1 | /**************************************************************************** |
2 | ** |
3 | ** Copyright (C) 2016 The Qt Company Ltd. |
4 | ** Copyright (C) 2014 BlackBerry Limited. All rights reserved. |
5 | ** Contact: https://www.qt.io/licensing/ |
6 | ** |
7 | ** This file is part of the QtNetwork module of the Qt Toolkit. |
8 | ** |
9 | ** $QT_BEGIN_LICENSE:LGPL$ |
10 | ** Commercial License Usage |
11 | ** Licensees holding valid commercial Qt licenses may use this file in |
12 | ** accordance with the commercial license agreement provided with the |
13 | ** Software or, alternatively, in accordance with the terms contained in |
14 | ** a written agreement between you and The Qt Company. For licensing terms |
15 | ** and conditions see https://www.qt.io/terms-conditions. For further |
16 | ** information use the contact form at https://www.qt.io/contact-us. |
17 | ** |
18 | ** GNU Lesser General Public License Usage |
19 | ** Alternatively, this file may be used under the terms of the GNU Lesser |
20 | ** General Public License version 3 as published by the Free Software |
21 | ** Foundation and appearing in the file LICENSE.LGPL3 included in the |
22 | ** packaging of this file. Please review the following information to |
23 | ** ensure the GNU Lesser General Public License version 3 requirements |
24 | ** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. |
25 | ** |
26 | ** GNU General Public License Usage |
27 | ** Alternatively, this file may be used under the terms of the GNU |
28 | ** General Public License version 2.0 or (at your option) the GNU General |
29 | ** Public license version 3 or any later version approved by the KDE Free |
30 | ** Qt Foundation. The licenses are as published by the Free Software |
31 | ** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 |
32 | ** included in the packaging of this file. Please review the following |
33 | ** information to ensure the GNU General Public License requirements will |
34 | ** be met: https://www.gnu.org/licenses/gpl-2.0.html and |
35 | ** https://www.gnu.org/licenses/gpl-3.0.html. |
36 | ** |
37 | ** $QT_END_LICENSE$ |
38 | ** |
39 | ****************************************************************************/ |
40 | |
41 | #include "qssl_p.h" |
42 | #include "qsslconfiguration.h" |
43 | #include "qsslconfiguration_p.h" |
44 | #include "qsslsocket.h" |
45 | #include "qsslsocket_p.h" |
46 | #include "qmutex.h" |
47 | #include "qdebug.h" |
48 | |
49 | QT_BEGIN_NAMESPACE |
50 | |
51 | const QSsl::SslOptions QSslConfigurationPrivate::defaultSslOptions = QSsl::SslOptionDisableEmptyFragments |
52 | |QSsl::SslOptionDisableLegacyRenegotiation |
53 | |QSsl::SslOptionDisableCompression |
54 | |QSsl::SslOptionDisableSessionPersistence; |
55 | |
56 | const char QSslConfiguration::ALPNProtocolHTTP2[] = "h2" ; |
57 | const char QSslConfiguration::NextProtocolSpdy3_0[] = "spdy/3" ; |
58 | const char QSslConfiguration::NextProtocolHttp1_1[] = "http/1.1" ; |
59 | |
60 | /*! |
61 | \class QSslConfiguration |
62 | \brief The QSslConfiguration class holds the configuration and state of an SSL connection. |
63 | \since 4.4 |
64 | |
65 | \reentrant |
66 | \inmodule QtNetwork |
67 | \ingroup network |
68 | \ingroup ssl |
69 | \ingroup shared |
70 | |
71 | QSslConfiguration is used by Qt networking classes to relay |
72 | information about an open SSL connection and to allow the |
73 | application to control certain features of that connection. |
74 | |
75 | The settings that QSslConfiguration currently supports are: |
76 | |
77 | \list |
78 | \li The SSL/TLS protocol to be used |
79 | \li The certificate to be presented to the peer during connection |
80 | and its associated private key |
81 | \li The ciphers allowed to be used for encrypting the connection |
82 | \li The list of Certificate Authorities certificates that are |
83 | used to validate the peer's certificate |
84 | \endlist |
85 | |
86 | These settings are applied only during the connection |
87 | handshake. Setting them after the connection has been established |
88 | has no effect. |
89 | |
90 | The state that QSslConfiguration supports are: |
91 | \list |
92 | \li The certificate the peer presented during handshake, along |
93 | with the chain leading to a CA certificate |
94 | \li The cipher used to encrypt this session |
95 | \endlist |
96 | |
97 | The state can only be obtained once the SSL connection starts, but |
98 | not necessarily before it's done. Some settings may change during |
99 | the course of the SSL connection without need to restart it (for |
100 | instance, the cipher can be changed over time). |
101 | |
102 | State in QSslConfiguration objects cannot be changed. |
103 | |
104 | QSslConfiguration can be used with QSslSocket and the Network |
105 | Access API. |
106 | |
107 | Note that changing settings in QSslConfiguration is not enough to |
108 | change the settings in the related SSL connection. You must call |
109 | setSslConfiguration on a modified QSslConfiguration object to |
110 | achieve that. The following example illustrates how to change the |
111 | protocol to TLSv1_0 in a QSslSocket object: |
112 | |
113 | \snippet code/src_network_ssl_qsslconfiguration.cpp 0 |
114 | |
115 | \sa QSsl::SslProtocol, QSslCertificate, QSslCipher, QSslKey, |
116 | QSslSocket, QNetworkAccessManager, |
117 | QSslSocket::sslConfiguration(), QSslSocket::setSslConfiguration() |
118 | */ |
119 | |
120 | /*! |
121 | \enum QSslConfiguration::NextProtocolNegotiationStatus |
122 | |
123 | Describes the status of the Next Protocol Negotiation (NPN) or |
124 | Application-Layer Protocol Negotiation (ALPN). |
125 | |
126 | \value NextProtocolNegotiationNone No application protocol |
127 | has been negotiated (yet). |
128 | |
129 | \value NextProtocolNegotiationNegotiated A next protocol |
130 | has been negotiated (see nextNegotiatedProtocol()). |
131 | |
132 | \value NextProtocolNegotiationUnsupported The client and |
