Codebase list qsslcaudit / 2c6069a
Merge branch 'new-upstream/main' into 'kali/master' Merge new upstream version 0.8.3 See merge request kalilinux/packages/qsslcaudit!1 Sophie Brun 1 year, 3 months ago
50 changed file(s) with 2544 addition(s) and 2350 deletion(s). Raw diff Collapse all Expand all
+5
-2
CMakeLists.txt less more
33
44 set(QSSLC_VERSION_MAJOR 0)
55 set(QSSLC_VERSION_MINOR 8)
6 set(QSSLC_VERSION_PATCH 1)
6 set(QSSLC_VERSION_PATCH 3)
77 set(QSSLC_VERSION "${QSSLC_VERSION_MAJOR}.${QSSLC_VERSION_MINOR}.${QSSLC_VERSION_PATCH}")
88 # version formatting stolen from KeepAssXC's CMakeLists.txt :-)
99 set(OVERRIDE_VERSION "" CACHE STRING "Override the qsslcaudit Version for Snapshot builds")
153153
154154 find_package(CryptoPP REQUIRED)
155155
156 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 -Wall")
156 SET(CMAKE_CXX_STANDARD 11)
157
158 set(CMAKE_INCLUDE_CURRENT_DIR ON)
159 set(CMAKE_AUTOMOC ON)
157160
158161 set(THIRDPARTY_DIR "${CMAKE_SOURCE_DIR}/thirdparty")
159162 set(UNSAFESSL_DIR "${CMAKE_SOURCE_DIR}/src/unsafessl")
+5
-1
FindCryptoPP.cmake less more
7474 ENDIF (CRYPTOPP_LIBRARY_DEBUG AND CRYPTOPP_LIBRARY_RELEASE)
7575
7676 IF (CRYPTOPP_INCLUDE_DIR)
77 SET (_CRYPTOPP_VERSION_HEADER ${CRYPTOPP_INCLUDE_DIR}/cryptopp/config.h)
77 SET (_CRYPTOPP_VERSION_HEADER ${CRYPTOPP_INCLUDE_DIR}/cryptopp/config_ver.h)
78
79 IF (NOT EXISTS ${_CRYPTOPP_VERSION_HEADER})
80 SET (_CRYPTOPP_VERSION_HEADER ${CRYPTOPP_INCLUDE_DIR}/cryptopp/config.h)
81 ENDIF (NOT EXISTS ${_CRYPTOPP_VERSION_HEADER})
7882
7983 IF (EXISTS ${_CRYPTOPP_VERSION_HEADER})
8084 FILE (STRINGS ${_CRYPTOPP_VERSION_HEADER} _CRYPTOPP_VERSION_TMP REGEX
+7
-0
debian/changelog less more
0 qsslcaudit (0.8.3-0kali1) UNRELEASED; urgency=low
1
2 * New upstream release.
3 * Drop patch fix-FindCryptoPP-for-version-8.3.patch, present upstream.
4
5 -- Kali Janitor <[email protected]> Sun, 06 Nov 2022 09:32:39 -0000
6
07 qsslcaudit (0.8.1-0kali2) kali-dev; urgency=medium
18
29 * Add patches to build with cryptocpp version 8.3
+7
-7
debian/patches/add-missing-header.patch less more
1515 src/unsafessl/sslunsaferingbuffer_p.h | 3 +++
1616 1 file changed, 3 insertions(+)
1717
18 diff --git a/src/unsafessl/sslunsaferingbuffer_p.h b/src/unsafessl/sslunsaferingbuffer_p.h
