1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SSL: split ssl files into general and "_openssl" implementation

Browse Source 
In order to prepare the addition of WinRT and iOS (SecureTransport)
implementations of SSL the structure of some SSL files has to be
redone. Parts of certificate that probably can be reused by other
ports stayed in qsslcertificate.cpp while other parts were moved
to qsslcertificate_openssl.cpp. qsslcontext, qsslkey and qsslsocket
were suffixed by _openssl to show that these are pure openssl
implementations.

Change-Id: I7b022dec49759f882274999c0991bf95788f2a3a
Reviewed-by: Andrew Knight <andrew.knight@digia.com>
Reviewed-by: Oliver Wolff <oliver.wolff@digia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
This commit is contained in:
Oliver Wolff 2014-08-08 17:30:19 +03:00
parent 9aaa615626
commit 6f1299c0b4
12 changed files with 1031 additions and 831 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/network/access/qhttpnetworkconnection_p.h
View File

@ -1,6 +1,6 @@
/****************************************************************************
**
** Copyright (C) 2013 Digia Plc and/or its subsidiary(-ies).
** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
** Contact: http://www.qt-project.org/legal
**
** This file is part of the QtNetwork module of the Qt Toolkit.
@ -73,7 +73,7 @@
#ifndef QT_NO_HTTP
#ifndef QT_NO_SSL
# include <private/qsslcontext_p.h>
# include <private/qsslcontext_openssl_p.h>
# include <private/qsslsocket_p.h>
# include <QtNetwork/qsslsocket.h>
# include <QtNetwork/qsslerror.h>

