ssl/qsslconfiguration.cpp

Source codeSwitch to Preprocessed file
LineSource CodeCoverage
1/****************************************************************************-
**
** Copyright (C) 2012 Digia Plc and/or its subsidiary(-ies).
** Contact: http://www.qt-project.org/legal
**
** This file is part of the QtNetwork module of the Qt Toolkit.
**
** $QT_BEGIN_LICENSE:LGPL$
** Commercial License Usage
** Licensees holding valid commercial Qt licenses may use this file in
** accordance with the commercial license agreement provided with the
** Software or, alternatively, in accordance with the terms contained in
** a written agreement between you and Digia. For licensing terms and
** conditions see http://qt.digia.com/licensing. For further information
** use the contact form at http://qt.digia.com/contact-us.
**
** GNU Lesser General Public License Usage
** Alternatively, this file may be used under the terms of the GNU Lesser
** General Public License version 2.1 as published by the Free Software
** Foundation and appearing in the file LICENSE.LGPL included in the
** packaging of this file. Please review the following information to
** ensure the GNU Lesser General Public License version 2.1 requirements
** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
**
** In addition, as a special exception, Digia gives you certain additional
** rights. These rights are described in the Digia Qt LGPL Exception
** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
**
** GNU General Public License Usage
** Alternatively, this file may be used under the terms of the GNU
** General Public License version 3.0 as published by the Free Software
** Foundation and appearing in the file LICENSE.GPL included in the
** packaging of this file. Please review the following information to
** ensure the GNU General Public License version 3.0 requirements will be
** met: http://www.gnu.org/copyleft/gpl.html.
**
**
** $QT_END_LICENSE$
**
****************************************************************************/****************************************************************************
2** -
3** Copyright (C) 2013 Digia Plc and/or its subsidiary(-ies). -
4** Contact: http://www.qt-project.org/legal -
5** -
6** This file is part of the QtNetwork module of the Qt Toolkit. -
7** -
8** $QT_BEGIN_LICENSE:LGPL$ -
9** Commercial License Usage -
10** Licensees holding valid commercial Qt licenses may use this file in -
11** accordance with the commercial license agreement provided with the -
12** Software or, alternatively, in accordance with the terms contained in -
13** a written agreement between you and Digia. For licensing terms and -
14** conditions see http://qt.digia.com/licensing. For further information -
15** use the contact form at http://qt.digia.com/contact-us. -
16** -
17** GNU Lesser General Public License Usage -
18** Alternatively, this file may be used under the terms of the GNU Lesser -
19** General Public License version 2.1 as published by the Free Software -
20** Foundation and appearing in the file LICENSE.LGPL included in the -
21** packaging of this file. Please review the following information to -
22** ensure the GNU Lesser General Public License version 2.1 requirements -
23** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. -
24** -
25** In addition, as a special exception, Digia gives you certain additional -
26** rights. These rights are described in the Digia Qt LGPL Exception -
27** version 1.1, included in the file LGPL_EXCEPTION.txt in this package. -
28** -
29** GNU General Public License Usage -
30** Alternatively, this file may be used under the terms of the GNU -
31** General Public License version 3.0 as published by the Free Software -
32** Foundation and appearing in the file LICENSE.GPL included in the -
33** packaging of this file. Please review the following information to -
34** ensure the GNU General Public License version 3.0 requirements will be -
35** met: http://www.gnu.org/copyleft/gpl.html. -
36** -
37** -
38** $QT_END_LICENSE$ -
39** -
40****************************************************************************/ -
41 -
42#include "qsslconfiguration.h" -
43#include "qsslconfiguration_p.h" -
44#include "qsslsocket.h" -
45#include "qmutex.h" -
46#include "qdebug.h" -
47 -
48QT_BEGIN_NAMESPACE -
49 -
50const QSsl::SslOptions QSslConfigurationPrivate::defaultSslOptions = QSsl::SslOptionDisableEmptyFragments -
51 |QSsl::SslOptionDisableLegacyRenegotiation -
