ssl/qsslsocket_openssl.cpp

Source codeSwitch to Preprocessed file
LineSource CodeCoverage
1/**************************************************************************** -
2** -
3** Copyright (C) 2013 Digia Plc and/or its subsidiary(-ies). -
4** Contact: http://www.qt-project.org/legal -
5** -
6** This file is part of the QtNetwork module of the Qt Toolkit. -
7** -
8** $QT_BEGIN_LICENSE:LGPL$ -
9** Commercial License Usage -
10** Licensees holding valid commercial Qt licenses may use this file in -
11** accordance with the commercial license agreement provided with the -
12** Software or, alternatively, in accordance with the terms contained in -
13** a written agreement between you and Digia. For licensing terms and -
14** conditions see http://qt.digia.com/licensing. For further information -
15** use the contact form at http://qt.digia.com/contact-us. -
16** -
17** GNU Lesser General Public License Usage -
18** Alternatively, this file may be used under the terms of the GNU Lesser -
19** General Public License version 2.1 as published by the Free Software -
20** Foundation and appearing in the file LICENSE.LGPL included in the -
21** packaging of this file. Please review the following information to -
22** ensure the GNU Lesser General Public License version 2.1 requirements -
23** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. -
24** -
25** In addition, as a special exception, Digia gives you certain additional -
26** rights. These rights are described in the Digia Qt LGPL Exception -
27** version 1.1, included in the file LGPL_EXCEPTION.txt in this package. -
28** -
29** GNU General Public License Usage -
30** Alternatively, this file may be used under the terms of the GNU -
31** General Public License version 3.0 as published by the Free Software -
32** Foundation and appearing in the file LICENSE.GPL included in the -
33** packaging of this file. Please review the following information to -
34** ensure the GNU General Public License version 3.0 requirements will be -
35** met: http://www.gnu.org/copyleft/gpl.html. -
36** -
37** -
38** $QT_END_LICENSE$ -
39** -
40****************************************************************************/ -
41 -
42/**************************************************************************** -
43** -
44** In addition, as a special exception, the copyright holders listed above give -
45** permission to link the code of its release of Qt with the OpenSSL project's -
46** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the -
47** same license as the original version), and distribute the linked executables. -
48** -
49** You must comply with the GNU General Public License version 2 in all -
50** respects for all of the code used other than the "OpenSSL" code. If you -
51** modify this file, you may extend this exception to your version of the file, -
52** but you are not obligated to do so. If you do not wish to do so, delete -
53** this exception statement from your version of this file. -
54** -
55****************************************************************************/ -
56 -
57//#define QSSLSOCKET_DEBUG -
58 -
59#include "qsslsocket_openssl_p.h" -
60#include "qsslsocket_openssl_symbols_p.h" -
61#include "qsslsocket.h" -
62#include "qsslcertificate_p.h" -
63#include "qsslcipher_p.h" -
64 -
65#include <QtCore/qdatetime.h> -
66#include <QtCore/qdebug.h> -
67#include <QtCore/qdir.h> -
68#include <QtCore/qdiriterator.h> -
69#include <QtCore/qelapsedtimer.h> -
70#include <QtCore/qfile.h> -
71#include <QtCore/qfileinfo.h> -
72#include <QtCore/qmutex.h> -
73#include <QtCore/qthread.h> -
74#include <QtCore/qurl.h> -
75#include <QtCore/qvarlengtharray.h> -
76#include <QLibrary> // for loading the security lib for the CA store -
77 -
78QT_BEGIN_NAMESPACE -
79 -
80#if defined(Q_OS_MAC) && !defined(Q_OS_IOS) -
81#define kSecTrustSettingsDomainSystem 2 // so we do not need to include the header file -
82 PtrSecCertificateGetData QSslSocketPrivate::ptrSecCertificateGetData = 0; -
83 PtrSecTrustSettingsCopyCertificates QSslSocketPrivate::ptrSecTrustSettingsCopyCertificates = 0; -
84 PtrSecTrustCopyAnchorCertificates QSslSocketPrivate::ptrSecTrustCopyAnchorCertificates = 0; -
85#elif defined(Q_OS_WIN) -
86 PtrCertOpenSystemStoreW QSslSocketPrivate::ptrCertOpenSystemStoreW = 0; -
87 PtrCertFindCertificateInStore QSslSocketPrivate::ptrCertFindCertificateInStore = 0; -
88 PtrCertCloseStore QSslSocketPrivate::ptrCertCloseStore = 0; -
89#endif -
90 -
91bool QSslSocketPrivate::s_libraryLoaded = false; -
92bool QSslSocketPrivate::s_loadedCiphersAndCerts = false; -
93bool QSslSocketPrivate::s_loadRootCertsOnDemand = false; -
94 -
95/* \internal -
96 -
97 From OpenSSL's thread(3) manual page: -
98 -
99 OpenSSL can safely be used in multi-threaded applications provided that at -
100 least two callback functions are set. -
101 -
102 locking_function(int mode, int n, const char *file, int line) is needed to -
103 perform locking on shared data structures. (Note that OpenSSL uses a -
104 number of global data structures that will be implicitly shared -
105 whenever multiple threads use OpenSSL.) Multi-threaded -
106 applications will crash at random if it is not set. ... -
107 ... -
108 id_function(void) is a function that returns a thread ID. It is not -
109 needed on Windows nor on platforms where getpid() returns a different -
110 ID for each thread (most notably Linux) -
111*/ -
112class QOpenSslLocks -
113{ -
114public: -
115 inline QOpenSslLocks() -
116 : initLocker(QMutex::Recursive), -
117 locksLocker(QMutex::Recursive) -
118 { -
119 QMutexLocker locker(&locksLocker);
executed (the execution status of this line is deduced): QMutexLocker locker(&locksLocker);
-
120 int numLocks = q_CRYPTO_num_locks();
executed (the execution status of this line is deduced): int numLocks = q_CRYPTO_num_locks();
-
121 locks = new QMutex *[numLocks];
executed (the execution status of this line is deduced): locks = new QMutex *[numLocks];
-
122 memset(locks, 0, numLocks * sizeof(QMutex *));
executed (the execution status of this line is deduced): memset(locks, 0, numLocks * sizeof(QMutex *));
-
123 }
executed: }
Execution Count:10
10
124 inline ~QOpenSslLocks() -
125 { -
126 QMutexLocker locker(&locksLocker);
executed (the execution status of this line is deduced): QMutexLocker locker(&locksLocker);
-
127 for (int i = 0; i < q_CRYPTO_num_locks(); ++i)
evaluated: i < q_CRYPTO_num_locks()
TRUEFALSE
yes
Evaluation Count:390
yes
Evaluation Count:10
10-390
128 delete locks[i];
executed: delete locks[i];
Execution Count:390
390
129 delete [] locks;
executed (the execution status of this line is deduced): delete [] locks;
-
130 -
131 QSslSocketPrivate::deinitialize();
executed (the execution status of this line is deduced): QSslSocketPrivate::deinitialize();
-
132 }
executed: }
Execution Count:10
10
133 inline QMutex *lock(int num) -
134 { -
135 QMutexLocker locker(&locksLocker);
executed (the execution status of this line is deduced): QMutexLocker locker(&locksLocker);
-
136 QMutex *tmp = locks[num];
executed (the execution status of this line is deduced): QMutex *tmp = locks[num];
-
137 if (!tmp)
evaluated: !tmp
TRUEFALSE
yes
Evaluation Count:129
yes
Evaluation Count:239169
129-239169
138 tmp = locks[num] = new QMutex(QMutex::Recursive);
executed: tmp = locks[num] = new QMutex(QMutex::Recursive);
Execution Count:129
129
139 return tmp;
executed: return tmp;
Execution Count:239298
239298
140 } -
141 -
142 QMutex *globalLock() -
143 { -
144 return &locksLocker;
never executed: return &locksLocker;
0
145 } -
146 -
147 QMutex *initLock() -
148 { -
149 return &initLocker;
executed: return &initLocker;
Execution Count:57988
57988
150 } -
151 -
152private: -
153 QMutex initLocker; -
154 QMutex locksLocker; -
155 QMutex **locks; -
156}; -
157Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks)
never executed: delete x;
executed: return thisGlobalStatic.pointer.load();
Execution Count:297277
partially evaluated: !thisGlobalStatic.pointer.testAndSetOrdered(0, x)
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:10
evaluated: !thisGlobalStatic.pointer.load()
TRUEFALSE
yes
Evaluation Count:10
yes
Evaluation Count:297267
partially evaluated: !thisGlobalStatic.destroyed
TRUEFALSE
yes
Evaluation Count:10
no
Evaluation Count:0
0-297277
158 -
159extern "C" { -
160static void locking_function(int mode, int lockNumber, const char *, int) -
161{ -
162 QMutex *mutex = openssl_locks()->lock(lockNumber);
executed (the execution status of this line is deduced): QMutex *mutex = openssl_locks()->lock(lockNumber);
-
163 -
164 // Lock or unlock it -
165 if (mode & CRYPTO_LOCK)
evaluated: mode & 1
TRUEFALSE
yes
Evaluation Count:119649
yes
Evaluation Count:119649
119649
166 mutex->lock();
executed: mutex->lock();
Execution Count:119649
119649
167 else -
168 mutex->unlock();
executed: mutex->unlock();
Execution Count:119649
119649
169} -
170static unsigned long id_function() -
171{ -
172 return (quintptr)QThread::currentThreadId();
executed: return (quintptr)QThread::currentThreadId();
Execution Count:12470
12470
173} -
174} // extern "C" -
175 -
176QSslSocketBackendPrivate::QSslSocketBackendPrivate() -
177 : ssl(0), -
178 ctx(0), -
179 pkey(0), -
180 readBio(0), -
181 writeBio(0), -
182 session(0) -
183{ -
184 // Calls SSL_library_init(). -
185 ensureInitialized();
executed (the execution status of this line is deduced): ensureInitialized();
-
186}
executed: }
Execution Count:100
100
187 -
188QSslSocketBackendPrivate::~QSslSocketBackendPrivate() -
189{ -
190 destroySslContext();
executed (the execution status of this line is deduced): destroySslContext();
-
191}
executed: }
Execution Count:100
100
192 -
193QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher) -
194{ -
195 QSslCipher ciph;
executed (the execution status of this line is deduced): QSslCipher ciph;
-
196 -
197 char buf [256];
executed (the execution status of this line is deduced): char buf [256];
-
198 QString descriptionOneLine = QString::fromLatin1(q_SSL_CIPHER_description(cipher, buf, sizeof(buf)));
executed (the execution status of this line is deduced): QString descriptionOneLine = QString::fromLatin1(q_SSL_CIPHER_description(cipher, buf, sizeof(buf)));
-
199 -
200 QStringList descriptionList = descriptionOneLine.split(QLatin1String(" "), QString::SkipEmptyParts);
executed (the execution status of this line is deduced): QStringList descriptionList = descriptionOneLine.split(QLatin1String(" "), QString::SkipEmptyParts);
-
201 if (descriptionList.size() > 5) {
partially evaluated: descriptionList.size() > 5
TRUEFALSE
yes
Evaluation Count:367
no
Evaluation Count:0
0-367
202 // ### crude code. -
203 ciph.d->isNull = false;
executed (the execution status of this line is deduced): ciph.d->isNull = false;
-
204 ciph.d->name = descriptionList.at(0);
executed (the execution status of this line is deduced): ciph.d->name = descriptionList.at(0);
-
205 -
206 QString protoString = descriptionList.at(1);
executed (the execution status of this line is deduced): QString protoString = descriptionList.at(1);
-
207 ciph.d->protocolString = protoString;
executed (the execution status of this line is deduced): ciph.d->protocolString = protoString;
-
208 ciph.d->protocol = QSsl::UnknownProtocol;
executed (the execution status of this line is deduced): ciph.d->protocol = QSsl::UnknownProtocol;
-
209 if (protoString == QLatin1String("SSLv3"))
evaluated: protoString == QLatin1String("SSLv3")
TRUEFALSE
yes
Evaluation Count:313
yes
Evaluation Count:54
54-313
210 ciph.d->protocol = QSsl::SslV3;
executed: ciph.d->protocol = QSsl::SslV3;
Execution Count:313
313
211 else if (protoString == QLatin1String("SSLv2"))
partially evaluated: protoString == QLatin1String("SSLv2")
TRUEFALSE
yes
Evaluation Count:54
no
Evaluation Count:0
0-54
212 ciph.d->protocol = QSsl::SslV2;
executed: ciph.d->protocol = QSsl::SslV2;
Execution Count:54
54
213 else if (protoString == QLatin1String("TLSv1"))
never evaluated: protoString == QLatin1String("TLSv1")
0
214 ciph.d->protocol = QSsl::TlsV1_0;
never executed: ciph.d->protocol = QSsl::TlsV1_0;
0
215 else if (protoString == QLatin1String("TLSv1.1"))
never evaluated: protoString == QLatin1String("TLSv1.1")
0
216 ciph.d->protocol = QSsl::TlsV1_1;
never executed: ciph.d->protocol = QSsl::TlsV1_1;
0
217 else if (protoString == QLatin1String("TLSv1.2"))
never evaluated: protoString == QLatin1String("TLSv1.2")
0
218 ciph.d->protocol = QSsl::TlsV1_2;
never executed: ciph.d->protocol = QSsl::TlsV1_2;
0
219 -
220 if (descriptionList.at(2).startsWith(QLatin1String("Kx=")))
partially evaluated: descriptionList.at(2).startsWith(QLatin1String("Kx="))
TRUEFALSE
yes
Evaluation Count:367
no
Evaluation Count:0
0-367
221 ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3);
executed: ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3);
Execution Count:367
367
222 if (descriptionList.at(3).startsWith(QLatin1String("Au=")))
partially evaluated: descriptionList.at(3).startsWith(QLatin1String("Au="))
TRUEFALSE
yes
Evaluation Count:367
no
Evaluation Count:0
0-367
223 ciph.d->authenticationMethod = descriptionList.at(3).mid(3);
executed: ciph.d->authenticationMethod = descriptionList.at(3).mid(3);
Execution Count:367
367
224 if (descriptionList.at(4).startsWith(QLatin1String("Enc=")))
partially evaluated: descriptionList.at(4).startsWith(QLatin1String("Enc="))
TRUEFALSE
yes
Evaluation Count:367
no
Evaluation Count:0
0-367
225 ciph.d->encryptionMethod = descriptionList.at(4).mid(4);
executed: ciph.d->encryptionMethod = descriptionList.at(4).mid(4);
Execution Count:367
367
226 ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export"));
evaluated: descriptionList.size() > 6
TRUEFALSE
yes
Evaluation Count:108
yes
Evaluation Count:259
partially evaluated: descriptionList.at(6) == QLatin1String("export")
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:108
0-259
227 -
228 ciph.d->bits = cipher->strength_bits;
executed (the execution status of this line is deduced): ciph.d->bits = cipher->strength_bits;
-
229 ciph.d->supportedBits = cipher->alg_bits;
executed (the execution status of this line is deduced): ciph.d->supportedBits = cipher->alg_bits;
-
230 -
231 }
executed: }
Execution Count:367
367
232 return ciph;
executed: return ciph;
Execution Count:367
367
233} -
234 -
235// ### This list is shared between all threads, and protected by a -
236// mutex. Investigate using thread local storage instead. -
237struct QSslErrorList -
238{ -
239 QMutex mutex; -
240 QList<QPair<int, int> > errors; -
241}; -
242Q_GLOBAL_STATIC(QSslErrorList, _q_sslErrorList)
never executed: delete x;
executed: return thisGlobalStatic.pointer.load();
Execution Count:2387
partially evaluated: !thisGlobalStatic.pointer.testAndSetOrdered(0, x)
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
evaluated: !thisGlobalStatic.pointer.load()
TRUEFALSE
yes
Evaluation Count:3
yes
Evaluation Count:2384
partially evaluated: !thisGlobalStatic.destroyed
TRUEFALSE
yes
Evaluation Count:3
no
Evaluation Count:0
0-2387
243static int q_X509Callback(int ok, X509_STORE_CTX *ctx) -
244{ -
245 if (!ok) {
evaluated: !ok
TRUEFALSE
yes
Evaluation Count:50
yes
Evaluation Count:91
50-91
246 // Store the error and at which depth the error was detected. -
247 _q_sslErrorList()->errors << qMakePair<int, int>(q_X509_STORE_CTX_get_error(ctx), q_X509_STORE_CTX_get_error_depth(ctx));
executed (the execution status of this line is deduced): _q_sslErrorList()->errors << qMakePair<int, int>(q_X509_STORE_CTX_get_error(ctx), q_X509_STORE_CTX_get_error_depth(ctx));
-
248#ifdef QSSLSOCKET_DEBUG -
249 qDebug() << "verification error: dumping bad certificate"; -
250 qDebug() << QSslCertificatePrivate::QSslCertificate_from_X509(q_X509_STORE_CTX_get_current_cert(ctx)).toPem(); -
