ssl/qsslsocket_openssl.cpp

Source codeSwitch to Preprocessed file
LineSource CodeCoverage
1/**************************************************************************** -
2** -
3** Copyright (C) 2012 Digia Plc and/or its subsidiary(-ies). -
4** Contact: http://www.qt-project.org/legal -
5** -
6** This file is part of the QtNetwork module of the Qt Toolkit. -
7** -
8** $QT_BEGIN_LICENSE:LGPL$ -
9** Commercial License Usage -
10** Licensees holding valid commercial Qt licenses may use this file in -
11** accordance with the commercial license agreement provided with the -
12** Software or, alternatively, in accordance with the terms contained in -
13** a written agreement between you and Digia. For licensing terms and -
14** conditions see http://qt.digia.com/licensing. For further information -
15** use the contact form at http://qt.digia.com/contact-us. -
16** -
17** GNU Lesser General Public License Usage -
18** Alternatively, this file may be used under the terms of the GNU Lesser -
19** General Public License version 2.1 as published by the Free Software -
20** Foundation and appearing in the file LICENSE.LGPL included in the -
21** packaging of this file. Please review the following information to -
22** ensure the GNU Lesser General Public License version 2.1 requirements -
23** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. -
24** -
25** In addition, as a special exception, Digia gives you certain additional -
26** rights. These rights are described in the Digia Qt LGPL Exception -
27** version 1.1, included in the file LGPL_EXCEPTION.txt in this package. -
28** -
29** GNU General Public License Usage -
30** Alternatively, this file may be used under the terms of the GNU -
31** General Public License version 3.0 as published by the Free Software -
32** Foundation and appearing in the file LICENSE.GPL included in the -
33** packaging of this file. Please review the following information to -
34** ensure the GNU General Public License version 3.0 requirements will be -
35** met: http://www.gnu.org/copyleft/gpl.html. -
36** -
37** -
38** $QT_END_LICENSE$ -
39** -
40****************************************************************************/ -
41 -
42//#define QSSLSOCKET_DEBUG -
43 -
44#include "qsslsocket_openssl_p.h" -
45#include "qsslsocket_openssl_symbols_p.h" -
46#include "qsslsocket.h" -
47#include "qsslcertificate_p.h" -
48#include "qsslcipher_p.h" -
49 -
50#include <QtCore/qdatetime.h> -
51#include <QtCore/qdebug.h> -
52#include <QtCore/qdir.h> -
53#include <QtCore/qdiriterator.h> -
54#include <QtCore/qelapsedtimer.h> -
55#include <QtCore/qfile.h> -
56#include <QtCore/qfileinfo.h> -
57#include <QtCore/qmutex.h> -
58#include <QtCore/qthread.h> -
59#include <QtCore/qurl.h> -
60#include <QtCore/qvarlengtharray.h> -
61#include <QLibrary> // for loading the security lib for the CA store -
62 -
63QT_BEGIN_NAMESPACE -
64 -
65#if defined(Q_OS_MAC) && !defined(Q_OS_IOS) -
66#define kSecTrustSettingsDomainSystem 2 // so we do not need to include the header file -
67 PtrSecCertificateGetData QSslSocketPrivate::ptrSecCertificateGetData = 0; -
68 PtrSecTrustSettingsCopyCertificates QSslSocketPrivate::ptrSecTrustSettingsCopyCertificates = 0; -
69 PtrSecTrustCopyAnchorCertificates QSslSocketPrivate::ptrSecTrustCopyAnchorCertificates = 0; -
70#elif defined(Q_OS_WIN) -
71 PtrCertOpenSystemStoreW QSslSocketPrivate::ptrCertOpenSystemStoreW = 0; -
72 PtrCertFindCertificateInStore QSslSocketPrivate::ptrCertFindCertificateInStore = 0; -
73 PtrCertCloseStore QSslSocketPrivate::ptrCertCloseStore = 0; -
74#endif -
75 -
76bool QSslSocketPrivate::s_libraryLoaded = false; -
77bool QSslSocketPrivate::s_loadedCiphersAndCerts = false; -
78bool QSslSocketPrivate::s_loadRootCertsOnDemand = false; -
79 -
80/* \internal -
81 -
82 From OpenSSL's thread(3) manual page: -
83 -
84 OpenSSL can safely be used in multi-threaded applications provided that at -
85 least two callback functions are set. -
86 -
87 locking_function(int mode, int n, const char *file, int line) is needed to -
88 perform locking on shared data structures. (Note that OpenSSL uses a -
89 number of global data structures that will be implicitly shared -
90 whenever multiple threads use OpenSSL.) Multi-threaded -
91 applications will crash at random if it is not set. ... -
92 ... -
93 id_function(void) is a function that returns a thread ID. It is not -
94 needed on Windows nor on platforms where getpid() returns a different -
95 ID for each thread (most notably Linux) -
96*/ -
97class QOpenSslLocks -
98{ -
99public: -
100 inline QOpenSslLocks() -
101 : initLocker(QMutex::Recursive), -
102 locksLocker(QMutex::Recursive) -
103 { -
104 QMutexLocker locker(&locksLocker);
executed (the execution status of this line is deduced): QMutexLocker locker(&locksLocker);
-
105 int numLocks = q_CRYPTO_num_locks();
executed (the execution status of this line is deduced): int numLocks = q_CRYPTO_num_locks();
-
106 locks = new QMutex *[numLocks];
executed (the execution status of this line is deduced): locks = new QMutex *[numLocks];
-
107 memset(locks, 0, numLocks * sizeof(QMutex *));
executed (the execution status of this line is deduced): memset(locks, 0, numLocks * sizeof(QMutex *));
-
108 }
executed: }
Execution Count:10
10
109 inline ~QOpenSslLocks() -
110 { -
111 QMutexLocker locker(&locksLocker);
executed (the execution status of this line is deduced): QMutexLocker locker(&locksLocker);
-
112 for (int i = 0; i < q_CRYPTO_num_locks(); ++i)
evaluated: i < q_CRYPTO_num_locks()
TRUEFALSE
yes
Evaluation Count:390
yes
Evaluation Count:10
10-390
113 delete locks[i];
executed: delete locks[i];
Execution Count:390
390
114 delete [] locks;
executed (the execution status of this line is deduced): delete [] locks;
-
115 -
116 QSslSocketPrivate::deinitialize();
executed (the execution status of this line is deduced): QSslSocketPrivate::deinitialize();
-
117 }
executed: }
Execution Count:10
10
118 inline QMutex *lock(int num) -
119 { -
120 QMutexLocker locker(&locksLocker);
executed (the execution status of this line is deduced): QMutexLocker locker(&locksLocker);
-
121 QMutex *tmp = locks[num];
executed (the execution status of this line is deduced): QMutex *tmp = locks[num];
-
122 if (!tmp)
evaluated: !tmp
TRUEFALSE
yes
Evaluation Count:129
yes
Evaluation Count:208879
129-208879
123 tmp = locks[num] = new QMutex(QMutex::Recursive);
executed: tmp = locks[num] = new QMutex(QMutex::Recursive);
Execution Count:129
129
124 return tmp;
executed: return tmp;
Execution Count:209008
209008
125 } -
126 -
127 QMutex *globalLock() -
128 { -
129 return &locksLocker;
never executed: return &locksLocker;
0
130 } -
131 -
132 QMutex *initLock() -
133 { -
134 return &initLocker;
executed: return &initLocker;
Execution Count:53104
53104
135 } -
136 -
137private: -
138 QMutex initLocker; -
139 QMutex locksLocker; -
140 QMutex **locks; -
141}; -
142Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks)
never executed: delete x;
executed: return thisGlobalStatic.pointer.load();
Execution Count:262108
partially evaluated: !thisGlobalStatic.pointer.testAndSetOrdered(0, x)
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:10
evaluated: !thisGlobalStatic.pointer.load()
TRUEFALSE
yes
Evaluation Count:10
yes
Evaluation Count:262099
partially evaluated: !thisGlobalStatic.destroyed
TRUEFALSE
yes
Evaluation Count:10
no
Evaluation Count:0
0-262108
143 -
144extern "C" { -
145static void locking_function(int mode, int lockNumber, const char *, int) -
146{ -
147 QMutex *mutex = openssl_locks()->lock(lockNumber);
executed (the execution status of this line is deduced): QMutex *mutex = openssl_locks()->lock(lockNumber);
-
148 -
149 // Lock or unlock it -
150 if (mode & CRYPTO_LOCK)
evaluated: mode & 1
TRUEFALSE
yes
Evaluation Count:104504
yes
Evaluation Count:104504
104504
151 mutex->lock();
executed: mutex->lock();
Execution Count:104504
104504
152 else -
153 mutex->unlock();
executed: mutex->unlock();
Execution Count:104504
104504
154} -
155static unsigned long id_function() -
156{ -
157 return (quintptr)QThread::currentThreadId();
executed: return (quintptr)QThread::currentThreadId();
Execution Count:9526
9526
158} -
159} // extern "C" -
160 -
161QSslSocketBackendPrivate::QSslSocketBackendPrivate() -
162 : ssl(0), -
163 ctx(0), -
164 pkey(0), -
165 readBio(0), -
166 writeBio(0), -
167 session(0) -
168{ -
169 // Calls SSL_library_init(). -
170 ensureInitialized();
executed (the execution status of this line is deduced): ensureInitialized();
-
171}
executed: }
Execution Count:61
61
172 -
173QSslSocketBackendPrivate::~QSslSocketBackendPrivate() -
174{ -
175 destroySslContext();
executed (the execution status of this line is deduced): destroySslContext();
-
176}
executed: }
Execution Count:61
61
177 -
178QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher) -
179{ -
180 QSslCipher ciph;
executed (the execution status of this line is deduced): QSslCipher ciph;
-
181 -
182 char buf [256];
executed (the execution status of this line is deduced): char buf [256];
-
183 QString descriptionOneLine = QString::fromLatin1(q_SSL_CIPHER_description(cipher, buf, sizeof(buf)));
executed (the execution status of this line is deduced): QString descriptionOneLine = QString::fromLatin1(q_SSL_CIPHER_description(cipher, buf, sizeof(buf)));
-
184 -
185 QStringList descriptionList = descriptionOneLine.split(QLatin1String(" "), QString::SkipEmptyParts);
executed (the execution status of this line is deduced): QStringList descriptionList = descriptionOneLine.split(QLatin1String(" "), QString::SkipEmptyParts);
-
186 if (descriptionList.size() > 5) {
partially evaluated: descriptionList.size() > 5
TRUEFALSE
yes
Evaluation Count:317
no
Evaluation Count:0
0-317
187 // ### crude code. -
188 ciph.d->isNull = false;
executed (the execution status of this line is deduced): ciph.d->isNull = false;
-
189 ciph.d->name = descriptionList.at(0);
executed (the execution status of this line is deduced): ciph.d->name = descriptionList.at(0);
-
190 -
191 QString protoString = descriptionList.at(1);
executed (the execution status of this line is deduced): QString protoString = descriptionList.at(1);
-
192 ciph.d->protocolString = protoString;
executed (the execution status of this line is deduced): ciph.d->protocolString = protoString;
-
193 ciph.d->protocol = QSsl::UnknownProtocol;
executed (the execution status of this line is deduced): ciph.d->protocol = QSsl::UnknownProtocol;
-
194 if (protoString == QLatin1String("SSLv3"))
evaluated: protoString == QLatin1String("SSLv3")
TRUEFALSE
yes
Evaluation Count:263
yes
Evaluation Count:54
54-263
195 ciph.d->protocol = QSsl::SslV3;
executed: ciph.d->protocol = QSsl::SslV3;
Execution Count:263
263
196 else if (protoString == QLatin1String("SSLv2"))
partially evaluated: protoString == QLatin1String("SSLv2")
TRUEFALSE
yes
Evaluation Count:54
no
Evaluation Count:0
0-54
197 ciph.d->protocol = QSsl::SslV2;
executed: ciph.d->protocol = QSsl::SslV2;
Execution Count:54
54
198 else if (protoString == QLatin1String("TLSv1"))
never evaluated: protoString == QLatin1String("TLSv1")
0
199 ciph.d->protocol = QSsl::TlsV1_0;
never executed: ciph.d->protocol = QSsl::TlsV1_0;
0
200 else if (protoString == QLatin1String("TLSv1.1"))
never evaluated: protoString == QLatin1String("TLSv1.1")
0
201 ciph.d->protocol = QSsl::TlsV1_1;
never executed: ciph.d->protocol = QSsl::TlsV1_1;
0
202 else if (protoString == QLatin1String("TLSv1.2"))
never evaluated: protoString == QLatin1String("TLSv1.2")
0
203 ciph.d->protocol = QSsl::TlsV1_2;
never executed: ciph.d->protocol = QSsl::TlsV1_2;
0
204 -
205 if (descriptionList.at(2).startsWith(QLatin1String("Kx=")))
partially evaluated: descriptionList.at(2).startsWith(QLatin1String("Kx="))
TRUEFALSE
yes
Evaluation Count:317
no
Evaluation Count:0
0-317
206 ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3);
executed: ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3);
Execution Count:317
317
207 if (descriptionList.at(3).startsWith(QLatin1String("Au=")))
partially evaluated: descriptionList.at(3).startsWith(QLatin1String("Au="))
TRUEFALSE
yes
Evaluation Count:317
no
Evaluation Count:0
0-317
208 ciph.d->authenticationMethod = descriptionList.at(3).mid(3);
executed: ciph.d->authenticationMethod = descriptionList.at(3).mid(3);
Execution Count:317
317
209 if (descriptionList.at(4).startsWith(QLatin1String("Enc=")))
partially evaluated: descriptionList.at(4).startsWith(QLatin1String("Enc="))
TRUEFALSE
yes
Evaluation Count:317
no
Evaluation Count:0
0-317
210 ciph.d->encryptionMethod = descriptionList.at(4).mid(4);
executed: ciph.d->encryptionMethod = descriptionList.at(4).mid(4);
Execution Count:317
317
211 ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export"));
evaluated: descriptionList.size() > 6
TRUEFALSE
yes
Evaluation Count:108
yes
Evaluation Count:209
partially evaluated: descriptionList.at(6) == QLatin1String("export")
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:108
0-209
212 -
213 ciph.d->bits = cipher->strength_bits;
executed (the execution status of this line is deduced): ciph.d->bits = cipher->strength_bits;
-
214 ciph.d->supportedBits = cipher->alg_bits;
executed (the execution status of this line is deduced): ciph.d->supportedBits = cipher->alg_bits;
-
215 -
216 }
executed: }
Execution Count:317
317
217 return ciph;
executed: return ciph;
Execution Count:317
317
218} -
219 -
220// ### This list is shared between all threads, and protected by a -
221// mutex. Investigate using thread local storage instead. -
222struct QSslErrorList -
223{ -
224 QMutex mutex; -
225 QList<QPair<int, int> > errors; -
226}; -
227Q_GLOBAL_STATIC(QSslErrorList, _q_sslErrorList)
never executed: delete x;
executed: return thisGlobalStatic.pointer.load();
Execution Count:1295
partially evaluated: !thisGlobalStatic.pointer.testAndSetOrdered(0, x)
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
evaluated: !thisGlobalStatic.pointer.load()
TRUEFALSE
yes
Evaluation Count:3
yes
Evaluation Count:1292
partially evaluated: !thisGlobalStatic.destroyed
TRUEFALSE
yes
Evaluation Count:3
no
Evaluation Count:0
0-1295
228static int q_X509Callback(int ok, X509_STORE_CTX *ctx) -
229{ -
230 if (!ok) {
evaluated: !ok
TRUEFALSE
yes
Evaluation Count:50
yes
Evaluation Count:52
50-52
231 // Store the error and at which depth the error was detected. -
232 _q_sslErrorList()->errors << qMakePair<int, int>(q_X509_STORE_CTX_get_error(ctx), q_X509_STORE_CTX_get_error_depth(ctx));
executed (the execution status of this line is deduced): _q_sslErrorList()->errors << qMakePair<int, int>(q_X509_STORE_CTX_get_error(ctx), q_X509_STORE_CTX_get_error_depth(ctx));
-
233#ifdef QSSLSOCKET_DEBUG -
234 qDebug() << "verification error: dumping bad certificate"; -
235 qDebug() << QSslCertificatePrivate::QSslCertificate_from_X509(q_X509_STORE_CTX_get_current_cert(ctx)).toPem(); -
236 qDebug() << "dumping chain"; -
237 foreach (QSslCertificate cert, QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(q_X509_STORE_CTX_get_chain(ctx))) { -
238 QString certFormat(QStringLiteral("O=%1 CN=%2 L=%3 OU=%4 C=%5 ST=%6")); -
239 qDebug() << "Issuer:" << "O=" << cert.issuerInfo(QSslCertificate::Organization) -
240 << "CN=" << cert.issuerInfo(QSslCertificate::CommonName) -
241 << "L=" << cert.issuerInfo(QSslCertificate::LocalityName) -
242 << "OU=" << cert.issuerInfo(QSslCertificate::OrganizationalUnitName) -
243 << "C=" << cert.issuerInfo(QSslCertificate::CountryName) -
244 << "ST=" << cert.issuerInfo(QSslCertificate::StateOrProvinceName); -
245 qDebug() << "Subject:" << "O=" << cert.subjectInfo(QSslCertificate::Organization) -
246 << "CN=" << cert.subjectInfo(QSslCertificate::CommonName) -
