1 | /**************************************************************************** |
2 | ** |
3 | ** Copyright (C) 2016 The Qt Company Ltd. |
4 | ** Contact: https://www.qt.io/licensing/ |
5 | ** |
6 | ** This file is part of the QtNetwork module of the Qt Toolkit. |
7 | ** |
8 | ** $QT_BEGIN_LICENSE:LGPL$ |
9 | ** Commercial License Usage |
10 | ** Licensees holding valid commercial Qt licenses may use this file in |
11 | ** accordance with the commercial license agreement provided with the |
12 | ** Software or, alternatively, in accordance with the terms contained in |
13 | ** a written agreement between you and The Qt Company. For licensing terms |
14 | ** and conditions see https://www.qt.io/terms-conditions. For further |
15 | ** information use the contact form at https://www.qt.io/contact-us. |
16 | ** |
17 | ** GNU Lesser General Public License Usage |
18 | ** Alternatively, this file may be used under the terms of the GNU Lesser |
19 | ** General Public License version 3 as published by the Free Software |
20 | ** Foundation and appearing in the file LICENSE.LGPL3 included in the |
21 | ** packaging of this file. Please review the following information to |
22 | ** ensure the GNU Lesser General Public License version 3 requirements |
23 | ** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. |
24 | ** |
25 | ** GNU General Public License Usage |
26 | ** Alternatively, this file may be used under the terms of the GNU |
27 | ** General Public License version 2.0 or (at your option) the GNU General |
28 | ** Public license version 3 or any later version approved by the KDE Free |
29 | ** Qt Foundation. The licenses are as published by the Free Software |
30 | ** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 |
31 | ** included in the packaging of this file. Please review the following |
32 | ** information to ensure the GNU General Public License requirements will |
33 | ** be met: https://www.gnu.org/licenses/gpl-2.0.html and |
34 | ** https://www.gnu.org/licenses/gpl-3.0.html. |
35 | ** |
36 | ** $QT_END_LICENSE$ |
37 | ** |
38 | ****************************************************************************/ |
39 | |
40 | |
41 | #include "qsslkey.h" |
42 | #include "qssl_p.h" |
43 | |
44 | QT_BEGIN_NAMESPACE |
45 | |
46 | Q_LOGGING_CATEGORY(lcSsl, "qt.network.ssl" ); |
47 | |
48 | /*! \namespace QSsl |
49 | |
50 | \brief The QSsl namespace declares enums common to all SSL classes in Qt Network. |
51 | \since 4.3 |
52 | |
53 | \ingroup network |
54 | \ingroup ssl |
55 | \inmodule QtNetwork |
56 | */ |
57 | |
58 | /*! |
59 | \enum QSsl::KeyType |
60 | |
61 | Describes the two types of keys QSslKey supports. |
62 | |
63 | \value PrivateKey A private key. |
64 | \value PublicKey A public key. |
65 | */ |
66 | |
67 | /*! |
68 | \enum QSsl::KeyAlgorithm |
69 | |
70 | Describes the different key algorithms supported by QSslKey. |
71 | |
72 | \value Rsa The RSA algorithm. |
73 | \value Dsa The DSA algorithm. |
74 | \value Ec The Elliptic Curve algorithm. |
75 | \value Dh The Diffie-Hellman algorithm. |
76 | \value Opaque A key that should be treated as a 'black box' by QSslKey. |
77 | |
78 | The opaque key facility allows applications to add support for facilities |
79 | such as PKCS#11 that Qt does not currently offer natively. |
80 | */ |
81 | |
82 | /*! |
83 | \enum QSsl::EncodingFormat |
84 | |
85 | Describes supported encoding formats for certificates and keys. |
86 | |
87 | \value Pem The PEM format. |
88 | \value Der The DER format. |
89 | */ |
90 | |
91 | /*! |
92 | \enum QSsl::AlternativeNameEntryType |
93 | |
94 | Describes the key types for alternative name entries in QSslCertificate. |
95 | |
96 | \value EmailEntry An email entry; the entry contains an email address that |
97 | the certificate is valid for. |
98 | |
99 | \value DnsEntry A DNS host name entry; the entry contains a host name |
100 | entry that the certificate is valid for. The entry may contain wildcards. |
101 | |
102 | \value IpAddressEntry An IP address entry; the entry contains an IP address |
103 | entry that the certificate is valid for, introduced in Qt 5.13. |
104 | |
105 | \note In Qt 4, this enum was called \c {AlternateNameEntryType}. That name |
106 | is deprecated in Qt 5. |
107 | |
108 | \sa QSslCertificate::subjectAlternativeNames() |
109 | */ |
110 | |
111 | /*! |
112 | \typedef QSsl::AlternateNameEntryType |
113 | \obsolete |
114 | |
115 | Use QSsl::AlternativeNameEntryType instead. |
116 | */ |
