d5/d4d/qx509__openssl_8cpp_source.html

// Copyright (C) 2021 The Qt Company Ltd.

// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only


#include "qsslsocket_openssl_symbols_p.h"

#include "qtlsbackend_openssl_p.h"

#include "qtlskey_openssl_p.h"

#include "qx509_openssl_p.h"

#include "qtls_openssl_p.h"


#include <QtNetwork/private/qsslcertificate_p.h>


#include <QtNetwork/qsslsocket.h>

#include <QtNetwork/qhostaddress.h>


#include <QtCore/qendian.h>

#include <QtCore/qdatetime.h>

#include <QtCore/qhash.h>

#include <QtCore/qiodevice.h>

#include <QtCore/qscopeguard.h>

#include <QtCore/qtimezone.h>

#include <QtCore/qvarlengtharray.h>


QT_BEGIN_NAMESPACE


using namespace Qt::StringLiterals;


namespace QTlsPrivate {


namespace {


QByteArray asn1ObjectId(ASN1_OBJECT *object)

{

    if (!object)

        return {};


    char buf[80] = {}; // The openssl docs a buffer length of 80 should be more than enough

    q_OBJ_obj2txt(buf, sizeof(buf), object, 1); // the 1 says always use the oid not the long name


    return QByteArray(buf);

}


QByteArray asn1ObjectName(ASN1_OBJECT *object)

{

    if (!object)

        return {};


    const int nid = q_OBJ_obj2nid(object);

    if (nid != NID_undef)

        return QByteArray(q_OBJ_nid2sn(nid));


    return asn1ObjectId(object);

}


QMultiMap<QByteArray, QString> mapFromX509Name(X509_NAME *name)

{

    if (!name)

        return {};


    QMultiMap<QByteArray, QString> info;

    for (int i = 0; i < q_X509_NAME_entry_count(name); ++i) {

        X509_NAME_ENTRY *e = q_X509_NAME_get_entry(name, i);


        QByteArray name = asn1ObjectName(q_X509_NAME_ENTRY_get_object(e));

        unsigned char *data = nullptr;

        int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));

        info.insert(name, QString::fromUtf8((char*)data, size));

        q_CRYPTO_free(data, nullptr, 0);

    }


    return info;

}


QDateTime dateTimeFromASN1(const ASN1_TIME *aTime)

{

    QDateTime result;

    tm lTime;


    if (q_ASN1_TIME_to_tm(aTime, &lTime)) {

        QDate resDate(lTime.tm_year + 1900, lTime.tm_mon + 1, lTime.tm_mday);

        QTime resTime(lTime.tm_hour, lTime.tm_min, lTime.tm_sec);

        result = QDateTime(resDate, resTime, QTimeZone::UTC);

    }


    return result;

}


#define BEGINCERTSTRING "-----BEGIN CERTIFICATE-----"

#define ENDCERTSTRING "-----END CERTIFICATE-----"


QByteArray x509ToQByteArray(X509 *x509, QSsl::EncodingFormat format)

{

    Q_ASSERT(x509);


    // Use i2d_X509 to convert the X509 to an array.

    const int length = q_i2d_X509(x509, nullptr);

    if (length <= 0) {

        QTlsBackendOpenSSL::logAndClearErrorQueue();

        return {};

    }


    QByteArray array;

    array.resize(length);


    char *data = array.data();

    char **dataP = &data;

    unsigned char **dataPu = (unsigned char **)dataP;

    if (q_i2d_X509(x509, dataPu) < 0)

        return QByteArray();


    if (format == QSsl::Der)

        return array;


    // Convert to Base64 - wrap at 64 characters.

    array = array.toBase64();

    QByteArray tmp;

    for (int i = 0; i <= array.size() - 64; i += 64) {

        tmp += QByteArray::fromRawData(array.data() + i, 64);

        tmp += '\n';

    }

    if (int remainder = array.size() % 64) {

        tmp += QByteArray::fromRawData(array.data() + array.size() - remainder, remainder);

        tmp += '\n';

    }


    return BEGINCERTSTRING "\n" + tmp + ENDCERTSTRING "\n";

}


QString x509ToText(X509 *x509)

{

    Q_ASSERT(x509);


    QByteArray result;

    BIO *bio = q_BIO_new(q_BIO_s_mem());

    if (!bio)

        return QString();

    const auto bioRaii = qScopeGuard([bio]{q_BIO_free(bio);});


    q_X509_print(bio, x509);


    QVarLengthArray<char, 16384> data;

    int count = q_BIO_read(bio, data.data(), 16384);

    if ( count > 0 )

        result = QByteArray( data.data(), count );


    return QString::fromLatin1(result);

}


QVariant x509UnknownExtensionToValue(X509_EXTENSION *ext)

{

    // Get the extension specific method object if available

    // we cast away the const-ness here because some versions of openssl

    // don't use const for the parameters in the functions pointers stored

    // in the object.

    Q_ASSERT(ext);


    X509V3_EXT_METHOD *meth = const_cast<X509V3_EXT_METHOD *>(q_X509V3_EXT_get(ext));

    if (!meth) {

        ASN1_OCTET_STRING *value = q_X509_EXTENSION_get_data(ext);

        Q_ASSERT(value);

        QByteArray result( reinterpret_cast<const char *>(q_ASN1_STRING_get0_data(value)),

                           q_ASN1_STRING_length(value));

        return result;

    }


    void *ext_internal = q_X509V3_EXT_d2i(ext);

    if (!ext_internal)

        return {};


    const auto extCleaner = qScopeGuard([meth, ext_internal]{

        Q_ASSERT(ext_internal && meth);


        if (meth->it)

            q_ASN1_item_free(static_cast<ASN1_VALUE *>(ext_internal), ASN1_ITEM_ptr(meth->it));

        else if (meth->ext_free)

            meth->ext_free(ext_internal);

        else

            qCWarning(lcTlsBackend, "No method to free an unknown extension, a potential memory leak?");

    });


    // If this extension can be converted

    if (meth->i2v) {

        STACK_OF(CONF_VALUE) *val = meth->i2v(meth, ext_internal, nullptr);

        const auto stackCleaner = qScopeGuard([val]{

            if (val)

                q_OPENSSL_sk_pop_free((OPENSSL_STACK *)val, (void(*)(void*))q_X509V3_conf_free);

        });


        QVariantMap map;

        QVariantList list;

        bool isMap = false;


        for (int j = 0; j < q_SKM_sk_num(val); j++) {

            CONF_VALUE *nval = q_SKM_sk_value(CONF_VALUE, val, j);

            if (nval->name && nval->value) {

                isMap = true;

                map[QString::fromUtf8(nval->name)] = QString::fromUtf8(nval->value);

            } else if (nval->name) {

                list << QString::fromUtf8(nval->name);

            } else if (nval->value) {

                list << QString::fromUtf8(nval->value);

            }

        }


        if (isMap)

            return map;

        else

            return list;

    } else if (meth->i2s) {

        const char *hexString = meth->i2s(meth, ext_internal);

        QVariant result(hexString ? QString::fromUtf8(hexString) : QString{});

        q_OPENSSL_free((void *)hexString);

        return result;

    } else if (meth->i2r) {

        QByteArray result;


        BIO *bio = q_BIO_new(q_BIO_s_mem());

        if (!bio)

            return result;


        meth->i2r(meth, ext_internal, bio, 0);


        char *bio_buffer;

        long bio_size = q_BIO_get_mem_data(bio, &bio_buffer);

        result = QByteArray(bio_buffer, bio_size);


        q_BIO_free(bio);

        return result;

    }


    return QVariant();

}


/*

 * Convert extensions to a variant. The naming of the keys of the map are

 * taken from RFC 5280, however we decided the capitalisation in the RFC

 * was too silly for the real world.