247 << "L=" << cert.subjectInfo(QSslCertificate::LocalityName) -
248 << "OU=" << cert.subjectInfo(QSslCertificate::OrganizationalUnitName) -
249 << "C=" << cert.subjectInfo(QSslCertificate::CountryName) -
250 << "ST=" << cert.subjectInfo(QSslCertificate::StateOrProvinceName); -
251 qDebug() << "Valid:" << cert.effectiveDate() << "-" << cert.expiryDate(); -
252 } -
253#endif -
254 }
executed: }
Execution Count:50
50
255 // Always return OK to allow verification to continue. We're handle the -
256 // errors gracefully after collecting all errors, after verification has -
257 // completed. -
258 return 1;
executed: return 1;
Execution Count:102
102
259} -
260 -
261long QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions) -
262{ -
263 long options;
executed (the execution status of this line is deduced): long options;
-
264 if (protocol == QSsl::TlsV1SslV3 || protocol == QSsl::SecureProtocols)
partially evaluated: protocol == QSsl::TlsV1SslV3
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:48
evaluated: protocol == QSsl::SecureProtocols
TRUEFALSE
yes
Evaluation Count:45
yes
Evaluation Count:3
0-48
265 options = SSL_OP_ALL|SSL_OP_NO_SSLv2;
executed: options = 0x00000FFFL|0x01000000L;
Execution Count:45
45
266 else -
267 options = SSL_OP_ALL;
executed: options = 0x00000FFFL;
Execution Count:3
3
268 -
269 // This option is disabled by default, so we need to be able to clear it -
270 if (sslOptions & QSsl::SslOptionDisableEmptyFragments)
partially evaluated: sslOptions & QSsl::SslOptionDisableEmptyFragments
TRUEFALSE
yes
Evaluation Count:48
no
Evaluation Count:0
0-48
271 options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
executed: options |= 0x00000800L;
Execution Count:48
48
272 else -
273 options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
never executed: options &= ~0x00000800L;
0
274 -
275#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION -
276 // This option is disabled by default, so we need to be able to clear it -
277 if (sslOptions & QSsl::SslOptionDisableLegacyRenegotiation)
partially evaluated: sslOptions & QSsl::SslOptionDisableLegacyRenegotiation
TRUEFALSE
yes
Evaluation Count:48
no
Evaluation Count:0
0-48
278 options &= ~SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
executed: options &= ~0x00040000L;
Execution Count:48
48
279 else -
280 options |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
never executed: options |= 0x00040000L;
0
281#endif -
282 -
283#ifdef SSL_OP_NO_TICKET -
284 if (sslOptions & QSsl::SslOptionDisableSessionTickets)
partially evaluated: sslOptions & QSsl::SslOptionDisableSessionTickets
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:48
0-48
285 options |= SSL_OP_NO_TICKET;
never executed: options |= 0x00004000L;
0
286#endif -
287#ifdef SSL_OP_NO_COMPRESSION -
288 if (sslOptions & QSsl::SslOptionDisableCompression) -
289 options |= SSL_OP_NO_COMPRESSION; -
290#endif -
291 -
292 return options;
executed: return options;
Execution Count:48
48
293} -
294 -
295bool QSslSocketBackendPrivate::initSslContext() -
296{ -
297 Q_Q(QSslSocket);
executed (the execution status of this line is deduced): QSslSocket * const q = q_func();
-
298 -
299 // Create and initialize SSL context. Accept SSLv2, SSLv3 and TLSv1_0. -
300 bool client = (mode == QSslSocket::SslClientMode);
executed (the execution status of this line is deduced): bool client = (mode == QSslSocket::SslClientMode);
-
301 -
302 bool reinitialized = false;
executed (the execution status of this line is deduced): bool reinitialized = false;
-
303 -
304init_context:
code before this statement executed: init_context:
Execution Count:48
48
305 switch (configuration.protocol) { -
306 case QSsl::SslV2: -
307#ifndef OPENSSL_NO_SSL2 -
308 ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method());
never executed (the execution status of this line is deduced): ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method());
-
309#else -
310 ctx = 0; // SSL 2 not supported by the system, but chosen deliberately -> error -
311#endif -
312 break;
never executed: break;
0
313 case QSsl::SslV3: -
314 ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
never executed (the execution status of this line is deduced): ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
-
315 break;
never executed: break;
0
316 case QSsl::SecureProtocols: // SslV2 will be disabled below -
317 case QSsl::TlsV1SslV3: // SslV2 will be disabled below -
318 case QSsl::AnyProtocol: -
319 default: -
320 ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method());
executed (the execution status of this line is deduced): ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method());
-
321 break;
executed: break;
Execution Count:48
48
322 case QSsl::TlsV1_0: -
323 ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method());
never executed (the execution status of this line is deduced): ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method());
-
324 break;
never executed: break;
0
325 case QSsl::TlsV1_1: -
326#if OPENSSL_VERSION_NUMBER >= 0x10001000L -
327 ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); -
328#else -
329 ctx = 0; // TLS 1.1 not supported by the system, but chosen deliberately -> error
never executed (the execution status of this line is deduced): ctx = 0;
-
330#endif -
331 break;
never executed: break;
0
332 case QSsl::TlsV1_2: -
333#if OPENSSL_VERSION_NUMBER >= 0x10001000L -
334 ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); -
335#else -
336 ctx = 0; // TLS 1.2 not supported by the system, but chosen deliberately -> error
never executed (the execution status of this line is deduced): ctx = 0;
-
337#endif -
338 break;
never executed: break;
0
339 } -
340 if (!ctx) {
partially evaluated: !ctx
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:48
0-48
341 // After stopping Flash 10 the SSL library looses its ciphers. Try re-adding them -
342 // by re-initializing the library. -
343 if (!reinitialized) {
never evaluated: !reinitialized
0
344 reinitialized = true;
never executed (the execution status of this line is deduced): reinitialized = true;
-
345 if (q_SSL_library_init() == 1)
never evaluated: q_SSL_library_init() == 1
0
346 goto init_context;
never executed: goto init_context;
0
347 }
never executed: }
0
348 -
349 q->setErrorString(QSslSocket::tr("Error creating SSL context (%1)").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error creating SSL context (%1)").arg(getErrorsFromOpenSsl()));
-
350 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
351 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
352 return false;
never executed: return false;
0
353 } -
354 -
355 // Enable bug workarounds. -
356 long options = setupOpenSslOptions(configuration.protocol, configuration.sslOptions);
executed (the execution status of this line is deduced): long options = setupOpenSslOptions(configuration.protocol, configuration.sslOptions);
-
357 q_SSL_CTX_set_options(ctx, options);
executed (the execution status of this line is deduced): q_SSL_CTX_ctrl((ctx),32,(options),__null);
-
358 -
359#if OPENSSL_VERSION_NUMBER >= 0x10000000L -
360 // Tell OpenSSL to release memory early -
361 // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html -
362 if (q_SSLeay() >= 0x10000000L) -
363 q_SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS); -
364#endif -
365 -
366 // Initialize ciphers -
367 QByteArray cipherString;
executed (the execution status of this line is deduced): QByteArray cipherString;
-
368 int first = true;
executed (the execution status of this line is deduced): int first = true;
-
369 QList<QSslCipher> ciphers = configuration.ciphers;
executed (the execution status of this line is deduced): QList<QSslCipher> ciphers = configuration.ciphers;
-
370 if (ciphers.isEmpty())
evaluated: ciphers.isEmpty()
TRUEFALSE
yes
Evaluation Count:1
yes
Evaluation Count:47
1-47
371 ciphers = defaultCiphers();
executed: ciphers = defaultCiphers();
Execution Count:1
1
372 foreach (const QSslCipher &cipher, ciphers) {
executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(ciphers)> _container_(ciphers); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCipher &cipher = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
373 if (first)
evaluated: first
TRUEFALSE
yes
Evaluation Count:48
yes
Evaluation Count:1152
48-1152
374 first = false;
executed: first = false;
Execution Count:48
48
375 else -
376 cipherString.append(':');
executed: cipherString.append(':');
Execution Count:1152
1152
377 cipherString.append(cipher.name().toLatin1());
executed (the execution status of this line is deduced): cipherString.append(cipher.name().toLatin1());
-
378 }
executed: }
Execution Count:1200
1200
379 -
380 if (!q_SSL_CTX_set_cipher_list(ctx, cipherString.data())) {
partially evaluated: !q_SSL_CTX_set_cipher_list(ctx, cipherString.data())
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:48
0-48
381 q->setErrorString(QSslSocket::tr("Invalid or empty cipher list (%1)").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Invalid or empty cipher list (%1)").arg(getErrorsFromOpenSsl()));
-
382 q->setSocketError(QAbstractSocket::SslInvalidUserDataError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInvalidUserDataError);
-
383 emit q->error(QAbstractSocket::SslInvalidUserDataError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInvalidUserDataError);
-
384 return false;
never executed: return false;
0
385 } -
386 -
387 // Add all our CAs to this store. -
388 QList<QSslCertificate> expiredCerts;
executed (the execution status of this line is deduced): QList<QSslCertificate> expiredCerts;
-
389 foreach (const QSslCertificate &caCertificate, q->caCertificates()) {
executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(q->caCertificates())> _container_(q->caCertificates()); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &caCertificate = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
390 // add expired certs later, so that the -
391 // valid ones are used before the expired ones -
392 if (caCertificate.expiryDate() < QDateTime::currentDateTime()) {
partially evaluated: caCertificate.expiryDate() < QDateTime::currentDateTime()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
393 expiredCerts.append(caCertificate);
never executed (the execution status of this line is deduced): expiredCerts.append(caCertificate);
-
394 } else {
never executed: }
0
395 q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle()));
executed (the execution status of this line is deduced): q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle()));
-
396 }
executed: }
Execution Count:3
3
397 } -
398 -
399 bool addExpiredCerts = true;
executed (the execution status of this line is deduced): bool addExpiredCerts = true;
-
400#if defined(Q_OS_MAC) && (MAC_OS_X_VERSION_MAX_ALLOWED == MAC_OS_X_VERSION_10_5) -
401 //On Leopard SSL does not work if we add the expired certificates. -
402 if (QSysInfo::MacintoshVersion == QSysInfo::MV_10_5) -
403 addExpiredCerts = false; -
404#endif -
405 // now add the expired certs -
406 if (addExpiredCerts) {
partially evaluated: addExpiredCerts
TRUEFALSE
yes
Evaluation Count:48
no
Evaluation Count:0
0-48
407 foreach (const QSslCertificate &caCertificate, expiredCerts) {
never executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(expiredCerts)> _container_(expiredCerts); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &caCertificate = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
408 q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle()));
never executed (the execution status of this line is deduced): q_X509_STORE_add_cert(ctx->cert_store, reinterpret_cast<X509 *>(caCertificate.handle()));
-
409 }
never executed: }
0
410 }
executed: }
Execution Count:48
48
411 -
412 if (s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) {
partially evaluated: s_loadRootCertsOnDemand
TRUEFALSE
yes
Evaluation Count:48
no
Evaluation Count:0
evaluated: allowRootCertOnDemandLoading
TRUEFALSE
yes
Evaluation Count:45
yes
Evaluation Count:3
0-48
413 // tell OpenSSL the directories where to look up the root certs on demand -
414 QList<QByteArray> unixDirs = unixRootCertDirectories();
executed (the execution status of this line is deduced): QList<QByteArray> unixDirs = unixRootCertDirectories();
-
415 for (int a = 0; a < unixDirs.count(); ++a)
evaluated: a < unixDirs.count()
TRUEFALSE
yes
Evaluation Count:360
yes
Evaluation Count:45
45-360
416 q_SSL_CTX_load_verify_locations(ctx, 0, unixDirs.at(a).constData());
executed: q_SSL_CTX_load_verify_locations(ctx, 0, unixDirs.at(a).constData());
Execution Count:360
360
417 }
executed: }
Execution Count:45
45
418 -
419 // Register a custom callback to get all verification errors. -
420 X509_STORE_set_verify_cb_func(ctx->cert_store, q_X509Callback);
executed (the execution status of this line is deduced): ((ctx->cert_store)->verify_cb=(q_X509Callback));
-
421 -
422 if (!configuration.localCertificate.isNull()) {
evaluated: !configuration.localCertificate.isNull()
TRUEFALSE
yes
Evaluation Count:3
yes
Evaluation Count:45
3-45
423 // Require a private key as well. -
424 if (configuration.privateKey.isNull()) {
partially evaluated: configuration.privateKey.isNull()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
425 q->setErrorString(QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(getErrorsFromOpenSsl()));
-
426 q->setSocketError(QAbstractSocket::SslInvalidUserDataError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInvalidUserDataError);
-
427 emit q->error(QAbstractSocket::SslInvalidUserDataError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInvalidUserDataError);
-
428 return false;
never executed: return false;
0
429 } -
430 -
431 // Load certificate -
432 if (!q_SSL_CTX_use_certificate(ctx, reinterpret_cast<X509 *>(configuration.localCertificate.handle()))) {
partially evaluated: !q_SSL_CTX_use_certificate(ctx, reinterpret_cast<X509 *>(configuration.localCertificate.handle()))
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
433 q->setErrorString(QSslSocket::tr("Error loading local certificate, %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error loading local certificate, %1").arg(getErrorsFromOpenSsl()));
-
434 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
435 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
436 return false;
never executed: return false;
0
437 } -
438 -
439 if (configuration.privateKey.algorithm() == QSsl::Opaque) {
partially evaluated: configuration.privateKey.algorithm() == QSsl::Opaque
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
440 pkey = reinterpret_cast<EVP_PKEY *>(configuration.privateKey.handle());
never executed (the execution status of this line is deduced): pkey = reinterpret_cast<EVP_PKEY *>(configuration.privateKey.handle());
-
441 } else {
never executed: }
0
442 // Load private key -
443 pkey = q_EVP_PKEY_new();
executed (the execution status of this line is deduced): pkey = q_EVP_PKEY_new();
-
444 // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. -
445 // this lead to a memory leak. Now we use the *_set1_* functions which do not -
446 // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. -
447 if (configuration.privateKey.algorithm() == QSsl::Rsa)
partially evaluated: configuration.privateKey.algorithm() == QSsl::Rsa
TRUEFALSE
yes
Evaluation Count:3
no
Evaluation Count:0
0-3
448 q_EVP_PKEY_set1_RSA(pkey, reinterpret_cast<RSA *>(configuration.privateKey.handle()));
executed: q_EVP_PKEY_set1_RSA(pkey, reinterpret_cast<RSA *>(configuration.privateKey.handle()));
Execution Count:3
3
449 else -
450 q_EVP_PKEY_set1_DSA(pkey, reinterpret_cast<DSA *>(configuration.privateKey.handle()));
