What Jeremy has done here is fantastic. My estimate when I was previously asked how hard it was to write a new backend to the SSL support was approximately a man month given a developer who already knew the subject area. I'm extremely please that someone has been willing to make this investment in time, effort and given the nature of SSL/TLS sheer frustration. Thank you.
Not having a Mac, I can't test this, but I'll have a long look over the code and see what I can do to help get this integrated. Rich. On 29 May 2014 18:26, Jeremy Lainé <[email protected]> wrote: > A while back I posted some proof of concept code to show what an > implementation of QSslSocket might look like using Secure Transport. I > have continued along these lines, and wanted to keep you updated. > > > 1. GENERAL > > Apple's Secure Transport API is available both on OS X and iOS. As I do > not have a iDevice, I have been developing on OS X exclusively, but > making sure the methods I use are available on iOS (iOS only has a > subset of OS X's capabilities). > > Secure Transport API: > > - provides close to nothing for manipulating certificates / keys => I > had to write a minimal (DER-only) ASN.1 parser > > - only accepts certificates + keys .. in PKCS#12 form => I had some > write some ASN.1 serialisation code, and a lot of PKCS#12 code (I > absolutely hate that standard by now) > > > 2. WHAT WORKS > > I am now getting to the point where a lot unit tests are passing. > > - QSslSocket works in client and in server mode > > - QSslCertificate works, with no external dependencies > > - QSslKey : ditto > > > What still needs work: > > - the build system needs to be updated to allow building the SSL > classes, even when OpenSSL is not found > > - QSslCertificate::isSelfSigned needs implementing > > - QSslKey : serializing to a password-protected PEM does not work yet > > - there is some duplicated code between the OpenSSL and Secure > Transport backends > > - QSslConfiguration : no work done yet > > > 3. HOW TO GET IT > > As previously stated, my current work has been on OS X only, not actual > iOS devices. > > 1/ Checkout the qssl-ios branch from > https://qt.gitorious.org/qt/sharkys-qtbase on a OS X machine > > 2/ Apply the attached patch to fix / disable some QSslSocket unit tests > > 3/ Build it > > 4/ Run some unit tests > > 5/ Help fix the errors :) > > > Cheers, > Jeremy > > > PS: no unfortunately I cannot make it to the contributor summit > > _______________________________________________ > Development mailing list > [email protected] > http://lists.qt-project.org/mailman/listinfo/development > >
_______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