133 | server could not agree on a common next application protocol. |
134 | */ |
135 | |
136 | /*! |
137 | \variable QSslConfiguration::NextProtocolSpdy3_0 |
138 | \brief The value used for negotiating SPDY 3.0 during the Next |
139 | Protocol Negotiation. |
140 | */ |
141 | |
142 | /*! |
143 | \variable QSslConfiguration::NextProtocolHttp1_1 |
144 | \brief The value used for negotiating HTTP 1.1 during the Next |
145 | Protocol Negotiation. |
146 | */ |
147 | |
148 | /*! |
149 | Constructs an empty SSL configuration. This configuration contains |
150 | no valid settings and the state will be empty. isNull() will |
151 | return true after this constructor is called. |
152 | |
153 | Once any setter methods are called, isNull() will return false. |
154 | */ |
155 | QSslConfiguration::QSslConfiguration() |
156 | : d(new QSslConfigurationPrivate) |
157 | { |
158 | } |
159 | |
160 | /*! |
161 | Copies the configuration and state of \a other. If \a other is |
162 | null, this object will be null too. |
163 | */ |
164 | QSslConfiguration::QSslConfiguration(const QSslConfiguration &other) |
165 | : d(other.d) |
166 | { |
167 | } |
168 | |
169 | /*! |
170 | Releases any resources held by QSslConfiguration. |
171 | */ |
172 | QSslConfiguration::~QSslConfiguration() |
173 | { |
174 | // QSharedDataPointer deletes d for us if necessary |
175 | } |
176 | |
177 | /*! |
178 | Copies the configuration and state of \a other. If \a other is |
179 | null, this object will be null too. |
180 | */ |
181 | QSslConfiguration &QSslConfiguration::operator=(const QSslConfiguration &other) |
182 | { |
183 | d = other.d; |
184 | return *this; |
185 | } |
186 | |
187 | /*! |
188 | \fn void QSslConfiguration::swap(QSslConfiguration &other) |
189 | \since 5.0 |
190 | |
191 | Swaps this SSL configuration instance with \a other. This function |
192 | is very fast and never fails. |
193 | */ |
194 | |
195 | /*! |
196 | Returns \c true if this QSslConfiguration object is equal to \a |
197 | other. |
198 | |
199 | Two QSslConfiguration objects are considered equal if they have |
200 | the exact same settings and state. |
201 | |
202 | \sa operator!=() |
203 | */ |
204 | bool QSslConfiguration::operator==(const QSslConfiguration &other) const |
205 | { |
206 | if (d == other.d) |
207 | return true; |
208 | return d->peerCertificate == other.d->peerCertificate && |
209 | d->peerCertificateChain == other.d->peerCertificateChain && |
210 | d->localCertificateChain == other.d->localCertificateChain && |
211 | d->privateKey == other.d->privateKey && |
212 | d->sessionCipher == other.d->sessionCipher && |
213 | d->sessionProtocol == other.d->sessionProtocol && |
214 | d->preSharedKeyIdentityHint == other.d->preSharedKeyIdentityHint && |
215 | d->ciphers == other.d->ciphers && |
216 | d->ellipticCurves == other.d->ellipticCurves && |
217 | d->ephemeralServerKey == other.d->ephemeralServerKey && |
218 | d->dhParams == other.d->dhParams && |
219 | d->caCertificates == other.d->caCertificates && |
220 | d->protocol == other.d->protocol && |
221 | d->peerVerifyMode == other.d->peerVerifyMode && |
222 | d->peerVerifyDepth == other.d->peerVerifyDepth && |
223 | d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading && |
224 | d->backendConfig == other.d->backendConfig && |
225 | d->sslOptions == other.d->sslOptions && |
226 | d->sslSession == other.d->sslSession && |
227 | d->sslSessionTicketLifeTimeHint == other.d->sslSessionTicketLifeTimeHint && |
228 | d->nextAllowedProtocols == other.d->nextAllowedProtocols && |
229 | d->nextNegotiatedProtocol == other.d->nextNegotiatedProtocol && |
230 | d->nextProtocolNegotiationStatus == other.d->nextProtocolNegotiationStatus && |
231 | d->dtlsCookieEnabled == other.d->dtlsCookieEnabled && |
232 | d->ocspStaplingEnabled == other.d->ocspStaplingEnabled; |
233 | } |
234 | |
235 | /*! |
236 | \fn QSslConfiguration::operator!=(const QSslConfiguration &other) const |
237 | |
238 | Returns \c true if this QSslConfiguration differs from \a other. Two |
239 | QSslConfiguration objects are considered different if any state or |
240 | setting is different. |
241 | |
242 | \sa operator==() |
243 | */ |
244 | |
245 | /*! |
246 | Returns \c true if this is a null QSslConfiguration object. |
247 | |
248 | A QSslConfiguration object is null if it has been |
249 | default-constructed and no setter methods have been called. |
250 | |
251 | \sa setProtocol(), setLocalCertificate(), setPrivateKey(), |
252 | setCiphers(), setCaCertificates() |
253 | */ |
254 | bool QSslConfiguration::isNull() const |
255 | { |
256 | return (d->protocol == QSsl::SecureProtocols && |
257 | d->peerVerifyMode == QSslSocket::AutoVerifyPeer && |
258 | d->peerVerifyDepth == 0 && |
259 | d->allowRootCertOnDemandLoading == true && |
260 | d->caCertificates.count() == 0 && |
261 | d->ciphers.count() == 0 && |
262 | d->ellipticCurves.isEmpty() && |
263 | d->ephemeralServerKey.isNull() && |
264 | d->dhParams == QSslDiffieHellmanParameters::defaultParameters() && |
265 | d->localCertificateChain.isEmpty() && |
266 | d->privateKey.isNull() && |
267 | d->peerCertificate.isNull() && |
268 | d->peerCertificateChain.count() == 0 && |
269 | d->backendConfig.isEmpty() && |
270 | d->sslOptions == QSslConfigurationPrivate::defaultSslOptions && |
271 | d->sslSession.isNull() && |
272 | d->sslSessionTicketLifeTimeHint == -1 && |
273 | d->preSharedKeyIdentityHint.isNull() && |
274 | d->nextAllowedProtocols.isEmpty() && |
275 | d->nextNegotiatedProtocol.isNull() && |
276 | d->nextProtocolNegotiationStatus == QSslConfiguration::NextProtocolNegotiationNone && |
277 | d->ocspStaplingEnabled == false); |
278 | } |
279 | |
280 | /*! |
281 | Returns the protocol setting for this SSL configuration. |
282 | |
283 | \sa setProtocol() |
284 | */ |
285 | QSsl::SslProtocol QSslConfiguration::protocol() const |
286 | { |
287 | return d->protocol; |
288 | } |
289 | |
290 | /*! |
