qssl.cpp

Absolute File Name:/home/qt/qt5_coco/qt5/qtbase/src/network/ssl/qssl.cpp
Source codeSwitch to Preprocessed file
LineSourceCount
1/****************************************************************************-
2**-
3** Copyright (C) 2016 The Qt Company Ltd.-
4** Contact: https://www.qt.io/licensing/-
5**-
6** This file is part of the QtNetwork module of the Qt Toolkit.-
7**-
8** $QT_BEGIN_LICENSE:LGPL$-
9** Commercial License Usage-
10** Licensees holding valid commercial Qt licenses may use this file in-
11** accordance with the commercial license agreement provided with the-
12** Software or, alternatively, in accordance with the terms contained in-
13** a written agreement between you and The Qt Company. For licensing terms-
14** and conditions see https://www.qt.io/terms-conditions. For further-
15** information use the contact form at https://www.qt.io/contact-us.-
16**-
17** GNU Lesser General Public License Usage-
18** Alternatively, this file may be used under the terms of the GNU Lesser-
19** General Public License version 3 as published by the Free Software-
20** Foundation and appearing in the file LICENSE.LGPL3 included in the-
21** packaging of this file. Please review the following information to-
22** ensure the GNU Lesser General Public License version 3 requirements-
23** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.-
24**-
25** GNU General Public License Usage-
26** Alternatively, this file may be used under the terms of the GNU-
27** General Public License version 2.0 or (at your option) the GNU General-
28** Public license version 3 or any later version approved by the KDE Free-
29** Qt Foundation. The licenses are as published by the Free Software-
30** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3-
31** included in the packaging of this file. Please review the following-
32** information to ensure the GNU General Public License requirements will-
33** be met: https://www.gnu.org/licenses/gpl-2.0.html and-
34** https://www.gnu.org/licenses/gpl-3.0.html.-
35**-
36** $QT_END_LICENSE$-
37**-
38****************************************************************************/-
39-
40-
41#include "qsslkey.h"-
42#include "qssl_p.h"-
43-
44QT_BEGIN_NAMESPACE-
45-
46Q_LOGGING_CATEGORY(lcSsl, "qt.network.ssl");
executed 34 times by 2 tests: return category;
Executed by:
  • tst_qsslcertificate - unknown status
  • tst_qsslsocket - unknown status
34
47-
48/*! \namespace QSsl-
49-
50 \brief The QSsl namespace declares enums common to all SSL classes in Qt Network.-
51 \since 4.3-
52-
53 \ingroup network-
54 \ingroup ssl-
55 \inmodule QtNetwork-
56*/-
57-
58/*!-
59 \enum QSsl::KeyType-
60-
61 Describes the two types of keys QSslKey supports.-
62-
63 \value PrivateKey A private key.-
64 \value PublicKey A public key.-
65*/-
66-
67/*!-
68 \enum QSsl::KeyAlgorithm-
69-
70 Describes the different key algorithms supported by QSslKey.-
71-
72 \value Rsa The RSA algorithm.-
73 \value Dsa The DSA algorithm.-
74 \value Ec The Elliptic Curve algorithm-
75 \value Opaque A key that should be treated as a 'black box' by QSslKey.-
76-
77 The opaque key facility allows applications to add support for facilities-
78 such as PKCS#11 that Qt does not currently offer natively.-
79*/-
80-
81/*!-
82 \enum QSsl::EncodingFormat-
83-
84 Describes supported encoding formats for certificates and keys.-
85-
86 \value Pem The PEM format.-
87 \value Der The DER format.-
88*/-
89-
90/*!-
91 \enum QSsl::AlternativeNameEntryType-
92-
93 Describes the key types for alternative name entries in QSslCertificate.-
94-
95 \value EmailEntry An email entry; the entry contains an email address that-
96 the certificate is valid for.-
97-
98 \value DnsEntry A DNS host name entry; the entry contains a host name-
99 entry that the certificate is valid for. The entry may contain wildcards.-
100-
101 \note In Qt 4, this enum was called \c {AlternateNameEntryType}. That name-
102 is deprecated in Qt 5.-
103-
104 \sa QSslCertificate::subjectAlternativeNames()-
105*/-
106-
107/*!-
108 \typedef QSsl::AlternateNameEntryType-
109 \obsolete-
110-
111 Use QSsl::AlternativeNameEntryType instead.-
112*/-
113-
114/*!-
115 \enum QSsl::SslProtocol-
116-
117 Describes the protocol of the cipher.-
118-
119 \value SslV3 SSLv3-
