
33
diff
changeset
|
1293 |
if (!addr.isNull()) |
|
758a864f9613
Revision: 201037
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
33
diff
changeset
|
1294 |
return false; |
|
758a864f9613
Revision: 201037
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
33
diff
changeset
|
1295 |
|
|
33
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1296 |
// Ok, I guess this was a wildcard CN and the hostname matches. |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1297 |
return true; |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1298 |
} |
|
3e2da88830cd
Revision: 201031
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
30
diff
changeset
|
1299 |
|
| 0 | 1300 |
QT_END_NAMESPACE |