19 index 02abc87..f033ae5 100644
20 --- a/src/unsafessl/sslunsaferingbuffer_p.h
21 +++ b/src/unsafessl/sslunsaferingbuffer_p.h
22 @@ -55,6 +55,9 @@
23 #include <QtCore/qbytearray.h>
24 #include <QtCore/qvector.h>
18 Index: qsslcaudit.git/src/unsafessl/sslunsaferingbuffer_p.h
19 ===================================================================
20 --- qsslcaudit.git.orig/src/unsafessl/sslunsaferingbuffer_p.h
21 +++ qsslcaudit.git/src/unsafessl/sslunsaferingbuffer_p.h
22 @@ -57,6 +57,9 @@
23
24 #include <climits>
2525
2626 +// Add missing climits header for INT_MAX
2727 +#include <climits>
+0
-29
debian/patches/fix-FindCryptoPP-for-version-8.3.patch less more
0 From: Sophie Brun <[email protected]>
1 Date: Wed, 6 Jan 2021 09:39:02 +0100
2 Subject: fix FindCryptoPP for version >= 8.3
3
4 Last-Update: 2021-01-06
5
6 Since version 8.3 the cryptopp config.h file does no longer contains the
7 CRYPTOPP_VERSION variable. The variable is now in config_ver.h file.
8 ---
9 FindCryptoPP.cmake | 6 +++++-
10 1 file changed, 5 insertions(+), 1 deletion(-)
11
12 diff --git a/FindCryptoPP.cmake b/FindCryptoPP.cmake
13 index 74a01e8..ae7cd6a 100644
14 --- a/FindCryptoPP.cmake
15 +++ b/FindCryptoPP.cmake
16 @@ -75,7 +75,11 @@ ELSEIF (CRYPTOPP_LIBRARY_RELEASE)
17 ENDIF (CRYPTOPP_LIBRARY_DEBUG AND CRYPTOPP_LIBRARY_RELEASE)
18
19 IF (CRYPTOPP_INCLUDE_DIR)
20 - SET (_CRYPTOPP_VERSION_HEADER ${CRYPTOPP_INCLUDE_DIR}/cryptopp/config.h)
21 + SET (_CRYPTOPP_VERSION_HEADER ${CRYPTOPP_INCLUDE_DIR}/cryptopp/config_ver.h)
22 +
23 + IF (NOT EXISTS ${_CRYPTOPP_VERSION_HEADER})
24 + SET (_CRYPTOPP_VERSION_HEADER ${CRYPTOPP_INCLUDE_DIR}/cryptopp/config.h)
25 + ENDIF (NOT EXISTS ${_CRYPTOPP_VERSION_HEADER})
26
27 IF (EXISTS ${_CRYPTOPP_VERSION_HEADER})
28 FILE (STRINGS ${_CRYPTOPP_VERSION_HEADER} _CRYPTOPP_VERSION_TMP REGEX
+0
-1
debian/patches/series less more
0 fix-FindCryptoPP-for-version-8.3.patch
10 add-missing-header.patch
+1
-1
src/CMakeLists.txt less more
1111 include_directories(${UNSAFESSL_DIR})
1212 endif()
1313
14 add_executable(qsslcaudit main.cpp)
14 add_executable(qsslcaudit main.cpp sigwatch.cpp sigwatch.h)
1515 set_target_properties(qsslcaudit PROPERTIES AUTOMOC TRUE)
1616
1717 target_link_libraries(qsslcaudit qsslcaudit_lib)
+2
-0
src/libqsslcaudit/CMakeLists.txt less more
1515 clientinfo.cpp
1616 openssl-helper.cpp
1717 cve-2020-0601_poc.cpp
18 testserver.cpp
1819 )
1920
2021 set(qsslcauditHeaders
3637 clientinfo.h
3738 openssl-helper.h
3839 cve-2020-0601_poc.h
40 testserver.h
3941 )
4042
4143 include_directories(
+30
-11
src/libqsslcaudit/dtlsserver.cpp less more
6565 void sslHandshakeFinished(const QList<XSslCertificate> &clientCerts);
6666 void newPeer(const QHostAddress &peerAddress);
6767 void rawDataCollected(const QByteArray &rdData, const QByteArray &wrData);
68 void sessionFinished();
69 void newConnection();
6870
6971 private slots:
7072 void handleSocketError(QAbstractSocket::SocketError socketError);
141143
142144 collectedDgram = dgram;
143145 clientConnected = true;
146
147 emit newConnection();
144148 } else if (!currentConnection.isNull()) {
145149 if (currentConnection->isConnectionEncrypted()) {
146150 decryptDatagram(currentConnection, dgram);
192196
193197 if (!result) {
194198 clientFinished = true;
199 emit sessionFinished();
195200 return;
196201 }
197202
219224 emit dtlsHandshakeError(connection->dtlsError(), connection->dtlsErrorString());
220225
221226 if (dgram.size()) {
222 VERBOSE("received data: " + QString(dgram));
227 // check if datagram has binary data
228 bool binData = false;
229 for (int i = 0; i < dgram.size(); i++) {
230 if (dgram.at(i) < ' ')
231 binData = true;
232 }
233 VERBOSE("received data: " + (binData ? QString(dgram.toHex()) : QString(dgram)));
223234 emit dataIntercepted(dgram);
224235
225236 // send data to proxy, if requested
242253 emit dataIntercepted(dgram);
243254 } else if (connection->dtlsError() == XDtlsError::RemoteClosedConnectionError) {
244255 clientFinished = true;
256 sessionFinished();
245257 } else {
246258 VERBOSE("data decryption error");
247259 }
270282 Q_DECLARE_METATYPE(QList<SslUnsafeCertificate>)
271283 Q_DECLARE_METATYPE(SslUnsafeDtlsError)
272284
273 DtlsServer::DtlsServer(const SslUserSettings &settings,
285 DtlsServer::DtlsServer(const SslUserSettings *settings,
274286 QList<XSslCertificate> localCert,
275287 XSslKey privateKey,
276288 XSsl::SslProtocol sslProtocol,
305317 connect(dtlsWorker, &DtlsServerWorker::rawDataCollected, [=](const QByteArray &rdData, const QByteArray &wrData) {
306318 emit rawDataCollected(rdData, wrData);
307319 });