291 | Sets the protocol setting for this configuration to be \a |
292 | protocol. |
293 | |
294 | Setting the protocol once the connection has already been |
295 | established has no effect. |
296 | |
297 | \sa protocol() |
298 | */ |
299 | void QSslConfiguration::setProtocol(QSsl::SslProtocol protocol) |
300 | { |
301 | d->protocol = protocol; |
302 | } |
303 | |
304 | /*! |
305 | Returns the verify mode. This mode decides whether QSslSocket should |
306 | request a certificate from the peer (i.e., the client requests a |
307 | certificate from the server, or a server requesting a certificate from the |
308 | client), and whether it should require that this certificate is valid. |
309 | |
310 | The default mode is AutoVerifyPeer, which tells QSslSocket to use |
311 | VerifyPeer for clients, QueryPeer for servers. |
312 | |
313 | \sa setPeerVerifyMode() |
314 | */ |
315 | QSslSocket::PeerVerifyMode QSslConfiguration::peerVerifyMode() const |
316 | { |
317 | return d->peerVerifyMode; |
318 | } |
319 | |
320 | /*! |
321 | Sets the verify mode to \a mode. This mode decides whether QSslSocket |
322 | should request a certificate from the peer (i.e., the client requests a |
323 | certificate from the server, or a server requesting a certificate from the |
324 | client), and whether it should require that this certificate is valid. |
325 | |
326 | The default mode is AutoVerifyPeer, which tells QSslSocket to use |
327 | VerifyPeer for clients, QueryPeer for servers. |
328 | |
329 | \sa peerVerifyMode() |
330 | */ |
331 | void QSslConfiguration::setPeerVerifyMode(QSslSocket::PeerVerifyMode mode) |
332 | { |
333 | d->peerVerifyMode = mode; |
334 | } |
335 | |
336 | |
337 | /*! |
338 | Returns the maximum number of certificates in the peer's certificate chain |
339 | to be checked during the SSL handshake phase, or 0 (the default) if no |
340 | maximum depth has been set, indicating that the whole certificate chain |
341 | should be checked. |
342 | |
343 | The certificates are checked in issuing order, starting with the peer's |
344 | own certificate, then its issuer's certificate, and so on. |
345 | |
346 | \sa setPeerVerifyDepth(), peerVerifyMode() |
347 | */ |
348 | int QSslConfiguration::peerVerifyDepth() const |
349 | { |
350 | return d->peerVerifyDepth; |
351 | } |
352 | |
353 | /*! |
354 | Sets the maximum number of certificates in the peer's certificate chain to |
355 | be checked during the SSL handshake phase, to \a depth. Setting a depth of |
356 | 0 means that no maximum depth is set, indicating that the whole |
357 | certificate chain should be checked. |
358 | |
359 | The certificates are checked in issuing order, starting with the peer's |
360 | own certificate, then its issuer's certificate, and so on. |
361 | |
362 | \sa peerVerifyDepth(), setPeerVerifyMode() |
363 | */ |
364 | void QSslConfiguration::setPeerVerifyDepth(int depth) |
365 | { |
366 | if (depth < 0) { |
367 | qCWarning(lcSsl, |
368 | "QSslConfiguration::setPeerVerifyDepth: cannot set negative depth of %d" , depth); |
369 | return; |
370 | } |
371 | d->peerVerifyDepth = depth; |
372 | } |
373 | |
374 | /*! |
375 | Returns the certificate chain to be presented to the peer during |
376 | the SSL handshake process. |
377 | |
378 | \sa localCertificate() |
379 | \since 5.1 |
380 | */ |
381 | QList<QSslCertificate> QSslConfiguration::localCertificateChain() const |
382 | { |
383 | return d->localCertificateChain; |
384 | } |
385 | |
386 | /*! |
387 | Sets the certificate chain to be presented to the peer during the |
388 | SSL handshake to be \a localChain. |
389 | |
390 | Setting the certificate chain once the connection has been |
391 | established has no effect. |
392 | |
393 | A certificate is the means of identification used in the SSL |
394 | process. The local certificate is used by the remote end to verify |
395 | the local user's identity against its list of Certification |
396 | Authorities. In most cases, such as in HTTP web browsing, only |
397 | servers identify to the clients, so the client does not send a |
398 | certificate. |
399 | |
400 | Unlike QSslConfiguration::setLocalCertificate() this method allows |
401 | you to specify any intermediate certificates required in order to |
402 | validate your certificate. The first item in the list must be the |
403 | leaf certificate. |
404 | |
405 | \sa localCertificateChain() |
406 | \since 5.1 |
407 | */ |
408 | void QSslConfiguration::setLocalCertificateChain(const QList<QSslCertificate> &localChain) |
409 | { |
410 | d->localCertificateChain = localChain; |
411 | } |
412 | |
413 | /*! |
414 | Returns the certificate to be presented to the peer during the SSL |
415 | handshake process. |
416 | |
417 | \sa setLocalCertificate() |
418 | */ |
419 | QSslCertificate QSslConfiguration::localCertificate() const |
420 | { |
421 | if (d->localCertificateChain.isEmpty()) |
422 | return QSslCertificate(); |
423 | return d->localCertificateChain[0]; |
424 | } |
425 | |
426 | /*! |
427 | Sets the certificate to be presented to the peer during SSL |
428 | handshake to be \a certificate. |
429 | |
430 | Setting the certificate once the connection has been established |
431 | has no effect. |
432 | |
433 | A certificate is the means of identification used in the SSL |
434 | process. The local certificate is used by the remote end to verify |
435 | the local user's identity against its list of Certification |
436 | Authorities. In most cases, such as in HTTP web browsing, only |
437 | servers identify to the clients, so the client does not send a |
438 | certificate. |
439 | |
440 | \sa localCertificate() |
441 | */ |
442 | void QSslConfiguration::setLocalCertificate(const QSslCertificate &certificate) |
443 | { |
444 | d->localCertificateChain = QList<QSslCertificate>(); |
445 | d->localCertificateChain += certificate; |
446 | } |
447 | |
448 | /*! |
449 | Returns the peer's digital certificate (i.e., the immediate |
