Convert tst_QSslSocket to work with Docker
Change-Id: Ifb075763e3a0c6c08677dd2ae7febbbc8e4e48a9 Reviewed-by: Ryan Chu <ryan.chu@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This commit is contained in:
Timur Pocheptsov
parent
2412cfac51
commit
8d4e8217fd
@ -0,0 +1,16 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIClTCCAf4CCQC2xMhNhwvATDANBgkqhkiG9w0BAQQFADCBjjELMAkGA1UEChMC
|
||||
UXQxGTAXBgNVBAsTEENvcmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5v
|
||||
Ym9keS5xdC5pbzENMAsGA1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UE
|
||||
BhMCTk8xHDAaBgNVBAMUEyoudGVzdC1uZXQucXQubG9jYWwwHhcNMTgwNzAxMTgz
|
||||
NjI3WhcNNDgwNjIzMTgzNjI3WjCBjjELMAkGA1UEChMCUXQxGTAXBgNVBAsTEENv
|
||||
cmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5vYm9keS5xdC5pbzENMAsG
|
||||
A1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UEBhMCTk8xHDAaBgNVBAMU
|
||||
EyoudGVzdC1uZXQucXQubG9jYWwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
|
||||
AM2q22/WNMmn8cC+5EEYGeICySLmp9W6Ay6eKHr0Xxp3X3epETuPfvAuxp7rOtkS
|
||||
18EMUegkUj8jw0IMEcbyHKFC/rTCaYOt93CxGBXMIChiMPAsFeYzGa/D6xzAkfcR
|
||||
aJRQ+Ek3CDLXPnXfo7xpABXezYcPXAJrgsgBfWrwHdxzAgMBAAEwDQYJKoZIhvcN
|
||||
AQEEBQADgYEAZu/lQPy8PXeyyYGamOVms/FZKJ48BH1y8KC3BeBU5FYnhvgG7pz8
|
||||
Wz9JKvt2t/r45wQeAkNL6HnGUBhPJsHMjPHl5KktqN+db3D+FQygBeS2V1+zmC0X
|
||||
UZNRE4aWiHvt1Lq+pTx89SOMOpfqWfh4qTQKiE5jC2V4DeCNQ3u7uI8=
|
||||
-----END CERTIFICATE-----
|
||||
@ -18,3 +18,10 @@ TESTDATA += certs
|
||||
DEFINES += SRCDIR=\\\"$$PWD/\\\"
|
||||
|
||||
requires(qtConfig(private_tests))
|
||||
|
||||
# DOCKERTODO: it's 'linux' because it requires cyrus, which
|
||||
# is linux-only for now ...
|
||||
linux {
|
||||
QT_TEST_SERVER_LIST = squid danted cyrus apache2 echo
|
||||
include($$dirname(_QMAKE_CONF_)/tests/auto/testserver.pri)
|
||||
}
|
||||
|
||||
@ -310,6 +310,21 @@ Q_DECLARE_METATYPE(tst_QSslSocket::PskConnectTestType)
|
||||
|
||||
int tst_QSslSocket::loopLevel = 0;
|
||||
|
||||
namespace {
|
||||
|
||||
QString httpServerCertChainPath()
|
||||
{
|
||||
// DOCKERTODO: note how we use CA certificate on the real server. The docker container
|
||||
// is using a different cert with a "special" CN. Check if it's important!
