QSslConfiguration Class Reference

The QSslConfiguration class holds the configuration and state of an SSL connection. More...

#include <qsslconfiguration.h>

Collaboration diagram for QSslConfiguration:

Public Types
enum	NextProtocolNegotiationStatus { NextProtocolNegotiationNone , NextProtocolNegotiationNegotiated , NextProtocolNegotiationUnsupported }
	Describes the status of the Next Protocol Negotiation (NPN) or Application-Layer Protocol Negotiation (ALPN). More...

Public Member Functions
	QSslConfiguration ()
	\variable QSslConfiguration::NextProtocolHttp1_1
	QSslConfiguration (const QSslConfiguration &other)
	Copies the configuration and state of other.
	~QSslConfiguration ()
	Releases any resources held by QSslConfiguration.
QSslConfiguration &	operator= (QSslConfiguration &&other) noexcept
QSslConfiguration &	operator= (const QSslConfiguration &other)
	Copies the configuration and state of other.
void	swap (QSslConfiguration &other) noexcept
bool	operator== (const QSslConfiguration &other) const
	Returns true if this QSslConfiguration object is equal to other.
bool	operator!= (const QSslConfiguration &other) const
	Returns true if this QSslConfiguration differs from other.
bool	isNull () const
	Returns true if this is a null QSslConfiguration object.
QSsl::SslProtocol	protocol () const
	Returns the protocol setting for this SSL configuration.
void	setProtocol (QSsl::SslProtocol protocol)
	Sets the protocol setting for this configuration to be protocol.
QSslSocket::PeerVerifyMode	peerVerifyMode () const
	Returns the verify mode.
void	setPeerVerifyMode (QSslSocket::PeerVerifyMode mode)
	Sets the verify mode to mode.
int	peerVerifyDepth () const
	Returns the maximum number of certificates in the peer's certificate chain to be checked during the SSL handshake phase, or 0 (the default) if no maximum depth has been set, indicating that the whole certificate chain should be checked.
void	setPeerVerifyDepth (int depth)
	Sets the maximum number of certificates in the peer's certificate chain to be checked during the SSL handshake phase, to depth.
QList< QSslCertificate >	localCertificateChain () const
	Returns the certificate chain to be presented to the peer during the SSL handshake process.
void	setLocalCertificateChain (const QList< QSslCertificate > &localChain)
	Sets the certificate chain to be presented to the peer during the SSL handshake to be localChain.
QSslCertificate	localCertificate () const
	Returns the certificate to be presented to the peer during the SSL handshake process.
void	setLocalCertificate (const QSslCertificate &certificate)
	Sets the certificate to be presented to the peer during SSL handshake to be certificate.
QSslCertificate	peerCertificate () const
	Returns the peer's digital certificate (i.e., the immediate certificate of the host you are connected to), or a null certificate, if the peer has not assigned a certificate.
QList< QSslCertificate >	peerCertificateChain () const
	Returns the peer's chain of digital certificates, starting with the peer's immediate certificate and ending with the CA's certificate.
QSslCipher	sessionCipher () const
	Returns the socket's cryptographic \l {QSslCipher} {cipher}, or a null cipher if the connection isn't encrypted.
QSsl::SslProtocol	sessionProtocol () const
	Returns the socket's SSL/TLS protocol or UnknownProtocol if the connection isn't encrypted.
QSslKey	privateKey () const
	Returns the \l {QSslKey} {SSL key} assigned to this connection or a null key if none has been assigned yet.
void	setPrivateKey (const QSslKey &key)
	Sets the connection's private \l {QSslKey} {key} to key.
QList< QSslCipher >	ciphers () const
	Returns this connection's current cryptographic cipher suite.
void	setCiphers (const QList< QSslCipher > &ciphers)
	Sets the cryptographic cipher suite for this socket to ciphers, which must contain a subset of the ciphers in the list returned by supportedCiphers().
void	setCiphers (const QString &ciphers)
QList< QSslCertificate >	caCertificates () const
	Returns this connection's CA certificate database.
void	setCaCertificates (const QList< QSslCertificate > &certificates)
	Sets this socket's CA certificate database to be certificates.
bool	addCaCertificates (const QString &path, QSsl::EncodingFormat format=QSsl::Pem, QSslCertificate::PatternSyntax syntax=QSslCertificate::PatternSyntax::FixedString)
void	addCaCertificate (const QSslCertificate &certificate)
void	addCaCertificates (const QList< QSslCertificate > &certificates)
void	setSslOption (QSsl::SslOption option, bool on)
	Enables or disables an SSL compatibility option.
bool	testSslOption (QSsl::SslOption option) const
QByteArray	sessionTicket () const
void	setSessionTicket (const QByteArray &sessionTicket)
int	sessionTicketLifeTimeHint () const
QSslKey	ephemeralServerKey () const
QList< QSslEllipticCurve >	ellipticCurves () const
void	setEllipticCurves (const QList< QSslEllipticCurve > &curves)
QByteArray	preSharedKeyIdentityHint () const
void	setPreSharedKeyIdentityHint (const QByteArray &hint)
QSslDiffieHellmanParameters	diffieHellmanParameters () const
void	setDiffieHellmanParameters (const QSslDiffieHellmanParameters &dhparams)
QMap< QByteArray, QVariant >	backendConfiguration () const
void	setBackendConfigurationOption (const QByteArray &name, const QVariant &value)
void	setBackendConfiguration (const QMap< QByteArray, QVariant > &backendConfiguration=QMap< QByteArray, QVariant >())
bool	handshakeMustInterruptOnError () const
void	setHandshakeMustInterruptOnError (bool interrupt)
bool	missingCertificateIsFatal () const
void	setMissingCertificateIsFatal (bool cannotRecover)
void	setOcspStaplingEnabled (bool enable)
bool	ocspStaplingEnabled () const
void	setAllowedNextProtocols (const QList< QByteArray > &protocols)
QList< QByteArray >	allowedNextProtocols () const
QByteArray	nextNegotiatedProtocol () const
NextProtocolNegotiationStatus	nextProtocolNegotiationStatus () const

Static Public Member Functions
static QList< QSslCipher >	supportedCiphers ()
static QList< QSslCertificate >	systemCaCertificates ()
static QList< QSslEllipticCurve >	supportedEllipticCurves ()
static QSslConfiguration	defaultConfiguration ()
	Returns the default SSL configuration to be used in new SSL connections.
static void	setDefaultConfiguration (const QSslConfiguration &configuration)
	Sets the default SSL configuration to be used in new SSL connections to be configuration.

