Absolute File Name: | /home/qt/qt5_coco/qt5/qtbase/src/network/ssl/qssl.cpp |
Source code | Switch to Preprocessed file |
Line | Source | Count |
---|---|---|
1 | /**************************************************************************** | - |
2 | ** | - |
3 | ** Copyright (C) 2016 The Qt Company Ltd. | - |
4 | ** Contact: https://www.qt.io/licensing/ | - |
5 | ** | - |
6 | ** This file is part of the QtNetwork module of the Qt Toolkit. | - |
7 | ** | - |
8 | ** $QT_BEGIN_LICENSE:LGPL$ | - |
9 | ** Commercial License Usage | - |
10 | ** Licensees holding valid commercial Qt licenses may use this file in | - |
11 | ** accordance with the commercial license agreement provided with the | - |
12 | ** Software or, alternatively, in accordance with the terms contained in | - |
13 | ** a written agreement between you and The Qt Company. For licensing terms | - |
14 | ** and conditions see https://www.qt.io/terms-conditions. For further | - |
15 | ** information use the contact form at https://www.qt.io/contact-us. | - |
16 | ** | - |
17 | ** GNU Lesser General Public License Usage | - |
18 | ** Alternatively, this file may be used under the terms of the GNU Lesser | - |
19 | ** General Public License version 3 as published by the Free Software | - |
20 | ** Foundation and appearing in the file LICENSE.LGPL3 included in the | - |
21 | ** packaging of this file. Please review the following information to | - |
22 | ** ensure the GNU Lesser General Public License version 3 requirements | - |
23 | ** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. | - |
24 | ** | - |
25 | ** GNU General Public License Usage | - |
26 | ** Alternatively, this file may be used under the terms of the GNU | - |
27 | ** General Public License version 2.0 or (at your option) the GNU General | - |
28 | ** Public license version 3 or any later version approved by the KDE Free | - |
29 | ** Qt Foundation. The licenses are as published by the Free Software | - |
30 | ** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 | - |
31 | ** included in the packaging of this file. Please review the following | - |
32 | ** information to ensure the GNU General Public License requirements will | - |
33 | ** be met: https://www.gnu.org/licenses/gpl-2.0.html and | - |
34 | ** https://www.gnu.org/licenses/gpl-3.0.html. | - |
35 | ** | - |
36 | ** $QT_END_LICENSE$ | - |
37 | ** | - |
38 | ****************************************************************************/ | - |
39 | - | |
40 | - | |
41 | #include "qsslkey.h" | - |
42 | #include "qssl_p.h" | - |
43 | - | |
44 | QT_BEGIN_NAMESPACE | - |
45 | - | |
46 | Q_LOGGING_CATEGORY(lcSsl, "qt.network.ssl"); executed 34 times by 2 tests: return category; Executed by:
| 34 |
47 | - | |
48 | /*! \namespace QSsl | - |
49 | - | |
50 | \brief The QSsl namespace declares enums common to all SSL classes in Qt Network. | - |
51 | \since 4.3 | - |
52 | - | |
53 | \ingroup network | - |
54 | \ingroup ssl | - |
55 | \inmodule QtNetwork | - |
56 | */ | - |
57 | - | |
58 | /*! | - |
59 | \enum QSsl::KeyType | - |
60 | - | |
61 | Describes the two types of keys QSslKey supports. | - |
62 | - | |
63 | \value PrivateKey A private key. | - |
64 | \value PublicKey A public key. | - |
65 | */ | - |
66 | - | |
67 | /*! | - |
68 | \enum QSsl::KeyAlgorithm | - |
69 | - | |
70 | Describes the different key algorithms supported by QSslKey. | - |
71 | - | |
72 | \value Rsa The RSA algorithm. | - |
73 | \value Dsa The DSA algorithm. | - |
74 | \value Ec The Elliptic Curve algorithm | - |
75 | \value Opaque A key that should be treated as a 'black box' by QSslKey. | - |
76 | - | |
77 | The opaque key facility allows applications to add support for facilities | - |
78 | such as PKCS#11 that Qt does not currently offer natively. | - |
79 | */ | - |
80 | - | |
81 | /*! | - |
82 | \enum QSsl::EncodingFormat | - |
83 | - | |
84 | Describes supported encoding formats for certificates and keys. | - |
85 | - | |
86 | \value Pem The PEM format. | - |
87 | \value Der The DER format. | - |
88 | */ | - |
89 | - | |
90 | /*! | - |
91 | \enum QSsl::AlternativeNameEntryType | - |
92 | - | |
93 | Describes the key types for alternative name entries in QSslCertificate. | - |
94 | - | |
95 | \value EmailEntry An email entry; the entry contains an email address that | - |
96 | the certificate is valid for. | - |
97 | - | |
98 | \value DnsEntry A DNS host name entry; the entry contains a host name | - |
99 | entry that the certificate is valid for. The entry may contain wildcards. | - |
100 | - | |
101 | \note In Qt 4, this enum was called \c {AlternateNameEntryType}. That name | - |
102 | is deprecated in Qt 5. | - |
103 | - | |
104 | \sa QSslCertificate::subjectAlternativeNames() | - |
105 | */ | - |
106 | - | |
107 | /*! | - |
108 | \typedef QSsl::AlternateNameEntryType | - |
109 | \obsolete | - |
110 | - | |
111 | Use QSsl::AlternativeNameEntryType instead. | - |
