qssl.cpp

Jenkins

qssl.cpp

Absolute File Name:

/home/qt/qt5_coco/qt5/qtbase/src/network/ssl/qssl.cpp

Line	Source	Count
1	/****************************************************************************	-
2	**	-
3	** Copyright (C) 2015 The Qt Company Ltd.	-
4	** Contact: http://www.qt.io/licensing/	-
5	**	-
6	** This file is part of the QtNetwork module of the Qt Toolkit.	-
7	**	-
8	** $QT_BEGIN_LICENSE:LGPL21$	-
9	** Commercial License Usage	-
10	** Licensees holding valid commercial Qt licenses may use this file in	-
11	** accordance with the commercial license agreement provided with the	-
12	** Software or, alternatively, in accordance with the terms contained in	-
13	** a written agreement between you and The Qt Company. For licensing terms	-
14	** and conditions see http://www.qt.io/terms-conditions. For further	-
15	** information use the contact form at http://www.qt.io/contact-us.	-
16	**	-
17	** GNU Lesser General Public License Usage	-
18	** Alternatively, this file may be used under the terms of the GNU Lesser	-
19	** General Public License version 2.1 or version 3 as published by the Free	-
20	** Software Foundation and appearing in the file LICENSE.LGPLv21 and	-
21	** LICENSE.LGPLv3 included in the packaging of this file. Please review the	-
22	** following information to ensure the GNU Lesser General Public License	-
23	** requirements will be met: https://www.gnu.org/licenses/lgpl.html and	-
24	** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.	-
25	**	-
26	** As a special exception, The Qt Company gives you certain additional	-
27	** rights. These rights are described in The Qt Company LGPL Exception	-
28	** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.	-
29	**	-
30	** $QT_END_LICENSE$	-
31	**	-
32	****************************************************************************/	-
33		-
34		-
35	#include "qsslkey.h"	-
36	#include "qssl_p.h"	-
37		-
38	QT_BEGIN_NAMESPACE	-
39		-
40	Q_LOGGING_CATEGORY(lcSsl, "qt.network.ssl"); executed 34 times by 2 tests: `return category;` Executed by: tst_qsslcertificate - unknown status tst_qsslsocket - unknown status	34
41		-
42	/*! \namespace QSsl	-
43		-
44	\brief The QSsl namespace declares enums common to all SSL classes in Qt Network.	-
45	\since 4.3	-
46		-
47	\ingroup network	-
48	\ingroup ssl	-
49	\inmodule QtNetwork	-
50	*/	-
51		-
52	/*!	-
53	\enum QSsl::KeyType	-
54		-
55	Describes the two types of keys QSslKey supports.	-
56		-
57	\value PrivateKey A private key.	-
58	\value PublicKey A public key.	-
59	*/	-
60		-
61	/*!	-
62	\enum QSsl::KeyAlgorithm	-
63		-
64	Describes the different key algorithms supported by QSslKey.	-
65		-
66	\value Rsa The RSA algorithm.	-
67	\value Dsa The DSA algorithm.	-
68	\value Ec The Elliptic Curve algorithm	-
69	\value Opaque A key that should be treated as a 'black box' by QSslKey.	-
70		-
71	The opaque key facility allows applications to add support for facilities	-
72	such as PKCS#11 that Qt does not currently offer natively.	-
73	*/	-
74		-
75	/*!	-
76	\enum QSsl::EncodingFormat	-
77		-
78	Describes supported encoding formats for certificates and keys.	-
79		-
80	\value Pem The PEM format.	-
81	\value Der The DER format.	-
82	*/	-
83		-
84	/*!	-
85	\enum QSsl::AlternativeNameEntryType	-
86		-
87	Describes the key types for alternative name entries in QSslCertificate.	-
88		-
89	\value EmailEntry An email entry; the entry contains an email address that	-
90	the certificate is valid for.	-
91		-
92	\value DnsEntry A DNS host name entry; the entry contains a host name	-
93	entry that the certificate is valid for. The entry may contain wildcards.	-
94		-
95	\note In Qt 4, this enum was called \c {AlternateNameEntryType}. That name	-
96	is deprecated in Qt 5.	-
97		-
98	\sa QSslCertificate::subjectAlternativeNames()	-
99	*/	-
100		-
101	/*!	-
102	\typedef QSsl::AlternateNameEntryType	-
103	\obsolete	-
104		-
105	Use QSsl::AlternativeNameEntryType instead.	-
106	*/	-
107		-
108	/*!	-
109	\enum QSsl::SslProtocol	-
110		-
111	Describes the protocol of the cipher.	-
112		-
113	\value SslV3 SSLv3	-
114	\value SslV2 SSLv2	-
115	\value TlsV1_0 TLSv1.0	-
