Line | Source Code | Coverage |
---|
1 | /**************************************************************************** | - |
| ** | |
| ** Copyright (C) 2012 Digia Plc and/or its subsidiary(-ies). | |
| ** Contact: http://www.qt-project.org/legal | |
| ** | |
| ** This file is part of the QtNetwork module of the Qt Toolkit. | |
| ** | |
| ** $QT_BEGIN_LICENSE:LGPL$ | |
| ** Commercial License Usage | |
| ** Licensees holding valid commercial Qt licenses may use this file in | |
| ** accordance with the commercial license agreement provided with the | |
| ** Software or, alternatively, in accordance with the terms contained in | |
| ** a written agreement between you and Digia. For licensing terms and | |
| ** conditions see http://qt.digia.com/licensing. For further information | |
| ** use the contact form at http://qt.digia.com/contact-us. | |
| ** | |
| ** GNU Lesser General Public License Usage | |
| ** Alternatively, this file may be used under the terms of the GNU Lesser | |
| ** General Public License version 2.1 as published by the Free Software | |
| ** Foundation and appearing in the file LICENSE.LGPL included in the | |
| ** packaging of this file. Please review the following information to | |
| ** ensure the GNU Lesser General Public License version 2.1 requirements | |
| ** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. | |
| ** | |
| ** In addition, as a special exception, Digia gives you certain additional | |
| ** rights. These rights are described in the Digia Qt LGPL Exception | |
| ** version 1.1, included in the file LGPL_EXCEPTION.txt in this package. | |
| ** | |
| ** GNU General Public License Usage | |
| ** Alternatively, this file may be used under the terms of the GNU | |
| ** General Public License version 3.0 as published by the Free Software | |
| ** Foundation and appearing in the file LICENSE.GPL included in the | |
| ** packaging of this file. Please review the following information to | |
| ** ensure the GNU General Public License version 3.0 requirements will be | |
| ** met: http://www.gnu.org/copyleft/gpl.html. | |
| ** | |
| ** | |
| ** $QT_END_LICENSE$ | |
| ** | |
| ****************************************************************************/**************************************************************************** | |
2 | ** | - |
3 | ** Copyright (C) 2013 Digia Plc and/or its subsidiary(-ies). | - |
4 | ** Contact: http://www.qt-project.org/legal | - |
5 | ** | - |
6 | ** This file is part of the QtNetwork module of the Qt Toolkit. | - |
7 | ** | - |
8 | ** $QT_BEGIN_LICENSE:LGPL$ | - |
9 | ** Commercial License Usage | - |
10 | ** Licensees holding valid commercial Qt licenses may use this file in | - |
11 | ** accordance with the commercial license agreement provided with the | - |
12 | ** Software or, alternatively, in accordance with the terms contained in | - |
13 | ** a written agreement between you and Digia. For licensing terms and | - |
14 | ** conditions see http://qt.digia.com/licensing. For further information | - |
15 | ** use the contact form at http://qt.digia.com/contact-us. | - |
16 | ** | - |
17 | ** GNU Lesser General Public License Usage | - |
18 | ** Alternatively, this file may be used under the terms of the GNU Lesser | - |
19 | ** General Public License version 2.1 as published by the Free Software | - |
20 | ** Foundation and appearing in the file LICENSE.LGPL included in the | - |
21 | ** packaging of this file. Please review the following information to | - |
22 | ** ensure the GNU Lesser General Public License version 2.1 requirements | - |
23 | ** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. | - |
24 | ** | - |
25 | ** In addition, as a special exception, Digia gives you certain additional | - |
26 | ** rights. These rights are described in the Digia Qt LGPL Exception | - |
27 | ** version 1.1, included in the file LGPL_EXCEPTION.txt in this package. | - |
28 | ** | - |
29 | ** GNU General Public License Usage | - |
30 | ** Alternatively, this file may be used under the terms of the GNU | - |
31 | ** General Public License version 3.0 as published by the Free Software | - |
32 | ** Foundation and appearing in the file LICENSE.GPL included in the | - |