320 connect(dtlsWorker, &DtlsServerWorker::sessionFinished, this, &DtlsServer::sessionFinished);
321 connect(dtlsWorker, &DtlsServerWorker::newConnection, this, &DtlsServer::newConnection);
308322
309323 dtlsThread.start();
310324
313327 dtlsWorker->m_sslProtocol = sslProtocol;
314328 dtlsWorker->m_sslCiphers = sslCiphers;
315329
316 dtlsWorker->m_startTlsProtocol = settings.getStartTlsProtocol();
317 dtlsWorker->m_forwardHost = settings.getForwardHostAddr();
318 dtlsWorker->m_forwardPort = settings.getForwardHostPort();
319 dtlsWorker->m_waitDataTimeout = settings.getWaitDataTimeout();
330 dtlsWorker->m_startTlsProtocol = settings->getStartTlsProtocol();
331 dtlsWorker->m_forwardHost = settings->getForwardHostAddr();
332 dtlsWorker->m_forwardPort = settings->getForwardHostPort();
333 dtlsWorker->m_waitDataTimeout = settings->getWaitDataTimeout();
320334
321335 dtlsWorker->clientConnected = false;
322336 }
341355 QTimer::singleShot(0, dtlsWorker, SLOT(close()));
342356 }
343357
344 bool DtlsServer::waitForNewClient()
345 {
346 return dtlsWorker->waitForNewClient();
347 }
348
349358 void DtlsServer::handleClient()
350359 {
351360 QTimer::singleShot(0, dtlsWorker, SLOT(handleClient()));
352361 dtlsWorker->waitForClientFinished();
353362 }
354363
364 bool DtlsServer::isForwarding()
365 {
366 return m_isForwarding;
367 }
368
369 void DtlsServer::handleSigInt()
370 {
371
372 }
373
355374 #include "dtlsserver.moc"
+11
-2
src/libqsslcaudit/dtlsserver.h less more
1414 Q_OBJECT
1515
1616 public:
17 DtlsServer(const SslUserSettings &settings,
17 DtlsServer(const SslUserSettings *settings,
1818 QList<XSslCertificate> localCert,
1919 XSslKey privateKey,
2020 XSsl::SslProtocol sslProtocol,
2424
2525 bool listen(const QHostAddress &address, quint16 port);
2626 void close();
27 bool waitForNewClient();
2827 void handleClient();
2928
3029 signals:
3534 void sslHandshakeFinished(const QList<XSslCertificate> &clientCerts);
3635 void newPeer(const QHostAddress &peerAddress);
3736 void rawDataCollected(const QByteArray &rdData, const QByteArray &wrData);
37 void sessionFinished();
38 void newConnection();
3839
3940 private:
41 void handleSigInt();
42 bool isForwarding();
43
4044 QThread dtlsThread;
4145 DtlsServerWorker *dtlsWorker;
46
47 bool m_stopForwarding;
48 bool m_isForwarding;
49
50 friend class SslServer;
4251 };
4352
4453 #endif // DTLSSERVER_H
+90
-242
src/libqsslcaudit/sslcaudit.cpp less more
00
11 #include "sslcaudit.h"
2 #include "sslserver.h"
32 #include "debug.h"
4 #include "ciphers.h"
5
6 #include <QCoreApplication>
7 #include <QThread>
3 #include "sslusersettings.h"
4 #include "clientinfo.h"
5 #include "testserver.h"
6 #include "ssltest.h"
7
88 #include <QFile>
99 #include <QXmlStreamWriter>
1010
11 #ifdef UNSAFE_QSSL
12 #include "sslunsafesocket.h"
13 #include "sslunsafeconfiguration.h"
14 #else
15 #include <QSslSocket>
16 #include <QSslConfiguration>
17 #endif
18
19
20 SslCAudit::SslCAudit(const SslUserSettings settings, QObject *parent) :
11 #include <QThread>
12
13 SslCAudit::SslCAudit(const SslUserSettings *settings, QObject *parent) :
2114 QObject(parent),
22 settings(settings),
23 sslTests(QList<SslTest *>())
15 settings(settings)
2416 {
2517 VERBOSE("SSL library used: " + XSslSocket::sslLibraryVersionString());
2618 }
2719
28 void SslCAudit::showCiphersGroup(const QString &groupName, const QString &ciphersStr)
29 {
30 QStringList opensslCiphers = ciphersStr.split(":");
31 QString supportedCiphersStr;
32
33 VERBOSE(" " + groupName + ":");
34
35 for (int i = 0; i < opensslCiphers.size(); i++) {
36 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
37
38 if (!cipher.isNull())
39 supportedCiphersStr += opensslCiphers.at(i) + ":";
40 }
41
42 supportedCiphersStr.chop(1);
43
44 VERBOSE(" " + supportedCiphersStr);
45 }
46
47 void SslCAudit::showCiphers()
48 {
49 VERBOSE("supported ciphers:");
50 showCiphersGroup("EXPORT", ciphers_export_str);
51 showCiphersGroup("LOW", ciphers_low_str);
52 showCiphersGroup("MEDIUM", ciphers_medium_str);
53 showCiphersGroup("HIGH", ciphers_high_str);
54 }
55
5620 void SslCAudit::setSslTests(const QList<SslTest *> &tests)
5721 {
5822 sslTests = tests;
5923 }
6024
61 void SslCAudit::runTest()
62 {
63 WHITE(QString("running test #%1: %2").arg(static_cast<int>(currentTest->id()) + 1)
64 .arg(currentTest->description()));
65
66 SslServer *sslServer = new SslServer(settings,
67 currentTest->localCert(),
68 currentTest->privateKey(),
69 currentTest->sslProtocol(),
70 currentTest->sslCiphers(),
71 this);
72 if (!sslServer->listen()) {
73 // this place is in the middle of code path and others could expect
74 // some return values, signals, etc.