116	\value TlsV1_0OrLater TLSv1.0 and later versions. This option is not available when using the WinRT backend due to platform limitations.	-
117	\value TlsV1 Obsolete, means the same as TlsV1_0	-
118	\value TlsV1_1 TLSv1.1	-
119	\value TlsV1_1OrLater TLSv1.1 and later versions. This option is not available when using the WinRT backend due to platform limitations.	-
120	\value TlsV1_2 TLSv1.2	-
121	\value TlsV1_2OrLater TLSv1.2 and later versions. This option is not available when using the WinRT backend due to platform limitations.	-
122	\value UnknownProtocol The cipher's protocol cannot be determined.	-
123	\value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1.0. This	-
124	value is used by QSslSocket only.	-
125	\value TlsV1SslV3 On the client side, this will send	-
126	a TLS 1.0 Client Hello, enabling TLSv1_0 and SSLv3 connections.	-
127	On the server side, this will enable both SSLv3 and TLSv1_0 connections.	-
128	\value SecureProtocols The default option, using protocols known to be secure;	-
129	currently behaves similar to TlsV1Ssl3 except denying SSLv3 connections that does	-
130	not upgrade to TLS.	-
131		-
132	\note most servers understand both SSL and TLS, but it is recommended to use	-
133	TLS only for security reasons. However, SSL and TLS are not compatible with	-
134	each other: if you get unexpected handshake failures, verify that you chose	-
135	the correct setting for your protocol.	-
136	*/	-
137		-
138	/*!	-
139	\enum QSsl::SslOption	-
140		-
141	Describes the options that can be used to control the details of	-
142	SSL behaviour. These options are generally used to turn features off	-
143	to work around buggy servers.	-
144		-
145	\value SslOptionDisableEmptyFragments Disables the insertion of empty	-
146	fragments into the data when using block ciphers. When enabled, this	-
147	prevents some attacks (such as the BEAST attack), however it is	-
148	incompatible with some servers.	-
149	\value SslOptionDisableSessionTickets Disables the SSL session ticket	-
150	extension. This can cause slower connection setup, however some servers	-
151	are not compatible with the extension.	-
152	\value SslOptionDisableCompression Disables the SSL compression	-
153	extension. When enabled, this allows the data being passed over SSL to	-
154	be compressed, however some servers are not compatible with this	-
155	extension.	-
156	\value SslOptionDisableServerNameIndication Disables the SSL server	-
157	name indication extension. When enabled, this tells the server the virtual	-
158	host being accessed allowing it to respond with the correct certificate.	-
159	\value SslOptionDisableLegacyRenegotiation Disables the older insecure	-
160	mechanism for renegotiating the connection parameters. When enabled, this	-
161	option can allow connections for legacy servers, but it introduces the	-
162	possibility that an attacker could inject plaintext into the SSL session.	-
163	\value SslOptionDisableSessionSharing Disables SSL session sharing via	-
164	the session ID handshake attribute.	-
165	\value SslOptionDisableSessionPersistence Disables storing the SSL session	-
166	in ASN.1 format as returned by QSslConfiguration::sessionTicket(). Enabling	-
167	this feature adds memory overhead of approximately 1K per used session	-
168	ticket.	-
169	\value SslOptionDisableServerCipherPreference Disables selecting the cipher	-
170	chosen based on the servers preferences rather than the order ciphers were	-
171	sent by the client. This option is only relevant to server sockets, and is	-
172	only honored by the OpenSSL backend.	-
173		-
174	By default, SslOptionDisableEmptyFragments is turned on since this causes	-
175	problems with a large number of servers. SslOptionDisableLegacyRenegotiation	-
176	is also turned on, since it introduces a security risk.	-
177	SslOptionDisableCompression is turned on to prevent the attack publicised by	-
178	CRIME.	-
179	SslOptionDisableSessionPersistence is turned on to optimize memory usage.	-
180	The other options are turned off.	-
181		-
182	\note Availability of above options depends on the version of the SSL	-
183	backend in use.	-
184	*/	-
185		-
186		-
187	QT_END_NAMESPACE	-