450 | certificate of the host you are connected to), or a null |
451 | certificate, if the peer has not assigned a certificate. |
452 | |
453 | The peer certificate is checked automatically during the |
454 | handshake phase, so this function is normally used to fetch |
455 | the certificate for display or for connection diagnostic |
456 | purposes. It contains information about the peer, including |
457 | its host name, the certificate issuer, and the peer's public |
458 | key. |
459 | |
460 | Because the peer certificate is set during the handshake phase, it |
461 | is safe to access the peer certificate from a slot connected to |
462 | the QSslSocket::sslErrors() signal, QNetworkReply::sslErrors() |
463 | signal, or the QSslSocket::encrypted() signal. |
464 | |
465 | If a null certificate is returned, it can mean the SSL handshake |
466 | failed, or it can mean the host you are connected to doesn't have |
467 | a certificate, or it can mean there is no connection. |
468 | |
469 | If you want to check the peer's complete chain of certificates, |
470 | use peerCertificateChain() to get them all at once. |
471 | |
472 | \sa peerCertificateChain(), |
473 | QSslSocket::sslErrors(), QSslSocket::ignoreSslErrors(), |
474 | QNetworkReply::sslErrors(), QNetworkReply::ignoreSslErrors() |
475 | */ |
476 | QSslCertificate QSslConfiguration::peerCertificate() const |
477 | { |
478 | return d->peerCertificate; |
479 | } |
480 | |
481 | /*! |
482 | Returns the peer's chain of digital certificates, starting with |
483 | the peer's immediate certificate and ending with the CA's |
484 | certificate. |
485 | |
486 | Peer certificates are checked automatically during the handshake |
487 | phase. This function is normally used to fetch certificates for |
488 | display, or for performing connection diagnostics. Certificates |
489 | contain information about the peer and the certificate issuers, |
490 | including host name, issuer names, and issuer public keys. |
491 | |
492 | Because the peer certificate is set during the handshake phase, it |
493 | is safe to access the peer certificate from a slot connected to |
494 | the QSslSocket::sslErrors() signal, QNetworkReply::sslErrors() |
495 | signal, or the QSslSocket::encrypted() signal. |
496 | |
497 | If an empty list is returned, it can mean the SSL handshake |
498 | failed, or it can mean the host you are connected to doesn't have |
499 | a certificate, or it can mean there is no connection. |
500 | |
501 | If you want to get only the peer's immediate certificate, use |
502 | peerCertificate(). |
503 | |
504 | \sa peerCertificate(), |
505 | QSslSocket::sslErrors(), QSslSocket::ignoreSslErrors(), |
506 | QNetworkReply::sslErrors(), QNetworkReply::ignoreSslErrors() |
507 | */ |
508 | QList<QSslCertificate> QSslConfiguration::peerCertificateChain() const |
509 | { |
510 | return d->peerCertificateChain; |
511 | } |
512 | |
513 | /*! |
514 | Returns the socket's cryptographic \l {QSslCipher} {cipher}, or a |
515 | null cipher if the connection isn't encrypted. The socket's cipher |
516 | for the session is set during the handshake phase. The cipher is |
517 | used to encrypt and decrypt data transmitted through the socket. |
518 | |
519 | The SSL infrastructure also provides functions for setting the |
520 | ordered list of ciphers from which the handshake phase will |
521 | eventually select the session cipher. This ordered list must be in |
522 | place before the handshake phase begins. |
523 | |
524 | \sa ciphers(), setCiphers(), QSslSocket::supportedCiphers() |
525 | */ |
526 | QSslCipher QSslConfiguration::sessionCipher() const |
527 | { |
528 | return d->sessionCipher; |
529 | } |
530 | |
531 | /*! |
532 | Returns the socket's SSL/TLS protocol or UnknownProtocol if the |
533 | connection isn't encrypted. The socket's protocol for the session |
534 | is set during the handshake phase. |
535 | |
536 | \sa protocol(), setProtocol() |
537 | \since 5.4 |
538 | */ |
539 | QSsl::SslProtocol QSslConfiguration::sessionProtocol() const |
540 | { |
541 | return d->sessionProtocol; |
542 | } |
543 | |
544 | /*! |
545 | Returns the \l {QSslKey} {SSL key} assigned to this connection or |
546 | a null key if none has been assigned yet. |
547 | |
548 | \sa setPrivateKey(), localCertificate() |
549 | */ |
550 | QSslKey QSslConfiguration::privateKey() const |
551 | { |
552 | return d->privateKey; |
553 | } |
554 | |
555 | /*! |
556 | Sets the connection's private \l {QSslKey} {key} to \a key. The |
557 | private key and the local \l {QSslCertificate} {certificate} are |
558 | used by clients and servers that must prove their identity to |
559 | SSL peers. |
560 | |
561 | Both the key and the local certificate are required if you are |
562 | creating an SSL server socket. If you are creating an SSL client |
563 | socket, the key and local certificate are required if your client |
564 | must identify itself to an SSL server. |
565 | |
566 | \sa privateKey(), setLocalCertificate() |
567 | */ |
568 | void QSslConfiguration::setPrivateKey(const QSslKey &key) |
569 | { |
570 | d->privateKey = key; |
571 | } |
572 | |
573 | /*! |
574 | Returns this connection's current cryptographic cipher suite. This |
575 | list is used during the handshake phase for choosing a |
576 | session cipher. The returned list of ciphers is ordered by |
577 | descending preference. (i.e., the first cipher in the list is the |
578 | most preferred cipher). The session cipher will be the first one |
579 | in the list that is also supported by the peer. |
580 | |
581 | By default, the handshake phase can choose any of the ciphers |
582 | supported by this system's SSL libraries, which may vary from |
583 | system to system. The list of ciphers supported by this system's |
584 | SSL libraries is returned by QSslSocket::supportedCiphers(). You can restrict |
585 | the list of ciphers used for choosing the session cipher for this |