|
||||
#ifdef QT_TEST_SERVER
|
||||
return tst_QSslSocket::testDataDir + QStringLiteral("certs/qt-test-server-cert.pem");
|
||||
#else
|
||||
return tst_QSslSocket::testDataDir + QStringLiteral("certs/qt-test-server-cacert.pem");
|
||||
#endif // QT_TEST_SERVER
|
||||
}
|
||||
|
||||
} // unnamed namespace
|
||||
|
||||
tst_QSslSocket::tst_QSslSocket()
|
||||
{
|
||||
#ifndef QT_NO_SSL
|
||||
@ -363,8 +378,19 @@ void tst_QSslSocket::initTestCase()
|
||||
qDebug("Using SSL library %s (%ld)",
|
||||
qPrintable(QSslSocket::sslLibraryVersionString()),
|
||||
QSslSocket::sslLibraryVersionNumber());
|
||||
#ifdef QT_TEST_SERVER
|
||||
QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1080));
|
||||
QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1081));
|
||||
QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3128));
|
||||
QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3129));
|
||||
QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3130));
|
||||
QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpServerName(), 443));
|
||||
QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::imapServerName(), 993));
|
||||
QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::echoServerName(), 13));
|
||||
#else
|
||||
QVERIFY(QtNetworkSettings::verifyTestNetworkSettings());
|
||||
#endif
|
||||
#endif // QT_TEST_SERVER
|
||||
#endif // QT_NO_SSL
|
||||
}
|
||||
|
||||
void tst_QSslSocket::init()
|
||||
@ -373,28 +399,29 @@ void tst_QSslSocket::init()
|
||||
if (setProxy) {
|
||||
#ifndef QT_NO_NETWORKPROXY
|
||||
QFETCH_GLOBAL(int, proxyType);
|
||||
QString fluke = QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString();
|
||||
const QString socksProxyAddr = QtNetworkSettings::socksProxyServerIp().toString();
|
||||
const QString httpProxyAddr = QtNetworkSettings::httpProxyServerIp().toString();
|
||||
QNetworkProxy proxy;
|
||||
|
||||
switch (proxyType) {
|
||||
case Socks5Proxy:
|
||||
proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, fluke, 1080);
|
||||
proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, socksProxyAddr, 1080);
|
||||
break;
|
||||
|
||||
case Socks5Proxy | AuthBasic:
|
||||
proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, fluke, 1081);
|
||||
proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, socksProxyAddr, 1081);
|
||||
break;
|
||||
|
||||
case HttpProxy | NoAuth:
|
||||
proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3128);
|
||||
proxy = QNetworkProxy(QNetworkProxy::HttpProxy, httpProxyAddr, 3128);
|
||||
break;
|
||||
|
||||
case HttpProxy | AuthBasic:
|
||||
proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3129);
|
||||
proxy = QNetworkProxy(QNetworkProxy::HttpProxy, httpProxyAddr, 3129);
|
||||
break;
|
||||
|
||||
case HttpProxy | AuthNtlm:
|
||||
proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3130);
|
||||
proxy = QNetworkProxy(QNetworkProxy::HttpProxy, httpProxyAddr, 3130);
|
||||
break;
|
||||
}
|
||||
QNetworkProxy::setApplicationProxy(proxy);
|
||||
@ -555,7 +582,7 @@ void tst_QSslSocket::simpleConnect()
|
||||
connect(&socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(exitLoop()));
|
||||
|
||||
// Start connecting
|
||||
socket.connectToHost(QtNetworkSettings::serverName(), 993);
|
||||
socket.connectToHost(QtNetworkSettings::imapServerName(), 993);
|
||||
QCOMPARE(socket.state(), QAbstractSocket::HostLookupState);
|
||||
enterLoop(10);
|
||||
|
||||
@ -610,7 +637,7 @@ void tst_QSslSocket::simpleConnectWithIgnore()
|
||||
connect(&socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(exitLoop()));
|
||||
|
||||
// Start connecting
|
||||
socket.connectToHost(QtNetworkSettings::serverName(), 993);
|
||||
socket.connectToHost(QtNetworkSettings::imapServerName(), 993);
|
||||
QVERIFY(socket.state() != QAbstractSocket::UnconnectedState); // something must be in progress
|
||||
enterLoop(10);
|
||||
|
||||
@ -642,7 +669,7 @@ void tst_QSslSocket::sslErrors_data()
|
||||
QString name = QtNetworkSettings::serverLocalName();
|
||||
QTest::newRow(qPrintable(name)) << name << 993;
|
||||
|
||||
name = QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString();
|
||||
name = QtNetworkSettings::httpServerIp().toString();
|
||||
QTest::newRow(qPrintable(name)) << name << 443;
|
||||
}
|
||||
|
||||
@ -659,7 +686,20 @@ void tst_QSslSocket::sslErrors()
|
||||
QSignalSpy sslErrorsSpy(socket.data(), SIGNAL(sslErrors(QList<QSslError>)));
|
||||
QSignalSpy peerVerifyErrorSpy(socket.data(), SIGNAL(peerVerifyError(QSslError)));
|
||||
|
||||
socket->connectToHostEncrypted(host, port);
|
||||
#ifdef QT_TEST_SERVER
|
||||
// On the old test server we had the same certificate on different services.
|
||||
// The idea of this test is to fail with 'HostNameMismatch', when we're using
|
||||
// either serverLocalName() or IP address directly. With Docker we connect
|
||||
// to IMAP server, and we have to connect using imapServerName() and passing
|
||||
// 'host' as peerVerificationName to the overload of connectToHostEncrypted().
