A while back I posted some proof of concept code to show what an
implementation of QSslSocket might look like using Secure Transport. I
have continued along these lines, and wanted to keep you updated.
1. GENERAL
Apple's Secure Transport API is available both on OS X and iOS. As I do
not have a iDevice, I have been developing on OS X exclusively, but
making sure the methods I use are available on iOS (iOS only has a
subset of OS X's capabilities).
Secure Transport API:
- provides close to nothing for manipulating certificates / keys => I
had to write a minimal (DER-only) ASN.1 parser
- only accepts certificates + keys .. in PKCS#12 form => I had some
write some ASN.1 serialisation code, and a lot of PKCS#12 code (I
absolutely hate that standard by now)
2. WHAT WORKS
I am now getting to the point where a lot unit tests are passing.
- QSslSocket works in client and in server mode
- QSslCertificate works, with no external dependencies
- QSslKey : ditto
What still needs work:
- the build system needs to be updated to allow building the SSL
classes, even when OpenSSL is not found
- QSslCertificate::isSelfSigned needs implementing
- QSslKey : serializing to a password-protected PEM does not work yet
- there is some duplicated code between the OpenSSL and Secure
Transport backends
- QSslConfiguration : no work done yet
3. HOW TO GET IT
As previously stated, my current work has been on OS X only, not actual
iOS devices.
1/ Checkout the qssl-ios branch from
https://qt.gitorious.org/qt/sharkys-qtbase on a OS X machine
2/ Apply the attached patch to fix / disable some QSslSocket unit tests
3/ Build it
4/ Run some unit tests
5/ Help fix the errors :)
Cheers,
Jeremy
PS: no unfortunately I cannot make it to the contributor summit
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index baaf21e..e00cb18 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -81,6 +81,8 @@ Q_DECLARE_METATYPE(QSsl::SslProtocol)
typedef QSharedPointer<QSslSocket> QSslSocketPtr;
#endif
+#define OPENSSL_NO_SSL2
+
class tst_QSslSocket : public QObject
{
Q_OBJECT
@@ -262,6 +264,7 @@ void tst_QSslSocket::initTestCase_data()
QTest::addColumn<int>("proxyType");
QTest::newRow("WithoutProxy") << false << 0;
+#if 0
QTest::newRow("WithSocks5Proxy") << true << int(Socks5Proxy);
QTest::newRow("WithSocks5ProxyAuth") << true << int(Socks5Proxy | AuthBasic);
@@ -269,6 +272,7 @@ void tst_QSslSocket::initTestCase_data()
QTest::newRow("WithHttpProxyBasicAuth") << true << int(HttpProxy | AuthBasic);
// uncomment the line below when NTLM works
// QTest::newRow("WithHttpProxyNtlmAuth") << true << int(HttpProxy | AuthNtlm);
+#endif
}
void tst_QSslSocket::initTestCase()
@@ -423,6 +427,7 @@ void tst_QSslSocket::constructing()
QVERIFY(!socket.waitForDisconnected(10));
QCOMPARE(socket.protocol(), QSsl::SecureProtocols);
+#if 0
QSslConfiguration savedDefault = QSslConfiguration::defaultConfiguration();
// verify that changing the default config doesn't affect this socket
@@ -439,6 +444,7 @@ void tst_QSslSocket::constructing()
QVERIFY(QSslConfiguration::defaultConfiguration().ciphers().isEmpty());
QSslConfiguration::setDefaultConfiguration(savedDefault);
+#endif
}
void tst_QSslSocket::simpleConnect()
@@ -810,6 +816,7 @@ void tst_QSslSocket::privateKey()
void tst_QSslSocket::privateKeyOpaque()
{
+#if 0
if (!QSslSocket::supportsSsl())
return;
@@ -836,6 +843,7 @@ void tst_QSslSocket::privateKeyOpaque()
QFETCH_GLOBAL(bool, setProxy);
if (setProxy && !socket->waitForEncrypted(10000))
QSKIP("Skipping flaky test - See QTBUG-29941");
+#endif
}
void tst_QSslSocket::protocol()
@@ -1025,17 +1033,17 @@ protected:
if (m_interFile.isEmpty()) {
QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile);
QVERIFY(!localCert.isEmpty());
- QVERIFY(localCert.first().handle());
+ QVERIFY(!localCert.first().isNull());
socket->setLocalCertificate(localCert.first());
}
else {
QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile);
QVERIFY(!localCert.isEmpty());
- QVERIFY(localCert.first().handle());
+ QVERIFY(!localCert.first().isNull());
QList<QSslCertificate> interCert = QSslCertificate::fromPath(m_interFile);
QVERIFY(!interCert.isEmpty());
- QVERIFY(interCert.first().handle());
+ QVERIFY(!interCert.first().isNull());
socket->setLocalCertificateChain(localCert + interCert);
}
@@ -1525,7 +1533,7 @@ protected:
// Only set the certificate
QList<QSslCertificate> localCert = QSslCertificate::fromPath(SRCDIR "certs/fluke.cert");
QVERIFY(!localCert.isEmpty());
- QVERIFY(localCert.first().handle());
+ QVERIFY(!localCert.first().isNull());
socket->setLocalCertificate(localCert.first());
QVERIFY(socket->setSocketDescriptor(socketDescriptor, QAbstractSocket::ConnectedState));
@@ -1760,7 +1768,7 @@ protected:
QList<QSslCertificate> localCert = QSslCertificate::fromPath(SRCDIR "certs/fluke.cert");
QVERIFY(!localCert.isEmpty());
- QVERIFY(localCert.first().handle());
+ QVERIFY(!localCert.first().isNull());
socket->setLocalCertificate(localCert.first());
QVERIFY(socket->setSocketDescriptor(socketDescriptor, QAbstractSocket::ConnectedState));
@@ -2456,7 +2464,7 @@ void WebSocket::_startServerEncryption (void)
QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile);
QVERIFY(!localCert.isEmpty());
- QVERIFY(localCert.first().handle());
+ QVERIFY(!localCert.first().isNull());
setLocalCertificate(localCert.first());
QVERIFY(!peerAddress().isNull());
@@ -2636,7 +2644,7 @@ void tst_QSslSocket::qtbug18498_peek2()
QList<QSslCertificate> localCert = QSslCertificate::fromPath(SRCDIR "certs/fluke.cert");
QVERIFY(!localCert.isEmpty());
- QVERIFY(localCert.first().handle());
+ QVERIFY(!localCert.first().isNull());
server->setLocalCertificate(localCert.first());
server->setProtocol(QSsl::AnyProtocol);
_______________________________________________
Development mailing list
[email protected]
http://lists.qt-project.org/mailman/listinfo/development