52 |QSsl::SslOptionDisableCompression; -
53 -
54/*! -
55 \class QSslConfiguration -
56 \brief The QSslConfiguration class holds the configuration and state of an SSL connection -
57 \since 4.4 -
58 -
59 \reentrant -
60 \inmodule QtNetwork -
61 \ingroup network -
62 \ingroup ssl -
63 \ingroup shared -
64 -
65 QSslConfiguration is used by Qt networking classes to relay -
66 information about an open SSL connection and to allow the -
67 application to control certain features of that connection. -
68 -
69 The settings that QSslConfiguration currently supports are: -
70 -
71 \list -
72 \li The SSL/TLS protocol to be used -
73 \li The certificate to be presented to the peer during connection -
74 and its associated private key -
75 \li The ciphers allowed to be used for encrypting the connection -
76 \li The list of Certificate Authorities certificates that are -
77 used to validate the peer's certificate -
78 \endlist -
79 -
80 These settings are applied only during the connection -
81 handshake. Setting them after the connection has been established -
82 has no effect. -
83 -
84 The state that QSslConfiguration supports are: -
85 \list -
86 \li The certificate the peer presented during handshake, along -
87 with the chain leading to a CA certificate -
88 \li The cipher used to encrypt this session -
89 \endlist -
90 -
91 The state can only be obtained once the SSL connection starts, but -
92 not necessarily before it's done. Some settings may change during -
93 the course of the SSL connection without need to restart it (for -
94 instance, the cipher can be changed over time). -
95 -
96 State in QSslConfiguration objects cannot be changed. -
97 -
98 QSslConfiguration can be used with QSslSocket and the Network -
99 Access API. -
100 -
101 Note that changing settings in QSslConfiguration is not enough to -
102 change the settings in the related SSL connection. You must call -
103 setSslConfiguration on a modified QSslConfiguration object to -
104 achieve that. The following example illustrates how to change the -
105 protocol to TLSv1_0 in a QSslSocket object: -
106 -
107 \snippet code/src_network_ssl_qsslconfiguration.cpp 0 -
108 -
109 \sa QSsl::SslProtocol, QSslCertificate, QSslCipher, QSslKey, -
110 QSslSocket, QNetworkAccessManager, -
111 QSslSocket::sslConfiguration(), QSslSocket::setSslConfiguration() -
112*/ -
113 -
114/*! -
115 Constructs an empty SSL configuration. This configuration contains -
116 no valid settings and the state will be empty. isNull() will -
117 return true after this constructor is called. -
118 -
119 Once any setter methods are called, isNull() will return false. -
120*/ -
121QSslConfiguration::QSslConfiguration() -
122 : d(new QSslConfigurationPrivate) -
123{ -
124} -
125 -
126/*! -
127 Copies the configuration and state of \a other. If \a other is -
128 null, this object will be null too. -
129*/ -
130QSslConfiguration::QSslConfiguration(const QSslConfiguration &other) -
131 : d(other.d) -
132{ -
133} -
134 -
135/*! -
136 Releases any resources held by QSslConfiguration. -
137*/ -
138QSslConfiguration::~QSslConfiguration() -
139{ -
140 // QSharedDataPointer deletes d for us if necessary -
141} -
142 -
143/*! -
144 Copies the configuration and state of \a other. If \a other is -
145 null, this object will be null too. -
146*/ -
147QSslConfiguration &QSslConfiguration::operator=(const QSslConfiguration &other) -
148{ -
149 d = other.d; -
150 return *this; -
151} -
152 -
153/*! -
154 \fn void QSslConfiguration::swap(QSslConfiguration &other) -
155 \since 5.0 -
156 -
157 Swaps this SSL configuration instance with \a other. This function -
158 is very fast and never fails. -
159*/ -
160 -
161/*! -
162 Returns true if this QSslConfiguration object is equal to \a -
163 other. -
164 -
165 Two QSslConfiguration objects are considered equal if they have -
166 the exact same settings and state. -
167 -
168 \sa operator!=() -
169*/ -
170bool QSslConfiguration::operator==(const QSslConfiguration &other) const -
171{ -
172 if (d == other.d)
evaluated: d == other.d
TRUEFALSE
yes
Evaluation Count:29
yes
Evaluation Count:43
29-43
173 return true;
executed: return true;
Execution Count:29
29
174 return d->peerCertificate == other.d->peerCertificate &&
executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions;
Execution Count:43
43
175 d->peerCertificateChain == other.d->peerCertificateChain &&
executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions;
Execution Count:43
43
