From: Peter Hartmann Date: Mon, 14 Nov 2011 11:33:55 +0000 (+0100) Subject: SSL namespace: rename TlsV1 to TlsV1_0 X-Git-Tag: qt-v5.0.0-alpha1~2703 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4dc390e66fefc850cf84292549285a359e2ad8e6;p=profile%2Fivi%2Fqtbase.git SSL namespace: rename TlsV1 to TlsV1_0 This is a source-incompatible change. TlsV1 is ambiguous; what is actually meant is TLS version 1.0. There are also TLS versions 1.1 and 1.2; we might want to add options for these once OpenSSL supports them (apparently they will be with OpenSSL version 1.0.1). Change-Id: I940d020b181b5fa528788ef0c3c47e8ef873796a Reviewed-by: Lars Knoll --- diff --git a/dist/changes-5.0.0 b/dist/changes-5.0.0 index da1e092..a43cbd9 100644 --- a/dist/changes-5.0.0 +++ b/dist/changes-5.0.0 @@ -60,6 +60,8 @@ information about a particular change. only the current data row of a data-driven test function. Every skipped data row is now reported in the test log. +- The QSsl::TlsV1 enum value was renamed to QSsl::TlsV1_0 . + **************************************************************************** * General * **************************************************************************** diff --git a/doc/src/snippets/code/src_network_ssl_qsslconfiguration.cpp b/doc/src/snippets/code/src_network_ssl_qsslconfiguration.cpp index 7e078d3..96fe1af 100644 --- a/doc/src/snippets/code/src_network_ssl_qsslconfiguration.cpp +++ b/doc/src/snippets/code/src_network_ssl_qsslconfiguration.cpp @@ -40,6 +40,6 @@ //! [0] QSslConfiguration config = sslSocket.sslConfiguration(); -config.setProtocol(QSsl::TlsV1); +config.setProtocol(QSsl::TlsV1_0); sslSocket.setSslConfiguration(config); //! [0] diff --git a/src/network/access/qnetworkrequest.cpp b/src/network/access/qnetworkrequest.cpp index 21b1d84..608aaa5 100644 --- a/src/network/access/qnetworkrequest.cpp +++ b/src/network/access/qnetworkrequest.cpp @@ -543,7 +543,7 @@ QSslConfiguration QNetworkRequest::sslConfiguration() const /*! Sets this network request's SSL configuration to be \a config. The settings that apply are the private key, the local certificate, - the SSL protocol (SSLv2, SSLv3, TLSv1 where applicable), the CA + the SSL protocol (SSLv2, SSLv3, TLSv1.0 where applicable), the CA certificates and the ciphers that the SSL backend is allowed to use. diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp index be4ca02..d0d7584 100644 --- a/src/network/ssl/qssl.cpp +++ b/src/network/ssl/qssl.cpp @@ -103,13 +103,13 @@ QT_BEGIN_NAMESPACE \value SslV3 SSLv3 \value SslV2 SSLv2 - \value TlsV1 TLSv1 + \value TlsV1_0 TLSv1.0 \value UnknownProtocol The cipher's protocol cannot be determined. - \value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1. This + \value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1.0. This value is used by QSslSocket only. \value TlsV1SslV3 On the client side, this will send - a TLS 1.0 Client Hello, enabling TLSv1 and SSLv3 connections. - On the server side, this will enable both SSLv3 and TLSv1 connections. + a TLS 1.0 Client Hello, enabling TLSv1_0 and SSLv3 connections. + On the server side, this will enable both SSLv3 and TLSv1_0 connections. \value SecureProtocols The default option, using protocols known to be secure; currently behaves like