|
||||
if (port == 993) {
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::imapServerName(), port, host);
|
||||
} else
|
||||
#endif // QT_TEST_SERVER
|
||||
{
|
||||
socket->connectToHostEncrypted(host, port);
|
||||
}
|
||||
|
||||
if (!socket->waitForConnected())
|
||||
QSKIP("Skipping flaky test - See QTBUG-29941");
|
||||
socket->waitForEncrypted(10000);
|
||||
@ -739,13 +779,13 @@ void tst_QSslSocket::connectToHostEncrypted()
|
||||
socket->setProtocol(QSsl::SslProtocol::TlsV1_1);
|
||||
#endif
|
||||
this->socket = socket.data();
|
||||
QVERIFY(socket->addCaCertificates(testDataDir + "certs/qt-test-server-cacert.pem"));
|
||||
QVERIFY(socket->addCaCertificates(httpServerCertChainPath()));
|
||||
#ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND
|
||||
connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)),
|
||||
this, SLOT(untrustedWorkaroundSlot(QList<QSslError>)));
|
||||
#endif
|
||||
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
|
||||
// This should pass unconditionally when using fluke's CA certificate.
|
||||
// or use untrusted certificate workaround
|
||||
@ -758,7 +798,7 @@ void tst_QSslSocket::connectToHostEncrypted()
|
||||
|
||||
QCOMPARE(socket->mode(), QSslSocket::SslClientMode);
|
||||
|
||||
socket->connectToHost(QtNetworkSettings::serverName(), 13);
|
||||
socket->connectToHost(QtNetworkSettings::echoServerName(), 13);
|
||||
|
||||
QCOMPARE(socket->mode(), QSslSocket::UnencryptedMode);
|
||||
|
||||
@ -776,14 +816,18 @@ void tst_QSslSocket::connectToHostEncryptedWithVerificationPeerName()
|
||||
#endif
|
||||
this->socket = socket.data();
|
||||
|
||||
socket->addCaCertificates(testDataDir + "certs/qt-test-server-cacert.pem");
|
||||
socket->addCaCertificates(httpServerCertChainPath());
|
||||
#ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND
|
||||
connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)),
|
||||
this, SLOT(untrustedWorkaroundSlot(QList<QSslError>)));
|
||||
#endif
|
||||
|
||||
// connect to the server with its local name, but use the full name for verification.
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverLocalName(), 443, QtNetworkSettings::serverName());
|
||||
#ifdef QT_TEST_SERVER
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443, QtNetworkSettings::httpServerName());
|
||||
#else
|
||||
// Connect to the server with its local name, but use the full name for verification.
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverLocalName(), 443, QtNetworkSettings::httpServerName());
|
||||
#endif
|
||||
|
||||
// This should pass unconditionally when using fluke's CA certificate.
|
||||
QFETCH_GLOBAL(bool, setProxy);
|
||||
@ -805,7 +849,7 @@ void tst_QSslSocket::sessionCipher()
|
||||
this->socket = socket.data();
|
||||
connect(socket.data(), SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot()));
|
||||
QVERIFY(socket->sessionCipher().isNull());
|
||||
socket->connectToHost(QtNetworkSettings::serverName(), 443 /* https */);
|
||||
socket->connectToHost(QtNetworkSettings::httpServerName(), 443 /* https */);
|
||||
QVERIFY2(socket->waitForConnected(10000), qPrintable(socket->errorString()));
|
||||
QVERIFY(socket->sessionCipher().isNull());
|
||||
socket->startClientEncryption();
|
||||
@ -840,12 +884,12 @@ void tst_QSslSocket::localCertificate()
|
||||
// values. This test should just run the codepath inside qsslsocket_openssl.cpp
|
||||
|
