1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add information about unsupported SSL protocol when creating context.

Browse Source 
When creating SSL context failed due to unsupported protocol being
demanded, no explanation was given. It's because
QSslContext::fromConfiguration() extracted explanation for error message
from OpenSSL, which at that point hasn't even been called yet. This
patch adds explicit message informing that an unsupported protocol was
chosen.

Task-number: QTBUG-41775
Change-Id: I9d2710da4ba314a16837a90afcdc5d9256179bef
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
This commit is contained in:
Mikołaj Siedlarek 2014-10-04 11:44:18 +02:00
parent 9ddf2fb376
commit 8fc34e42a8
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/network/ssl/qsslcontext_openssl.cpp
View File

@ -124,13 +124,16 @@ QSslContext* QSslContext::fromConfiguration(QSslSocket::SslMode mode, const QSsl
bool client = (mode == QSslSocket::SslClientMode); bool client = (mode == QSslSocket::SslClientMode);
bool reinitialized = false; bool reinitialized = false;
bool unsupportedProtocol = false;
init_context: init_context:
switch (sslContext->sslConfiguration.protocol()) { switch (sslContext->sslConfiguration.protocol()) {
case QSsl::SslV2: case QSsl::SslV2:
#ifndef OPENSSL_NO_SSL2 #ifndef OPENSSL_NO_SSL2
sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method());
#else #else
sslContext->ctx = 0; // SSL 2 not supported by the system, but chosen deliberately -> error // SSL 2 not supported by the system, but chosen deliberately -> error
sslContext->ctx = 0;
unsupportedProtocol = true;
#endif #endif
break; break;
case QSsl::SslV3: case QSsl::SslV3:
@ -149,14 +152,18 @@ init_context:
#if OPENSSL_VERSION_NUMBER >= 0x10001000L #if OPENSSL_VERSION_NUMBER >= 0x10001000L
sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method());
#else #else
sslContext->ctx = 0; // TLS 1.1 not supported by the system, but chosen deliberately -> error // TLS 1.1 not supported by the system, but chosen deliberately -> error
sslContext->ctx = 0;
unsupportedProtocol = true;
#endif #endif
break; break;
case QSsl::TlsV1_2: case QSsl::TlsV1_2:
#if OPENSSL_VERSION_NUMBER >= 0x10001000L #if OPENSSL_VERSION_NUMBER >= 0x10001000L
sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method());
#else #else
sslContext->ctx = 0; // TLS 1.2 not supported by the system, but chosen deliberately -> error // TLS 1.2 not supported by the system, but chosen deliberately -> error
sslContext->ctx = 0;
unsupportedProtocol = true;
#endif #endif
break; break;
} }
@ -169,7 +176,9 @@ init_context:
goto init_context; goto init_context;
} }
sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg(
unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl()
);
sslContext->errorCode = QSslError::UnspecifiedError; sslContext->errorCode = QSslError::UnspecifiedError;
return sslContext; return sslContext;
} }