Static Public Attributes
static const char	ALPNProtocolHTTP2 [] = "h2"
static const char	NextProtocolHttp1_1 [] = "http/1.1"

Friends
class	QSslSocket
class	QSslConfigurationPrivate
class	QSslContext
class	QTlsBackend

Detailed Description

The QSslConfiguration class holds the configuration and state of an SSL connection.

Since

4.4

\reentrant \inmodule QtNetwork

QSslConfiguration is used by Qt networking classes to relay information about an open SSL connection and to allow the application to control certain features of that connection.

The settings that QSslConfiguration currently supports are:

\list

• The SSL/TLS protocol to be used
• The certificate to be presented to the peer during connection and its associated private key
• The ciphers allowed to be used for encrypting the connection
• The list of Certificate Authorities certificates that are used to validate the peer's certificate \endlist

These settings are applied only during the connection handshake. Setting them after the connection has been established has no effect.

The state that QSslConfiguration supports are: \list

• The certificate the peer presented during handshake, along with the chain leading to a CA certificate
• The cipher used to encrypt this session \endlist

The state can only be obtained once the SSL connection starts, but not necessarily before it's done. Some settings may change during the course of the SSL connection without need to restart it (for instance, the cipher can be changed over time).

State in QSslConfiguration objects cannot be changed.

QSslConfiguration can be used with QSslSocket and the Network Access API.

Note that changing settings in QSslConfiguration is not enough to change the settings in the related SSL connection. You must call setSslConfiguration on a modified QSslConfiguration object to achieve that. The following example illustrates how to change the protocol to TLSv1_2 in a QSslSocket object:

QSslConfiguration config = sslSocket.sslConfiguration();
config.setProtocol(QSsl::TlsV1_2);
sslSocket.setSslConfiguration(config);

See also

QSsl::SslProtocol, QSslCertificate, QSslCipher, QSslKey, QSslSocket, QNetworkAccessManager, QSslSocket::sslConfiguration(), QSslSocket::setSslConfiguration()

Definition at line 40 of file qsslconfiguration.h.

Member Enumeration Documentation

NextProtocolNegotiationStatus

enum QSslConfiguration::NextProtocolNegotiationStatus

Describes the status of the Next Protocol Negotiation (NPN) or Application-Layer Protocol Negotiation (ALPN).

\value NextProtocolNegotiationNone No application protocol has been negotiated (yet).

\value NextProtocolNegotiationNegotiated A next protocol has been negotiated (see nextNegotiatedProtocol()).

\value NextProtocolNegotiationUnsupported The client and server could not agree on a common next application protocol.

Enumerator
NextProtocolNegotiationNone
NextProtocolNegotiationNegotiated
NextProtocolNegotiationUnsupported

Definition at line 145 of file qsslconfiguration.h.

Constructor & Destructor Documentation

QSslConfiguration() [1/2]

QSslConfiguration::QSslConfiguration

(

)

\variable QSslConfiguration::NextProtocolHttp1_1

The value used for negotiating HTTP 1.1 during the Next Protocol Negotiation.

\variable QSslConfiguration::ALPNProtocolHTTP2

The value used for negotiating HTTP 2 during the Application-Layer Protocol Negotiation.

Constructs an empty SSL configuration. This configuration contains no valid settings and the state will be empty. isNull() will return true after this constructor is called.

Once any setter methods are called, isNull() will return false.

Definition at line 120 of file qsslconfiguration.cpp.

QSslConfiguration() [2/2]

QSslConfiguration::QSslConfiguration

(

const QSslConfiguration &

other

)

Copies the configuration and state of other.

If other is null, this object will be null too.

Definition at line 129 of file qsslconfiguration.cpp.

~QSslConfiguration()

QSslConfiguration::~QSslConfiguration

(

)

Releases any resources held by QSslConfiguration.

Definition at line 137 of file qsslconfiguration.cpp.

Member Function Documentation

addCaCertificate()

void QSslConfiguration::addCaCertificate

(

const QSslCertificate &

certificate

)

Since

5.15

Adds certificate to this configuration's CA certificate database. The certificate database must be set prior to the SSL handshake. The CA certificate database is used by the socket during the handshake phase to validate the peer's certificate.

Note

The default configuration uses the system CA certificate database. If that is not available (as is commonly the case on iOS), the default database is empty.

See also

caCertificates(), setCaCertificates(), addCaCertificates()

Definition at line 697 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::allowRootCertOnDemandLoading, and QSslConfigurationPrivate::caCertificates.

addCaCertificates() [1/2]

void QSslConfiguration::addCaCertificates

(

const QList< QSslCertificate > &

certificates

)

Since

5.15

Adds certificates to this configuration's CA certificate database. The certificate database must be set prior to the SSL handshake. The CA certificate database is used by the socket during the handshake phase to validate the peer's certificate.

Note

The default configuration uses the system CA certificate database. If that is not available (as is commonly the case on iOS), the default database is empty.

See also

caCertificates(), setCaCertificates(), addCaCertificate()

Definition at line 717 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::allowRootCertOnDemandLoading, and QSslConfigurationPrivate::caCertificates.

addCaCertificates() [2/2]

bool QSslConfiguration::addCaCertificates	(	const QString &	path,
		QSsl::EncodingFormat	format = QSsl::Pem,
		QSslCertificate::PatternSyntax	syntax = QSslCertificate::PatternSyntax::FixedString )

Since

5.15

Searches all files in the path for certificates encoded in the specified format and adds them to this socket's CA certificate database. path must be a file or a pattern matching one or more files, as specified by syntax. Returns true if one or more certificates are added to the socket's CA certificate database; otherwise returns false.

The CA certificate database is used by the socket during the handshake phase to validate the peer's certificate.

For more precise control, use addCaCertificate().

See also

addCaCertificate(), QSslCertificate::fromPath()

Definition at line 672 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::caCertificates, certs, and QSslCertificate::fromPath().

Here is the call graph for this function:

allowedNextProtocols()

QList< QByteArray > QSslConfiguration::allowedNextProtocols

(

)

const

Since

5.3

This function returns the allowed protocols to be negotiated with the server through the Next Protocol Negotiation (NPN) or Application-Layer Protocol Negotiation (ALPN) TLS extension, as set by setAllowedNextProtocols().

