Absolute File Name: | /home/qt/qt5_coco/qt5/qtbase/src/network/ssl/qsslcontext_openssl.cpp |
Switch to Source code | Preprocessed file |
Line | Source | Count | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | - | |||||||||||||
2 | - | |||||||||||||
3 | - | |||||||||||||
4 | - | |||||||||||||
5 | - | |||||||||||||
6 | extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); | - | ||||||||||||
7 | extern QString getErrorsFromOpenSsl(); | - | ||||||||||||
8 | - | |||||||||||||
9 | static DH *get_dh1024() | - | ||||||||||||
10 | { | - | ||||||||||||
11 | - | |||||||||||||
12 | - | |||||||||||||
13 | - | |||||||||||||
14 | QByteArray params = QByteArray::fromBase64( | - | ||||||||||||
15 | ([]() -> QByteArray { enum { Size = sizeof("MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR" "Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL" "/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC") - 1 }; static const QStaticByteArrayData<Size> qbytearray_literal = { { { { -1 } }, Size, 0, 0, sizeof(QByteArrayData) }, "MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR" "Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL" "/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC" }; QByteArrayDataPtr holder = { qbytearray_literal.data_ptr() }; const QByteArray ba(holder); return executed 450 times by 7 tests: ba;return ba; Executed by:
executed 450 times by 7 tests: }())return ba; Executed by:
| 450 | ||||||||||||
16 | - | |||||||||||||
17 | ); | - | ||||||||||||
18 | - | |||||||||||||
19 | const char *ptr = params.constData(); | - | ||||||||||||
20 | DH *dh = q_d2i_DHparams(__null, reinterpret_cast<const unsigned char **>(&ptr), params.length()); | - | ||||||||||||
21 | - | |||||||||||||
22 | return executed 450 times by 7 tests: dh;return dh; Executed by:
executed 450 times by 7 tests: return dh; Executed by:
| 450 | ||||||||||||
23 | } | - | ||||||||||||
24 | - | |||||||||||||
25 | QSslContext::QSslContext() | - | ||||||||||||
26 | : ctx(0), | - | ||||||||||||
27 | pkey(0), | - | ||||||||||||
28 | session(0), | - | ||||||||||||
29 | m_sessionTicketLifeTimeHint(-1) | - | ||||||||||||
30 | { | - | ||||||||||||
31 | } executed 458 times by 7 tests: end of block Executed by:
| 458 | ||||||||||||
32 | - | |||||||||||||
33 | QSslContext::~QSslContext() | - | ||||||||||||
34 | { | - | ||||||||||||
35 | if (ctx
| 0-457 | ||||||||||||
36 | - | |||||||||||||
37 | q_SSL_CTX_free(ctx); executed 457 times by 8 tests: q_SSL_CTX_free(ctx); Executed by:
| 457 | ||||||||||||
38 | - | |||||||||||||
39 | if (pkey
| 83-374 | ||||||||||||
40 | q_EVP_PKEY_free(pkey); executed 83 times by 2 tests: q_EVP_PKEY_free(pkey); Executed by:
| 83 | ||||||||||||
41 | - | |||||||||||||
42 | if (session
| 124-333 | ||||||||||||
43 | q_SSL_SESSION_free(session); executed 333 times by 8 tests: q_SSL_SESSION_free(session); Executed by:
| 333 | ||||||||||||
44 | } executed 457 times by 8 tests: end of block Executed by:
| 457 | ||||||||||||
45 | - | |||||||||||||
46 | static inline QString msgErrorSettingEllipticCurves(const QString &why) | - | ||||||||||||
47 | { | - | ||||||||||||
48 | return never executed: QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why);return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); never executed: return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); | 0 | ||||||||||||
49 | } | - | ||||||||||||
50 | - | |||||||||||||
51 | - | |||||||||||||
52 | void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) | - | ||||||||||||
53 | { | - | ||||||||||||