716
src/network/ssl/qsslcertificate.cpp
View File

@ -1,6 +1,6 @@
/****************************************************************************
**
** Copyright (C) 2013 Digia Plc and/or its subsidiary(-ies).
** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
** Contact: http://www.qt-project.org/legal
**
** This file is part of the QtNetwork module of the Qt Toolkit.
@ -113,33 +113,20 @@
\value EmailAddress The email address associated with the certificate
*/
#ifndef QT_NO_OPENSSL
#include "qsslsocket_openssl_symbols_p.h"
#endif
#include "qsslcertificate.h"
#include "qsslcertificate_p.h"
#include "qsslkey.h"
#include "qsslkey_p.h"
#include "qsslcertificateextension.h"
#include "qsslcertificateextension_p.h"
#include <QtCore/qatomic.h>
#include <QtCore/qdatetime.h>
#include <QtCore/qdebug.h>
#include <QtCore/qdir.h>
#include <QtCore/qdiriterator.h>
#include <QtCore/qfile.h>
#include <QtCore/qfileinfo.h>
#include <QtCore/qmap.h>
#include <QtCore/qmutex.h>
#include <QtCore/private/qmutexpool_p.h>
#include <QtCore/qstring.h>
#include <QtCore/qstringlist.h>
#include <QtCore/qvarlengtharray.h>
QT_BEGIN_NAMESPACE
// forward declaration
static QMap<QByteArray, QString> _q_mapFromX509Name(X509_NAME *name);
/*!
Constructs a QSslCertificate by reading \a format encoded data
from \a device and using the first certificate found. You can
@ -200,19 +187,11 @@ QSslCertificate &QSslCertificate::operator=(const QSslCertificate &other)
*/
/*!
\fn bool QSslCertificate::operator==(const QSslCertificate &other) const
Returns \c true if this certificate is the same as \a other; otherwise
returns \c false.
*/
bool QSslCertificate::operator==(const QSslCertificate &other) const
{
if (d == other.d)
return true;
if (d->null && other.d->null)
return true;
if (d->x509 && other.d->x509)
return q_X509_cmp(d->x509, other.d->x509) == 0;
return false;
}
/*!
\fn bool QSslCertificate::operator!=(const QSslCertificate &other) const
@ -222,6 +201,8 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const
*/
/*!
\fn bool QSslCertificate::isNull() const
Returns \c true if this is a null certificate (i.e., a certificate
with no contents); otherwise returns \c false.
@ -229,10 +210,6 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const
\sa clear()
*/
bool QSslCertificate::isNull() const
{
return d->null;
}
#if QT_DEPRECATED_SINCE(5,0)
/*!
@ -265,20 +242,15 @@ bool QSslCertificate::isBlacklisted() const
}
/*!
\fn bool QSslCertificate::isSelfSigned() const
\since 5.4
Returns \c true if this certificate is self signed; otherwise
returns \c false.
A certificate is considered self-signed its issuer and subject
are identical.
*/
bool QSslCertificate::isSelfSigned() const
{
if (!d->x509)
return false;
return (q_X509_check_issued(d->x509, d->x509) == X509_V_OK);
}
/*!
Clears the contents of this certificate, making it a null
@ -294,37 +266,15 @@ void QSslCertificate::clear()
}
/*!
\fn QByteArray QSslCertificate::version() const
Returns the certificate's version string.
*/
QByteArray QSslCertificate::version() const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
if (d->versionString.isEmpty() && d->x509)
d->versionString =
QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
return d->versionString;
}
/*!
\fn QByteArray QSslCertificate::serialNumber() const
Returns the certificate's serial number string in hexadecimal format.
*/
QByteArray QSslCertificate::serialNumber() const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
if (d->serialNumberString.isEmpty() && d->x509) {
ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
QByteArray hexString;
hexString.reserve(serialNumber->length * 3);
for (int a = 0; a < serialNumber->length; ++a) {
hexString += QByteArray::number(serialNumber->data[a], 16).rightJustified(2, '0');
hexString += ':';
}
hexString.chop(1);
d->serialNumberString = hexString;
}
return d->serialNumberString;
}
/*!
Returns a cryptographic digest of this certificate. By default,
@ -336,23 +286,6 @@ QByteArray QSslCertificate::digest(QCryptographicHash::Algorithm algorithm) cons
return QCryptographicHash::hash(toDer(), algorithm);
}
static QByteArray _q_SubjectInfoToString(QSslCertificate::SubjectInfo info)
{
QByteArray str;
switch (info) {
case QSslCertificate::Organization: str = QByteArray("O"); break;
case QSslCertificate::CommonName: str = QByteArray("CN"); break;
case QSslCertificate::LocalityName: str = QByteArray("L"); break;
case QSslCertificate::OrganizationalUnitName: str = QByteArray("OU"); break;
case QSslCertificate::CountryName: str = QByteArray("C"); break;
case QSslCertificate::StateOrProvinceName: str = QByteArray("ST"); break;
case QSslCertificate::DistinguishedNameQualifier: str = QByteArray("dnQualifier"); break;
case QSslCertificate::SerialNumber: str = QByteArray("serialNumber"); break;
case QSslCertificate::EmailAddress: str = QByteArray("emailAddress"); break;
}
return str;
}
/*!
\fn QString QSslCertificate::issuerInfo(SubjectInfo subject) const
@ -363,37 +296,18 @@ static QByteArray _q_SubjectInfoToString(QSslCertificate::SubjectInfo info)
\sa subjectInfo()
*/
QStringList QSslCertificate::issuerInfo(SubjectInfo info) const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
// lazy init
if (d->issuerInfo.isEmpty() && d->x509)
d->issuerInfo =
_q_mapFromX509Name(q_X509_get_issuer_name(d->x509));
return d->issuerInfo.values(_q_SubjectInfoToString(info));
}
/*!
\fn QStringList QSslCertificate::issuerInfo(const QByteArray &attribute) const
Returns the issuer information for \a attribute from the certificate,
or an empty list if there is no information for \a attribute in the
certificate. There can be more than one entry for an attribute.
\sa subjectInfo()
*/
QStringList QSslCertificate::issuerInfo(const QByteArray &attribute) const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
// lazy init
if (d->issuerInfo.isEmpty() && d->x509)
d->issuerInfo =
_q_mapFromX509Name(q_X509_get_issuer_name(d->x509));
return d->issuerInfo.values(attribute);
}
/*!
\fn QString QSslCertificate::subjectInfo(SubjectInfo subject) const
Returns the information for the \a subject, or an empty list if
@ -402,36 +316,20 @@ QStringList QSslCertificate::issuerInfo(const QByteArray &attribute) const
\sa issuerInfo()
*/
QStringList QSslCertificate::subjectInfo(SubjectInfo info) const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
// lazy init
if (d->subjectInfo.isEmpty() && d->x509)
d->subjectInfo =
_q_mapFromX509Name(q_X509_get_subject_name(d->x509));
return d->subjectInfo.values(_q_SubjectInfoToString(info));
}
/*!
\fn QStringList QSslCertificate::subjectInfo(const QByteArray &attribute) const
Returns the subject information for \a attribute, or an empty list if
there is no information for \a attribute in the certificate. There
can be more than one entry for an attribute.
\sa issuerInfo()
*/
QStringList QSslCertificate::subjectInfo(const QByteArray &attribute) const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
// lazy init
if (d->subjectInfo.isEmpty() && d->x509)
d->subjectInfo =
_q_mapFromX509Name(q_X509_get_subject_name(d->x509));
return d->subjectInfo.values(attribute);
}
/*!
\fn QList<QByteArray> QSslCertificate::subjectInfoAttributes() const
\since 5.0
Returns a list of the attributes that have values in the subject
information of this certificate. The information associated
@ -441,18 +339,10 @@ QStringList QSslCertificate::subjectInfo(const QByteArray &attribute) const
\sa subjectInfo()
*/
QList<QByteArray> QSslCertificate::subjectInfoAttributes() const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
// lazy init
if (d->subjectInfo.isEmpty() && d->x509)
d->subjectInfo =
_q_mapFromX509Name(q_X509_get_subject_name(d->x509));
return d->subjectInfo.uniqueKeys();
}
/*!
\fn QList<QByteArray> QSslCertificate::issuerInfoAttributes() const
\since 5.0
Returns a list of the attributes that have values in the issuer
information of this certificate. The information associated
@ -462,16 +352,6 @@ QList<QByteArray> QSslCertificate::subjectInfoAttributes() const
\sa subjectInfo()
*/
QList<QByteArray> QSslCertificate::issuerInfoAttributes() const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
// lazy init
if (d->issuerInfo.isEmpty() && d->x509)
d->issuerInfo =
_q_mapFromX509Name(q_X509_get_issuer_name(d->x509));
return d->issuerInfo.uniqueKeys();
}
#if QT_DEPRECATED_SINCE(5,0)
/*!
@ -483,6 +363,8 @@ QList<QByteArray> QSslCertificate::issuerInfoAttributes() const
#endif
/*!
\fn QMultiMap<QSsl::AlternativeNameEntryType, QString> QSslCertificate::subjectAlternativeNames() const
Returns the list of alternative subject names for this
certificate. The alternative names typically contain host
names, optionally with wildcards, that are valid for this
@ -495,63 +377,27 @@ QList<QByteArray> QSslCertificate::issuerInfoAttributes() const
\sa subjectInfo()
*/
QMultiMap<QSsl::AlternativeNameEntryType, QString> QSslCertificate::subjectAlternativeNames() const
{
QMultiMap<QSsl::AlternativeNameEntryType, QString> result;
if (!d->x509)
return result;
STACK_OF(GENERAL_NAME) *altNames = (STACK_OF(GENERAL_NAME)*)q_X509_get_ext_d2i(d->x509, NID_subject_alt_name, 0, 0);
if (altNames) {
for (int i = 0; i < q_sk_GENERAL_NAME_num(altNames); ++i) {
const GENERAL_NAME *genName = q_sk_GENERAL_NAME_value(altNames, i);
if (genName->type != GEN_DNS && genName->type != GEN_EMAIL)
continue;
int len = q_ASN1_STRING_length(genName->d.ia5);
if (len < 0 || len >= 8192) {
// broken name
continue;
}
const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(genName->d.ia5));
const QString altName = QString::fromLatin1(altNameStr, len);
if (genName->type == GEN_DNS)
result.insert(QSsl::DnsEntry, altName);
else if (genName->type == GEN_EMAIL)
result.insert(QSsl::EmailEntry, altName);
}
q_sk_pop_free((STACK*)altNames, reinterpret_cast<void(*)(void*)>(q_sk_free));
}
return result;
}
/*!
\fn QDateTime QSslCertificate::effectiveDate() const
Returns the date-time that the certificate becomes valid, or an
empty QDateTime if this is a null certificate.
\sa expiryDate()
*/
QDateTime QSslCertificate::effectiveDate() const
{
return d->notValidBefore;
}
/*!
\fn QDateTime QSslCertificate::expiryDate() const
Returns the date-time that the certificate expires, or an empty
QDateTime if this is a null certificate.
\sa effectiveDate()
*/
QDateTime QSslCertificate::expiryDate() const
{
return d->notValidAfter;
}
/*!
\fn Qt::HANDLE QSslCertificate::handle() const
Returns a pointer to the native certificate handle, if there is
one, or a null pointer otherwise.
@ -562,298 +408,41 @@ QDateTime QSslCertificate::expiryDate() const
non-portable, and its return value may vary from platform to
platform or change from minor release to minor release.
*/
Qt::HANDLE QSslCertificate::handle() const
{
return Qt::HANDLE(d->x509);
}
/*!
\fn QSslKey QSslCertificate::publicKey() const
Returns the certificate subject's public key.
*/
QSslKey QSslCertificate::publicKey() const
{
if (!d->x509)
return QSslKey();
QSslKey key;
key.d->type = QSsl::PublicKey;
X509_PUBKEY *xkey = d->x509->cert_info->key;
EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);
Q_ASSERT(pkey);
if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {
key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);
key.d->algorithm = QSsl::Rsa;
key.d->isNull = false;
} else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);
key.d->algorithm = QSsl::Dsa;
key.d->isNull = false;
} else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {
// DH unsupported
} else {
// error?
}
q_EVP_PKEY_free(pkey);
return key;
}
/*
* Convert unknown extensions to a QVariant.
*/
static QVariant x509UnknownExtensionToValue(X509_EXTENSION *ext)
{
// Get the extension specific method object if available
// we cast away the const-ness here because some versions of openssl
// don't use const for the parameters in the functions pointers stored
// in the object.
X509V3_EXT_METHOD *meth = const_cast<X509V3_EXT_METHOD *>(q_X509V3_EXT_get(ext));
if (!meth) {
ASN1_OCTET_STRING *value = q_X509_EXTENSION_get_data(ext);
QByteArray result( reinterpret_cast<const char *>(q_ASN1_STRING_data(value)),
q_ASN1_STRING_length(value));
return result;
}
//const unsigned char *data = ext->value->data;
void *ext_internal = q_X509V3_EXT_d2i(ext);
// If this extension can be converted
if (meth->i2v && ext_internal) {
STACK_OF(CONF_VALUE) *val = meth->i2v(meth, ext_internal, 0);
QVariantMap map;
QVariantList list;
bool isMap = false;
for (int j = 0; j < q_SKM_sk_num(CONF_VALUE, val); j++) {