See also

nextNegotiatedProtocol(), nextProtocolNegotiationStatus(), setAllowedNextProtocols(), QSslConfiguration::NextProtocolHttp1_1

Definition at line 1058 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::nextAllowedProtocols.

Referenced by QHttpNetworkConnectionChannel::_q_encrypted(), QNetworkAccessManager::connectToHostEncrypted(), and QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

backendConfiguration()

QMap< QByteArray, QVariant > QSslConfiguration::backendConfiguration

(

)

const

Since

5.11

Returns the backend-specific configuration.

Only options set by setBackendConfigurationOption() or setBackendConfiguration() will be returned. The internal standard configuration of the backend is not reported.

See also

setBackendConfigurationOption(), setBackendConfiguration()

Definition at line 967 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::backendConfig.

Referenced by setBackendConfiguration(), and QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

caCertificates()

QList< QSslCertificate > QSslConfiguration::caCertificates

(

)

const

Returns this connection's CA certificate database.

The CA certificate database is used by the socket during the handshake phase to validate the peer's certificate. It can be modified prior to the handshake with setCaCertificates(), or with addCaCertificate() and addCaCertificates().

See also

setCaCertificates(), addCaCertificate(), addCaCertificates()

Definition at line 632 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::caCertificates.

Referenced by QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

ciphers()

QList< QSslCipher > QSslConfiguration::ciphers

(

)

const

Returns this connection's current cryptographic cipher suite.

This list is used during the handshake phase for choosing a session cipher. The returned list of ciphers is ordered by descending preference. (i.e., the first cipher in the list is the most preferred cipher). The session cipher will be the first one in the list that is also supported by the peer.

By default, the handshake phase can choose any of the ciphers supported by this system's SSL libraries, which may vary from system to system. The list of ciphers supported by this system's SSL libraries is returned by supportedCiphers(). You can restrict the list of ciphers used for choosing the session cipher for this socket by calling setCiphers() with a subset of the supported ciphers. You can revert to using the entire set by calling setCiphers() with the list returned by supportedCiphers().

See also

setCiphers(), supportedCiphers()

Definition at line 561 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::ciphers.

Referenced by setCiphers(), setCiphers(), QQmlSslConfiguration::setCiphersList(), and QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

defaultConfiguration()

QSslConfiguration QSslConfiguration::defaultConfiguration ( )

static

Returns the default SSL configuration to be used in new SSL connections.

The default SSL configuration consists of:

\list

• no local certificate and no private key
• protocol \l{QSsl::SecureProtocols}{SecureProtocols}
• the system's default CA certificate list
• the cipher list equal to the list of the SSL libraries' supported SSL ciphers that are 128 bits or more \endlist

See also

supportedCiphers(), setDefaultConfiguration()

Definition at line 1095 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::defaultConfiguration().

Referenced by QQmlSslDefaultConfiguration::QQmlSslDefaultConfiguration(), QQmlSslDefaultDtlsConfiguration::QQmlSslDefaultDtlsConfiguration(), QNetworkAccessManager::connectToHostEncrypted(), QNetworkRequest::sslConfiguration(), and QTlsPrivate::X509CertificateOpenSSL::verify().

Here is the call graph for this function:

Here is the caller graph for this function:

diffieHellmanParameters()

QSslDiffieHellmanParameters QSslConfiguration::diffieHellmanParameters

(

)

const

Since

5.8

Retrieves the current set of Diffie-Hellman parameters.

If no Diffie-Hellman parameters have been set, the QSslConfiguration object defaults to using the 2048-bit MODP group from RFC 3526.

Note

The default parameters may change in future Qt versions. Please check the documentation of the {exact Qt version} that you are using in order to know what defaults that version uses.

Definition at line 931 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::dhParams.

Referenced by QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

ellipticCurves()

QList< QSslEllipticCurve > QSslConfiguration::ellipticCurves

(

)

const

Since

5.5

Returns this connection's current list of elliptic curves. This list is used during the handshake phase for choosing an elliptic curve (when using an elliptic curve cipher). The returned list of curves is ordered by descending preference (i.e., the first curve in the list is the most preferred one).

By default, the handshake phase can choose any of the curves supported by this system's SSL libraries, which may vary from system to system. The list of curves supported by this system's SSL libraries is returned by QSslSocket::supportedEllipticCurves().

You can restrict the list of curves used for choosing the session cipher for this socket by calling setEllipticCurves() with a subset of the supported ciphers. You can revert to using the entire set by calling setEllipticCurves() with the list returned by QSslSocket::supportedEllipticCurves().

See also

setEllipticCurves

Definition at line 857 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::ellipticCurves.

Referenced by QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

ephemeralServerKey()

QSslKey QSslConfiguration::ephemeralServerKey

(

)

const

Since

5.7

Returns the ephemeral server key used for cipher algorithms with forward secrecy, e.g. DHE-RSA-AES128-SHA.

The ephemeral key is only available when running in client mode, i.e. QSslSocket::SslClientMode. When running in server mode or using a cipher algorithm without forward secrecy a null key is returned. The ephemeral server key will be set before emitting the encrypted() signal.

Definition at line 830 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::ephemeralServerKey.

handshakeMustInterruptOnError()

bool QSslConfiguration::handshakeMustInterruptOnError

(

)

const

Since

6.0

Returns true if a verification callback will emit QSslSocket::handshakeInterruptedOnError() early, before concluding the handshake.

Note

This function always returns false for all backends but OpenSSL.

See also

setHandshakeMustInterruptOnError(), QSslSocket::handshakeInterruptedOnError(), QSslSocket::continueInterruptedHandshake()

Definition at line 1212 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::reportFromCallback.

Referenced by QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

isNull()

bool QSslConfiguration::isNull

(

)

const

Returns true if this is a null QSslConfiguration object.

A QSslConfiguration object is null if it has been default-constructed and no setter methods have been called.