112 | */ | - |
113 | - | |
114 | /*! | - |
115 | \enum QSsl::SslProtocol | - |
116 | - | |
117 | Describes the protocol of the cipher. | - |
118 | - | |
119 | \value SslV3 SSLv3 | - |
120 | \value SslV2 SSLv2 | - |
121 | \value TlsV1_0 TLSv1.0 | - |
122 | \value TlsV1_0OrLater TLSv1.0 and later versions. This option is not available when using the WinRT backend due to platform limitations. | - |
123 | \value TlsV1 Obsolete, means the same as TlsV1_0 | - |
124 | \value TlsV1_1 TLSv1.1 | - |
125 | \value TlsV1_1OrLater TLSv1.1 and later versions. This option is not available when using the WinRT backend due to platform limitations. | - |
126 | \value TlsV1_2 TLSv1.2 | - |
127 | \value TlsV1_2OrLater TLSv1.2 and later versions. This option is not available when using the WinRT backend due to platform limitations. | - |
128 | \value UnknownProtocol The cipher's protocol cannot be determined. | - |
129 | \value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1.0. This | - |
130 | value is used by QSslSocket only. | - |
131 | \value TlsV1SslV3 On the client side, this will send | - |
132 | a TLS 1.0 Client Hello, enabling TLSv1_0 and SSLv3 connections. | - |
133 | On the server side, this will enable both SSLv3 and TLSv1_0 connections. | - |
134 | \value SecureProtocols The default option, using protocols known to be secure; | - |
135 | currently behaves similar to TlsV1Ssl3 except denying SSLv3 connections that does | - |
136 | not upgrade to TLS. | - |
137 | - | |
138 | \note most servers understand both SSL and TLS, but it is recommended to use | - |
139 | TLS only for security reasons. However, SSL and TLS are not compatible with | - |
140 | each other: if you get unexpected handshake failures, verify that you chose | - |
141 | the correct setting for your protocol. | - |
142 | */ | - |
143 | - | |
144 | /*! | - |
145 | \enum QSsl::SslOption | - |
146 | - | |
147 | Describes the options that can be used to control the details of | - |
148 | SSL behaviour. These options are generally used to turn features off | - |
149 | to work around buggy servers. | - |
150 | - | |
151 | \value SslOptionDisableEmptyFragments Disables the insertion of empty | - |
152 | fragments into the data when using block ciphers. When enabled, this | - |
153 | prevents some attacks (such as the BEAST attack), however it is | - |
154 | incompatible with some servers. | - |
155 | \value SslOptionDisableSessionTickets Disables the SSL session ticket | - |
156 | extension. This can cause slower connection setup, however some servers | - |
157 | are not compatible with the extension. | - |
158 | \value SslOptionDisableCompression Disables the SSL compression | - |
159 | extension. When enabled, this allows the data being passed over SSL to | - |
160 | be compressed, however some servers are not compatible with this | - |
161 | extension. | - |
162 | \value SslOptionDisableServerNameIndication Disables the SSL server | - |
163 | name indication extension. When enabled, this tells the server the virtual | - |
164 | host being accessed allowing it to respond with the correct certificate. | - |
165 | \value SslOptionDisableLegacyRenegotiation Disables the older insecure | - |
166 | mechanism for renegotiating the connection parameters. When enabled, this | - |
167 | option can allow connections for legacy servers, but it introduces the | - |
168 | possibility that an attacker could inject plaintext into the SSL session. | - |
169 | \value SslOptionDisableSessionSharing Disables SSL session sharing via | - |
170 | the session ID handshake attribute. | - |
171 | \value SslOptionDisableSessionPersistence Disables storing the SSL session | - |
172 | in ASN.1 format as returned by QSslConfiguration::sessionTicket(). Enabling | - |
173 | this feature adds memory overhead of approximately 1K per used session | - |
174 | ticket. | - |
175 | \value SslOptionDisableServerCipherPreference Disables selecting the cipher | - |
176 | chosen based on the servers preferences rather than the order ciphers were | - |
177 | sent by the client. This option is only relevant to server sockets, and is | - |
178 | only honored by the OpenSSL backend. | - |
179 | - | |
180 | By default, SslOptionDisableEmptyFragments is turned on since this causes | - |
181 | problems with a large number of servers. SslOptionDisableLegacyRenegotiation | - |
182 | is also turned on, since it introduces a security risk. | - |
183 | SslOptionDisableCompression is turned on to prevent the attack publicised by | - |
184 | CRIME. | - |
185 | SslOptionDisableSessionPersistence is turned on to optimize memory usage. | - |
186 | The other options are turned off. | - |
187 | - | |
188 | \note Availability of above options depends on the version of the SSL | - |
189 | backend in use. | - |
190 | */ | - |
191 | - | |
192 | - | |
193 | QT_END_NAMESPACE | - |
Source code | Switch to Preprocessed file |