CONF_VALUE *nval = q_SKM_sk_value(CONF_VALUE, val, j);
if (nval->name && nval->value) {
isMap = true;
map[QString::fromUtf8(nval->name)] = QString::fromUtf8(nval->value);
} else if (nval->name) {
list << QString::fromUtf8(nval->name);
} else if (nval->value) {
list << QString::fromUtf8(nval->value);
}
}
if (isMap)
return map;
else
return list;
} else if (meth->i2s && ext_internal) {
//qDebug() << meth->i2s(meth, ext_internal);
QVariant result(QString::fromUtf8(meth->i2s(meth, ext_internal)));
return result;
} else if (meth->i2r && ext_internal) {
QByteArray result;
BIO *bio = q_BIO_new(q_BIO_s_mem());
if (!bio)
return result;
meth->i2r(meth, ext_internal, bio, 0);
char *bio_buffer;
long bio_size = q_BIO_get_mem_data(bio, &bio_buffer);
result = QByteArray(bio_buffer, bio_size);
q_BIO_free(bio);
return result;
}
return QVariant();
}
/*
* Convert extensions to a variant. The naming of the keys of the map are
* taken from RFC 5280, however we decided the capitalisation in the RFC
* was too silly for the real world.
*/
static QVariant x509ExtensionToValue(X509_EXTENSION *ext)
{
ASN1_OBJECT *obj = q_X509_EXTENSION_get_object(ext);
int nid = q_OBJ_obj2nid(obj);
switch (nid) {
case NID_basic_constraints:
{
BASIC_CONSTRAINTS *basic = reinterpret_cast<BASIC_CONSTRAINTS *>(q_X509V3_EXT_d2i(ext));
QVariantMap result;
result[QLatin1String("ca")] = basic->ca ? true : false;
if (basic->pathlen)
result[QLatin1String("pathLenConstraint")] = (qlonglong)q_ASN1_INTEGER_get(basic->pathlen);
q_BASIC_CONSTRAINTS_free(basic);
return result;
}
break;
case NID_info_access:
{
AUTHORITY_INFO_ACCESS *info = reinterpret_cast<AUTHORITY_INFO_ACCESS *>(q_X509V3_EXT_d2i(ext));
QVariantMap result;
for (int i=0; i < q_SKM_sk_num(ACCESS_DESCRIPTION, info); i++) {
ACCESS_DESCRIPTION *ad = q_SKM_sk_value(ACCESS_DESCRIPTION, info, i);
GENERAL_NAME *name = ad->location;
if (name->type == GEN_URI) {
int len = q_ASN1_STRING_length(name->d.uniformResourceIdentifier);
if (len < 0 || len >= 8192) {
// broken name
continue;
}
const char *uriStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(name->d.uniformResourceIdentifier));
const QString uri = QString::fromUtf8(uriStr, len);
result[QString::fromUtf8(QSslCertificatePrivate::asn1ObjectName(ad->method))] = uri;
} else {
qWarning() << "Strange location type" << name->type;
}
}
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
q_sk_pop_free((_STACK*)info, reinterpret_cast<void(*)(void*)>(q_sk_free));
#else
q_sk_pop_free((STACK*)info, reinterpret_cast<void(*)(void*)>(q_sk_free));
#endif
return result;
}
break;
case NID_subject_key_identifier:
{
void *ext_internal = q_X509V3_EXT_d2i(ext);
// we cast away the const-ness here because some versions of openssl
// don't use const for the parameters in the functions pointers stored
// in the object.
X509V3_EXT_METHOD *meth = const_cast<X509V3_EXT_METHOD *>(q_X509V3_EXT_get(ext));
return QVariant(QString::fromUtf8(meth->i2s(meth, ext_internal)));
}
break;
case NID_authority_key_identifier:
{
AUTHORITY_KEYID *auth_key = reinterpret_cast<AUTHORITY_KEYID *>(q_X509V3_EXT_d2i(ext));
QVariantMap result;
// keyid
if (auth_key->keyid) {
QByteArray keyid(reinterpret_cast<const char *>(auth_key->keyid->data),
auth_key->keyid->length);
result[QLatin1String("keyid")] = keyid.toHex();
}
// issuer
// TODO: GENERAL_NAMES
// serial
if (auth_key->serial)
result[QLatin1String("serial")] = (qlonglong)q_ASN1_INTEGER_get(auth_key->serial);
q_AUTHORITY_KEYID_free(auth_key);
return result;
}
break;
}
return QVariant();
}
QSslCertificateExtension QSslCertificatePrivate::convertExtension(X509_EXTENSION *ext)
{
QSslCertificateExtension result;
ASN1_OBJECT *obj = q_X509_EXTENSION_get_object(ext);
QByteArray oid = QSslCertificatePrivate::asn1ObjectId(obj);
QByteArray name = QSslCertificatePrivate::asn1ObjectName(obj);
result.d->oid = QString::fromUtf8(oid);
result.d->name = QString::fromUtf8(name);
bool critical = q_X509_EXTENSION_get_critical(ext);
result.d->critical = critical;
// Lets see if we have custom support for this one
QVariant extensionValue = x509ExtensionToValue(ext);
if (extensionValue.isValid()) {
result.d->value = extensionValue;
result.d->supported = true;
return result;
}
extensionValue = x509UnknownExtensionToValue(ext);
if (extensionValue.isValid()) {
result.d->value = extensionValue;
result.d->supported = false;
return result;
}
return result;
}
/*!
\fn QList<QSslCertificateExtension> QSslCertificate::extensions() const
Returns a list containing the X509 extensions of this certificate.
\since 5.0
*/
QList<QSslCertificateExtension> QSslCertificate::extensions() const
{
QList<QSslCertificateExtension> result;
if (!d->x509)
return result;
int count = q_X509_get_ext_count(d->x509);
for (int i=0; i < count; i++) {
X509_EXTENSION *ext = q_X509_get_ext(d->x509, i);
result << QSslCertificatePrivate::convertExtension(ext);
}
return result;
}
/*!
\fn QByteArray QSslCertificate::toPem() const
Returns this certificate converted to a PEM (Base64) encoded
representation.
*/
QByteArray QSslCertificate::toPem() const
{
if (!d->x509)
return QByteArray();
return d->QByteArray_from_X509(d->x509, QSsl::Pem);
}
/*!
\fn QByteArray QSslCertificate::toDer() const
Returns this certificate converted to a DER (binary) encoded
representation.
*/
QByteArray QSslCertificate::toDer() const
{
if (!d->x509)
return QByteArray();
return d->QByteArray_from_X509(d->x509, QSsl::Der);
}
/*!
\fn QString QSslCertificate::toText() const
Returns this certificate converted to a human-readable text
representation.
\since 5.0
*/
QString QSslCertificate::toText() const
{
if (!d->x509)
return QString();
return d->text_from_X509(d->x509);
}
/*!
Searches all files in the \a path for certificates encoded in the
@ -999,218 +588,6 @@ bool QSslCertificate::importPKCS12(QIODevice *device,
return QSslSocketBackendPrivate::importPKCS12(device, key, certificate, caCertificates, passPhrase);
}
void QSslCertificatePrivate::init(const QByteArray &data, QSsl::EncodingFormat format)
{
if (!data.isEmpty()) {
QList<QSslCertificate> certs = (format == QSsl::Pem)
? certificatesFromPem(data, 1)
: certificatesFromDer(data, 1);
if (!certs.isEmpty()) {
*this = *certs.first().d;
if (x509)
x509 = q_X509_dup(x509);
}
}
}
#define BEGINCERTSTRING "-----BEGIN CERTIFICATE-----"
#define ENDCERTSTRING "-----END CERTIFICATE-----"
// ### refactor against QSsl::pemFromDer() etc. (to avoid redundant implementations)
QByteArray QSslCertificatePrivate::QByteArray_from_X509(X509 *x509, QSsl::EncodingFormat format)
{
if (!x509) {
qWarning("QSslSocketBackendPrivate::X509_to_QByteArray: null X509");
return QByteArray();
}
// Use i2d_X509 to convert the X509 to an array.
int length = q_i2d_X509(x509, 0);
QByteArray array;
array.resize(length);
char *data = array.data();
char **dataP = &data;
unsigned char **dataPu = (unsigned char **)dataP;
if (q_i2d_X509(x509, dataPu) < 0)
return QByteArray();
if (format == QSsl::Der)
return array;
// Convert to Base64 - wrap at 64 characters.
array = array.toBase64();
QByteArray tmp;
for (int i = 0; i <= array.size() - 64; i += 64) {
tmp += QByteArray::fromRawData(array.data() + i, 64);
tmp += '\n';
}
if (int remainder = array.size() % 64) {
tmp += QByteArray::fromRawData(array.data() + array.size() - remainder, remainder);
tmp += '\n';
}
return BEGINCERTSTRING "\n" + tmp + ENDCERTSTRING "\n";
}
QString QSslCertificatePrivate::text_from_X509(X509 *x509)
{
if (!x509) {
qWarning("QSslSocketBackendPrivate::text_from_X509: null X509");
return QString();
}
QByteArray result;
BIO *bio = q_BIO_new(q_BIO_s_mem());
if (!bio)
return QString();
q_X509_print(bio, x509);
QVarLengthArray<char, 16384> data;
int count = q_BIO_read(bio, data.data(), 16384);
if ( count > 0 ) {
result = QByteArray( data.data(), count );
}
q_BIO_free(bio);
return QString::fromLatin1(result);
}
QByteArray QSslCertificatePrivate::asn1ObjectId(ASN1_OBJECT *object)
{
char buf[80]; // The openssl docs a buffer length of 80 should be more than enough
q_OBJ_obj2txt(buf, sizeof(buf), object, 1); // the 1 says always use the oid not the long name
return QByteArray(buf);
}
QByteArray QSslCertificatePrivate::asn1ObjectName(ASN1_OBJECT *object)
{
int nid = q_OBJ_obj2nid(object);
if (nid != NID_undef)
return QByteArray(q_OBJ_nid2sn(nid));
return asn1ObjectId(object);
}
static QMap<QByteArray, QString> _q_mapFromX509Name(X509_NAME *name)
{
QMap<QByteArray, QString> info;
for (int i = 0; i < q_X509_NAME_entry_count(name); ++i) {
X509_NAME_ENTRY *e = q_X509_NAME_get_entry(name, i);
QByteArray name = QSslCertificatePrivate::asn1ObjectName(q_X509_NAME_ENTRY_get_object(e));
unsigned char *data = 0;
int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
info.insertMulti(name, QString::fromUtf8((char*)data, size));
q_CRYPTO_free(data);
}
return info;
}
QSslCertificate QSslCertificatePrivate::QSslCertificate_from_X509(X509 *x509)
{
QSslCertificate certificate;
if (!x509 || !QSslSocket::supportsSsl())
return certificate;
ASN1_TIME *nbef = q_X509_get_notBefore(x509);
ASN1_TIME *naft = q_X509_get_notAfter(x509);
certificate.d->notValidBefore = q_getTimeFromASN1(nbef);
certificate.d->notValidAfter = q_getTimeFromASN1(naft);
certificate.d->null = false;
certificate.d->x509 = q_X509_dup(x509);
return certificate;
}
static bool matchLineFeed(const QByteArray &pem, int *offset)
{
char ch = 0;
// ignore extra whitespace at the end of the line
while (*offset < pem.size() && (ch = pem.at(*offset)) == ' ')
++*offset;
if (ch == '\n') {
*offset += 1;
return true;
}
if (ch == '\r' && pem.size() > (*offset + 1) && pem.at(*offset + 1) == '\n') {
*offset += 2;
return true;
}
return false;
}
QList<QSslCertificate> QSslCertificatePrivate::certificatesFromPem(const QByteArray &pem, int count)
{
QList<QSslCertificate> certificates;
QSslSocketPrivate::ensureInitialized();
int offset = 0;
while (count == -1 || certificates.size() < count) {
int startPos = pem.indexOf(BEGINCERTSTRING, offset);
if (startPos == -1)
break;
startPos += sizeof(BEGINCERTSTRING) - 1;
if (!matchLineFeed(pem, &startPos))
break;
int endPos = pem.indexOf(ENDCERTSTRING, startPos);
if (endPos == -1)
break;
offset = endPos + sizeof(ENDCERTSTRING) - 1;
if (offset < pem.size() && !matchLineFeed(pem, &offset))
break;
QByteArray decoded = QByteArray::fromBase64(
QByteArray::fromRawData(pem.data() + startPos, endPos - startPos));
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
const unsigned char *data = (const unsigned char *)decoded.data();
#else
unsigned char *data = (unsigned char *)decoded.data();
#endif
if (X509 *x509 = q_d2i_X509(0, &data, decoded.size())) {
certificates << QSslCertificate_from_X509(x509);
q_X509_free(x509);
}
}
return certificates;
}
QList<QSslCertificate> QSslCertificatePrivate::certificatesFromDer(const QByteArray &der, int count)
{
QList<QSslCertificate> certificates;
QSslSocketPrivate::ensureInitialized();
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
const unsigned char *data = (const unsigned char *)der.data();
#else
unsigned char *data = (unsigned char *)der.data();
#endif
int size = der.size();
while (count == -1 || certificates.size() < count) {
if (X509 *x509 = q_d2i_X509(0, &data, size)) {
certificates << QSslCertificate_from_X509(x509);
q_X509_free(x509);
} else {
break;
}
size -= ((char *)data - der.data());
}
return certificates;
}
// These certificates are known to be fraudulent and were created during the comodo
// compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
static const char *certificate_blacklist[] = {
@ -1273,6 +650,25 @@ bool QSslCertificatePrivate::isBlacklisted(const QSslCertificate &certificate)
return false;
}
QByteArray QSslCertificatePrivate::subjectInfoToString(QSslCertificate::SubjectInfo info)
{
QByteArray str;
switch (info) {
case QSslCertificate::Organization: str = QByteArray("O"); break;
case QSslCertificate::CommonName: str = QByteArray("CN"); break;
case QSslCertificate::LocalityName: str = QByteArray("L"); break;
case QSslCertificate::OrganizationalUnitName: str = QByteArray("OU"); break;
case QSslCertificate::CountryName: str = QByteArray("C"); break;
case QSslCertificate::StateOrProvinceName: str = QByteArray("ST"); break;
case QSslCertificate::DistinguishedNameQualifier: str = QByteArray("dnQualifier"); break;
case QSslCertificate::SerialNumber: str = QByteArray("serialNumber"); break;
case QSslCertificate::EmailAddress: str = QByteArray("emailAddress"); break;
}
return str;
}
#ifndef QT_NO_DEBUG_STREAM
QDebug operator<<(QDebug debug, const QSslCertificate &certificate)
{