See also

setProtocol(), setLocalCertificate(), setPrivateKey(), setCiphers(), setCaCertificates()

Definition at line 221 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::allowRootCertOnDemandLoading, QSslSocket::AutoVerifyPeer, QSslConfigurationPrivate::backendConfig, QSslConfigurationPrivate::caCertificates, QSslConfigurationPrivate::ciphers, QSslDiffieHellmanParameters::defaultParameters(), QSslConfigurationPrivate::defaultSslOptions, QSslConfigurationPrivate::dhParams, QSslConfigurationPrivate::ellipticCurves, QSslConfigurationPrivate::ephemeralServerKey, QMap< Key, T >::isEmpty(), QList< T >::isEmpty(), QSslCertificate::isNull(), QSslKey::isNull(), QByteArray::isNull(), QSslConfigurationPrivate::localCertificateChain, QSslConfigurationPrivate::missingCertIsFatal, QSslConfigurationPrivate::nextAllowedProtocols, QSslConfigurationPrivate::nextNegotiatedProtocol, NextProtocolNegotiationNone, QSslConfigurationPrivate::nextProtocolNegotiationStatus, QSslConfigurationPrivate::ocspStaplingEnabled, QSslConfigurationPrivate::peerCertificate, QSslConfigurationPrivate::peerCertificateChain, QSslConfigurationPrivate::peerVerifyDepth, QSslConfigurationPrivate::peerVerifyMode, QSslConfigurationPrivate::preSharedKeyIdentityHint, QSslConfigurationPrivate::privateKey, QSslConfigurationPrivate::protocol, QSslConfigurationPrivate::reportFromCallback, QSsl::SecureProtocols, QList< T >::size(), QSslConfigurationPrivate::sslOptions, QSslConfigurationPrivate::sslSession, and QSslConfigurationPrivate::sslSessionTicketLifeTimeHint.

Referenced by QHttpNetworkConnectionChannel::init().

Here is the call graph for this function:

Here is the caller graph for this function:

localCertificate()

QSslCertificate QSslConfiguration::localCertificate

(

)

const

Returns the certificate to be presented to the peer during the SSL handshake process.

See also

setLocalCertificate()

Definition at line 388 of file qsslconfiguration.cpp.

References QList< T >::isEmpty(), and QSslConfigurationPrivate::localCertificateChain.

Here is the call graph for this function:

localCertificateChain()

QList< QSslCertificate > QSslConfiguration::localCertificateChain

(

)

const

Returns the certificate chain to be presented to the peer during the SSL handshake process.

See also

localCertificate()

Since

5.1

Definition at line 350 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::localCertificateChain.

Referenced by QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

missingCertificateIsFatal()

bool QSslConfiguration::missingCertificateIsFatal

(

)

const

Since

6.0

Returns true if errors with code QSslError::NoPeerCertificate cannot be ignored.

Note

Always returns false for all TLS backends but OpenSSL.

See also

QSslSocket::ignoreSslErrors(), setMissingCertificateIsFatal()

Definition at line 1259 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::missingCertIsFatal.

Referenced by QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

nextNegotiatedProtocol()

QByteArray QSslConfiguration::nextNegotiatedProtocol

(

)

const

Since

5.3

This function returns the protocol negotiated with the server if the Next Protocol Negotiation (NPN) or Application-Layer Protocol Negotiation (ALPN) TLS extension was enabled. In order for the NPN/ALPN extension to be enabled, setAllowedNextProtocols() needs to be called explicitly before connecting to the server.

If no protocol could be negotiated or the extension was not enabled, this function returns a QByteArray which is null.

See also

setAllowedNextProtocols(), nextProtocolNegotiationStatus()

Definition at line 1025 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::nextNegotiatedProtocol.

Referenced by QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

nextProtocolNegotiationStatus()

QSslConfiguration::NextProtocolNegotiationStatus QSslConfiguration::nextProtocolNegotiationStatus

(

)

const

Since

5.3

This function returns the status of the Next Protocol Negotiation (NPN) or Application-Layer Protocol Negotiation (ALPN). If the feature has not been enabled through setAllowedNextProtocols(), this function returns NextProtocolNegotiationNone. The status will be set before emitting the encrypted() signal.

See also

setAllowedNextProtocols(), allowedNextProtocols(), nextNegotiatedProtocol(), QSslConfiguration::NextProtocolNegotiationStatus

Definition at line 1074 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::nextProtocolNegotiationStatus.

Referenced by QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

ocspStaplingEnabled()

bool QSslConfiguration::ocspStaplingEnabled

(

)

const

Since

5.13 Returns true if OCSP stapling was enabled by setOCSPStaplingEnabled(), otherwise false (which is the default value).

See also

setOcspStaplingEnabled()

Definition at line 1197 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::ocspStaplingEnabled.

Referenced by QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

operator!=()

QSslConfiguration::operator!= ( const QSslConfiguration & other ) const

inline

Returns true if this QSslConfiguration differs from other.

Two QSslConfiguration objects are considered different if any state or setting is different.

See also

operator==()

Definition at line 53 of file qsslconfiguration.h.

References other().

Here is the call graph for this function:

operator=() [1/2]

QSslConfiguration & QSslConfiguration::operator=

(

const QSslConfiguration &

other

)

Copies the configuration and state of other.

If other is null, this object will be null too.

Definition at line 146 of file qsslconfiguration.cpp.

References other().

Here is the call graph for this function:

operator=() [2/2]

QSslConfiguration & QSslConfiguration::operator= ( QSslConfiguration && other )

inlinenoexcept

Definition at line 46 of file qsslconfiguration.h.

References other(), and swap().

Here is the call graph for this function:

operator==()

bool QSslConfiguration::operator==

(

const QSslConfiguration &

other

)

const

Returns true if this QSslConfiguration object is equal to other.

Two QSslConfiguration objects are considered equal if they have the exact same settings and state.

See also

operator!=()

Definition at line 169 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::allowRootCertOnDemandLoading, QSslConfigurationPrivate::backendConfig, QSslConfigurationPrivate::caCertificates, QSslConfigurationPrivate::ciphers, QSslConfigurationPrivate::dhParams, QSslConfigurationPrivate::dtlsCookieEnabled, QSslConfigurationPrivate::ellipticCurves, QSslConfigurationPrivate::ephemeralServerKey, QSslConfigurationPrivate::localCertificateChain, QSslConfigurationPrivate::missingCertIsFatal, QSslConfigurationPrivate::nextAllowedProtocols, QSslConfigurationPrivate::nextNegotiatedProtocol, QSslConfigurationPrivate::nextProtocolNegotiationStatus, QSslConfigurationPrivate::ocspStaplingEnabled, other(), QSslConfigurationPrivate::peerCertificate, QSslConfigurationPrivate::peerCertificateChain, QSslConfigurationPrivate::peerVerifyDepth, QSslConfigurationPrivate::peerVerifyMode, QSslConfigurationPrivate::preSharedKeyIdentityHint, QSslConfigurationPrivate::privateKey, QSslConfigurationPrivate::protocol, QSslConfigurationPrivate::reportFromCallback, QSslConfigurationPrivate::sessionCipher, QSslConfigurationPrivate::sessionProtocol, QSslConfigurationPrivate::sslOptions, QSslConfigurationPrivate::sslSession, and QSslConfigurationPrivate::sslSessionTicketLifeTimeHint.