75 // however, if we can not setup listener (mostly due to permission/busy errors)
76 // for one test, all others will fail.
77 // there is no strong reason to attempt to recover from that, thus, exit with
78 // non-zero code
79 // alternative way -- test availability of socket prior launching SslCaudit
80 exit(-1);
81 }
82
83 // can be emitted by both TCP and UDP servers
84 connect(sslServer, &SslServer::sslSocketErrors, this, &SslCAudit::handleSslSocketErrors);
85
86 // can be emitted by TCP server only
87 connect(sslServer, &SslServer::sslErrors, [=](const QList<XSslError> &errors) {
88 VERBOSE("SSL errors detected:");
89 XSslError error;
90 foreach (error, errors) {
91 VERBOSE("\t" + error.errorString());
92 currentClientInfo->addSslErrorString(error.errorString());
93 }
94 currentClientInfo->addSslErrors(errors);
95 });
96
97 // can be emitted by UDP server only
98 connect(sslServer, &SslServer::dtlsHandshakeError, [=](const XDtlsError error, const QString &errorStr) {
99 VERBOSE("DTLS error detected:");
100 VERBOSE(QString("\t%1(%2)").arg(errorStr).arg(SslServer::dtlsErrorToString(error)));
101 currentClientInfo->addSslErrorString(errorStr);
102 currentClientInfo->addDtlsError(error);
103 });
104
105 // can be emitted by both TCP and UDP servers
106 connect(sslServer, &SslServer::dataIntercepted, [=](const QByteArray &data) {
107 currentClientInfo->addInterceptedData(data);
108 });
109
110 // can be emitted by both TCP and UDP servers
111 connect(sslServer, &SslServer::rawDataCollected, [=](const QByteArray &rdData, const QByteArray &wrData) {
112 currentClientInfo->addRawDataRecv(rdData);
113 currentClientInfo->addRawDataSent(wrData);
114 });
115
116 // can be emitted by both TCP and UDP servers
117 connect(sslServer, &SslServer::sslHandshakeFinished, [=](const QList<XSslCertificate> &clientCerts) {
118 VERBOSE("SSL connection established");
119 if (clientCerts.size() > 0) {
120 VERBOSE(QString("\tclient supplied chain of %1 certificates").arg(clientCerts.size()));
121 for (int i = 0; i < clientCerts.size(); i++) {
122 VERBOSE(clientCerts.at(i).toPem());
25 void SslCAudit::handleServerFinished()
26 {
27 TestServer *testServer = qobject_cast<TestServer *>(sender());
28 TestServer *newTestServer = nullptr;
29
30 emit sslTestFinished();
31
32 for (int i = 0; i < testServers.size(); i++) {
33 if (testServers.at(i) == testServer) {
34 // the last test finished
35 if (i == testServers.size() - 1) {
36 // if we asked to loop tests, start again with the first one
37 if (settings->getLoopTests()) {
38 newTestServer = testServers.at(0);
39 } else {
40 emit sslTestsFinished();
41 return;
42 }
43 } else {
44 // switch to the next test
45 newTestServer = testServers.at(i + 1);
12346 }
12447 }
125
126 currentClientInfo->setSslConnectionStatus(true);
127 });
128
129 // can be emitted by TCP server only
130 // for UDP see QDtls::peerVerificationErrors(), however, it does not make sense anyway
131 connect(sslServer, &SslServer::peerVerifyError, [=](const XSslError &error) {
132 VERBOSE("peer verify error:");
133 VERBOSE("\t" + error.errorString());
134 });
135
136 // can be emitted by both TCP and UDP servers
137 connect(sslServer, &SslServer::newPeer, [=](const QHostAddress &peerAddress) {
138 currentClientInfo->setSourceHost(peerAddress.toString());
139 });
140
141 emit sslTestReady();
142
143 if (sslServer->waitForClient()) {
144 // check if *server* was not able to setup SSL connection
145 // to check this we need to see if we already received some SSL errors
146 // if this is the case -- then those errors are about SSL initialization
147 if ((currentClientInfo->sslErrorsStr().size() > 0)
148 || (currentClientInfo->socketErrors().size() > 0)) {
149 RED("failure during SSL initialization, test will not continue");
150
151 for (int i = 0; i < currentClientInfo->sslErrorsStr().size(); i++) {
152 VERBOSE("\t" + currentClientInfo->sslErrorsStr().at(i));
153 }
154
155 currentTest->calcResults(*currentClientInfo);
156 delete sslServer;
157 return;
158 }
159
160 // now we can handle client side
161 // this call will loop until connection close if 'forward' option is set
162 sslServer->handleIncomingConnection();
48 }