699
src/network/ssl/qsslcertificate_openssl.cpp Normal file
View File

@ -0,0 +1,699 @@
/****************************************************************************
**
** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
** Contact: http://www.qt-project.org/legal
**
** This file is part of the QtNetwork module of the Qt Toolkit.
**
** $QT_BEGIN_LICENSE:LGPL$
** Commercial License Usage
** Licensees holding valid commercial Qt licenses may use this file in
** accordance with the commercial license agreement provided with the
** Software or, alternatively, in accordance with the terms contained in
** a written agreement between you and Digia. For licensing terms and
** conditions see http://qt.digia.com/licensing. For further information
** use the contact form at http://qt.digia.com/contact-us.
**
** GNU Lesser General Public License Usage
** Alternatively, this file may be used under the terms of the GNU Lesser
** General Public License version 2.1 as published by the Free Software
** Foundation and appearing in the file LICENSE.LGPL included in the
** packaging of this file. Please review the following information to
** ensure the GNU Lesser General Public License version 2.1 requirements
** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
**
** In addition, as a special exception, Digia gives you certain additional
** rights. These rights are described in the Digia Qt LGPL Exception
** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
**
** GNU General Public License Usage
** Alternatively, this file may be used under the terms of the GNU
** General Public License version 3.0 as published by the Free Software
** Foundation and appearing in the file LICENSE.GPL included in the
** packaging of this file. Please review the following information to
** ensure the GNU General Public License version 3.0 requirements will be
** met: http://www.gnu.org/copyleft/gpl.html.
**
**
** $QT_END_LICENSE$
**
****************************************************************************/
#include "qsslsocket_openssl_symbols_p.h"
#include "qsslcertificate_p.h"
#include "qsslkey_p.h"
#include "qsslcertificateextension_p.h"
#include <QtCore/private/qmutexpool_p.h>
QT_BEGIN_NAMESPACE
// forward declaration
static QMap<QByteArray, QString> _q_mapFromX509Name(X509_NAME *name);
bool QSslCertificate::operator==(const QSslCertificate &other) const
{
if (d == other.d)
return true;
if (d->null && other.d->null)
return true;
if (d->x509 && other.d->x509)
return q_X509_cmp(d->x509, other.d->x509) == 0;
return false;
}
bool QSslCertificate::isNull() const
{
return d->null;
}
bool QSslCertificate::isSelfSigned() const
{
if (!d->x509)
return false;
return (q_X509_check_issued(d->x509, d->x509) == X509_V_OK);
}
QByteArray QSslCertificate::version() const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
if (d->versionString.isEmpty() && d->x509)
d->versionString =
QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
return d->versionString;
}
QByteArray QSslCertificate::serialNumber() const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
if (d->serialNumberString.isEmpty() && d->x509) {
ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
QByteArray hexString;
hexString.reserve(serialNumber->length * 3);
for (int a = 0; a < serialNumber->length; ++a) {
hexString += QByteArray::number(serialNumber->data[a], 16).rightJustified(2, '0');
hexString += ':';
}
hexString.chop(1);
d->serialNumberString = hexString;
}
return d->serialNumberString;
}
QStringList QSslCertificate::issuerInfo(SubjectInfo info) const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
// lazy init
if (d->issuerInfo.isEmpty() && d->x509)
d->issuerInfo =
_q_mapFromX509Name(q_X509_get_issuer_name(d->x509));
return d->issuerInfo.values(d->subjectInfoToString(info));
}
QStringList QSslCertificate::issuerInfo(const QByteArray &attribute) const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
// lazy init
if (d->issuerInfo.isEmpty() && d->x509)
d->issuerInfo =
_q_mapFromX509Name(q_X509_get_issuer_name(d->x509));
return d->issuerInfo.values(attribute);
}
QStringList QSslCertificate::subjectInfo(SubjectInfo info) const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
// lazy init
if (d->subjectInfo.isEmpty() && d->x509)
d->subjectInfo =
_q_mapFromX509Name(q_X509_get_subject_name(d->x509));
return d->subjectInfo.values(d->subjectInfoToString(info));
}
QStringList QSslCertificate::subjectInfo(const QByteArray &attribute) const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
// lazy init
if (d->subjectInfo.isEmpty() && d->x509)
d->subjectInfo =
_q_mapFromX509Name(q_X509_get_subject_name(d->x509));
return d->subjectInfo.values(attribute);
}
QList<QByteArray> QSslCertificate::subjectInfoAttributes() const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
// lazy init
if (d->subjectInfo.isEmpty() && d->x509)
d->subjectInfo =
_q_mapFromX509Name(q_X509_get_subject_name(d->x509));
return d->subjectInfo.uniqueKeys();
}
QList<QByteArray> QSslCertificate::issuerInfoAttributes() const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
// lazy init
if (d->issuerInfo.isEmpty() && d->x509)
d->issuerInfo =
_q_mapFromX509Name(q_X509_get_issuer_name(d->x509));
return d->issuerInfo.uniqueKeys();
}
QMultiMap<QSsl::AlternativeNameEntryType, QString> QSslCertificate::subjectAlternativeNames() const
{
QMultiMap<QSsl::AlternativeNameEntryType, QString> result;
if (!d->x509)
return result;
STACK_OF(GENERAL_NAME) *altNames = (STACK_OF(GENERAL_NAME)*)q_X509_get_ext_d2i(d->x509, NID_subject_alt_name, 0, 0);
if (altNames) {
for (int i = 0; i < q_sk_GENERAL_NAME_num(altNames); ++i) {
const GENERAL_NAME *genName = q_sk_GENERAL_NAME_value(altNames, i);
if (genName->type != GEN_DNS && genName->type != GEN_EMAIL)
continue;
int len = q_ASN1_STRING_length(genName->d.ia5);
if (len < 0 || len >= 8192) {
// broken name
continue;
}
const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(genName->d.ia5));
const QString altName = QString::fromLatin1(altNameStr, len);
if (genName->type == GEN_DNS)
result.insert(QSsl::DnsEntry, altName);
else if (genName->type == GEN_EMAIL)
result.insert(QSsl::EmailEntry, altName);
}
q_sk_pop_free((STACK*)altNames, reinterpret_cast<void(*)(void*)>(q_sk_free));
}
return result;
}
QDateTime QSslCertificate::effectiveDate() const
{
return d->notValidBefore;
}
QDateTime QSslCertificate::expiryDate() const
{
return d->notValidAfter;
}
Qt::HANDLE QSslCertificate::handle() const
{
return Qt::HANDLE(d->x509);
}
QSslKey QSslCertificate::publicKey() const
{
if (!d->x509)
return QSslKey();
QSslKey key;
key.d->type = QSsl::PublicKey;
X509_PUBKEY *xkey = d->x509->cert_info->key;
EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);
Q_ASSERT(pkey);
if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {
key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);
key.d->algorithm = QSsl::Rsa;
key.d->isNull = false;
} else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);
key.d->algorithm = QSsl::Dsa;
key.d->isNull = false;
} else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {
// DH unsupported
} else {
// error?
}
q_EVP_PKEY_free(pkey);
return key;
}
/*
* Convert unknown extensions to a QVariant.
*/
static QVariant x509UnknownExtensionToValue(X509_EXTENSION *ext)
{
// Get the extension specific method object if available
// we cast away the const-ness here because some versions of openssl
// don't use const for the parameters in the functions pointers stored
// in the object.
X509V3_EXT_METHOD *meth = const_cast<X509V3_EXT_METHOD *>(q_X509V3_EXT_get(ext));
if (!meth) {
ASN1_OCTET_STRING *value = q_X509_EXTENSION_get_data(ext);
QByteArray result( reinterpret_cast<const char *>(q_ASN1_STRING_data(value)),
q_ASN1_STRING_length(value));
return result;
}
//const unsigned char *data = ext->value->data;
void *ext_internal = q_X509V3_EXT_d2i(ext);
// If this extension can be converted
if (meth->i2v && ext_internal) {
STACK_OF(CONF_VALUE) *val = meth->i2v(meth, ext_internal, 0);
QVariantMap map;
QVariantList list;
bool isMap = false;
for (int j = 0; j < q_SKM_sk_num(CONF_VALUE, val); j++) {
CONF_VALUE *nval = q_SKM_sk_value(CONF_VALUE, val, j);
if (nval->name && nval->value) {
isMap = true;
map[QString::fromUtf8(nval->name)] = QString::fromUtf8(nval->value);
} else if (nval->name) {
list << QString::fromUtf8(nval->name);
} else if (nval->value) {
list << QString::fromUtf8(nval->value);
}
}
if (isMap)
return map;
else
return list;
} else if (meth->i2s && ext_internal) {
//qDebug() << meth->i2s(meth, ext_internal);
QVariant result(QString::fromUtf8(meth->i2s(meth, ext_internal)));
return result;
} else if (meth->i2r && ext_internal) {
QByteArray result;
BIO *bio = q_BIO_new(q_BIO_s_mem());
if (!bio)
return result;
meth->i2r(meth, ext_internal, bio, 0);
char *bio_buffer;
long bio_size = q_BIO_get_mem_data(bio, &bio_buffer);
result = QByteArray(bio_buffer, bio_size);
q_BIO_free(bio);
return result;
}
return QVariant();
}
/*
* Convert extensions to a variant. The naming of the keys of the map are
* taken from RFC 5280, however we decided the capitalisation in the RFC
* was too silly for the real world.
*/
static QVariant x509ExtensionToValue(X509_EXTENSION *ext)
{
ASN1_OBJECT *obj = q_X509_EXTENSION_get_object(ext);
int nid = q_OBJ_obj2nid(obj);
switch (nid) {