Here is the call graph for this function:

peerCertificate()

QSslCertificate QSslConfiguration::peerCertificate

(

)

const

Returns the peer's digital certificate (i.e., the immediate certificate of the host you are connected to), or a null certificate, if the peer has not assigned a certificate.

The peer certificate is checked automatically during the handshake phase, so this function is normally used to fetch the certificate for display or for connection diagnostic purposes. It contains information about the peer, including its host name, the certificate issuer, and the peer's public key.

Because the peer certificate is set during the handshake phase, it is safe to access the peer certificate from a slot connected to the QSslSocket::sslErrors() signal, QNetworkReply::sslErrors() signal, or the QSslSocket::encrypted() signal.

If a null certificate is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn't have a certificate, or it can mean there is no connection.

If you want to check the peer's complete chain of certificates, use peerCertificateChain() to get them all at once.

See also

peerCertificateChain(), QSslSocket::sslErrors(), QSslSocket::ignoreSslErrors(), QNetworkReply::sslErrors(), QNetworkReply::ignoreSslErrors()

Definition at line 445 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::peerCertificate.

peerCertificateChain()

QList< QSslCertificate > QSslConfiguration::peerCertificateChain

(

)

const

Returns the peer's chain of digital certificates, starting with the peer's immediate certificate and ending with the CA's certificate.

Peer certificates are checked automatically during the handshake phase. This function is normally used to fetch certificates for display, or for performing connection diagnostics. Certificates contain information about the peer and the certificate issuers, including host name, issuer names, and issuer public keys.

Because the peer certificate is set during the handshake phase, it is safe to access the peer certificate from a slot connected to the QSslSocket::sslErrors() signal, QNetworkReply::sslErrors() signal, or the QSslSocket::encrypted() signal.

If an empty list is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn't have a certificate, or it can mean there is no connection.

If you want to get only the peer's immediate certificate, use peerCertificate().

See also

peerCertificate(), QSslSocket::sslErrors(), QSslSocket::ignoreSslErrors(), QNetworkReply::sslErrors(), QNetworkReply::ignoreSslErrors()

Definition at line 477 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::peerCertificateChain.

peerVerifyDepth()

int QSslConfiguration::peerVerifyDepth

(

)

const

Returns the maximum number of certificates in the peer's certificate chain to be checked during the SSL handshake phase, or 0 (the default) if no maximum depth has been set, indicating that the whole certificate chain should be checked.

The certificates are checked in issuing order, starting with the peer's own certificate, then its issuer's certificate, and so on.

See also

setPeerVerifyDepth(), peerVerifyMode()

Definition at line 317 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::peerVerifyDepth.

Referenced by QQmlSslConfiguration::peerVerifyDepth(), QQmlSslConfiguration::setPeerVerifyDepth(), and QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

peerVerifyMode()

QSslSocket::PeerVerifyMode QSslConfiguration::peerVerifyMode

(

)

const

Returns the verify mode.

This mode decides whether QSslSocket should request a certificate from the peer (i.e., the client requests a certificate from the server, or a server requesting a certificate from the client), and whether it should require that this certificate is valid.

The default mode is AutoVerifyPeer, which tells QSslSocket to use VerifyPeer for clients, QueryPeer for servers.

See also

setPeerVerifyMode()

Definition at line 284 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::peerVerifyMode.

Referenced by QDtlsPrivateOpenSSL::continueHandshake(), QQmlSslConfiguration::peerVerifyMode(), QQmlSslConfiguration::setPeerVerifyMode(), and QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

preSharedKeyIdentityHint()

QByteArray QSslConfiguration::preSharedKeyIdentityHint

(

)

const

Since

5.8

Returns the identity hint.

See also

setPreSharedKeyIdentityHint()

Definition at line 900 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::preSharedKeyIdentityHint.

Referenced by QDtlsPrivateOpenSSL::pskServerCallback(), and QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

privateKey()

QSslKey QSslConfiguration::privateKey

(

)

const

Returns the \l {QSslKey} {SSL key} assigned to this connection or a null key if none has been assigned yet.

See also

setPrivateKey(), localCertificate()

Definition at line 519 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::privateKey.

Referenced by QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

protocol()

QSsl::SslProtocol QSslConfiguration::protocol

(

)

const

Returns the protocol setting for this SSL configuration.

See also

setProtocol()

Definition at line 254 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::protocol.

Referenced by QQmlSslConfiguration::protocol(), setProtocol(), QQmlSslConfiguration::setProtocol(), and QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

sessionCipher()

QSslCipher QSslConfiguration::sessionCipher

(

)

const

Returns the socket's cryptographic \l {QSslCipher} {cipher}, or a null cipher if the connection isn't encrypted.

The socket's cipher for the session is set during the handshake phase. The cipher is used to encrypt and decrypt data transmitted through the socket.

The SSL infrastructure also provides functions for setting the ordered list of ciphers from which the handshake phase will eventually select the session cipher. This ordered list must be in place before the handshake phase begins.

See also

ciphers(), setCiphers(), supportedCiphers()

Definition at line 495 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::sessionCipher.

sessionProtocol()

QSsl::SslProtocol QSslConfiguration::sessionProtocol

(

)

const

Returns the socket's SSL/TLS protocol or UnknownProtocol if the connection isn't encrypted.

The socket's protocol for the session is set during the handshake phase.

See also

protocol(), setProtocol()

Since

5.4

Definition at line 508 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::sessionProtocol.

sessionTicket()

QByteArray QSslConfiguration::sessionTicket

(

)

const

Since

5.2

If QSsl::SslOptionDisableSessionPersistence was turned off, this function returns the session ticket used in the SSL handshake in ASN.1 format, suitable to e.g. be persisted to disk. If no session ticket was used or QSsl::SslOptionDisableSessionPersistence was not turned off, this function returns an empty QByteArray.