49
50 // run the next test
51 if (newTestServer)
52 newTestServer->runTest();
53 }
54
55 void SslCAudit::run()
56 {
57 for (int i = 0; i < sslTests.size(); i++) {
58 TestServer *testServer = new TestServer(sslTests.at(i), settings, this);
59
60 testServers << testServer;
61
62 connect(testServer, &TestServer::sslTestReady, this, &SslCAudit::sslTestReady);
63 connect(testServer, &TestServer::sslTestFinished, this, &SslCAudit::handleServerFinished);
64
65 connect(this, &SslCAudit::sigIntHandled, testServer, &TestServer::sigIntHandled);
66 }
67
68 if (testServers.size() == 0) {
69 emit sslTestsFinished();
70 return;
71 }
72
73 testServers.at(0)->runTest();
74 }
75
76 const ClientInfo *SslCAudit::getClientInfo(int num) {
77 if (num < testServers.size())
78 return testServers.at(num)->getClientInfo();
79 return nullptr;
80 }
81
82 bool SslCAudit::isSameClient(bool doPrint)
83 {
84 const ClientInfo *client0;
85 bool ret = true;
86
87 if (testServers.size() == 0)
88 return true;
89
90 // ignore the first client fingerprint if duplication of the first test was requested
91 if (!settings->getDoubleFirstTest()) {
92 client0 = testServers.at(0)->getClientInfo();
16393 } else {
164 VERBOSE("could not establish encrypted connection (" + currentClientInfo->sslErrorsStr().join(", ") + ")");
165 }
166
167 delete sslServer;
168
169 currentTest->calcResults(*currentClientInfo);
170
171 WHITE("report:");
172
173 if (currentTest->result() != SslTestResult::Success) {
174 RED(currentTest->report());
175 } else {
176 GREEN(currentTest->report());
177 }
178
179 WHITE("test finished");
180
181 emit sslTestFinished();
182 }
183
184 void SslCAudit::handleSslSocketErrors(const QList<XSslError> &sslErrors,
185 const QString &errorStr, QAbstractSocket::SocketError socketError)
186 {
187 VERBOSE(QString("socket error: %1 (#%2)").arg(errorStr).arg(socketError));
188
189 currentClientInfo->addSslErrors(sslErrors);
190 currentClientInfo->addSslErrorString(errorStr);
191 currentClientInfo->addSocketErrors(QList<QAbstractSocket::SocketError>() << socketError);
192
193 switch (socketError) {
194 case QAbstractSocket::SslInvalidUserDataError:
195 VERBOSE("\tInvalid data (certificate, key, cypher, etc.) was provided and its use resulted in an error in the SSL library.");
196 break;
197 case QAbstractSocket::SslInternalError:
198 VERBOSE("\tThe SSL library being used reported an internal error. This is probably the result of a bad installation or misconfiguration of the library.");
199 break;
200 case QAbstractSocket::SslHandshakeFailedError:
201 if (errorStr.contains(QString("ssl3_get_client_hello:no shared cipher"))) {
202 VERBOSE("\tThe SSL/TLS handshake failed (client did not provide expected ciphers), so the connection was closed.");
203 } else if (errorStr.contains(QString("ssl3_read_bytes:tlsv1 alert protocol version"))) {
204 VERBOSE("\tThe SSL/TLS handshake failed (client refused the proposed protocol), so the connection was closed.");
205 } else {
206 VERBOSE("\tThe SSL/TLS handshake failed, so the connection was closed.");
207 }
208 break;
209 default:
210 // just ignore all other errors
211 break;
212 }
213 }
214
215 void SslCAudit::run()
216 {
217 // in case we were re-launched, clear containers
218 qDeleteAll(clientsInfo.begin(), clientsInfo.end());
219 clientsInfo.clear();
220
221 do {
222 for (int i = 0; i < sslTests.size(); i++) {
223 VERBOSE("");
224 currentTest = sslTests.at(i);
225 currentTest->clear();
226
227 currentClientInfo = new ClientInfo();
228 currentClientInfo->setDtlsMode(settings.getUseDtls());
229 clientsInfo << currentClientInfo;
230
231 runTest();
232 VERBOSE("");
233 }
234 } while (settings.getLoopTests());
235
236 emit sslTestsFinished();
237 }
238
239 bool SslCAudit::isSameClient(bool doPrint)
240 {
241 ClientInfo *client0;
242 bool ret = true;
243
244 if (!clientsInfo.size())
245 return ret;
246
247 // ignore the first client fingerprint if duplication of the first test was requested
248 if (!settings.getDoubleFirstTest()) {
249 client0 = clientsInfo.at(0);
250 } else {
251 client0 = clientsInfo.at(1);
252 }
253
254 for (int i = 1; i < clientsInfo.size(); i++) {
255 if (!client0->isEqualTo(clientsInfo.at(i))) {