never executed: q_EVP_PKEY_set1_DSA(pkey, reinterpret_cast<DSA *>(configuration.privateKey.handle()));
0
451 } -
452 -
453 if (!q_SSL_CTX_use_PrivateKey(ctx, pkey)) {
partially evaluated: !q_SSL_CTX_use_PrivateKey(ctx, pkey)
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
454 q->setErrorString(QSslSocket::tr("Error loading private key, %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error loading private key, %1").arg(getErrorsFromOpenSsl()));
-
455 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
456 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
457 return false;
never executed: return false;
0
458 } -
459 if (configuration.privateKey.algorithm() == QSsl::Opaque)
partially evaluated: configuration.privateKey.algorithm() == QSsl::Opaque
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
460 pkey = 0; // Don't free the private key, it belongs to QSslKey
never executed: pkey = 0;
0
461 -
462 // Check if the certificate matches the private key. -
463 if (!q_SSL_CTX_check_private_key(ctx)) {
partially evaluated: !q_SSL_CTX_check_private_key(ctx)
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
464 q->setErrorString(QSslSocket::tr("Private key does not certify public key, %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Private key does not certify public key, %1").arg(getErrorsFromOpenSsl()));
-
465 q->setSocketError(QAbstractSocket::SslInvalidUserDataError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInvalidUserDataError);
-
466 emit q->error(QAbstractSocket::SslInvalidUserDataError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInvalidUserDataError);
-
467 return false;
never executed: return false;
0
468 } -
469 }
executed: }
Execution Count:3
3
470 -
471 // Initialize peer verification. -
472 if (configuration.peerVerifyMode == QSslSocket::VerifyNone) {
partially evaluated: configuration.peerVerifyMode == QSslSocket::VerifyNone
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:48
0-48
473 q_SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
never executed (the execution status of this line is deduced): q_SSL_CTX_set_verify(ctx, 0x00, 0);
-
474 } else {
never executed: }
0
475 q_SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, q_X509Callback);
executed (the execution status of this line is deduced): q_SSL_CTX_set_verify(ctx, 0x01, q_X509Callback);
-
476 }
executed: }
Execution Count:48
48
477 -
478 // Set verification depth. -
479 if (configuration.peerVerifyDepth != 0)
partially evaluated: configuration.peerVerifyDepth != 0
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:48
0-48
480 q_SSL_CTX_set_verify_depth(ctx, configuration.peerVerifyDepth);
never executed: q_SSL_CTX_set_verify_depth(ctx, configuration.peerVerifyDepth);
0
481 -
482 // Create and initialize SSL session -
483 if (!(ssl = q_SSL_new(ctx))) {
partially evaluated: !(ssl = q_SSL_new(ctx))
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:48
0-48
484 // ### Bad error code -
485 q->setErrorString(QSslSocket::tr("Error creating SSL session, %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error creating SSL session, %1").arg(getErrorsFromOpenSsl()));
-
486 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
487 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
488 return false;
never executed: return false;
0
489 } -
490 -
491#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) -
492 if ((configuration.protocol == QSsl::TlsV1SslV3 ||
partially evaluated: configuration.protocol == QSsl::TlsV1SslV3
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:48
0-48
493 configuration.protocol == QSsl::TlsV1_0 ||
partially evaluated: configuration.protocol == QSsl::TlsV1_0
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:48
0-48
494 configuration.protocol == QSsl::TlsV1_1 ||
partially evaluated: configuration.protocol == QSsl::TlsV1_1
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:48
0-48
495 configuration.protocol == QSsl::TlsV1_2 ||
partially evaluated: configuration.protocol == QSsl::TlsV1_2
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:48
0-48
496 configuration.protocol == QSsl::SecureProtocols ||
evaluated: configuration.protocol == QSsl::SecureProtocols
TRUEFALSE
yes
Evaluation Count:45
yes
Evaluation Count:3
3-45
497 configuration.protocol == QSsl::AnyProtocol) &&
partially evaluated: configuration.protocol == QSsl::AnyProtocol
TRUEFALSE
yes
Evaluation Count:3
no
Evaluation Count:0
0-3
498 client && q_SSLeay() >= 0x00090806fL) {
evaluated: client
TRUEFALSE
yes
Evaluation Count:45
yes
Evaluation Count:3
partially evaluated: q_SSLeay() >= 0x00090806fL
TRUEFALSE
yes
Evaluation Count:45
no
Evaluation Count:0
0-45
499 // Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format. -
500 QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName;
partially evaluated: verificationPeerName.isEmpty()
TRUEFALSE
yes
Evaluation Count:45
no
Evaluation Count:0
0-45
501 if (tlsHostName.isEmpty())
partially evaluated: tlsHostName.isEmpty()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:45
0-45
502 tlsHostName = hostName;
never executed: tlsHostName = hostName;
0
503 QByteArray ace = QUrl::toAce(tlsHostName);
executed (the execution status of this line is deduced): QByteArray ace = QUrl::toAce(tlsHostName);
-
504 // only send the SNI header if the URL is valid and not an IP -
505 if (!ace.isEmpty()
partially evaluated: !ace.isEmpty()
TRUEFALSE
yes
Evaluation Count:45
no
Evaluation Count:0
0-45
506 && !QHostAddress().setAddress(tlsHostName)
evaluated: !QHostAddress().setAddress(tlsHostName)
TRUEFALSE
yes
Evaluation Count:36
yes
Evaluation Count:9
9-36
507 && !(configuration.sslOptions & QSsl::SslOptionDisableServerNameIndication)) {
partially evaluated: !(configuration.sslOptions & QSsl::SslOptionDisableServerNameIndication)
TRUEFALSE
yes
Evaluation Count:36
no
Evaluation Count:0
0-36
508 if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.data()))
partially evaluated: !q_SSL_ctrl(ssl, 55, 0, ace.data())
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:36
0-36
509 qWarning("could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled");
never executed: QMessageLogger("ssl/qsslsocket_openssl.cpp", 509, __PRETTY_FUNCTION__).warning("could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled");
0
510 }
executed: }
Execution Count:36
36
511 }
executed: }
Execution Count:45
45
512#endif -
513 -
514 // Clear the session. -
515 q_SSL_clear(ssl);
executed (the execution status of this line is deduced): q_SSL_clear(ssl);
-
516 errorList.clear();
executed (the execution status of this line is deduced): errorList.clear();
-
517 -
518 // Initialize memory BIOs for encryption and decryption. -
519 readBio = q_BIO_new(q_BIO_s_mem());
executed (the execution status of this line is deduced): readBio = q_BIO_new(q_BIO_s_mem());
-
520 writeBio = q_BIO_new(q_BIO_s_mem());
executed (the execution status of this line is deduced): writeBio = q_BIO_new(q_BIO_s_mem());
-
521 if (!readBio || !writeBio) {
partially evaluated: !readBio
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:48
partially evaluated: !writeBio
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:48
0-48
522 q->setErrorString(QSslSocket::tr("Error creating SSL session: %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error creating SSL session: %1").arg(getErrorsFromOpenSsl()));
-
523 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
524 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
525 return false;
never executed: return false;
0
526 } -
527 -
528 // Assign the bios. -
529 q_SSL_set_bio(ssl, readBio, writeBio);
executed (the execution status of this line is deduced): q_SSL_set_bio(ssl, readBio, writeBio);
-
530 -
531 if (mode == QSslSocket::SslClientMode)
evaluated: mode == QSslSocket::SslClientMode
TRUEFALSE
yes
Evaluation Count:45
yes
Evaluation Count:3
3-45
532 q_SSL_set_connect_state(ssl);
executed: q_SSL_set_connect_state(ssl);
Execution Count:45
45
533 else -
534 q_SSL_set_accept_state(ssl);
executed: q_SSL_set_accept_state(ssl);
Execution Count:3
3
535 -
536 return true;
executed: return true;
Execution Count:48
48
537} -
538 -
539void QSslSocketBackendPrivate::destroySslContext() -
540{ -
541 if (ssl) {
evaluated: ssl
TRUEFALSE
yes
Evaluation Count:48
yes
Evaluation Count:99
48-99
542 q_SSL_free(ssl);
executed (the execution status of this line is deduced): q_SSL_free(ssl);
-
543 ssl = 0;
executed (the execution status of this line is deduced): ssl = 0;
-
544 }
executed: }
Execution Count:48
48
545 if (ctx) {
evaluated: ctx
TRUEFALSE
yes
Evaluation Count:48
yes
Evaluation Count:99
48-99
546 q_SSL_CTX_free(ctx);
executed (the execution status of this line is deduced): q_SSL_CTX_free(ctx);
-
547 ctx = 0;
executed (the execution status of this line is deduced): ctx = 0;
-
548 }
executed: }
Execution Count:48
48
549 if (pkey) {
evaluated: pkey
TRUEFALSE
yes
Evaluation Count:3
yes
Evaluation Count:144
3-144
550 q_EVP_PKEY_free(pkey);
executed (the execution status of this line is deduced): q_EVP_PKEY_free(pkey);
-
551 pkey = 0;
executed (the execution status of this line is deduced): pkey = 0;
-
552 }
executed: }
Execution Count:3
3
553}
executed: }
Execution Count:147
147
554 -
555/*! -
556 \internal -
557*/ -
558void QSslSocketPrivate::deinitialize() -
559{ -
560 q_CRYPTO_set_id_callback(0);
executed (the execution status of this line is deduced): q_CRYPTO_set_id_callback(0);
-
561 q_CRYPTO_set_locking_callback(0);
executed (the execution status of this line is deduced): q_CRYPTO_set_locking_callback(0);
-
562 q_ERR_free_strings();
executed (the execution status of this line is deduced): q_ERR_free_strings();
-
563}
executed: }
Execution Count:10
10
564 -
565/*! -
566 \internal -
567 -
568 Does the minimum amount of initialization to determine whether SSL -
569 is supported or not. -
570*/ -
571 -
572bool QSslSocketPrivate::supportsSsl() -
573{ -
574 return ensureLibraryLoaded();
executed: return ensureLibraryLoaded();
Execution Count:33129
33129
575} -
576 -
577bool QSslSocketPrivate::ensureLibraryLoaded() -
578{ -
579 if (!q_resolveOpenSslSymbols())
partially evaluated: !q_resolveOpenSslSymbols()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:33130
0-33130
580 return false;
never executed: return false;
0
581 -
582 // Check if the library itself needs to be initialized. -
583 QMutexLocker locker(openssl_locks()->initLock());
executed (the execution status of this line is deduced): QMutexLocker locker(openssl_locks()->initLock());
-
584 -
585 if (!s_libraryLoaded) {
evaluated: !s_libraryLoaded
TRUEFALSE
yes
Evaluation Count:10
yes
Evaluation Count:33120
10-33120
586 s_libraryLoaded = true;
executed (the execution status of this line is deduced): s_libraryLoaded = true;
-
587 -
588 // Initialize OpenSSL. -
589 q_CRYPTO_set_id_callback(id_function);
executed (the execution status of this line is deduced): q_CRYPTO_set_id_callback(id_function);
-
590 q_CRYPTO_set_locking_callback(locking_function);
executed (the execution status of this line is deduced): q_CRYPTO_set_locking_callback(locking_function);
-
591 if (q_SSL_library_init() != 1)
partially evaluated: q_SSL_library_init() != 1
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:10
0-10
592 return false;
never executed: return false;
0
593 q_SSL_load_error_strings();
executed (the execution status of this line is deduced): q_SSL_load_error_strings();
-
594 q_OpenSSL_add_all_algorithms();
executed (the execution status of this line is deduced): q_OPENSSL_add_all_algorithms_conf();
-
595 -
596 // Initialize OpenSSL's random seed. -
597 if (!q_RAND_status()) {
partially evaluated: !q_RAND_status()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:10
0-10
598 struct {
never executed (the execution status of this line is deduced): struct {
-
599 int msec;
never executed (the execution status of this line is deduced): int msec;
-
600 int sec;
never executed (the execution status of this line is deduced): int sec;
-
601 void *stack;
never executed (the execution status of this line is deduced): void *stack;
-
602 } randomish;
never executed (the execution status of this line is deduced): } randomish;
-
603 -
604 int attempts = 500;
never executed (the execution status of this line is deduced): int attempts = 500;
-
605 do { -
606 if (attempts < 500) {
never evaluated: attempts < 500
0
607#ifdef Q_OS_UNIX -
608 struct timespec ts = {0, 33333333};
never executed (the execution status of this line is deduced): struct timespec ts = {0, 33333333};
-
609 nanosleep(&ts, 0);
never executed (the execution status of this line is deduced): nanosleep(&ts, 0);
-
610#else -
611 Sleep(3); -
612#endif -
613 randomish.msec = attempts;
never executed (the execution status of this line is deduced): randomish.msec = attempts;
-
614 }
never executed: }
0
615 randomish.stack = (void *)&randomish;
never executed (the execution status of this line is deduced): randomish.stack = (void *)&randomish;
-
616 randomish.msec = QTime::currentTime().msec();
never executed (the execution status of this line is deduced): randomish.msec = QTime::currentTime().msec();
-
617 randomish.sec = QTime::currentTime().second();
never executed (the execution status of this line is deduced): randomish.sec = QTime::currentTime().second();
-
618 q_RAND_seed((const char *)&randomish, sizeof(randomish));
never executed (the execution status of this line is deduced): q_RAND_seed((const char *)&randomish, sizeof(randomish));
-
619 } while (!q_RAND_status() && --attempts);
never executed: }
never evaluated: !q_RAND_status()
never evaluated: --attempts
0
620 if (!attempts)
never evaluated: !attempts
0
621 return false;
never executed: return false;
0
622 }
never executed: }
0
623 }
executed: }
Execution Count:10
10
624 return true;
executed: return true;
Execution Count:33130
33130
625} -
626 -
627void QSslSocketPrivate::ensureCiphersAndCertsLoaded() -
628{ -
629 QMutexLocker locker(openssl_locks()->initLock());
executed (the execution status of this line is deduced): QMutexLocker locker(openssl_locks()->initLock());
-
630 if (s_loadedCiphersAndCerts)
evaluated: s_loadedCiphersAndCerts
TRUEFALSE
yes
Evaluation Count:19967
yes
Evaluation Count:9
9-19967
631 return;
executed: return;
Execution Count:19967
19967
632 s_loadedCiphersAndCerts = true;
executed (the execution status of this line is deduced): s_loadedCiphersAndCerts = true;
-
633 -
634 resetDefaultCiphers();
executed (the execution status of this line is deduced): resetDefaultCiphers();
-
635 -
636#ifndef QT_NO_LIBRARY -
637 //load symbols needed to receive certificates from system store -
638#if defined(Q_OS_MAC) && !defined(Q_OS_IOS) -
639 QLibrary securityLib("/System/Library/Frameworks/Security.framework/Versions/Current/Security"); -
640 if (securityLib.load()) { -
641 ptrSecCertificateGetData = (PtrSecCertificateGetData) securityLib.resolve("SecCertificateGetData"); -
642 if (!ptrSecCertificateGetData) -
643 qWarning("could not resolve symbols in security library"); // should never happen -
644 -
645 ptrSecTrustSettingsCopyCertificates = (PtrSecTrustSettingsCopyCertificates) securityLib.resolve("SecTrustSettingsCopyCertificates"); -
646 if (!ptrSecTrustSettingsCopyCertificates) { // method was introduced in Leopard, use legacy method if it's not there -
647 ptrSecTrustCopyAnchorCertificates = (PtrSecTrustCopyAnchorCertificates) securityLib.resolve("SecTrustCopyAnchorCertificates"); -
648 if (!ptrSecTrustCopyAnchorCertificates) -
649 qWarning("could not resolve symbols in security library"); // should never happen -
650 } -
651 } else { -
652 qWarning("could not load security library"); -
653 } -
654#elif defined(Q_OS_WIN) -
655 HINSTANCE hLib = LoadLibraryW(L"Crypt32"); -