120 \value SslV2 SSLv2-
121 \value TlsV1_0 TLSv1.0-
122 \value TlsV1_0OrLater TLSv1.0 and later versions. This option is not available when using the WinRT backend due to platform limitations.-
123 \value TlsV1 Obsolete, means the same as TlsV1_0-
124 \value TlsV1_1 TLSv1.1-
125 \value TlsV1_1OrLater TLSv1.1 and later versions. This option is not available when using the WinRT backend due to platform limitations.-
126 \value TlsV1_2 TLSv1.2-
127 \value TlsV1_2OrLater TLSv1.2 and later versions. This option is not available when using the WinRT backend due to platform limitations.-
128 \value UnknownProtocol The cipher's protocol cannot be determined.-
129 \value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1.0. This-
130 value is used by QSslSocket only.-
131 \value TlsV1SslV3 On the client side, this will send-
132 a TLS 1.0 Client Hello, enabling TLSv1_0 and SSLv3 connections.-
133 On the server side, this will enable both SSLv3 and TLSv1_0 connections.-
134 \value SecureProtocols The default option, using protocols known to be secure;-
135 currently behaves similar to TlsV1Ssl3 except denying SSLv3 connections that does-
136 not upgrade to TLS.-
137-
138 \note most servers understand both SSL and TLS, but it is recommended to use-
139 TLS only for security reasons. However, SSL and TLS are not compatible with-
140 each other: if you get unexpected handshake failures, verify that you chose-
141 the correct setting for your protocol.-
142*/-
143-
144/*!-
145 \enum QSsl::SslOption-
146-
147 Describes the options that can be used to control the details of-
148 SSL behaviour. These options are generally used to turn features off-
149 to work around buggy servers.-
150-
151 \value SslOptionDisableEmptyFragments Disables the insertion of empty-
152 fragments into the data when using block ciphers. When enabled, this-
153 prevents some attacks (such as the BEAST attack), however it is-
154 incompatible with some servers.-
155 \value SslOptionDisableSessionTickets Disables the SSL session ticket-
156 extension. This can cause slower connection setup, however some servers-
157 are not compatible with the extension.-
158 \value SslOptionDisableCompression Disables the SSL compression-
159 extension. When enabled, this allows the data being passed over SSL to-
160 be compressed, however some servers are not compatible with this-
161 extension.-
162 \value SslOptionDisableServerNameIndication Disables the SSL server-
163 name indication extension. When enabled, this tells the server the virtual-
164 host being accessed allowing it to respond with the correct certificate.-
165 \value SslOptionDisableLegacyRenegotiation Disables the older insecure-
166 mechanism for renegotiating the connection parameters. When enabled, this-
167 option can allow connections for legacy servers, but it introduces the-
168 possibility that an attacker could inject plaintext into the SSL session.-
169 \value SslOptionDisableSessionSharing Disables SSL session sharing via-
170 the session ID handshake attribute.-
171 \value SslOptionDisableSessionPersistence Disables storing the SSL session-
172 in ASN.1 format as returned by QSslConfiguration::sessionTicket(). Enabling-
173 this feature adds memory overhead of approximately 1K per used session-
174 ticket.-
175 \value SslOptionDisableServerCipherPreference Disables selecting the cipher-
176 chosen based on the servers preferences rather than the order ciphers were-
177 sent by the client. This option is only relevant to server sockets, and is-
178 only honored by the OpenSSL backend.-
179-
180 By default, SslOptionDisableEmptyFragments is turned on since this causes-
181 problems with a large number of servers. SslOptionDisableLegacyRenegotiation-
182 is also turned on, since it introduces a security risk.-
183 SslOptionDisableCompression is turned on to prevent the attack publicised by-
184 CRIME.-
185 SslOptionDisableSessionPersistence is turned on to optimize memory usage.-
186 The other options are turned off.-
187-
188 \note Availability of above options depends on the version of the SSL-
189 backend in use.-
190*/-
191-
192-
193QT_END_NAMESPACE-
Source codeSwitch to Preprocessed file

Generated by Squish Coco Non-Commercial 4.3.0-BETA-master-30-08-2018-4cb69e9