586 | socket by calling setCiphers() with a subset of the supported |
587 | ciphers. You can revert to using the entire set by calling |
588 | setCiphers() with the list returned by QSslSocket::supportedCiphers(). |
589 | |
590 | \note This is not currently supported in the Schannel backend. |
591 | |
592 | \sa setCiphers(), QSslSocket::supportedCiphers() |
593 | */ |
594 | QList<QSslCipher> QSslConfiguration::ciphers() const |
595 | { |
596 | return d->ciphers; |
597 | } |
598 | |
599 | /*! |
600 | Sets the cryptographic cipher suite for this socket to \a ciphers, |
601 | which must contain a subset of the ciphers in the list returned by |
602 | supportedCiphers(). |
603 | |
604 | Restricting the cipher suite must be done before the handshake |
605 | phase, where the session cipher is chosen. |
606 | |
607 | \note This is not currently supported in the Schannel backend. |
608 | |
609 | \sa ciphers(), QSslSocket::supportedCiphers() |
610 | */ |
611 | void QSslConfiguration::setCiphers(const QList<QSslCipher> &ciphers) |
612 | { |
613 | d->ciphers = ciphers; |
614 | } |
615 | |
616 | /*! |
617 | \since 5.5 |
618 | |
619 | Returns the list of cryptographic ciphers supported by this |
620 | system. This list is set by the system's SSL libraries and may |
621 | vary from system to system. |
622 | |
623 | \sa ciphers(), setCiphers() |
624 | */ |
625 | QList<QSslCipher> QSslConfiguration::supportedCiphers() |
626 | { |
627 | return QSslSocketPrivate::supportedCiphers(); |
628 | } |
629 | |
630 | /*! |
631 | Returns this connection's CA certificate database. The CA certificate |
632 | database is used by the socket during the handshake phase to |
633 | validate the peer's certificate. It can be modified prior to the |
634 | handshake with setCaCertificates(), or with addCaCertificate() and |
635 | addCaCertificates(). |
636 | |
637 | \sa setCaCertificates(), addCaCertificate(), addCaCertificates() |
638 | */ |
639 | QList<QSslCertificate> QSslConfiguration::caCertificates() const |
640 | { |
641 | return d->caCertificates; |
642 | } |
643 | |
644 | /*! |
645 | Sets this socket's CA certificate database to be \a certificates. |
646 | The certificate database must be set prior to the SSL handshake. |
647 | The CA certificate database is used by the socket during the |
648 | handshake phase to validate the peer's certificate. |
649 | |
650 | \note The default configuration uses the system CA certificate database. If |
651 | that is not available (as is commonly the case on iOS), the default database |
652 | is empty. |
653 | |
654 | \sa caCertificates(), addCaCertificates(), addCaCertificate() |
655 | */ |
656 | void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certificates) |
657 | { |
658 | d->caCertificates = certificates; |
659 | d->allowRootCertOnDemandLoading = false; |
660 | } |
661 | |
662 | /*! |
663 | \since 5.15 |
664 | |
665 | Searches all files in the \a path for certificates encoded in the |
666 | specified \a format and adds them to this socket's CA certificate |
667 | database. \a path must be a file or a pattern matching one or more |
668 | files, as specified by \a syntax. Returns \c true if one or more |
669 | certificates are added to the socket's CA certificate database; |
670 | otherwise returns \c false. |
671 | |
672 | The CA certificate database is used by the socket during the |
673 | handshake phase to validate the peer's certificate. |
674 | |
675 | For more precise control, use addCaCertificate(). |
676 | |
677 | \sa addCaCertificate(), QSslCertificate::fromPath() |
678 | */ |
679 | bool QSslConfiguration::addCaCertificates(const QString &path, QSsl::EncodingFormat format, |
680 | QSslCertificate::PatternSyntax syntax) |
681 | { |
682 | QList<QSslCertificate> certs = QSslCertificate::fromPath(path, format, syntax); |
683 | if (certs.isEmpty()) |
684 | return false; |
685 | |
686 | d->caCertificates += certs; |
687 | return true; |
688 | } |
689 | |
690 | /*! |
691 | \since 5.15 |
692 | |
693 | Adds \a certificate to this configuration's CA certificate database. |
694 | The certificate database must be set prior to the SSL handshake. |
695 | The CA certificate database is used by the socket during the |
696 | handshake phase to validate the peer's certificate. |
697 | |
698 | \note The default configuration uses the system CA certificate database. If |
699 | that is not available (as is commonly the case on iOS), the default database |
700 | is empty. |
701 | |
702 | \sa caCertificates(), setCaCertificates(), addCaCertificates() |
703 | */ |
704 | void QSslConfiguration::addCaCertificate(const QSslCertificate &certificate) |
705 | { |
706 | d->caCertificates += certificate; |
707 | d->allowRootCertOnDemandLoading = false; |
708 | } |
709 | |
710 | /*! |
711 | \since 5.15 |
712 | |
713 | Adds \a certificates to this configuration's CA certificate database. |
714 | The certificate database must be set prior to the SSL handshake. |
715 | The CA certificate database is used by the socket during the |
716 | handshake phase to validate the peer's certificate. |
717 | |
718 | \note The default configuration uses the system CA certificate database. If |
719 | that is not available (as is commonly the case on iOS), the default database |
720 | is empty. |
721 | |
722 | \sa caCertificates(), setCaCertificates(), addCaCertificate() |
723 | */ |
724 | void QSslConfiguration::addCaCertificates(const QList<QSslCertificate> &certificates) |
725 | { |
726 | d->caCertificates += certificates; |
727 | d->allowRootCertOnDemandLoading = false; |
728 | } |
729 | |
730 | /*! |
731 | \since 5.5 |
732 | |
733 | This function provides the CA certificate database |
734 | provided by the operating system. The CA certificate database |
735 | returned by this function is used to initialize the database |
736 | returned by caCertificates() on the default QSslConfiguration. |
737 | |
738 | \sa caCertificates(), setCaCertificates(), defaultConfiguration(), |