251 qDebug() << "dumping chain"; -
252 foreach (QSslCertificate cert, QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(q_X509_STORE_CTX_get_chain(ctx))) { -
253 QString certFormat(QStringLiteral("O=%1 CN=%2 L=%3 OU=%4 C=%5 ST=%6")); -
254 qDebug() << "Issuer:" << "O=" << cert.issuerInfo(QSslCertificate::Organization) -
255 << "CN=" << cert.issuerInfo(QSslCertificate::CommonName) -
256 << "L=" << cert.issuerInfo(QSslCertificate::LocalityName) -
257 << "OU=" << cert.issuerInfo(QSslCertificate::OrganizationalUnitName) -
258 << "C=" << cert.issuerInfo(QSslCertificate::CountryName) -
259 << "ST=" << cert.issuerInfo(QSslCertificate::StateOrProvinceName); -
260 qDebug() << "Subject:" << "O=" << cert.subjectInfo(QSslCertificate::Organization) -
261 << "CN=" << cert.subjectInfo(QSslCertificate::CommonName) -
262 << "L=" << cert.subjectInfo(QSslCertificate::LocalityName) -
263 << "OU=" << cert.subjectInfo(QSslCertificate::OrganizationalUnitName) -
264 << "C=" << cert.subjectInfo(QSslCertificate::CountryName) -
265 << "ST=" << cert.subjectInfo(QSslCertificate::StateOrProvinceName); -
266 qDebug() << "Valid:" << cert.effectiveDate() << "-" << cert.expiryDate(); -
267 } -
268#endif -
269 }
executed: }
Execution Count:50
50
270 // Always return OK to allow verification to continue. We're handle the -
271 // errors gracefully after collecting all errors, after verification has -
272 // completed. -
273 return 1;
executed: return 1;
Execution Count:141
141
274} -
275 -
276long QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions) -
277{ -
278 long options;
executed (the execution status of this line is deduced): long options;
-
279 if (protocol == QSsl::TlsV1SslV3 || protocol == QSsl::SecureProtocols)
partially evaluated: protocol == QSsl::TlsV1SslV3
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:87
evaluated: protocol == QSsl::SecureProtocols
TRUEFALSE
yes
Evaluation Count:84
yes
Evaluation Count:3
0-87
280 options = SSL_OP_ALL|SSL_OP_NO_SSLv2;
executed: options = 0x00000FFFL|0x01000000L;
Execution Count:84
84
281 else -
282 options = SSL_OP_ALL;
executed: options = 0x00000FFFL;
Execution Count:3
3
283 -
284 // This option is disabled by default, so we need to be able to clear it -
285 if (sslOptions & QSsl::SslOptionDisableEmptyFragments)
partially evaluated: sslOptions & QSsl::SslOptionDisableEmptyFragments
TRUEFALSE
yes
Evaluation Count:87
no
Evaluation Count:0
0-87
286 options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
executed: options |= 0x00000800L;
Execution Count:87
87
287 else -
288 options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
never executed: options &= ~0x00000800L;
0
289 -
290#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION -
291 // This option is disabled by default, so we need to be able to clear it -
292 if (sslOptions & QSsl::SslOptionDisableLegacyRenegotiation)
partially evaluated: sslOptions & QSsl::SslOptionDisableLegacyRenegotiation
TRUEFALSE
yes
Evaluation Count:87
no
Evaluation Count:0
0-87
293 options &= ~SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
executed: options &= ~0x00040000L;
Execution Count:87
87
294 else -
295 options |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
never executed: options |= 0x00040000L;
0
296#endif -
297 -
298#ifdef SSL_OP_NO_TICKET -
299 if (sslOptions & QSsl::SslOptionDisableSessionTickets)
partially evaluated: sslOptions & QSsl::SslOptionDisableSessionTickets
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:87
0-87
300 options |= SSL_OP_NO_TICKET;
never executed: options |= 0x00004000L;
0
301#endif -
302#ifdef SSL_OP_NO_COMPRESSION -
303 if (sslOptions & QSsl::SslOptionDisableCompression) -
304 options |= SSL_OP_NO_COMPRESSION; -
305#endif -
306 -
307 return options;
executed: return options;
Execution Count:87
87
308} -
309 -
310bool QSslSocketBackendPrivate::initSslContext() -
311{ -
312 Q_Q(QSslSocket);
executed (the execution status of this line is deduced): QSslSocket * const q = q_func();
-
313 -
314 // Create and initialize SSL context. Accept SSLv2, SSLv3 and TLSv1_0. -
315 bool client = (mode == QSslSocket::SslClientMode);
executed (the execution status of this line is deduced): bool client = (mode == QSslSocket::SslClientMode);
-
316 -
317 bool reinitialized = false;
executed (the execution status of this line is deduced): bool reinitialized = false;
-
318 -
319init_context:
code before this statement executed: init_context:
Execution Count:87
87
320 switch (configuration.protocol) { -
321 case QSsl::SslV2: -
322#ifndef OPENSSL_NO_SSL2 -
323 ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method());
never executed (the execution status of this line is deduced): ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method());
-
324#else -
325 ctx = 0; // SSL 2 not supported by the system, but chosen deliberately -> error -
326#endif -
327 break;
never executed: break;
0
328 case QSsl::SslV3: -
329 ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
never executed (the execution status of this line is deduced): ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
-
330 break;
never executed: break;
0
331 case QSsl::SecureProtocols: // SslV2 will be disabled below -
332 case QSsl::TlsV1SslV3: // SslV2 will be disabled below -
333 case QSsl::AnyProtocol: -
334 default: -
335 ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method());
executed (the execution status of this line is deduced): ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method());
-
336 break;
executed: break;
Execution Count:87
87
337 case QSsl::TlsV1_0: -
338 ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method());
never executed (the execution status of this line is deduced): ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method());
-
339 break;
never executed: break;
0
340 case QSsl::TlsV1_1: -
341#if OPENSSL_VERSION_NUMBER >= 0x10001000L -
342 ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); -
343#else -
344 ctx = 0; // TLS 1.1 not supported by the system, but chosen deliberately -> error
never executed (the execution status of this line is deduced): ctx = 0;
-
345#endif -
346 break;
never executed: break;
0
347 case QSsl::TlsV1_2: -
348#if OPENSSL_VERSION_NUMBER >= 0x10001000L -
349 ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); -
350#else -
351 ctx = 0; // TLS 1.2 not supported by the system, but chosen deliberately -> error
never executed (the execution status of this line is deduced): ctx = 0;
-
352#endif -
353 break;
never executed: break;
0
354 } -
355 if (!ctx) {
partially evaluated: !ctx
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:87
0-87
356 // After stopping Flash 10 the SSL library looses its ciphers. Try re-adding them -
357 // by re-initializing the library. -
358 if (!reinitialized) {
never evaluated: !reinitialized
0
359 reinitialized = true;
never executed (the execution status of this line is deduced): reinitialized = true;
-
360 if (q_SSL_library_init() == 1)
never evaluated: q_SSL_library_init() == 1
0
361 goto init_context;
never executed: goto init_context;
0
362 }
never executed: }
0
363 -
364 q->setErrorString(QSslSocket::tr("Error creating SSL context (%1)").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error creating SSL context (%1)").arg(getErrorsFromOpenSsl()));
-
365 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
366 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
367 return false;
never executed: return false;
0
368 } -
369 -
370 // Enable bug workarounds. -
371 long options = setupOpenSslOptions(configuration.protocol, configuration.sslOptions);
executed (the execution status of this line is deduced): long options = setupOpenSslOptions(configuration.protocol, configuration.sslOptions);
-
372 q_SSL_CTX_set_options(ctx, options);
executed (the execution status of this line is deduced): q_SSL_CTX_ctrl((ctx),32,(options),__null);
-
373 -
374#if OPENSSL_VERSION_NUMBER >= 0x10000000L -
375 // Tell OpenSSL to release memory early -
376 // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html -
377 if (q_SSLeay() >= 0x10000000L) -
378 q_SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS); -
379#endif -
380 -
381 // Initialize ciphers -
382 QByteArray cipherString;
executed (the execution status of this line is deduced): QByteArray cipherString;
-
383 int first = true;
executed (the execution status of this line is deduced): int first = true;
-
384 QList<QSslCipher> ciphers = configuration.ciphers;
executed (the execution status of this line is deduced): QList<QSslCipher> ciphers = configuration.ciphers;
-
385 if (ciphers.isEmpty())
evaluated: ciphers.isEmpty()
TRUEFALSE
yes
Evaluation Count:40
yes
Evaluation Count:47
40-47
386 ciphers = defaultCiphers();
executed: ciphers = defaultCiphers();
Execution Count:40
40
387 foreach (const QSslCipher &cipher, ciphers) {
executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(ciphers)> _container_(ciphers); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCipher &cipher = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
388 if (first)
evaluated: first
TRUEFALSE
yes
Evaluation Count:87
yes
Evaluation Count:2088
87-2088
389 first = false;
executed: first = false;
Execution Count:87
87
390 else -
391 cipherString.append(':');
executed: cipherString.append(':');
Execution Count:2088
2088
392 cipherString.append(cipher.name().toLatin1());
executed (the execution status of this line is deduced): cipherString.append(cipher.name().toLatin1());
-
393 }
executed: }
Execution Count:2175
2175
394 -
395 if (!q_SSL_CTX_set_cipher_list(ctx, cipherString.data())) {
partially evaluated: !q_SSL_CTX_set_cipher_list(ctx, cipherString.data())
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:87
0-87
396 q->setErrorString(QSslSocket::tr("Invalid or empty cipher list (%1)").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Invalid or empty cipher list (%1)").arg(getErrorsFromOpenSsl()));
-
397 q->setSocketError(QAbstractSocket::SslInvalidUserDataError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInvalidUserDataError);
-
398 emit q->error(QAbstractSocket::SslInvalidUserDataError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInvalidUserDataError);
-
399 return false;
never executed: return false;
0
400 } -
401 -
402 // Add all our CAs to this store. -
403 QList<QSslCertificate> expiredCerts;
executed (the execution status of this line is deduced): QList<QSslCertificate> expiredCerts;
-
404 foreach (const QSslCertificate &caCertificate, q->caCertificates()) {
executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(q->caCertificates())> _container_(q->caCertificates()); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &caCertificate = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
405 // add expired certs later, so that the -
406 // valid ones are used before the expired ones -
407 if (caCertificate.expiryDate() < QDateTime::currentDateTime()) {
partially evaluated: caCertificate.expiryDate() < QDateTime::currentDateTime()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:42
0-42
408 expiredCerts.append(caCertificate);
never executed (the execution status of this line is deduced): expiredCerts.append(caCertificate);
-
409 } else {
never executed: }
0
410 q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle()));
executed (the execution status of this line is deduced): q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle()));
-
411 }
executed: }
Execution Count:42
42
412 } -
413 -
414 bool addExpiredCerts = true;
executed (the execution status of this line is deduced): bool addExpiredCerts = true;
-
415#if defined(Q_OS_MAC) && (MAC_OS_X_VERSION_MAX_ALLOWED == MAC_OS_X_VERSION_10_5) -
416 //On Leopard SSL does not work if we add the expired certificates. -
417 if (QSysInfo::MacintoshVersion == QSysInfo::MV_10_5) -
418 addExpiredCerts = false; -
419#endif -
420 // now add the expired certs -
421 if (addExpiredCerts) {
partially evaluated: addExpiredCerts
TRUEFALSE
yes
Evaluation Count:87
no
Evaluation Count:0
0-87
422 foreach (const QSslCertificate &caCertificate, expiredCerts) {
never executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(expiredCerts)> _container_(expiredCerts); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &caCertificate = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
423 q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle()));
never executed (the execution status of this line is deduced): q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle()));
-
424 }
never executed: }
0
425 }
executed: }
Execution Count:87
87
426 -
427 if (s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) {
partially evaluated: s_loadRootCertsOnDemand
TRUEFALSE
yes
Evaluation Count:87
no
Evaluation Count:0
evaluated: allowRootCertOnDemandLoading
TRUEFALSE
yes
Evaluation Count:45
yes
Evaluation Count:42
0-87
428 // tell OpenSSL the directories where to look up the root certs on demand -
429 QList<QByteArray> unixDirs = unixRootCertDirectories();
executed (the execution status of this line is deduced): QList<QByteArray> unixDirs = unixRootCertDirectories();
-
430 for (int a = 0; a < unixDirs.count(); ++a)
evaluated: a < unixDirs.count()
TRUEFALSE
yes
Evaluation Count:360
yes
Evaluation Count:45
45-360
431 q_SSL_CTX_load_verify_locations(ctx, 0, unixDirs.at(a).constData());
executed: q_SSL_CTX_load_verify_locations(ctx, 0, unixDirs.at(a).constData());
Execution Count:360
360
432 }
executed: }
Execution Count:45
45
433 -
434 // Register a custom callback to get all verification errors. -
435 X509_STORE_set_verify_cb_func(ctx->cert_store, q_X509Callback);
executed (the execution status of this line is deduced): ((ctx->cert_store)->verify_cb=(q_X509Callback));
-
436 -
437 if (!configuration.localCertificate.isNull()) {
evaluated: !configuration.localCertificate.isNull()
TRUEFALSE
yes
Evaluation Count:3
yes
Evaluation Count:84
3-84
438 // Require a private key as well. -
439 if (configuration.privateKey.isNull()) {
partially evaluated: configuration.privateKey.isNull()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
440 q->setErrorString(QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(getErrorsFromOpenSsl()));
-
441 q->setSocketError(QAbstractSocket::SslInvalidUserDataError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInvalidUserDataError);
-
442 emit q->error(QAbstractSocket::SslInvalidUserDataError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInvalidUserDataError);
-
443 return false;
never executed: return false;
0
444 } -
445 -
446 // Load certificate -
447 if (!q_SSL_CTX_use_certificate(ctx, reinterpret_cast<X509 *>(configuration.localCertificate.handle()))) {
partially evaluated: !q_SSL_CTX_use_certificate(ctx, reinterpret_cast<X509 *>(configuration.localCertificate.handle()))
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
448 q->setErrorString(QSslSocket::tr("Error loading local certificate, %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error loading local certificate, %1").arg(getErrorsFromOpenSsl()));
-
449 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
450 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
451 return false;
never executed: return false;
0
452 } -
453 -
454 if (configuration.privateKey.algorithm() == QSsl::Opaque) {
partially evaluated: configuration.privateKey.algorithm() == QSsl::Opaque
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
455 pkey = reinterpret_cast<EVP_PKEY *>(configuration.privateKey.handle());
never executed (the execution status of this line is deduced): pkey = reinterpret_cast<EVP_PKEY *>(configuration.privateKey.handle());
-
456 } else {
never executed: }
0
457 // Load private key -
458 pkey = q_EVP_PKEY_new();
