Hi, I've been working on adding the ability to set custom DH parameters for QSslSocket and I want to start discussing an API for the feature, rather than jumping directly to a code review.
I have a preliminary patch that adds a sketch of the API I'm envisioning: https://gist.github.com/mkrautz/699f3c7fb22f48b7059c (It's untested, but it builds...) Basically, what I'm envisioning is - An opaque (for the user) QSslDiffieHellmanParameters class. - It loads DH parameters either as PEM or DER via a constructor that takes a QByteArray or a QIODevice (like QSslKey). - After loading, isNull() can be used to check if the DH parameters were loaded, and were valid (OpenSSL backend uses DH_check -- not sure what should be done on SecureTransport, if anything?). - Internally, the QSslDiffieHellmanParameters object stores a DER-encoded version of the parameters. (This makes it easily loadable in both OpenSSL and SecureTransport) - A public QSslConfiguration::setDiffieHellmanParameters() to set the DH parameters. - A public (but not in the public headers) QSslConfiguration::diffieHellmanParameters() for internal use by the backends. - QSslDiffieHellmanParametersPrivate will befriend QSslContext (for OpenSSL) and an equivalent for SecureTransport to allow the implementations to access the DER encoded data of the QSslDiffieHellmanParameters. I did a cursory web search for the ability to set DH parameters for WinRT listeners, but I don't think that's possible -- so I haven't considered that, for now... Let me know what you think. Thanks, Mikkel _______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