 */

QVariant x509ExtensionToValue(X509_EXTENSION *ext)

{

    ASN1_OBJECT *obj = q_X509_EXTENSION_get_object(ext);

    int nid = q_OBJ_obj2nid(obj);


    // We cast away the const-ness here because some versions of openssl

    // don't use const for the parameters in the functions pointers stored

    // in the object.

    X509V3_EXT_METHOD *meth = const_cast<X509V3_EXT_METHOD *>(q_X509V3_EXT_get(ext));


    void *ext_internal = nullptr; // The value, returned by X509V3_EXT_d2i.

    const auto extCleaner = qScopeGuard([meth, &ext_internal]() {

        if (!meth || !ext_internal)

            return;


        if (meth->it)

            q_ASN1_item_free(static_cast<ASN1_VALUE *>(ext_internal), ASN1_ITEM_ptr(meth->it));

        else if (meth->ext_free)

            meth->ext_free(ext_internal);

        else

            qWarning(lcTlsBackend, "Cannot free an extension, a potential memory leak?");

    });


    const char * hexString = nullptr; // The value returned by meth->i2s.

    const auto hexStringCleaner = qScopeGuard([&hexString](){

        if (hexString)

            q_OPENSSL_free((void*)hexString);

    });


    switch (nid) {

    case NID_basic_constraints:

        {

            BASIC_CONSTRAINTS *basic = reinterpret_cast<BASIC_CONSTRAINTS *>(q_X509V3_EXT_d2i(ext));

            if (!basic)

                return {};

            QVariantMap result;

            result["ca"_L1] = basic->ca ? true : false;

            if (basic->pathlen)

                result["pathLenConstraint"_L1] = (qlonglong)q_ASN1_INTEGER_get(basic->pathlen);


            q_BASIC_CONSTRAINTS_free(basic);

            return result;

        }

        break;

    case NID_info_access:

        {

            AUTHORITY_INFO_ACCESS *info = reinterpret_cast<AUTHORITY_INFO_ACCESS *>(q_X509V3_EXT_d2i(ext));

            if (!info)

                return {};

            QVariantMap result;

            for (int i=0; i < q_SKM_sk_num(info); i++) {

                ACCESS_DESCRIPTION *ad = q_SKM_sk_value(ACCESS_DESCRIPTION, info, i);


                GENERAL_NAME *name = ad->location;

                if (name->type == GEN_URI) {

                    int len = q_ASN1_STRING_length(name->d.uniformResourceIdentifier);

                    if (len < 0 || len >= 8192) {

                        // broken name

                        continue;

                    }


                    const char *uriStr = reinterpret_cast<const char *>(q_ASN1_STRING_get0_data(name->d.uniformResourceIdentifier));

                    const QString uri = QString::fromUtf8(uriStr, len);


                    result[QString::fromUtf8(asn1ObjectName(ad->method))] = uri;

                } else {

                   qCWarning(lcTlsBackend) << "Strange location type" << name->type;

                }

            }


            q_AUTHORITY_INFO_ACCESS_free(info);

            return result;

        }

        break;

    case NID_subject_key_identifier:

        {

            ext_internal = q_X509V3_EXT_d2i(ext);

            if (!ext_internal)

                return {};


            hexString = meth->i2s(meth, ext_internal);

            return QVariant(QString::fromUtf8(hexString));

        }

        break;

    case NID_authority_key_identifier:

        {

            AUTHORITY_KEYID *auth_key = reinterpret_cast<AUTHORITY_KEYID *>(q_X509V3_EXT_d2i(ext));

            if (!auth_key)

                return {};

            QVariantMap result;


            // keyid

            if (auth_key->keyid) {

                QByteArray keyid(reinterpret_cast<const char *>(auth_key->keyid->data),

                                 auth_key->keyid->length);

                result["keyid"_L1] = keyid.toHex();

            }


            // issuer

            // TODO: GENERAL_NAMES


            // serial

            if (auth_key->serial)

                result["serial"_L1] = (qlonglong)q_ASN1_INTEGER_get(auth_key->serial);


            q_AUTHORITY_KEYID_free(auth_key);

            return result;

        }

        break;

    }


    return {};

}


} // Unnamed namespace


extern "C" int qt_X509Callback(int ok, X509_STORE_CTX *ctx)

{

    if (!ok) {

        // Store the error and at which depth the error was detected.

        using ErrorListPtr = QList<QSslErrorEntry> *;

        ErrorListPtr errors = nullptr;


        // Error list is attached to either 'SSL' or 'X509_STORE'.

        if (X509_STORE *store = q_X509_STORE_CTX_get0_store(ctx)) // We try store first:

            errors = ErrorListPtr(q_X509_STORE_get_ex_data(store, 0));


        if (!errors) {

            // Not found on store? Try SSL and its external data then. According to the OpenSSL's

            // documentation:

            //

            // "Whenever a X509_STORE_CTX object is created for the verification of the

            // peer's certificate during a handshake, a pointer to the SSL object is

            // stored into the X509_STORE_CTX object to identify the connection affected.

            // To retrieve this pointer the X509_STORE_CTX_get_ex_data() function can be

            // used with the correct index."


            // TLSTODO: verification callback has to change as soon as TlsCryptographer is in place.

            // This is a temporary solution for now to ease the transition.

            const auto offset = QTlsBackendOpenSSL::s_indexForSSLExtraData

                                + TlsCryptographOpenSSL::errorOffsetInExData;

            if (SSL *ssl = static_cast<SSL *>(q_X509_STORE_CTX_get_ex_data(ctx, q_SSL_get_ex_data_X509_STORE_CTX_idx())))

                errors = ErrorListPtr(q_SSL_get_ex_data(ssl, offset));

        }


        if (!errors) {

            qCWarning(lcTlsBackend, "Neither X509_STORE, nor SSL contains error list, verification failed");

            return 0;

        }


        errors->append(X509CertificateOpenSSL::errorEntryFromStoreContext(ctx));

    }

    // Always return OK to allow verification to continue. We handle the

    // errors gracefully after collecting all errors, after verification has

    // completed.

    return 1;

}


X509CertificateOpenSSL::X509CertificateOpenSSL() = default;


X509CertificateOpenSSL::~X509CertificateOpenSSL()

{

    if (x509)

        q_X509_free(x509);

}


bool X509CertificateOpenSSL::isEqual(const X509Certificate &rhs) const

{

    //TLSTODO: to make it safe I'll check the backend type later.

    const auto &other = static_cast<const X509CertificateOpenSSL &>(rhs);

    if (x509 && other.x509) {

        const int ret = q_X509_cmp(x509, other.x509);

        if (ret >= -1 && ret <= 1)

            return ret == 0;

        QTlsBackendOpenSSL::logAndClearErrorQueue();

    }


    return false;