94 client0 = testServers.at(1)->getClientInfo();
95 }
96
97 for (int i = 1; i < testServers.size(); i++) {
98 if (!client0->isEqualTo(testServers.at(i)->getClientInfo())) {
25699 ret = false;
257100
258101 if (doPrint) {
266109 }
267110
268111 VERBOSE(QString("client #%1").arg(i));
269 VERBOSE(clientsInfo.at(i)->printable());
112 VERBOSE(testServers.at(i)->getClientInfo()->printable());
270113 } else {
271114 break;
272115 }
400243
401244 QString previousComment;
402245
403 for (int i = 0; i < sslTests.size(); i++) {
404 SslTest *test = sslTests.at(i);
246 for (int i = 0; i < testServers.size(); i++) {
247 const SslTest *test = testServers.at(i)->getSslTest();
405248 QString testName = test->name();
406249 QString comment = test->resultComment();
407250
442285 xmlWriter.writeStartDocument();
443286
444287 xmlWriter.writeStartElement("qsslcaudit");
445 for (int i = 0; i < sslTests.size(); i++) {
446 SslTest *test = sslTests.at(i);
288 for (int i = 0; i < testServers.size(); i++) {
289 const SslTest *test = testServers.at(i)->getSslTest();
447290 QString testId = QString::number(static_cast<int>(test->id()) + 1); // keep numbering in human format
448291 QString testName = test->name();
449292 QString testResult = sslTestResultToStatus(test->result());
458301 xmlWriter.writeEndElement();
459302 file.close();
460303 }
304
305 void SslCAudit::handleSigInt()
306 {
307 emit sigIntHandled();
308 }
+14
-24
src/libqsslcaudit/sslcaudit.h less more
0
10 #ifndef SSLCAUDIT_H
21 #define SSLCAUDIT_H
32
4 #ifdef UNSAFE_QSSL
5 #include "sslunsafeerror.h"
6 #else
7 #include <QSslError>
8 #endif
3 #include <QObject>
94
10 #include "sslusersettings.h"
11 #include "ssltest.h"
5 class SslUserSettings;
6 class TestServer;
7 class SslTest;
8 class ClientInfo;
129
1310 class SslCAudit : public QObject
1411 {
1512 Q_OBJECT
1613
1714 public:
18 SslCAudit(const SslUserSettings settings, QObject *parent = nullptr);
15 SslCAudit(const SslUserSettings *settings, QObject *parent = nullptr);
1916
2017 void setSslTests(const QList<SslTest *> &tests);
2118
22 static void showCiphers();
2319 void printSummary();
2420 void writeXmlSummary(const QString &filename);
21
2522 bool isSameClient(bool doPrint);
26 ClientInfo getClientInfo(int num) {
27 if (num < clientsInfo.size())
28 return *clientsInfo.at(num);
29 return ClientInfo();
30 }
23
24 const ClientInfo *getClientInfo(int num);
3125
3226 public slots:
27 void handleSigInt();
3328 void run();
3429
3530 signals:
3631 void sslTestReady();
3732 void sslTestFinished();
3833 void sslTestsFinished();
34 void sigIntHandled();
3935
4036 private:
41 void runTest();
42 void handleSslSocketErrors(const QList<XSslError> &sslErrors,
43 const QString &errorStr, QAbstractSocket::SocketError socketError);
44 static void showCiphersGroup(const QString &groupName, const QString &ciphersStr);
37 void handleServerFinished();
4538
46 SslUserSettings settings;
39 const SslUserSettings *settings;
4740
4841 QList<SslTest *> sslTests;
49 SslTest *currentTest;
50
51 QVector<ClientInfo *> clientsInfo;
52 ClientInfo *currentClientInfo;
42 QList<TestServer *> testServers;
5343
5444 };
5545
+19
-11
src/libqsslcaudit/sslcertgen.cpp less more
7676 reqbuilder.setKey(key);
7777 reqbuilder.addNameEntry(Certificate::EntryCountryName, "BE");
7878 reqbuilder.addNameEntry(Certificate::EntryOrganizationName, org.toLocal8Bit());
79 if (commonName.length() > 0)
79 if (commonName.length() > 0) {
8080 reqbuilder.addNameEntry(Certificate::EntryCommonName, commonName.toLocal8Bit());
81 reqbuilder.addSubjectAlternativeNameEntry(XSsl::DnsEntry, commonName.toLocal8Bit());
82 }
8183
8284 // sign the request
8385 CertificateRequest req = reqbuilder.signedRequest(key);
142144 }
143145 }
144146
147 QMultiMap<SslUnsafe::AlternativeNameEntryType, QString> sans = basecert.subjectAlternativeNames();
148 for (auto item = sans.begin(); item != sans.end(); item++) {
149 reqbuilder.addSubjectAlternativeNameEntry(item.key(), item.value().toLocal8Bit());
150 }
151
145152 // sign the request
146153 CertificateRequest req = reqbuilder.signedRequest(key);
147154
148155 return req;
149156 }
150157