TlsV1SslV3. diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h index e6e4e54..0793a84 100644 --- a/src/network/ssl/qssl.h +++ b/src/network/ssl/qssl.h @@ -81,7 +81,10 @@ namespace QSsl { enum SslProtocol { SslV3, SslV2, - TlsV1, // ### Qt 5: rename to TlsV1_0 or so + TlsV1_0, +#if QT_DEPRECATED_SINCE(5,0) + TlsV1 = TlsV1_0, +#endif AnyProtocol, TlsV1SslV3, SecureProtocols, diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index 727130b..80121ef 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -97,7 +97,7 @@ QT_BEGIN_NAMESPACE change the settings in the related SSL connection. You must call setSslConfiguration on a modified QSslConfiguration object to achieve that. The following example illustrates how to change the - protocol to TLSv1 in a QSslSocket object: + protocol to TLSv1_0 in a QSslSocket object: \snippet doc/src/snippets/code/src_network_ssl_qsslconfiguration.cpp 0 diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index d3795d0..6017e2f 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -56,7 +56,7 @@ QSslSocket establishes a secure, encrypted TCP connection you can use for transmitting encrypted data. It can operate in both client and server mode, and it supports modern SSL protocols, including - SSLv3 and TLSv1. By default, QSslSocket uses TLSv1, but you can + SSLv3 and TLSv1_0. By default, QSslSocket uses TLSv1_0, but you can change the SSL protocol by calling setProtocol() as long as you do it before the handshake has started. diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 817860e..70893af 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -195,7 +195,7 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *ciph else if (protoString == QLatin1String("SSLv2")) ciph.d->protocol = QSsl::SslV2; else if (protoString == QLatin1String("TLSv1")) - ciph.d->protocol = QSsl::TlsV1; + ciph.d->protocol = QSsl::TlsV1_0; if (descriptionList.at(2).startsWith(QLatin1String("Kx="))) ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3); @@ -236,7 +236,7 @@ bool QSslSocketBackendPrivate::initSslContext() { Q_Q(QSslSocket); - // Create and initialize SSL context. Accept SSLv2, SSLv3 and TLSv1. + // Create and initialize SSL context. Accept SSLv2, SSLv3 and TLSv1_0. bool client = (mode == QSslSocket::SslClientMode); bool reinitialized = false; @@ -254,7 +254,7 @@ init_context: default: ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); break; - case QSsl::TlsV1: + case QSsl::TlsV1_0: ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); break; } @@ -430,7 +430,7 @@ init_context: #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) if ((configuration.protocol == QSsl::TlsV1SslV3 || - configuration.protocol == QSsl::TlsV1 || + configuration.protocol == QSsl::TlsV1_0 || configuration.protocol == QSsl::SecureProtocols || configuration.protocol == QSsl::AnyProtocol) && client && q_SSLeay() >= 0x00090806fL) { diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 9300579..d9ea400 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -823,18 +823,18 @@ void tst_QSslSocket::protocol() } { // Fluke allows