Note

When persisting the session ticket to disk or similar, be careful not to expose the session to a potential attacker, as knowledge of the session allows for eavesdropping on data encrypted with the session parameters.

See also

setSessionTicket(), QSsl::SslOptionDisableSessionPersistence, setSslOption(), QSslSocket::newSessionTicketReceived()

Definition at line 780 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::sslSession.

Referenced by QQmlSslConfiguration::sessionTicket(), setSessionTicket(), QQmlSslConfiguration::setSessionTicket(), and QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

sessionTicketLifeTimeHint()

int QSslConfiguration::sessionTicketLifeTimeHint

(

)

const

Since

5.2

If QSsl::SslOptionDisableSessionPersistence was turned off, this function returns the session ticket life time hint sent by the server (which might be 0). If the server did not send a session ticket (e.g. when resuming a session or when the server does not support it) or QSsl::SslOptionDisableSessionPersistence was not turned off, this function returns -1.

See also

sessionTicket(), QSsl::SslOptionDisableSessionPersistence, setSslOption(), QSslSocket::newSessionTicketReceived()

Definition at line 813 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::sslSessionTicketLifeTimeHint.

Referenced by QSslSocket::setSslConfiguration().

Here is the caller graph for this function:

setAllowedNextProtocols()

void QSslConfiguration::setAllowedNextProtocols

(

const QList< QByteArray > &

protocols

)

Since

5.3

This function sets the allowed protocols to be negotiated with the server through the Next Protocol Negotiation (NPN) or Application-Layer Protocol Negotiation (ALPN) TLS extension; each element in protocols must define one allowed protocol. The function must be called explicitly before connecting to send the NPN/ALPN extension in the SSL handshake. Whether or not the negotiation succeeded can be queried through nextProtocolNegotiationStatus().

See also

nextNegotiatedProtocol(), nextProtocolNegotiationStatus(), allowedNextProtocols(), QSslConfiguration::NextProtocolHttp1_1

Definition at line 1044 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::nextAllowedProtocols.

Referenced by QHttpThreadDelegate::startRequest().

Here is the caller graph for this function:

setBackendConfiguration()

void QSslConfiguration::setBackendConfiguration

(

const QMap< QByteArray, QVariant > &

backendConfiguration = QMap<QByteArray, QVariant>()

)

Since

5.11

Sets or clears the backend-specific configuration.

Without a backendConfiguration parameter this function will clear the backend-specific configuration. More information about the supported options is available in the documentation of setBackendConfigurationOption().

See also

backendConfiguration(), setBackendConfigurationOption()

Definition at line 1006 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::backendConfig, and backendConfiguration().

Here is the call graph for this function:

setBackendConfigurationOption()

void QSslConfiguration::setBackendConfigurationOption	(	const QByteArray &	name,
		const QVariant &	value )

Since

5.11

Sets the option name in the backend-specific configuration to value.

Options supported by the OpenSSL (>= 1.0.2) backend are available in the \l {https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html#SUPPORTED-CONFIGURATION-FILE-COMMANDS} {supported configuration file commands} documentation. The expected type for the value parameter is a QByteArray for all options. The \l {https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html#EXAMPLES}{examples} show how to use some of the options.

Note

The backend-specific configuration will be applied after the general configuration. Using the backend-specific configuration to set a general configuration option again will overwrite the general configuration option.

See also

backendConfiguration(), setBackendConfiguration()

Definition at line 990 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::backendConfig.

setCaCertificates()

void QSslConfiguration::setCaCertificates

(

const QList< QSslCertificate > &

certificates

)

Sets this socket's CA certificate database to be certificates.

The certificate database must be set prior to the SSL handshake. The CA certificate database is used by the socket during the handshake phase to validate the peer's certificate.

Note

The default configuration uses the system CA certificate database. If that is not available (as is commonly the case on iOS), the default database is empty.

See also

caCertificates(), addCaCertificates(), addCaCertificate()

Definition at line 649 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::allowRootCertOnDemandLoading, and QSslConfigurationPrivate::caCertificates.

Referenced by QQmlSslConfiguration::setCertificateFiles().

Here is the caller graph for this function:

setCiphers() [1/2]

void QSslConfiguration::setCiphers

(

const QList< QSslCipher > &

ciphers

)

Sets the cryptographic cipher suite for this socket to ciphers, which must contain a subset of the ciphers in the list returned by supportedCiphers().

Restricting the cipher suite must be done before the handshake phase, where the session cipher is chosen.

See also

ciphers(), supportedCiphers()

Definition at line 576 of file qsslconfiguration.cpp.

References ciphers(), and QSslConfigurationPrivate::ciphers.

Referenced by QQmlSslConfiguration::setCiphers().

Here is the call graph for this function:

Here is the caller graph for this function:

setCiphers() [2/2]

void QSslConfiguration::setCiphers

(

const QString &

ciphers

)

Since

6.0

Sets the cryptographic cipher suite for this configuration to ciphers, which is a colon-separated list of cipher suite names. The ciphers are listed in order of preference, starting with the most preferred cipher. Each cipher name in ciphers must be the name of a cipher in the list returned by supportedCiphers(). Restricting the cipher suite must be done before the handshake phase, where the session cipher is chosen.

Note

With the Schannel backend the order of the ciphers is ignored and Schannel picks the most secure one during the handshake.

See also

ciphers()

Definition at line 597 of file qsslconfiguration.cpp.

References ciphers(), QSslConfigurationPrivate::ciphers, QList< T >::clear(), QSharedDataPointer< T >::data(), and Qt::SkipEmptyParts.

Here is the call graph for this function:

setDefaultConfiguration()

void QSslConfiguration::setDefaultConfiguration ( const QSslConfiguration & configuration )

static

Sets the default SSL configuration to be used in new SSL connections to be configuration.

Existing connections are not affected by this call.

See also

supportedCiphers(), defaultConfiguration()

Definition at line 1107 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::setDefaultConfiguration().

Here is the call graph for this function:

setDiffieHellmanParameters()

void QSslConfiguration::setDiffieHellmanParameters

(

const QSslDiffieHellmanParameters &

dhparams

)

Since

5.8

Sets a custom set of Diffie-Hellman parameters to be used by this socket when functioning as a server to dhparams.