||||
QSslSocketPtr socket = newSocket();
|
||||
QList<QSslCertificate> localCert = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem");
|
||||
QList<QSslCertificate> localCert = QSslCertificate::fromPath(httpServerCertChainPath());
|
||||
socket->setCaCertificates(localCert);
|
||||
socket->setLocalCertificate(testDataDir + "certs/fluke.cert");
|
||||
socket->setPrivateKey(testDataDir + "certs/fluke.key");
|
||||
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
QFETCH_GLOBAL(bool, setProxy);
|
||||
if (setProxy && !socket->waitForEncrypted(10000))
|
||||
QSKIP("Skipping flaky test - See QTBUG-29941");
|
||||
@ -868,8 +912,7 @@ void tst_QSslSocket::peerCertificateChain()
|
||||
|
||||
QSslSocketPtr socket = newSocket();
|
||||
this->socket = socket.data();
|
||||
|
||||
QList<QSslCertificate> caCertificates = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem");
|
||||
QList<QSslCertificate> caCertificates = QSslCertificate::fromPath(httpServerCertChainPath());
|
||||
QCOMPARE(caCertificates.count(), 1);
|
||||
socket->addCaCertificates(caCertificates);
|
||||
#ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND
|
||||
@ -877,7 +920,7 @@ void tst_QSslSocket::peerCertificateChain()
|
||||
this, SLOT(untrustedWorkaroundSlot(QList<QSslError>)));
|
||||
#endif
|
||||
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
QCOMPARE(socket->mode(), QSslSocket::UnencryptedMode);
|
||||
QVERIFY(socket->peerCertificateChain().isEmpty());
|
||||
QFETCH_GLOBAL(bool, setProxy);
|
||||
@ -906,7 +949,7 @@ void tst_QSslSocket::peerCertificateChain()
|
||||
QVERIFY(socket->waitForDisconnected());
|
||||
|
||||
// now do it again back to the original server
|
||||
socket->connectToHost(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHost(QtNetworkSettings::httpServerName(), 443);
|
||||
QCOMPARE(socket->mode(), QSslSocket::UnencryptedMode);
|
||||
QVERIFY(socket->peerCertificateChain().isEmpty());
|
||||
QVERIFY2(socket->waitForConnected(10000), qPrintable(socket->errorString()));
|
||||
@ -945,13 +988,13 @@ void tst_QSslSocket::privateKeyOpaque()
|
||||
// values. This test should just run the codepath inside qsslsocket_openssl.cpp
|
||||
|
||||
QSslSocketPtr socket = newSocket();
|
||||
QList<QSslCertificate> localCert = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem");
|
||||
QList<QSslCertificate> localCert = QSslCertificate::fromPath(httpServerCertChainPath());
|
||||
socket->setCaCertificates(localCert);
|
||||
socket->setLocalCertificate(testDataDir + "certs/fluke.cert");
|
||||
socket->setPrivateKey(QSslKey(reinterpret_cast<Qt::HANDLE>(pkey)));
|
||||
|
||||
socket->setPeerVerifyMode(QSslSocket::QueryPeer);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
QFETCH_GLOBAL(bool, setProxy);
|
||||
if (setProxy && !socket->waitForEncrypted(10000))
|
||||
QSKIP("Skipping flaky test - See QTBUG-29941");
|
||||
@ -965,7 +1008,7 @@ void tst_QSslSocket::protocol()
|
||||
|
||||
QSslSocketPtr socket = newSocket();
|
||||
this->socket = socket.data();
|
||||
QList<QSslCertificate> certs = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem");
|
||||
QList<QSslCertificate> certs = QSslCertificate::fromPath(httpServerCertChainPath());
|
||||
|
||||
socket->setCaCertificates(certs);
|
||||
#ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND
|
||||
@ -979,13 +1022,13 @@ void tst_QSslSocket::protocol()
|
||||
// qt-test-server allows TLSV1.