}


bool X509CertificateOpenSSL::isSelfSigned() const

{

    if (!x509)

        return false;


    return q_X509_check_issued(x509, x509) == X509_V_OK;

}


QMultiMap<QSsl::AlternativeNameEntryType, QString>


X509CertificateOpenSSL::subjectAlternativeNames() const

{

    QMultiMap<QSsl::AlternativeNameEntryType, QString> result;


    if (!x509)

        return result;


    auto *altNames = static_cast<STACK_OF(GENERAL_NAME) *>(q_X509_get_ext_d2i(x509, NID_subject_alt_name,

                                                                              nullptr, nullptr));

    if (!altNames)

        return result;


    auto altName = [](ASN1_IA5STRING *ia5, int len) {

        const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_get0_data(ia5));

        return QString::fromLatin1(altNameStr, len);

    };


    for (int i = 0; i < q_sk_GENERAL_NAME_num(altNames); ++i) {

        const GENERAL_NAME *genName = q_sk_GENERAL_NAME_value(altNames, i);

        if (genName->type != GEN_DNS && genName->type != GEN_EMAIL && genName->type != GEN_IPADD)

            continue;


        const int len = q_ASN1_STRING_length(genName->d.ia5);

        if (len < 0 || len >= 8192) {

            // broken name

            continue;

        }


        switch (genName->type) {

        case GEN_DNS:

            result.insert(QSsl::DnsEntry, altName(genName->d.ia5, len));

            break;

        case GEN_EMAIL:

            result.insert(QSsl::EmailEntry, altName(genName->d.ia5, len));

            break;

        case GEN_IPADD: {

            QHostAddress ipAddress;

            switch (len) {

            case 4: // IPv4

                ipAddress = QHostAddress(qFromBigEndian(*reinterpret_cast<quint32 *>(genName->d.iPAddress->data)));

                break;

            case 16: // IPv6

                ipAddress = QHostAddress(reinterpret_cast<quint8 *>(genName->d.iPAddress->data));

                break;

            default: // Unknown IP address format

                break;

            }

            if (!ipAddress.isNull())

                result.insert(QSsl::IpAddressEntry, ipAddress.toString());

            break;

        }

        default:

            break;

        }

    }


    q_OPENSSL_sk_pop_free((OPENSSL_STACK*)altNames, reinterpret_cast<void(*)(void*)>(q_GENERAL_NAME_free));


    return result;

}


TlsKey *X509CertificateOpenSSL::publicKey() const

{

    if (!x509)

        return {};


    return TlsKeyOpenSSL::publicKeyFromX509(x509);

}


QByteArray X509CertificateOpenSSL::toPem() const

{

    if (!x509)

        return {};


    return x509ToQByteArray(x509, QSsl::Pem);

}


QByteArray X509CertificateOpenSSL::toDer() const

{

    if (!x509)

        return {};


    return x509ToQByteArray(x509, QSsl::Der);


}


QString X509CertificateOpenSSL::toText() const

{

    if (!x509)

        return {};


    return x509ToText(x509);

}


Qt::HANDLE X509CertificateOpenSSL::handle() const

{

    return Qt::HANDLE(x509);

}


size_t X509CertificateOpenSSL::hash(size_t seed) const noexcept

{

    if (x509) {

        const EVP_MD *sha1 = q_EVP_sha1();

        unsigned int len = 0;

        unsigned char md[EVP_MAX_MD_SIZE];

        q_X509_digest(x509, sha1, md, &len);

        return qHashBits(md, len, seed);

    }


    return seed;

}


QSslCertificate X509CertificateOpenSSL::certificateFromX509(X509 *x509)

{

    QSslCertificate certificate;


    auto *backend = QTlsBackend::backend<X509CertificateOpenSSL>(certificate);

    if (!backend || !x509)

        return certificate;


    ASN1_TIME *nbef = q_X509_getm_notBefore(x509);

    if (nbef)

        backend->notValidBefore = dateTimeFromASN1(nbef);


    ASN1_TIME *naft = q_X509_getm_notAfter(x509);

    if (naft)

        backend->notValidAfter = dateTimeFromASN1(naft);


    backend->null = false;

    backend->x509 = q_X509_dup(x509);


    backend->issuerInfoEntries = mapFromX509Name(q_X509_get_issuer_name(x509));

    backend->subjectInfoEntries = mapFromX509Name(q_X509_get_subject_name(x509));

    backend->versionString = QByteArray::number(qlonglong(q_X509_get_version(x509)) + 1);


    if (ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(x509)) {

        QByteArray hexString;

        hexString.reserve(serialNumber->length * 3);

        for (int a = 0; a < serialNumber->length; ++a) {

            hexString += QByteArray::number(serialNumber->data[a], 16).rightJustified(2, '0');

            hexString += ':';

        }

        hexString.chop(1);

        backend->serialNumberString = hexString;

    }


    backend->parseExtensions();


    return certificate;

}


QList<QSslCertificate> X509CertificateOpenSSL::stackOfX509ToQSslCertificates(STACK_OF(X509) *x509)

{

    if (!x509)

        return {};


    QList<QSslCertificate> certificates;

    for (int i = 0; i < q_sk_X509_num(x509); ++i) {

        if (X509 *entry = q_sk_X509_value(x509, i))

            certificates << certificateFromX509(entry);

    }


    return certificates;

}


QSslErrorEntry X509CertificateOpenSSL::errorEntryFromStoreContext(X509_STORE_CTX *ctx)

{

    Q_ASSERT(ctx);


    return {q_X509_STORE_CTX_get_error(ctx), q_X509_STORE_CTX_get_error_depth(ctx)};

}


QList<QSslError> X509CertificateOpenSSL::verify(const QList<QSslCertificate> &chain,

                                                const QString &hostName)

{

    // This was previously QSslSocketPrivate::verify().

    auto roots = QSslConfiguration::defaultConfiguration().caCertificates();

#ifndef Q_OS_WIN

    // On Windows, system CA certificates are already set as default ones.

    // No need to add them again (and again) and also, if the default configuration

    // has its own set of CAs, this probably should not be amended by the ones

    // from the 'ROOT' store, since it's not what an application chose to trust.

    if (QSslSocketPrivate::rootCertOnDemandLoadingSupported())

        roots.append(QSslSocketPrivate::systemCaCertificates());

#endif // Q_OS_WIN

    return verify(roots, chain, hostName);

}


QList<QSslError> X509CertificateOpenSSL::verify(const QList<QSslCertificate> &caCertificates,

                                                const QList<QSslCertificate> &certificateChain,

                                                const QString &hostName)

{

    // This was previously QSslSocketPrivate::verify().

    if (certificateChain.size() <= 0)

        return {QSslError(QSslError::UnspecifiedError)};


    QList<QSslError> errors;

    X509_STORE *certStore = q_X509_STORE_new();

    if (!certStore) {

        qCWarning(lcTlsBackend) << "Unable to create certificate store";

        errors << QSslError(QSslError::UnspecifiedError);

        return errors;

    }

    const std::unique_ptr<X509_STORE, decltype(&q_X509_STORE_free)> storeGuard(certStore, q_X509_STORE_free);


    const QDateTime now = QDateTime::currentDateTimeUtc();

    for (const QSslCertificate &caCertificate : caCertificates) {

        // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html:

        //

        // If several CA certificates matching the name, key identifier, and

        // serial number condition are available, only the first one will be

        // examined. This may lead to unexpected results if the same CA

        // certificate is available with different expiration dates. If a

        // ``certificate expired'' verification error occurs, no other

        // certificate will be searched. Make sure to not have expired

        // certificates mixed with valid ones.