176 d->localCertificate == other.d->localCertificate &&
executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions;
Execution Count:43
43
177 d->privateKey == other.d->privateKey &&
executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions;
Execution Count:43
43
178 d->sessionCipher == other.d->sessionCipher &&
executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions;
Execution Count:43
43
179 d->ciphers == other.d->ciphers &&
executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions;
Execution Count:43
43
180 d->caCertificates == other.d->caCertificates &&
executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions;
Execution Count:43
43
181 d->protocol == other.d->protocol &&
executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions;
Execution Count:43
43
182 d->peerVerifyMode == other.d->peerVerifyMode &&
executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions;
Execution Count:43
43
183 d->peerVerifyDepth == other.d->peerVerifyDepth &&
executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions;
Execution Count:43
43
184 d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading &&
executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions;
Execution Count:43
43
185 d->sslOptions == other.d->sslOptions;
executed: return d->peerCertificate == other.d->peerCertificate && d->peerCertificateChain == other.d->peerCertificateChain && d->localCertificate == other.d->localCertificate && d->privateKey == other.d->privateKey && d->sessionCipher == other.d->sessionCipher && d->ciphers == other.d->ciphers && d->caCertificates == other.d->caCertificates && d->protocol == other.d->protocol && d->peerVerifyMode == other.d->peerVerifyMode && d->peerVerifyDepth == other.d->peerVerifyDepth && d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && d->sslOptions == other.d->sslOptions;
Execution Count:43
43
186} -
187 -
188/*! -
189 \fn QSslConfiguration::operator!=(const QSslConfiguration &other) const -
190 -
191 Returns true if this QSslConfiguration differs from \a other. Two -
192 QSslConfiguration objects are considered different if any state or -
193 setting is different. -
194 -
195 \sa operator==() -
196*/ -
197 -
198/*! -
199 Returns true if this is a null QSslConfiguration object. -
200 -
201 A QSslConfiguration object is null if it has been -
202 default-constructed and no setter methods have been called. -
203 -
204 \sa setProtocol(), setLocalCertificate(), setPrivateKey(), -
205 setCiphers(), setCaCertificates() -
206*/ -
207bool QSslConfiguration::isNull() const -
208{ -
209 return (d->protocol == QSsl::SecureProtocols &&
executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions);
Execution Count:178
178
210 d->peerVerifyMode == QSslSocket::AutoVerifyPeer &&
executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions);
Execution Count:178
178
211 d->peerVerifyDepth == 0 &&
executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions);
Execution Count:178
178
212 d->allowRootCertOnDemandLoading == true &&
executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions);
Execution Count:178
178
213 d->caCertificates.count() == 0 &&
executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions);
Execution Count:178
178
214 d->ciphers.count() == 0 &&
executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions);
Execution Count:178
178
215 d->localCertificate.isNull() &&
executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions);
Execution Count:178
178
216 d->privateKey.isNull() &&
executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions);
Execution Count:178
178
217 d->peerCertificate.isNull() &&
executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions);
Execution Count:178
178
218 d->peerCertificateChain.count() == 0 &&
executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions);
Execution Count:178
178
219 d->sslOptions == QSslConfigurationPrivate::defaultSslOptions);
executed: return (d->protocol == QSsl::SecureProtocols && d->peerVerifyMode == QSslSocket::AutoVerifyPeer && d->peerVerifyDepth == 0 && d->allowRootCertOnDemandLoading == true && d->caCertificates.count() == 0 && d->ciphers.count() == 0 && d->localCertificate.isNull() && d->privateKey.isNull() && d->peerCertificate.isNull() && d->peerCertificateChain.count() == 0 && d->sslOptions == QSslConfigurationPrivate::defaultSslOptions);
Execution Count:178
178
220} -
221 -
222/*! -
223 Returns the protocol setting for this SSL configuration. -
224 -
225 \sa setProtocol() -