33 | ** packaging of this file. Please review the following information to | - |
34 | ** ensure the GNU General Public License version 3.0 requirements will be | - |
35 | ** met: http://www.gnu.org/copyleft/gpl.html. | - |
36 | ** | - |
37 | ** | - |
38 | ** $QT_END_LICENSE$ | - |
39 | ** | - |
40 | ****************************************************************************/ | - |
41 | | - |
42 | #include "qsslconfiguration.h" | - |
43 | #include "qsslconfiguration_p.h" | - |
44 | #include "qsslsocket.h" | - |
45 | #include "qmutex.h" | - |
46 | #include "qdebug.h" | - |
47 | | - |
48 | QT_BEGIN_NAMESPACE | - |
49 | | - |
50 | const QSsl::SslOptions QSslConfigurationPrivate::defaultSslOptions = QSsl::SslOptionDisableEmptyFragments | - |
51 | |QSsl::SslOptionDisableLegacyRenegotiation | - |
52 | |QSsl::SslOptionDisableCompression; | - |
53 | | - |
54 | /*! | - |
55 | \class QSslConfiguration | - |
56 | \brief The QSslConfiguration class holds the configuration and state of an SSL connection | - |
57 | \since 4.4 | - |
58 | | - |
59 | \reentrant | - |
60 | \inmodule QtNetwork | - |
61 | \ingroup network | - |
62 | \ingroup ssl | - |
63 | \ingroup shared | - |
64 | | - |
65 | QSslConfiguration is used by Qt networking classes to relay | - |
66 | information about an open SSL connection and to allow the | - |
67 | application to control certain features of that connection. | - |
68 | | - |
69 | The settings that QSslConfiguration currently supports are: | - |
70 | | - |
71 | \list | - |
72 | \li The SSL/TLS protocol to be used | - |
73 | \li The certificate to be presented to the peer during connection | - |
74 | and its associated private key | - |
75 | \li The ciphers allowed to be used for encrypting the connection | - |
76 | \li The list of Certificate Authorities certificates that are | - |
77 | used to validate the peer's certificate | - |
78 | \endlist | - |
79 | | - |
80 | These settings are applied only during the connection | - |
81 | handshake. Setting them after the connection has been established | - |
82 | has no effect. | - |
83 | | - |
84 | The state that QSslConfiguration supports are: | - |
85 | \list | - |
86 | \li The certificate the peer presented during handshake, along | - |
87 | with the chain leading to a CA certificate | - |
88 | \li The cipher used to encrypt this session | - |
89 | \endlist | - |
90 | | - |
91 | The state can only be obtained once the SSL connection starts, but | - |
92 | not necessarily before it's done. Some settings may change during | - |
93 | the course of the SSL connection without need to restart it (for | - |
94 | instance, the cipher can be changed over time). | - |
95 | | - |
96 | State in QSslConfiguration objects cannot be changed. | - |
97 | | - |
98 | QSslConfiguration can be used with QSslSocket and the Network | - |
99 | Access API. | - |
100 | | - |
101 | Note that changing settings in QSslConfiguration is not enough to | - |
102 | change the settings in the related SSL connection. You must call | - |
103 | setSslConfiguration on a modified QSslConfiguration object to | - |
104 | achieve that. The following example illustrates how to change the | - |
105 | protocol to TLSv1_0 in a QSslSocket object: | - |
106 | | - |
107 | \snippet code/src_network_ssl_qsslconfiguration.cpp 0 | - |
108 | | - |
109 | \sa QSsl::SslProtocol, QSslCertificate, QSslCipher, QSslKey, | - |
110 | QSslSocket, QNetworkAccessManager, | - |
111 | QSslSocket::sslConfiguration(), QSslSocket::setSslConfiguration() | - |
112 | */ | - |
113 | | - |
114 | /*! | - |
115 | Constructs an empty SSL configuration. This configuration contains | - |
116 | no valid settings and the state will be empty. isNull() will | - |
117 | return true after this constructor is called. | - |
118 | | - |
119 | Once any setter methods are called, isNull() will return false. | - |
120 | */ | - |
121 | QSslConfiguration::QSslConfiguration() | - |
122 | : d(new QSslConfigurationPrivate) | - |
123 | { | - |
124 | } | - |
125 | | - |
126 | /*! | - |
127 | Copies the configuration and state of \a other. If \a other is | - |
128 | null, this object will be null too. | - |
129 | */ | - |
130 | QSslConfiguration::QSslConfiguration(const QSslConfiguration &other) | - |
131 | : d(other.d) | - |
132 | { | - |
133 | } | - |