Line

Source

Count

/****************************************************************************

** Contact: http://www.qt.io/licensing/

** This file is part of the QtNetwork module of the Qt Toolkit.

** $QT_BEGIN_LICENSE:LGPL21$

** Commercial License Usage

** Licensees holding valid commercial Qt licenses may use this file in

** accordance with the commercial license agreement provided with the

** Software or, alternatively, in accordance with the terms contained in

** a written agreement between you and The Qt Company. For licensing terms

** and conditions see http://www.qt.io/terms-conditions. For further

** information use the contact form at http://www.qt.io/contact-us.

** GNU Lesser General Public License Usage

** Alternatively, this file may be used under the terms of the GNU Lesser

** General Public License version 2.1 or version 3 as published by the Free

** Software Foundation and appearing in the file LICENSE.LGPLv21 and

** LICENSE.LGPLv3 included in the packaging of this file. Please review the

** following information to ensure the GNU Lesser General Public License

** requirements will be met: https://www.gnu.org/licenses/lgpl.html and

** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.

** As a special exception, The Qt Company gives you certain additional

** rights. These rights are described in The Qt Company LGPL Exception

** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.

** $QT_END_LICENSE$

****************************************************************************/

#include "qsslkey.h"

#include "qssl_p.h"

QT_BEGIN_NAMESPACE

Q_LOGGING_CATEGORY(lcSsl, "qt.network.ssl");

executed 34 times by 2 tests: return category;

Executed by:

tst_qsslcertificate - unknown status
tst_qsslsocket - unknown status

/*! \namespace QSsl

\brief The QSsl namespace declares enums common to all SSL classes in Qt Network.

\since 4.3

\ingroup network

\ingroup ssl

\inmodule QtNetwork

/*!

\enum QSsl::KeyType

Describes the two types of keys QSslKey supports.

\value PrivateKey A private key.

\value PublicKey A public key.

/*!

\enum QSsl::KeyAlgorithm

Describes the different key algorithms supported by QSslKey.

\value Rsa The RSA algorithm.

\value Dsa The DSA algorithm.

\value Ec The Elliptic Curve algorithm

\value Opaque A key that should be treated as a 'black box' by QSslKey.

The opaque key facility allows applications to add support for facilities

such as PKCS#11 that Qt does not currently offer natively.

/*!

\enum QSsl::EncodingFormat

Describes supported encoding formats for certificates and keys.

\value Pem The PEM format.

\value Der The DER format.

/*!

\enum QSsl::AlternativeNameEntryType

Describes the key types for alternative name entries in QSslCertificate.

\value EmailEntry An email entry; the entry contains an email address that

the certificate is valid for.

\value DnsEntry A DNS host name entry; the entry contains a host name

entry that the certificate is valid for. The entry may contain wildcards.

\note In Qt 4, this enum was called \c {AlternateNameEntryType}. That name

is deprecated in Qt 5.

\sa QSslCertificate::subjectAlternativeNames()

100

101

/*!

102

\typedef QSsl::AlternateNameEntryType

103

\obsolete

104

105

Use QSsl::AlternativeNameEntryType instead.