739 | addCaCertificate(), addCaCertificates() |
740 | */ |
741 | QList<QSslCertificate> QSslConfiguration::systemCaCertificates() |
742 | { |
743 | // we are calling ensureInitialized() in the method below |
744 | return QSslSocketPrivate::systemCaCertificates(); |
745 | } |
746 | |
747 | /*! |
748 | Enables or disables an SSL compatibility \a option. If \a on |
749 | is true, the \a option is enabled. If \a on is false, the |
750 | \a option is disabled. |
751 | |
752 | \sa testSslOption() |
753 | */ |
754 | void QSslConfiguration::setSslOption(QSsl::SslOption option, bool on) |
755 | { |
756 | d->sslOptions.setFlag(flag: option, on); |
757 | } |
758 | |
759 | /*! |
760 | \since 4.8 |
761 | |
762 | Returns \c true if the specified SSL compatibility \a option is enabled. |
763 | |
764 | \sa setSslOption() |
765 | */ |
766 | bool QSslConfiguration::testSslOption(QSsl::SslOption option) const |
767 | { |
768 | return d->sslOptions & option; |
769 | } |
770 | |
771 | /*! |
772 | \since 5.2 |
773 | |
774 | If QSsl::SslOptionDisableSessionPersistence was turned off, this |
775 | function returns the session ticket used in the SSL handshake in ASN.1 |
776 | format, suitable to e.g. be persisted to disk. If no session ticket was |
777 | used or QSsl::SslOptionDisableSessionPersistence was not turned off, |
778 | this function returns an empty QByteArray. |
779 | |
780 | \note When persisting the session ticket to disk or similar, be |
781 | careful not to expose the session to a potential attacker, as |
782 | knowledge of the session allows for eavesdropping on data |
783 | encrypted with the session parameters. |
784 | |
785 | \sa setSessionTicket(), QSsl::SslOptionDisableSessionPersistence, setSslOption(), QSslSocket::newSessionTicketReceived() |
786 | */ |
787 | QByteArray QSslConfiguration::sessionTicket() const |
788 | { |
789 | return d->sslSession; |
790 | } |
791 | |
792 | /*! |
793 | \since 5.2 |
794 | |
795 | Sets the session ticket to be used in an SSL handshake. |
796 | QSsl::SslOptionDisableSessionPersistence must be turned off |
797 | for this to work, and \a sessionTicket must be in ASN.1 format |
798 | as returned by sessionTicket(). |
799 | |
800 | \sa sessionTicket(), QSsl::SslOptionDisableSessionPersistence, setSslOption(), QSslSocket::newSessionTicketReceived() |
801 | */ |
802 | void QSslConfiguration::setSessionTicket(const QByteArray &sessionTicket) |
803 | { |
804 | d->sslSession = sessionTicket; |
805 | } |
806 | |
807 | /*! |
808 | \since 5.2 |
809 | |
810 | If QSsl::SslOptionDisableSessionPersistence was turned off, this |
811 | function returns the session ticket life time hint sent by the |
812 | server (which might be 0). |
813 | If the server did not send a session ticket (e.g. when |
814 | resuming a session or when the server does not support it) or |
815 | QSsl::SslOptionDisableSessionPersistence was not turned off, |
816 | this function returns -1. |
817 | |
818 | \sa sessionTicket(), QSsl::SslOptionDisableSessionPersistence, setSslOption(), QSslSocket::newSessionTicketReceived() |
819 | */ |
820 | int QSslConfiguration::sessionTicketLifeTimeHint() const |
821 | { |
822 | return d->sslSessionTicketLifeTimeHint; |
823 | } |
824 | |
825 | /*! |
826 | \since 5.7 |
827 | |
828 | Returns the ephemeral server key used for cipher algorithms |
829 | with forward secrecy, e.g. DHE-RSA-AES128-SHA. |
830 | |
831 | The ephemeral key is only available when running in client mode, i.e. |
832 | QSslSocket::SslClientMode. When running in server mode or using a |
833 | cipher algorithm without forward secrecy a null key is returned. |
834 | The ephemeral server key will be set before emitting the encrypted() |
835 | signal. |
836 | */ |
837 | QSslKey QSslConfiguration::ephemeralServerKey() const |
838 | { |
839 | return d->ephemeralServerKey; |
840 | } |
841 | |
842 | /*! |
843 | \since 5.5 |
844 | |
845 | Returns this connection's current list of elliptic curves. This |
846 | list is used during the handshake phase for choosing an |
847 | elliptic curve (when using an elliptic curve cipher). |
848 | The returned list of curves is ordered by descending preference |
849 | (i.e., the first curve in the list is the most preferred one). |
850 | |
851 | By default, the handshake phase can choose any of the curves |
852 | supported by this system's SSL libraries, which may vary from |
853 | system to system. The list of curves supported by this system's |
854 | SSL libraries is returned by QSslSocket::supportedEllipticCurves(). |
855 | |
856 | You can restrict the list of curves used for choosing the session cipher |
857 | for this socket by calling setEllipticCurves() with a subset of the |
858 | supported ciphers. You can revert to using the entire set by calling |
859 | setEllipticCurves() with the list returned by |
860 | QSslSocket::supportedEllipticCurves(). |
861 | |
862 | \sa setEllipticCurves |
863 | */ |
864 | QVector<QSslEllipticCurve> QSslConfiguration::ellipticCurves() const |
865 | { |
866 | return d->ellipticCurves; |
867 | } |
868 | |
869 | /*! |
870 | \since 5.5 |
871 | |
872 | Sets the list of elliptic curves to be used by this socket to \a curves, |
873 | which must contain a subset of the curves in the list returned by |
874 | supportedEllipticCurves(). |
875 | |
876 | Restricting the elliptic curves must be done before the handshake |
877 | phase, where the session cipher is chosen. |
878 | |
879 | \sa ellipticCurves |
880 | */ |
881 | void QSslConfiguration::setEllipticCurves(const QVector<QSslEllipticCurve> &curves) |
882 | { |
883 | d->ellipticCurves = curves; |
884 | } |
885 | |
886 | /*! |
887 | \since 5.5 |
888 | |
889 | Returns the list of elliptic curves supported by this |
890 | system. This list is set by the system's SSL libraries and may |
891 | vary from system to system. |
892 | |
893 | \sa ellipticCurves(), setEllipticCurves() |
894 | */ |
895 | QVector<QSslEllipticCurve> QSslConfiguration::supportedEllipticCurves() |