134 | | - |
135 | /*! | - |
136 | Releases any resources held by QSslConfiguration. | - |
137 | */ | - |
138 | QSslConfiguration::~QSslConfiguration() | - |
139 | { | - |
140 | // QSharedDataPointer deletes d for us if necessary | - |
141 | } | - |
142 | | - |
143 | /*! | - |
144 | Copies the configuration and state of \a other. If \a other is | - |
145 | null, this object will be null too. | - |
146 | */ | - |
147 | QSslConfiguration &QSslConfiguration::operator=(const QSslConfiguration &other) | - |
148 | { | - |
149 | d = other.d; | - |
150 | return *this; | - |
151 | } | - |
152 | | - |
153 | /*! | - |
154 | \fn void QSslConfiguration::swap(QSslConfiguration &other) | - |
155 | \since 5.0 | - |
156 | | - |
157 | Swaps this SSL configuration instance with \a other. This function | - |
158 | is very fast and never fails. | - |
159 | */ | - |
160 | | - |
161 | /*! | - |
162 | Returns true if this QSslConfiguration object is equal to \a | - |
163 | other. | - |
164 | | - |
165 | Two QSslConfiguration objects are considered equal if they have | - |
166 | the exact same settings and state. | - |
167 | | - |
168 | \sa operator!=() | - |
169 | */ | - |
170 | bool QSslConfiguration::operator==(const QSslConfiguration &other) const | - |
171 | { | - |
172 | if (d == other.d) evaluated: d == other.d yes Evaluation Count:29 | yes Evaluation Count:43 |
| 29-43 |
173 | return true; executed: return true; Execution Count:29 | 29 |
174 | return d->peerCertificate == other.d->peerCertificate && executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions; Execution Count:43 | 43 |
175 | d->peerCertificateChain == other.d->peerCertificateChain && executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions; Execution Count:43 | 43 |
176 | d->localCertificate == other.d->localCertificate && executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions; Execution Count:43 | 43 |
177 | d->privateKey == other.d->privateKey && executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions; Execution Count:43 | 43 |
178 | d->sessionCipher == other.d->sessionCipher && executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions; Execution Count:43 | 43 |
179 | d->ciphers == other.d->ciphers && executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions; Execution Count:43 | 43 |
180 | d->caCertificates == other.d->caCertificates && executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions; Execution Count:43 | 43 |
181 | d->protocol == other.d->protocol && executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions; Execution Count:43 | 43 |
182 | d->peerVerifyMode == other.d->peerVerifyMode && executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions; Execution Count:43 | 43 |
183 | d->peerVerifyDepth == other.d->peerVerifyDepth && executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions; Execution Count:43 | 43 |
184 | d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions; Execution Count:43 | 43 |
185 | d->sslOptions == other.d->sslOptions; executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions; Execution Count:43 | 43 |
186 | } | - |
187 | | - |
188 | /*! | - |
189 | \fn QSslConfiguration::operator!=(const QSslConfiguration &other) const | - |
190 | | - |
191 | Returns true if this QSslConfiguration differs from \a other. Two | - |
192 | QSslConfiguration objects are considered different if any state or | - |
193 | setting is different. | - |
194 | | - |
195 | \sa operator==() | - |
196 | */ | - |
197 | | - |
198 | /*! | - |
199 | Returns true if this is a null QSslConfiguration object. | - |
200 | | - |
201 | A QSslConfiguration object is null if it has been | - |
202 | default-constructed and no setter methods have been called. | - |
203 | | - |
204 | \sa setProtocol(), setLocalCertificate(), setPrivateKey(), | - |
205 | setCiphers(), setCaCertificates() | - |
206 | */ | - |
207 | bool QSslConfiguration::isNull() const | - |
208 | { | - |
209 | return (d->protocol == QSsl::SecureProtocols && executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions); Execution Count:178 | 178 |
210 | d->peerVerifyMode == QSslSocket::AutoVerifyPeer && executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions); Execution Count:178 | 178 |
