| 1 | // Copyright (C) 2016 The Qt Company Ltd. |
|---|
| 2 | // Copyright (C) 2014 BlackBerry Limited. All rights reserved. |
|---|
| 3 | // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only |
|---|
| 4 | |
|---|
| 5 | |
|---|
| 6 | #ifndef QSSLCONTEXT_OPENSSL_P_H |
|---|
| 7 | #define QSSLCONTEXT_OPENSSL_P_H |
|---|
| 8 | |
|---|
| 9 | // |
|---|
| 10 | // W A R N I N G |
|---|
| 11 | // ------------- |
|---|
| 12 | // |
|---|
| 13 | // This file is not part of the Qt API. It exists purely as an |
|---|
| 14 | // implementation detail. This header file may change from version to |
|---|
| 15 | // version without notice, or even be removed. |
|---|
| 16 | // |
|---|
| 17 | // We mean it. |
|---|
| 18 | // |
|---|
| 19 | |
|---|
| 20 | #include <QtNetwork/private/qtnetworkglobal_p.h> |
|---|
| 21 | #include <QtCore/qvariant.h> |
|---|
| 22 | #include <QtNetwork/qsslcertificate.h> |
|---|
| 23 | #include <QtNetwork/qsslconfiguration.h> |
|---|
| 24 | #include <openssl/ssl.h> |
|---|
| 25 | |
|---|
| 26 | QT_BEGIN_NAMESPACE |
|---|
| 27 | |
|---|
| 28 | #ifndef QT_NO_SSL |
|---|
| 29 | |
|---|
| 30 | class QSslContext |
|---|
| 31 | { |
|---|
| 32 | public: |
|---|
| 33 | Q_DISABLE_COPY_MOVE(QSslContext) |
|---|
| 34 | |
|---|
| 35 | ~QSslContext(); |
|---|
| 36 | |
|---|
| 37 | static std::shared_ptr<QSslContext> sharedFromConfiguration(QSslSocket::SslMode mode, const QSslConfiguration &configuration, |
|---|
| 38 | bool allowRootCertOnDemandLoading); |
|---|
| 39 | static std::shared_ptr<QSslContext> sharedFromPrivateConfiguration(QSslSocket::SslMode mode, QSslConfigurationPrivate *privConfiguration, |
|---|
| 40 | bool allowRootCertOnDemandLoading); |
|---|
| 41 | |
|---|
| 42 | static qssloptions setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions); |
|---|
| 43 | |
|---|
| 44 | QSslError::SslError error() const; |
|---|
| 45 | QString errorString() const; |
|---|
| 46 | |
|---|
| 47 | SSL* createSsl(); |
|---|
| 48 | bool cacheSession(SSL*); // should be called when handshake completed |
|---|
| 49 | |
|---|
| 50 | QByteArray sessionASN1() const; |
|---|
| 51 | void setSessionASN1(const QByteArray &sessionASN1); |
|---|
| 52 | int sessionTicketLifeTimeHint() const; |
|---|
| 53 | |
|---|
| 54 | static void forceAutoTestSecurityLevel(); |
|---|
| 55 | |
|---|
| 56 | #ifndef OPENSSL_NO_NEXTPROTONEG |
|---|
| 57 | // must be public because we want to use it from an OpenSSL callback |
|---|
| 58 | struct NPNContext { |
|---|
| 59 | NPNContext() : data(nullptr), |
|---|
| 60 | len(0), |
|---|
| 61 | status(QSslConfiguration::NextProtocolNegotiationNone) |
|---|
| 62 | { } |
|---|
| 63 | unsigned char *data; |
|---|
| 64 | unsigned short len; |
|---|
| 65 | QSslConfiguration::NextProtocolNegotiationStatus status; |
|---|
| 66 | }; |
|---|
| 67 | NPNContext npnContext() const; |
|---|
| 68 | #endif // !OPENSSL_NO_NEXTPROTONEG |
|---|
| 69 | |
|---|
| 70 | protected: |
|---|
| 71 | QSslContext(); |
|---|
| 72 | |
|---|
| 73 | private: |
|---|
| 74 | static void initSslContext(QSslContext* sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, |
|---|
| 75 | bool allowRootCertOnDemandLoading); |
|---|
| 76 | static void applyBackendConfig(QSslContext *sslContext); |
|---|
| 77 | |
|---|
| 78 | private: |
|---|
| 79 | SSL_CTX* ctx; |
|---|
| 80 | EVP_PKEY *pkey; |
|---|
| 81 | SSL_SESSION *session; |
|---|
| 82 | QByteArray m_sessionASN1; |
|---|
| 83 | int m_sessionTicketLifeTimeHint; |
|---|
| 84 | QSslError::SslError errorCode = {}; |
|---|
| 85 | QString errorStr; |
|---|
| 86 | QSslConfiguration sslConfiguration; |
|---|
| 87 | #ifndef OPENSSL_NO_NEXTPROTONEG |
|---|
| 88 | QByteArray m_supportedNPNVersions; |
|---|
| 89 | NPNContext m_npnContext; |
|---|
| 90 | #endif // !OPENSSL_NO_NEXTPROTONEG |
|---|
| 91 | }; |
|---|
| 92 | |
|---|
| 93 | #endif // QT_NO_SSL |
|---|
| 94 | |
|---|
| 95 | QT_END_NAMESPACE |
|---|
| 96 | |
|---|
| 97 | #endif // QSSLCONTEXT_OPENSSL_P_H |
|---|
| 98 | |
|---|