executed (the execution status of this line is deduced): pkey = q_EVP_PKEY_new();
-
459 // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. -
460 // this lead to a memory leak. Now we use the *_set1_* functions which do not -
461 // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. -
462 if (configuration.privateKey.algorithm() == QSsl::Rsa)
partially evaluated: configuration.privateKey.algorithm() == QSsl::Rsa
TRUEFALSE
yes
Evaluation Count:3
no
Evaluation Count:0
0-3
463 q_EVP_PKEY_set1_RSA(pkey, reinterpret_cast<RSA *>(configuration.privateKey.handle()));
executed: q_EVP_PKEY_set1_RSA(pkey, reinterpret_cast<RSA *>(configuration.privateKey.handle()));
Execution Count:3
3
464 else -
465 q_EVP_PKEY_set1_DSA(pkey, reinterpret_cast<DSA *>(configuration.privateKey.handle()));
never executed: q_EVP_PKEY_set1_DSA(pkey, reinterpret_cast<DSA *>(configuration.privateKey.handle()));
0
466 } -
467 -
468 if (!q_SSL_CTX_use_PrivateKey(ctx, pkey)) {
partially evaluated: !q_SSL_CTX_use_PrivateKey(ctx, pkey)
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
469 q->setErrorString(QSslSocket::tr("Error loading private key, %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error loading private key, %1").arg(getErrorsFromOpenSsl()));
-
470 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
471 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
472 return false;
never executed: return false;
0
473 } -
474 if (configuration.privateKey.algorithm() == QSsl::Opaque)
partially evaluated: configuration.privateKey.algorithm() == QSsl::Opaque
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
475 pkey = 0; // Don't free the private key, it belongs to QSslKey
never executed: pkey = 0;
0
476 -
477 // Check if the certificate matches the private key. -
478 if (!q_SSL_CTX_check_private_key(ctx)) {
partially evaluated: !q_SSL_CTX_check_private_key(ctx)
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
479 q->setErrorString(QSslSocket::tr("Private key does not certify public key, %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Private key does not certify public key, %1").arg(getErrorsFromOpenSsl()));
-
480 q->setSocketError(QAbstractSocket::SslInvalidUserDataError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInvalidUserDataError);
-
481 emit q->error(QAbstractSocket::SslInvalidUserDataError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInvalidUserDataError);
-
482 return false;
never executed: return false;
0
483 } -
484 }
executed: }
Execution Count:3
3
485 -
486 // Initialize peer verification. -
487 if (configuration.peerVerifyMode == QSslSocket::VerifyNone) {
partially evaluated: configuration.peerVerifyMode == QSslSocket::VerifyNone
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:87
0-87
488 q_SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
never executed (the execution status of this line is deduced): q_SSL_CTX_set_verify(ctx, 0x00, 0);
-
489 } else {
never executed: }
0
490 q_SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, q_X509Callback);
executed (the execution status of this line is deduced): q_SSL_CTX_set_verify(ctx, 0x01, q_X509Callback);
-
491 }
executed: }
Execution Count:87
87
492 -
493 // Set verification depth. -
494 if (configuration.peerVerifyDepth != 0)
partially evaluated: configuration.peerVerifyDepth != 0
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:87
0-87
495 q_SSL_CTX_set_verify_depth(ctx, configuration.peerVerifyDepth);
never executed: q_SSL_CTX_set_verify_depth(ctx, configuration.peerVerifyDepth);
0
496 -
497 // Create and initialize SSL session -
498 if (!(ssl = q_SSL_new(ctx))) {
partially evaluated: !(ssl = q_SSL_new(ctx))
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:87
0-87
499 // ### Bad error code -
500 q->setErrorString(QSslSocket::tr("Error creating SSL session, %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error creating SSL session, %1").arg(getErrorsFromOpenSsl()));
-
501 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
502 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
503 return false;
never executed: return false;
0
504 } -
505 -
506#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) -
507 if ((configuration.protocol == QSsl::TlsV1SslV3 ||
partially evaluated: configuration.protocol == QSsl::TlsV1SslV3
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:87
0-87
508 configuration.protocol == QSsl::TlsV1_0 ||
partially evaluated: configuration.protocol == QSsl::TlsV1_0
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:87
0-87
509 configuration.protocol == QSsl::TlsV1_1 ||
partially evaluated: configuration.protocol == QSsl::TlsV1_1
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:87
0-87
510 configuration.protocol == QSsl::TlsV1_2 ||
partially evaluated: configuration.protocol == QSsl::TlsV1_2
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:87
0-87
511 configuration.protocol == QSsl::SecureProtocols ||
evaluated: configuration.protocol == QSsl::SecureProtocols
TRUEFALSE
yes
Evaluation Count:84
yes
Evaluation Count:3
3-84
512 configuration.protocol == QSsl::AnyProtocol) &&
partially evaluated: configuration.protocol == QSsl::AnyProtocol
TRUEFALSE
yes
Evaluation Count:3
no
Evaluation Count:0
0-3
513 client && q_SSLeay() >= 0x00090806fL) {
evaluated: client
TRUEFALSE
yes
Evaluation Count:84
yes
Evaluation Count:3
partially evaluated: q_SSLeay() >= 0x00090806fL
TRUEFALSE
yes
Evaluation Count:84
no
Evaluation Count:0
0-84
514 // Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format. -
515 QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName;
partially evaluated: verificationPeerName.isEmpty()
TRUEFALSE
yes
Evaluation Count:84
no
Evaluation Count:0
0-84
516 if (tlsHostName.isEmpty())
partially evaluated: tlsHostName.isEmpty()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:84
0-84
517 tlsHostName = hostName;
never executed: tlsHostName = hostName;
0
518 QByteArray ace = QUrl::toAce(tlsHostName);
executed (the execution status of this line is deduced): QByteArray ace = QUrl::toAce(tlsHostName);
-
519 // only send the SNI header if the URL is valid and not an IP -
520 if (!ace.isEmpty()
partially evaluated: !ace.isEmpty()
TRUEFALSE
yes
Evaluation Count:84
no
Evaluation Count:0
0-84
521 && !QHostAddress().setAddress(tlsHostName)
evaluated: !QHostAddress().setAddress(tlsHostName)
TRUEFALSE
yes
Evaluation Count:75
yes
Evaluation Count:9
9-75
522 && !(configuration.sslOptions & QSsl::SslOptionDisableServerNameIndication)) {
partially evaluated: !(configuration.sslOptions & QSsl::SslOptionDisableServerNameIndication)
TRUEFALSE
yes
Evaluation Count:75
no
Evaluation Count:0
0-75
523 if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.data()))
partially evaluated: !q_SSL_ctrl(ssl, 55, 0, ace.data())
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:75
0-75
524 qWarning("could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled");
never executed: QMessageLogger("ssl/qsslsocket_openssl.cpp", 524, __PRETTY_FUNCTION__).warning("could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled");
0
525 }
executed: }
Execution Count:75
75
526 }
executed: }
Execution Count:84
84
527#endif -
528 -
529 // Clear the session. -
530 q_SSL_clear(ssl);
executed (the execution status of this line is deduced): q_SSL_clear(ssl);
-
531 errorList.clear();
executed (the execution status of this line is deduced): errorList.clear();
-
532 -
533 // Initialize memory BIOs for encryption and decryption. -
534 readBio = q_BIO_new(q_BIO_s_mem());
executed (the execution status of this line is deduced): readBio = q_BIO_new(q_BIO_s_mem());
-
535 writeBio = q_BIO_new(q_BIO_s_mem());
executed (the execution status of this line is deduced): writeBio = q_BIO_new(q_BIO_s_mem());
-
536 if (!readBio || !writeBio) {
partially evaluated: !readBio
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:87
partially evaluated: !writeBio
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:87
0-87
537 q->setErrorString(QSslSocket::tr("Error creating SSL session: %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error creating SSL session: %1").arg(getErrorsFromOpenSsl()));
-
538 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
539 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
540 return false;
never executed: return false;
0
541 } -
542 -
543 // Assign the bios. -
544 q_SSL_set_bio(ssl, readBio, writeBio);
executed (the execution status of this line is deduced): q_SSL_set_bio(ssl, readBio, writeBio);
-
545 -
546 if (mode == QSslSocket::SslClientMode)
evaluated: mode == QSslSocket::SslClientMode
TRUEFALSE
yes
Evaluation Count:84
yes
Evaluation Count:3
3-84
547 q_SSL_set_connect_state(ssl);
executed: q_SSL_set_connect_state(ssl);
Execution Count:84
84
548 else -
549 q_SSL_set_accept_state(ssl);
executed: q_SSL_set_accept_state(ssl);
Execution Count:3
3
550 -
551 return true;
executed: return true;
Execution Count:87
87
552} -
553 -
554void QSslSocketBackendPrivate::destroySslContext() -
555{ -
556 if (ssl) {
evaluated: ssl
TRUEFALSE
yes
Evaluation Count:87
yes
Evaluation Count:137
87-137
557 q_SSL_free(ssl);
executed (the execution status of this line is deduced): q_SSL_free(ssl);
-
558 ssl = 0;
executed (the execution status of this line is deduced): ssl = 0;
-
559 }
executed: }
Execution Count:87
87
560 if (ctx) {
evaluated: ctx
TRUEFALSE
yes
Evaluation Count:87
yes
Evaluation Count:137
87-137
561 q_SSL_CTX_free(ctx);
executed (the execution status of this line is deduced): q_SSL_CTX_free(ctx);
-
562 ctx = 0;
executed (the execution status of this line is deduced): ctx = 0;
-
563 }
executed: }
Execution Count:87
87
564 if (pkey) {
evaluated: pkey
TRUEFALSE
yes
Evaluation Count:3
yes
Evaluation Count:221
3-221
565 q_EVP_PKEY_free(pkey);
executed (the execution status of this line is deduced): q_EVP_PKEY_free(pkey);
-
566 pkey = 0;
executed (the execution status of this line is deduced): pkey = 0;
-
567 }
executed: }
Execution Count:3
3
568}
executed: }
Execution Count:224
224
569 -
570/*! -
571 \internal -
572*/ -
573void QSslSocketPrivate::deinitialize() -
574{ -
575 q_CRYPTO_set_id_callback(0);
executed (the execution status of this line is deduced): q_CRYPTO_set_id_callback(0);
-
576 q_CRYPTO_set_locking_callback(0);
executed (the execution status of this line is deduced): q_CRYPTO_set_locking_callback(0);
-
577 q_ERR_free_strings();
executed (the execution status of this line is deduced): q_ERR_free_strings();
-
578}
executed: }
Execution Count:10
10
579 -
580/*! -
581 \internal -
582 -
583 Does the minimum amount of initialization to determine whether SSL -
584 is supported or not. -
585*/ -
586 -
587bool QSslSocketPrivate::supportsSsl() -
588{ -
589 return ensureLibraryLoaded();
executed: return ensureLibraryLoaded();
Execution Count:36021
36021
590} -
591 -
592bool QSslSocketPrivate::ensureLibraryLoaded() -
593{ -
594 if (!q_resolveOpenSslSymbols())
partially evaluated: !q_resolveOpenSslSymbols()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:36022
0-36022
595 return false;
never executed: return false;
0
596 -
597 // Check if the library itself needs to be initialized. -
598 QMutexLocker locker(openssl_locks()->initLock());
executed (the execution status of this line is deduced): QMutexLocker locker(openssl_locks()->initLock());
-
599 -
600 if (!s_libraryLoaded) {
evaluated: !s_libraryLoaded
TRUEFALSE
yes
Evaluation Count:10
yes
Evaluation Count:36012
10-36012
601 s_libraryLoaded = true;
executed (the execution status of this line is deduced): s_libraryLoaded = true;
-
602 -
603 // Initialize OpenSSL. -
604 q_CRYPTO_set_id_callback(id_function);
executed (the execution status of this line is deduced): q_CRYPTO_set_id_callback(id_function);
-
605 q_CRYPTO_set_locking_callback(locking_function);
executed (the execution status of this line is deduced): q_CRYPTO_set_locking_callback(locking_function);
-
606 if (q_SSL_library_init() != 1)
partially evaluated: q_SSL_library_init() != 1
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:10
0-10
607 return false;
never executed: return false;
0
608 q_SSL_load_error_strings();
executed (the execution status of this line is deduced): q_SSL_load_error_strings();
-
609 q_OpenSSL_add_all_algorithms();
executed (the execution status of this line is deduced): q_OPENSSL_add_all_algorithms_conf();
-
610 -
611 // Initialize OpenSSL's random seed. -
612 if (!q_RAND_status()) {
partially evaluated: !q_RAND_status()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:10
0-10
613 struct {
never executed (the execution status of this line is deduced): struct {
-
614 int msec;
never executed (the execution status of this line is deduced): int msec;
-
615 int sec;
never executed (the execution status of this line is deduced): int sec;
-
616 void *stack;
never executed (the execution status of this line is deduced): void *stack;
-
617 } randomish;
never executed (the execution status of this line is deduced): } randomish;
-
618 -
619 int attempts = 500;
never executed (the execution status of this line is deduced): int attempts = 500;
-
620 do { -
621 if (attempts < 500) {
never evaluated: attempts < 500
0
622#ifdef Q_OS_UNIX -
623 struct timespec ts = {0, 33333333};
never executed (the execution status of this line is deduced): struct timespec ts = {0, 33333333};
-
624 nanosleep(&ts, 0);
never executed (the execution status of this line is deduced): nanosleep(&ts, 0);
-
625#else -
626 Sleep(3); -
627#endif -
628 randomish.msec = attempts;
never executed (the execution status of this line is deduced): randomish.msec = attempts;
-
629 }
never executed: }
0
630 randomish.stack = (void *)&randomish;
never executed (the execution status of this line is deduced): randomish.stack = (void *)&randomish;
-
631 randomish.msec = QTime::currentTime().msec();
never executed (the execution status of this line is deduced): randomish.msec = QTime::currentTime().msec();
-
632 randomish.sec = QTime::currentTime().second();
never executed (the execution status of this line is deduced): randomish.sec = QTime::currentTime().second();
-
633 q_RAND_seed((const char *)&randomish, sizeof(randomish));
never executed (the execution status of this line is deduced): q_RAND_seed((const char *)&randomish, sizeof(randomish));
-
634 } while (!q_RAND_status() && --attempts);
never executed: }
never evaluated: !q_RAND_status()
never evaluated: --attempts
0
635 if (!attempts)
never evaluated: !attempts
0
636 return false;
never executed: return false;
0
637 }
never executed: }
0
638 }
executed: }
Execution Count:10
10
639 return true;
executed: return true;
Execution Count:36022
36022
640} -
641 -
642void QSslSocketPrivate::ensureCiphersAndCertsLoaded() -
643{ -
644 QMutexLocker locker(openssl_locks()->initLock());
executed (the execution status of this line is deduced): QMutexLocker locker(openssl_locks()->initLock());
-
645 if (s_loadedCiphersAndCerts)
evaluated: s_loadedCiphersAndCerts
TRUEFALSE
yes
Evaluation Count:21960
yes
Evaluation Count:9
9-21960
646 return;
executed: return;
Execution Count:21960
21960
647 s_loadedCiphersAndCerts = true;
executed (the execution status of this line is deduced): s_loadedCiphersAndCerts = true;
-
648 -
649 resetDefaultCiphers();
executed (the execution status of this line is deduced): resetDefaultCiphers();
-
650 -
651#ifndef QT_NO_LIBRARY -
652 //load symbols needed to receive certificates from system store -
653#if defined(Q_OS_MAC) && !defined(Q_OS_IOS) -
654 QLibrary securityLib("/System/Library/Frameworks/Security.framework/Versions/Current/Security"); -
655 if (securityLib.load()) { -
656 ptrSecCertificateGetData = (PtrSecCertificateGetData) securityLib.resolve("SecCertificateGetData"); -
657 if (!ptrSecCertificateGetData) -