        //

        // See also: QSslContext::sharedFromConfiguration()

        if (caCertificate.expiryDate() >= now) {

            q_X509_STORE_add_cert(certStore, reinterpret_cast<X509 *>(caCertificate.handle()));

        }

    }


    QList<QSslErrorEntry> lastErrors;

    if (!q_X509_STORE_set_ex_data(certStore, 0, &lastErrors)) {

        qCWarning(lcTlsBackend) << "Unable to attach external data (error list) to a store";

        errors << QSslError(QSslError::UnspecifiedError);

        return errors;

    }


    // Register a custom callback to get all verification errors.

    q_X509_STORE_set_verify_cb(certStore, qt_X509Callback);


    // Build the chain of intermediate certificates

    STACK_OF(X509) *intermediates = nullptr;

    if (certificateChain.size() > 1) {

        intermediates = (STACK_OF(X509) *) q_OPENSSL_sk_new_null();


        if (!intermediates) {

            errors << QSslError(QSslError::UnspecifiedError);

            return errors;

        }


        bool first = true;

        for (const QSslCertificate &cert : certificateChain) {

            if (first) {

                first = false;

                continue;

            }


            q_OPENSSL_sk_push((OPENSSL_STACK *)intermediates, reinterpret_cast<X509 *>(cert.handle()));

        }

    }


    X509_STORE_CTX *storeContext = q_X509_STORE_CTX_new();

    if (!storeContext) {

        errors << QSslError(QSslError::UnspecifiedError);

        return errors;

    }

    std::unique_ptr<X509_STORE_CTX, decltype(&q_X509_STORE_CTX_free)> ctxGuard(storeContext, q_X509_STORE_CTX_free);


    if (!q_X509_STORE_CTX_init(storeContext, certStore, reinterpret_cast<X509 *>(certificateChain[0].handle()), intermediates)) {

        errors << QSslError(QSslError::UnspecifiedError);

        return errors;

    }


    // Now we can actually perform the verification of the chain we have built.

    // We ignore the result of this function since we process errors via the

    // callback.

    (void) q_X509_verify_cert(storeContext);

    ctxGuard.reset();

    q_OPENSSL_sk_free((OPENSSL_STACK *)intermediates);


    // Now process the errors


    if (certificateChain[0].isBlacklisted())

        errors << QSslError(QSslError::CertificateBlacklisted, certificateChain[0]);


    // Check the certificate name against the hostname if one was specified

    if (!hostName.isEmpty() && !TlsCryptograph::isMatchingHostname(certificateChain[0], hostName)) {

        // No matches in common names or alternate names.

        QSslError error(QSslError::HostNameMismatch, certificateChain[0]);

        errors << error;

    }


    // Translate errors from the error list into QSslErrors.

    errors.reserve(errors.size() + lastErrors.size());

    for (const auto &error : std::as_const(lastErrors))

        errors << openSSLErrorToQSslError(error.code, certificateChain.value(error.depth));


    return errors;

}


QList<QSslCertificate> X509CertificateOpenSSL::certificatesFromPem(const QByteArray &pem, int count)

{

    QList<QSslCertificate> certificates;


    int offset = 0;

    while (count == -1 || certificates.size() < count) {

        int startPos = pem.indexOf(BEGINCERTSTRING, offset);

        if (startPos == -1)

            break;

        startPos += sizeof(BEGINCERTSTRING) - 1;

        if (!matchLineFeed(pem, &startPos))

            break;


        int endPos = pem.indexOf(ENDCERTSTRING, startPos);

        if (endPos == -1)

            break;


        offset = endPos + sizeof(ENDCERTSTRING) - 1;

        if (offset < pem.size() && !matchLineFeed(pem, &offset))

            break;


        QByteArray decoded = QByteArray::fromBase64(

            QByteArray::fromRawData(pem.data() + startPos, endPos - startPos));

        const unsigned char *data = (const unsigned char *)decoded.data();


        if (X509 *x509 = q_d2i_X509(nullptr, &data, decoded.size())) {

            certificates << certificateFromX509(x509);

            q_X509_free(x509);

        }

    }


    return certificates;

}


QList<QSslCertificate> X509CertificateOpenSSL::certificatesFromDer(const QByteArray &der, int count)

{

    QList<QSslCertificate> certificates;


    const unsigned char *data = (const unsigned char *)der.data();

    int size = der.size();


    while (size > 0 && (count == -1 || certificates.size() < count)) {

        if (X509 *x509 = q_d2i_X509(nullptr, &data, size)) {

            certificates << certificateFromX509(x509);

            q_X509_free(x509);

        } else {

            break;

        }

        size -= ((const char *)data - der.data());

    }


    return certificates;

}


bool X509CertificateOpenSSL::importPkcs12(QIODevice *device, QSslKey *key, QSslCertificate *cert,

                                          QList<QSslCertificate> *caCertificates,

                                          const QByteArray &passPhrase)

{

    // These are required

    Q_ASSERT(device);

    Q_ASSERT(key);

    Q_ASSERT(cert);


    // Read the file into a BIO

    QByteArray pkcs12data = device->readAll();

    if (pkcs12data.size() == 0)

        return false;


    BIO *bio = q_BIO_new_mem_buf(const_cast<char *>(pkcs12data.constData()), pkcs12data.size());

    if (!bio) {

        qCWarning(lcTlsBackend, "BIO_new_mem_buf returned null");

        return false;

    }

    const auto bioRaii = qScopeGuard([bio]{q_BIO_free(bio);});


    // Create the PKCS#12 object

    PKCS12 *p12 = q_d2i_PKCS12_bio(bio, nullptr);

    if (!p12) {

        qCWarning(lcTlsBackend, "Unable to read PKCS#12 structure, %s",

                  q_ERR_error_string(q_ERR_get_error(), nullptr));

        return false;

    }

    const auto p12Raii = qScopeGuard([p12]{q_PKCS12_free(p12);});


    // Extract the data

    EVP_PKEY *pkey = nullptr;

    X509 *x509 = nullptr;

    STACK_OF(X509) *ca = nullptr;


    if (!q_PKCS12_parse(p12, passPhrase.constData(), &pkey, &x509, &ca)) {

        qCWarning(lcTlsBackend, "Unable to parse PKCS#12 structure, %s",

                  q_ERR_error_string(q_ERR_get_error(), nullptr));

        return false;

    }


    const auto x509Raii = qScopeGuard([x509]{q_X509_free(x509);});

    const auto keyRaii = qScopeGuard([pkey]{q_EVP_PKEY_free(pkey);});

    const auto caRaii = qScopeGuard([ca] {

        q_OPENSSL_sk_pop_free(reinterpret_cast<OPENSSL_STACK *>(ca),

                              reinterpret_cast<void (*)(void *)>(q_X509_free));

    });


    // Convert to Qt types

    auto *tlsKey = QTlsBackend::backend<TlsKeyOpenSSL>(*key);

    if (!tlsKey || !tlsKey->fromEVP_PKEY(pkey)) {

        qCWarning(lcTlsBackend, "Unable to convert private key");

        return false;