TLSV1. - socket->setProtocol(QSsl::TlsV1); - QCOMPARE(socket->protocol(), QSsl::TlsV1); + socket->setProtocol(QSsl::TlsV1_0); + QCOMPARE(socket->protocol(), QSsl::TlsV1_0); socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); QVERIFY2(socket->waitForEncrypted(), qPrintable(socket->errorString())); - QCOMPARE(socket->protocol(), QSsl::TlsV1); + QCOMPARE(socket->protocol(), QSsl::TlsV1_0); socket->abort(); - QCOMPARE(socket->protocol(), QSsl::TlsV1); + QCOMPARE(socket->protocol(), QSsl::TlsV1_0); socket->connectToHost(QtNetworkSettings::serverName(), 443); QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); QVERIFY2(socket->waitForEncrypted(), qPrintable(socket->errorString())); - QCOMPARE(socket->protocol(), QSsl::TlsV1); + QCOMPARE(socket->protocol(), QSsl::TlsV1_0); socket->abort(); } { @@ -892,7 +892,7 @@ class SslServer : public QTcpServer public: SslServer(const QString &keyFile = SRCDIR "certs/fluke.key", const QString &certFile = SRCDIR "certs/fluke.cert") : socket(0), - protocol(QSsl::TlsV1), + protocol(QSsl::TlsV1_0), m_keyFile(keyFile), m_certFile(certFile) { } QSslSocket *socket; @@ -943,46 +943,46 @@ void tst_QSslSocket::protocolServerSide_data() QTest::newRow("ssl2-ssl2") << QSsl::SslV2 << QSsl::SslV2 << false; // no idea why it does not work, but we don't care about SSL 2 QTest::newRow("ssl3-ssl3") << QSsl::SslV3 << QSsl::SslV3 << true; - QTest::newRow("tls1-tls1") << QSsl::TlsV1 << QSsl::TlsV1 << true; + QTest::newRow("tls1.0-tls1.0") << QSsl::TlsV1_0 << QSsl::TlsV1_0 << true; QTest::newRow("tls1ssl3-tls1ssl3") << QSsl::TlsV1SslV3 << QSsl::TlsV1SslV3 << true; QTest::newRow("any-any") << QSsl::AnyProtocol << QSsl::AnyProtocol << true; QTest::newRow("secure-secure") << QSsl::SecureProtocols << QSsl::SecureProtocols << true; QTest::newRow("ssl2-ssl3") << QSsl::SslV2 << QSsl::SslV3 << false; - QTest::newRow("ssl2-tls1") << QSsl::SslV2 << QSsl::TlsV1 << false; + QTest::newRow("ssl2-tls1.0") << QSsl::SslV2 << QSsl::TlsV1_0 << false; QTest::newRow("ssl2-tls1ssl3") << QSsl::SslV2 << QSsl::TlsV1SslV3 << false; QTest::newRow("ssl2-secure") << QSsl::SslV2 << QSsl::SecureProtocols << false; QTest::newRow("ssl2-any") << QSsl::SslV2 << QSsl::AnyProtocol << false; // no idea why it does not work, but we don't care about SSL 2 QTest::newRow("ssl3-ssl2") << QSsl::SslV3 << QSsl::SslV2 << false; - QTest::newRow("ssl3-tls1") << QSsl::SslV3 << QSsl::TlsV1 << false; + QTest::newRow("ssl3-tls1.0") << QSsl::SslV3 << QSsl::TlsV1_0 << false; QTest::newRow("ssl3-tls1ssl3") << QSsl::SslV3 << QSsl::TlsV1SslV3 << true; QTest::newRow("ssl3-secure") << QSsl::SslV3 << QSsl::SecureProtocols << true; QTest::newRow("ssl3-any") << QSsl::SslV3 << QSsl::AnyProtocol << false; // we wont set a SNI header here because we connect to a // numerical IP, so OpenSSL will send a SSL 2 handshake - QTest::newRow("tls1-ssl2") << QSsl::TlsV1 << QSsl::SslV2 << false; - QTest::newRow("tls1-ssl3") << QSsl::TlsV1 << QSsl::SslV3 << false; - QTest::newRow("tls1-tls1ssl3") << QSsl::TlsV1 << QSsl::TlsV1SslV3 << true; - QTest::newRow("tls1-secure") << QSsl::TlsV1 << QSsl::SecureProtocols << true; - QTest::newRow("tls1-any") << QSsl::TlsV1 << QSsl::AnyProtocol << false; // we wont set a SNI header here because we connect to a + QTest::newRow("tls1.0-ssl2") << QSsl::TlsV1_0 << QSsl::SslV2 << false; + QTest::newRow("tls1.0-ssl3") << QSsl::TlsV1_0 << QSsl::SslV3 << false; + QTest::newRow("tls1-tls1ssl3") << QSsl::TlsV1_0 << QSsl::TlsV1SslV3 << true; + QTest::newRow("tls1.0-secure") << QSsl::TlsV1_0 << QSsl::SecureProtocols << true; + QTest::newRow("tls1.0-any") << QSsl::TlsV1_0 << QSsl::AnyProtocol << false; // we wont set a SNI header here because we connect to a // numerical IP, so OpenSSL will send a SSL 2 handshake QTest::newRow("tls1ssl3-ssl2") << QSsl::TlsV1SslV3 << QSsl::SslV2 << false; QTest::newRow("tls1ssl3-ssl3") << QSsl::TlsV1SslV3 << QSsl::SslV3 << true; - QTest::newRow("tls1ssl3-tls1") << QSsl::TlsV1SslV3 << QSsl::TlsV1 << true; + QTest::newRow("tls1ssl3-tls1.0") << QSsl::TlsV1SslV3 << QSsl::TlsV1_0 << true; QTest::newRow("tls1ssl3-secure") << QSsl::TlsV1SslV3 << QSsl::SecureProtocols << true; QTest::newRow("tls1ssl3-any") << QSsl::TlsV1SslV3 << QSsl::AnyProtocol << true; QTest::newRow("secure-ssl2") << QSsl::SecureProtocols << QSsl::SslV2 << false; QTest::newRow("secure-ssl3") << QSsl::SecureProtocols << QSsl::SslV3 << true; - QTest::newRow("secure-tls1") << QSsl::SecureProtocols << QSsl::TlsV1 << true; + QTest::newRow("secure-tls1.0") << QSsl::SecureProtocols << QSsl::TlsV1_0 << true; QTest::newRow("secure-tls1ssl3") << QSsl::SecureProtocols << QSsl::TlsV1SslV3 << true; QTest::newRow("secure-any") << QSsl::SecureProtocols << QSsl::AnyProtocol << true; QTest::newRow("any-ssl2") << QSsl::AnyProtocol << QSsl::SslV2 << false; // no idea why it does not work, but we don't care about SSL 2 QTest::newRow("any-ssl3") << QSsl::AnyProtocol << QSsl::SslV3 << true; - QTest::newRow("any-tls1") << QSsl::AnyProtocol << QSsl::TlsV1 << true; + QTest::newRow("any-tls1.0") << QSsl::AnyProtocol << QSsl::TlsV1_0 << true; QTest::newRow("any-tls1ssl3") << QSsl::AnyProtocol << QSsl::TlsV1SslV3 << true; QTest::newRow("any-secure") << QSsl::AnyProtocol << QSsl::SecureProtocols << true; } diff --git a/tests/manual/network_remote_stresstest/tst_network_remote_stresstest.cpp b/tests/manual/network_remote_stresstest/tst_network_remote_stresstest.cpp index 59a8e9e..77589d3 100644 --- a/tests/manual/network_remote_stresstest/tst_network_remote_stresstest.cpp +++ b/tests/manual/network_remote_stresstest/tst_network_remote_stresstest.cpp @@ -253,7 +253,7 @@ void tst_NetworkRemoteStressTest::blockingSequentialRemoteHosts() QVERIFY2(socket->waitForConnected(10000), "Timeout connecting to " + url.encodedHost()); if (isHttps) { - static_cast(socket.data())->setProtocol(QSsl::TlsV1); + static_cast(socket.data())->setProtocol(QSsl::TlsV1_0); static_cast(socket.data())->startClientEncryption(); static_cast(socket.data())->ignoreSslErrors(); QVERIFY2(static_cast(socket.data())->waitForEncrypted(10000), "Timeout starting TLS with " + url.encodedHost()); @@ -306,7 +306,7 @@ void tst_NetworkRemoteStressTest::sequentialRemoteHosts() socket = QSharedPointer(new QTcpSocket); } if (isHttps) { - static_cast(socket.data())->setProtocol(QSsl::TlsV1); + static_cast(socket.data())->setProtocol(QSsl::TlsV1_0); static_cast(socket.data())->connectToHostEncrypted(url.host(), url.port(443)); static_cast(socket.data())->ignoreSslErrors(); } else { @@ -377,7 +377,7 @@ void tst_NetworkRemoteStressTest::parallelRemoteHosts() else socket = new QTcpSocket; if (isHttps) { - static_cast(socket)->setProtocol(QSsl::TlsV1); + static_cast(socket)->setProtocol(QSsl::TlsV1_0); static_cast(socket)->connectToHostEncrypted(url.host(), url.port(443)); static_cast(socket)->ignoreSslErrors(); } else {