case NID_basic_constraints:
{
BASIC_CONSTRAINTS *basic = reinterpret_cast<BASIC_CONSTRAINTS *>(q_X509V3_EXT_d2i(ext));
QVariantMap result;
result[QLatin1String("ca")] = basic->ca ? true : false;
if (basic->pathlen)
result[QLatin1String("pathLenConstraint")] = (qlonglong)q_ASN1_INTEGER_get(basic->pathlen);
q_BASIC_CONSTRAINTS_free(basic);
return result;
}
break;
case NID_info_access:
{
AUTHORITY_INFO_ACCESS *info = reinterpret_cast<AUTHORITY_INFO_ACCESS *>(q_X509V3_EXT_d2i(ext));
QVariantMap result;
for (int i=0; i < q_SKM_sk_num(ACCESS_DESCRIPTION, info); i++) {
ACCESS_DESCRIPTION *ad = q_SKM_sk_value(ACCESS_DESCRIPTION, info, i);
GENERAL_NAME *name = ad->location;
if (name->type == GEN_URI) {
int len = q_ASN1_STRING_length(name->d.uniformResourceIdentifier);
if (len < 0 || len >= 8192) {
// broken name
continue;
}
const char *uriStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(name->d.uniformResourceIdentifier));
const QString uri = QString::fromUtf8(uriStr, len);
result[QString::fromUtf8(QSslCertificatePrivate::asn1ObjectName(ad->method))] = uri;
} else {
qWarning() << "Strange location type" << name->type;
}
}
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
q_sk_pop_free((_STACK*)info, reinterpret_cast<void(*)(void*)>(q_sk_free));
#else
q_sk_pop_free((STACK*)info, reinterpret_cast<void(*)(void*)>(q_sk_free));
#endif
return result;
}
break;
case NID_subject_key_identifier:
{
void *ext_internal = q_X509V3_EXT_d2i(ext);
// we cast away the const-ness here because some versions of openssl
// don't use const for the parameters in the functions pointers stored
// in the object.
X509V3_EXT_METHOD *meth = const_cast<X509V3_EXT_METHOD *>(q_X509V3_EXT_get(ext));
return QVariant(QString::fromUtf8(meth->i2s(meth, ext_internal)));
}
break;
case NID_authority_key_identifier:
{
AUTHORITY_KEYID *auth_key = reinterpret_cast<AUTHORITY_KEYID *>(q_X509V3_EXT_d2i(ext));
QVariantMap result;
// keyid
if (auth_key->keyid) {
QByteArray keyid(reinterpret_cast<const char *>(auth_key->keyid->data),
auth_key->keyid->length);
result[QLatin1String("keyid")] = keyid.toHex();
}
// issuer
// TODO: GENERAL_NAMES
// serial
if (auth_key->serial)
result[QLatin1String("serial")] = (qlonglong)q_ASN1_INTEGER_get(auth_key->serial);
q_AUTHORITY_KEYID_free(auth_key);
return result;
}
break;
}
return QVariant();
}
QSslCertificateExtension QSslCertificatePrivate::convertExtension(X509_EXTENSION *ext)
{
QSslCertificateExtension result;
ASN1_OBJECT *obj = q_X509_EXTENSION_get_object(ext);
QByteArray oid = QSslCertificatePrivate::asn1ObjectId(obj);
QByteArray name = QSslCertificatePrivate::asn1ObjectName(obj);
result.d->oid = QString::fromUtf8(oid);
result.d->name = QString::fromUtf8(name);
bool critical = q_X509_EXTENSION_get_critical(ext);
result.d->critical = critical;
// Lets see if we have custom support for this one
QVariant extensionValue = x509ExtensionToValue(ext);
if (extensionValue.isValid()) {
result.d->value = extensionValue;
result.d->supported = true;
return result;
}
extensionValue = x509UnknownExtensionToValue(ext);
if (extensionValue.isValid()) {
result.d->value = extensionValue;
result.d->supported = false;
return result;
}
return result;
}
QList<QSslCertificateExtension> QSslCertificate::extensions() const
{
QList<QSslCertificateExtension> result;
if (!d->x509)
return result;
int count = q_X509_get_ext_count(d->x509);
for (int i=0; i < count; i++) {
X509_EXTENSION *ext = q_X509_get_ext(d->x509, i);
result << QSslCertificatePrivate::convertExtension(ext);
}
return result;
}
QByteArray QSslCertificate::toPem() const
{
if (!d->x509)
return QByteArray();
return d->QByteArray_from_X509(d->x509, QSsl::Pem);
}
QByteArray QSslCertificate::toDer() const
{
if (!d->x509)
return QByteArray();
return d->QByteArray_from_X509(d->x509, QSsl::Der);
}
QString QSslCertificate::toText() const
{
if (!d->x509)
return QString();
return d->text_from_X509(d->x509);
}
#define BEGINCERTSTRING "-----BEGIN CERTIFICATE-----"
#define ENDCERTSTRING "-----END CERTIFICATE-----"
void QSslCertificatePrivate::init(const QByteArray &data, QSsl::EncodingFormat format)
{
if (!data.isEmpty()) {
QList<QSslCertificate> certs = (format == QSsl::Pem)
? certificatesFromPem(data, 1)
: certificatesFromDer(data, 1);
if (!certs.isEmpty()) {
*this = *certs.first().d;
if (x509)
x509 = q_X509_dup(x509);
}
}
}
// ### refactor against QSsl::pemFromDer() etc. (to avoid redundant implementations)
QByteArray QSslCertificatePrivate::QByteArray_from_X509(X509 *x509, QSsl::EncodingFormat format)
{
if (!x509) {
qWarning("QSslSocketBackendPrivate::X509_to_QByteArray: null X509");
return QByteArray();
}
// Use i2d_X509 to convert the X509 to an array.
int length = q_i2d_X509(x509, 0);
QByteArray array;
array.resize(length);
char *data = array.data();
char **dataP = &data;
unsigned char **dataPu = (unsigned char **)dataP;
if (q_i2d_X509(x509, dataPu) < 0)
return QByteArray();
if (format == QSsl::Der)
return array;
// Convert to Base64 - wrap at 64 characters.
array = array.toBase64();
QByteArray tmp;
for (int i = 0; i <= array.size() - 64; i += 64) {
tmp += QByteArray::fromRawData(array.data() + i, 64);
tmp += '\n';
}
if (int remainder = array.size() % 64) {
tmp += QByteArray::fromRawData(array.data() + array.size() - remainder, remainder);
tmp += '\n';
}
return BEGINCERTSTRING "\n" + tmp + ENDCERTSTRING "\n";
}
QString QSslCertificatePrivate::text_from_X509(X509 *x509)
{
if (!x509) {
qWarning("QSslSocketBackendPrivate::text_from_X509: null X509");
return QString();
}
QByteArray result;
BIO *bio = q_BIO_new(q_BIO_s_mem());
if (!bio)
return QString();
q_X509_print(bio, x509);
QVarLengthArray<char, 16384> data;
int count = q_BIO_read(bio, data.data(), 16384);
if ( count > 0 ) {
result = QByteArray( data.data(), count );
}
q_BIO_free(bio);
return QString::fromLatin1(result);
}
QByteArray QSslCertificatePrivate::asn1ObjectId(ASN1_OBJECT *object)
{
char buf[80]; // The openssl docs a buffer length of 80 should be more than enough
q_OBJ_obj2txt(buf, sizeof(buf), object, 1); // the 1 says always use the oid not the long name
return QByteArray(buf);
}
QByteArray QSslCertificatePrivate::asn1ObjectName(ASN1_OBJECT *object)
{
int nid = q_OBJ_obj2nid(object);
if (nid != NID_undef)
return QByteArray(q_OBJ_nid2sn(nid));
return asn1ObjectId(object);
}
static QMap<QByteArray, QString> _q_mapFromX509Name(X509_NAME *name)
{
QMap<QByteArray, QString> info;
for (int i = 0; i < q_X509_NAME_entry_count(name); ++i) {
X509_NAME_ENTRY *e = q_X509_NAME_get_entry(name, i);
QByteArray name = QSslCertificatePrivate::asn1ObjectName(q_X509_NAME_ENTRY_get_object(e));
unsigned char *data = 0;
int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
info.insertMulti(name, QString::fromUtf8((char*)data, size));
q_CRYPTO_free(data);
}
return info;
}
QSslCertificate QSslCertificatePrivate::QSslCertificate_from_X509(X509 *x509)
{
QSslCertificate certificate;
if (!x509 || !QSslSocket::supportsSsl())
return certificate;
ASN1_TIME *nbef = q_X509_get_notBefore(x509);
ASN1_TIME *naft = q_X509_get_notAfter(x509);
certificate.d->notValidBefore = q_getTimeFromASN1(nbef);
certificate.d->notValidAfter = q_getTimeFromASN1(naft);
certificate.d->null = false;
certificate.d->x509 = q_X509_dup(x509);
return certificate;
}
static bool matchLineFeed(const QByteArray &pem, int *offset)
{
char ch = 0;
// ignore extra whitespace at the end of the line
while (*offset < pem.size() && (ch = pem.at(*offset)) == ' ')
++*offset;
if (ch == '\n') {
*offset += 1;
return true;
}
if (ch == '\r' && pem.size() > (*offset + 1) && pem.at(*offset + 1) == '\n') {
*offset += 2;
return true;
}
return false;
}
QList<QSslCertificate> QSslCertificatePrivate::certificatesFromPem(const QByteArray &pem, int count)
{
QList<QSslCertificate> certificates;
QSslSocketPrivate::ensureInitialized();
int offset = 0;
while (count == -1 || certificates.size() < count) {
int startPos = pem.indexOf(BEGINCERTSTRING, offset);
if (startPos == -1)
break;
startPos += sizeof(BEGINCERTSTRING) - 1;
if (!matchLineFeed(pem, &startPos))
break;
int endPos = pem.indexOf(ENDCERTSTRING, startPos);
if (endPos == -1)
break;
offset = endPos + sizeof(ENDCERTSTRING) - 1;
if (offset < pem.size() && !matchLineFeed(pem, &offset))
break;
QByteArray decoded = QByteArray::fromBase64(
QByteArray::fromRawData(pem.data() + startPos, endPos - startPos));
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
const unsigned char *data = (const unsigned char *)decoded.data();
#else
unsigned char *data = (unsigned char *)decoded.data();
#endif
if (X509 *x509 = q_d2i_X509(0, &data, decoded.size())) {
certificates << QSslCertificate_from_X509(x509);
q_X509_free(x509);
}
}
return certificates;
}
QList<QSslCertificate> QSslCertificatePrivate::certificatesFromDer(const QByteArray &der, int count)
{
QList<QSslCertificate> certificates;
QSslSocketPrivate::ensureInitialized();
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
const unsigned char *data = (const unsigned char *)der.data();
#else
unsigned char *data = (unsigned char *)der.data();
#endif
int size = der.size();
while (count == -1 || certificates.size() < count) {
if (X509 *x509 = q_d2i_X509(0, &data, size)) {
certificates << QSslCertificate_from_X509(x509);
q_X509_free(x509);
} else {
break;
}
size -= ((char *)data - der.data());
}
return certificates;
}
QT_END_NAMESPACE