54 | sslContext->sslConfiguration = configuration; | - | ||||||||||||
55 | sslContext->errorCode = QSslError::NoError; | - | ||||||||||||
56 | - | |||||||||||||
57 | bool client = (mode == QSslSocket::SslClientMode); | - | ||||||||||||
58 | - | |||||||||||||
59 | bool reinitialized = false; | - | ||||||||||||
60 | bool unsupportedProtocol = false; | - | ||||||||||||
61 | init_context: code before this statement executed 458 times by 7 tests: init_context: Executed by:
| 458 | ||||||||||||
62 | switch (sslContext->sslConfiguration.protocol()) { | - | ||||||||||||
63 | case never executed: QSsl::SslV2:case QSsl::SslV2: never executed: case QSsl::SslV2: | 0 | ||||||||||||
64 | - | |||||||||||||
65 | - | |||||||||||||
66 | - | |||||||||||||
67 | - | |||||||||||||
68 | sslContext->ctx = 0; | - | ||||||||||||
69 | unsupportedProtocol = true; | - | ||||||||||||
70 | - | |||||||||||||
71 | break; never executed: break; | 0 | ||||||||||||
72 | case executed 19 times by 1 test: QSsl::SslV3:case QSsl::SslV3: Executed by:
executed 19 times by 1 test: case QSsl::SslV3: Executed by:
| 19 | ||||||||||||
73 | - | |||||||||||||
74 | sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); | - | ||||||||||||
75 | - | |||||||||||||
76 | - | |||||||||||||
77 | - | |||||||||||||
78 | - | |||||||||||||
79 | - | |||||||||||||
80 | break; executed 19 times by 1 test: break; Executed by:
| 19 | ||||||||||||
81 | case executed 328 times by 7 tests: QSsl::SecureProtocols:case QSsl::SecureProtocols: Executed by:
executed 328 times by 7 tests: case QSsl::SecureProtocols: Executed by:
| 328 | ||||||||||||
82 | - | |||||||||||||
83 | - | |||||||||||||
84 | case executed 18 times by 1 test: QSsl::TlsV1SslV3:case QSsl::TlsV1SslV3: Executed by:
executed 18 times by 1 test: case QSsl::TlsV1SslV3: Executed by:
| 18 | ||||||||||||
85 | - | |||||||||||||
86 | case executed 24 times by 2 tests: QSsl::AnyProtocol:case QSsl::AnyProtocol: Executed by:
executed 24 times by 2 tests: case QSsl::AnyProtocol: Executed by:
| 24 | ||||||||||||
87 | default never executed: :default: never executed: default: | 0 | ||||||||||||
88 | sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); | - | ||||||||||||
89 | break; executed 370 times by 7 tests: break; Executed by:
| 370 | ||||||||||||
90 | case executed 51 times by 1 test: QSsl::TlsV1_0:case QSsl::TlsV1_0: Executed by:
executed 51 times by 1 test: case QSsl::TlsV1_0: Executed by:
| 51 | ||||||||||||
91 | sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); | - | ||||||||||||
92 | break; executed 51 times by 1 test: break; Executed by:
| 51 | ||||||||||||
93 | case executed 9 times by 1 test: QSsl::TlsV1_1:case QSsl::TlsV1_1: Executed by:
executed 9 times by 1 test: case QSsl::TlsV1_1: Executed by:
| 9 | ||||||||||||
94 | - | |||||||||||||
95 | sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); | - | ||||||||||||
96 | - | |||||||||||||
97 | - | |||||||||||||
98 | - | |||||||||||||
99 | - | |||||||||||||
100 | - | |||||||||||||
101 | break; executed 9 times by 1 test: break; Executed by:
| 9 | ||||||||||||
102 | case executed 9 times by 1 test: QSsl::TlsV1_2:case QSsl::TlsV1_2: Executed by:
executed 9 times by 1 test: case QSsl::TlsV1_2: Executed by:
| 9 | ||||||||||||
103 | - | |||||||||||||
104 | sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); | - | ||||||||||||
105 | - | |||||||||||||
106 | - | |||||||||||||
107 | - | |||||||||||||
108 | - | |||||||||||||
109 | - | |||||||||||||
110 | break; executed 9 times by 1 test: break; Executed by:
| 9 | ||||||||||||