656 if (hLib) { -
657#if defined(Q_OS_WINCE) -
658 ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, L"CertOpenStore"); -
659 ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, L"CertFindCertificateInStore"); -
660 ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, L"CertCloseStore"); -
661#else -
662 ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); -
663 ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); -
664 ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); -
665#endif -
666 if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) -
667 qWarning("could not resolve symbols in crypt32 library"); // should never happen -
668 } else { -
669 qWarning("could not load crypt32 library"); // should never happen -
670 } -
671#elif defined(Q_OS_UNIX) && !defined(Q_OS_MAC) -
672 // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) -
673 QList<QByteArray> dirs = unixRootCertDirectories();
executed (the execution status of this line is deduced): QList<QByteArray> dirs = unixRootCertDirectories();
-
674 QStringList symLinkFilter;
executed (the execution status of this line is deduced): QStringList symLinkFilter;
-
675 symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]");
executed (the execution status of this line is deduced): symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]");
-
676 for (int a = 0; a < dirs.count(); ++a) {
partially evaluated: a < dirs.count()
TRUEFALSE
yes
Evaluation Count:9
no
Evaluation Count:0
0-9
677 QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files);
executed (the execution status of this line is deduced): QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files);
-
678 if (iterator.hasNext()) {
partially evaluated: iterator.hasNext()
TRUEFALSE
yes
Evaluation Count:9
no
Evaluation Count:0
0-9
679 s_loadRootCertsOnDemand = true;
executed (the execution status of this line is deduced): s_loadRootCertsOnDemand = true;
-
680 break;
executed: break;
Execution Count:9
9
681 } -
682 }
never executed: }
0
683#endif -
684#endif //QT_NO_LIBRARY -
685 // if on-demand loading was not enabled, load the certs now -
686 if (!s_loadRootCertsOnDemand)
partially evaluated: !s_loadRootCertsOnDemand
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:9
0-9
687 setDefaultCaCertificates(systemCaCertificates());
never executed: setDefaultCaCertificates(systemCaCertificates());
0
688#ifdef Q_OS_WIN -
689 //Enabled for fetching additional root certs from windows update on windows 6+ -
690 //This flag is set false by setDefaultCaCertificates() indicating the app uses -
691 //its own cert bundle rather than the system one. -
692 //Same logic that disables the unix on demand cert loading. -
693 //Unlike unix, we do preload the certificates from the cert store. -
694 if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) -
695 s_loadRootCertsOnDemand = true; -
696#endif -
697}
executed: }
Execution Count:9
9
698 -
699/*! -
700 \internal -
701 -
702 Declared static in QSslSocketPrivate, makes sure the SSL libraries have -
703 been initialized. -
704*/ -
705 -
706void QSslSocketPrivate::ensureInitialized() -
707{ -
708 if (!supportsSsl())
partially evaluated: !supportsSsl()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:19976
0-19976
709 return;
never executed: return;
0
710 -
711 ensureCiphersAndCertsLoaded();
executed (the execution status of this line is deduced): ensureCiphersAndCertsLoaded();
-
712}
executed: }
Execution Count:19975
19975
713 -
714long QSslSocketPrivate::sslLibraryVersionNumber() -
715{ -
716 return q_SSLeay();
never executed: return q_SSLeay();
0
717} -
718 -
719QString QSslSocketPrivate::sslLibraryVersionString() -
720{ -
721 if (!supportsSsl())
never evaluated: !supportsSsl()
0
722 return QString();
never executed: return QString();
0
723 -
724 const char *versionString = q_SSLeay_version(SSLEAY_VERSION);
never executed (the execution status of this line is deduced): const char *versionString = q_SSLeay_version(0);
-
725 if (!versionString)
never evaluated: !versionString
0
726 return QString();
never executed: return QString();
0
727 -
728 return QString::fromLatin1(versionString);
never executed: return QString::fromLatin1(versionString);
0
729} -
730 -
731/*! -
732 \internal -
733 -
734 Declared static in QSslSocketPrivate, backend-dependent loading of -
735 application-wide global ciphers. -
736*/ -
737void QSslSocketPrivate::resetDefaultCiphers() -
738{ -
739 SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method());
executed (the execution status of this line is deduced): SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method());
-
740 SSL *mySsl = q_SSL_new(myCtx);
executed (the execution status of this line is deduced): SSL *mySsl = q_SSL_new(myCtx);
-
741 -
742 QList<QSslCipher> ciphers;
executed (the execution status of this line is deduced): QList<QSslCipher> ciphers;
-
743 -
744 STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl);
executed (the execution status of this line is deduced): STACK *supportedCiphers = q_SSL_get_ciphers(mySsl);
-
745 for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) {
evaluated: i < ((int (*)(const STACK *))q_sk_num)((supportedCiphers))
TRUEFALSE
yes
Evaluation Count:225
yes
Evaluation Count:9
9-225
746 if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
partially evaluated: SSL_CIPHER *cipher = ((SSL_CIPHER * (*)(const STACK *, int))q_sk_value)((supportedCiphers), (i))
TRUEFALSE
yes
Evaluation Count:225
no
Evaluation Count:0
0-225
747 if (cipher->valid) {
partially evaluated: cipher->valid
TRUEFALSE
yes
Evaluation Count:225
no
Evaluation Count:0
0-225
748 QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
executed (the execution status of this line is deduced): QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
-
749 if (!ciph.isNull()) {
partially evaluated: !ciph.isNull()
TRUEFALSE
yes
Evaluation Count:225
no
Evaluation Count:0
0-225
750 if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
partially evaluated: !ciph.name().toLower().startsWith(QLatin1String("adh"))
TRUEFALSE
yes
Evaluation Count:225
no
Evaluation Count:0
0-225
751 ciphers << ciph;
executed: ciphers << ciph;
Execution Count:225
225
752 }
executed: }
Execution Count:225
225
753 }
executed: }
Execution Count:225
225
754 }
executed: }
Execution Count:225
225
755 }
executed: }
Execution Count:225
225
756 -
757 q_SSL_CTX_free(myCtx);
executed (the execution status of this line is deduced): q_SSL_CTX_free(myCtx);
-
758 q_SSL_free(mySsl);
executed (the execution status of this line is deduced): q_SSL_free(mySsl);
-
759 -
760 setDefaultSupportedCiphers(ciphers);
executed (the execution status of this line is deduced): setDefaultSupportedCiphers(ciphers);
-
761 setDefaultCiphers(ciphers);
executed (the execution status of this line is deduced): setDefaultCiphers(ciphers);
-
762}
executed: }
Execution Count:9
9
763 -
764QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates() -
765{ -
766 ensureInitialized();
executed (the execution status of this line is deduced): ensureInitialized();
-
767#ifdef QSSLSOCKET_DEBUG -
768 QElapsedTimer timer; -
769 timer.start(); -
770#endif -
771 QList<QSslCertificate> systemCerts;
executed (the execution status of this line is deduced): QList<QSslCertificate> systemCerts;
-
772#if defined(Q_OS_MAC) && !defined(Q_OS_IOS) -
773 CFArrayRef cfCerts; -
774 OSStatus status = 1; -
775 -
776 OSStatus SecCertificateGetData ( -
777 SecCertificateRef certificate, -
778 CSSM_DATA_PTR data -
779 ); -
780 -
781 if (ptrSecCertificateGetData) { -
782 if (ptrSecTrustSettingsCopyCertificates) -
783 status = ptrSecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts); -
784 else if (ptrSecTrustCopyAnchorCertificates) -
785 status = ptrSecTrustCopyAnchorCertificates(&cfCerts); -
786 if (!status) { -
787 CFIndex size = CFArrayGetCount(cfCerts); -
788 for (CFIndex i = 0; i < size; ++i) { -
789 SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i); -
790 CSSM_DATA data; -
791 CSSM_DATA_PTR dataPtr = &data; -
792 if (ptrSecCertificateGetData(cfCert, dataPtr)) { -
793 qWarning("error retrieving a CA certificate from the system store"); -
794 } else { -
795 int len = data.Length; -
796 char *rawData = reinterpret_cast<char *>(data.Data); -
797 QByteArray rawCert(rawData, len); -
798 systemCerts.append(QSslCertificate::fromData(rawCert, QSsl::Der)); -
799 } -
800 } -
801 CFRelease(cfCerts); -
802 } -
803 else { -
804 // no detailed error handling here -
805 qWarning("could not retrieve system CA certificates"); -
806 } -
807 } -
808#elif defined(Q_OS_WIN) -
809 if (ptrCertOpenSystemStoreW && ptrCertFindCertificateInStore && ptrCertCloseStore) { -
810 HCERTSTORE hSystemStore; -
811#if defined(Q_OS_WINCE) -
812 hSystemStore = ptrCertOpenSystemStoreW(CERT_STORE_PROV_SYSTEM_W, -
813 0, -
814 0, -
815 CERT_STORE_NO_CRYPT_RELEASE_FLAG|CERT_SYSTEM_STORE_CURRENT_USER, -
816 L"ROOT"); -
817#else -
818 hSystemStore = ptrCertOpenSystemStoreW(0, L"ROOT"); -
819#endif -
820 if(hSystemStore) { -
821 PCCERT_CONTEXT pc = NULL; -
822 while(1) { -
823 pc = ptrCertFindCertificateInStore( hSystemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, pc); -
824 if(!pc) -
825 break; -
826 QByteArray der((const char *)(pc->pbCertEncoded), static_cast<int>(pc->cbCertEncoded)); -
827 QSslCertificate cert(der, QSsl::Der); -
828 systemCerts.append(cert); -
829 } -
830 ptrCertCloseStore(hSystemStore, 0); -
831 } -
832 } -
833#elif defined(Q_OS_UNIX) -
834 QSet<QString> certFiles;
executed (the execution status of this line is deduced): QSet<QString> certFiles;
-
835 QList<QByteArray> directories = unixRootCertDirectories();
executed (the execution status of this line is deduced): QList<QByteArray> directories = unixRootCertDirectories();
-
836 QDir currentDir;
executed (the execution status of this line is deduced): QDir currentDir;
-
837 QStringList nameFilters;
executed (the execution status of this line is deduced): QStringList nameFilters;
-
838 nameFilters << QLatin1String("*.pem") << QLatin1String("*.crt");
executed (the execution status of this line is deduced): nameFilters << QLatin1String("*.pem") << QLatin1String("*.crt");
-
839 currentDir.setNameFilters(nameFilters);
executed (the execution status of this line is deduced): currentDir.setNameFilters(nameFilters);
-
840 for (int a = 0; a < directories.count(); a++) {
evaluated: a < directories.count()
TRUEFALSE
yes
Evaluation Count:8
yes
Evaluation Count:1
1-8
841 currentDir.setPath(QLatin1String(directories.at(a)));
executed (the execution status of this line is deduced): currentDir.setPath(QLatin1String(directories.at(a)));
-
842 QDirIterator it(currentDir);
executed (the execution status of this line is deduced): QDirIterator it(currentDir);
-
843 while(it.hasNext()) {
evaluated: it.hasNext()
TRUEFALSE
yes
Evaluation Count:282
yes
Evaluation Count:8
8-282
844 it.next();
executed (the execution status of this line is deduced): it.next();
-
845 // use canonical path here to not load the same certificate twice if symlinked -
846 certFiles.insert(it.fileInfo().canonicalFilePath());
executed (the execution status of this line is deduced): certFiles.insert(it.fileInfo().canonicalFilePath());
-
847 }
executed: }
Execution Count:282
282
848 }
executed: }
Execution Count:8
8
849 QSetIterator<QString> it(certFiles);
executed (the execution status of this line is deduced): QSetIterator<QString> it(certFiles);
-
850 while(it.hasNext()) {
evaluated: it.hasNext()
TRUEFALSE
yes
Evaluation Count:141
yes
Evaluation Count:1
1-141
851 systemCerts.append(QSslCertificate::fromPath(it.next()));
executed (the execution status of this line is deduced): systemCerts.append(QSslCertificate::fromPath(it.next()));
-
852 }
executed: }
Execution Count:141
141
853 systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem)); // Fedora, Mandriva
executed (the execution status of this line is deduced): systemCerts.append(QSslCertificate::fromPath(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt"), QSsl::Pem));
-
854 systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/share/certs/ca-root-nss.crt"), QSsl::Pem)); // FreeBSD's ca_root_nss
executed (the execution status of this line is deduced): systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/share/certs/ca-root-nss.crt"), QSsl::Pem));
-
855#endif -
856#ifdef QSSLSOCKET_DEBUG -
857 qDebug() << "systemCaCertificates retrieval time " << timer.elapsed() << "ms"; -
858 qDebug() << "imported " << systemCerts.count() << " certificates"; -
859#endif -
860 -
861 return systemCerts;
executed: return systemCerts;
Execution Count:1
1
862} -
863 -
864void QSslSocketBackendPrivate::startClientEncryption() -
865{ -
866 Q_Q(QSslSocket);
executed (the execution status of this line is deduced): QSslSocket * const q = q_func();
-
867 if (!initSslContext()) {
partially evaluated: !initSslContext()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:45
0-45
868 q->setErrorString(QSslSocket::tr("Unable to init SSL Context: %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Unable to init SSL Context: %1").arg(getErrorsFromOpenSsl()));
-
869 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
870 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
871 return;
never executed: return;
0
872 } -
873 -
874 // Start connecting. This will place outgoing data in the BIO, so we -
875 // follow up with calling transmit(). -
876 startHandshake();
executed (the execution status of this line is deduced): startHandshake();
-
877 transmit();
executed (the execution status of this line is deduced): transmit();
-
878}
executed: }
Execution Count:45
45
879 -
880void QSslSocketBackendPrivate::startServerEncryption() -
881{ -
882 Q_Q(QSslSocket);
executed (the execution status of this line is deduced): QSslSocket * const q = q_func();
-
883 if (!initSslContext()) {
partially evaluated: !initSslContext()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
884 q->setErrorString(QSslSocket::tr("Unable to init SSL Context: %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Unable to init SSL Context: %1").arg(getErrorsFromOpenSsl()));
-
885 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
886 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
887 return;
never executed: return;
0
888 } -
889 -
890 // Start connecting. This will place outgoing data in the BIO, so we -
891 // follow up with calling transmit(). -
892 startHandshake();
executed (the execution status of this line is deduced): startHandshake();
-
893 transmit();
executed (the execution status of this line is deduced): transmit();
-
894}
executed: }
Execution Count:3
3
895 -
896/*! -
897 \internal -
898 -
899 Transmits encrypted data between the BIOs and the socket. -
900*/ -
901void QSslSocketBackendPrivate::transmit() -
902{ -
903 Q_Q(QSslSocket);
executed (the execution status of this line is deduced): QSslSocket * const q = q_func();
-
904 -
905 // If we don't have any SSL context, don't bother transmitting. -
906 if (!ssl)
partially evaluated: !ssl
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:2965
0-2965
907 return;
never executed: return;
0
908 -
909 bool transmitting;
executed (the execution status of this line is deduced): bool transmitting;
-
910 do { -
911 transmitting = false;
executed (the execution status of this line is deduced): transmitting = false;
-
912 -
913 // If the connection is secure, we can transfer data from the write -
914 // buffer (in plain text) to the write BIO through SSL_write. -
915 if (connectionEncrypted && !writeBuffer.isEmpty()) {
evaluated: connectionEncrypted
TRUEFALSE
yes
Evaluation Count:5709
yes
Evaluation Count:258
evaluated: !writeBuffer.isEmpty()
TRUEFALSE
yes
Evaluation Count:2518
yes