19
src/network/ssl/qsslcertificate_p.h
View File

@ -1,6 +1,6 @@
/****************************************************************************
**
** Copyright (C) 2013 Digia Plc and/or its subsidiary(-ies).
** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
** Contact: http://www.qt-project.org/legal
**
** This file is part of the QtNetwork module of the Qt Toolkit.
@ -40,8 +40,8 @@
****************************************************************************/
#ifndef QSSLCERTIFICATE_P_H
#define QSSLCERTIFICATE_P_H
#ifndef QSSLCERTIFICATE_OPENSSL_P_H
#define QSSLCERTIFICATE_OPENSSL_P_H
#include "qsslcertificate.h"
@ -61,10 +61,18 @@
#include <QtCore/qdatetime.h>
#include <QtCore/qmap.h>
#ifndef QT_NO_OPENSSL
#include <openssl/x509.h>
#else
struct X509;
struct X509_EXTENSION;
struct ASN1_OBJECT;
#endif
QT_BEGIN_NAMESPACE
// forward declaration
class QSslCertificatePrivate
{
public:
@ -76,8 +84,10 @@ public:
~QSslCertificatePrivate()
{
#ifndef QT_NO_OPENSSL
if (x509)
q_X509_free(x509);
#endif
}
bool null;
@ -102,6 +112,7 @@ public:
static QList<QSslCertificate> certificatesFromDer(const QByteArray &der, int count = -1);
static bool isBlacklisted(const QSslCertificate &certificate);
static QSslCertificateExtension convertExtension(X509_EXTENSION *ext);
static QByteArray subjectInfoToString(QSslCertificate::SubjectInfo info);
friend class QSslSocketBackendPrivate;
@ -110,4 +121,4 @@ public:
QT_END_NAMESPACE
#endif
#endif // QSSLCERTIFICATE_OPENSSL_P_H

4
src/network/ssl/qsslcontext.cpp → src/network/ssl/qsslcontext_openssl.cpp
View File

@ -1,6 +1,6 @@
/****************************************************************************
**
** Copyright (C) 2013 Digia Plc and/or its subsidiary(-ies).
** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
** Copyright (C) 2014 BlackBerry Limited. All rights reserved.
** Contact: http://www.qt-project.org/legal
**
@ -44,7 +44,7 @@
#include <QtNetwork/qsslsocket.h>
#include <QtCore/qmutex.h>
#include "private/qsslcontext_p.h"
#include "private/qsslcontext_openssl_p.h"
#include "private/qsslsocket_p.h"
#include "private/qsslsocket_openssl_p.h"
#include "private/qsslsocket_openssl_symbols_p.h"

8
src/network/ssl/qsslcontext_p.h → src/network/ssl/qsslcontext_openssl_p.h
View File