111 | case never executed: QSsl::TlsV1_0OrLater:case QSsl::TlsV1_0OrLater: never executed: case QSsl::TlsV1_0OrLater: | 0 | ||||||||||||
112 | - | |||||||||||||
113 | sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); | - | ||||||||||||
114 | break; never executed: break; | 0 | ||||||||||||
115 | case never executed: QSsl::TlsV1_1OrLater:case QSsl::TlsV1_1OrLater: never executed: case QSsl::TlsV1_1OrLater: | 0 | ||||||||||||
116 | case never executed: QSsl::TlsV1_2OrLater:case QSsl::TlsV1_2OrLater: never executed: case QSsl::TlsV1_2OrLater: | 0 | ||||||||||||
117 | - | |||||||||||||
118 | - | |||||||||||||
119 | sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); | - | ||||||||||||
120 | - | |||||||||||||
121 | - | |||||||||||||
122 | - | |||||||||||||
123 | - | |||||||||||||
124 | - | |||||||||||||
125 | break; never executed: break; | 0 | ||||||||||||
126 | } | - | ||||||||||||
127 | - | |||||||||||||
128 | if (!sslContext->ctx
| 0-458 | ||||||||||||
129 | - | |||||||||||||
130 | - | |||||||||||||
131 | if (!reinitialized
| 0 | ||||||||||||
132 | reinitialized = true; | - | ||||||||||||
133 | if (q_SSL_library_init() == 1
| 0 | ||||||||||||
134 | goto never executed: init_context;goto init_context; never executed: goto init_context; | 0 | ||||||||||||
135 | } never executed: end of block | 0 | ||||||||||||
136 | - | |||||||||||||
137 | sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( | - | ||||||||||||
138 | unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() | - | ||||||||||||
139 | ); | - | ||||||||||||
140 | sslContext->errorCode = QSslError::UnspecifiedError; | - | ||||||||||||
141 | return; never executed: return; | 0 | ||||||||||||
142 | } | - | ||||||||||||
143 | - | |||||||||||||
144 | - | |||||||||||||
145 | long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); | - | ||||||||||||
146 | q_SSL_CTX_ctrl((sslContext->ctx),32,(options),__null); | - | ||||||||||||
147 | - | |||||||||||||
148 | - | |||||||||||||
149 | - | |||||||||||||
150 | - | |||||||||||||
151 | if (q_SSLeay() >= 0x10000000L
| 0-458 | ||||||||||||
152 | q_SSL_CTX_ctrl((sslContext->ctx),33,(0x00000010L),__null); executed 458 times by 7 tests: q_SSL_CTX_ctrl((sslContext->ctx),33,(0x00000010L),__null); Executed by:
| 458 | ||||||||||||
153 | - | |||||||||||||
154 | - | |||||||||||||
155 | - | |||||||||||||
156 | QByteArray cipherString; | - | ||||||||||||
157 | bool first = true; | - | ||||||||||||
158 | QList<QSslCipher> ciphers = sslContext->sslConfiguration.ciphers(); | - | ||||||||||||
159 | if (ciphers.isEmpty()
| 54-404 | ||||||||||||
160 | ciphers = QSslSocketPrivate::defaultCiphers(); executed 54 times by 4 tests: ciphers = QSslSocketPrivate::defaultCiphers(); Executed by:
| 54 | ||||||||||||
161 | for (const QSslCipher &cipher : qAsConst(ciphers)) { | - | ||||||||||||
162 | if (first
| 451-28800 | ||||||||||||
163 | first = false; executed 451 times by 7 tests: first = false; Executed by:
| 451 | ||||||||||||
164 | else | - | ||||||||||||
165 | cipherString.append(':'); executed 28800 times by 7 tests: cipherString.append(':'); Executed by:
| 28800 | ||||||||||||
166 | cipherString.append(cipher.name().toLatin1()); | - | ||||||||||||
167 | } executed 29251 times by 7 tests: end of block Executed by:
| 29251 | ||||||||||||
168 | - | |||||||||||||
169 | if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())
| 7-451 | ||||||||||||
170 | sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); | - | ||||||||||||
171 | sslContext->errorCode = QSslError::UnspecifiedError; | - | ||||||||||||
172 | return; executed 7 times by 2 tests: return; Executed by:
| 7 | ||||||||||||
173 | } | - | ||||||||||||
174 | - | |||||||||||||
175 | const QDateTime now = QDateTime::currentDateTimeUtc(); | - | ||||||||||||
176 | - | |||||||||||||
177 | - | |||||||||||||
178 | const auto caCertificates = sslContext->sslConfiguration.caCertificates(); | - | ||||||||||||
179 | for (const QSslCertificate &caCertificate : caCertificates) { | - | ||||||||||||
180 | if (caCertificate.expiryDate() >= now
| 3454-51484 | ||||||||||||
181 | q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); | - | ||||||||||||
182 | } executed 51484 times by 3 tests: end of block Executed by:
| 51484 | ||||||||||||
183 | } executed 54938 times by 3 tests: end of block Executed by:
| 54938 | ||||||||||||
184 | - | |||||||||||||
185 | if (QSslSocketPrivate::s_loadRootCertsOnDemand
| 48-340 | ||||||||||||
186 | - | |||||||||||||
187 | const QList<QByteArray> unixDirs = QSslSocketPrivate::unixRootCertDirectories(); | - | ||||||||||||
188 | for (const QByteArray &unixDir : unixDirs) | - | ||||||||||||
189 | q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDir.constData()); executed 567 times by 5 tests: q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDir.constData()); Executed by:
| 567 | ||||||||||||
190 | } executed 63 times by 5 tests: end of block Executed by:
| 63 | ||||||||||||
191 | - | |||||||||||||
192 | if (!sslContext->sslConfiguration.localCertificate().isNull()
| 89-362 | ||||||||||||
193 | - | |||||||||||||
194 | if (sslContext->sslConfiguration.privateKey().isNull()
| 1-88 | ||||||||||||
195 | sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); | - | ||||||||||||
196 | sslContext->errorCode = QSslError::UnspecifiedError; | - | ||||||||||||
197 | return; executed 1 time by 1 test: return; Executed by:
| 1 | ||||||||||||
198 | } | - | ||||||||||||
199 | - | |||||||||||||
200 | - | |||||||||||||
201 | if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())
| 0-88 | ||||||||||||
202 | sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); | - | ||||||||||||
203 | sslContext->errorCode = QSslError::UnspecifiedError; | - | ||||||||||||
204 | return; never executed: return; | 0 | ||||||||||||
205 | } | - | ||||||||||||
206 | - | |||||||||||||
207 | if (configuration.d->privateKey.algorithm() == QSsl::Opaque
| 4-84 | ||||||||||||
208 | sslContext->pkey = reinterpret_cast<EVP_PKEY *>(configuration.d->privateKey.handle()); | - | ||||||||||||
209 | } executed 4 times by 1 test: else {end of block Executed by:
| 4 | ||||||||||||
210 | - | |||||||||||||
211 | sslContext->pkey = q_EVP_PKEY_new(); | - | ||||||||||||
212 | - | |||||||||||||
213 | - | |||||||||||||
214 | - | |||||||||||||
215 | if (configuration.d->privateKey.algorithm() == QSsl::Rsa
| 0-84 | ||||||||||||
216 | q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast<RSA *>(configuration.d->privateKey.handle())); executed 84 times by 2 tests: q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast<RSA *>(configuration.d->privateKey.handle())); Executed by:
| 84 | ||||||||||||
217 | else if (configuration.d->privateKey.algorithm() == QSsl::Dsa
| 0 | ||||||||||||
218 | q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast<DSA *>(configuration.d->privateKey.handle())); never executed: q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast<DSA *>(configuration.d->privateKey.handle())); | 0 | ||||||||||||
219 | - | |||||||||||||
220 | else if (configuration.d->privateKey.algorithm() == QSsl::Ec
| 0 | ||||||||||||