658 qWarning("could not resolve symbols in security library"); // should never happen -
659 -
660 ptrSecTrustSettingsCopyCertificates = (PtrSecTrustSettingsCopyCertificates) securityLib.resolve("SecTrustSettingsCopyCertificates"); -
661 if (!ptrSecTrustSettingsCopyCertificates) { // method was introduced in Leopard, use legacy method if it's not there -
662 ptrSecTrustCopyAnchorCertificates = (PtrSecTrustCopyAnchorCertificates) securityLib.resolve("SecTrustCopyAnchorCertificates"); -
663 if (!ptrSecTrustCopyAnchorCertificates) -
664 qWarning("could not resolve symbols in security library"); // should never happen -
665 } -
666 } else { -
667 qWarning("could not load security library"); -
668 } -
669#elif defined(Q_OS_WIN) -
670 HINSTANCE hLib = LoadLibraryW(L"Crypt32"); -
671 if (hLib) { -
672#if defined(Q_OS_WINCE) -
673 ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, L"CertOpenStore"); -
674 ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, L"CertFindCertificateInStore"); -
675 ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, L"CertCloseStore"); -
676#else -
677 ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); -
678 ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); -
679 ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); -
680#endif -
681 if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) -
682 qWarning("could not resolve symbols in crypt32 library"); // should never happen -
683 } else { -
684 qWarning("could not load crypt32 library"); // should never happen -
685 } -
686#elif defined(Q_OS_UNIX) && !defined(Q_OS_MAC) -
687 // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) -
688 QList<QByteArray> dirs = unixRootCertDirectories();
executed (the execution status of this line is deduced): QList<QByteArray> dirs = unixRootCertDirectories();
-
689 QStringList symLinkFilter;
executed (the execution status of this line is deduced): QStringList symLinkFilter;
-
690 symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]");
executed (the execution status of this line is deduced): symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]");
-
691 for (int a = 0; a < dirs.count(); ++a) {
partially evaluated: a < dirs.count()
TRUEFALSE
yes
Evaluation Count:9
no
Evaluation Count:0
0-9
692 QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files);
executed (the execution status of this line is deduced): QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files);
-
693 if (iterator.hasNext()) {
partially evaluated: iterator.hasNext()
TRUEFALSE
yes
Evaluation Count:9
no
Evaluation Count:0
0-9
694 s_loadRootCertsOnDemand = true;
executed (the execution status of this line is deduced): s_loadRootCertsOnDemand = true;
-
695 break;
executed: break;
Execution Count:9
9
696 } -
697 }
never executed: }
0
698#endif -
699#endif //QT_NO_LIBRARY -
700 // if on-demand loading was not enabled, load the certs now -
701 if (!s_loadRootCertsOnDemand)
partially evaluated: !s_loadRootCertsOnDemand
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:9
0-9
702 setDefaultCaCertificates(systemCaCertificates());
never executed: setDefaultCaCertificates(systemCaCertificates());
0
703#ifdef Q_OS_WIN -
704 //Enabled for fetching additional root certs from windows update on windows 6+ -
705 //This flag is set false by setDefaultCaCertificates() indicating the app uses -
706 //its own cert bundle rather than the system one. -
707 //Same logic that disables the unix on demand cert loading. -
708 //Unlike unix, we do preload the certificates from the cert store. -
709 if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) -
710 s_loadRootCertsOnDemand = true; -
711#endif -
712}
executed: }
Execution Count:9
9
713 -
714/*! -
715 \internal -
716 -
717 Declared static in QSslSocketPrivate, makes sure the SSL libraries have -
718 been initialized. -
719*/ -
720 -
721void QSslSocketPrivate::ensureInitialized() -
722{ -
723 if (!supportsSsl())
partially evaluated: !supportsSsl()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:21968
0-21968
724 return;
never executed: return;
0
725 -
726 ensureCiphersAndCertsLoaded();
executed (the execution status of this line is deduced): ensureCiphersAndCertsLoaded();
-
727}
executed: }
Execution Count:21969
21969
728 -
729long QSslSocketPrivate::sslLibraryVersionNumber() -
730{ -
731 return q_SSLeay();
never executed: return q_SSLeay();
0
732} -
733 -
734QString QSslSocketPrivate::sslLibraryVersionString() -
735{ -
736 if (!supportsSsl())
never evaluated: !supportsSsl()
0
737 return QString();
never executed: return QString();
0
738 -
739 const char *versionString = q_SSLeay_version(SSLEAY_VERSION);
never executed (the execution status of this line is deduced): const char *versionString = q_SSLeay_version(0);
-
740 if (!versionString)
never evaluated: !versionString
0
741 return QString();
never executed: return QString();
0
742 -
743 return QString::fromLatin1(versionString);
never executed: return QString::fromLatin1(versionString);
0
744} -
745 -
746/*! -
747 \internal -
748 -
749 Declared static in QSslSocketPrivate, backend-dependent loading of -
750 application-wide global ciphers. -
751*/ -
752void QSslSocketPrivate::resetDefaultCiphers() -
753{ -
754 SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method());
executed (the execution status of this line is deduced): SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method());
-
755 SSL *mySsl = q_SSL_new(myCtx);
executed (the execution status of this line is deduced): SSL *mySsl = q_SSL_new(myCtx);
-
756 -
757 QList<QSslCipher> ciphers;
executed (the execution status of this line is deduced): QList<QSslCipher> ciphers;
-
758 -
759 STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl);
executed (the execution status of this line is deduced): STACK *supportedCiphers = q_SSL_get_ciphers(mySsl);
-
760 for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) {
evaluated: i < ((int (*)(const STACK *))q_sk_num)((supportedCiphers))
TRUEFALSE
yes
Evaluation Count:225
yes
Evaluation Count:9
9-225
761 if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
partially evaluated: SSL_CIPHER *cipher = ((SSL_CIPHER * (*)(const STACK *, int))q_sk_value)((supportedCiphers), (i))
TRUEFALSE
yes
Evaluation Count:225
no
Evaluation Count:0
0-225
762 if (cipher->valid) {
partially evaluated: cipher->valid
TRUEFALSE
yes
Evaluation Count:225
no
Evaluation Count:0
0-225
763 QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
executed (the execution status of this line is deduced): QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
-
764 if (!ciph.isNull()) {
partially evaluated: !ciph.isNull()
TRUEFALSE
yes
Evaluation Count:225
no
Evaluation Count:0
0-225
765 if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
partially evaluated: !ciph.name().toLower().startsWith(QLatin1String("adh"))
TRUEFALSE
yes
Evaluation Count:225
no
Evaluation Count:0
0-225
766 ciphers << ciph;
executed: ciphers << ciph;
Execution Count:225
225
767 }
executed: }
Execution Count:225
225
768 }
executed: }
Execution Count:225
225
769 }
executed: }
Execution Count:225
225
770 }
executed: }
Execution Count:225
225
771 -
772 q_SSL_CTX_free(myCtx);
executed (the execution status of this line is deduced): q_SSL_CTX_free(myCtx);
-
773 q_SSL_free(mySsl);
executed (the execution status of this line is deduced): q_SSL_free(mySsl);
-
774 -
775 setDefaultSupportedCiphers(ciphers);
executed (the execution status of this line is deduced): setDefaultSupportedCiphers(ciphers);
-
776 setDefaultCiphers(ciphers);
executed (the execution status of this line is deduced): setDefaultCiphers(ciphers);
-
777}
executed: }
Execution Count:9
9
778 -
779QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates() -
780{ -
781 ensureInitialized();
executed (the execution status of this line is deduced): ensureInitialized();
-
782#ifdef QSSLSOCKET_DEBUG -
783 QElapsedTimer timer; -
784 timer.start(); -
785#endif -
786 QList<QSslCertificate> systemCerts;
executed (the execution status of this line is deduced): QList<QSslCertificate> systemCerts;
-
787#if defined(Q_OS_MAC) && !defined(Q_OS_IOS) -
788 CFArrayRef cfCerts; -
789 OSStatus status = 1; -
790 -
791 OSStatus SecCertificateGetData ( -
792 SecCertificateRef certificate, -
793 CSSM_DATA_PTR data -
794 ); -
795 -
796 if (ptrSecCertificateGetData) { -
797 if (ptrSecTrustSettingsCopyCertificates) -
798 status = ptrSecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts); -
799 else if (ptrSecTrustCopyAnchorCertificates) -
800 status = ptrSecTrustCopyAnchorCertificates(&cfCerts); -
801 if (!status) { -
802 CFIndex size = CFArrayGetCount(cfCerts); -
803 for (CFIndex i = 0; i < size; ++i) { -
804 SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i); -
805 CSSM_DATA data; -
806 CSSM_DATA_PTR dataPtr = &data; -
807 if (ptrSecCertificateGetData(cfCert, dataPtr)) { -
808 qWarning("error retrieving a CA certificate from the system store"); -
809 } else { -
810 int len = data.Length; -
811 char *rawData = reinterpret_cast<char *>(data.Data); -
812 QByteArray rawCert(rawData, len); -
813 systemCerts.append(QSslCertificate::fromData(rawCert, QSsl::Der)); -
814 } -
815 } -
816 CFRelease(cfCerts); -
817 } -
818 else { -
819 // no detailed error handling here -
820 qWarning("could not retrieve system CA certificates"); -
821 } -
822 } -
823#elif defined(Q_OS_WIN) -
824 if (ptrCertOpenSystemStoreW && ptrCertFindCertificateInStore && ptrCertCloseStore) { -
825 HCERTSTORE hSystemStore; -
826#if defined(Q_OS_WINCE) -
827 hSystemStore = ptrCertOpenSystemStoreW(CERT_STORE_PROV_SYSTEM_W, -
828 0, -
829 0, -
830 CERT_STORE_NO_CRYPT_RELEASE_FLAG|CERT_SYSTEM_STORE_CURRENT_USER, -
831 L"ROOT"); -
832#else -
833 hSystemStore = ptrCertOpenSystemStoreW(0, L"ROOT"); -
834#endif -
835 if(hSystemStore) { -
836 PCCERT_CONTEXT pc = NULL; -
837 while(1) { -
838 pc = ptrCertFindCertificateInStore( hSystemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, pc); -
839 if(!pc) -
840 break; -
841 QByteArray der((const char *)(pc->pbCertEncoded), static_cast<int>(pc->cbCertEncoded)); -
842 QSslCertificate cert(der, QSsl::Der); -
843 systemCerts.append(cert); -
844 } -
845 ptrCertCloseStore(hSystemStore, 0); -
846 } -
847 } -
848#elif defined(Q_OS_UNIX) -
849 QSet<QString> certFiles;
executed (the execution status of this line is deduced): QSet<QString> certFiles;
-
850 QList<QByteArray> directories = unixRootCertDirectories();
executed (the execution status of this line is deduced): QList<QByteArray> directories = unixRootCertDirectories();
-
851 QDir currentDir;
executed (the execution status of this line is deduced): QDir currentDir;
-
852 QStringList nameFilters;
executed (the execution status of this line is deduced): QStringList nameFilters;
-
853 nameFilters << QLatin1String("*.pem") << QLatin1String("*.crt");
executed (the execution status of this line is deduced): nameFilters << QLatin1String("*.pem") << QLatin1String("*.crt");
-
854 currentDir.setNameFilters(nameFilters);
executed (the execution status of this line is deduced): currentDir.setNameFilters(nameFilters);
-
855 for (int a = 0; a < directories.count(); a++) {
evaluated: a < directories.count()
TRUEFALSE
yes
Evaluation Count:8
yes
Evaluation Count:1
1-8
856 currentDir.setPath(QLatin1String(directories.at(a)));
executed (the execution status of this line is deduced): currentDir.setPath(QLatin1String(directories.at(a)));
-
857 QDirIterator it(currentDir);
executed (the execution status of this line is deduced): QDirIterator it(currentDir);
-
858 while(it.hasNext()) {
evaluated: it.hasNext()
TRUEFALSE
yes
Evaluation Count:282
yes
Evaluation Count:8
8-282
859 it.next();
executed (the execution status of this line is deduced): it.next();
-
860 // use canonical path here to not load the same certificate twice if symlinked -
861 certFiles.insert(it.fileInfo().canonicalFilePath());
executed (the execution status of this line is deduced): certFiles.insert(it.fileInfo().canonicalFilePath());
-
862 }
executed: }
Execution Count:282
282
863 }
executed: }
Execution Count:8
8
864 QSetIterator<QString> it(certFiles);
executed (the execution status of this line is deduced): QSetIterator<QString> it(certFiles);
-
865 while(it.hasNext()) {
evaluated: it.hasNext()
TRUEFALSE
yes
Evaluation Count:141
yes
Evaluation Count:1
1-141
866 systemCerts.append(QSslCertificate::fromPath(it.next()));
executed (the execution status of this line is deduced): systemCerts.append(QSslCertificate::fromPath(it.next()));
-
867 }
executed: }
Execution Count:141
141
868 systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora, Mandriva
executed (the execution status of this line is deduced): systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem));
-
869 systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/share/certs/ca-root-nss.crt"), QSsl::Pem)); // FreeBSD's ca_root_nss
executed (the execution status of this line is deduced): systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/share/certs/ca-root-nss.crt"), QSsl::Pem));
-
870#endif -
871#ifdef QSSLSOCKET_DEBUG -
872 qDebug() << "systemCaCertificates retrieval time " << timer.elapsed() << "ms"; -
873 qDebug() << "imported " << systemCerts.count() << " certificates"; -
874#endif -
875 -
876 return systemCerts;
executed: return systemCerts;
Execution Count:1
1
877} -
878 -
879void QSslSocketBackendPrivate::startClientEncryption() -
880{ -
881 Q_Q(QSslSocket);
executed (the execution status of this line is deduced): QSslSocket * const q = q_func();
-
882 if (!initSslContext()) {
partially evaluated: !initSslContext()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:84
0-84
883 q->setErrorString(QSslSocket::tr("Unable to init SSL Context: %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Unable to init SSL Context: %1").arg(getErrorsFromOpenSsl()));
-
884 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
885 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
886 return;
never executed: return;
0
887 } -
888 -
889 // Start connecting. This will place outgoing data in the BIO, so we -
890 // follow up with calling transmit(). -
891 startHandshake();
executed (the execution status of this line is deduced): startHandshake();
-
892 transmit();
executed (the execution status of this line is deduced): transmit();
-
893}
executed: }
Execution Count:84
84
894 -
895void QSslSocketBackendPrivate::startServerEncryption() -
896{ -
897 Q_Q(QSslSocket);
executed (the execution status of this line is deduced): QSslSocket * const q = q_func();
-
898 if (!initSslContext()) {
partially evaluated: !initSslContext()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
899 q->setErrorString(QSslSocket::tr("Unable to init SSL Context: %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Unable to init SSL Context: %1").arg(getErrorsFromOpenSsl()));
-
900 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
901 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
902 return;
never executed: return;
0
903 } -
904 -
905 // Start connecting. This will place outgoing data in the BIO, so we -
906 // follow up with calling transmit(). -
907 startHandshake();
executed (the execution status of this line is deduced): startHandshake();
-
908 transmit();
executed (the execution status of this line is deduced): transmit();
-
909}
executed: }
Execution Count:3
3
910 -
911/*! -
912 \internal -
913 -
914 Transmits encrypted data between the BIOs and the socket. -
915*/ -
916void QSslSocketBackendPrivate::transmit() -
917{ -
918 Q_Q(QSslSocket);
executed (the execution status of this line is deduced): QSslSocket * const q = q_func();
-
919 -
920 // If we don't have any SSL context, don't bother transmitting. -
921 if (!ssl)
partially evaluated: !ssl
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3843