211 | d->peerVerifyDepth == 0 && executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions); Execution Count:178 | 178 |
212 | d->allowRootCertOnDemandLoading == true && executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions); Execution Count:178 | 178 |
213 | d->caCertificates.count() == 0 && executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions); Execution Count:178 | 178 |
214 | d->ciphers.count() == 0 && executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions); Execution Count:178 | 178 |
215 | d->localCertificate.isNull() && executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions); Execution Count:178 | 178 |
216 | d->privateKey.isNull() && executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions); Execution Count:178 | 178 |
217 | d->peerCertificate.isNull() && executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions); Execution Count:178 | 178 |
218 | d->peerCertificateChain.count() == 0 && executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions); Execution Count:178 | 178 |
219 | d->sslOptions == QSslConfigurationPrivate::defaultSslOptions); executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions); Execution Count:178 | 178 |
220 | } | - |
221 | | - |
222 | /*! | - |
223 | Returns the protocol setting for this SSL configuration. | - |
224 | | - |
225 | \sa setProtocol() | - |
226 | */ | - |
227 | QSsl::SslProtocol QSslConfiguration::protocol() const | - |
228 | { | - |
229 | return d->protocol; | - |
230 | } | - |
231 | | - |
232 | /*! | - |
233 | Sets the protocol setting for this configuration to be \a | - |
234 | protocol. | - |
235 | | - |
236 | Setting the protocol once the connection has already been | - |
237 | established has no effect. | - |
238 | | - |
239 | \sa protocol() | - |
240 | */ | - |
241 | void QSslConfiguration::setProtocol(QSsl::SslProtocol protocol) | - |
242 | { | - |
243 | d->protocol = protocol; | - |
244 | } | - |
245 | | - |
246 | /*! | - |
247 | Returns the verify mode. This mode decides whether QSslSocket should | - |
248 | request a certificate from the peer (i.e., the client requests a | - |
249 | certificate from the server, or a server requesting a certificate from the | - |
250 | client), and whether it should require that this certificate is valid. | - |
251 | | - |
252 | The default mode is AutoVerifyPeer, which tells QSslSocket to use | - |
253 | VerifyPeer for clients, QueryPeer for servers. | - |
254 | | - |
255 | \sa setPeerVerifyMode() | - |
256 | */ | - |
257 | QSslSocket::PeerVerifyMode QSslConfiguration::peerVerifyMode() const | - |
258 | { | - |
259 | return d->peerVerifyMode; | - |
260 | } | - |
261 | | - |
262 | /*! | - |
263 | Sets the verify mode to \a mode. This mode decides whether QSslSocket | - |
264 | should request a certificate from the peer (i.e., the client requests a | - |
265 | certificate from the server, or a server requesting a certificate from the | - |
266 | client), and whether it should require that this certificate is valid. | - |
267 | | - |
268 | The default mode is AutoVerifyPeer, which tells QSslSocket to use | - |
269 | VerifyPeer for clients, QueryPeer for servers. | - |
270 | | - |
271 | \sa peerVerifyMode() | - |
272 | */ | - |
273 | void QSslConfiguration::setPeerVerifyMode(QSslSocket::PeerVerifyMode mode) | - |
274 | { | - |
275 | d->peerVerifyMode = mode; | - |
276 | } | - |
277 | | - |
278 | | - |
279 | /*! | - |
280 | Returns the maximum number of certificates in the peer's certificate chain | - |
281 | to be checked during the SSL handshake phase, or 0 (the default) if no | - |
282 | maximum depth has been set, indicating that the whole certificate chain | - |
283 | should be checked. | - |
284 | | - |
285 | The certificates are checked in issuing order, starting with the peer's | - |
286 | own certificate, then its issuer's certificate, and so on. | - |
287 | | - |
288 | \sa setPeerVerifyDepth(), peerVerifyMode() | - |
289 | */ | - |
290 | int QSslConfiguration::peerVerifyDepth() const | - |
291 | { | - |
292 | return d->peerVerifyDepth; | - |
293 | } | - |
294 | | - |
295 | /*! | - |
296 | Sets the maximum number of certificates in the peer's certificate chain to | - |
297 | be checked during the SSL handshake phase, to \a depth. Setting a depth of | - |