151 static void setCertOptions(CertificateBuilder *builder, bool constrains, bool cansign, const QByteArray &serial = RandomGenerator::getPositiveBytes(16))
158 static void setCertOptions(CertificateBuilder *builder, bool constrains, bool cansign, const CertificateRequest &req = CertificateRequest(), const QByteArray &serial = RandomGenerator::getPositiveBytes(16))
152159 {
153160 // set common options
154161 builder->setVersion(3);
155162 builder->setSerial(serial);
156163 builder->setActivationTime(QDateTime::currentDateTimeUtc());
157 builder->setExpirationTime(QDateTime::currentDateTimeUtc().addYears(10));
164 builder->setExpirationTime(QDateTime::currentDateTimeUtc().addYears(1));
158165 CertificateBuilder::KeyUsageFlags flags = CertificateBuilder::UsageKeyEncipherment | CertificateBuilder::UsageDigitalSignature;
159166 if (cansign)
160167 flags |= CertificateBuilder::UsageKeyCertSign;
162169 builder->addKeyPurpose(CertificateBuilder::PurposeWebServer);
163170 builder->addKeyPurpose(CertificateBuilder::PurposeWebClient);
164171 builder->addSubjectKeyIdentifier();
172 builder->copyRequestExtensions(req);
165173
166174 builder->setBasicConstraints(constrains);
167175 }
184192 CertificateBuilder builder;
185193 builder.setRequest(req);
186194
187 setCertOptions(&builder, false, false);
195 setCertOptions(&builder, false, false, req);
188196
189197 XSslCertificate cert = builder.signedCertificate(key);
190198
212220
213221 QStringList serialInfo = basecert.subjectInfo(XSslCertificate::SerialNumber);
214222 if (serialInfo.isEmpty()) {
215 setCertOptions(&builder, false, false);
223 setCertOptions(&builder, false, false, req);
216224 } else {
217 setCertOptions(&builder, false, false, serialInfo.first().toLocal8Bit());
225 setCertOptions(&builder, false, false, req, serialInfo.first().toLocal8Bit());
218226 }
219227
220228 XSslCertificate cert = builder.signedCertificate(key);
233241 CertificateBuilder leafbuilder;
234242 leafbuilder.setRequest(leafreq);
235243
236 setCertOptions(&leafbuilder, false, false);
244 setCertOptions(&leafbuilder, false, false, leafreq);
237245
238246 leafbuilder.addAuthorityKeyIdentifier(cacert);
239247
258266
259267 QStringList serialInfo = basecert.subjectInfo(XSslCertificate::SerialNumber);
260268 if (serialInfo.isEmpty()) {
261 setCertOptions(&leafbuilder, false, false);
269 setCertOptions(&leafbuilder, false, false, leafreq);
262270 } else {
263 setCertOptions(&leafbuilder, false, false, serialInfo.first().toLocal8Bit());
271 setCertOptions(&leafbuilder, false, false, leafreq, serialInfo.first().toLocal8Bit());
264272 }
265273
266274 leafbuilder.addAuthorityKeyIdentifier(cacert);
285293 CertificateBuilder interbuilder;
286294 interbuilder.setRequest(interreq);
287295
288 setCertOptions(&interbuilder, true, true);
296 setCertOptions(&interbuilder, true, true, interreq);
289297
290298 interbuilder.copyRequestExtensions(interreq);
291299 interbuilder.addAuthorityKeyIdentifier(cacert);
300308 CertificateBuilder leafbuilder;
301309 leafbuilder.setRequest(leafreq);
302310
303 setCertOptions(&leafbuilder, false, false);
311 setCertOptions(&leafbuilder, false, false, leafreq);
304312
305313 leafbuilder.copyRequestExtensions(leafreq);
306314 leafbuilder.addAuthorityKeyIdentifier(intercert);
+137
-118
src/libqsslcaudit/sslcheck.cpp less more
1111
1212 }
1313
14 const SslCheckReport SslCheckSocketErrors::doCheck(const ClientInfo &client) const
14 const SslCheckReport SslCheckSocketErrors::doCheck(const ClientInfo *client) const
1515 {
1616 SslCheckReport rep;
1717
1818 // the errors here should not appear during regular communication
1919 // the rest is fine and are important for other checks
20 if (client.socketErrors().contains(QAbstractSocket::ConnectionRefusedError)
21 || client.socketErrors().contains(QAbstractSocket::HostNotFoundError)
22 || client.socketErrors().contains(QAbstractSocket::SocketAccessError)
23 || client.socketErrors().contains(QAbstractSocket::SocketResourceError)
24 || client.socketErrors().contains(QAbstractSocket::DatagramTooLargeError)
25 || client.socketErrors().contains(QAbstractSocket::NetworkError)
26 || client.socketErrors().contains(QAbstractSocket::AddressInUseError)