0-3843
922 return;
never executed: return;
0
923 -
924 bool transmitting;
executed (the execution status of this line is deduced): bool transmitting;
-
925 do { -
926 transmitting = false;
executed (the execution status of this line is deduced): transmitting = false;
-
927 -
928 // If the connection is secure, we can transfer data from the write -
929 // buffer (in plain text) to the write BIO through SSL_write. -
930 if (connectionEncrypted && !writeBuffer.isEmpty()) {
evaluated: connectionEncrypted
TRUEFALSE
yes
Evaluation Count:7438
yes
Evaluation Count:492
evaluated: !writeBuffer.isEmpty()
TRUEFALSE
yes
Evaluation Count:3398
yes
Evaluation Count:4040
492-7438
931 qint64 totalBytesWritten = 0;
executed (the execution status of this line is deduced): qint64 totalBytesWritten = 0;
-
932 int nextDataBlockSize;
executed (the execution status of this line is deduced): int nextDataBlockSize;
-
933 while ((nextDataBlockSize = writeBuffer.nextDataBlockSize()) > 0) {
evaluated: (nextDataBlockSize = writeBuffer.nextDataBlockSize()) > 0
TRUEFALSE
yes
Evaluation Count:3406
yes
Evaluation Count:3398
3398-3406
934 int writtenBytes = q_SSL_write(ssl, writeBuffer.readPointer(), nextDataBlockSize);
executed (the execution status of this line is deduced): int writtenBytes = q_SSL_write(ssl, writeBuffer.readPointer(), nextDataBlockSize);
-
935 if (writtenBytes <= 0) {
partially evaluated: writtenBytes <= 0
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3406
0-3406
936 // ### Better error handling. -
937 q->setErrorString(QSslSocket::tr("Unable to write data: %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Unable to write data: %1").arg(getErrorsFromOpenSsl()));
-
938 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
939 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
940 return;
never executed: return;
0
941 } -
942#ifdef QSSLSOCKET_DEBUG -
943 qDebug() << "QSslSocketBackendPrivate::transmit: encrypted" << writtenBytes << "bytes"; -
944#endif -
945 writeBuffer.free(writtenBytes);
executed (the execution status of this line is deduced): writeBuffer.free(writtenBytes);
-
946 totalBytesWritten += writtenBytes;
executed (the execution status of this line is deduced): totalBytesWritten += writtenBytes;
-
947 -
948 if (writtenBytes < nextDataBlockSize) {
partially evaluated: writtenBytes < nextDataBlockSize
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3406
0-3406
949 // break out of the writing loop and try again after we had read -
950 transmitting = true;
never executed (the execution status of this line is deduced): transmitting = true;
-
951 break;
never executed: break;
0
952 } -
953 }
executed: }
Execution Count:3406
3406
954 -
955 if (totalBytesWritten > 0) {
partially evaluated: totalBytesWritten > 0
TRUEFALSE
yes
Evaluation Count:3398
no
Evaluation Count:0
0-3398
956 // Don't emit bytesWritten() recursively. -
957 if (!emittedBytesWritten) {
partially evaluated: !emittedBytesWritten
TRUEFALSE
yes
Evaluation Count:3398
no
Evaluation Count:0
0-3398
958 emittedBytesWritten = true;
executed (the execution status of this line is deduced): emittedBytesWritten = true;
-
959 emit q->bytesWritten(totalBytesWritten);
executed (the execution status of this line is deduced): q->bytesWritten(totalBytesWritten);
-
960 emittedBytesWritten = false;
executed (the execution status of this line is deduced): emittedBytesWritten = false;
-
961 }
executed: }
Execution Count:3398
3398
962 }
executed: }
Execution Count:3398
3398
963 }
executed: }
Execution Count:3398
3398
964 -
965 // Check if we've got any data to be written to the socket. -
966 QVarLengthArray<char, 4096> data;
executed (the execution status of this line is deduced): QVarLengthArray<char, 4096> data;
-
967 int pendingBytes;
executed (the execution status of this line is deduced): int pendingBytes;
-
968 while (plainSocket->isValid() && (pendingBytes = q_BIO_pending(writeBio)) > 0) {
partially evaluated: plainSocket->isValid()
TRUEFALSE
yes
Evaluation Count:11495
no
Evaluation Count:0
evaluated: (pendingBytes = (int)q_BIO_ctrl(writeBio,10,0,__null)) > 0
TRUEFALSE
yes
Evaluation Count:3565
yes
Evaluation Count:7930
0-11495
969 // Read encrypted data from the write BIO into a buffer. -
970 data.resize(pendingBytes);
executed (the execution status of this line is deduced): data.resize(pendingBytes);
-
971 int encryptedBytesRead = q_BIO_read(writeBio, data.data(), pendingBytes);
executed (the execution status of this line is deduced): int encryptedBytesRead = q_BIO_read(writeBio, data.data(), pendingBytes);
-
972 -
973 // Write encrypted data from the buffer to the socket. -
974 qint64 actualWritten = plainSocket->write(data.constData(), encryptedBytesRead);
executed (the execution status of this line is deduced): qint64 actualWritten = plainSocket->write(data.constData(), encryptedBytesRead);
-
975#ifdef QSSLSOCKET_DEBUG -
976 qDebug() << "QSslSocketBackendPrivate::transmit: wrote" << encryptedBytesRead << "encrypted bytes to the socket" << actualWritten << "actual."; -
977#endif -
978 if (actualWritten < 0) {
partially evaluated: actualWritten < 0
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3565
0-3565
979 //plain socket write fails if it was in the pending close state. -
980 q->setErrorString(plainSocket->errorString());
never executed (the execution status of this line is deduced): q->setErrorString(plainSocket->errorString());
-
981 q->setSocketError(plainSocket->error());
never executed (the execution status of this line is deduced): q->setSocketError(plainSocket->error());
-
982 emit q->error(plainSocket->error());
never executed (the execution status of this line is deduced): q->error(plainSocket->error());
-
983 return;
never executed: return;
0
984 } -
985 transmitting = true;
executed (the execution status of this line is deduced): transmitting = true;
-
986 }
executed: }
Execution Count:3565
3565
987 -
988 // Check if we've got any data to be read from the socket. -
989 if (!connectionEncrypted || !readBufferMaxSize || buffer.size() < readBufferMaxSize)
evaluated: !connectionEncrypted
TRUEFALSE
yes
Evaluation Count:492
yes
Evaluation Count:7438
evaluated: !readBufferMaxSize
TRUEFALSE
yes
Evaluation Count:4956
yes
Evaluation Count:2482
evaluated: buffer.size() < readBufferMaxSize
TRUEFALSE
yes
Evaluation Count:2457
yes
Evaluation Count:25
25-7438
990 while ((pendingBytes = plainSocket->bytesAvailable()) > 0) {
evaluated: (pendingBytes = plainSocket->bytesAvailable()) > 0
TRUEFALSE
yes
Evaluation Count:543
yes
Evaluation Count:7905
543-7905
991 // Read encrypted data from the socket into a buffer. -
992 data.resize(pendingBytes);
executed (the execution status of this line is deduced): data.resize(pendingBytes);
-
993 // just peek() here because q_BIO_write could write less data than expected -
994 int encryptedBytesRead = plainSocket->peek(data.data(), pendingBytes);
executed (the execution status of this line is deduced): int encryptedBytesRead = plainSocket->peek(data.data(), pendingBytes);
-
995 -
996#ifdef QSSLSOCKET_DEBUG -
997 qDebug() << "QSslSocketBackendPrivate::transmit: read" << encryptedBytesRead << "encrypted bytes from the socket"; -
998#endif -
999 // Write encrypted data from the buffer into the read BIO. -
1000 int writtenToBio = q_BIO_write(readBio, data.constData(), encryptedBytesRead);
executed (the execution status of this line is deduced): int writtenToBio = q_BIO_write(readBio, data.constData(), encryptedBytesRead);
-
1001 -
1002 // do the actual read() here and throw away the results. -
1003 if (writtenToBio > 0) {
partially evaluated: writtenToBio > 0
TRUEFALSE
yes
Evaluation Count:543
no
Evaluation Count:0
0-543
1004 // ### TODO: make this cheaper by not making it memcpy. E.g. make it work with data=0x0 or make it work with seek -
1005 plainSocket->read(data.data(), writtenToBio);
executed (the execution status of this line is deduced): plainSocket->read(data.data(), writtenToBio);
-
1006 } else {
executed: }
Execution Count:543
543
1007 // ### Better error handling. -
1008 q->setErrorString(QSslSocket::tr("Unable to decrypt data: %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Unable to decrypt data: %1").arg(getErrorsFromOpenSsl()));
-
1009 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
1010 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
1011 return;
never executed: return;
0
1012 } -
1013 -
1014 transmitting = true;
executed (the execution status of this line is deduced): transmitting = true;
-
1015 }
executed: }
Execution Count:543
543
1016 -
1017 // If the connection isn't secured yet, this is the time to retry the -
1018 // connect / accept. -
1019 if (!connectionEncrypted) {
evaluated: !connectionEncrypted
TRUEFALSE
yes
Evaluation Count:492
yes
Evaluation Count:7438
492-7438
1020#ifdef QSSLSOCKET_DEBUG -
1021 qDebug() << "QSslSocketBackendPrivate::transmit: testing encryption"; -
1022#endif -
1023 if (startHandshake()) {
evaluated: startHandshake()
TRUEFALSE
yes
Evaluation Count:71
yes
Evaluation Count:421
71-421
1024#ifdef QSSLSOCKET_DEBUG -
1025 qDebug() << "QSslSocketBackendPrivate::transmit: encryption established"; -
1026#endif -
1027 connectionEncrypted = true;
executed (the execution status of this line is deduced): connectionEncrypted = true;
-
1028 transmitting = true;
executed (the execution status of this line is deduced): transmitting = true;
-
1029 } else if (plainSocket->state() != QAbstractSocket::ConnectedState) {
executed: }
Execution Count:71
evaluated: plainSocket->state() != QAbstractSocket::ConnectedState
TRUEFALSE
yes
Evaluation Count:10
yes
Evaluation Count:411
10-411
1030#ifdef QSSLSOCKET_DEBUG -
1031 qDebug() << "QSslSocketBackendPrivate::transmit: connection lost"; -
1032#endif -
1033 break;
executed: break;
Execution Count:10
10
1034 } else if (paused) {
partially evaluated: paused
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:411
0-411
1035 // just wait until the user continues -
1036 return;
never executed: return;
0
1037 } else { -
1038#ifdef QSSLSOCKET_DEBUG -
1039 qDebug() << "QSslSocketBackendPrivate::transmit: encryption not done yet"; -
1040#endif -
1041 }
executed: }
Execution Count:411
411
1042 } -
1043 -
1044 // If the request is small and the remote host closes the transmission -
1045 // after sending, there's a chance that startHandshake() will already -
1046 // have triggered a shutdown. -
1047 if (!ssl)
partially evaluated: !ssl
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:7920
0-7920
1048 continue;
never executed: continue;
0
1049 -
1050 // We always read everything from the SSL decryption buffers, even if -
1051 // we have a readBufferMaxSize. There's no point in leaving data there -
1052 // just so that readBuffer.size() == readBufferMaxSize. -
1053 int readBytes = 0;
executed (the execution status of this line is deduced): int readBytes = 0;
-
1054 data.resize(4096);
executed (the execution status of this line is deduced): data.resize(4096);
-
1055 ::memset(data.data(), 0, data.size());
executed (the execution status of this line is deduced): ::memset(data.data(), 0, data.size());
-
1056 do { -
1057 // Don't use SSL_pending(). It's very unreliable. -
1058 if ((readBytes = q_SSL_read(ssl, data.data(), data.size())) > 0) {
evaluated: (readBytes = q_SSL_read(ssl, data.data(), data.size())) > 0
TRUEFALSE
yes
Evaluation Count:3145
yes
Evaluation Count:7910
3145-7910
1059#ifdef QSSLSOCKET_DEBUG -
1060 qDebug() << "QSslSocketBackendPrivate::transmit: decrypted" << readBytes << "bytes"; -
1061#endif -
1062 char *ptr = buffer.reserve(readBytes);
executed (the execution status of this line is deduced): char *ptr = buffer.reserve(readBytes);
-
1063 ::memcpy(ptr, data.data(), readBytes);
executed (the execution status of this line is deduced): ::memcpy(ptr, data.data(), readBytes);
-
1064 -
1065 if (readyReadEmittedPointer)
evaluated: readyReadEmittedPointer
TRUEFALSE
yes
Evaluation Count:4
yes
Evaluation Count:3141
4-3141
1066 *readyReadEmittedPointer = true;
executed: *readyReadEmittedPointer = true;
Execution Count:4
4
1067 emit q->readyRead();
executed (the execution status of this line is deduced): q->readyRead();
-
1068 transmitting = true;
executed (the execution status of this line is deduced): transmitting = true;
-
1069 continue;
executed: continue;
Execution Count:3145
3145
1070 } -
1071 -
1072 // Error. -
1073 switch (q_SSL_get_error(ssl, readBytes)) { -
1074 case SSL_ERROR_WANT_READ: -
1075 case SSL_ERROR_WANT_WRITE: -
1076 // Out of data. -
1077 break;
executed: break;
Execution Count:7909
7909
1078 case SSL_ERROR_ZERO_RETURN: -
1079 // The remote host closed the connection. -
1080#ifdef QSSLSOCKET_DEBUG -
1081 qDebug() << "QSslSocketBackendPrivate::transmit: remote disconnect"; -
1082#endif -
1083 plainSocket->disconnectFromHost();
executed (the execution status of this line is deduced): plainSocket->disconnectFromHost();
-
1084 break;
executed: break;
Execution Count:1
1
1085 case SSL_ERROR_SYSCALL: // some IO error -
1086 case SSL_ERROR_SSL: // error in the SSL library -
1087 // we do not know exactly what the error is, nor whether we can recover from it, -
1088 // so just return to prevent an endless loop in the outer "while" statement -
1089 q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(getErrorsFromOpenSsl()));
-
1090 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
1091 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
1092 return;
never executed: return;
0
1093 default: -
1094 // SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT: can only happen with a -
1095 // BIO_s_connect() or BIO_s_accept(), which we do not call. -
1096 // SSL_ERROR_WANT_X509_LOOKUP: can only happen with a -
1097 // SSL_CTX_set_client_cert_cb(), which we do not call. -
1098 // So this default case should never be triggered. -
1099 q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(getErrorsFromOpenSsl()));
-
1100 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
1101 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
1102 break;
never executed: break;
0
1103 } -
1104 } while (ssl && readBytes > 0);
executed: }
Execution Count:7910
evaluated: ssl
TRUEFALSE
yes
Evaluation Count:11044
yes
Evaluation Count:11
evaluated: readBytes > 0
TRUEFALSE
yes
Evaluation Count:3135
yes
Evaluation Count:7909
11-11044
1105 } while (ssl && ctx && transmitting);
executed: }
Execution Count:7920
evaluated: ssl
TRUEFALSE
yes
Evaluation Count:7909
yes
Evaluation Count:11
partially evaluated: ctx
TRUEFALSE
yes
Evaluation Count:7909
no
Evaluation Count:0
evaluated: transmitting
TRUEFALSE
yes
Evaluation Count:4087
yes
Evaluation Count:3822
0-7920
1106}
executed: }
Execution Count:3843
3843
1107 -
1108static QSslError _q_OpenSSL_to_QSslError(int errorCode, const QSslCertificate &cert) -
1109{ -
1110 QSslError error;
executed (the execution status of this line is deduced): QSslError error;
-
1111 switch (errorCode) { -
1112 case X509_V_OK: -
1113 // X509_V_OK is also reported if the peer had no certificate. -
1114 break;
never executed: break;
0
1115 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: -
1116 error = QSslError(QSslError::UnableToGetIssuerCertificate, cert); break;
never executed: break;
0
1117 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: -
1118 error = QSslError(QSslError::UnableToDecryptCertificateSignature, cert); break;
never executed: break;
0
1119 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: -
1120 error = QSslError(QSslError::UnableToDecodeIssuerPublicKey, cert); break;
never executed: break;
0
1121 case X509_V_ERR_CERT_SIGNATURE_FAILURE: -
1122 error = QSslError(QSslError::CertificateSignatureFailed, cert); break;
never executed: break;
0
1123 case X509_V_ERR_CERT_NOT_YET_VALID: -