|
||||
socket->setProtocol(QSsl::TlsV1_0);
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1_0);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
if (setProxy && !socket->waitForEncrypted())
|
||||
QSKIP("Skipping flaky test - See QTBUG-29941");
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1_0);
|
||||
socket->abort();
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1_0);
|
||||
socket->connectToHost(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHost(QtNetworkSettings::httpServerName(), 443);
|
||||
QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString()));
|
||||
socket->startClientEncryption();
|
||||
if (setProxy && !socket->waitForEncrypted())
|
||||
@ -998,13 +1041,13 @@ void tst_QSslSocket::protocol()
|
||||
// qt-test-server probably doesn't allow TLSV1.1
|
||||
socket->setProtocol(QSsl::TlsV1_1);
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1_1);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
if (setProxy && !socket->waitForEncrypted())
|
||||
QSKIP("Skipping flaky test - See QTBUG-29941");
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1_1);
|
||||
socket->abort();
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1_1);
|
||||
socket->connectToHost(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHost(QtNetworkSettings::httpServerName(), 443);
|
||||
QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString()));
|
||||
socket->startClientEncryption();
|
||||
if (setProxy && !socket->waitForEncrypted())
|
||||
@ -1016,13 +1059,13 @@ void tst_QSslSocket::protocol()
|
||||
// qt-test-server probably doesn't allows TLSV1.2
|
||||
socket->setProtocol(QSsl::TlsV1_2);
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1_2);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
if (setProxy && !socket->waitForEncrypted())
|
||||
QSKIP("Skipping flaky test - See QTBUG-29941");
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1_2);
|
||||
socket->abort();
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1_2);
|
||||
socket->connectToHost(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHost(QtNetworkSettings::httpServerName(), 443);
|
||||
QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString()));
|
||||
socket->startClientEncryption();
|
||||
if (setProxy && !socket->waitForEncrypted())
|
||||
@ -1036,13 +1079,13 @@ void tst_QSslSocket::protocol()
|
||||
// qt-test-server probably doesn't allow TLSV1.3
|
||||
socket->setProtocol(QSsl::TlsV1_3);
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1_3);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
if (setProxy && !socket->waitForEncrypted())
|
||||
QSKIP("TLS 1.3 is not supported by the test server or the test is flaky - see QTBUG-29941");
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1_3);
|
||||
socket->abort();
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1_3);
|
||||
socket->connectToHost(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHost(QtNetworkSettings::httpServerName(), 443);
|
||||
QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString()));
|
||||
socket->startClientEncryption();
|
||||
if (setProxy && !socket->waitForEncrypted())
|
||||
@ -1055,13 +1098,13 @@ void tst_QSslSocket::protocol()
|
||||
// qt-test-server allows SSLV3, so it allows AnyProtocol.
|
||||
socket->setProtocol(QSsl::AnyProtocol);
|
||||
QCOMPARE(socket->protocol(), QSsl::AnyProtocol);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
if (setProxy && !socket->waitForEncrypted())
|
||||
QSKIP("Skipping flaky test - See QTBUG-29941");
|
||||
QCOMPARE(socket->protocol(), QSsl::AnyProtocol);
|
||||
socket->abort();
|
||||
QCOMPARE(socket->protocol(), QSsl::AnyProtocol);
|
||||
socket->connectToHost(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHost(QtNetworkSettings::httpServerName(), 443);
|
||||
QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString()));
|
||||
socket->startClientEncryption();
|
||||
if (setProxy && !socket->waitForEncrypted())
|
||||
@ -1073,13 +1116,13 @@ void tst_QSslSocket::protocol()
|
||||
// qt-test-server allows TlsV1, so it allows TlsV1SslV3
|
||||
socket->setProtocol(QSsl::TlsV1SslV3);
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1SslV3);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
if (setProxy && !socket->waitForEncrypted())
|
||||
QSKIP("Skipping flaky test - See QTBUG-29941");
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1SslV3);
|
||||
socket->abort();
|
||||
QCOMPARE(socket->protocol(), QSsl::TlsV1SslV3);
|
||||
socket->connectToHost(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHost(QtNetworkSettings::httpServerName(), 443);
|
||||
if (setProxy && !socket->waitForConnected())
|
||||
QSKIP("Skipping flaky test - See QTBUG-29941");
|
||||
socket->startClientEncryption();
|
||||