If no Diffie-Hellman parameters have been set, the QSslConfiguration object defaults to using the 2048-bit MODP group from RFC 3526.

Since 6.7 you can provide an empty Diffie-Hellman parameter to use auto selection (see SSL_CTX_set_dh_auto of openssl) if the tls backend supports it.

Note

The default parameters may change in future Qt versions. Please check the documentation of the {exact Qt version} that you are using in order to know what defaults that version uses.

Definition at line 952 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::dhParams.

setEllipticCurves()

void QSslConfiguration::setEllipticCurves

(

const QList< QSslEllipticCurve > &

curves

)

Since

5.5

Sets the list of elliptic curves to be used by this socket to curves, which must contain a subset of the curves in the list returned by supportedEllipticCurves().

Restricting the elliptic curves must be done before the handshake phase, where the session cipher is chosen.

See also

ellipticCurves

Definition at line 874 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::ellipticCurves.

setHandshakeMustInterruptOnError()

void QSslConfiguration::setHandshakeMustInterruptOnError

(

bool

interrupt

)

Since

6.0

If interrupt is true and the underlying backend supports this option, errors found during certificate verification are reported immediately by emitting QSslSocket::handshakeInterruptedOnError(). This allows to stop the unfinished handshake and send a proper alert message to a peer. No special action is required from the application in this case. QSslSocket will close the connection after sending the alert message. If the application after inspecting the error wants to continue the handshake, it must call QSslSocket::continueInterruptedHandshake() from its slot function. The signal-slot connection must be direct.

Note

When interrupting handshake is enabled, errors that would otherwise be reported by QSslSocket::peerVerifyError() are instead only reported by QSslSocket::handshakeInterruptedOnError().

Even if the handshake was continued, these errors will be reported when emitting QSslSocket::sslErrors() signal (and thus must be ignored in the corresponding function slot).

See also

handshakeMustInterruptOnError(), QSslSocket::handshakeInterruptedOnError(), QSslSocket::continueInterruptedHandshake()

Definition at line 1239 of file qsslconfiguration.cpp.

References Q_UNUSED, qCWarning, and QSslConfigurationPrivate::reportFromCallback.

setLocalCertificate()

void QSslConfiguration::setLocalCertificate

(

const QSslCertificate &

certificate

)

Sets the certificate to be presented to the peer during SSL handshake to be certificate.

Setting the certificate once the connection has been established has no effect.

A certificate is the means of identification used in the SSL process. The local certificate is used by the remote end to verify the local user's identity against its list of Certification Authorities. In most cases, such as in HTTP web browsing, only servers identify to the clients, so the client does not send a certificate.

See also

localCertificate()

Definition at line 411 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::localCertificateChain.

setLocalCertificateChain()

void QSslConfiguration::setLocalCertificateChain

(

const QList< QSslCertificate > &

localChain

)

Sets the certificate chain to be presented to the peer during the SSL handshake to be localChain.

Setting the certificate chain once the connection has been established has no effect.

A certificate is the means of identification used in the SSL process. The local certificate is used by the remote end to verify the local user's identity against its list of Certification Authorities. In most cases, such as in HTTP web browsing, only servers identify to the clients, so the client does not send a certificate.

Unlike QSslConfiguration::setLocalCertificate() this method allows you to specify any intermediate certificates required in order to validate your certificate. The first item in the list must be the leaf certificate.

See also

localCertificateChain()

Since

5.1

Definition at line 377 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::localCertificateChain.

setMissingCertificateIsFatal()

void QSslConfiguration::setMissingCertificateIsFatal

(

bool

cannotRecover

)

Since

6.0

If cannotRecover is true, and verification mode in use is QSslSocket::VerifyPeer or QSslSocket::AutoVerifyPeer (for a client-side socket), the missing peer's certificate would be treated as an unrecoverable error that cannot be ignored. A proper alert message will be sent to the peer before closing the connection.

Note

Only available if Qt was configured and built with OpenSSL backend.

See also

QSslSocket::ignoreSslErrors(), QSslSocket::PeerVerifyMode, missingCertificateIsFatal()

Definition at line 1277 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::missingCertIsFatal, Q_UNUSED, and qCWarning.

setOcspStaplingEnabled()

void QSslConfiguration::setOcspStaplingEnabled

(

bool

enabled

)

Since

5.13 If enabled is true, client QSslSocket will send a certificate status request to its peer when initiating a handshake. During the handshake QSslSocket will verify the server's response. This value must be set before the handshake starts.

See also

ocspStaplingEnabled()

Definition at line 1180 of file qsslconfiguration.cpp.

References enabled, QSslConfigurationPrivate::ocspStaplingEnabled, and qCWarning.

setPeerVerifyDepth()

void QSslConfiguration::setPeerVerifyDepth

(

int

depth

)

Sets the maximum number of certificates in the peer's certificate chain to be checked during the SSL handshake phase, to depth.

Setting a depth of 0 means that no maximum depth is set, indicating that the whole certificate chain should be checked.

The certificates are checked in issuing order, starting with the peer's own certificate, then its issuer's certificate, and so on.

See also

peerVerifyDepth(), setPeerVerifyMode()

Definition at line 333 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::peerVerifyDepth, and qCWarning.

Referenced by QQmlSslConfiguration::setPeerVerifyDepth().

Here is the caller graph for this function:

setPeerVerifyMode()

void QSslConfiguration::setPeerVerifyMode

(

QSslSocket::PeerVerifyMode

mode

)

Sets the verify mode to mode.

This mode decides whether QSslSocket should request a certificate from the peer (i.e., the client requests a certificate from the server, or a server requesting a certificate from the client), and whether it should require that this certificate is valid.

The default mode is AutoVerifyPeer, which tells QSslSocket to use VerifyPeer for clients, QueryPeer for servers.

See also

peerVerifyMode()

Definition at line 300 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::peerVerifyMode.

Referenced by QQmlSslConfiguration::setPeerVerifyMode().

Here is the caller graph for this function:

setPreSharedKeyIdentityHint()

void QSslConfiguration::setPreSharedKeyIdentityHint

(

const QByteArray &

hint

)

Since

5.8

Sets the identity hint for a preshared key authentication to hint. This will affect the next initiated handshake; calling this function on an already-encrypted socket will not affect the socket's identity hint.