896 | { |
897 | return QSslSocketPrivate::supportedEllipticCurves(); |
898 | } |
899 | |
900 | /*! |
901 | \since 5.8 |
902 | |
903 | Returns the identity hint. |
904 | |
905 | \sa setPreSharedKeyIdentityHint() |
906 | */ |
907 | QByteArray QSslConfiguration::preSharedKeyIdentityHint() const |
908 | { |
909 | return d->preSharedKeyIdentityHint; |
910 | } |
911 | |
912 | /*! |
913 | \since 5.8 |
914 | |
915 | Sets the identity hint for a preshared key authentication to \a hint. This will |
916 | affect the next initiated handshake; calling this function on an already-encrypted |
917 | socket will not affect the socket's identity hint. |
918 | |
919 | The identity hint is used in QSslSocket::SslServerMode only! |
920 | */ |
921 | void QSslConfiguration::setPreSharedKeyIdentityHint(const QByteArray &hint) |
922 | { |
923 | d->preSharedKeyIdentityHint = hint; |
924 | } |
925 | |
926 | /*! |
927 | \since 5.8 |
928 | |
929 | Retrieves the current set of Diffie-Hellman parameters. |
930 | |
931 | If no Diffie-Hellman parameters have been set, the QSslConfiguration object |
932 | defaults to using the 1024-bit MODP group from RFC 2409. |
933 | */ |
934 | QSslDiffieHellmanParameters QSslConfiguration::diffieHellmanParameters() const |
935 | { |
936 | return d->dhParams; |
937 | } |
938 | |
939 | /*! |
940 | \since 5.8 |
941 | |
942 | Sets a custom set of Diffie-Hellman parameters to be used by this socket when functioning as |
943 | a server to \a dhparams. |
944 | |
945 | If no Diffie-Hellman parameters have been set, the QSslConfiguration object |
946 | defaults to using the 1024-bit MODP group from RFC 2409. |
947 | */ |
948 | void QSslConfiguration::setDiffieHellmanParameters(const QSslDiffieHellmanParameters &dhparams) |
949 | { |
950 | d->dhParams = dhparams; |
951 | } |
952 | |
953 | /*! |
954 | \since 5.11 |
955 | |
956 | Returns the backend-specific configuration. |
957 | |
958 | Only options set by setBackendConfigurationOption() or setBackendConfiguration() will be |
959 | returned. The internal standard configuration of the backend is not reported. |
960 | |
961 | \sa setBackendConfigurationOption(), setBackendConfiguration() |
962 | */ |
963 | QMap<QByteArray, QVariant> QSslConfiguration::backendConfiguration() const |
964 | { |
965 | return d->backendConfig; |
966 | } |
967 | |
968 | /*! |
969 | \since 5.11 |
970 | |
971 | Sets the option \a name in the backend-specific configuration to \a value. |
972 | |
973 | Options supported by the OpenSSL (>= 1.0.2) backend are available in the \l |
974 | {https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html#SUPPORTED-CONFIGURATION-FILE-COMMANDS} |
975 | {supported configuration file commands} documentation. The expected type for |
976 | the \a value parameter is a QByteArray for all options. The \l |
977 | {https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html#EXAMPLES}{examples} |
978 | show how to use some of the options. |
979 | |
980 | \note The backend-specific configuration will be applied after the general |
981 | configuration. Using the backend-specific configuration to set a general |
982 | configuration option again will overwrite the general configuration option. |
983 | |
984 | \sa backendConfiguration(), setBackendConfiguration() |
985 | */ |
986 | void QSslConfiguration::setBackendConfigurationOption(const QByteArray &name, const QVariant &value) |
987 | { |
988 | d->backendConfig[name] = value; |
989 | } |
990 | |
991 | /*! |
992 | \since 5.11 |
993 | |
994 | Sets or clears the backend-specific configuration. |
995 | |
996 | Without a \a backendConfiguration parameter this function will clear the |
997 | backend-specific configuration. More information about the supported |
998 | options is available in the documentation of setBackendConfigurationOption(). |
999 | |
1000 | \sa backendConfiguration(), setBackendConfigurationOption() |
1001 | */ |
1002 | void QSslConfiguration::setBackendConfiguration(const QMap<QByteArray, QVariant> &backendConfiguration) |
1003 | { |
1004 | d->backendConfig = backendConfiguration; |
1005 | } |
1006 | |
1007 | /*! |
1008 | \since 5.3 |
1009 | |
1010 | This function returns the protocol negotiated with the server |
1011 | if the Next Protocol Negotiation (NPN) or Application-Layer Protocol |
1012 | Negotiation (ALPN) TLS extension was enabled. |
1013 | In order for the NPN/ALPN extension to be enabled, setAllowedNextProtocols() |
1014 | needs to be called explicitly before connecting to the server. |
1015 | |
1016 | If no protocol could be negotiated or the extension was not enabled, |
1017 | this function returns a QByteArray which is null. |
1018 | |
1019 | \sa setAllowedNextProtocols(), nextProtocolNegotiationStatus() |
1020 | */ |
1021 | QByteArray QSslConfiguration::nextNegotiatedProtocol() const |
1022 | { |
1023 | return d->nextNegotiatedProtocol; |
1024 | } |
1025 | |
1026 | /*! |
1027 | \since 5.3 |
1028 | |
1029 | This function sets the allowed \a protocols to be negotiated with the |
1030 | server through the Next Protocol Negotiation (NPN) or Application-Layer |
1031 | Protocol Negotiation (ALPN) TLS extension; each |
1032 | element in \a protocols must define one allowed protocol. |
1033 | The function must be called explicitly before connecting to send the NPN/ALPN |
1034 | extension in the SSL handshake. |
1035 | Whether or not the negotiation succeeded can be queried through |
1036 | nextProtocolNegotiationStatus(). |
1037 | |
1038 | \sa nextNegotiatedProtocol(), nextProtocolNegotiationStatus(), allowedNextProtocols(), QSslConfiguration::NextProtocolSpdy3_0, QSslConfiguration::NextProtocolHttp1_1 |
1039 | */ |
1040 | #if QT_VERSION >= QT_VERSION_CHECK(6,0,0) |
1041 | void QSslConfiguration::setAllowedNextProtocols(const QList<QByteArray> &protocols) |
1042 | #else |
1043 | void QSslConfiguration::setAllowedNextProtocols(QList<QByteArray> protocols) |
1044 | #endif |