@ -1491,7 +1534,7 @@ void tst_QSslSocket::setSslConfiguration_data()
|
||||
QTest::newRow("empty") << QSslConfiguration() << false;
|
||||
QSslConfiguration conf = QSslConfiguration::defaultConfiguration();
|
||||
QTest::newRow("default") << conf << false; // does not contain test server cert
|
||||
QList<QSslCertificate> testServerCert = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem");
|
||||
QList<QSslCertificate> testServerCert = QSslCertificate::fromPath(httpServerCertChainPath());
|
||||
conf.setCaCertificates(testServerCert);
|
||||
QTest::newRow("set-root-cert") << conf << true;
|
||||
conf.setProtocol(QSsl::SecureProtocols);
|
||||
@ -1510,7 +1553,7 @@ void tst_QSslSocket::setSslConfiguration()
|
||||
socket->setProtocol(QSsl::SslProtocol::TlsV1_1);
|
||||
#endif
|
||||
this->socket = socket.data();
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
QFETCH(bool, works);
|
||||
QFETCH_GLOBAL(bool, setProxy);
|
||||
if (setProxy && (socket->waitForEncrypted(10000) != works))
|
||||
@ -1530,7 +1573,7 @@ void tst_QSslSocket::waitForEncrypted()
|
||||
this->socket = socket.data();
|
||||
|
||||
connect(this->socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot()));
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
|
||||
QFETCH_GLOBAL(bool, setProxy);
|
||||
if (setProxy && !socket->waitForEncrypted(10000))
|
||||
@ -1549,7 +1592,7 @@ void tst_QSslSocket::waitForEncryptedMinusOne()
|
||||
this->socket = socket.data();
|
||||
|
||||
connect(this->socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot()));
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
|
||||
QFETCH_GLOBAL(bool, setProxy);
|
||||
if (setProxy && !socket->waitForEncrypted(-1))
|
||||
@ -1565,7 +1608,7 @@ void tst_QSslSocket::waitForConnectedEncryptedReadyRead()
|
||||
this->socket = socket.data();
|
||||
|
||||
connect(this->socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot()));
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 993);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::imapServerName(), 993);
|
||||
|
||||
QVERIFY2(socket->waitForConnected(10000), qPrintable(socket->errorString()));
|
||||
QFETCH_GLOBAL(bool, setProxy);
|
||||
@ -1597,7 +1640,7 @@ void tst_QSslSocket::addDefaultCaCertificate()
|
||||
// Reset the global CA chain
|
||||
QSslSocket::setDefaultCaCertificates(QSslSocket::systemCaCertificates());
|
||||
|
||||
QList<QSslCertificate> flukeCerts = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem");
|
||||
QList<QSslCertificate> flukeCerts = QSslCertificate::fromPath(httpServerCertChainPath());
|
||||
QCOMPARE(flukeCerts.size(), 1);
|
||||
QList<QSslCertificate> globalCerts = QSslSocket::defaultCaCertificates();
|
||||
QVERIFY(!globalCerts.contains(flukeCerts.first()));
|
||||
@ -1968,7 +2011,7 @@ void tst_QSslSocket::setReadBufferSize_task_250027()
|
||||
QSslSocketPtr socket = newSocket();
|
||||
socket->setReadBufferSize(1000); // limit to 1 kb/sec
|
||||
socket->ignoreSslErrors();
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
socket->ignoreSslErrors();
|
||||
QVERIFY2(socket->waitForConnected(10*1000), qPrintable(socket->errorString()));
|
||||
if (setProxy && !socket->waitForEncrypted(10*1000))
|
||||
@ -1981,7 +2024,7 @@ void tst_QSslSocket::setReadBufferSize_task_250027()
|
||||
// provoke a response by sending a request
|
||||
socket->write("GET /qtest/fluke.gif HTTP/1.0\n"); // this file is 27 KB
|
||||
socket->write("Host: ");
|
||||
socket->write(QtNetworkSettings::serverName().toLocal8Bit().constData());
|
||||
socket->write(QtNetworkSettings::httpServerName().toLocal8Bit().constData());
|
||||
socket->write("\n");
|
||||
socket->write("Connection: close\n");
|
||||
socket->write("\n");
|
||||
@ -2232,7 +2275,7 @@ void tst_QSslSocket::verifyMode()
|
||||
socket.setPeerVerifyMode(QSslSocket::VerifyPeer);
|
||||
QCOMPARE(socket.peerVerifyMode(), QSslSocket::VerifyPeer);
|
||||
|
||||
socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
if (socket.waitForEncrypted())
|
||||
QSKIP("Skipping flaky test - See QTBUG-29941");
|
||||
|
||||
@ -2271,7 +2314,7 @@ void tst_QSslSocket::verifyDepth()
|
||||
void tst_QSslSocket::disconnectFromHostWhenConnecting()
|
||||
{
|
||||
QSslSocketPtr socket = newSocket();
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 993);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::imapServerName(), 993);
|
||||
socket->ignoreSslErrors();
|
||||
socket->write("XXXX LOGOUT\r\n");
|
||||
QAbstractSocket::SocketState state = socket->state();
|
||||
@ -2300,7 +2343,7 @@ void tst_QSslSocket::disconnectFromHostWhenConnecting()
|
||||
void tst_QSslSocket::disconnectFromHostWhenConnected()
|
||||
{
|
||||
QSslSocketPtr socket = newSocket();
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 993);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::imapServerName(), 993);