226*/ -
227QSsl::SslProtocol QSslConfiguration::protocol() const -
228{ -
229 return d->protocol; -
230} -
231 -
232/*! -
233 Sets the protocol setting for this configuration to be \a -
234 protocol. -
235 -
236 Setting the protocol once the connection has already been -
237 established has no effect. -
238 -
239 \sa protocol() -
240*/ -
241void QSslConfiguration::setProtocol(QSsl::SslProtocol protocol) -
242{ -
243 d->protocol = protocol; -
244} -
245 -
246/*! -
247 Returns the verify mode. This mode decides whether QSslSocket should -
248 request a certificate from the peer (i.e., the client requests a -
249 certificate from the server, or a server requesting a certificate from the -
250 client), and whether it should require that this certificate is valid. -
251 -
252 The default mode is AutoVerifyPeer, which tells QSslSocket to use -
253 VerifyPeer for clients, QueryPeer for servers. -
254 -
255 \sa setPeerVerifyMode() -
256*/ -
257QSslSocket::PeerVerifyMode QSslConfiguration::peerVerifyMode() const -
258{ -
259 return d->peerVerifyMode; -
260} -
261 -
262/*! -
263 Sets the verify mode to \a mode. This mode decides whether QSslSocket -
264 should request a certificate from the peer (i.e., the client requests a -
265 certificate from the server, or a server requesting a certificate from the -
266 client), and whether it should require that this certificate is valid. -
267 -
268 The default mode is AutoVerifyPeer, which tells QSslSocket to use -
269 VerifyPeer for clients, QueryPeer for servers. -
270 -
271 \sa peerVerifyMode() -
272*/ -
273void QSslConfiguration::setPeerVerifyMode(QSslSocket::PeerVerifyMode mode) -
274{ -
275 d->peerVerifyMode = mode; -
276} -
277 -
278 -
279/*! -
280 Returns the maximum number of certificates in the peer's certificate chain -
281 to be checked during the SSL handshake phase, or 0 (the default) if no -
282 maximum depth has been set, indicating that the whole certificate chain -
283 should be checked. -
284 -
285 The certificates are checked in issuing order, starting with the peer's -
286 own certificate, then its issuer's certificate, and so on. -
287 -
288 \sa setPeerVerifyDepth(), peerVerifyMode() -
289*/ -
290int QSslConfiguration::peerVerifyDepth() const -
291{ -
292 return d->peerVerifyDepth; -
293} -
294 -
295/*! -
296 Sets the maximum number of certificates in the peer's certificate chain to -
297 be checked during the SSL handshake phase, to \a depth. Setting a depth of -
298 0 means that no maximum depth is set, indicating that the whole -
299 certificate chain should be checked. -
300 -
301 The certificates are checked in issuing order, starting with the peer's -
302 own certificate, then its issuer's certificate, and so on. -
303 -
304 \sa peerVerifyDepth(), setPeerVerifyMode() -
305*/ -
306void QSslConfiguration::setPeerVerifyDepth(int depth) -
307{ -
308 if (depth < 0) { -
309 qWarning("QSslConfiguration::setPeerVerifyDepth: cannot set negative depth of %d", depth); -
310 return; -
311 } -
312 d->peerVerifyDepth = depth; -
313} -
314 -
315/*! -
316 Returns the certificate to be presented to the peer during the SSL -
317 handshake process. -
318 -
319 \sa setLocalCertificate() -
320*/ -
321QSslCertificate QSslConfiguration::localCertificate() const -
322{ -
323 return d->localCertificate; -
324} -
325 -
326/*! -
327 Sets the certificate to be presented to the peer during SSL -
328 handshake to be \a certificate. -
329 -
330 Setting the certificate once the connection has been established -
331 has no effect. -
332 -
333 A certificate is the means of identification used in the SSL -
334 process. The local certificate is used by the remote end to verify -
335 the local user's identity against its list of Certification -
336 Authorities. In most cases, such as in HTTP web browsing, only -
337 servers identify to the clients, so the client does not send a -
338 certificate. -
339 -
340 \sa localCertificate() -
341*/ -
342void QSslConfiguration::setLocalCertificate(const QSslCertificate &certificate) -
343{ -
344 d->localCertificate = certificate; -
345} -
346 -
347/*! -
348 Returns the peer's digital certificate (i.e., the immediate -
349 certificate of the host you are connected to), or a null -
350 certificate, if the peer has not assigned a certificate. -
351 -
352 The peer certificate is checked automatically during the -
353 handshake phase, so this function is normally used to fetch -
354 the certificate for display or for connection diagnostic -