117 | |
118 | /*! |
119 | \enum QSsl::SslProtocol |
120 | |
121 | Describes the protocol of the cipher. |
122 | |
123 | \value SslV3 SSLv3; not supported by QSslSocket. |
124 | \value SslV2 SSLv2; not supported by QSslSocket. |
125 | \value TlsV1_0 TLSv1.0 |
126 | \value TlsV1_0OrLater TLSv1.0 and later versions. This option is not available when using the WinRT backend due to platform limitations. |
127 | \value TlsV1 Obsolete, means the same as TlsV1_0 |
128 | \value TlsV1_1 TLSv1.1. When using the WinRT backend this option will also enable TLSv1.0. |
129 | \value TlsV1_1OrLater TLSv1.1 and later versions. This option is not available when using the WinRT backend due to platform limitations. |
130 | \value TlsV1_2 TLSv1.2. When using the WinRT backend this option will also enable TLSv1.0 and TLSv1.1. |
131 | \value TlsV1_2OrLater TLSv1.2 and later versions. This option is not available when using the WinRT backend due to platform limitations. |
132 | \value DtlsV1_0 DTLSv1.0 |
133 | \value DtlsV1_0OrLater DTLSv1.0 and later versions. |
134 | \value DtlsV1_2 DTLSv1.2 |
135 | \value DtlsV1_2OrLater DTLSv1.2 and later versions. |
136 | \value TlsV1_3 TLSv1.3. (Since Qt 5.12) |
137 | \value TlsV1_3OrLater TLSv1.3 and later versions. (Since Qt 5.12) |
138 | \value UnknownProtocol The cipher's protocol cannot be determined. |
139 | \value AnyProtocol Any supported protocol. This value is used by QSslSocket only. |
140 | \value TlsV1SslV3 Same as TlsV1_0. This enumerator is deprecated, use TlsV1_0 instead. |
141 | \value SecureProtocols The default option, using protocols known to be secure. |
142 | */ |
143 | |
144 | /*! |
145 | \enum QSsl::SslOption |
146 | |
147 | Describes the options that can be used to control the details of |
148 | SSL behaviour. These options are generally used to turn features off |
149 | to work around buggy servers. |
150 | |
151 | \value SslOptionDisableEmptyFragments Disables the insertion of empty |
152 | fragments into the data when using block ciphers. When enabled, this |
153 | prevents some attacks (such as the BEAST attack), however it is |
154 | incompatible with some servers. |
155 | \value SslOptionDisableSessionTickets Disables the SSL session ticket |
156 | extension. This can cause slower connection setup, however some servers |
157 | are not compatible with the extension. |
158 | \value SslOptionDisableCompression Disables the SSL compression |
159 | extension. When enabled, this allows the data being passed over SSL to |
160 | be compressed, however some servers are not compatible with this |
161 | extension. |
162 | \value SslOptionDisableServerNameIndication Disables the SSL server |
163 | name indication extension. When enabled, this tells the server the virtual |
164 | host being accessed allowing it to respond with the correct certificate. |
165 | \value SslOptionDisableLegacyRenegotiation Disables the older insecure |
166 | mechanism for renegotiating the connection parameters. When enabled, this |
167 | option can allow connections for legacy servers, but it introduces the |
168 | possibility that an attacker could inject plaintext into the SSL session. |
169 | \value SslOptionDisableSessionSharing Disables SSL session sharing via |
170 | the session ID handshake attribute. |
171 | \value SslOptionDisableSessionPersistence Disables storing the SSL session |
172 | in ASN.1 format as returned by QSslConfiguration::sessionTicket(). Enabling |
173 | this feature adds memory overhead of approximately 1K per used session |
174 | ticket. |
175 | \value SslOptionDisableServerCipherPreference Disables selecting the cipher |
176 | chosen based on the servers preferences rather than the order ciphers were |
177 | sent by the client. This option is only relevant to server sockets, and is |
178 | only honored by the OpenSSL backend. |
179 | |
180 | By default, SslOptionDisableEmptyFragments is turned on since this causes |
181 | problems with a large number of servers. SslOptionDisableLegacyRenegotiation |
182 | is also turned on, since it introduces a security risk. |
183 | SslOptionDisableCompression is turned on to prevent the attack publicised by |
184 | CRIME. |
185 | SslOptionDisableSessionPersistence is turned on to optimize memory usage. |
186 | The other options are turned off. |
187 | |
188 | \note Availability of above options depends on the version of the SSL |
189 | backend in use. |
190 | */ |
191 | |
192 | |
193 | QT_END_NAMESPACE |
194 | |