|
||||
socket->ignoreSslErrors();
|
||||
if (!socket->waitForEncrypted(5000))
|
||||
QSKIP("Skipping flaky test - See QTBUG-29941");
|
||||
@ -2387,13 +2430,13 @@ void tst_QSslSocket::resetProxy()
|
||||
// make sure the connection works, and then set a nonsense proxy, and then
|
||||
// make sure it does not work anymore
|
||||
QSslSocket socket;
|
||||
socket.addCaCertificates(testDataDir + "certs/qt-test-server-cacert.pem");
|
||||
socket.addCaCertificates(httpServerCertChainPath());
|
||||
socket.setProxy(goodProxy);
|
||||
socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
QVERIFY2(socket.waitForConnected(10000), qPrintable(socket.errorString()));
|
||||
socket.abort();
|
||||
socket.setProxy(badProxy);
|
||||
socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
QVERIFY(! socket.waitForConnected(10000));
|
||||
|
||||
// don't forget to login
|
||||
@ -2406,13 +2449,13 @@ void tst_QSslSocket::resetProxy()
|
||||
// set the nonsense proxy and make sure the connection does not work,
|
||||
// and then set the right proxy and make sure it works
|
||||
QSslSocket socket2;
|
||||
socket2.addCaCertificates(testDataDir + "certs/qt-test-server-cacert.pem");
|
||||
socket2.addCaCertificates(httpServerCertChainPath());
|
||||
socket2.setProxy(badProxy);
|
||||
socket2.connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket2.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
QVERIFY(! socket2.waitForConnected(10000));
|
||||
socket2.abort();
|
||||
socket2.setProxy(goodProxy);
|
||||
socket2.connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket2.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
QVERIFY2(socket2.waitForConnected(10000), qPrintable(socket.errorString()));
|
||||
#endif // QT_NO_NETWORKPROXY
|
||||
}
|
||||
@ -2425,7 +2468,7 @@ void tst_QSslSocket::ignoreSslErrorsList_data()
|
||||
// construct the list of errors that we will get with the SSL handshake and that we will ignore
|
||||
QList<QSslError> expectedSslErrors;
|
||||
// fromPath gives us a list of certs, but it actually only contains one
|
||||
QList<QSslCertificate> certs = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem");
|
||||
QList<QSslCertificate> certs = QSslCertificate::fromPath(httpServerCertChainPath());
|
||||
QSslError rightError(FLUKE_CERTIFICATE_ERROR, certs.at(0));
|
||||
QSslError wrongError(FLUKE_CERTIFICATE_ERROR);
|
||||
|
||||
@ -2456,7 +2499,7 @@ void tst_QSslSocket::ignoreSslErrorsList()
|
||||
QFETCH(int, expectedSslErrorSignalCount);
|
||||
QSignalSpy sslErrorsSpy(&socket, SIGNAL(error(QAbstractSocket::SocketError)));
|
||||
|
||||
socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
|
||||
bool expectEncryptionSuccess = (expectedSslErrorSignalCount == 0);
|
||||
if (socket.waitForEncrypted(10000) != expectEncryptionSuccess)
|
||||
@ -2487,7 +2530,7 @@ void tst_QSslSocket::ignoreSslErrorsListWithSlot()
|
||||
this, SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)));
|
||||
connect(&socket, SIGNAL(sslErrors(QList<QSslError>)),
|
||||
this, SLOT(ignoreErrorListSlot(QList<QSslError>)));
|
||||
socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
|
||||
QFETCH(int, expectedSslErrorSignalCount);
|
||||
bool expectEncryptionSuccess = (expectedSslErrorSignalCount == 0);
|
||||
@ -2529,14 +2572,14 @@ void tst_QSslSocket::readFromClosedSocket()
|
||||
socket->setProtocol(QSsl::SslProtocol::TlsV1_1);
|
||||
#endif
|
||||
socket->ignoreSslErrors();
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
socket->ignoreSslErrors();
|
||||
socket->waitForConnected();
|
||||
socket->waitForEncrypted();
|
||||
// provoke a response by sending a request
|
||||
socket->write("GET /qtest/fluke.gif HTTP/1.1\n");
|
||||
socket->write("Host: ");
|
||||
socket->write(QtNetworkSettings::serverName().toLocal8Bit().constData());
|
||||
socket->write(QtNetworkSettings::httpServerName().toLocal8Bit().constData());
|
||||
socket->write("\n");
|
||||
socket->write("\n");
|
||||
socket->waitForBytesWritten();
|
||||
@ -2560,7 +2603,7 @@ void tst_QSslSocket::writeBigChunk()
|
||||
this->socket = socket.data();
|
||||
|
||||
connect(this->socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot()));
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
|
||||
QByteArray data;
|
||||
data.resize(1024*1024*10); // 10 MB
|
||||
@ -2719,7 +2762,9 @@ void tst_QSslSocket::resume_data()
|
||||
QTest::newRow("DoNotIgnoreErrors") << false << QList<QSslError>() << false;
|
||||
QTest::newRow("ignoreAllErrors") << true << QList<QSslError>() << true;
|
||||
|
||||
QList<QSslCertificate> certs = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem");
|
||||
// Note, httpServerCertChainPath() it's ... because we use the same certificate on
|
||||
// different services. We'll be actually connecting to IMAP server.