1045 | { |
1046 | d->nextAllowedProtocols = protocols; |
1047 | } |
1048 | |
1049 | /*! |
1050 | \since 5.3 |
1051 | |
1052 | This function returns the allowed protocols to be negotiated with the |
1053 | server through the Next Protocol Negotiation (NPN) or Application-Layer |
1054 | Protocol Negotiation (ALPN) TLS extension, as set by setAllowedNextProtocols(). |
1055 | |
1056 | \sa nextNegotiatedProtocol(), nextProtocolNegotiationStatus(), setAllowedNextProtocols(), QSslConfiguration::NextProtocolSpdy3_0, QSslConfiguration::NextProtocolHttp1_1 |
1057 | */ |
1058 | QList<QByteArray> QSslConfiguration::allowedNextProtocols() const |
1059 | { |
1060 | return d->nextAllowedProtocols; |
1061 | } |
1062 | |
1063 | /*! |
1064 | \since 5.3 |
1065 | |
1066 | This function returns the status of the Next Protocol Negotiation (NPN) |
1067 | or Application-Layer Protocol Negotiation (ALPN). |
1068 | If the feature has not been enabled through setAllowedNextProtocols(), |
1069 | this function returns NextProtocolNegotiationNone. |
1070 | The status will be set before emitting the encrypted() signal. |
1071 | |
1072 | \sa setAllowedNextProtocols(), allowedNextProtocols(), nextNegotiatedProtocol(), QSslConfiguration::NextProtocolNegotiationStatus |
1073 | */ |
1074 | QSslConfiguration::NextProtocolNegotiationStatus QSslConfiguration::nextProtocolNegotiationStatus() const |
1075 | { |
1076 | return d->nextProtocolNegotiationStatus; |
1077 | } |
1078 | |
1079 | /*! |
1080 | Returns the default SSL configuration to be used in new SSL |
1081 | connections. |
1082 | |
1083 | The default SSL configuration consists of: |
1084 | |
1085 | \list |
1086 | \li no local certificate and no private key |
1087 | \li protocol \l{QSsl::SecureProtocols}{SecureProtocols} |
1088 | \li the system's default CA certificate list |
1089 | \li the cipher list equal to the list of the SSL libraries' |
1090 | supported SSL ciphers that are 128 bits or more |
1091 | \endlist |
1092 | |
1093 | \sa QSslSocket::supportedCiphers(), setDefaultConfiguration() |
1094 | */ |
1095 | QSslConfiguration QSslConfiguration::defaultConfiguration() |
1096 | { |
1097 | return QSslConfigurationPrivate::defaultConfiguration(); |
1098 | } |
1099 | |
1100 | /*! |
1101 | Sets the default SSL configuration to be used in new SSL |
1102 | connections to be \a configuration. Existing connections are not |
1103 | affected by this call. |
1104 | |
1105 | \sa QSslSocket::supportedCiphers(), defaultConfiguration() |
1106 | */ |
1107 | void QSslConfiguration::setDefaultConfiguration(const QSslConfiguration &configuration) |
1108 | { |
1109 | QSslConfigurationPrivate::setDefaultConfiguration(configuration); |
1110 | } |
1111 | |
1112 | #if QT_CONFIG(dtls) || defined(Q_CLANG_QDOC) |
1113 | |
1114 | /*! |
1115 | This function returns true if DTLS cookie verification was enabled on a |
1116 | server-side socket. |
1117 | |
1118 | \sa setDtlsCookieVerificationEnabled() |
1119 | */ |
1120 | bool QSslConfiguration::dtlsCookieVerificationEnabled() const |
1121 | { |
1122 | return d->dtlsCookieEnabled; |
1123 | } |
1124 | |
1125 | /*! |
1126 | This function enables DTLS cookie verification when \a enable is true. |
1127 | |
1128 | \sa dtlsCookieVerificationEnabled() |
1129 | */ |
1130 | void QSslConfiguration::setDtlsCookieVerificationEnabled(bool enable) |
1131 | { |
1132 | d->dtlsCookieEnabled = enable; |
1133 | } |
1134 | |
1135 | /*! |
1136 | Returns the default DTLS configuration to be used in new DTLS |
1137 | connections. |
1138 | |
1139 | The default DTLS configuration consists of: |
1140 | |
1141 | \list |
1142 | \li no local certificate and no private key |
1143 | \li protocol DtlsV1_2OrLater |
1144 | \li the system's default CA certificate list |
1145 | \li the cipher list equal to the list of the SSL libraries' |
1146 | supported TLS 1.2 ciphers that use 128 or more secret bits |
1147 | for the cipher. |
1148 | \endlist |
1149 | |
1150 | \sa setDefaultDtlsConfiguration() |
1151 | */ |
1152 | QSslConfiguration QSslConfiguration::defaultDtlsConfiguration() |
1153 | { |
1154 | return QSslConfigurationPrivate::defaultDtlsConfiguration(); |
1155 | } |
1156 | |
1157 | /*! |
1158 | Sets the default DTLS configuration to be used in new DTLS |
1159 | connections to be \a configuration. Existing connections are not |
1160 | affected by this call. |
1161 | |
1162 | \sa defaultDtlsConfiguration() |
1163 | */ |
1164 | void QSslConfiguration::setDefaultDtlsConfiguration(const QSslConfiguration &configuration) |
1165 | { |
1166 | QSslConfigurationPrivate::setDefaultDtlsConfiguration(configuration); |
1167 | } |
1168 | |
1169 | #endif // dtls |
1170 | |
1171 | /*! |
1172 | \since 5.13 |
1173 | If \a enabled is true, client QSslSocket will send a certificate status request |
1174 | to its peer when initiating a handshake. During the handshake QSslSocket will |
1175 | verify the server's response. This value must be set before the handshake |
1176 | starts. |
1177 | |
1178 | \sa ocspStaplingEnabled() |
1179 | */ |
1180 | void QSslConfiguration::setOcspStaplingEnabled(bool enabled) |
1181 | { |
1182 | #if QT_CONFIG(ocsp) |
1183 | d->ocspStaplingEnabled = enabled; |
1184 | #else |
1185 | if (enabled) |
1186 | qCWarning(lcSsl, "Enabling OCSP-stapling requires the feature 'ocsp'" ); |
1187 | #endif // ocsp |
1188 | } |
1189 | |
1190 | /*! |
1191 | \since 5.13 |
1192 | Returns true if OCSP stapling was enabled by setOCSPStaplingEnabled(), |
1193 | otherwise false (which is the default value). |
1194 | |
1195 | \sa setOcspStaplingEnabled() |
1196 | */ |
1197 | bool QSslConfiguration::ocspStaplingEnabled() const |
1198 | { |
1199 | return d->ocspStaplingEnabled; |
1200 | } |
1201 | |
1202 | /*! \internal |
1203 | */ |
1204 | bool QSslConfigurationPrivate::peerSessionWasShared(const QSslConfiguration &configuration) { |
1205 | return configuration.d->peerSessionShared; |
1206 | } |
1207 | |
1208 | QT_END_NAMESPACE |
1209 | |