    }


    *cert = certificateFromX509(x509);


    if (caCertificates)

        *caCertificates = stackOfX509ToQSslCertificates(ca);


    return true;

}


QSslError X509CertificateOpenSSL::openSSLErrorToQSslError(int errorCode, const QSslCertificate &cert)

{

    QSslError error;

    switch (errorCode) {

    case X509_V_OK:

        // X509_V_OK is also reported if the peer had no certificate.

        break;

    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:

        error = QSslError(QSslError::UnableToGetIssuerCertificate, cert); break;

    case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:

        error = QSslError(QSslError::UnableToDecryptCertificateSignature, cert); break;

    case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:

        error = QSslError(QSslError::UnableToDecodeIssuerPublicKey, cert); break;

    case X509_V_ERR_CERT_SIGNATURE_FAILURE:

        error = QSslError(QSslError::CertificateSignatureFailed, cert); break;

    case X509_V_ERR_CERT_NOT_YET_VALID:

        error = QSslError(QSslError::CertificateNotYetValid, cert); break;

    case X509_V_ERR_CERT_HAS_EXPIRED:

        error = QSslError(QSslError::CertificateExpired, cert); break;

    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:

        error = QSslError(QSslError::InvalidNotBeforeField, cert); break;

    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:

        error = QSslError(QSslError::InvalidNotAfterField, cert); break;

    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:

        error = QSslError(QSslError::SelfSignedCertificate, cert); break;

    case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:

        error = QSslError(QSslError::SelfSignedCertificateInChain, cert); break;

    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:

        error = QSslError(QSslError::UnableToGetLocalIssuerCertificate, cert); break;

    case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:

        error = QSslError(QSslError::UnableToVerifyFirstCertificate, cert); break;

    case X509_V_ERR_CERT_REVOKED:

        error = QSslError(QSslError::CertificateRevoked, cert); break;

    case X509_V_ERR_INVALID_CA:

        error = QSslError(QSslError::InvalidCaCertificate, cert); break;

    case X509_V_ERR_PATH_LENGTH_EXCEEDED:

        error = QSslError(QSslError::PathLengthExceeded, cert); break;

    case X509_V_ERR_INVALID_PURPOSE:

        error = QSslError(QSslError::InvalidPurpose, cert); break;

    case X509_V_ERR_CERT_UNTRUSTED:

        error = QSslError(QSslError::CertificateUntrusted, cert); break;

    case X509_V_ERR_CERT_REJECTED:

        error = QSslError(QSslError::CertificateRejected, cert); break;

    default:

        error = QSslError(QSslError::UnspecifiedError, cert); break;

    }

    return error;

}


void X509CertificateOpenSSL::parseExtensions()

{

    extensions.clear();


    if (!x509)

        return;


    int count = q_X509_get_ext_count(x509);

    if (count <= 0)

        return;


    extensions.reserve(count);


    for (int i = 0; i < count; i++) {

        X509_EXTENSION *ext = q_X509_get_ext(x509, i);

        if (!ext) {

            qCWarning(lcTlsBackend) << "Invalid (nullptr) extension at index" << i;

            continue;

        }


        extensions << convertExtension(ext);

    }


    // Converting an extension may result in an error(s), clean them up:

    QTlsBackendOpenSSL::clearErrorQueue();

}


X509CertificateBase::X509CertificateExtension X509CertificateOpenSSL::convertExtension(X509_EXTENSION *ext)

{

    Q_ASSERT(ext);


    X509CertificateExtension result;


    ASN1_OBJECT *obj = q_X509_EXTENSION_get_object(ext);

    if (!obj)

        return result;


    result.oid = QString::fromUtf8(asn1ObjectId(obj));

    result.name = QString::fromUtf8(asn1ObjectName(obj));


    result.critical = bool(q_X509_EXTENSION_get_critical(ext));


    // Lets see if we have custom support for this one

    QVariant extensionValue = x509ExtensionToValue(ext);

    if (extensionValue.isValid()) {

        result.value = extensionValue;

        result.supported = true;

        return result;

    }


    extensionValue = x509UnknownExtensionToValue(ext);

    if (extensionValue.isValid())

        result.value = extensionValue;


    result.supported = false;


    return result;

}


} // namespace QTlsPrivate


QT_END_NAMESPACE

device
IOBluetoothDevice * device
Definition btl2capchannel.mm:17

QByteArray
\inmodule QtCore
Definition qbytearray.h:57

QByteArray::data
char * data()
\macro QT_NO_CAST_FROM_BYTEARRAY
Definition qbytearray.h:611

QByteArray::size
qsizetype size() const noexcept
Returns the number of bytes in this byte array.
Definition qbytearray.h:494

QByteArray::reserve
void reserve(qsizetype size)
Attempts to allocate memory for at least size bytes.
Definition qbytearray.h:634

QByteArray::length
qsizetype length() const noexcept
Same as size().
Definition qbytearray.h:499

QByteArray::fromBase64
static QByteArray fromBase64(const QByteArray &base64, Base64Options options=Base64Encoding)
Definition qbytearray.cpp:4643

QByteArray::number
static QByteArray number(int, int base=10)
Returns a byte-array representing the whole number n as text.
Definition qbytearray.cpp:4326

QByteArray::resize
void resize(qsizetype size)
Sets the size of the byte array to size bytes.
Definition qbytearray.cpp:1880

QByteArray::fromRawData
static QByteArray fromRawData(const char *data, qsizetype size)
Constructs a QByteArray that uses the first size bytes of the data array.
Definition qbytearray.h:409

QDateTime
\inmodule QtCore\reentrant
Definition qdatetime.h:283

QDateTime::currentDateTimeUtc
static QDateTime currentDateTimeUtc()
Definition qdatetime.cpp:5320

QDate
\inmodule QtCore \reentrant
Definition qdatetime.h:29

QHostAddress
The QHostAddress class provides an IP address.
Definition qhostaddress.h:38

QIODevice
\inmodule QtCore \reentrant
Definition qiodevice.h:34

QList< QVariant >

QMap< QString, QVariant >

QSslCertificate
The QSslCertificate class provides a convenient API for an X509 certificate.
Definition qsslcertificate.h:35

QSslConfiguration::defaultConfiguration
static QSslConfiguration defaultConfiguration()
Returns the default SSL configuration to be used in new SSL connections.
Definition qsslconfiguration.cpp:1095

QSslError
The QSslError class provides an SSL error.
Definition qsslerror.h:21

QSslError::InvalidNotAfterField
@ InvalidNotAfterField
Definition qsslerror.h:33

QSslError::CertificateRejected
@ CertificateRejected
Definition qsslerror.h:43

QSslError::SelfSignedCertificate
@ SelfSignedCertificate
Definition qsslerror.h:34

QSslError::UnableToVerifyFirstCertificate
@ UnableToVerifyFirstCertificate
Definition qsslerror.h:37

QSslError::CertificateRevoked
@ CertificateRevoked
Definition qsslerror.h:38

QSslError::CertificateNotYetValid
@ CertificateNotYetValid
Definition qsslerror.h:30

QSslError::CertificateBlacklisted
@ CertificateBlacklisted
Definition qsslerror.h:49