|
||||
QList<QSslCertificate> certs = QSslCertificate::fromPath(httpServerCertChainPath());
|
||||
QSslError rightError(FLUKE_CERTIFICATE_ERROR, certs.at(0));
|
||||
QSslError wrongError(FLUKE_CERTIFICATE_ERROR);
|
||||
errorsList.append(wrongError);
|
||||
@ -2752,7 +2797,7 @@ void tst_QSslSocket::resume()
|
||||
this, SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)));
|
||||
connect(&socket, SIGNAL(error(QAbstractSocket::SocketError)), &QTestEventLoop::instance(), SLOT(exitLoop()));
|
||||
|
||||
socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 993);
|
||||
socket.connectToHostEncrypted(QtNetworkSettings::imapServerName(), 993);
|
||||
QTestEventLoop::instance().enterLoop(10);
|
||||
QFETCH_GLOBAL(bool, setProxy);
|
||||
if (setProxy && QTestEventLoop::instance().timeout())
|
||||
@ -3418,7 +3463,7 @@ void tst_QSslSocket::setEmptyDefaultConfiguration() // this test should be last,
|
||||
socket = client.data();
|
||||
|
||||
connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot()));
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
|
||||
socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
QFETCH_GLOBAL(bool, setProxy);
|
||||
if (setProxy && socket->waitForEncrypted(4000))
|
||||
QSKIP("Skipping flaky test - See QTBUG-29941");
|
||||
@ -4127,7 +4172,7 @@ void tst_QSslSocket::forwardReadChannelFinished()
|
||||
});
|
||||
connect(&socket, &QSslSocket::readChannelFinished,
|
||||
&QTestEventLoop::instance(), &QTestEventLoop::exitLoop);
|
||||
socket.connectToHostEncrypted(QtNetworkSettings::serverLocalName(), 443);
|
||||
socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443);
|
||||
enterLoop(10);
|
||||
QVERIFY(readChannelFinishedSpy.count());
|
||||
}
|
||||
|
||||
@ -31,4 +31,10 @@
|
||||
|
||||
set -ex
|
||||
|
||||
service cyrus-imapd start
|
||||
echo "tls_cert_file: /home/qt-test-server/ssl-certs/qt-test-server-cert.pem" >> /etc/imapd.conf
|
||||
echo "tls_key_file: /home/qt-test-server/ssl-certs/private/qt-test-server-key.pem" >> /etc/imapd.conf
|
||||
chmod +3 /home/qt-test-server/ssl-certs/private/
|
||||
mkdir -m 007 -p /run/cyrus/proc
|
||||
sed -i 's/#imaps\t\tcmd="imapd/imaps\t\tcmd="imapd/' /etc/cyrus.conf
|
||||
|
||||
service cyrus-imapd restart
|
||||
|
||||
@ -34,6 +34,7 @@ services:
|
||||
- cyrus:cyrus.${TEST_DOMAIN}
|
||||
- iptables:iptables.${TEST_DOMAIN}
|
||||
- vsftpd:vsftpd.${TEST_DOMAIN}
|
||||
- echo:echo.${TEST_DOMAIN}
|
||||
volumes:
|
||||
- ./common:/common:ro
|
||||
- ./squid:/service:ro
|
||||
@ -96,7 +97,7 @@ services:
|
||||
- ./common:/common:ro
|
||||
- ./cyrus:/service:ro
|
||||
entrypoint: common/startup.sh
|
||||
command: service/cyrus.sh
|
||||
command: [common/ssl.sh, service/cyrus.sh]
|
||||
|
||||
iptables:
|
||||
image: qt-test-server-iptables:cb7a8bd6d28602085a88c8ced7d67e28e75781e2
|
||||
|
||||
@ -2,5 +2,6 @@
|
||||
|
||||
# Disabled by default, enable it.
|
||||
sed -i 's/disable\t\t= yes/disable = no/' /etc/xinetd.d/echo
|
||||
sed -i 's/disable\t\t= yes/disable = no/' /etc/xinetd.d/daytime
|
||||
|
||||
service xinetd restart
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user