221 | q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast<EC_KEY *>(configuration.d->privateKey.handle())); never executed: q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast<EC_KEY *>(configuration.d->privateKey.handle())); | 0 | ||||||||||||
222 | - | |||||||||||||
223 | } executed 84 times by 2 tests: end of block Executed by:
| 84 | ||||||||||||
224 | - | |||||||||||||
225 | if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)
| 0-88 | ||||||||||||
226 | sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); | - | ||||||||||||
227 | sslContext->errorCode = QSslError::UnspecifiedError; | - | ||||||||||||
228 | return; never executed: return; | 0 | ||||||||||||
229 | } | - | ||||||||||||
230 | if (configuration.d->privateKey.algorithm() == QSsl::Opaque
| 4-84 | ||||||||||||
231 | sslContext->pkey = 0; executed 4 times by 1 test: sslContext->pkey = 0; Executed by:
| 4 | ||||||||||||
232 | - | |||||||||||||
233 | - | |||||||||||||
234 | if (!q_SSL_CTX_check_private_key(sslContext->ctx)
| 0-88 | ||||||||||||
235 | sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); | - | ||||||||||||
236 | sslContext->errorCode = QSslError::UnspecifiedError; | - | ||||||||||||
237 | return; never executed: return; | 0 | ||||||||||||
238 | } | - | ||||||||||||
239 | - | |||||||||||||
240 | - | |||||||||||||
241 | bool first = true; | - | ||||||||||||
242 | for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { | - | ||||||||||||
243 | if (first
| 5-88 | ||||||||||||
244 | first = false; | - | ||||||||||||
245 | continue; executed 88 times by 2 tests: continue; Executed by:
| 88 | ||||||||||||
246 | } | - | ||||||||||||
247 | q_SSL_CTX_ctrl(sslContext->ctx, 14, 0, | - | ||||||||||||
248 | q_X509_dup(reinterpret_cast<X509 *>(cert.handle()))); | - | ||||||||||||
249 | } executed 5 times by 1 test: end of block Executed by:
| 5 | ||||||||||||
250 | } executed 88 times by 2 tests: end of block Executed by:
| 88 | ||||||||||||
251 | - | |||||||||||||
252 | - | |||||||||||||
253 | if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone
| 7-443 | ||||||||||||
254 | q_SSL_CTX_set_verify(sslContext->ctx, 0x00, 0); | - | ||||||||||||
255 | } executed 7 times by 1 test: else {end of block Executed by:
| 7 | ||||||||||||
256 | q_SSL_CTX_set_verify(sslContext->ctx, 0x01, q_X509Callback); | - | ||||||||||||
257 | } executed 443 times by 7 tests: end of block Executed by:
| 443 | ||||||||||||
258 | - | |||||||||||||
259 | - | |||||||||||||
260 | if (sslContext->sslConfiguration.peerVerifyDepth() != 0
| 0-450 | ||||||||||||
261 | q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); never executed: q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); | 0 | ||||||||||||
262 | - | |||||||||||||
263 | - | |||||||||||||
264 | if (!configuration.sessionTicket().isEmpty()
| 1-449 | ||||||||||||
265 | sslContext->setSessionASN1(configuration.sessionTicket()); executed 1 time by 1 test: sslContext->setSessionASN1(configuration.sessionTicket()); Executed by:
| 1 | ||||||||||||
266 | - | |||||||||||||
267 | - | |||||||||||||
268 | DH *dh = 0; | - | ||||||||||||
269 | dh = get_dh1024(); | - | ||||||||||||
270 | q_SSL_CTX_ctrl((sslContext->ctx), 3, 0, (char *)dh); | - | ||||||||||||
271 | q_DH_free(dh); | - | ||||||||||||
272 | - | |||||||||||||
273 | - | |||||||||||||
274 | - | |||||||||||||
275 | - | |||||||||||||
276 | - | |||||||||||||
277 | - | |||||||||||||
278 | - | |||||||||||||
279 | { | - | ||||||||||||
280 | - | |||||||||||||
281 | EC_KEY *ecdh = 0; | - | ||||||||||||
282 | ecdh = q_EC_KEY_new_by_curve_name(415); | - | ||||||||||||
283 | q_SSL_CTX_ctrl((sslContext->ctx), 4, 0, (char *)ecdh); | - | ||||||||||||