QSslError::CertificateExpired
@ CertificateExpired
Definition qsslerror.h:31

QSslError::UnableToDecodeIssuerPublicKey
@ UnableToDecodeIssuerPublicKey
Definition qsslerror.h:28

QSslError::UnableToDecryptCertificateSignature
@ UnableToDecryptCertificateSignature
Definition qsslerror.h:27

QSslError::UnableToGetLocalIssuerCertificate
@ UnableToGetLocalIssuerCertificate
Definition qsslerror.h:36

QSslError::UnableToGetIssuerCertificate
@ UnableToGetIssuerCertificate
Definition qsslerror.h:26

QSslError::UnspecifiedError
@ UnspecifiedError
Definition qsslerror.h:62

QSslError::PathLengthExceeded
@ PathLengthExceeded
Definition qsslerror.h:40

QSslError::SelfSignedCertificateInChain
@ SelfSignedCertificateInChain
Definition qsslerror.h:35

QSslError::HostNameMismatch
@ HostNameMismatch
Definition qsslerror.h:47

QSslError::InvalidNotBeforeField
@ InvalidNotBeforeField
Definition qsslerror.h:32

QSslError::CertificateUntrusted
@ CertificateUntrusted
Definition qsslerror.h:42

QSslError::CertificateSignatureFailed
@ CertificateSignatureFailed
Definition qsslerror.h:29

QSslError::InvalidPurpose
@ InvalidPurpose
Definition qsslerror.h:41

QSslError::InvalidCaCertificate
@ InvalidCaCertificate
Definition qsslerror.h:39

QSslKey
The QSslKey class provides an interface for private and public keys.
Definition qsslkey.h:23

QSslSocketPrivate::rootCertOnDemandLoadingSupported
static bool rootCertOnDemandLoadingSupported()
Definition qsslsocket.cpp:2941

QSslSocketPrivate::systemCaCertificates
static QList< QSslCertificate > systemCaCertificates()
Definition qsslsocket.cpp:3159

QString
\macro QT_RESTRICTED_CAST_FROM_ASCII
Definition qstring.h:129

QString::fromLatin1
static QString fromLatin1(QByteArrayView ba)
This is an overloaded member function, provided for convenience. It differs from the above function o...
Definition qstring.cpp:5871

QString::isEmpty
bool isEmpty() const noexcept
Returns true if the string has no characters; otherwise returns false.
Definition qstring.h:192

QString::fromUtf8
static QString fromUtf8(QByteArrayView utf8)
This is an overloaded member function, provided for convenience. It differs from the above function o...
Definition qstring.cpp:6018

QTimeZone::UTC
@ UTC
Definition qtimezone.h:94

QTime
\inmodule QtCore \reentrant
Definition qdatetime.h:215

QTlsBackendOpenSSL::logAndClearErrorQueue
static void logAndClearErrorQueue()
Definition qtlsbackend_openssl.cpp:82

QTlsBackendOpenSSL::clearErrorQueue
static void clearErrorQueue()
Definition qtlsbackend_openssl.cpp:89

QTlsBackendOpenSSL::s_indexForSSLExtraData
static int s_indexForSSLExtraData
Definition qtlsbackend_openssl_p.h:45

QTlsPrivate::TlsCryptographOpenSSL::errorOffsetInExData
@ errorOffsetInExData
Definition qtls_openssl_p.h:40

QTlsPrivate::TlsKeyOpenSSL::publicKeyFromX509
static TlsKeyOpenSSL * publicKeyFromX509(X509 *x)
Definition qtlskey_openssl.cpp:491

QTlsPrivate::TlsKey
TlsKey is an abstract class, that allows a TLS plugin to provide an underlying implementation for the...
Definition qtlsbackend_p.h:60

QTlsPrivate::X509CertificateBase::extensions
QList< X509CertificateExtension > extensions
Definition qx509_base_p.h:82

QTlsPrivate::X509CertificateBase::serialNumber
QByteArray serialNumber() const override
Definition qx509_base.cpp:60

QTlsPrivate::X509CertificateBase::matchLineFeed
static bool matchLineFeed(const QByteArray &pem, int *offset)
Definition qx509_base.cpp:28

QTlsPrivate::X509CertificateOpenSSL
Definition qx509_openssl_p.h:37

QTlsPrivate::X509CertificateOpenSSL::errorEntryFromStoreContext
static QSslErrorEntry errorEntryFromStoreContext(X509_STORE_CTX *ctx)
Definition qx509_openssl.cpp:592

QTlsPrivate::X509CertificateOpenSSL::certificateFromX509
static QSslCertificate certificateFromX509(X509 *x)
Definition qx509_openssl.cpp:539

QTlsPrivate::X509CertificateOpenSSL::toPem
QByteArray toPem() const override
Definition qx509_openssl.cpp:497

QTlsPrivate::X509CertificateOpenSSL::importPkcs12
static bool importPkcs12(QIODevice *device, QSslKey *key, QSslCertificate *cert, QList< QSslCertificate > *caCertificates, const QByteArray &passPhrase)
Definition qx509_openssl.cpp:774

QTlsPrivate::X509CertificateOpenSSL::certificatesFromDer
static QList< QSslCertificate > certificatesFromDer(const QByteArray &der, int count)
Definition qx509_openssl.cpp:754

QTlsPrivate::X509CertificateOpenSSL::toDer
QByteArray toDer() const override
Definition qx509_openssl.cpp:505

QTlsPrivate::X509CertificateOpenSSL::toText
QString toText() const override
Definition qx509_openssl.cpp:513

QTlsPrivate::X509CertificateOpenSSL::openSSLErrorToQSslError
static QSslError openSSLErrorToQSslError(int errorCode, const QSslCertificate &cert)
Definition qx509_openssl.cpp:837

QTlsPrivate::X509CertificateOpenSSL::certificatesFromPem
static QList< QSslCertificate > certificatesFromPem(const QByteArray &pem, int count)
Definition qx509_openssl.cpp:720

QTlsPrivate::X509CertificateOpenSSL::isSelfSigned
bool isSelfSigned() const override
Definition qx509_openssl.cpp:419

QTlsPrivate::X509CertificateOpenSSL::publicKey
TlsKey * publicKey() const override
Definition qx509_openssl.cpp:489

QTlsPrivate::X509CertificateOpenSSL::hash
size_t hash(size_t seed) const noexcept override
Definition qx509_openssl.cpp:526

QTlsPrivate::X509CertificateOpenSSL::X509CertificateOpenSSL
X509CertificateOpenSSL()

QTlsPrivate::X509CertificateOpenSSL::~X509CertificateOpenSSL
~X509CertificateOpenSSL()
Definition qx509_openssl.cpp:399

QTlsPrivate::X509CertificateOpenSSL::isEqual
bool isEqual(const X509Certificate &rhs) const override
Definition qx509_openssl.cpp:405

QTlsPrivate::X509CertificateOpenSSL::handle
Qt::HANDLE handle() const override
Definition qx509_openssl.cpp:521

QTlsPrivate::X509CertificateOpenSSL::verify
static QList< QSslError > verify(const QList< QSslCertificate > &chain, const QString &hostName)
Definition qx509_openssl.cpp:599