298 | 0 means that no maximum depth is set, indicating that the whole | - |
299 | certificate chain should be checked. | - |
300 | | - |
301 | The certificates are checked in issuing order, starting with the peer's | - |
302 | own certificate, then its issuer's certificate, and so on. | - |
303 | | - |
304 | \sa peerVerifyDepth(), setPeerVerifyMode() | - |
305 | */ | - |
306 | void QSslConfiguration::setPeerVerifyDepth(int depth) | - |
307 | { | - |
308 | if (depth < 0) { | - |
309 | qWarning("QSslConfiguration::setPeerVerifyDepth: cannot set negative depth of %d", depth); | - |
310 | return; | - |
311 | } | - |
312 | d->peerVerifyDepth = depth; | - |
313 | } | - |
314 | | - |
315 | /*! | - |
316 | Returns the certificate to be presented to the peer during the SSL | - |
317 | handshake process. | - |
318 | | - |
319 | \sa setLocalCertificate() | - |
320 | */ | - |
321 | QSslCertificate QSslConfiguration::localCertificate() const | - |
322 | { | - |
323 | return d->localCertificate; | - |
324 | } | - |
325 | | - |
326 | /*! | - |
327 | Sets the certificate to be presented to the peer during SSL | - |
328 | handshake to be \a certificate. | - |
329 | | - |
330 | Setting the certificate once the connection has been established | - |
331 | has no effect. | - |
332 | | - |
333 | A certificate is the means of identification used in the SSL | - |
334 | process. The local certificate is used by the remote end to verify | - |
335 | the local user's identity against its list of Certification | - |
336 | Authorities. In most cases, such as in HTTP web browsing, only | - |
337 | servers identify to the clients, so the client does not send a | - |
338 | certificate. | - |
339 | | - |
340 | \sa localCertificate() | - |
341 | */ | - |
342 | void QSslConfiguration::setLocalCertificate(const QSslCertificate &certificate) | - |
343 | { | - |
344 | d->localCertificate = certificate; | - |
345 | } | - |
346 | | - |
347 | /*! | - |
348 | Returns the peer's digital certificate (i.e., the immediate | - |
349 | certificate of the host you are connected to), or a null | - |
350 | certificate, if the peer has not assigned a certificate. | - |
351 | | - |
352 | The peer certificate is checked automatically during the | - |
353 | handshake phase, so this function is normally used to fetch | - |
354 | the certificate for display or for connection diagnostic | - |
355 | purposes. It contains information about the peer, including | - |
356 | its host name, the certificate issuer, and the peer's public | - |
357 | key. | - |
358 | | - |
359 | Because the peer certificate is set during the handshake phase, it | - |
360 | is safe to access the peer certificate from a slot connected to | - |
361 | the QSslSocket::sslErrors() signal, QNetworkReply::sslErrors() | - |
362 | signal, or the QSslSocket::encrypted() signal. | - |
363 | | - |
364 | If a null certificate is returned, it can mean the SSL handshake | - |
365 | failed, or it can mean the host you are connected to doesn't have | - |
366 | a certificate, or it can mean there is no connection. | - |
367 | | - |
368 | If you want to check the peer's complete chain of certificates, | - |
369 | use peerCertificateChain() to get them all at once. | - |
370 | | - |
371 | \sa peerCertificateChain(), | - |
372 | QSslSocket::sslErrors(), QSslSocket::ignoreSslErrors(), | - |
373 | QNetworkReply::sslErrors(), QNetworkReply::ignoreSslErrors() | - |
374 | */ | - |
375 | QSslCertificate QSslConfiguration::peerCertificate() const | - |
376 | { | - |
377 | return d->peerCertificate; | - |
378 | } | - |
379 | | - |
380 | /*! | - |
381 | Returns the peer's chain of digital certificates, starting with | - |
382 | the peer's immediate certificate and ending with the CA's | - |
383 | certificate. | - |
384 | | - |
385 | Peer certificates are checked automatically during the handshake | - |
386 | phase. This function is normally used to fetch certificates for | - |
387 | display, or for performing connection diagnostics. Certificates | - |
388 | contain information about the peer and the certificate issuers, | - |
389 | including host name, issuer names, and issuer public keys. | - |
390 | | - |
391 | Because the peer certificate is set during the handshake phase, it | - |