355 purposes. It contains information about the peer, including -
356 its host name, the certificate issuer, and the peer's public -
357 key. -
358 -
359 Because the peer certificate is set during the handshake phase, it -
360 is safe to access the peer certificate from a slot connected to -
361 the QSslSocket::sslErrors() signal, QNetworkReply::sslErrors() -
362 signal, or the QSslSocket::encrypted() signal. -
363 -
364 If a null certificate is returned, it can mean the SSL handshake -
365 failed, or it can mean the host you are connected to doesn't have -
366 a certificate, or it can mean there is no connection. -
367 -
368 If you want to check the peer's complete chain of certificates, -
369 use peerCertificateChain() to get them all at once. -
370 -
371 \sa peerCertificateChain(), -
372 QSslSocket::sslErrors(), QSslSocket::ignoreSslErrors(), -
373 QNetworkReply::sslErrors(), QNetworkReply::ignoreSslErrors() -
374*/ -
375QSslCertificate QSslConfiguration::peerCertificate() const -
376{ -
377 return d->peerCertificate; -
378} -
379 -
380/*! -
381 Returns the peer's chain of digital certificates, starting with -
382 the peer's immediate certificate and ending with the CA's -
383 certificate. -
384 -
385 Peer certificates are checked automatically during the handshake -
386 phase. This function is normally used to fetch certificates for -
387 display, or for performing connection diagnostics. Certificates -
388 contain information about the peer and the certificate issuers, -
389 including host name, issuer names, and issuer public keys. -
390 -
391 Because the peer certificate is set during the handshake phase, it -
392 is safe to access the peer certificate from a slot connected to -
393 the QSslSocket::sslErrors() signal, QNetworkReply::sslErrors() -
394 signal, or the QSslSocket::encrypted() signal. -
395 -
396 If an empty list is returned, it can mean the SSL handshake -
397 failed, or it can mean the host you are connected to doesn't have -
398 a certificate, or it can mean there is no connection. -
399 -
400 If you want to get only the peer's immediate certificate, use -
401 peerCertificate(). -
402 -
403 \sa peerCertificate(), -
404 QSslSocket::sslErrors(), QSslSocket::ignoreSslErrors(), -
405 QNetworkReply::sslErrors(), QNetworkReply::ignoreSslErrors() -
406*/ -
407QList<QSslCertificate> QSslConfiguration::peerCertificateChain() const -
408{ -
409 return d->peerCertificateChain; -
410} -
411 -
412/*! -
413 Returns the socket's cryptographic \l {QSslCipher} {cipher}, or a -
414 null cipher if the connection isn't encrypted. The socket's cipher -
415 for the session is set during the handshake phase. The cipher is -
416 used to encrypt and decrypt data transmitted through the socket. -
417 -
418 The SSL infrastructure also provides functions for setting the -
419 ordered list of ciphers from which the handshake phase will -
420 eventually select the session cipher. This ordered list must be in -
421 place before the handshake phase begins. -
422 -
423 \sa ciphers(), setCiphers(), QSslSocket::supportedCiphers() -
424*/ -
425QSslCipher QSslConfiguration::sessionCipher() const -
426{ -
427 return d->sessionCipher; -
428} -
429 -
430/*! -
431 Returns the \l {QSslKey} {SSL key} assigned to this connection or -
432 a null key if none has been assigned yet. -
433 -
434 \sa setPrivateKey(), localCertificate() -
435*/ -
436QSslKey QSslConfiguration::privateKey() const -
437{ -
438 return d->privateKey; -
439} -
440 -
441/*! -
442 Sets the connection's private \l {QSslKey} {key} to \a key. The -
443 private key and the local \l {QSslCertificate} {certificate} are -
444 used by clients and servers that must prove their identity to -
445 SSL peers. -
446 -
447 Both the key and the local certificate are required if you are -
448 creating an SSL server socket. If you are creating an SSL client -
449 socket, the key and local certificate are required if your client -
450 must identify itself to an SSL server. -
451 -
452 \sa privateKey(), setLocalCertificate() -
453*/ -
454void QSslConfiguration::setPrivateKey(const QSslKey &key) -
455{ -
456 d->privateKey = key; -
457} -
458 -
459/*! -
460 Returns this connection's current cryptographic cipher suite. This -
461 list is used during the handshake phase for choosing a -
462 session cipher. The returned list of ciphers is ordered by -
463 descending preference. (i.e., the first cipher in the list is the -
464 most preferred cipher). The session cipher will be the first one -