284 | q_EC_KEY_free(ecdh); | - | ||||||||||||
285 | } | - | ||||||||||||
286 | - | |||||||||||||
287 | - | |||||||||||||
288 | const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); | - | ||||||||||||
289 | if (!qcurves.isEmpty()
| 0-450 | ||||||||||||
290 | { | - | ||||||||||||
291 | - | |||||||||||||
292 | sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); | - | ||||||||||||
293 | sslContext->errorCode = QSslError::UnspecifiedError; | - | ||||||||||||
294 | } | - | ||||||||||||
295 | } never executed: end of block | 0 | ||||||||||||
296 | } executed 450 times by 7 tests: end of block Executed by:
| 450 | ||||||||||||
297 | - | |||||||||||||
298 | QSslContext* QSslContext::fromConfiguration(QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) | - | ||||||||||||
299 | { | - | ||||||||||||
300 | QSslContext *sslContext = new QSslContext(); | - | ||||||||||||
301 | initSslContext(sslContext, mode, configuration, allowRootCertOnDemandLoading); | - | ||||||||||||
302 | return never executed: sslContext;return sslContext; never executed: return sslContext; | 0 | ||||||||||||
303 | } | - | ||||||||||||
304 | - | |||||||||||||
305 | QSharedPointer<QSslContext> QSslContext::sharedFromConfiguration(QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) | - | ||||||||||||
306 | { | - | ||||||||||||
307 | QSharedPointer<QSslContext> sslContext = QSharedPointer<QSslContext>::create(); | - | ||||||||||||
308 | initSslContext(sslContext.data(), mode, configuration, allowRootCertOnDemandLoading); | - | ||||||||||||
309 | return executed 458 times by 7 tests: sslContext;return sslContext; Executed by:
executed 458 times by 7 tests: return sslContext; Executed by:
| 458 | ||||||||||||
310 | } | - | ||||||||||||
311 | - | |||||||||||||
312 | - | |||||||||||||
313 | - | |||||||||||||
314 | static int next_proto_cb(SSL *, unsigned char **out, unsigned char *outlen, | - | ||||||||||||
315 | const unsigned char *in, unsigned int inlen, void *arg) | - | ||||||||||||
316 | { | - | ||||||||||||
317 | QSslContext::NPNContext *ctx = reinterpret_cast<QSslContext::NPNContext *>(arg); | - | ||||||||||||
318 | int proto = q_SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); | - | ||||||||||||
319 | switch (proto) { | - | ||||||||||||
320 | case never executed: 0:case 0: never executed: case 0: | 0 | ||||||||||||
321 | ctx->status = QSslConfiguration::NextProtocolNegotiationNone; | - | ||||||||||||
322 | break; never executed: break; | 0 | ||||||||||||
323 | case executed 7 times by 1 test: 1:case 1: Executed by:
executed 7 times by 1 test: case 1: Executed by:
| 7 | ||||||||||||
324 | ctx->status = QSslConfiguration::NextProtocolNegotiationNegotiated; | - | ||||||||||||
325 | break; executed 7 times by 1 test: break; Executed by:
| 7 | ||||||||||||
326 | case never executed: 2:case 2: never executed: case 2: | 0 | ||||||||||||
327 | ctx->status = QSslConfiguration::NextProtocolNegotiationUnsupported; | - | ||||||||||||
328 | break; never executed: break; | 0 | ||||||||||||
329 | default never executed: :default: never executed: default: | 0 | ||||||||||||
330 | for (bool qt_category_enabled = lcSsl().isWarningEnabled(); qt_category_enabled
never executed: QMessageLogger(__FILE__, 413, __PRETTY_FUNCTION__, lcSsl().categoryName()).warning("OpenSSL sent unknown NPN status"); | 0 | ||||||||||||
331 | } never executed: end of block | 0 | ||||||||||||
332 | - | |||||||||||||
333 | return executed 7 times by 1 test: 0;return 0; Executed by:
executed 7 times by 1 test: return 0; Executed by:
| 7 | ||||||||||||
334 | } | - | ||||||||||||