Evaluation Count:3191
258-5709
916 qint64 totalBytesWritten = 0;
executed (the execution status of this line is deduced): qint64 totalBytesWritten = 0;
-
917 int nextDataBlockSize;
executed (the execution status of this line is deduced): int nextDataBlockSize;
-
918 while ((nextDataBlockSize = writeBuffer.nextDataBlockSize()) > 0) {
evaluated: (nextDataBlockSize = writeBuffer.nextDataBlockSize()) > 0
TRUEFALSE
yes
Evaluation Count:2518
yes
Evaluation Count:2518
2518
919 int writtenBytes = q_SSL_write(ssl, writeBuffer.readPointer(), nextDataBlockSize);
executed (the execution status of this line is deduced): int writtenBytes = q_SSL_write(ssl, writeBuffer.readPointer(), nextDataBlockSize);
-
920 if (writtenBytes <= 0) {
partially evaluated: writtenBytes <= 0
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:2518
0-2518
921 // ### Better error handling. -
922 q->setErrorString(QSslSocket::tr("Unable to write data: %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Unable to write data: %1").arg(getErrorsFromOpenSsl()));
-
923 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
924 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
925 return;
never executed: return;
0
926 } -
927#ifdef QSSLSOCKET_DEBUG -
928 qDebug() << "QSslSocketBackendPrivate::transmit: encrypted" << writtenBytes << "bytes"; -
929#endif -
930 writeBuffer.free(writtenBytes);
executed (the execution status of this line is deduced): writeBuffer.free(writtenBytes);
-
931 totalBytesWritten += writtenBytes;
executed (the execution status of this line is deduced): totalBytesWritten += writtenBytes;
-
932 -
933 if (writtenBytes < nextDataBlockSize) {
partially evaluated: writtenBytes < nextDataBlockSize
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:2518
0-2518
934 // break out of the writing loop and try again after we had read -
935 transmitting = true;
never executed (the execution status of this line is deduced): transmitting = true;
-
936 break;
never executed: break;
0
937 } -
938 }
executed: }
Execution Count:2518
2518
939 -
940 if (totalBytesWritten > 0) {
partially evaluated: totalBytesWritten > 0
TRUEFALSE
yes
Evaluation Count:2518
no
Evaluation Count:0
0-2518
941 // Don't emit bytesWritten() recursively. -
942 if (!emittedBytesWritten) {
partially evaluated: !emittedBytesWritten
TRUEFALSE
yes
Evaluation Count:2518
no
Evaluation Count:0
0-2518
943 emittedBytesWritten = true;
executed (the execution status of this line is deduced): emittedBytesWritten = true;
-
944 emit q->bytesWritten(totalBytesWritten);
executed (the execution status of this line is deduced): q->bytesWritten(totalBytesWritten);
-
945 emittedBytesWritten = false;
executed (the execution status of this line is deduced): emittedBytesWritten = false;
-
946 }
executed: }
Execution Count:2518
2518
947 }
executed: }
Execution Count:2518
2518
948 }
executed: }
Execution Count:2518
2518
949 -
950 // Check if we've got any data to be written to the socket. -
951 QVarLengthArray<char, 4096> data;
executed (the execution status of this line is deduced): QVarLengthArray<char, 4096> data;
-
952 int pendingBytes;
executed (the execution status of this line is deduced): int pendingBytes;
-
953 while (plainSocket->isValid() && (pendingBytes = q_BIO_pending(writeBio)) > 0) {
partially evaluated: plainSocket->isValid()
TRUEFALSE
yes
Evaluation Count:8574
no
Evaluation Count:0
evaluated: (pendingBytes = (int)q_BIO_ctrl(writeBio,10,0,__null)) > 0
TRUEFALSE
yes
Evaluation Count:2607
yes
Evaluation Count:5967
0-8574
954 // Read encrypted data from the write BIO into a buffer. -
955 data.resize(pendingBytes);
executed (the execution status of this line is deduced): data.resize(pendingBytes);
-
956 int encryptedBytesRead = q_BIO_read(writeBio, data.data(), pendingBytes);
executed (the execution status of this line is deduced): int encryptedBytesRead = q_BIO_read(writeBio, data.data(), pendingBytes);
-
957 -
958 // Write encrypted data from the buffer to the socket. -
959 qint64 actualWritten = plainSocket->write(data.constData(), encryptedBytesRead);
executed (the execution status of this line is deduced): qint64 actualWritten = plainSocket->write(data.constData(), encryptedBytesRead);
-
960#ifdef QSSLSOCKET_DEBUG -
961 qDebug() << "QSslSocketBackendPrivate::transmit: wrote" << encryptedBytesRead << "encrypted bytes to the socket" << actualWritten << "actual."; -
962#endif -
963 if (actualWritten < 0) {
partially evaluated: actualWritten < 0
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:2607
0-2607
964 //plain socket write fails if it was in the pending close state. -
965 q->setErrorString(plainSocket->errorString());
never executed (the execution status of this line is deduced): q->setErrorString(plainSocket->errorString());
-
966 q->setSocketError(plainSocket->error());
never executed (the execution status of this line is deduced): q->setSocketError(plainSocket->error());
-
967 emit q->error(plainSocket->error());
never executed (the execution status of this line is deduced): q->error(plainSocket->error());
-
968 return;
never executed: return;
0
969 } -
970 transmitting = true;
executed (the execution status of this line is deduced): transmitting = true;
-
971 }
executed: }
Execution Count:2607
2607
972 -
973 // Check if we've got any data to be read from the socket. -
974 if (!connectionEncrypted || !readBufferMaxSize || buffer.size() < readBufferMaxSize)
evaluated: !connectionEncrypted
TRUEFALSE
yes
Evaluation Count:258
yes
Evaluation Count:5709
evaluated: !readBufferMaxSize
TRUEFALSE
yes
Evaluation Count:4950
yes
Evaluation Count:759
evaluated: buffer.size() < readBufferMaxSize
TRUEFALSE
yes
Evaluation Count:733
yes
Evaluation Count:26
26-5709
975 while ((pendingBytes = plainSocket->bytesAvailable()) > 0) {
evaluated: (pendingBytes = plainSocket->bytesAvailable()) > 0
TRUEFALSE
yes
Evaluation Count:414
yes
Evaluation Count:5941
414-5941
976 // Read encrypted data from the socket into a buffer. -
977 data.resize(pendingBytes);
executed (the execution status of this line is deduced): data.resize(pendingBytes);
-
978 // just peek() here because q_BIO_write could write less data than expected -
979 int encryptedBytesRead = plainSocket->peek(data.data(), pendingBytes);
executed (the execution status of this line is deduced): int encryptedBytesRead = plainSocket->peek(data.data(), pendingBytes);
-
980 -
981#ifdef QSSLSOCKET_DEBUG -
982 qDebug() << "QSslSocketBackendPrivate::transmit: read" << encryptedBytesRead << "encrypted bytes from the socket"; -
983#endif -
984 // Write encrypted data from the buffer into the read BIO. -
985 int writtenToBio = q_BIO_write(readBio, data.constData(), encryptedBytesRead);
executed (the execution status of this line is deduced): int writtenToBio = q_BIO_write(readBio, data.constData(), encryptedBytesRead);
-
986 -
987 // do the actual read() here and throw away the results. -
988 if (writtenToBio > 0) {
partially evaluated: writtenToBio > 0
TRUEFALSE
yes
Evaluation Count:414
no
Evaluation Count:0
0-414
989 // ### TODO: make this cheaper by not making it memcpy. E.g. make it work with data=0x0 or make it work with seek -
990 plainSocket->read(data.data(), writtenToBio);
executed (the execution status of this line is deduced): plainSocket->read(data.data(), writtenToBio);
-
991 } else {
executed: }
Execution Count:414
414
992 // ### Better error handling. -
993 q->setErrorString(QSslSocket::tr("Unable to decrypt data: %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Unable to decrypt data: %1").arg(getErrorsFromOpenSsl()));
-
994 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
995 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
996 return;
never executed: return;
0
997 } -
998 -
999 transmitting = true;
executed (the execution status of this line is deduced): transmitting = true;
-
1000 }
executed: }
Execution Count:414
414
1001 -
1002 // If the connection isn't secured yet, this is the time to retry the -
1003 // connect / accept. -
1004 if (!connectionEncrypted) {
evaluated: !connectionEncrypted
TRUEFALSE
yes
Evaluation Count:258
yes
Evaluation Count:5709
258-5709
1005#ifdef QSSLSOCKET_DEBUG -
1006 qDebug() << "QSslSocketBackendPrivate::transmit: testing encryption"; -
1007#endif -
1008 if (startHandshake()) {
evaluated: startHandshake()
TRUEFALSE
yes
Evaluation Count:32
yes
Evaluation Count:226
32-226
1009#ifdef QSSLSOCKET_DEBUG -
1010 qDebug() << "QSslSocketBackendPrivate::transmit: encryption established"; -
1011#endif -
1012 connectionEncrypted = true;
executed (the execution status of this line is deduced): connectionEncrypted = true;
-
1013 transmitting = true;
executed (the execution status of this line is deduced): transmitting = true;
-
1014 } else if (plainSocket->state() != QAbstractSocket::ConnectedState) {
executed: }
Execution Count:32
evaluated: plainSocket->state() != QAbstractSocket::ConnectedState
TRUEFALSE
yes
Evaluation Count:10
yes
Evaluation Count:216
10-216
1015#ifdef QSSLSOCKET_DEBUG -
1016 qDebug() << "QSslSocketBackendPrivate::transmit: connection lost"; -
1017#endif -
1018 break;
executed: break;
Execution Count:10
10
1019 } else if (paused) {
partially evaluated: paused
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:216
0-216
1020 // just wait until the user continues -
1021 return;
never executed: return;
0
1022 } else { -
1023#ifdef QSSLSOCKET_DEBUG -
1024 qDebug() << "QSslSocketBackendPrivate::transmit: encryption not done yet"; -
1025#endif -
1026 }
executed: }
Execution Count:216
216
1027 } -
1028 -
1029 // If the request is small and the remote host closes the transmission -
1030 // after sending, there's a chance that startHandshake() will already -
1031 // have triggered a shutdown. -
1032 if (!ssl)
partially evaluated: !ssl
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:5957
0-5957
1033 continue;
never executed: continue;
0
1034 -
1035 // We always read everything from the SSL decryption buffers, even if -
1036 // we have a readBufferMaxSize. There's no point in leaving data there -
1037 // just so that readBuffer.size() == readBufferMaxSize. -
1038 int readBytes = 0;
executed (the execution status of this line is deduced): int readBytes = 0;
-
1039 data.resize(4096);
executed (the execution status of this line is deduced): data.resize(4096);
-
1040 ::memset(data.data(), 0, data.size());
executed (the execution status of this line is deduced): ::memset(data.data(), 0, data.size());
-
1041 do { -
1042 // Don't use SSL_pending(). It's very unreliable. -
1043 if ((readBytes = q_SSL_read(ssl, data.data(), data.size())) > 0) {
evaluated: (readBytes = q_SSL_read(ssl, data.data(), data.size())) > 0
TRUEFALSE
yes
Evaluation Count:3034
yes
Evaluation Count:5947
3034-5947
1044#ifdef QSSLSOCKET_DEBUG -
1045 qDebug() << "QSslSocketBackendPrivate::transmit: decrypted" << readBytes << "bytes"; -
1046#endif -
1047 char *ptr = buffer.reserve(readBytes);
executed (the execution status of this line is deduced): char *ptr = buffer.reserve(readBytes);
-
1048 ::memcpy(ptr, data.data(), readBytes);
executed (the execution status of this line is deduced): ::memcpy(ptr, data.data(), readBytes);
-
1049 -
1050 if (readyReadEmittedPointer)
evaluated: readyReadEmittedPointer
TRUEFALSE
yes
Evaluation Count:4
yes
Evaluation Count:3030
4-3030
1051 *readyReadEmittedPointer = true;
executed: *readyReadEmittedPointer = true;
Execution Count:4
4
1052 emit q->readyRead();
executed (the execution status of this line is deduced): q->readyRead();
-
1053 transmitting = true;
executed (the execution status of this line is deduced): transmitting = true;
-
1054 continue;
executed: continue;
Execution Count:3034
3034
1055 } -
1056 -
1057 // Error. -
1058 switch (q_SSL_get_error(ssl, readBytes)) { -
1059 case SSL_ERROR_WANT_READ: -
1060 case SSL_ERROR_WANT_WRITE: -
1061 // Out of data. -
1062 break;
executed: break;
Execution Count:5946
5946
1063 case SSL_ERROR_ZERO_RETURN: -
1064 // The remote host closed the connection. -
1065#ifdef QSSLSOCKET_DEBUG -
1066 qDebug() << "QSslSocketBackendPrivate::transmit: remote disconnect"; -
1067#endif -
1068 plainSocket->disconnectFromHost();
executed (the execution status of this line is deduced): plainSocket->disconnectFromHost();
-
1069 break;
executed: break;
Execution Count:1
1
1070 case SSL_ERROR_SYSCALL: // some IO error -
1071 case SSL_ERROR_SSL: // error in the SSL library -
1072 // we do not know exactly what the error is, nor whether we can recover from it, -
1073 // so just return to prevent an endless loop in the outer "while" statement -
1074 q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(getErrorsFromOpenSsl()));
-
1075 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
1076 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
1077 return;
never executed: return;
0
1078 default: -
1079 // SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT: can only happen with a -
1080 // BIO_s_connect() or BIO_s_accept(), which we do not call. -
1081 // SSL_ERROR_WANT_X509_LOOKUP: can only happen with a -
1082 // SSL_CTX_set_client_cert_cb(), which we do not call. -
1083 // So this default case should never be triggered. -
1084 q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(getErrorsFromOpenSsl()));
never executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(getErrorsFromOpenSsl()));
-
1085 q->setSocketError(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslInternalError);
-
1086 emit q->error(QAbstractSocket::SslInternalError);
never executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslInternalError);
-
1087 break;
never executed: break;
0
1088 } -
1089 } while (ssl && readBytes > 0);
executed: }
Execution Count:5947
evaluated: ssl
TRUEFALSE
yes
Evaluation Count:8970
yes
Evaluation Count:11
evaluated: readBytes > 0
TRUEFALSE
yes
Evaluation Count:3024
yes
Evaluation Count:5946
11-8970
1090 } while (ssl && ctx && transmitting);
executed: }
Execution Count:5957
evaluated: ssl
TRUEFALSE
yes
Evaluation Count:5946
yes
Evaluation Count:11
partially evaluated: ctx
TRUEFALSE
yes
Evaluation Count:5946
no
Evaluation Count:0
evaluated: transmitting
TRUEFALSE
yes
Evaluation Count:3000
yes
Evaluation Count:2946
0-5957
1091}
executed: }
Execution Count:2967
2967
1092 -
1093static QSslError _q_OpenSSL_to_QSslError(int errorCode, const QSslCertificate &cert) -
1094{ -
1095 QSslError error;
executed (the execution status of this line is deduced): QSslError error;
-
1096 switch (errorCode) { -
1097 case X509_V_OK: -
1098 // X509_V_OK is also reported if the peer had no certificate. -
1099 break;
never executed: break;
0
1100 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: -
1101 error = QSslError(QSslError::UnableToGetIssuerCertificate, cert); break;
never executed: break;
0
1102 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: -
1103 error = QSslError(QSslError::UnableToDecryptCertificateSignature, cert); break;
never executed: break;
0
1104 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: -
1105 error = QSslError(QSslError::UnableToDecodeIssuerPublicKey, cert); break;
never executed: break;
0
1106 case X509_V_ERR_CERT_SIGNATURE_FAILURE: -
1107 error = QSslError(QSslError::CertificateSignatureFailed, cert); break;
never executed: break;
0
1108 case X509_V_ERR_CERT_NOT_YET_VALID: -
1109 error = QSslError(QSslError::CertificateNotYetValid, cert); break;
never executed: break;
0
1110 case X509_V_ERR_CERT_HAS_EXPIRED: -
1111 error = QSslError(QSslError::CertificateExpired, cert); break;
executed: break;
Execution Count:1
1
1112 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: -
1113 error = QSslError(QSslError::InvalidNotBeforeField, cert); break;
never executed: break;
0
1114 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: -