392 | is safe to access the peer certificate from a slot connected to | - |
393 | the QSslSocket::sslErrors() signal, QNetworkReply::sslErrors() | - |
394 | signal, or the QSslSocket::encrypted() signal. | - |
395 | | - |
396 | If an empty list is returned, it can mean the SSL handshake | - |
397 | failed, or it can mean the host you are connected to doesn't have | - |
398 | a certificate, or it can mean there is no connection. | - |
399 | | - |
400 | If you want to get only the peer's immediate certificate, use | - |
401 | peerCertificate(). | - |
402 | | - |
403 | \sa peerCertificate(), | - |
404 | QSslSocket::sslErrors(), QSslSocket::ignoreSslErrors(), | - |
405 | QNetworkReply::sslErrors(), QNetworkReply::ignoreSslErrors() | - |
406 | */ | - |
407 | QList<QSslCertificate> QSslConfiguration::peerCertificateChain() const | - |
408 | { | - |
409 | return d->peerCertificateChain; | - |
410 | } | - |
411 | | - |
412 | /*! | - |
413 | Returns the socket's cryptographic \l {QSslCipher} {cipher}, or a | - |
414 | null cipher if the connection isn't encrypted. The socket's cipher | - |
415 | for the session is set during the handshake phase. The cipher is | - |
416 | used to encrypt and decrypt data transmitted through the socket. | - |
417 | | - |
418 | The SSL infrastructure also provides functions for setting the | - |
419 | ordered list of ciphers from which the handshake phase will | - |
420 | eventually select the session cipher. This ordered list must be in | - |
421 | place before the handshake phase begins. | - |
422 | | - |
423 | \sa ciphers(), setCiphers(), QSslSocket::supportedCiphers() | - |
424 | */ | - |
425 | QSslCipher QSslConfiguration::sessionCipher() const | - |
426 | { | - |
427 | return d->sessionCipher; | - |
428 | } | - |
429 | | - |
430 | /*! | - |
431 | Returns the \l {QSslKey} {SSL key} assigned to this connection or | - |
432 | a null key if none has been assigned yet. | - |
433 | | - |
434 | \sa setPrivateKey(), localCertificate() | - |
435 | */ | - |
436 | QSslKey QSslConfiguration::privateKey() const | - |
437 | { | - |
438 | return d->privateKey; | - |
439 | } | - |
440 | | - |
441 | /*! | - |
442 | Sets the connection's private \l {QSslKey} {key} to \a key. The | - |
443 | private key and the local \l {QSslCertificate} {certificate} are | - |
444 | used by clients and servers that must prove their identity to | - |
445 | SSL peers. | - |
446 | | - |
447 | Both the key and the local certificate are required if you are | - |
448 | creating an SSL server socket. If you are creating an SSL client | - |
449 | socket, the key and local certificate are required if your client | - |
450 | must identify itself to an SSL server. | - |
451 | | - |
452 | \sa privateKey(), setLocalCertificate() | - |
453 | */ | - |
454 | void QSslConfiguration::setPrivateKey(const QSslKey &key) | - |
455 | { | - |
456 | d->privateKey = key; | - |
457 | } | - |
458 | | - |
459 | /*! | - |
460 | Returns this connection's current cryptographic cipher suite. This | - |
461 | list is used during the handshake phase for choosing a | - |
462 | session cipher. The returned list of ciphers is ordered by | - |
463 | descending preference. (i.e., the first cipher in the list is the | - |
464 | most preferred cipher). The session cipher will be the first one | - |
465 | in the list that is also supported by the peer. | - |
466 | | - |
467 | By default, the handshake phase can choose any of the ciphers | - |
468 | supported by this system's SSL libraries, which may vary from | - |
469 | system to system. The list of ciphers supported by this system's | - |
470 | SSL libraries is returned by QSslSocket::supportedCiphers(). You can restrict | - |
471 | the list of ciphers used for choosing the session cipher for this | - |
472 | socket by calling setCiphers() with a subset of the supported | - |
473 | ciphers. You can revert to using the entire set by calling | - |
474 | setCiphers() with the list returned by QSslSocket::supportedCiphers(). | - |
475 | | - |
476 | \sa setCiphers(), QSslSocket::supportedCiphers() | - |
477 | */ | - |
478 | QList<QSslCipher> QSslConfiguration::ciphers() const | - |
479 | { | - |
480 | return d->ciphers; | - |
481 | } | - |
482 | | - |