/*!

\enum QSsl::SslProtocol

110

111

Describes the protocol of the cipher.

\value SslV3 SSLv3

\value SslV2 SSLv2

\value TlsV1_0 TLSv1.0

116

\value TlsV1_0OrLater TLSv1.0 and later versions. This option is not available when using the WinRT backend due to platform limitations.

117

\value TlsV1 Obsolete, means the same as TlsV1_0

118

\value TlsV1_1 TLSv1.1

119

\value TlsV1_1OrLater TLSv1.1 and later versions. This option is not available when using the WinRT backend due to platform limitations.

120

\value TlsV1_2 TLSv1.2

121

\value TlsV1_2OrLater TLSv1.2 and later versions. This option is not available when using the WinRT backend due to platform limitations.

122

\value UnknownProtocol The cipher's protocol cannot be determined.

123

\value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1.0. This

124

value is used by QSslSocket only.

125

\value TlsV1SslV3 On the client side, this will send

126

a TLS 1.0 Client Hello, enabling TLSv1_0 and SSLv3 connections.

127

On the server side, this will enable both SSLv3 and TLSv1_0 connections.

128

\value SecureProtocols The default option, using protocols known to be secure;

129

currently behaves similar to TlsV1Ssl3 except denying SSLv3 connections that does

130

not upgrade to TLS.

131

132

\note most servers understand both SSL and TLS, but it is recommended to use

133

TLS only for security reasons. However, SSL and TLS are not compatible with

134

each other: if you get unexpected handshake failures, verify that you chose

135

the correct setting for your protocol.

/*!

\enum QSsl::SslOption

140

141

Describes the options that can be used to control the details of

142

SSL behaviour. These options are generally used to turn features off

143

to work around buggy servers.

144

145

\value SslOptionDisableEmptyFragments Disables the insertion of empty

146

fragments into the data when using block ciphers. When enabled, this

147

prevents some attacks (such as the BEAST attack), however it is

148

incompatible with some servers.

149

\value SslOptionDisableSessionTickets Disables the SSL session ticket

150

extension. This can cause slower connection setup, however some servers

151

are not compatible with the extension.

152

\value SslOptionDisableCompression Disables the SSL compression

153

extension. When enabled, this allows the data being passed over SSL to

154

be compressed, however some servers are not compatible with this

155

extension.

156

\value SslOptionDisableServerNameIndication Disables the SSL server

157

name indication extension. When enabled, this tells the server the virtual

158

host being accessed allowing it to respond with the correct certificate.

159

\value SslOptionDisableLegacyRenegotiation Disables the older insecure

160

mechanism for renegotiating the connection parameters. When enabled, this

161

option can allow connections for legacy servers, but it introduces the

162

possibility that an attacker could inject plaintext into the SSL session.

163

\value SslOptionDisableSessionSharing Disables SSL session sharing via

164

the session ID handshake attribute.

165

\value SslOptionDisableSessionPersistence Disables storing the SSL session

166

in ASN.1 format as returned by QSslConfiguration::sessionTicket(). Enabling

167

this feature adds memory overhead of approximately 1K per used session

168

ticket.

169

\value SslOptionDisableServerCipherPreference Disables selecting the cipher

170

chosen based on the servers preferences rather than the order ciphers were

171

sent by the client. This option is only relevant to server sockets, and is

172

only honored by the OpenSSL backend.

173

174

By default, SslOptionDisableEmptyFragments is turned on since this causes

175

problems with a large number of servers. SslOptionDisableLegacyRenegotiation

176

is also turned on, since it introduces a security risk.

177

SslOptionDisableCompression is turned on to prevent the attack publicised by

178

CRIME.

179

SslOptionDisableSessionPersistence is turned on to optimize memory usage.

180

The other options are turned off.

181

182

\note Availability of above options depends on the version of the SSL

backend in use.

QT_END_NAMESPACE

Generated by Squish Coco Non-Commercial 4.3.0-BETA-master-30-08-2018-4cb69e9