1115 error = QSslError(QSslError::InvalidNotAfterField, cert); break;
never executed: break;
0
1116 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: -
1117 error = QSslError(QSslError::SelfSignedCertificate, cert); break;
executed: break;
Execution Count:65
65
1118 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: -
1119 error = QSslError(QSslError::SelfSignedCertificateInChain, cert); break;
never executed: break;
0
1120 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: -
1121 error = QSslError(QSslError::UnableToGetLocalIssuerCertificate, cert); break;
executed: break;
Execution Count:12
12
1122 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: -
1123 error = QSslError(QSslError::UnableToVerifyFirstCertificate, cert); break;
executed: break;
Execution Count:12
12
1124 case X509_V_ERR_CERT_REVOKED: -
1125 error = QSslError(QSslError::CertificateRevoked, cert); break;
never executed: break;
0
1126 case X509_V_ERR_INVALID_CA: -
1127 error = QSslError(QSslError::InvalidCaCertificate, cert); break;
executed: break;
Execution Count:1
1
1128 case X509_V_ERR_PATH_LENGTH_EXCEEDED: -
1129 error = QSslError(QSslError::PathLengthExceeded, cert); break;
never executed: break;
0
1130 case X509_V_ERR_INVALID_PURPOSE: -
1131 error = QSslError(QSslError::InvalidPurpose, cert); break;
never executed: break;
0
1132 case X509_V_ERR_CERT_UNTRUSTED: -
1133 error = QSslError(QSslError::CertificateUntrusted, cert); break;
executed: break;
Execution Count:6
6
1134 case X509_V_ERR_CERT_REJECTED: -
1135 error = QSslError(QSslError::CertificateRejected, cert); break;
never executed: break;
0
1136 default: -
1137 error = QSslError(QSslError::UnspecifiedError, cert); break;
never executed: break;
0
1138 } -
1139 return error;
executed: return error;
Execution Count:97
97
1140} -
1141 -
1142bool QSslSocketBackendPrivate::startHandshake() -
1143{ -
1144 Q_Q(QSslSocket);
executed (the execution status of this line is deduced): QSslSocket * const q = q_func();
-
1145 -
1146 // Check if the connection has been established. Get all errors from the -
1147 // verification stage. -
1148 _q_sslErrorList()->mutex.lock();
executed (the execution status of this line is deduced): _q_sslErrorList()->mutex.lock();
-
1149 _q_sslErrorList()->errors.clear();
executed (the execution status of this line is deduced): _q_sslErrorList()->errors.clear();
-
1150 int result = (mode == QSslSocket::SslClientMode) ? q_SSL_connect(ssl) : q_SSL_accept(ssl);
evaluated: (mode == QSslSocket::SslClientMode)
TRUEFALSE
yes
Evaluation Count:288
yes
Evaluation Count:18
18-288
1151 -
1152 const QList<QPair<int, int> > &lastErrors = _q_sslErrorList()->errors;
executed (the execution status of this line is deduced): const QList<QPair<int, int> > &lastErrors = _q_sslErrorList()->errors;
-
1153 for (int i = 0; i < lastErrors.size(); ++i) {
evaluated: i < lastErrors.size()
TRUEFALSE
yes
Evaluation Count:47
yes
Evaluation Count:306
47-306
1154 const QPair<int, int> &currentError = lastErrors.at(i);
executed (the execution status of this line is deduced): const QPair<int, int> &currentError = lastErrors.at(i);
-
1155 // Initialize the peer certificate chain in order to find which certificate caused this error -
1156 if (configuration.peerCertificateChain.isEmpty())
evaluated: configuration.peerCertificateChain.isEmpty()
TRUEFALSE
yes
Evaluation Count:41
yes
Evaluation Count:6
6-41
1157 configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl));
executed: configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl));
Execution Count:41
41
1158 emit q->peerVerifyError(_q_OpenSSL_to_QSslError(currentError.first,
executed (the execution status of this line is deduced): q->peerVerifyError(_q_OpenSSL_to_QSslError(currentError.first,
-
1159 configuration.peerCertificateChain.value(currentError.second)));
executed (the execution status of this line is deduced): configuration.peerCertificateChain.value(currentError.second)));
-
1160 if (q->state() != QAbstractSocket::ConnectedState)
partially evaluated: q->state() != QAbstractSocket::ConnectedState
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:47
0-47
1161 break;
never executed: break;
0
1162 }
executed: }
Execution Count:47
47
1163 -
1164 errorList << lastErrors;
executed (the execution status of this line is deduced): errorList << lastErrors;
-
1165 _q_sslErrorList()->mutex.unlock();
executed (the execution status of this line is deduced): _q_sslErrorList()->mutex.unlock();
-
1166 -
1167 // Connection aborted during handshake phase. -
1168 if (q->state() != QAbstractSocket::ConnectedState)
partially evaluated: q->state() != QAbstractSocket::ConnectedState
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:306
0-306
1169 return false;
never executed: return false;
0
1170 -
1171 // Check if we're encrypted or not. -
1172 if (result <= 0) {
evaluated: result <= 0
TRUEFALSE
yes
Evaluation Count:265
yes
Evaluation Count:41
41-265
1173 switch (q_SSL_get_error(ssl, result)) { -
1174 case SSL_ERROR_WANT_READ: -
1175 case SSL_ERROR_WANT_WRITE: -
1176 // The handshake is not yet complete. -
1177 break;
executed: break;
Execution Count:264
264
1178 default: -
1179 q->setErrorString(QSslSocket::tr("Error during SSL handshake: %1").arg(getErrorsFromOpenSsl()));
executed (the execution status of this line is deduced): q->setErrorString(QSslSocket::tr("Error during SSL handshake: %1").arg(getErrorsFromOpenSsl()));
-
1180 q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
-
1181#ifdef QSSLSOCKET_DEBUG -
1182 qDebug() << "QSslSocketBackendPrivate::startHandshake: error!" << q->errorString(); -
1183#endif -
1184 emit q->error(QAbstractSocket::SslHandshakeFailedError);
executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslHandshakeFailedError);
-
1185 q->abort();
executed (the execution status of this line is deduced): q->abort();
-
1186 }
executed: }
Execution Count:1
1
1187 return false;
executed: return false;
Execution Count:265
265
1188 } -
1189 -
1190 // Store the peer certificate and chain. For clients, the peer certificate -
1191 // chain includes the peer certificate; for servers, it doesn't. Both the -
1192 // peer certificate and the chain may be empty if the peer didn't present -
1193 // any certificate. -
1194 if (configuration.peerCertificateChain.isEmpty())
evaluated: configuration.peerCertificateChain.isEmpty()
TRUEFALSE
yes
Evaluation Count:6
yes
Evaluation Count:35
6-35
1195 configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl));
executed: configuration.peerCertificateChain = STACKOFX509_to_QSslCertificates(q_SSL_get_peer_cert_chain(ssl));
Execution Count:6
6
1196 X509 *x509 = q_SSL_get_peer_certificate(ssl);
executed (the execution status of this line is deduced): X509 *x509 = q_SSL_get_peer_certificate(ssl);
-
1197 configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);
executed (the execution status of this line is deduced): configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);
-
1198 q_X509_free(x509);
executed (the execution status of this line is deduced): q_X509_free(x509);
-
1199 -
1200 // Start translating errors. -
1201 QList<QSslError> errors;
executed (the execution status of this line is deduced): QList<QSslError> errors;
-
1202 -
1203 // check the whole chain for blacklisting (including root, as we check for subjectInfo and issuer) -
1204 foreach (const QSslCertificate &cert, configuration.peerCertificateChain) {
executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(configuration.peerCertificateChain)> _container_(configuration.peerCertificateChain); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &cert = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
1205 if (QSslCertificatePrivate::isBlacklisted(cert)) {
partially evaluated: QSslCertificatePrivate::isBlacklisted(cert)
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:38
0-38
1206 QSslError error(QSslError::CertificateBlacklisted, cert);
never executed (the execution status of this line is deduced): QSslError error(QSslError::CertificateBlacklisted, cert);
-
1207 errors << error;
never executed (the execution status of this line is deduced): errors << error;
-
1208 emit q->peerVerifyError(error);
never executed (the execution status of this line is deduced): q->peerVerifyError(error);
-
1209 if (q->state() != QAbstractSocket::ConnectedState)
never evaluated: q->state() != QAbstractSocket::ConnectedState
0
1210 return false;
never executed: return false;
0
1211 }
never executed: }
0
1212 }
executed: }
Execution Count:38
38
1213 -
1214 bool doVerifyPeer = configuration.peerVerifyMode == QSslSocket::VerifyPeer
partially evaluated: configuration.peerVerifyMode == QSslSocket::VerifyPeer
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:41
0-41
1215 || (configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer
partially evaluated: configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer
TRUEFALSE
yes
Evaluation Count:41
no
Evaluation Count:0
0-41
1216 && mode == QSslSocket::SslClientMode);
evaluated: mode == QSslSocket::SslClientMode
TRUEFALSE
yes
Evaluation Count:38
yes
Evaluation Count:3
3-38
1217 -
1218 // Check the peer certificate itself. First try the subject's common name -
1219 // (CN) as a wildcard, then try all alternate subject name DNS entries the -
1220 // same way. -
1221 if (!configuration.peerCertificate.isNull()) {
evaluated: !configuration.peerCertificate.isNull()
TRUEFALSE
yes
Evaluation Count:38
yes
Evaluation Count:3
3-38
1222 // but only if we're a client connecting to a server -
1223 // if we're the server, don't check CN -
1224 if (mode == QSslSocket::SslClientMode) {
partially evaluated: mode == QSslSocket::SslClientMode
TRUEFALSE
yes
Evaluation Count:38
no
Evaluation Count:0
0-38
1225 QString peerName = (verificationPeerName.isEmpty () ? q->peerName() : verificationPeerName);
partially evaluated: verificationPeerName.isEmpty ()
TRUEFALSE
yes
Evaluation Count:38
no
Evaluation Count:0
0-38
1226 -
1227 if (!isMatchingHostname(configuration.peerCertificate, peerName)) {
evaluated: !isMatchingHostname(configuration.peerCertificate, peerName)
TRUEFALSE
yes
Evaluation Count:3
yes
Evaluation Count:35
3-35
1228 // No matches in common names or alternate names. -
1229 QSslError error(QSslError::HostNameMismatch, configuration.peerCertificate);
executed (the execution status of this line is deduced): QSslError error(QSslError::HostNameMismatch, configuration.peerCertificate);
-
1230 errors << error;
executed (the execution status of this line is deduced): errors << error;
-
1231 emit q->peerVerifyError(error);
executed (the execution status of this line is deduced): q->peerVerifyError(error);
-
1232 if (q->state() != QAbstractSocket::ConnectedState)
partially evaluated: q->state() != QAbstractSocket::ConnectedState
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
1233 return false;
never executed: return false;
0
1234 }
executed: }
Execution Count:3
3
1235 }
executed: }
Execution Count:38
38
1236 } else {
executed: }
Execution Count:38
38
1237 // No peer certificate presented. Report as error if the socket -
1238 // expected one. -
1239 if (doVerifyPeer) {
partially evaluated: doVerifyPeer
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:3
0-3
1240 QSslError error(QSslError::NoPeerCertificate);
never executed (the execution status of this line is deduced): QSslError error(QSslError::NoPeerCertificate);
-
1241 errors << error;
never executed (the execution status of this line is deduced): errors << error;
-
1242 emit q->peerVerifyError(error);
never executed (the execution status of this line is deduced): q->peerVerifyError(error);
-
1243 if (q->state() != QAbstractSocket::ConnectedState)
never evaluated: q->state() != QAbstractSocket::ConnectedState
0
1244 return false;
never executed: return false;
0
1245 }
never executed: }
0
1246 }
executed: }
Execution Count:3
3
1247 -
1248 // Translate errors from the error list into QSslErrors. -
1249 for (int i = 0; i < errorList.size(); ++i) {
evaluated: i < errorList.size()
TRUEFALSE
yes
Evaluation Count:47
yes
Evaluation Count:41
41-47
1250 const QPair<int, int> &errorAndDepth = errorList.at(i);
executed (the execution status of this line is deduced): const QPair<int, int> &errorAndDepth = errorList.at(i);
-
1251 int err = errorAndDepth.first;
executed (the execution status of this line is deduced): int err = errorAndDepth.first;
-
1252 int depth = errorAndDepth.second;
executed (the execution status of this line is deduced): int depth = errorAndDepth.second;
-
1253 errors << _q_OpenSSL_to_QSslError(err, configuration.peerCertificateChain.value(depth));
executed (the execution status of this line is deduced): errors << _q_OpenSSL_to_QSslError(err, configuration.peerCertificateChain.value(depth));
-
1254 }
executed: }
Execution Count:47
47
1255 -
1256 if (!errors.isEmpty()) {
evaluated: !errors.isEmpty()
TRUEFALSE
yes
Evaluation Count:38
yes
Evaluation Count:3
3-38
1257 sslErrors = errors;
executed (the execution status of this line is deduced): sslErrors = errors;
-
1258 -
1259#ifdef Q_OS_WIN -
1260 //Skip this if not using system CAs, or if the SSL errors are configured in advance to be ignorable -
1261 if (doVerifyPeer -
1262 && s_loadRootCertsOnDemand -
1263 && allowRootCertOnDemandLoading -
1264 && !verifyErrorsHaveBeenIgnored()) { -
1265 //Windows desktop versions starting from vista ship with minimal set of roots -
1266 //and download on demand from the windows update server CA roots that are -
1267 //trusted by MS. -
1268 //However, this is only transparent if using WinINET - we have to trigger it -
1269 //ourselves. -
1270 QSslCertificate certToFetch; -
1271 bool fetchCertificate = true; -
1272 for (int i=0; i< sslErrors.count(); i++) { -
1273 switch (sslErrors.at(i).error()) { -
1274 case QSslError::UnableToGetLocalIssuerCertificate: // site presented intermediate cert, but root is unknown -
1275 case QSslError::SelfSignedCertificateInChain: // site presented a complete chain, but root is unknown -
1276 certToFetch = sslErrors.at(i).certificate(); -
1277 break; -
1278 case QSslError::SelfSignedCertificate: -
1279 case QSslError::CertificateBlacklisted: -
1280 //With these errors, we know it will be untrusted so save time by not asking windows -
1281 fetchCertificate = false; -
1282 break; -
1283 default: -
1284#ifdef QSSLSOCKET_DEBUG -
1285 qDebug() << sslErrors.at(i).errorString(); -
1286#endif -
1287 break; -
1288 } -
1289 } -
1290 if (fetchCertificate && !certToFetch.isNull()) { -
1291 fetchCaRootForCert(certToFetch); -
1292 return false; -
1293 } -
1294 } -
1295#endif -
1296 -
1297 if (!checkSslErrors())
evaluated: !checkSslErrors()
TRUEFALSE
yes
Evaluation Count:9
yes
Evaluation Count:29
9-29
1298 return false;
executed: return false;
Execution Count:9
9
1299 } else {
executed: }
Execution Count:29
29
1300 sslErrors.clear();
executed (the execution status of this line is deduced): sslErrors.clear();
-
1301 }
executed: }
Execution Count:3
3
1302 -
1303 continueHandshake();
executed (the execution status of this line is deduced): continueHandshake();
-
1304 return true;
executed: return true;
Execution Count:32
32
1305} -
1306 -
1307bool QSslSocketBackendPrivate::checkSslErrors() -
1308{ -
1309 Q_Q(QSslSocket);
executed (the execution status of this line is deduced): QSslSocket * const q = q_func();
-
1310 if (sslErrors.isEmpty())
partially evaluated: sslErrors.isEmpty()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:38
0-38
1311 return true;
never executed: return true;
0
1312 -
1313 emit q->sslErrors(sslErrors);
executed (the execution status of this line is deduced): q->sslErrors(sslErrors);
-
1314 -