@ -1,6 +1,6 @@
/****************************************************************************
**
** Copyright (C) 2013 Digia Plc and/or its subsidiary(-ies).
** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
** Copyright (C) 2014 BlackBerry Limited. All rights reserved.
** Contact: http://www.qt-project.org/legal
**
@ -41,8 +41,8 @@
****************************************************************************/
#ifndef QSSLCONTEXT_H
#define QSSLCONTEXT_H
#ifndef QSSLCONTEXT_OPENSSL_P_H
#define QSSLCONTEXT_OPENSSL_P_H
#include <QtCore/qvariant.h>
#include <QtNetwork/qsslcertificate.h>
@ -110,4 +110,4 @@ private:
QT_END_NAMESPACE
#endif // QSSLCONTEXT_H
#endif // QSSLCONTEXT_OPENSSL_P_H

218
src/network/ssl/qsslkey_openssl.cpp Normal file
View File

@ -0,0 +1,218 @@
/****************************************************************************
**
** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
** Contact: http://www.qt-project.org/legal
**
** This file is part of the QtNetwork module of the Qt Toolkit.
**
** $QT_BEGIN_LICENSE:LGPL$
** Commercial License Usage
** Licensees holding valid commercial Qt licenses may use this file in
** accordance with the commercial license agreement provided with the
** Software or, alternatively, in accordance with the terms contained in
** a written agreement between you and Digia. For licensing terms and
** conditions see http://qt.digia.com/licensing. For further information
** use the contact form at http://qt.digia.com/contact-us.
**
** GNU Lesser General Public License Usage
** Alternatively, this file may be used under the terms of the GNU Lesser
** General Public License version 2.1 as published by the Free Software
** Foundation and appearing in the file LICENSE.LGPL included in the
** packaging of this file. Please review the following information to
** ensure the GNU Lesser General Public License version 2.1 requirements
** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
**
** In addition, as a special exception, Digia gives you certain additional
** rights. These rights are described in the Digia Qt LGPL Exception
** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
**
** GNU General Public License Usage
** Alternatively, this file may be used under the terms of the GNU
** General Public License version 3.0 as published by the Free Software
** Foundation and appearing in the file LICENSE.GPL included in the
** packaging of this file. Please review the following information to
** ensure the GNU General Public License version 3.0 requirements will be
** met: http://www.gnu.org/copyleft/gpl.html.
**
**
** $QT_END_LICENSE$
**
****************************************************************************/
#include "qsslkey.h"
#include "qsslkey_p.h"
#include "qsslsocket_openssl_symbols_p.h"
#include "qsslsocket.h"
#include "qsslsocket_p.h"
#include <QtCore/qatomic.h>
#include <QtCore/qbytearray.h>
#include <QtCore/qiodevice.h>
#ifndef QT_NO_DEBUG_STREAM
#include <QtCore/qdebug.h>
#endif
QT_BEGIN_NAMESPACE
void QSslKeyPrivate::clear(bool deep)
{
isNull = true;
if (!QSslSocket::supportsSsl())
return;
if (rsa) {
if (deep)
q_RSA_free(rsa);
rsa = 0;
}
if (dsa) {
if (deep)
q_DSA_free(dsa);
dsa = 0;
}
if (opaque) {
if (deep)
q_EVP_PKEY_free(opaque);
opaque = 0;
}
}
bool QSslKeyPrivate::fromEVP_PKEY(EVP_PKEY *pkey)
{
if (pkey->type == EVP_PKEY_RSA) {
isNull = false;
algorithm = QSsl::Rsa;
type = QSsl::PrivateKey;
rsa = q_RSA_new();
memcpy(rsa, q_EVP_PKEY_get1_RSA(pkey), sizeof(RSA));
return true;
}
else if (pkey->type == EVP_PKEY_DSA) {
isNull = false;
algorithm = QSsl::Dsa;
type = QSsl::PrivateKey;
dsa = q_DSA_new();
memcpy(rsa, q_EVP_PKEY_get1_DSA(pkey), sizeof(DSA));
return true;
}
else {
// Unknown key type. This could be handled as opaque, but then
// we'd eventually leak memory since we wouldn't be able to free
// the underlying EVP_PKEY structure. For now, we won't support
// this.
}
return false;
}
void QSslKeyPrivate::decodePem(const QByteArray &pem, const QByteArray &passPhrase,
bool deepClear)
{
if (pem.isEmpty())
return;
clear(deepClear);
if (!QSslSocket::supportsSsl())
return;
BIO *bio = q_BIO_new_mem_buf(const_cast<char *>(pem.data()), pem.size());
if (!bio)
return;
void *phrase = (void *)passPhrase.constData();
if (algorithm == QSsl::Rsa) {
RSA *result = (type == QSsl::PublicKey)
? q_PEM_read_bio_RSA_PUBKEY(bio, &rsa, 0, phrase)
: q_PEM_read_bio_RSAPrivateKey(bio, &rsa, 0, phrase);
if (rsa && rsa == result)
isNull = false;
} else {
DSA *result = (type == QSsl::PublicKey)
? q_PEM_read_bio_DSA_PUBKEY(bio, &dsa, 0, phrase)
: q_PEM_read_bio_DSAPrivateKey(bio, &dsa, 0, phrase);
if (dsa && dsa == result)
isNull = false;
}
q_BIO_free(bio);
}
int QSslKeyPrivate::length() const
{
if (isNull || algorithm == QSsl::Opaque)
return -1;
return (algorithm == QSsl::Rsa)
? q_BN_num_bits(rsa->n) : q_BN_num_bits(dsa->p);
}
QByteArray QSslKeyPrivate::toPem(const QByteArray &passPhrase) const
{
if (!QSslSocket::supportsSsl() || isNull || algorithm == QSsl::Opaque)
return QByteArray();
BIO *bio = q_BIO_new(q_BIO_s_mem());
if (!bio)
return QByteArray();
bool fail = false;
if (algorithm == QSsl::Rsa) {
if (type == QSsl::PublicKey) {
if (!q_PEM_write_bio_RSA_PUBKEY(bio, rsa))
fail = true;
} else {
if (!q_PEM_write_bio_RSAPrivateKey(
bio, rsa,
// ### the cipher should be selectable in the API:
passPhrase.isEmpty() ? (const EVP_CIPHER *)0 : q_EVP_des_ede3_cbc(),
(uchar *)passPhrase.data(), passPhrase.size(), 0, 0)) {
fail = true;
}
}
} else {
if (type == QSsl::PublicKey) {
if (!q_PEM_write_bio_DSA_PUBKEY(bio, dsa))
fail = true;
} else {
if (!q_PEM_write_bio_DSAPrivateKey(
bio, dsa,
// ### the cipher should be selectable in the API:
passPhrase.isEmpty() ? (const EVP_CIPHER *)0 : q_EVP_des_ede3_cbc(),
(uchar *)passPhrase.data(), passPhrase.size(), 0, 0)) {
fail = true;
}
}
}
QByteArray pem;
if (!fail) {
char *data;
long size = q_BIO_get_mem_data(bio, &data);
pem = QByteArray(data, size);
}
q_BIO_free(bio);
return pem;
}
Qt::HANDLE QSslKeyPrivate::handle() const
{
switch (algorithm) {
case QSsl::Opaque:
return Qt::HANDLE(opaque);
case QSsl::Rsa:
return Qt::HANDLE(rsa);
case QSsl::Dsa:
return Qt::HANDLE(dsa);
default:
return Qt::HANDLE(NULL);
}
}
QT_END_NAMESPACE