QTlsPrivate::X509CertificateOpenSSL::stackOfX509ToQSslCertificates
static QList< QSslCertificate > stackOfX509ToQSslCertificates(STACK_OF(X509) *x509)
Definition qx509_openssl.cpp:578

QTlsPrivate::X509CertificateOpenSSL::subjectAlternativeNames
QMultiMap< QSsl::AlternativeNameEntryType, QString > subjectAlternativeNames() const override
Definition qx509_openssl.cpp:428

QTlsPrivate::X509Certificate
X509Certificate is an abstract class that allows a TLS backend to provide an implementation of the QS...
Definition qtlsbackend_p.h:98

QVariant
\inmodule QtCore
Definition qvariant.h:65

ctx
EGLContext ctx
Definition dmabufserverbufferintegration.h:20

j
int j
Definition doc_src_containers.cpp:275

i
i
[1]
Definition doc_src_containers.cpp:169

map
QMap< QString, QString > map
[6]
Definition doc_src_containers.cpp:96

QSsl::EncodingFormat
EncodingFormat
Describes supported encoding formats for certificates and keys.
Definition qssl.h:28

QSsl::Pem
@ Pem
Definition qssl.h:29

QSsl::Der
@ Der
Definition qssl.h:30

QSsl::IpAddressEntry
@ IpAddressEntry
Definition qssl.h:46

QSsl::EmailEntry
@ EmailEntry
Definition qssl.h:44

QSsl::DnsEntry
@ DnsEntry
Definition qssl.h:45

QT_BEGIN_NAMESPACE
Combined button and popup list for selecting options.
Definition qstandardpaths_haiku.cpp:21

QT_END_NAMESPACE
Definition qsharedpointer.cpp:1590

QTlsPrivate
Namespace containing onternal types that TLS backends implement.
Definition qocspresponse.h:40

QTlsPrivate::qt_X509Callback
int qt_X509Callback(int ok, X509_STORE_CTX *ctx)
Definition qx509_openssl.cpp:355

Qt::StringLiterals
Definition qbytearray.h:803

Qt::HANDLE
void * HANDLE
Definition qnamespace.h:1545

void
DBusConnection const char DBusError DBusBusType DBusError return DBusConnection DBusHandleMessageFunction void DBusFreeFunction return DBusConnection return DBusConnection return const char DBusError return DBusConnection DBusMessage dbus_uint32_t return DBusConnection dbus_bool_t DBusConnection DBusAddWatchFunction DBusRemoveWatchFunction DBusWatchToggledFunction void DBusFreeFunction return DBusConnection DBusDispatchStatusFunction void DBusFreeFunction DBusTimeout return DBusTimeout return DBusWatch return DBusWatch unsigned int return DBusError const DBusError return const DBusMessage return DBusMessage return DBusMessage return DBusMessage return DBusMessage return DBusMessage return DBusMessageIter int const void return DBusMessageIter DBusMessageIter return DBusMessageIter void DBusMessageIter void int return DBusMessage DBusMessageIter return DBusMessageIter return DBusMessageIter DBusMessageIter const char const char const char const char return DBusMessage return DBusMessage const char return DBusMessage dbus_bool_t return DBusMessage dbus_uint32_t return DBusMessage void
Definition qdbus_symbols_p.h:409

error
DBusConnection const char DBusError * error
Definition qdbus_symbols_p.h:165

QByteArray
typedef QByteArray(EGLAPIENTRYP PFNQGSGETDISPLAYSPROC)()

value
EGLOutputLayerEXT EGLint EGLAttrib value
[5]
Definition qeglstreamconvenience_p.h:46

qFromBigEndian
constexpr T qFromBigEndian(T source)
Definition qendian.h:174

qHashBits
size_t qHashBits(const void *p, size_t size, size_t seed) noexcept
Definition qhash.cpp:1089

qWarning
#define qWarning
Definition qlogging.h:166

qCWarning
#define qCWarning(category,...)
Definition qloggingcategory.h:125

ret
return ret
Definition qmacstyle_mac.mm:1046

key
GLuint64 key
Definition qopengles2ext.h:2268

a
GLboolean GLboolean GLboolean GLboolean a
[7]
Definition qopengles2ext.h:337

size
GLenum GLuint GLintptr GLsizeiptr size
[1]
Definition qopengles2ext.h:660

length
GLenum GLuint GLenum GLsizei length
Definition qopengles2ext.h:151

count
GLenum GLenum GLsizei count
Definition qopengles2ext.h:150

data
GLint GLsizei GLsizei GLenum GLenum GLsizei void * data
Definition qopengles2ext.h:206

buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition qopengles2ext.h:151

offset
GLenum GLuint GLintptr offset
Definition qopengles2ext.h:660

name
GLuint name
Definition qopengles2ext.h:156

first
GLint first
Definition qopengles2ext.h:913

format
GLint GLsizei GLsizei GLenum format
Definition qopengles2ext.h:206

obj
GLhandleARB obj
[2]
Definition qopenglext.h:4164

val
GLuint GLfloat * val
Definition qopenglext.h:1513

entry
GLuint entry
Definition qopenglext.h:11002

array
GLenum array
Definition qopenglext.h:7028

result
GLuint64EXT * result
[6]
Definition qopenglext.h:10932

len
GLenum GLsizei len
Definition qopenglext.h:3292

seed
static Q_CONSTINIT QBasicAtomicInteger< unsigned > seed
Definition qrandom.cpp:196

Q_ASSERT
#define Q_ASSERT(cond)
Definition qrandom.cpp:47

qScopeGuard
QScopeGuard< typename std::decay< F >::type > qScopeGuard(F &&f)
[qScopeGuard]
Definition qscopeguard.h:60

qsslsocket_openssl_symbols_p.h

q_X509_STORE_CTX_new
X509_STORE_CTX * q_X509_STORE_CTX_new()

q_OBJ_obj2nid
int q_OBJ_obj2nid(const ASN1_OBJECT *a)

q_ASN1_STRING_length
int q_ASN1_STRING_length(ASN1_STRING *a)

q_X509_STORE_get_ex_data
void * q_X509_STORE_get_ex_data(X509_STORE *r, int idx)

q_OPENSSL_sk_new_null
OPENSSL_STACK * q_OPENSSL_sk_new_null()

q_SSL_get_ex_data_X509_STORE_CTX_idx
int q_SSL_get_ex_data_X509_STORE_CTX_idx()

q_OBJ_nid2sn
const char * q_OBJ_nid2sn(int a)

q_PKCS12_parse
int q_PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)

q_X509_STORE_CTX_init
int q_X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain)

q_BASIC_CONSTRAINTS_free
void q_BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a)

q_ERR_get_error
unsigned long q_ERR_get_error()

q_X509_digest
int q_X509_digest(const X509 *x509, const EVP_MD *type, unsigned char *md, unsigned int *len)

q_sk_GENERAL_NAME_value
#define q_sk_GENERAL_NAME_value(st, i)
Definition qsslsocket_openssl_symbols_p.h:541

q_ASN1_STRING_get0_data
const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x)

q_OPENSSL_sk_push
void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data)

q_sk_X509_num
#define q_sk_X509_num(st)
Definition qsslsocket_openssl_symbols_p.h:545

q_EVP_sha1
const EVP_MD * q_EVP_sha1()

q_X509_dup
X509 * q_X509_dup(X509 *a)

q_d2i_PKCS12_bio
PKCS12 * q_d2i_PKCS12_bio(BIO *bio, PKCS12 **pkcs12)

q_X509_EXTENSION_get_critical
int q_X509_EXTENSION_get_critical(X509_EXTENSION *a)

q_X509_get_issuer_name
X509_NAME * q_X509_get_issuer_name(X509 *a)

q_BIO_get_mem_data
#define q_BIO_get_mem_data(b, pp)
Definition qsslsocket_openssl_symbols_p.h:537

q_X509_STORE_CTX_get_ex_data
void * q_X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)

q_X509_STORE_set_verify_cb
void q_X509_STORE_set_verify_cb(X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb)

q_X509_cmp
int q_X509_cmp(X509 *a, X509 *b)

q_X509V3_conf_free
void q_X509V3_conf_free(CONF_VALUE *val)

q_X509V3_EXT_d2i
void * q_X509V3_EXT_d2i(X509_EXTENSION *a)