1315 bool doVerifyPeer = configuration.peerVerifyMode == QSslSocket::VerifyPeer
partially evaluated: configuration.peerVerifyMode == QSslSocket::VerifyPeer
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:38
0-38
1316 || (configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer
partially evaluated: configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer
TRUEFALSE
yes
Evaluation Count:38
no
Evaluation Count:0
0-38
1317 && mode == QSslSocket::SslClientMode);
evaluated: mode == QSslSocket::SslClientMode
TRUEFALSE
yes
Evaluation Count:35
yes
Evaluation Count:3
3-35
1318 bool doEmitSslError = !verifyErrorsHaveBeenIgnored();
executed (the execution status of this line is deduced): bool doEmitSslError = !verifyErrorsHaveBeenIgnored();
-
1319 // check whether we need to emit an SSL handshake error -
1320 if (doVerifyPeer && doEmitSslError) {
evaluated: doVerifyPeer
TRUEFALSE
yes
Evaluation Count:35
yes
Evaluation Count:3
evaluated: doEmitSslError
TRUEFALSE
yes
Evaluation Count:9
yes
Evaluation Count:26
3-35
1321 if (q->pauseMode() & QAbstractSocket::PauseOnSslErrors) {
partially evaluated: q->pauseMode() & QAbstractSocket::PauseOnSslErrors
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:9
0-9
1322 pauseSocketNotifiers(q);
never executed (the execution status of this line is deduced): pauseSocketNotifiers(q);
-
1323 paused = true;
never executed (the execution status of this line is deduced): paused = true;
-
1324 } else {
never executed: }
0
1325 q->setErrorString(sslErrors.first().errorString());
executed (the execution status of this line is deduced): q->setErrorString(sslErrors.first().errorString());
-
1326 q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
executed (the execution status of this line is deduced): q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
-
1327 emit q->error(QAbstractSocket::SslHandshakeFailedError);
executed (the execution status of this line is deduced): q->error(QAbstractSocket::SslHandshakeFailedError);
-
1328 plainSocket->disconnectFromHost();
executed (the execution status of this line is deduced): plainSocket->disconnectFromHost();
-
1329 }
executed: }
Execution Count:9
9
1330 return false;
executed: return false;
Execution Count:9
9
1331 } -
1332 return true;
executed: return true;
Execution Count:29
29
1333} -
1334 -
1335#ifdef Q_OS_WIN -
1336 -
1337void QSslSocketBackendPrivate::fetchCaRootForCert(const QSslCertificate &cert) -
1338{ -
1339 Q_Q(QSslSocket); -
1340 //The root certificate is downloaded from windows update, which blocks for 15 seconds in the worst case -
1341 //so the request is done in a worker thread. -
1342 QWindowsCaRootFetcher *fetcher = new QWindowsCaRootFetcher(cert, mode); -
1343 QObject::connect(fetcher, SIGNAL(finished(QSslCertificate,QSslCertificate)), q, SLOT(_q_caRootLoaded(QSslCertificate,QSslCertificate)), Qt::QueuedConnection); -
1344 QMetaObject::invokeMethod(fetcher, "start", Qt::QueuedConnection); -
1345 pauseSocketNotifiers(q); -
1346 paused = true; -
1347} -
1348 -
1349//This is the callback from QWindowsCaRootFetcher, trustedRoot will be invalid (default constructed) if it failed. -
1350void QSslSocketBackendPrivate::_q_caRootLoaded(QSslCertificate cert, QSslCertificate trustedRoot) -
1351{ -
1352 Q_Q(QSslSocket); -
1353 if (!trustedRoot.isNull() && !trustedRoot.isBlacklisted()) { -
1354 if (s_loadRootCertsOnDemand) { -
1355 //Add the new root cert to default cert list for use by future sockets -
1356 QSslSocket::addDefaultCaCertificate(trustedRoot); -
1357 } -
1358 //Add the new root cert to this socket for future connections -
1359 q->addCaCertificate(trustedRoot); -
1360 //Remove the broken chain ssl errors (as chain is verified by windows) -
1361 for (int i=sslErrors.count() - 1; i >= 0; --i) { -
1362 if (sslErrors.at(i).certificate() == cert) { -
1363 switch (sslErrors.at(i).error()) { -
1364 case QSslError::UnableToGetLocalIssuerCertificate: -
1365 case QSslError::CertificateUntrusted: -
1366 case QSslError::UnableToVerifyFirstCertificate: -
1367 case QSslError::SelfSignedCertificateInChain: -
1368 // error can be ignored if OS says the chain is trusted -
1369 sslErrors.removeAt(i); -
1370 break; -
1371 default: -
1372 // error cannot be ignored -
1373 break; -
1374 } -
1375 } -
1376 } -
1377 } -
1378 // Continue with remaining errors -
1379 if (plainSocket) -
1380 plainSocket->resume(); -
1381 paused = false; -
1382 if (checkSslErrors()) -
1383 continueHandshake(); -
1384} -
1385 -
1386class QWindowsCaRootFetcherThread : public QThread -
1387{ -
1388public: -
1389 QWindowsCaRootFetcherThread() -
1390 { -
1391 qRegisterMetaType<QSslCertificate>(); -
1392 setObjectName(QStringLiteral("QWindowsCaRootFetcher")); -
1393 start(); -
1394 } -
1395 ~QWindowsCaRootFetcherThread() -
1396 { -
1397 quit(); -
1398 wait(15500); // worst case, a running request can block for 15 seconds -
1399 } -
1400}; -
1401 -
1402Q_GLOBAL_STATIC(QWindowsCaRootFetcherThread, windowsCaRootFetcherThread); -
1403 -
1404QWindowsCaRootFetcher::QWindowsCaRootFetcher(const QSslCertificate &certificate, QSslSocket::SslMode sslMode) -
1405 : cert(certificate), mode(sslMode) -
1406{ -
1407 moveToThread(windowsCaRootFetcherThread()); -
1408} -
1409 -
1410QWindowsCaRootFetcher::~QWindowsCaRootFetcher() -
1411{ -
1412} -
1413 -
1414void QWindowsCaRootFetcher::start() -
1415{ -
1416 QByteArray der = cert.toDer(); -
1417 PCCERT_CONTEXT wincert = CertCreateCertificateContext(X509_ASN_ENCODING, (const BYTE *)der.constData(), der.length()); -
1418 if (!wincert) { -
1419#ifdef QSSLSOCKET_DEBUG -
1420 qDebug("QWindowsCaRootFetcher failed to convert certificate to windows form"); -
1421#endif -
1422 emit finished(cert, QSslCertificate()); -
1423 deleteLater(); -
1424 return; -
1425 } -
1426 -
1427 CERT_CHAIN_PARA parameters; -
1428 memset(&parameters, 0, sizeof(parameters)); -
1429 parameters.cbSize = sizeof(parameters); -
1430 // set key usage constraint -
1431 parameters.RequestedUsage.dwType = USAGE_MATCH_TYPE_AND; -
1432 parameters.RequestedUsage.Usage.cUsageIdentifier = 1; -
1433 LPSTR oid = (LPSTR)(mode == QSslSocket::SslClientMode ? szOID_PKIX_KP_SERVER_AUTH : szOID_PKIX_KP_CLIENT_AUTH); -
1434 parameters.RequestedUsage.Usage.rgpszUsageIdentifier = &oid; -
1435 -
1436#ifdef QSSLSOCKET_DEBUG -
1437 QElapsedTimer stopwatch; -
1438 stopwatch.start(); -
1439#endif -
1440 PCCERT_CHAIN_CONTEXT chain; -
1441 BOOL result = CertGetCertificateChain( -
1442 0, //default engine -
1443 wincert, -
1444 0, //current date/time -
1445 0, //default store -
1446 &parameters, -
1447 0, //default dwFlags -
1448 0, //reserved -
1449 &chain); -
1450#ifdef QSSLSOCKET_DEBUG -
1451 qDebug() << "QWindowsCaRootFetcher" << stopwatch.elapsed() << "ms to get chain"; -
1452#endif -
1453 -
1454 QSslCertificate trustedRoot; -
1455 if (result) { -
1456#ifdef QSSLSOCKET_DEBUG -
1457 qDebug() << "QWindowsCaRootFetcher - examining windows chains"; -
1458 if (chain->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR) -
1459 qDebug() << " - TRUSTED"; -
1460 else -
1461 qDebug() << " - NOT TRUSTED" << chain->TrustStatus.dwErrorStatus; -
1462 if (chain->TrustStatus.dwInfoStatus & CERT_TRUST_IS_SELF_SIGNED) -
1463 qDebug() << " - SELF SIGNED"; -
1464 qDebug() << "QSslSocketBackendPrivate::fetchCaRootForCert - dumping simple chains"; -
1465 for (unsigned int i = 0; i < chain->cChain; i++) { -
1466 if (chain->rgpChain[i]->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR) -
1467 qDebug() << " - TRUSTED SIMPLE CHAIN" << i; -
1468 else -
1469 qDebug() << " - UNTRUSTED SIMPLE CHAIN" << i << "reason:" << chain->rgpChain[i]->TrustStatus.dwErrorStatus; -
1470 for (unsigned int j = 0; j < chain->rgpChain[i]->cElement; j++) { -
1471 QSslCertificate foundCert(QByteArray((const char *)chain->rgpChain[i]->rgpElement[j]->pCertContext->pbCertEncoded -
1472 , chain->rgpChain[i]->rgpElement[j]->pCertContext->cbCertEncoded), QSsl::Der); -
1473 qDebug() << " - " << foundCert; -
1474 } -
1475 } -
1476 qDebug() << " - and" << chain->cLowerQualityChainContext << "low quality chains"; //expect 0, we haven't asked for them -
1477#endif -
1478 -
1479 //based on http://msdn.microsoft.com/en-us/library/windows/desktop/aa377182%28v=vs.85%29.aspx -
1480 //about the final chain rgpChain[cChain-1] which must begin with a trusted root to be valid -
1481 if (chain->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR -
1482 && chain->cChain > 0) { -
1483 const PCERT_SIMPLE_CHAIN finalChain = chain->rgpChain[chain->cChain - 1]; -
1484 // http://msdn.microsoft.com/en-us/library/windows/desktop/aa377544%28v=vs.85%29.aspx -
1485 // rgpElement[0] is the end certificate chain element. rgpElement[cElement-1] is the self-signed "root" certificate element. -
1486 if (finalChain->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR -
1487 && finalChain->cElement > 0) { -
1488 trustedRoot = QSslCertificate(QByteArray((const char *)finalChain->rgpElement[finalChain->cElement - 1]->pCertContext->pbCertEncoded -
1489 , finalChain->rgpElement[finalChain->cElement - 1]->pCertContext->cbCertEncoded), QSsl::Der); -
1490 } -
1491 } -
1492 CertFreeCertificateChain(chain); -
1493 } -
1494 CertFreeCertificateContext(wincert); -
1495 -
1496 emit finished(cert, trustedRoot); -
1497 deleteLater(); -
1498} -
1499#endif -
1500 -
1501void QSslSocketBackendPrivate::disconnectFromHost() -
1502{ -
1503 if (ssl) {
never evaluated: ssl
0
1504 q_SSL_shutdown(ssl);
never executed (the execution status of this line is deduced): q_SSL_shutdown(ssl);
-
1505 transmit();
never executed (the execution status of this line is deduced): transmit();
-
1506 }
never executed: }
0
1507 plainSocket->disconnectFromHost();
never executed (the execution status of this line is deduced): plainSocket->disconnectFromHost();
-
1508}
never executed: }
0
1509 -
1510void QSslSocketBackendPrivate::disconnected() -
1511{ -
1512 if (plainSocket->bytesAvailable() <= 0)
evaluated: plainSocket->bytesAvailable() <= 0
TRUEFALSE
yes
Evaluation Count:86
yes
Evaluation Count:2
2-86
1513 destroySslContext();
executed: destroySslContext();
Execution Count:86
86
1514 //if there is still buffered data in the plain socket, don't destroy the ssl context yet. -
1515 //it will be destroyed when the socket is deleted. -
1516}
executed: }
Execution Count:88
88
1517 -
1518QSslCipher QSslSocketBackendPrivate::sessionCipher() const -
1519{ -
1520 if (!ssl || !ctx)
evaluated: !ssl
TRUEFALSE
yes
Evaluation Count:17
yes
Evaluation Count:92
partially evaluated: !ctx
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:92
0-92
1521 return QSslCipher();
executed: return QSslCipher();
Execution Count:17
17
1522#if OPENSSL_VERSION_NUMBER >= 0x10000000L -
1523 // FIXME This is fairly evil, but needed to keep source level compatibility -
1524 // with the OpenSSL 0.9.x implementation at maximum -- some other functions -
1525 // don't take a const SSL_CIPHER* when they should -
1526 SSL_CIPHER *sessionCipher = const_cast<SSL_CIPHER *>(q_SSL_get_current_cipher(ssl)); -
1527#else -
1528 SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl);
executed (the execution status of this line is deduced): SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl);
-
1529#endif -
1530 return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher();
executed: return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher();
Execution Count:92
92
1531} -
1532 -
1533void QSslSocketBackendPrivate::continueHandshake() -
1534{ -
1535 Q_Q(QSslSocket);
executed (the execution status of this line is deduced): QSslSocket * const q = q_func();
-
1536 // if we have a max read buffer size, reset the plain socket's to match -
1537 if (readBufferMaxSize)
evaluated: readBufferMaxSize
TRUEFALSE
yes
Evaluation Count:28
yes
Evaluation Count:4
4-28
1538 plainSocket->setReadBufferSize(readBufferMaxSize);
executed: plainSocket->setReadBufferSize(readBufferMaxSize);
Execution Count:28
28
1539 -
1540 connectionEncrypted = true;
executed (the execution status of this line is deduced): connectionEncrypted = true;
-
1541 emit q->encrypted();
executed (the execution status of this line is deduced): q->encrypted();
-
1542 if (autoStartHandshake && pendingClose) {
evaluated: autoStartHandshake
TRUEFALSE
yes
Evaluation Count:28
yes
Evaluation Count:4
partially evaluated: pendingClose
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:28
0-28
1543 pendingClose = false;
never executed (the execution status of this line is deduced): pendingClose = false;
-
1544 q->disconnectFromHost();
never executed (the execution status of this line is deduced): q->disconnectFromHost();
-
1545 }
never executed: }
0
1546}
executed: }
Execution Count:32
32
1547 -
1548QList<QSslCertificate> QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509) -
1549{ -
1550 ensureInitialized();
executed (the execution status of this line is deduced): ensureInitialized();
-
1551 QList<QSslCertificate> certificates;
executed (the execution status of this line is deduced): QList<QSslCertificate> certificates;
-
1552 for (int i = 0; i < q_sk_X509_num(x509); ++i) {
evaluated: i < ((int (*)(const STACK *))q_sk_num)((x509))
TRUEFALSE
yes
Evaluation Count:38
yes
Evaluation Count:47
38-47
1553 if (X509 *entry = q_sk_X509_value(x509, i))
partially evaluated: X509 *entry = ((X509 * (*)(const STACK *, int))q_sk_value)((x509), (i))
TRUEFALSE
yes
Evaluation Count:38
no
Evaluation Count:0
0-38
1554 certificates << QSslCertificatePrivate::QSslCertificate_from_X509(entry);
executed: certificates << QSslCertificatePrivate::QSslCertificate_from_X509(entry);
Execution Count:38
38
1555 }
executed: }
Execution Count:38
38
1556 return certificates;
executed: return certificates;
Execution Count:47
47
1557} -
1558 -
1559QString QSslSocketBackendPrivate::getErrorsFromOpenSsl() -
1560{ -
1561 QString errorString;
executed (the execution status of this line is deduced): QString errorString;
-
1562 unsigned long errNum;
executed (the execution status of this line is deduced): unsigned long errNum;
-
1563 while((errNum = q_ERR_get_error())) {
evaluated: (errNum = q_ERR_get_error())
TRUEFALSE
yes
Evaluation Count:1
yes
Evaluation Count:1
1
1564 if (! errorString.isEmpty())
partially evaluated: ! errorString.isEmpty()
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:1
0-1
1565 errorString.append(QLatin1String(", "));
never executed: errorString.append(QLatin1String(", "));
0
1566 const char *error = q_ERR_error_string(errNum, NULL);
executed (the execution status of this line is deduced): const char *error = q_ERR_error_string(errNum, __null);
-
1567 errorString.append(QString::fromLatin1(error)); // error is ascii according to man ERR_error_string
executed (the execution status of this line is deduced): errorString.append(QString::fromLatin1(error));
-
1568 }
executed: }
Execution Count:1
1
1569 return errorString;
executed: return errorString;
Execution Count:1
1
1570} -
1571 -
1572bool QSslSocketBackendPrivate::isMatchingHostname(const QSslCertificate &cert, const QString &peerName) -
1573{ -
1574 QStringList commonNameList = cert.subjectInfo(QSslCertificate::CommonName);
executed (the execution status of this line is deduced): QStringList commonNameList = cert.subjectInfo(QSslCertificate::CommonName);
-
1575 -
1576 foreach (const QString &commonName, commonNameList) {
executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(commonNameList)> _container_(commonNameList); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QString &commonName = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
1577 if (isMatchingHostname(commonName.toLower(), peerName.toLower())) {
evaluated: isMatchingHostname(commonName.toLower(), peerName.toLower())
TRUEFALSE
yes
Evaluation Count:36
yes
Evaluation Count:4