155
src/network/ssl/qsslkey.cpp → src/network/ssl/qsslkey_p.cpp
View File

@ -1,6 +1,6 @@
/****************************************************************************
**
** Copyright (C) 2013 Digia Plc and/or its subsidiary(-ies).
** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
** Contact: http://www.qt-project.org/legal
**
** This file is part of the QtNetwork module of the Qt Toolkit.
@ -58,7 +58,6 @@
#include "qsslkey.h"
#include "qsslkey_p.h"
#include "qsslsocket_openssl_symbols_p.h"
#include "qsslsocket.h"
#include "qsslsocket_p.h"
@ -72,63 +71,13 @@
QT_BEGIN_NAMESPACE
/*!
\fn void QSslKeyPrivate::clear(bool deep)
\internal
*/
void QSslKeyPrivate::clear(bool deep)
{
isNull = true;
if (!QSslSocket::supportsSsl())
return;
if (rsa) {
if (deep)
q_RSA_free(rsa);
rsa = 0;
}
if (dsa) {
if (deep)
q_DSA_free(dsa);
dsa = 0;
}
if (opaque) {
if (deep)
q_EVP_PKEY_free(opaque);
opaque = 0;
}
}
bool QSslKeyPrivate::fromEVP_PKEY(EVP_PKEY *pkey)
{
if (pkey->type == EVP_PKEY_RSA) {
isNull = false;
algorithm = QSsl::Rsa;
type = QSsl::PrivateKey;
rsa = q_RSA_new();
memcpy(rsa, q_EVP_PKEY_get1_RSA(pkey), sizeof(RSA));
return true;
}
else if (pkey->type == EVP_PKEY_DSA) {
isNull = false;
algorithm = QSsl::Dsa;
type = QSsl::PrivateKey;
dsa = q_DSA_new();
memcpy(rsa, q_EVP_PKEY_get1_DSA(pkey), sizeof(DSA));
return true;
}
else {
// Unknown key type. This could be handled as opaque, but then
// we'd eventually leak memory since we wouldn't be able to free
// the underlying EVP_PKEY structure. For now, we won't support
// this.
}
return false;
}
/*!
\fn void QSslKeyPrivate::decodePem(const QByteArray &pem, const QByteArray &passPhrase,
bool deepClear)
\internal
Allocates a new rsa or dsa struct and decodes \a pem into it
@ -141,39 +90,6 @@ bool QSslKeyPrivate::fromEVP_PKEY(EVP_PKEY *pkey)
If \a passPhrase is non-empty, it will be used for decrypting
\a pem.
*/
void QSslKeyPrivate::decodePem(const QByteArray &pem, const QByteArray &passPhrase,
bool deepClear)
{
if (pem.isEmpty())
return;
clear(deepClear);
if (!QSslSocket::supportsSsl())
return;
BIO *bio = q_BIO_new_mem_buf(const_cast<char *>(pem.data()), pem.size());
if (!bio)
return;
void *phrase = (void *)passPhrase.constData();
if (algorithm == QSsl::Rsa) {
RSA *result = (type == QSsl::PublicKey)
? q_PEM_read_bio_RSA_PUBKEY(bio, &rsa, 0, phrase)
: q_PEM_read_bio_RSAPrivateKey(bio, &rsa, 0, phrase);
if (rsa && rsa == result)
isNull = false;
} else {
DSA *result = (type == QSsl::PublicKey)
? q_PEM_read_bio_DSA_PUBKEY(bio, &dsa, 0, phrase)
: q_PEM_read_bio_DSAPrivateKey(bio, &dsa, 0, phrase);
if (dsa && dsa == result)
isNull = false;
}
q_BIO_free(bio);
}
/*!
Constructs a null key.
@ -378,11 +294,7 @@ void QSslKey::clear()
*/
int QSslKey::length() const
{
if (d->isNull || d->algorithm == QSsl::Opaque)
return -1;
return (d->algorithm == QSsl::Rsa)
? q_BN_num_bits(d->rsa->n) : q_BN_num_bits(d->dsa->p);
return d->length();
}
/*!
@ -422,51 +334,7 @@ QByteArray QSslKey::toDer(const QByteArray &passPhrase) const
*/
QByteArray QSslKey::toPem(const QByteArray &passPhrase) const
{
if (!QSslSocket::supportsSsl() || d->isNull || d->algorithm == QSsl::Opaque)
return QByteArray();
BIO *bio = q_BIO_new(q_BIO_s_mem());
if (!bio)
return QByteArray();
bool fail = false;
if (d->algorithm == QSsl::Rsa) {
if (d->type == QSsl::PublicKey) {
if (!q_PEM_write_bio_RSA_PUBKEY(bio, d->rsa))
fail = true;
} else {
if (!q_PEM_write_bio_RSAPrivateKey(
bio, d->rsa,
// ### the cipher should be selectable in the API:
passPhrase.isEmpty() ? (const EVP_CIPHER *)0 : q_EVP_des_ede3_cbc(),
(uchar *)passPhrase.data(), passPhrase.size(), 0, 0)) {
fail = true;
}
}
} else {
if (d->type == QSsl::PublicKey) {
if (!q_PEM_write_bio_DSA_PUBKEY(bio, d->dsa))
fail = true;
} else {
if (!q_PEM_write_bio_DSAPrivateKey(
bio, d->dsa,
// ### the cipher should be selectable in the API:
passPhrase.isEmpty() ? (const EVP_CIPHER *)0 : q_EVP_des_ede3_cbc(),
(uchar *)passPhrase.data(), passPhrase.size(), 0, 0)) {
fail = true;
}
}
}
QByteArray pem;
if (!fail) {
char *data;
long size = q_BIO_get_mem_data(bio, &data);
pem = QByteArray(data, size);
}
q_BIO_free(bio);
return pem;
return d->toPem(passPhrase);
}
/*!
@ -482,16 +350,7 @@ QByteArray QSslKey::toPem(const QByteArray &passPhrase) const
*/
Qt::HANDLE QSslKey::handle() const
{
switch (d->algorithm) {
case QSsl::Opaque:
return Qt::HANDLE(d->opaque);
case QSsl::Rsa:
return Qt::HANDLE(d->rsa);
case QSsl::Dsa:
return Qt::HANDLE(d->dsa);
default:
return Qt::HANDLE(NULL);
}
return d->handle();
}
/*!

18
src/network/ssl/qsslkey_p.h
View File

@ -1,6 +1,6 @@
/****************************************************************************
**
** Copyright (C) 2013 Digia Plc and/or its subsidiary(-ies).
** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
** Contact: http://www.qt-project.org/legal
**
** This file is part of the QtNetwork module of the Qt Toolkit.
@ -40,8 +40,8 @@
****************************************************************************/
#ifndef QSSLKEY_P_H
#define QSSLKEY_P_H
#ifndef QSSLKEY_OPENSSL_P_H
#define QSSLKEY_OPENSSL_P_H
#include "qsslkey.h"
@ -58,8 +58,14 @@
#include "qsslsocket_p.h" // includes wincrypt.h
#ifndef QT_NO_OPENSSL
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#else
struct RSA;
struct DSA;
struct EVP_PKEY;
#endif
QT_BEGIN_NAMESPACE
@ -87,6 +93,10 @@ public:
QByteArray pemFromDer(const QByteArray &der) const;
QByteArray derFromPem(const QByteArray &pem) const;
int length() const;
QByteArray toPem(const QByteArray &passPhrase) const;
Qt::HANDLE handle() const;
bool isNull;
QSsl::KeyType type;
QSsl::KeyAlgorithm algorithm;
@ -102,4 +112,4 @@ private:
QT_END_NAMESPACE
#endif // QSSLKEY_P_H
#endif // QSSLKEY_OPENSSL_P_H

4
src/network/ssl/qsslsocket.cpp
View File

@ -1,6 +1,6 @@
/****************************************************************************
**
** Copyright (C) 2013 Digia Plc and/or its subsidiary(-ies).
** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
** Copyright (C) 2014 BlackBerry Limited. All rights reserved.
** Contact: http://www.qt-project.org/legal
**
@ -291,7 +291,9 @@
#include "qsslsocket.h"
#include "qsslcipher.h"
#ifndef QT_NO_OPENSSL
#include "qsslsocket_openssl_p.h"
#endif
#include "qsslconfiguration_p.h"
#include <QtCore/qdebug.h>

4
src/network/ssl/qsslsocket_p.h
View File

@ -59,7 +59,9 @@
#include <private/qtcpsocket_p.h>
#include "qsslkey.h"
#include "qsslconfiguration_p.h"
#include <private/qsslcontext_p.h>
#ifndef QT_NO_OPENSSL
#include <private/qsslcontext_openssl_p.h>
#endif
#include <QtCore/qstringlist.h>

13
src/network/ssl/ssl.pri
View File

@ -3,30 +3,33 @@ contains(QT_CONFIG, openssl) | contains(QT_CONFIG, openssl-linked) {
HEADERS += ssl/qssl.h \
ssl/qsslcertificate.h \
ssl/qsslcertificate_p.h \
ssl/qsslconfiguration.h \
ssl/qsslconfiguration.h \
ssl/qsslconfiguration_p.h \
ssl/qsslcipher.h \
ssl/qsslcipher_p.h \
ssl/qsslerror.h \
ssl/qsslkey.h \
ssl/qsslkey_p.h \
ssl/qsslsocket.h \
ssl/qsslsocket_openssl_p.h \
ssl/qsslsocket_openssl_symbols_p.h \
ssl/qsslsocket_p.h \
ssl/qsslcertificateextension.h \
ssl/qsslcertificateextension_p.h \
ssl/qsslcontext_p.h
ssl/qsslcontext_openssl_p.h
SOURCES += ssl/qssl.cpp \
ssl/qsslcertificate.cpp \
ssl/qsslconfiguration.cpp \
ssl/qsslcertificate_openssl.cpp \
ssl/qsslconfiguration.cpp \
ssl/qsslcipher.cpp \
ssl/qsslkey_p.cpp \
ssl/qsslerror.cpp \
ssl/qsslkey.cpp \
ssl/qsslkey_openssl.cpp \
ssl/qsslsocket.cpp \
ssl/qsslsocket_openssl.cpp \
ssl/qsslsocket_openssl_symbols.cpp \
ssl/qsslcertificateextension.cpp \
ssl/qsslcontext.cpp
ssl/qsslcontext_openssl.cpp
android:!android-no-sdk: SOURCES += ssl/qsslsocket_openssl_android.cpp