1124 error = QSslError(QSslError::CertificateNotYetValid, cert); break;
never executed: break;
0
1125 case X509_V_ERR_CERT_HAS_EXPIRED: -
1126 error = QSslError(QSslError::CertificateExpired, cert); break;
executed: break;
Execution Count:1
1
1127 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: -
1128 error = QSslError(QSslError::InvalidNotBeforeField, cert); break;
never executed: break;
0
1129 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: -
1130 error = QSslError(QSslError::InvalidNotAfterField, cert); break;
never executed: break;
0
1131 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: -
1132 error = QSslError(QSslError::SelfSignedCertificate, cert); break;
executed: break;
Execution Count:65
65
1133 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: -
1134 error = QSslError(QSslError::SelfSignedCertificateInChain, cert); break;
never executed: break;
0
1135 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: -
1136 error = QSslError(QSslError::UnableToGetLocalIssuerCertificate, cert); break;
executed: break;
Execution Count:12
12
1137 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: -
1138 error = QSslError(QSslError::UnableToVerifyFirstCertificate, cert); break;
executed: break;
Execution Count:12
12
1139 case X509_V_ERR_CERT_REVOKED: -
1140 error = QSslError(QSslError::CertificateRevoked, cert); break;
never executed: break;
0
1141 case X509_V_ERR_INVALID_CA: -
1142 error = QSslError(QSslError::InvalidCaCertificate, cert); break;
executed: break;
Execution Count:1
1
1143 case X509_V_ERR_PATH_LENGTH_EXCEEDED: -
1144 error = QSslError(QSslError::PathLengthExceeded, cert); break;
never executed: break;
0
1145 case X509_V_ERR_INVALID_PURPOSE: -
1146 error = QSslError(QSslError::InvalidPurpose, cert); break;
never executed: break;
0
1147 case X509_V_ERR_CERT_UNTRUSTED: -
1148 error = QSslError(QSslError::CertificateUntrusted, cert); break;
executed: break;
Execution Count:6
6
1149 case X509_V_ERR_CERT_REJECTED: -
1150 error = QSslError(QSslError::CertificateRejected, cert); break;
never executed: break;
0
1151 default: -
1152 error = QSslError(QSslError::UnspecifiedError, cert); break;
never executed: break;
0
1153 } -
1154 return error;
executed: return error;
Execution Count:97
97
1155} -
1156 -
1157bool QSslSocketBackendPrivate::startHandshake() -
1158{ -
1159 Q_Q(QSslSocket);
executed (the execution status of this line is deduced): QSslSocket * const q = q_func();
-
1160 -
1161 // Check if the connection has been established. Get all errors from the -
1162 // verification stage. -
1163 _q_sslErrorList()->mutex.lock();
executed (the execution status of this line is deduced): _q_sslErrorList()->mutex.lock();
-
1164 _q_sslErrorList()->errors.clear();
executed (the execution status of this line is deduced): _q_sslErrorList()->errors.clear();
-
1165 int result = (mode == QSslSocket::SslClientMode) ? q_SSL_connect(ssl) : q_SSL_accept(ssl);
evaluated: (mode == QSslSocket::SslClientMode)
TRUEFALSE
yes
Evaluation Count:561
yes
Evaluation Count:18
18-561
1166 -
1167 const QList<QPair<int, int> > &lastErrors = _q_sslErrorList()->errors;
executed (the execution status of this line is deduced): const QList<QPair<int, int> > &lastErrors = _q_sslErrorList()->errors;
-
1168 for (int i = 0; i < lastErrors.size(); ++i) {
evaluated: i < lastErrors.size()
TRUEFALSE
yes
Evaluation Count:47
yes
Evaluation Count:579
47-579
1169 const QPair<int, int> &currentError = lastErrors.at(i);
executed (the execution status of this line is deduced): const QPair<int, int> &currentError = lastErrors.at(i);
-
1170 // Initialize the peer certificate chain in order to find which certificate caused this error -
1171 if (configuration.peerCertificateChain.isEmpty())
evaluated: configuration.peerCertificateChain.isEmpty()
TRUEFALSE
yes
Evaluation Count:41
yes
Evaluation Count:6
6-41
1172 configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl));
executed: configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl));
Execution Count:41
41
1173 emit q->peerVerifyError(_q_OpenSSL_to_QSslError(currentError.first,
executed (the execution status of this line is deduced): q->peerVerifyError(_q_OpenSSL_to_QSslError(currentError.first,
-
1174 configuration.peerCertificateChain.value(currentError.second)));
executed (the execution status of this line is deduced): configuration.peerCertificateChain.value(currentError.second)));
-
1175 if (q->state() != QAbstractSocket::ConnectedState)
partially evaluated: q->state() != QAbstractSocket::ConnectedState
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:47
0-47
1176 break;
never executed: break;
0
1177 }
executed: }
Execution Count:47
47
1178 -
1179 errorList << lastErrors;
executed (the execution status of this line is deduced): errorList << lastErrors;
-
1180 _q_sslErrorList()->mutex.unlock();
executed (the execution status of this line is deduced): _q_sslErrorList()->mutex.unlock();
-
1181 -
1182 // Connection aborted during handshake phase. -
1183 if (q->state() != QAbstractSocket::ConnectedState)
partially evaluated: q->state() != QAbstractSocket::ConnectedState
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:579
0-579
1184 return false;
never executed: return false;
0
1185 -
1186 // Check if we're encrypted or not. -
1187 if (result <= 0) {
evaluated: result <= 0
TRUEFALSE
yes
Evaluation Count:499
yes
Evaluation Count:80
80-499
1188 switch (q_SSL_get_error(ssl, result)) { -
1189 case SSL_ERROR_WANT_READ: -
1190 case SSL_ERROR_WANT_WRITE: -
1191 // The handshake is not yet complete. -
1192 break;
executed: break;
Execution Count:498
498
1193 default: -
1194 q->setErrorString(QSslSocket::tr("Error during SSL handshake: %1").arg(getErrorsFromOpenSsl()));
executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error during SSL handshake: %1").arg(getErrorsFromOpenSsl()));
-
1195 q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
-
1196#ifdef QSSLSOCKET_DEBUG -
1197 qDebug() << "QSslSocketBackendPrivate::startHandshake: error!" << q->errorString(); -
1198#endif -
1199 emit q->error(QAbstractSocket::SslHandshakeFailedError);
executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslHandshakeFailedError);
-
1200 q->abort();
executed (the execution status of this line is deduced): q->abort();
-
1201 }
executed: }
Execution Count:1
1
1202 return false;
executed: return false;
Execution Count:499
499
1203 } -
1204 -
1205 // Store the peer certificate and chain. For clients, the peer certificate -
1206 // chain includes the peer certificate; for servers, it doesn't. Both the -
1207 // peer certificate and the chain may be empty if the peer didn't present -
1208 // any certificate. -
1209 if (configuration.peerCertificateChain.isEmpty())
evaluated: configuration.peerCertificateChain.isEmpty()
TRUEFALSE
yes
Evaluation Count:45
yes
Evaluation Count:35
35-45
1210 configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl));
executed: configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl));
Execution Count:45
45
1211 X509 *x509 = q_SSL_get_peer_certificate(ssl);
executed (the execution status of this line is deduced): X509 *x509 = q_SSL_get_peer_certificate(ssl);
-
1212 configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);
executed (the execution status of this line is deduced): configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);
-
1213 q_X509_free(x509);
executed (the execution status of this line is deduced): q_X509_free(x509);
-
1214 -
1215 // Start translating errors. -
1216 QList<QSslError> errors;
executed (the execution status of this line is deduced): QList<QSslError> errors;
-
1217 -
1218 // check the whole chain for blacklisting (including root, as we check for subjectInfo and issuer) -
1219 foreach (const QSslCertificate &cert, configuration.peerCertificateChain) {
executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(configuration.peerCertificateChain)> _container_(configuration.peerCertificateChain); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &cert = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
1220 if (QSslCertificatePrivate::isBlacklisted(cert)) {
partially evaluated: QSslCertificatePrivate::isBlacklisted(cert)
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:77
0-77
1221 QSslError error(QSslError::CertificateBlacklisted, cert);
never executed (the execution status of this line is deduced): QSslError error(QSslError::CertificateBlacklisted, cert);
-
1222 errors << error;
never executed (the execution status of this line is deduced): errors << error;
-
1223 emit q->peerVerifyError(error);
never executed (the execution status of this line is deduced): q->peerVerifyError(error);
-
1224 if (q->state() != QAbstractSocket::ConnectedState)
never evaluated: q->state() != QAbstractSocket::ConnectedState
0
1225 return false;
never executed: return false;
0
1226 }
never executed: }
0
1227 }
executed: }
Execution Count:77
77
1228 -
1229 bool doVerifyPeer = configuration.peerVerifyMode == QSslSocket::VerifyPeer
partially evaluated: configuration.peerVerifyMode == QSslSocket::VerifyPeer
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:80
0-80
1230 || (configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer
partially evaluated: configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer
TRUEFALSE
yes
Evaluation Count:80
no
Evaluation Count:0
0-80
1231 && mode == QSslSocket::SslClientMode);
evaluated: mode == QSslSocket::SslClientMode
TRUEFALSE
yes
Evaluation Count:77
yes
Evaluation Count:3
3-77
1232 -
1233 // Check the peer certificate itself. First try the subject's common name -
1234 // (CN) as a wildcard, then try all alternate subject name DNS entries the -
1235 // same way. -
1236 if (!configuration.peerCertificate.isNull()) {
evaluated: !configuration.peerCertificate.isNull()
TRUEFALSE
yes
Evaluation Count:77
yes
Evaluation Count:3
3-77
1237 // but only if we're a client connecting to a server -
1238 // if we're the server, don't check CN -
1239 if (mode == QSslSocket::SslClientMode) {
partially evaluated: mode == QSslSocket::SslClientMode
TRUEFALSE
yes
Evaluation Count:77
no
Evaluation Count:0
0-77
1240 QString peerName = (verificationPeerName.isEmpty () ? q->peerName() : verificationPeerName);
partially evaluated: verificationPeerName.isEmpty ()
TRUEFALSE
yes
Evaluation Count:77
no
Evaluation Count:0
0-77
1241 -
1242 if (!isMatchingHostname(configuration.peerCertificate, peerName)) {
evaluated: !isMatchingHostname(configuration.peerCertificate, peerName)
TRUEFALSE
yes
Evaluation Count:3
yes
Evaluation Count:74
3-74
1243 // No matches in common names or alternate names. -
1244 QSslError error(QSslError::HostNameMismatch, configuration.peerCertificate);
executed (the execution status of this line is deduced): QSslError error(QSslError::HostNameMismatch, configuration.peerCertificate);
-
1245 errors << error;
executed (the execution status of this line is deduced): errors << error;
-
1246 emit q->peerVerifyError(error);
executed (the execution status of this line is deduced): q->peerVerifyError(error);
-
1247 if (q->state() != QAbstractSocket::ConnectedState)
partially evaluated: q->state() != QAbstractSocket::ConnectedState
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
1248 return false;
never executed: return false;
0
1249 }
executed: }
Execution Count:3
3
1250 }
executed: }
Execution Count:77
77
1251 } else {
executed: }
Execution Count:77
77
1252 // No peer certificate presented. Report as error if the socket -
1253 // expected one. -
1254 if (doVerifyPeer) {
partially evaluated: doVerifyPeer
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
1255 QSslError error(QSslError::NoPeerCertificate);
never executed (the execution status of this line is deduced): QSslError error(QSslError::NoPeerCertificate);
-
1256 errors << error;
never executed (the execution status of this line is deduced): errors << error;
-
1257 emit q->peerVerifyError(error);
never executed (the execution status of this line is deduced): q->peerVerifyError(error);
-
1258 if (q->state() != QAbstractSocket::ConnectedState)
never evaluated: q->state() != QAbstractSocket::ConnectedState
0
1259 return false;
never executed: return false;
0
1260 }
never executed: }
0
1261 }
executed: }
Execution Count:3
3
1262 -
1263 // Translate errors from the error list into QSslErrors. -
1264 for (int i = 0; i < errorList.size(); ++i) {
evaluated: i < errorList.size()
TRUEFALSE
yes
Evaluation Count:47
yes
Evaluation Count:80
47-80
1265 const QPair<int, int> &errorAndDepth = errorList.at(i);
executed (the execution status of this line is deduced): const QPair<int, int> &errorAndDepth = errorList.at(i);
-
1266 int err = errorAndDepth.first;
executed (the execution status of this line is deduced): int err = errorAndDepth.first;
-
1267 int depth = errorAndDepth.second;
executed (the execution status of this line is deduced): int depth = errorAndDepth.second;
-
1268 errors << _q_OpenSSL_to_QSslError(err, configuration.peerCertificateChain.value(depth));
executed (the execution status of this line is deduced): errors << _q_OpenSSL_to_QSslError(err, configuration.peerCertificateChain.value(depth));
-
1269 }
executed: }
Execution Count:47
47
1270 -
1271 if (!errors.isEmpty()) {
evaluated: !errors.isEmpty()
TRUEFALSE
yes
Evaluation Count:38
yes
Evaluation Count:42
38-42
1272 sslErrors = errors;
executed (the execution status of this line is deduced): sslErrors = errors;
-
1273 -
1274#ifdef Q_OS_WIN -
1275 //Skip this if not using system CAs, or if the SSL errors are configured in advance to be ignorable -
1276 if (doVerifyPeer -
1277 && s_loadRootCertsOnDemand -
1278 && allowRootCertOnDemandLoading -
1279 && !verifyErrorsHaveBeenIgnored()) { -
1280 //Windows desktop versions starting from vista ship with minimal set of roots -
1281 //and download on demand from the windows update server CA roots that are -
1282 //trusted by MS. -
1283 //However, this is only transparent if using WinINET - we have to trigger it -
1284 //ourselves. -
1285 QSslCertificate certToFetch; -
1286 bool fetchCertificate = true; -
1287 for (int i=0; i< sslErrors.count(); i++) { -
1288 switch (sslErrors.at(i).error()) { -
1289 case QSslError::UnableToGetLocalIssuerCertificate: // site presented intermediate cert, but root is unknown -
1290 case QSslError::SelfSignedCertificateInChain: // site presented a complete chain, but root is unknown -
1291 certToFetch = sslErrors.at(i).certificate(); -
1292 break; -
1293 case QSslError::SelfSignedCertificate: -
1294 case QSslError::CertificateBlacklisted: -
1295 //With these errors, we know it will be untrusted so save time by not asking windows -
1296 fetchCertificate = false; -
1297 break; -
1298 default: -
1299#ifdef QSSLSOCKET_DEBUG -
1300 qDebug() << sslErrors.at(i).errorString(); -
1301#endif -
1302 break; -
1303 } -
1304 } -
1305 if (fetchCertificate && !certToFetch.isNull()) { -
1306 fetchCaRootForCert(certToFetch); -
1307 return false; -
1308 } -
1309 } -
1310#endif -
1311 -
1312 if (!checkSslErrors())
evaluated: !checkSslErrors()
TRUEFALSE
yes
Evaluation Count:9
yes
Evaluation Count:29
9-29
1313 return false;
executed: return false;
Execution Count:9
9
1314 } else {
executed: }
Execution Count:29
29
1315 sslErrors.clear();
executed (the execution status of this line is deduced): sslErrors.clear();
-
1316 }
executed: }
Execution Count:42
42
1317 -
1318 continueHandshake();
executed (the execution status of this line is deduced): continueHandshake();
-
1319 return true;
executed: return true;
Execution Count:71
71
1320} -
1321 -
1322bool QSslSocketBackendPrivate::checkSslErrors() -
1323{ -
1324 Q_Q(QSslSocket);
executed (the execution status of this line is deduced): QSslSocket * const q = q_func();
-