465 in the list that is also supported by the peer. -
466 -
467 By default, the handshake phase can choose any of the ciphers -
468 supported by this system's SSL libraries, which may vary from -
469 system to system. The list of ciphers supported by this system's -
470 SSL libraries is returned by QSslSocket::supportedCiphers(). You can restrict -
471 the list of ciphers used for choosing the session cipher for this -
472 socket by calling setCiphers() with a subset of the supported -
473 ciphers. You can revert to using the entire set by calling -
474 setCiphers() with the list returned by QSslSocket::supportedCiphers(). -
475 -
476 \sa setCiphers(), QSslSocket::supportedCiphers() -
477*/ -
478QList<QSslCipher> QSslConfiguration::ciphers() const -
479{ -
480 return d->ciphers; -
481} -
482 -
483/*! -
484 Sets the cryptographic cipher suite for this socket to \a ciphers, -
485 which must contain a subset of the ciphers in the list returned by -
486 supportedCiphers(). -
487 -
488 Restricting the cipher suite must be done before the handshake -
489 phase, where the session cipher is chosen. -
490 -
491 \sa ciphers(), QSslSocket::supportedCiphers() -
492*/ -
493void QSslConfiguration::setCiphers(const QList<QSslCipher> &ciphers) -
494{ -
495 d->ciphers = ciphers; -
496} -
497 -
498/*! -
499 Returns this connection's CA certificate database. The CA certificate -
500 database is used by the socket during the handshake phase to -
501 validate the peer's certificate. It can be modified prior to the -
502 handshake with setCaCertificates(), or with \l{QSslSocket}'s -
503 \l{QSslSocket::}{addCaCertificate()} and -
504 \l{QSslSocket::}{addCaCertificates()}. -
505 -
506 \sa setCaCertificates() -
507*/ -
508QList<QSslCertificate> QSslConfiguration::caCertificates() const -
509{ -
510 return d->caCertificates; -
511} -
512 -
513/*! -
514 Sets this socket's CA certificate database to be \a certificates. -
515 The certificate database must be set prior to the SSL handshake. -
516 The CA certificate database is used by the socket during the -
517 handshake phase to validate the peer's certificate. -
518 -
519 \sa caCertificates() -
520*/ -
521void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certificates) -
522{ -
523 d->caCertificates = certificates;
executed (the execution status of this line is deduced): d->caCertificates = certificates;
-
524 d->allowRootCertOnDemandLoading = false;
executed (the execution status of this line is deduced): d->allowRootCertOnDemandLoading = false;
-
525}
executed: }
Execution Count:41
41
526 -
527/*! -
528 Enables or disables an SSL compatibility \a option. If \a on -
529 is true, the \a option is enabled. If \a on is false, the -
530 \a option is disabled. -
531 -
532 \sa testSslOption() -
533*/ -
534void QSslConfiguration::setSslOption(QSsl::SslOption option, bool on) -
535{ -
536 if (on) -
537 d->sslOptions |= option; -
538 else -
539 d->sslOptions &= ~option; -
540} -
541 -
542/*! -
543 \since 4.8 -
544 -
545 Returns true if the specified SSL compatibility \a option is enabled. -
546 -
547 \sa setSslOption() -
548*/ -
549bool QSslConfiguration::testSslOption(QSsl::SslOption option) const -
550{ -
551 return d->sslOptions & option; -
552} -
553 -
554/*! -
555 Returns the default SSL configuration to be used in new SSL -
556 connections. -
557 -
558 The default SSL configuration consists of: -
559 -
560 \list -
561 \li no local certificate and no private key -
562 \li protocol SecureProtocols (meaning either TLS 1.0 or SSL 3 will be used) -
563 \li the system's default CA certificate list -
564 \li the cipher list equal to the list of the SSL libraries' -
565 supported SSL ciphers -
566 \endlist -
567 -
568 \sa QSslSocket::supportedCiphers(), setDefaultConfiguration() -
569*/ -
570QSslConfiguration QSslConfiguration::defaultConfiguration() -
571{ -
572 return QSslConfigurationPrivate::defaultConfiguration(); -
573} -
574 -
575/*! -
576 Sets the default SSL configuration to be used in new SSL -
577 connections to be \a configuration. Existing connections are not -
578 affected by this call. -
579 -
580 \sa QSslSocket::supportedCiphers(), defaultConfiguration() -
581*/ -
582void QSslConfiguration::setDefaultConfiguration(const QSslConfiguration &configuration) -
583{ -
584 QSslConfigurationPrivate::setDefaultConfiguration(configuration); -
585} -
586 -
587QT_END_NAMESPACE -
588 -
Source codeSwitch to Preprocessed file

Generated by Squish Coco Non-Commercial