483 | /*! | - |
484 | Sets the cryptographic cipher suite for this socket to \a ciphers, | - |
485 | which must contain a subset of the ciphers in the list returned by | - |
486 | supportedCiphers(). | - |
487 | | - |
488 | Restricting the cipher suite must be done before the handshake | - |
489 | phase, where the session cipher is chosen. | - |
490 | | - |
491 | \sa ciphers(), QSslSocket::supportedCiphers() | - |
492 | */ | - |
493 | void QSslConfiguration::setCiphers(const QList<QSslCipher> &ciphers) | - |
494 | { | - |
495 | d->ciphers = ciphers; | - |
496 | } | - |
497 | | - |
498 | /*! | - |
499 | Returns this connection's CA certificate database. The CA certificate | - |
500 | database is used by the socket during the handshake phase to | - |
501 | validate the peer's certificate. It can be modified prior to the | - |
502 | handshake with setCaCertificates(), or with \l{QSslSocket}'s | - |
503 | \l{QSslSocket::}{addCaCertificate()} and | - |
504 | \l{QSslSocket::}{addCaCertificates()}. | - |
505 | | - |
506 | \sa setCaCertificates() | - |
507 | */ | - |
508 | QList<QSslCertificate> QSslConfiguration::caCertificates() const | - |
509 | { | - |
510 | return d->caCertificates; | - |
511 | } | - |
512 | | - |
513 | /*! | - |
514 | Sets this socket's CA certificate database to be \a certificates. | - |
515 | The certificate database must be set prior to the SSL handshake. | - |
516 | The CA certificate database is used by the socket during the | - |
517 | handshake phase to validate the peer's certificate. | - |
518 | | - |
519 | \sa caCertificates() | - |
520 | */ | - |
521 | void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certificates) | - |
522 | { | - |
523 | d->caCertificates = certificates; executed (the execution status of this line is deduced): d->caCertificates = certificates; | - |
524 | d->allowRootCertOnDemandLoading = false; executed (the execution status of this line is deduced): d->allowRootCertOnDemandLoading = false; | - |
525 | } executed: } Execution Count:41 | 41 |
526 | | - |
527 | /*! | - |
528 | Enables or disables an SSL compatibility \a option. If \a on | - |
529 | is true, the \a option is enabled. If \a on is false, the | - |
530 | \a option is disabled. | - |
531 | | - |
532 | \sa testSslOption() | - |
533 | */ | - |
534 | void QSslConfiguration::setSslOption(QSsl::SslOption option, bool on) | - |
535 | { | - |
536 | if (on) | - |
537 | d->sslOptions |= option; | - |
538 | else | - |
539 | d->sslOptions &= ~option; | - |
540 | } | - |
541 | | - |
542 | /*! | - |
543 | \since 4.8 | - |
544 | | - |
545 | Returns true if the specified SSL compatibility \a option is enabled. | - |
546 | | - |
547 | \sa setSslOption() | - |
548 | */ | - |
549 | bool QSslConfiguration::testSslOption(QSsl::SslOption option) const | - |
550 | { | - |
551 | return d->sslOptions & option; | - |
552 | } | - |
553 | | - |
554 | /*! | - |
555 | Returns the default SSL configuration to be used in new SSL | - |
556 | connections. | - |
557 | | - |
558 | The default SSL configuration consists of: | - |
559 | | - |
560 | \list | - |
561 | \li no local certificate and no private key | - |
562 | \li protocol SecureProtocols (meaning either TLS 1.0 or SSL 3 will be used) | - |
563 | \li the system's default CA certificate list | - |
564 | \li the cipher list equal to the list of the SSL libraries' | - |
565 | supported SSL ciphers | - |
566 | \endlist | - |
567 | | - |
568 | \sa QSslSocket::supportedCiphers(), setDefaultConfiguration() | - |
569 | */ | - |
570 | QSslConfiguration QSslConfiguration::defaultConfiguration() | - |
571 | { | - |
572 | return QSslConfigurationPrivate::defaultConfiguration(); | - |
573 | } | - |
574 | | - |
575 | /*! | - |
576 | Sets the default SSL configuration to be used in new SSL | - |
577 | connections to be \a configuration. Existing connections are not | - |
578 | affected by this call. | - |
579 | | - |
580 | \sa QSslSocket::supportedCiphers(), defaultConfiguration() | - |
581 | */ | - |
582 | void QSslConfiguration::setDefaultConfiguration(const QSslConfiguration &configuration) | - |
583 | { | - |
584 | QSslConfigurationPrivate::setDefaultConfiguration(configuration); | - |
585 | } | - |
586 | | - |
587 | QT_END_NAMESPACE | - |
588 | | - |
| | |