1325 if (sslErrors.isEmpty())
partially evaluated: sslErrors.isEmpty()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:38
0-38
1326 return true;
never executed: return true;
0
1327 -
1328 emit q->sslErrors(sslErrors);
executed (the execution status of this line is deduced): q->sslErrors(sslErrors);
-
1329 -
1330 bool doVerifyPeer = configuration.peerVerifyMode == QSslSocket::VerifyPeer
partially evaluated: configuration.peerVerifyMode == QSslSocket::VerifyPeer
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:38
0-38
1331 || (configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer
partially evaluated: configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer
TRUEFALSE
yes
Evaluation Count:38
no
Evaluation Count:0
0-38
1332 && mode == QSslSocket::SslClientMode);
evaluated: mode == QSslSocket::SslClientMode
TRUEFALSE
yes
Evaluation Count:35
yes
Evaluation Count:3
3-35
1333 bool doEmitSslError = !verifyErrorsHaveBeenIgnored();
executed (the execution status of this line is deduced): bool doEmitSslError = !verifyErrorsHaveBeenIgnored();
-
1334 // check whether we need to emit an SSL handshake error -
1335 if (doVerifyPeer && doEmitSslError) {
evaluated: doVerifyPeer
TRUEFALSE
yes
Evaluation Count:35
yes
Evaluation Count:3
evaluated: doEmitSslError
TRUEFALSE
yes
Evaluation Count:9
yes
Evaluation Count:26
3-35
1336 if (q->pauseMode() & QAbstractSocket::PauseOnSslErrors) {
partially evaluated: q->pauseMode() & QAbstractSocket::PauseOnSslErrors
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:9
0-9
1337 pauseSocketNotifiers(q);
never executed (the execution status of this line is deduced): pauseSocketNotifiers(q);
-
1338 paused = true;
never executed (the execution status of this line is deduced): paused = true;
-
1339 } else {
never executed: }
0
1340 q->setErrorString(sslErrors.first().errorString());
executed (the execution status of this line is deduced): q->setErrorString(sslErrors.first().errorString());
-
1341 q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
-
1342 emit q->error(QAbstractSocket::SslHandshakeFailedError);
executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslHandshakeFailedError);
-
1343 plainSocket->disconnectFromHost();
executed (the execution status of this line is deduced): plainSocket->disconnectFromHost();
-
1344 }
executed: }
Execution Count:9
9
1345 return false;
executed: return false;
Execution Count:9
9
1346 } -
1347 return true;
executed: return true;
Execution Count:29
29
1348} -
1349 -
1350#ifdef Q_OS_WIN -
1351 -
1352void QSslSocketBackendPrivate::fetchCaRootForCert(const QSslCertificate &cert) -
1353{ -
1354 Q_Q(QSslSocket); -
1355 //The root certificate is downloaded from windows update, which blocks for 15 seconds in the worst case -
1356 //so the request is done in a worker thread. -
1357 QWindowsCaRootFetcher *fetcher = new QWindowsCaRootFetcher(cert, mode); -
1358 QObject::connect(fetcher, SIGNAL(finished(QSslCertificate,QSslCertificate)), q, SLOT(_q_caRootLoaded(QSslCertificate,QSslCertificate)), Qt::QueuedConnection); -
1359 QMetaObject::invokeMethod(fetcher, "start", Qt::QueuedConnection); -
1360 pauseSocketNotifiers(q); -
1361 paused = true; -
1362} -
1363 -
1364//This is the callback from QWindowsCaRootFetcher, trustedRoot will be invalid (default constructed) if it failed. -
1365void QSslSocketBackendPrivate::_q_caRootLoaded(QSslCertificate cert, QSslCertificate trustedRoot) -
1366{ -
1367 Q_Q(QSslSocket); -
1368 if (!trustedRoot.isNull() && !trustedRoot.isBlacklisted()) { -
1369 if (s_loadRootCertsOnDemand) { -
1370 //Add the new root cert to default cert list for use by future sockets -
1371 QSslSocket::addDefaultCaCertificate(trustedRoot); -
1372 } -
1373 //Add the new root cert to this socket for future connections -
1374 q->addCaCertificate(trustedRoot); -
1375 //Remove the broken chain ssl errors (as chain is verified by windows) -
1376 for (int i=sslErrors.count() - 1; i >= 0; --i) { -
1377 if (sslErrors.at(i).certificate() == cert) { -
1378 switch (sslErrors.at(i).error()) { -
1379 case QSslError::UnableToGetLocalIssuerCertificate: -
1380 case QSslError::CertificateUntrusted: -
1381 case QSslError::UnableToVerifyFirstCertificate: -
1382 case QSslError::SelfSignedCertificateInChain: -
1383 // error can be ignored if OS says the chain is trusted -
1384 sslErrors.removeAt(i); -
1385 break; -
1386 default: -
1387 // error cannot be ignored -
1388 break; -
1389 } -
1390 } -
1391 } -
1392 } -
1393 // Continue with remaining errors -
1394 if (plainSocket) -
1395 plainSocket->resume(); -
1396 paused = false; -
1397 if (checkSslErrors()) -
1398 continueHandshake(); -
1399} -
1400 -
1401class QWindowsCaRootFetcherThread : public QThread -
1402{ -
1403public: -
1404 QWindowsCaRootFetcherThread() -
1405 { -
1406 qRegisterMetaType<QSslCertificate>(); -
1407 setObjectName(QStringLiteral("QWindowsCaRootFetcher")); -
1408 start(); -
1409 } -
1410 ~QWindowsCaRootFetcherThread() -
1411 { -
1412 quit(); -
1413 wait(15500); // worst case, a running request can block for 15 seconds -
1414 } -
1415}; -
1416 -
1417Q_GLOBAL_STATIC(QWindowsCaRootFetcherThread, windowsCaRootFetcherThread); -
1418 -
1419QWindowsCaRootFetcher::QWindowsCaRootFetcher(const QSslCertificate &certificate, QSslSocket::SslMode sslMode) -
1420 : cert(certificate), mode(sslMode) -
1421{ -
1422 moveToThread(windowsCaRootFetcherThread()); -
1423} -
1424 -
1425QWindowsCaRootFetcher::~QWindowsCaRootFetcher() -
1426{ -
1427} -
1428 -
1429void QWindowsCaRootFetcher::start() -
1430{ -
1431 QByteArray der = cert.toDer(); -
1432 PCCERT_CONTEXT wincert = CertCreateCertificateContext(X509_ASN_ENCODING, (const BYTE *)der.constData(), der.length()); -
1433 if (!wincert) { -
1434#ifdef QSSLSOCKET_DEBUG -
1435 qDebug("QWindowsCaRootFetcher failed to convert certificate to windows form"); -
1436#endif -
1437 emit finished(cert, QSslCertificate()); -
1438 deleteLater(); -
1439 return; -
1440 } -
1441 -
1442 CERT_CHAIN_PARA parameters; -
1443 memset(&parameters, 0, sizeof(parameters)); -
1444 parameters.cbSize = sizeof(parameters); -
1445 // set key usage constraint -
1446 parameters.RequestedUsage.dwType = USAGE_MATCH_TYPE_AND; -
1447 parameters.RequestedUsage.Usage.cUsageIdentifier = 1; -
1448 LPSTR oid = (LPSTR)(mode == QSslSocket::SslClientMode ? szOID_PKIX_KP_SERVER_AUTH : szOID_PKIX_KP_CLIENT_AUTH); -
1449 parameters.RequestedUsage.Usage.rgpszUsageIdentifier = &oid; -
1450 -
1451#ifdef QSSLSOCKET_DEBUG -
1452 QElapsedTimer stopwatch; -
1453 stopwatch.start(); -
1454#endif -
1455 PCCERT_CHAIN_CONTEXT chain; -
1456 BOOL result = CertGetCertificateChain( -
1457 0, //default engine -
1458 wincert, -
1459 0, //current date/time -
1460 0, //default store -
1461 &parameters, -
1462 0, //default dwFlags -
1463 0, //reserved -
1464 &chain); -
1465#ifdef QSSLSOCKET_DEBUG -
1466 qDebug() << "QWindowsCaRootFetcher" << stopwatch.elapsed() << "ms to get chain"; -
1467#endif -
1468 -
1469 QSslCertificate trustedRoot; -
1470 if (result) { -
1471#ifdef QSSLSOCKET_DEBUG -
1472 qDebug() << "QWindowsCaRootFetcher - examining windows chains"; -
1473 if (chain->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR) -
1474 qDebug() << " - TRUSTED"; -
1475 else -
1476 qDebug() << " - NOT TRUSTED" << chain->TrustStatus.dwErrorStatus; -
1477 if (chain->TrustStatus.dwInfoStatus & CERT_TRUST_IS_SELF_SIGNED) -
1478 qDebug() << " - SELF SIGNED"; -
1479 qDebug() << "QSslSocketBackendPrivate::fetchCaRootForCert - dumping simple chains"; -
1480 for (unsigned int i = 0; i < chain->cChain; i++) { -
1481 if (chain->rgpChain[i]->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR) -
1482 qDebug() << " - TRUSTED SIMPLE CHAIN" << i; -
1483 else -
1484 qDebug() << " - UNTRUSTED SIMPLE CHAIN" << i << "reason:" << chain->rgpChain[i]->TrustStatus.dwErrorStatus; -
1485 for (unsigned int j = 0; j < chain->rgpChain[i]->cElement; j++) { -
1486 QSslCertificate foundCert(QByteArray((const char *)chain->rgpChain[i]->rgpElement[j]->pCertContext->pbCertEncoded -
1487 , chain->rgpChain[i]->rgpElement[j]->pCertContext->cbCertEncoded), QSsl::Der); -
1488 qDebug() << " - " << foundCert; -
1489 } -
1490 } -
1491 qDebug() << " - and" << chain->cLowerQualityChainContext << "low quality chains"; //expect 0, we haven't asked for them -
1492#endif -
1493 -
1494 //based on http://msdn.microsoft.com/en-us/library/windows/desktop/aa377182%28v=vs.85%29.aspx -
1495 //about the final chain rgpChain[cChain-1] which must begin with a trusted root to be valid -
1496 if (chain->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR -
1497 && chain->cChain > 0) { -
1498 const PCERT_SIMPLE_CHAIN finalChain = chain->rgpChain[chain->cChain - 1]; -
1499 // http://msdn.microsoft.com/en-us/library/windows/desktop/aa377544%28v=vs.85%29.aspx -
1500 // rgpElement[0] is the end certificate chain element. rgpElement[cElement-1] is the self-signed "root" certificate element. -
1501 if (finalChain->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR -
1502 && finalChain->cElement > 0) { -
1503 trustedRoot = QSslCertificate(QByteArray((const char *)finalChain->rgpElement[finalChain->cElement - 1]->pCertContext->pbCertEncoded -
1504 , finalChain->rgpElement[finalChain->cElement - 1]->pCertContext->cbCertEncoded), QSsl::Der); -
1505 } -
1506 } -
1507 CertFreeCertificateChain(chain); -
1508 } -
1509 CertFreeCertificateContext(wincert); -
1510 -
1511 emit finished(cert, trustedRoot); -
1512 deleteLater(); -
1513} -
1514#endif -
1515 -
1516void QSslSocketBackendPrivate::disconnectFromHost() -
1517{ -
1518 if (ssl) {
never evaluated: ssl
0
1519 q_SSL_shutdown(ssl);
never executed (the execution status of this line is deduced): q_SSL_shutdown(ssl);
-
1520 transmit();
never executed (the execution status of this line is deduced): transmit();
-
1521 }
never executed: }
0
1522 plainSocket->disconnectFromHost();
never executed (the execution status of this line is deduced): plainSocket->disconnectFromHost();
-
1523}
never executed: }
0
1524 -
1525void QSslSocketBackendPrivate::disconnected() -
1526{ -
1527 if (plainSocket->bytesAvailable() <= 0)
evaluated: plainSocket->bytesAvailable() <= 0
TRUEFALSE
yes
Evaluation Count:124
yes
Evaluation Count:3
3-124
1528 destroySslContext();
executed: destroySslContext();
Execution Count:124
124
1529 //if there is still buffered data in the plain socket, don't destroy the ssl context yet. -
1530 //it will be destroyed when the socket is deleted. -
1531}
executed: }
Execution Count:127
127
1532 -
1533QSslCipher QSslSocketBackendPrivate::sessionCipher() const -
1534{ -
1535 if (!ssl || !ctx)
evaluated: !ssl
TRUEFALSE
yes
Evaluation Count:17
yes
Evaluation Count:142
partially evaluated: !ctx
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:142
0-142
1536 return QSslCipher();
executed: return QSslCipher();
Execution Count:17
17
1537#if OPENSSL_VERSION_NUMBER >= 0x10000000L -
1538 // FIXME This is fairly evil, but needed to keep source level compatibility -
1539 // with the OpenSSL 0.9.x implementation at maximum -- some other functions -
1540 // don't take a const SSL_CIPHER* when they should -
1541 SSL_CIPHER *sessionCipher = const_cast<SSL_CIPHER *>(q_SSL_get_current_cipher(ssl)); -
1542#else -
1543 SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl);
executed (the execution status of this line is deduced): SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl);
-
1544#endif -
1545 return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher();
executed: return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher();
Execution Count:142
142
1546} -
1547 -
1548void QSslSocketBackendPrivate::continueHandshake() -
1549{ -
1550 Q_Q(QSslSocket);
executed (the execution status of this line is deduced): QSslSocket * const q = q_func();
-
1551 // if we have a max read buffer size, reset the plain socket's to match -
1552 if (readBufferMaxSize)
evaluated: readBufferMaxSize
TRUEFALSE
yes
Evaluation Count:67
yes
Evaluation Count:4
4-67
1553 plainSocket->setReadBufferSize(readBufferMaxSize);
executed: plainSocket->setReadBufferSize(readBufferMaxSize);
Execution Count:67
67
1554 -
1555 connectionEncrypted = true;
executed (the execution status of this line is deduced): connectionEncrypted = true;
-
1556 emit q->encrypted();
executed (the execution status of this line is deduced): q->encrypted();
-
1557 if (autoStartHandshake && pendingClose) {
evaluated: autoStartHandshake
TRUEFALSE
yes
Evaluation Count:67
yes
Evaluation Count:4
partially evaluated: pendingClose
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:67
0-67
1558 pendingClose = false;
never executed (the execution status of this line is deduced): pendingClose = false;
-
1559 q->disconnectFromHost();
never executed (the execution status of this line is deduced): q->disconnectFromHost();
-
1560 }
never executed: }
0
1561}
executed: }
Execution Count:71
71
1562 -
1563QList<QSslCertificate> QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509) -
1564{ -
1565 ensureInitialized();
executed (the execution status of this line is deduced): ensureInitialized();
-
1566 QList<QSslCertificate> certificates;
executed (the execution status of this line is deduced): QList<QSslCertificate> certificates;
-
1567 for (int i = 0; i < q_sk_X509_num(x509); ++i) {
evaluated: i < ((int (*)(const STACK *))q_sk_num)((x509))
TRUEFALSE
yes
Evaluation Count:77
yes
Evaluation Count:86
77-86
1568 if (X509 *entry = q_sk_X509_value(x509, i))
partially evaluated: X509 *entry = ((X509 * (*)(const STACK *, int))q_sk_value)((x509), (i))
TRUEFALSE
yes
Evaluation Count:77
no
Evaluation Count:0
0-77
1569 certificates << QSslCertificatePrivate::QSslCertificate_from_X509(entry);
executed: certificates << QSslCertificatePrivate::QSslCertificate_from_X509(entry);
Execution Count:77
77
1570 }
executed: }
Execution Count:77
77
1571 return certificates;
executed: return certificates;
Execution Count:86
86
1572} -
1573 -
1574QString QSslSocketBackendPrivate::getErrorsFromOpenSsl() -
1575{ -
1576 QString errorString;
executed (the execution status of this line is deduced): QString errorString;
-
1577 unsigned long errNum;
executed (the execution status of this line is deduced): unsigned long errNum;
-
1578 while((errNum = q_ERR_get_error())) {
evaluated: (errNum = q_ERR_get_error())
TRUEFALSE
yes
Evaluation Count:1
yes
Evaluation Count:1
1
1579 if (! errorString.isEmpty())
partially evaluated: ! errorString.isEmpty()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:1
0-1
1580 errorString.append(QLatin1String(", "));
never executed: errorString.append(QLatin1String(", "));
0
1581 const char *error = q_ERR_error_string(errNum, NULL);
executed (the execution status of this line is deduced): const char *error = q_ERR_error_string(errNum, __null);
-
1582 errorString.append(QString::fromLatin1(error)); // error is ascii according to man ERR_error_string
executed (the execution status of this line is deduced): errorString.append(QString::fromLatin1(error));
-
1583 }
executed: }
Execution Count:1
1
1584 return errorString;
executed: return errorString;
Execution Count:1
1
1585} -
1586 -
1587bool QSslSocketBackendPrivate::isMatchingHostname(const QSslCertificate &cert, const QString &peerName) -
1588{ -
1589 QStringList commonNameList = cert.subjectInfo(QSslCertificate::CommonName);
executed (the execution status of this line is deduced): QStringList commonNameList = cert.subjectInfo(QSslCertificate::CommonName);
-
1590 -
1591 foreach (const QString &commonName, commonNameList) {
executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(commonNameList)> _container_(commonNameList); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QString &commonName = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