335 | - | |||||||||||||
336 | QSslContext::NPNContext QSslContext::npnContext() const | - | ||||||||||||
337 | { | - | ||||||||||||
338 | return executed 710 times by 7 tests: m_npnContext;return m_npnContext; Executed by:
executed 710 times by 7 tests: return m_npnContext; Executed by:
| 710 | ||||||||||||
339 | } | - | ||||||||||||
340 | - | |||||||||||||
341 | - | |||||||||||||
342 | - | |||||||||||||
343 | SSL* QSslContext::createSsl() | - | ||||||||||||
344 | { | - | ||||||||||||
345 | SSL* ssl = q_SSL_new(ctx); | - | ||||||||||||
346 | q_SSL_clear(ssl); | - | ||||||||||||
347 | - | |||||||||||||
348 | if (!session
| 1-461 | ||||||||||||
349 | && !sslConfiguration.testSslOption(QSsl::SslOptionDisableSessionPersistence)
| 0-1 | ||||||||||||
350 | const unsigned char *data = reinterpret_cast<const unsigned char *>(m_sessionASN1.constData()); | - | ||||||||||||
351 | session = q_d2i_SSL_SESSION(0, &data, m_sessionASN1.size()); | - | ||||||||||||
352 | } executed 1 time by 1 test: end of block Executed by:
| 1 | ||||||||||||
353 | - | |||||||||||||
354 | if (session
| 16-460 | ||||||||||||
355 | - | |||||||||||||
356 | if (!q_SSL_set_session(ssl, session)
| 0-16 | ||||||||||||
357 | for (bool qt_category_enabled = lcSsl().isWarningEnabled(); qt_category_enabled
never executed: QMessageLogger(__FILE__, 440, __PRETTY_FUNCTION__, lcSsl().categoryName()).warning("could not set SSL session"); | 0 | ||||||||||||
358 | q_SSL_SESSION_free(session); | - | ||||||||||||
359 | session = 0; | - | ||||||||||||
360 | } never executed: end of block | 0 | ||||||||||||
361 | } executed 16 times by 1 test: end of block Executed by:
| 16 | ||||||||||||
362 | - | |||||||||||||
363 | - | |||||||||||||
364 | QList<QByteArray> protocols = sslConfiguration.d->nextAllowedProtocols; | - | ||||||||||||
365 | if (!protocols.isEmpty()
| 7-469 | ||||||||||||
366 | m_supportedNPNVersions.clear(); | - | ||||||||||||
367 | for (int a = 0; a < protocols.count()
| 7-14 | ||||||||||||
368 | if (protocols.at(a).size() > 255
| 0-14 | ||||||||||||
369 | for (bool qt_category_enabled = lcSsl().isWarningEnabled(); qt_category_enabled
never executed: QMessageLogger(__FILE__, 452, __PRETTY_FUNCTION__, lcSsl().categoryName()).warning() << "TLS NPN extension" << protocols.at(a) << "is too long and will be truncated to 255 characters."; | 0 | ||||||||||||
370 | << "is too long and will be truncated to 255 characters."; never executed: QMessageLogger(__FILE__, 452, __PRETTY_FUNCTION__, lcSsl().categoryName()).warning() << "TLS NPN extension" << protocols.at(a) << "is too long and will be truncated to 255 characters."; | 0 | ||||||||||||
371 | protocols[a] = protocols.at(a).left(255); | - | ||||||||||||
372 | } never executed: end of block | 0 | ||||||||||||
373 | m_supportedNPNVersions.append(protocols.at(a).size()).append(protocols.at(a)); | - | ||||||||||||
374 | } executed 14 times by 1 test: end of block Executed by:
| 14 | ||||||||||||
375 | m_npnContext.data = reinterpret_cast<unsigned char *>(m_supportedNPNVersions.data()); | - | ||||||||||||
376 | m_npnContext.len = m_supportedNPNVersions.count(); | - | ||||||||||||
377 | m_npnContext.status = QSslConfiguration::NextProtocolNegotiationNone; | - | ||||||||||||
378 | q_SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &m_npnContext); | - | ||||||||||||
379 | } executed 7 times by 1 test: end of block Executed by:
| 7 | ||||||||||||
380 | - | |||||||||||||
381 | - | |||||||||||||
382 | return executed 476 times by 7 tests: ssl;return ssl; Executed by:
executed 476 times by 7 tests: return ssl; Executed by:
| 476 | ||||||||||||
383 | } | - | ||||||||||||
384 | - | |||||||||||||
385 | - | |||||||||||||
386 | bool QSslContext::cacheSession(SSL* ssl) | - | ||||||||||||
387 | { | - | ||||||||||||
388 | - | |||||||||||||
389 | if (session
| 0-333 | ||||||||||||
390 | return executed 16 times by 1 test: true;return true; Executed by:
executed 16 times by 1 test: return true; Executed by:
| 16 | ||||||||||||
391 | - | |||||||||||||
392 | - | |||||||||||||
393 | - | |||||||||||||
394 | if (session
| 0-333 | ||||||||||||
395 | q_SSL_SESSION_free(session); never executed: q_SSL_SESSION_free(session); | 0 | ||||||||||||
396 | - | |||||||||||||
397 | - | |||||||||||||
398 | session = q_SSL_get1_session(ssl); | - | ||||||||||||
399 | - | |||||||||||||
400 | if (session
| 0-333 | ||||||||||||
401 | int sessionSize = q_i2d_SSL_SESSION(session, 0); | - | ||||||||||||
402 | if (sessionSize > 0
| 0-1 | ||||||||||||
403 | m_sessionASN1.resize(sessionSize); | - | ||||||||||||
404 | unsigned char *data = reinterpret_cast<unsigned char *>(m_sessionASN1.data()); | - | ||||||||||||
405 | if (!q_i2d_SSL_SESSION(session, &data)
| 0-1 | ||||||||||||
406 | for (bool qt_category_enabled = lcSsl().isWarningEnabled(); qt_category_enabled
never executed: QMessageLogger(__FILE__, 489, __PRETTY_FUNCTION__, lcSsl().categoryName()).warning("could not store persistent version of SSL session"); | 0 | ||||||||||||
407 | m_sessionTicketLifeTimeHint = session->tlsext_tick_lifetime_hint; | - | ||||||||||||
408 | } executed 1 time by 1 test: end of block Executed by:
| 1 | ||||||||||||
409 | } executed 1 time by 1 test: end of block Executed by:
| 1 | ||||||||||||
410 | - | |||||||||||||
411 | return executed 333 times by 7 tests: (session != 0);return (session != 0); Executed by:
executed 333 times by 7 tests: return (session != 0); Executed by:
| 333 | ||||||||||||
412 | } | - | ||||||||||||
413 | - | |||||||||||||
414 | QByteArray QSslContext::sessionASN1() const | - | ||||||||||||
415 | { | - | ||||||||||||
416 | return executed 465 times by 7 tests: m_sessionASN1;return m_sessionASN1; Executed by:
executed 465 times by 7 tests: return m_sessionASN1; Executed by:
| 465 | ||||||||||||
417 | } | - | ||||||||||||
418 | - | |||||||||||||
419 | void QSslContext::setSessionASN1(const QByteArray &session) | - | ||||||||||||
420 | { | - | ||||||||||||
421 | m_sessionASN1 = session; | - | ||||||||||||
422 | } executed 1 time by 1 test: end of block Executed by:
| 1 | ||||||||||||
423 | - | |||||||||||||
424 | int QSslContext::sessionTicketLifeTimeHint() const | - | ||||||||||||
425 | { | - | ||||||||||||
426 | return executed 2 times by 1 test: m_sessionTicketLifeTimeHint;return m_sessionTicketLifeTimeHint; Executed by:
executed 2 times by 1 test: return m_sessionTicketLifeTimeHint; Executed by:
| 2 | ||||||||||||
427 | } | - | ||||||||||||
428 | - | |||||||||||||
429 | QSslError::SslError QSslContext::error() const | - | ||||||||||||
430 | { | - | ||||||||||||
431 | return executed 484 times by 7 tests: errorCode;return errorCode; Executed by:
executed 484 times by 7 tests: return errorCode; Executed by:
| 484 | ||||||||||||
432 | } | - | ||||||||||||
433 | - | |||||||||||||
434 | QString QSslContext::errorString() const | - | ||||||||||||
435 | { | - | ||||||||||||
436 | return executed 8 times by 2 tests: errorStr;return errorStr; Executed by:
executed 8 times by 2 tests: return errorStr; Executed by:
| 8 | ||||||||||||
437 | } | - | ||||||||||||
438 | - | |||||||||||||
439 | - | |||||||||||||
Switch to Source code | Preprocessed file |