The identity hint is used in QSslSocket::SslServerMode only!

Definition at line 914 of file qsslconfiguration.cpp.

References hint(), and QSslConfigurationPrivate::preSharedKeyIdentityHint.

Here is the call graph for this function:

setPrivateKey()

void QSslConfiguration::setPrivateKey

(

const QSslKey &

key

)

Sets the connection's private \l {QSslKey} {key} to key.

The private key and the local \l {QSslCertificate} {certificate} are used by clients and servers that must prove their identity to SSL peers.

Both the key and the local certificate are required if you are creating an SSL server socket. If you are creating an SSL client socket, the key and local certificate are required if your client must identify itself to an SSL server.

See also

privateKey(), setLocalCertificate()

Definition at line 537 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::privateKey.

Referenced by QQmlSslConfiguration::setPrivateKey().

Here is the caller graph for this function:

setProtocol()

void QSslConfiguration::setProtocol

(

QSsl::SslProtocol

protocol

)

Sets the protocol setting for this configuration to be protocol.

Setting the protocol once the connection has already been established has no effect.

See also

protocol()

Definition at line 268 of file qsslconfiguration.cpp.

References protocol(), and QSslConfigurationPrivate::protocol.

Referenced by QQmlSslConfiguration::setProtocol().

Here is the call graph for this function:

Here is the caller graph for this function:

setSessionTicket()

void QSslConfiguration::setSessionTicket

(

const QByteArray &

sessionTicket

)

Since

5.2

Sets the session ticket to be used in an SSL handshake. QSsl::SslOptionDisableSessionPersistence must be turned off for this to work, and sessionTicket must be in ASN.1 format as returned by sessionTicket().

See also

sessionTicket(), QSsl::SslOptionDisableSessionPersistence, setSslOption(), QSslSocket::newSessionTicketReceived()

Definition at line 795 of file qsslconfiguration.cpp.

References sessionTicket(), and QSslConfigurationPrivate::sslSession.

Referenced by QQmlSslConfiguration::setSessionTicket().

Here is the call graph for this function:

Here is the caller graph for this function:

setSslOption()

void QSslConfiguration::setSslOption	(	QSsl::SslOption	option,
		bool	on )

Enables or disables an SSL compatibility option.

If on is true, the option is enabled. If on is false, the option is disabled.

See also

testSslOption()

Definition at line 747 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::sslOptions.

Referenced by QQmlSslConfiguration::setSslOptions().

Here is the caller graph for this function:

supportedCiphers()

QList< QSslCipher > QSslConfiguration::supportedCiphers ( )

static

Since

5.5

Returns the list of cryptographic ciphers supported by this system. This list is set by the system's SSL libraries and may vary from system to system.

See also

ciphers(), setCiphers()

Definition at line 618 of file qsslconfiguration.cpp.

References QSslSocketPrivate::supportedCiphers().

Referenced by QSslCipher::QSslCipher(), and QSslCipher::QSslCipher().

Here is the call graph for this function:

Here is the caller graph for this function:

supportedEllipticCurves()

QList< QSslEllipticCurve > QSslConfiguration::supportedEllipticCurves ( )

static

Since

5.5

Returns the list of elliptic curves supported by this system. This list is set by the system's SSL libraries and may vary from system to system.

See also

ellipticCurves(), setEllipticCurves()

Definition at line 888 of file qsslconfiguration.cpp.

References QSslSocketPrivate::supportedEllipticCurves().

Here is the call graph for this function:

swap()

void QSslConfiguration::swap ( QSslConfiguration & other )

inlinenoexcept

Since

5.0

Swaps this SSL configuration instance with other. This function is very fast and never fails.

Definition at line 49 of file qsslconfiguration.h.

References d, and other().

Here is the call graph for this function:

systemCaCertificates()

QList< QSslCertificate > QSslConfiguration::systemCaCertificates ( )

static

Since

5.5

This function provides the CA certificate database provided by the operating system. The CA certificate database returned by this function is used to initialize the database returned by caCertificates() on the default QSslConfiguration.

See also

caCertificates(), setCaCertificates(), defaultConfiguration(), addCaCertificate(), addCaCertificates()

Definition at line 734 of file qsslconfiguration.cpp.

References QSslSocketPrivate::systemCaCertificates().

Here is the call graph for this function:

testSslOption()

bool QSslConfiguration::testSslOption

(

QSsl::SslOption

option

)

const

Since

4.8

Returns true if the specified SSL compatibility option is enabled.

See also

setSslOption()

Definition at line 759 of file qsslconfiguration.cpp.

References QSslConfigurationPrivate::sslOptions.

Referenced by QSslContext::cacheSession(), QSslContext::createSsl(), and QQmlSslConfiguration::setSslOptionsList().

Here is the caller graph for this function:

Friends And Related Symbol Documentation

QSslConfigurationPrivate

friend class QSslConfigurationPrivate

friend

Definition at line 162 of file qsslconfiguration.h.

QSslContext

friend class QSslContext

friend

Definition at line 163 of file qsslconfiguration.h.

QSslSocket

friend class QSslSocket

friend

Definition at line 161 of file qsslconfiguration.h.

QTlsBackend

friend class QTlsBackend

friend

Definition at line 164 of file qsslconfiguration.h.

Member Data Documentation

ALPNProtocolHTTP2

const char QSslConfiguration::ALPNProtocolHTTP2 = "h2"

static

Definition at line 157 of file qsslconfiguration.h.

Referenced by QHttpNetworkConnectionChannel::_q_encrypted(), QNetworkAccessManager::connectToHostEncrypted(), and QHttpThreadDelegate::startRequest().

NextProtocolHttp1_1

const char QSslConfiguration::NextProtocolHttp1_1 = "http/1.1"

static

Definition at line 158 of file qsslconfiguration.h.

Referenced by QHttpNetworkConnectionChannel::_q_encrypted(), and QHttpThreadDelegate::startRequest().

---

The documentation for this class was generated from the following files:

• qtbase/src/network/ssl/qsslconfiguration.h (e2fef733be92e95ff28225196e14ffeb98d61a1f)
• qtbase/src/network/ssl/qsslconfiguration.cpp (fad8d7126260b30bd9437f2e19b5460dcf14b46a)
• qtbase/src/network/ssl/qsslconfiguration_p.h (05fc3aef53348fb58be6308076e000825b704e58)