1592 if (isMatchingHostname(commonName.toLower(), peerName.toLower())) {
evaluated: isMatchingHostname(commonName.toLower(), peerName.toLower())
TRUEFALSE
yes
Evaluation Count:75
yes
Evaluation Count:4
4-75
1593 return true;
executed: return true;
Execution Count:75
75
1594 } -
1595 }
executed: }
Execution Count:4
4
1596 -
1597 foreach (const QString &altName, cert.subjectAlternativeNames().values(QSsl::DnsEntry)) {
never executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(cert.subjectAlternativeNames().values(QSsl::DnsEntry))> _container_(cert.subjectAlternativeNames().values(QSsl::DnsEntry)); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QString &altName = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
1598 if (isMatchingHostname(altName.toLower(), peerName.toLower())) {
never evaluated: isMatchingHostname(altName.toLower(), peerName.toLower())
0
1599 return true;
never executed: return true;
0
1600 } -
1601 }
never executed: }
0
1602 -
1603 return false;
executed: return false;
Execution Count:4
4
1604} -
1605 -
1606bool QSslSocketBackendPrivate::isMatchingHostname(const QString &cn, const QString &hostname) -
1607{ -
1608 int wildcard = cn.indexOf(QLatin1Char('*'));
executed (the execution status of this line is deduced): int wildcard = cn.indexOf(QLatin1Char('*'));
-
1609 -
1610 // Check this is a wildcard cert, if not then just compare the strings -
1611 if (wildcard < 0)
partially evaluated: wildcard < 0
TRUEFALSE
yes
Evaluation Count:79
no
Evaluation Count:0
0-79
1612 return cn == hostname;
executed: return cn == hostname;
Execution Count:79
79
1613 -
1614 int firstCnDot = cn.indexOf(QLatin1Char('.'));
never executed (the execution status of this line is deduced): int firstCnDot = cn.indexOf(QLatin1Char('.'));
-
1615 int secondCnDot = cn.indexOf(QLatin1Char('.'), firstCnDot+1);
never executed (the execution status of this line is deduced): int secondCnDot = cn.indexOf(QLatin1Char('.'), firstCnDot+1);
-
1616 -
1617 // Check at least 3 components -
1618 if ((-1 == secondCnDot) || (secondCnDot+1 >= cn.length()))
never evaluated: (-1 == secondCnDot)
never evaluated: (secondCnDot+1 >= cn.length())
0
1619 return false;
never executed: return false;
0
1620 -
1621 // Check * is last character of 1st component (ie. there's a following .) -
1622 if (wildcard+1 != firstCnDot)
never evaluated: wildcard+1 != firstCnDot
0
1623 return false;
never executed: return false;
0
1624 -
1625 // Check only one star -
1626 if (cn.lastIndexOf(QLatin1Char('*')) != wildcard)
never evaluated: cn.lastIndexOf(QLatin1Char('*')) != wildcard
0
1627 return false;
never executed: return false;
0
1628 -
1629 // Check characters preceding * (if any) match -
1630 if (wildcard && (hostname.leftRef(wildcard) != cn.leftRef(wildcard)))
never evaluated: wildcard
never evaluated: (hostname.leftRef(wildcard) != cn.leftRef(wildcard))
0
1631 return false;
never executed: return false;
0
1632 -
1633 // Check characters following first . match -
1634 if (hostname.midRef(hostname.indexOf(QLatin1Char('.'))) != cn.midRef(firstCnDot))
never evaluated: hostname.midRef(hostname.indexOf(QLatin1Char('.'))) != cn.midRef(firstCnDot)
0
1635 return false;
never executed: return false;
0
1636 -
1637 // Check if the hostname is an IP address, if so then wildcards are not allowed -
1638 QHostAddress addr(hostname);
never executed (the execution status of this line is deduced): QHostAddress addr(hostname);
-
1639 if (!addr.isNull())
never evaluated: !addr.isNull()
0
1640 return false;
never executed: return false;
0
1641 -
1642 // Ok, I guess this was a wildcard CN and the hostname matches. -
1643 return true;
never executed: return true;
0
1644} -
1645 -
1646QList<QSslError> QSslSocketBackendPrivate::verify(QList<QSslCertificate> certificateChain, const QString &hostName) -
1647{ -
1648 QList<QSslError> errors;
executed (the execution status of this line is deduced): QList<QSslError> errors;
-
1649 if (certificateChain.count() <= 0) {
evaluated: certificateChain.count() <= 0
TRUEFALSE
yes
Evaluation Count:1
yes
Evaluation Count:7
1-7
1650 errors << QSslError(QSslError::UnspecifiedError);
executed (the execution status of this line is deduced): errors << QSslError(QSslError::UnspecifiedError);
-
1651 return errors;
executed: return errors;
Execution Count:1
1
1652 } -
1653 -
1654 // Setup the store with the default CA certificates -
1655 X509_STORE *certStore = q_X509_STORE_new();
executed (the execution status of this line is deduced): X509_STORE *certStore = q_X509_STORE_new();
-
1656 if (!certStore) {
partially evaluated: !certStore
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:7
0-7
1657 qWarning() << "Unable to create certificate store";
never executed (the execution status of this line is deduced): QMessageLogger("ssl/qsslsocket_openssl.cpp", 1657, __PRETTY_FUNCTION__).warning() << "Unable to create certificate store";
-
1658 errors << QSslError(QSslError::UnspecifiedError);
never executed (the execution status of this line is deduced): errors << QSslError(QSslError::UnspecifiedError);
-
1659 return errors;
never executed: return errors;
0
1660 } -
1661 -
1662 if (s_loadRootCertsOnDemand) {
evaluated: s_loadRootCertsOnDemand
TRUEFALSE
yes
Evaluation Count:1
yes
Evaluation Count:6
1-6
1663 setDefaultCaCertificates(defaultCaCertificates() + systemCaCertificates());
executed (the execution status of this line is deduced): setDefaultCaCertificates(defaultCaCertificates() + systemCaCertificates());
-
1664 }
executed: }
Execution Count:1
1
1665 -
1666 QList<QSslCertificate> expiredCerts;
executed (the execution status of this line is deduced): QList<QSslCertificate> expiredCerts;
-
1667 -
1668 foreach (const QSslCertificate &caCertificate, QSslSocket::defaultCaCertificates()) {
executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(QSslSocket::defaultCaCertificates())> _container_(QSslSocket::defaultCaCertificates()); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &caCertificate = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
1669 // add expired certs later, so that the -
1670 // valid ones are used before the expired ones -
1671 if (caCertificate.expiryDate() < QDateTime::currentDateTime()) {
evaluated: caCertificate.expiryDate() < QDateTime::currentDateTime()
TRUEFALSE
yes
Evaluation Count:224
yes
Evaluation Count:1757
224-1757
1672 expiredCerts.append(caCertificate);
executed (the execution status of this line is deduced): expiredCerts.append(caCertificate);
-
1673 } else {
executed: }
Execution Count:224
224
1674 q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle()));
executed (the execution status of this line is deduced): q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle()));
-
1675 }
executed: }
Execution Count:1757
1757
1676 } -
1677 -
1678 bool addExpiredCerts = true;
executed (the execution status of this line is deduced): bool addExpiredCerts = true;
-
1679#if defined(Q_OS_MAC) && (MAC_OS_X_VERSION_MAX_ALLOWED == MAC_OS_X_VERSION_10_5) -
1680 //On Leopard SSL does not work if we add the expired certificates. -
1681 if (QSysInfo::MacintoshVersion == QSysInfo::MV_10_5) -
1682 addExpiredCerts = false; -
1683#endif -
1684 // now add the expired certs -
1685 if (addExpiredCerts) {
partially evaluated: addExpiredCerts
TRUEFALSE
yes
Evaluation Count:7
no
Evaluation Count:0
0-7
1686 foreach (const QSslCertificate &caCertificate, expiredCerts) {
executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(expiredCerts)> _container_(expiredCerts); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &caCertificate = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
1687 q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle()));
executed (the execution status of this line is deduced): q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle()));
-
1688 }
executed: }
Execution Count:224
224
1689 }
executed: }
Execution Count:7
7
1690 -
1691 QMutexLocker sslErrorListMutexLocker(&_q_sslErrorList()->mutex);
executed (the execution status of this line is deduced): QMutexLocker sslErrorListMutexLocker(&_q_sslErrorList()->mutex);
-
1692 -
1693 // Register a custom callback to get all verification errors. -
1694 X509_STORE_set_verify_cb_func(certStore, q_X509Callback);
executed (the execution status of this line is deduced): ((certStore)->verify_cb=(q_X509Callback));
-
1695 -
1696 // Build the chain of intermediate certificates -
1697 STACK_OF(X509) *intermediates = 0;
executed (the execution status of this line is deduced): STACK *intermediates = 0;
-
1698 if (certificateChain.length() > 1) {
evaluated: certificateChain.length() > 1
TRUEFALSE
yes
Evaluation Count:4
yes
Evaluation Count:3
3-4
1699 intermediates = (STACK_OF(X509) *) q_sk_new_null();
executed (the execution status of this line is deduced): intermediates = (STACK *) q_sk_new_null();
-
1700 -
1701 if (!intermediates) {
partially evaluated: !intermediates
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:4
0-4
1702 q_X509_STORE_free(certStore);
never executed (the execution status of this line is deduced): q_X509_STORE_free(certStore);
-
1703 errors << QSslError(QSslError::UnspecifiedError);
never executed (the execution status of this line is deduced): errors << QSslError(QSslError::UnspecifiedError);
-
1704 return errors;
never executed: return errors;
0
1705 } -
1706 -
1707 bool first = true;
executed (the execution status of this line is deduced): bool first = true;
-
1708 foreach (const QSslCertificate &cert, certificateChain) {
executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(certificateChain)> _container_(certificateChain); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &cert = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
1709 if (first) {
evaluated: first
TRUEFALSE
yes
Evaluation Count:4
yes
Evaluation Count:4
4
1710 first = false;
executed (the execution status of this line is deduced): first = false;
-
1711 continue;
executed: continue;
Execution Count:4
4
1712 } -
1713#if OPENSSL_VERSION_NUMBER >= 0x10000000L -
1714 q_sk_push( (_STACK *)intermediates, reinterpret_cast<X509 *>(cert.handle())); -
1715#else -
1716 q_sk_push( (STACK *)intermediates, reinterpret_cast<X509 *>(cert.handle()));
executed (the execution status of this line is deduced): q_sk_push( (STACK *)intermediates, reinterpret_cast<X509 *>(cert.handle()));
-
1717#endif -
1718 }
executed: }
Execution Count:4
4
1719 }
executed: }
Execution Count:4
4
1720 -
1721 X509_STORE_CTX *storeContext = q_X509_STORE_CTX_new();
executed (the execution status of this line is deduced): X509_STORE_CTX *storeContext = q_X509_STORE_CTX_new();
-
1722 if (!storeContext) {
partially evaluated: !storeContext
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:7
0-7
1723 q_X509_STORE_free(certStore);
never executed (the execution status of this line is deduced): q_X509_STORE_free(certStore);
-
1724 errors << QSslError(QSslError::UnspecifiedError);
never executed (the execution status of this line is deduced): errors << QSslError(QSslError::UnspecifiedError);
-
1725 return errors;
never executed: return errors;
0
1726 } -
1727 -
1728 if (!q_X509_STORE_CTX_init(storeContext, certStore, reinterpret_cast<X509 *>(certificateChain[0].handle()), intermediates)) {
partially evaluated: !q_X509_STORE_CTX_init(storeContext, certStore, reinterpret_cast<X509 *>(certificateChain[0].handle()), intermediates)
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:7
0-7
1729 q_X509_STORE_CTX_free(storeContext);
never executed (the execution status of this line is deduced): q_X509_STORE_CTX_free(storeContext);
-
1730 q_X509_STORE_free(certStore);
never executed (the execution status of this line is deduced): q_X509_STORE_free(certStore);
-
1731 errors << QSslError(QSslError::UnspecifiedError);
never executed (the execution status of this line is deduced): errors << QSslError(QSslError::UnspecifiedError);
-
1732 return errors;
never executed: return errors;
0
1733 } -
1734 -
1735 // Now we can actually perform the verification of the chain we have built. -
1736 // We ignore the result of this function since we process errors via the -
1737 // callback. -
1738 (void) q_X509_verify_cert(storeContext);
executed (the execution status of this line is deduced): (void) q_X509_verify_cert(storeContext);
-
1739 -
1740 q_X509_STORE_CTX_free(storeContext);
executed (the execution status of this line is deduced): q_X509_STORE_CTX_free(storeContext);
-
1741#if OPENSSL_VERSION_NUMBER >= 0x10000000L -
1742 q_sk_free( (_STACK *) intermediates); -
1743#else -
1744 q_sk_free( (STACK *) intermediates);
executed (the execution status of this line is deduced): q_sk_free( (STACK *) intermediates);
-
1745#endif -
1746 -
1747 // Now process the errors -
1748 const QList<QPair<int, int> > errorList = _q_sslErrorList()->errors;
executed (the execution status of this line is deduced): const QList<QPair<int, int> > errorList = _q_sslErrorList()->errors;
-
1749 _q_sslErrorList()->errors.clear();
executed (the execution status of this line is deduced): _q_sslErrorList()->errors.clear();
-
1750 -
1751 sslErrorListMutexLocker.unlock();
executed (the execution status of this line is deduced): sslErrorListMutexLocker.unlock();
-
1752 -
1753 // Translate the errors -
1754 if (QSslCertificatePrivate::isBlacklisted(certificateChain[0])) {
evaluated: QSslCertificatePrivate::isBlacklisted(certificateChain[0])
TRUEFALSE
yes
Evaluation Count:1
yes
Evaluation Count:6
1-6
1755 QSslError error(QSslError::CertificateBlacklisted, certificateChain[0]);
executed (the execution status of this line is deduced): QSslError error(QSslError::CertificateBlacklisted, certificateChain[0]);
-
1756 errors << error;
executed (the execution status of this line is deduced): errors << error;
-
1757 }
executed: }
Execution Count:1
1
1758 -
1759 // Check the certificate name against the hostname if one was specified -
1760 if ((!hostName.isEmpty()) && (!isMatchingHostname(certificateChain[0], hostName))) {
evaluated: (!hostName.isEmpty())
TRUEFALSE
yes
Evaluation Count:2
yes
Evaluation Count:5
evaluated: (!isMatchingHostname(certificateChain[0], hostName))
TRUEFALSE
yes
Evaluation Count:1
yes
Evaluation Count:1
1-5
1761 // No matches in common names or alternate names. -
1762 QSslError error(QSslError::HostNameMismatch, certificateChain[0]);
executed (the execution status of this line is deduced): QSslError error(QSslError::HostNameMismatch, certificateChain[0]);
-
1763 errors << error;
executed (the execution status of this line is deduced): errors << error;
-
1764 }
executed: }
Execution Count:1
1
1765 -
1766 // Translate errors from the error list into QSslErrors. -
1767 for (int i = 0; i < errorList.size(); ++i) {
evaluated: i < errorList.size()
TRUEFALSE
yes
Evaluation Count:3
yes
Evaluation Count:7
3-7
1768 const QPair<int, int> &errorAndDepth = errorList.at(i);
executed (the execution status of this line is deduced): const QPair<int, int> &errorAndDepth = errorList.at(i);
-
1769 int err = errorAndDepth.first;
executed (the execution status of this line is deduced): int err = errorAndDepth.first;
-
1770 int depth = errorAndDepth.second;
executed (the execution status of this line is deduced): int depth = errorAndDepth.second;
-
1771 errors << _q_OpenSSL_to_QSslError(err, certificateChain.value(depth));
executed (the execution status of this line is deduced): errors << _q_OpenSSL_to_QSslError(err, certificateChain.value(depth));
-
1772 }
executed: }
Execution Count:3
3
1773 -
1774 q_X509_STORE_free(certStore);
executed (the execution status of this line is deduced): q_X509_STORE_free(certStore);
-
1775 -
1776 return errors;
executed: return errors;
Execution Count:7
7
1777} -
1778 -
1779QT_END_NAMESPACE -
1780 -
Source codeSwitch to Preprocessed file
Generated by Squish Coco Non-Commercial