STACK_OF
STACK_OF(X509) *q_X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx)

q_OPENSSL_sk_free
void q_OPENSSL_sk_free(OPENSSL_STACK *a)

q_CRYPTO_free
void q_CRYPTO_free(void *str, const char *file, int line)

q_EVP_PKEY_free
void q_EVP_PKEY_free(EVP_PKEY *a)

q_AUTHORITY_KEYID_free
void q_AUTHORITY_KEYID_free(AUTHORITY_KEYID *a)

q_X509_STORE_free
void q_X509_STORE_free(X509_STORE *store)

q_X509_NAME_ENTRY_get_data
ASN1_STRING * q_X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *a)

q_BIO_new
BIO * q_BIO_new(const BIO_METHOD *a)

q_X509_get_version
long q_X509_get_version(X509 *a)

q_i2d_X509
int q_i2d_X509(X509 *a, unsigned char **b)

q_X509_getm_notAfter
ASN1_TIME * q_X509_getm_notAfter(X509 *a)

q_X509_STORE_new
X509_STORE * q_X509_STORE_new()

q_X509_NAME_ENTRY_get_object
ASN1_OBJECT * q_X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *a)

q_PKCS12_free
void q_PKCS12_free(PKCS12 *pkcs12)

q_OPENSSL_sk_pop_free
void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void(*b)(void *))

q_SSL_get_ex_data
void * q_SSL_get_ex_data(const SSL *ssl, int idx)

q_AUTHORITY_INFO_ACCESS_free
void q_AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS *a)

q_X509_get_serialNumber
ASN1_INTEGER * q_X509_get_serialNumber(X509 *a)

q_ASN1_item_free
void q_ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)

q_ASN1_INTEGER_get
long q_ASN1_INTEGER_get(ASN1_INTEGER *a)

q_X509_check_issued
int q_X509_check_issued(X509 *a, X509 *b)

q_BIO_s_mem
const BIO_METHOD * q_BIO_s_mem()

q_ASN1_STRING_to_UTF8
int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b)

q_BIO_read
int q_BIO_read(BIO *a, void *b, int c)

q_ERR_error_string
char * q_ERR_error_string(unsigned long a, char *b)

q_X509_EXTENSION_get_data
ASN1_OCTET_STRING * q_X509_EXTENSION_get_data(X509_EXTENSION *a)

q_OBJ_obj2txt
int q_OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *obj, int no_name)

q_SKM_sk_num
#define q_SKM_sk_num(st)
Definition qsslsocket_openssl_symbols_p.h:240

q_X509_NAME_get_entry
X509_NAME_ENTRY * q_X509_NAME_get_entry(X509_NAME *a, int b)

q_X509_print
void q_X509_print(BIO *a, X509 *b)

q_X509_free
void q_X509_free(X509 *a)

q_X509_get_subject_name
X509_NAME * q_X509_get_subject_name(X509 *a)

q_X509_STORE_CTX_get_error_depth
int q_X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)

q_X509_get_ext_d2i
void * q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d)

q_X509_STORE_CTX_free
void q_X509_STORE_CTX_free(X509_STORE_CTX *storeCtx)

q_X509V3_EXT_get
const X509V3_EXT_METHOD * q_X509V3_EXT_get(X509_EXTENSION *a)

q_X509_STORE_add_cert
int q_X509_STORE_add_cert(X509_STORE *ctx, X509 *x)

q_BIO_new_mem_buf
BIO * q_BIO_new_mem_buf(void *a, int b)

q_sk_X509_value
#define q_sk_X509_value(st, i)
Definition qsslsocket_openssl_symbols_p.h:546

q_X509_STORE_set_ex_data
int q_X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data)

q_X509_get_ext_count
int q_X509_get_ext_count(X509 *a)

q_GENERAL_NAME_free
void q_GENERAL_NAME_free(GENERAL_NAME *a)

q_X509_verify_cert
int q_X509_verify_cert(X509_STORE_CTX *ctx)

q_X509_STORE_CTX_get0_store
X509_STORE * q_X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)

q_d2i_X509
X509 * q_d2i_X509(X509 **a, const unsigned char **b, long c)

q_X509_get_ext
X509_EXTENSION * q_X509_get_ext(X509 *a, int b)

q_ASN1_TIME_to_tm
int q_ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)

q_X509_NAME_entry_count
int q_X509_NAME_entry_count(X509_NAME *a)

q_SKM_sk_value
#define q_SKM_sk_value(type, st, i)
Definition qsslsocket_openssl_symbols_p.h:241

q_BIO_free
int q_BIO_free(BIO *a)

q_X509_EXTENSION_get_object
ASN1_OBJECT * q_X509_EXTENSION_get_object(X509_EXTENSION *a)

q_OPENSSL_free
#define q_OPENSSL_free(addr)
Definition qsslsocket_openssl_symbols_p.h:669

q_X509_getm_notBefore
ASN1_TIME * q_X509_getm_notBefore(X509 *a)

q_sk_GENERAL_NAME_num
#define q_sk_GENERAL_NAME_num(st)
Definition qsslsocket_openssl_symbols_p.h:540

q_X509_STORE_CTX_get_error
int q_X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)

qtls_openssl_p.h

qtlsbackend_openssl_p.h

qtlskey_openssl_p.h

quint32
unsigned int quint32
Definition qtypes.h:50

quint8
unsigned char quint8
Definition qtypes.h:46

qlonglong
qint64 qlonglong
Definition qtypes.h:63

ENDCERTSTRING
#define ENDCERTSTRING
Definition qx509_openssl.cpp:89

BEGINCERTSTRING
#define BEGINCERTSTRING
Definition qx509_openssl.cpp:88

qx509_openssl_p.h

list
QList< int > list
[14]
Definition src_concurrent_qtconcurrentfilter.cpp:140

now
auto now
Definition src_corelib_kernel_qdeadlinetimer.cpp:29

ok
bool ok
[2]
Definition src_corelib_text_qbytearrayview.cpp:17

other
QSharedPointer< T > other(t)
[5]

cert
QList< QSslCertificate > cert
[0]
Definition src_network_access_qnetworkreply.cpp:7

info
QHostInfo info
[0]
Definition src_network_kernel_qhostinfo.cpp:14

QSslErrorEntry
Definition qopenssl_p.h:73