4-36
1578 return true;
executed: return true;
Execution Count:36
36
1579 } -
1580 }
executed: }
Execution Count:4
4
1581 -
1582 foreach (const QString &altName, cert.subjectAlternativeNames().values(QSsl::DnsEntry)) {
never executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(cert.subjectAlternativeNames().values(QSsl::DnsEntry))> _container_(cert.subjectAlternativeNames().values(QSsl::DnsEntry)); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QString &altName = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
1583 if (isMatchingHostname(altName.toLower(), peerName.toLower())) {
never evaluated: isMatchingHostname(altName.toLower(), peerName.toLower())
0
1584 return true;
never executed: return true;
0
1585 } -
1586 }
never executed: }
0
1587 -
1588 return false;
executed: return false;
Execution Count:4
4
1589} -
1590 -
1591bool QSslSocketBackendPrivate::isMatchingHostname(const QString &cn, const QString &hostname) -
1592{ -
1593 int wildcard = cn.indexOf(QLatin1Char('*'));
executed (the execution status of this line is deduced): int wildcard = cn.indexOf(QLatin1Char('*'));
-
1594 -
1595 // Check this is a wildcard cert, if not then just compare the strings -
1596 if (wildcard < 0)
partially evaluated: wildcard < 0
TRUEFALSE
yes
Evaluation Count:40
no
Evaluation Count:0
0-40
1597 return cn == hostname;
executed: return cn == hostname;
Execution Count:40
40
1598 -
1599 int firstCnDot = cn.indexOf(QLatin1Char('.'));
never executed (the execution status of this line is deduced): int firstCnDot = cn.indexOf(QLatin1Char('.'));
-
1600 int secondCnDot = cn.indexOf(QLatin1Char('.'), firstCnDot+1);
never executed (the execution status of this line is deduced): int secondCnDot = cn.indexOf(QLatin1Char('.'), firstCnDot+1);
-
1601 -
1602 // Check at least 3 components -
1603 if ((-1 == secondCnDot) || (secondCnDot+1 >= cn.length()))
never evaluated: (-1 == secondCnDot)
never evaluated: (secondCnDot+1 >= cn.length())
0
1604 return false;
never executed: return false;
0
1605 -
1606 // Check * is last character of 1st component (ie. there's a following .) -
1607 if (wildcard+1 != firstCnDot)
never evaluated: wildcard+1 != firstCnDot
0
1608 return false;
never executed: return false;
0
1609 -
1610 // Check only one star -
1611 if (cn.lastIndexOf(QLatin1Char('*')) != wildcard)
never evaluated: cn.lastIndexOf(QLatin1Char('*')) != wildcard
0
1612 return false;
never executed: return false;
0
1613 -
1614 // Check characters preceding * (if any) match -
1615 if (wildcard && (hostname.leftRef(wildcard) != cn.leftRef(wildcard)))
never evaluated: wildcard
never evaluated: (hostname.leftRef(wildcard) != cn.leftRef(wildcard))
0
1616 return false;
never executed: return false;
0
1617 -
1618 // Check characters following first . match -
1619 if (hostname.midRef(hostname.indexOf(QLatin1Char('.'))) != cn.midRef(firstCnDot))
never evaluated: hostname.midRef(hostname.indexOf(QLatin1Char('.'))) != cn.midRef(firstCnDot)
0
1620 return false;
never executed: return false;
0
1621 -
1622 // Check if the hostname is an IP address, if so then wildcards are not allowed -
1623 QHostAddress addr(hostname);
never executed (the execution status of this line is deduced): QHostAddress addr(hostname);
-
1624 if (!addr.isNull())
never evaluated: !addr.isNull()
0
1625 return false;
never executed: return false;
0
1626 -
1627 // Ok, I guess this was a wildcard CN and the hostname matches. -
1628 return true;
never executed: return true;
0
1629} -
1630 -
1631QList<QSslError> QSslSocketBackendPrivate::verify(QList<QSslCertificate> certificateChain, const QString &hostName) -
1632{ -
1633 QList<QSslError> errors;
executed (the execution status of this line is deduced): QList<QSslError> errors;
-
1634 if (certificateChain.count() <= 0) {
evaluated: certificateChain.count() <= 0
TRUEFALSE
yes
Evaluation Count:1
yes
Evaluation Count:7
1-7
1635 errors << QSslError(QSslError::UnspecifiedError);
executed (the execution status of this line is deduced): errors << QSslError(QSslError::UnspecifiedError);
-
1636 return errors;
executed: return errors;
Execution Count:1
1
1637 } -
1638 -
1639 // Setup the store with the default CA certificates -
1640 X509_STORE *certStore = q_X509_STORE_new();
executed (the execution status of this line is deduced): X509_STORE *certStore = q_X509_STORE_new();
-
1641 if (!certStore) {
partially evaluated: !certStore
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:7
0-7
1642 qWarning() << "Unable to create certificate store";
never executed (the execution status of this line is deduced): QMessageLogger("ssl/qsslsocket_openssl.cpp", 1642, __PRETTY_FUNCTION__).warning() << "Unable to create certificate store";
-
1643 errors << QSslError(QSslError::UnspecifiedError);
never executed (the execution status of this line is deduced): errors << QSslError(QSslError::UnspecifiedError);
-
1644 return errors;
never executed: return errors;
0
1645 } -
1646 -
1647 if (s_loadRootCertsOnDemand) {
evaluated: s_loadRootCertsOnDemand
TRUEFALSE
yes
Evaluation Count:1
yes
Evaluation Count:6
1-6
1648 setDefaultCaCertificates(defaultCaCertificates() + systemCaCertificates());
executed (the execution status of this line is deduced): setDefaultCaCertificates(defaultCaCertificates() + systemCaCertificates());
-
1649 }
executed: }
Execution Count:1
1
1650 -
1651 QList<QSslCertificate> expiredCerts;
executed (the execution status of this line is deduced): QList<QSslCertificate> expiredCerts;
-
1652 -
1653 foreach (const QSslCertificate &caCertificate, QSslSocket::defaultCaCertificates()) {
executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(QSslSocket::defaultCaCertificates())> _container_(QSslSocket::defaultCaCertificates()); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &caCertificate = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
1654 // add expired certs later, so that the -
1655 // valid ones are used before the expired ones -
1656 if (caCertificate.expiryDate() < QDateTime::currentDateTime()) {
evaluated: caCertificate.expiryDate() < QDateTime::currentDateTime()
TRUEFALSE
yes
Evaluation Count:224
yes
Evaluation Count:1757
224-1757
1657 expiredCerts.append(caCertificate);
executed (the execution status of this line is deduced): expiredCerts.append(caCertificate);
-
1658 } else {
executed: }
Execution Count:224
224
1659 q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle()));
executed (the execution status of this line is deduced): q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle()));
-
1660 }
executed: }
Execution Count:1757
1757
1661 } -
1662 -
1663 bool addExpiredCerts = true;
executed (the execution status of this line is deduced): bool addExpiredCerts = true;
-
1664#if defined(Q_OS_MAC) && (MAC_OS_X_VERSION_MAX_ALLOWED == MAC_OS_X_VERSION_10_5) -
1665 //On Leopard SSL does not work if we add the expired certificates. -
1666 if (QSysInfo::MacintoshVersion == QSysInfo::MV_10_5) -
1667 addExpiredCerts = false; -
1668#endif -
1669 // now add the expired certs -
1670 if (addExpiredCerts) {
partially evaluated: addExpiredCerts
TRUEFALSE
yes
Evaluation Count:7
no
Evaluation Count:0
0-7
1671 foreach (const QSslCertificate &caCertificate, expiredCerts) {
executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(expiredCerts)> _container_(expiredCerts); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &caCertificate = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
1672 q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle()));
executed (the execution status of this line is deduced): q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle()));
-
1673 }
executed: }
Execution Count:224
224
1674 }
executed: }
Execution Count:7
7
1675 -
1676 QMutexLocker sslErrorListMutexLocker(&_q_sslErrorList()->mutex);
executed (the execution status of this line is deduced): QMutexLocker sslErrorListMutexLocker(&_q_sslErrorList()->mutex);
-
1677 -
1678 // Register a custom callback to get all verification errors. -
1679 X509_STORE_set_verify_cb_func(certStore, q_X509Callback);
executed (the execution status of this line is deduced): ((certStore)->verify_cb=(q_X509Callback));
-
1680 -
1681 // Build the chain of intermediate certificates -
1682 STACK_OF(X509) *intermediates = 0;
executed (the execution status of this line is deduced): STACK *intermediates = 0;
-
1683 if (certificateChain.length() > 1) {
evaluated: certificateChain.length() > 1
TRUEFALSE
yes
Evaluation Count:4
yes
Evaluation Count:3
3-4
1684 intermediates = (STACK_OF(X509) *) q_sk_new_null();
executed (the execution status of this line is deduced): intermediates = (STACK *) q_sk_new_null();
-
1685 -
1686 if (!intermediates) {
partially evaluated: !intermediates
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:4
0-4
1687 q_X509_STORE_free(certStore);
never executed (the execution status of this line is deduced): q_X509_STORE_free(certStore);
-
1688 errors << QSslError(QSslError::UnspecifiedError);
never executed (the execution status of this line is deduced): errors << QSslError(QSslError::UnspecifiedError);
-
1689 return errors;
never executed: return errors;
0
1690 } -
1691 -
1692 bool first = true;
executed (the execution status of this line is deduced): bool first = true;
-
1693 foreach (const QSslCertificate &cert, certificateChain) {
executed (the execution status of this line is deduced): for (QForeachContainer<__typeof__(certificateChain)> _container_(certificateChain); !_container_.brk && _container_.i != _container_.e; __extension__ ({ ++_container_.brk; ++_container_.i; })) for (const QSslCertificate &cert = *_container_.i;; __extension__ ({--_container_.brk; break;})) {
-
1694 if (first) {
evaluated: first
TRUEFALSE
yes
Evaluation Count:4
yes
Evaluation Count:4
4
1695 first = false;
executed (the execution status of this line is deduced): first = false;
-
1696 continue;
executed: continue;
Execution Count:4
4
1697 } -
1698#if OPENSSL_VERSION_NUMBER >= 0x10000000L -
1699 q_sk_push( (_STACK *)intermediates, reinterpret_cast<X509 *>(cert.handle())); -
1700#else -
1701 q_sk_push( (STACK *)intermediates, reinterpret_cast<X509 *>(cert.handle()));
executed (the execution status of this line is deduced): q_sk_push( (STACK *)intermediates, reinterpret_cast<X509 *>(cert.handle()));
-
1702#endif -
1703 }
executed: }
Execution Count:4
4
1704 }
executed: }
Execution Count:4
4
1705 -
1706 X509_STORE_CTX *storeContext = q_X509_STORE_CTX_new();
executed (the execution status of this line is deduced): X509_STORE_CTX *storeContext = q_X509_STORE_CTX_new();
-
1707 if (!storeContext) {
partially evaluated: !storeContext
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:7
0-7
1708 q_X509_STORE_free(certStore);
never executed (the execution status of this line is deduced): q_X509_STORE_free(certStore);
-
1709 errors << QSslError(QSslError::UnspecifiedError);
never executed (the execution status of this line is deduced): errors << QSslError(QSslError::UnspecifiedError);
-
1710 return errors;
never executed: return errors;
0
1711 } -
1712 -
1713 if (!q_X509_STORE_CTX_init(storeContext, certStore, reinterpret_cast<X509 *>(certificateChain[0].handle()), intermediates)) {
partially evaluated: !q_X509_STORE_CTX_init(storeContext, certStore, reinterpret_cast<X509 *>(certificateChain[0].handle()), intermediates)
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:7
0-7
1714 q_X509_STORE_CTX_free(storeContext);
never executed (the execution status of this line is deduced): q_X509_STORE_CTX_free(storeContext);
-
1715 q_X509_STORE_free(certStore);
never executed (the execution status of this line is deduced): q_X509_STORE_free(certStore);
-
1716 errors << QSslError(QSslError::UnspecifiedError);
never executed (the execution status of this line is deduced): errors << QSslError(QSslError::UnspecifiedError);
-
1717 return errors;
never executed: return errors;
0
1718 } -
1719 -
1720 // Now we can actually perform the verification of the chain we have built. -
1721 // We ignore the result of this function since we process errors via the -
1722 // callback. -
1723 (void) q_X509_verify_cert(storeContext);
executed (the execution status of this line is deduced): (void) q_X509_verify_cert(storeContext);
-
1724 -
1725 q_X509_STORE_CTX_free(storeContext);
executed (the execution status of this line is deduced): q_X509_STORE_CTX_free(storeContext);
-
1726#if OPENSSL_VERSION_NUMBER >= 0x10000000L -
1727 q_sk_free( (_STACK *) intermediates); -
1728#else -
1729 q_sk_free( (STACK *) intermediates);
executed (the execution status of this line is deduced): q_sk_free( (STACK *) intermediates);
-
1730#endif -
1731 -
1732 // Now process the errors -
1733 const QList<QPair<int, int> > errorList = _q_sslErrorList()->errors;
executed (the execution status of this line is deduced): const QList<QPair<int, int> > errorList = _q_sslErrorList()->errors;
-
1734 _q_sslErrorList()->errors.clear();
executed (the execution status of this line is deduced): _q_sslErrorList()->errors.clear();
-
1735 -
1736 sslErrorListMutexLocker.unlock();
executed (the execution status of this line is deduced): sslErrorListMutexLocker.unlock();
-
1737 -
1738 // Translate the errors -
1739 if (QSslCertificatePrivate::isBlacklisted(certificateChain[0])) {
evaluated: QSslCertificatePrivate::isBlacklisted(certificateChain[0])
TRUEFALSE
yes
Evaluation Count:1
yes
Evaluation Count:6
1-6
1740 QSslError error(QSslError::CertificateBlacklisted, certificateChain[0]);
executed (the execution status of this line is deduced): QSslError error(QSslError::CertificateBlacklisted, certificateChain[0]);
-
1741 errors << error;
executed (the execution status of this line is deduced): errors << error;
-
1742 }
executed: }
Execution Count:1
1
1743 -
1744 // Check the certificate name against the hostname if one was specified -
1745 if ((!hostName.isEmpty()) && (!isMatchingHostname(certificateChain[0], hostName))) {
evaluated: (!hostName.isEmpty())
TRUEFALSE
yes
Evaluation Count:2
yes
Evaluation Count:5
evaluated: (!isMatchingHostname(certificateChain[0], hostName))
TRUEFALSE
yes
Evaluation Count:1
yes
Evaluation Count:1
1-5
1746 // No matches in common names or alternate names. -
1747 QSslError error(QSslError::HostNameMismatch, certificateChain[0]);
executed (the execution status of this line is deduced): QSslError error(QSslError::HostNameMismatch, certificateChain[0]);
-
1748 errors << error;
executed (the execution status of this line is deduced): errors << error;
-
1749 }
executed: }
Execution Count:1
1
1750 -
1751 // Translate errors from the error list into QSslErrors. -
1752 for (int i = 0; i < errorList.size(); ++i) {
evaluated: i < errorList.size()
TRUEFALSE
yes
Evaluation Count:3
yes
Evaluation Count:7
3-7
1753 const QPair<int, int> &errorAndDepth = errorList.at(i);
executed (the execution status of this line is deduced): const QPair<int, int> &errorAndDepth = errorList.at(i);
-
1754 int err = errorAndDepth.first;
executed (the execution status of this line is deduced): int err = errorAndDepth.first;
-
1755 int depth = errorAndDepth.second;
executed (the execution status of this line is deduced): int depth = errorAndDepth.second;
-
1756 errors << _q_OpenSSL_to_QSslError(err, certificateChain.value(depth));
executed (the execution status of this line is deduced): errors << _q_OpenSSL_to_QSslError(err, certificateChain.value(depth));
-
1757 }
executed: }
Execution Count:3
3
1758 -
1759 q_X509_STORE_free(certStore);
executed (the execution status of this line is deduced): q_X509_STORE_free(certStore);
-
1760 -
1761 return errors;
executed: return errors;
Execution Count:7
7
1762} -
1763 -
1764QT_END_NAMESPACE -
1765 -
Source codeSwitch to Preprocessed file
Generated by Squish Coco Non-Commercial