27 || client.socketErrors().contains(QAbstractSocket::SocketAddressNotAvailableError)
28 || client.socketErrors().contains(QAbstractSocket::UnsupportedSocketOperationError)
29 || client.socketErrors().contains(QAbstractSocket::UnfinishedSocketOperationError)
30 || client.socketErrors().contains(QAbstractSocket::ProxyAuthenticationRequiredError)
31 || client.socketErrors().contains(QAbstractSocket::ProxyConnectionRefusedError)
32 || client.socketErrors().contains(QAbstractSocket::ProxyConnectionClosedError)
33 || client.socketErrors().contains(QAbstractSocket::ProxyConnectionTimeoutError)
34 || client.socketErrors().contains(QAbstractSocket::ProxyNotFoundError)
35 || client.socketErrors().contains(QAbstractSocket::ProxyProtocolError)
36 || client.socketErrors().contains(QAbstractSocket::OperationError)
37 || client.socketErrors().contains(QAbstractSocket::TemporaryError)) {
20 if (client->socketErrors().contains(QAbstractSocket::ConnectionRefusedError)
21 || client->socketErrors().contains(QAbstractSocket::HostNotFoundError)
22 || client->socketErrors().contains(QAbstractSocket::SocketAccessError)
23 || client->socketErrors().contains(QAbstractSocket::SocketResourceError)
24 || client->socketErrors().contains(QAbstractSocket::DatagramTooLargeError)
25 || client->socketErrors().contains(QAbstractSocket::NetworkError)
26 || client->socketErrors().contains(QAbstractSocket::AddressInUseError)
27 || client->socketErrors().contains(QAbstractSocket::SocketAddressNotAvailableError)
28 || client->socketErrors().contains(QAbstractSocket::UnsupportedSocketOperationError)
29 || client->socketErrors().contains(QAbstractSocket::UnfinishedSocketOperationError)
30 || client->socketErrors().contains(QAbstractSocket::ProxyAuthenticationRequiredError)
31 || client->socketErrors().contains(QAbstractSocket::ProxyConnectionRefusedError)
32 || client->socketErrors().contains(QAbstractSocket::ProxyConnectionClosedError)
33 || client->socketErrors().contains(QAbstractSocket::ProxyConnectionTimeoutError)
34 || client->socketErrors().contains(QAbstractSocket::ProxyNotFoundError)
35 || client->socketErrors().contains(QAbstractSocket::ProxyProtocolError)
36 || client->socketErrors().contains(QAbstractSocket::OperationError)
37 || client->socketErrors().contains(QAbstractSocket::TemporaryError)) {
3838 rep.report = QString("socket/network error occuried");
3939 rep.suggestedTestResult = SslTestResult::Undefined;
4040 rep.comment = QString("socket error");
4141 rep.isPassed = false;
4242 return rep;
43 } else if (client.socketErrors().contains(QAbstractSocket::UnknownSocketError)) {
43 } else if (client->socketErrors().contains(QAbstractSocket::UnknownSocketError)) {
4444 rep.report = QString("unknown socket error occuried");
4545 rep.suggestedTestResult = SslTestResult::Undefined;
4646 rep.comment = QString("socket error");
5555 return rep;
5656 }
5757
58 const SslCheckReport SslCheckNoData::doCheck(const ClientInfo &client) const
59 {
60 SslCheckReport rep;
61
62 if ((client.rawDataRecv().size() == 0)
63 && !client.socketErrors().contains(QAbstractSocket::RemoteHostClosedError)
64 && client.socketErrors().contains(QAbstractSocket::SocketTimeoutError)) {
58 const SslCheckReport SslCheckNoData::doCheck(const ClientInfo *client) const
59 {
60 SslCheckReport rep;
61
62 if ((client->rawDataRecv().size() == 0)
63 && !client->socketErrors().contains(QAbstractSocket::RemoteHostClosedError)
64 && client->socketErrors().contains(QAbstractSocket::SocketTimeoutError)) {
6565 rep.report = QString("no data was transmitted before timeout expired");
6666 rep.suggestedTestResult = SslTestResult::Undefined;
6767 rep.comment = QString("broken client");
6969 return rep;
7070 }
7171
72 if ((client.rawDataRecv().size() == 0)
73 && client.socketErrors().contains(QAbstractSocket::RemoteHostClosedError)
74 && !client.socketErrors().contains(QAbstractSocket::SocketTimeoutError)) {
72 if ((client->rawDataRecv().size() == 0)
73 && client->socketErrors().contains(QAbstractSocket::RemoteHostClosedError)
74 && !client->socketErrors().contains(QAbstractSocket::SocketTimeoutError)) {
7575 rep.report = QString("client closed the connection without transmitting any data");
7676 rep.suggestedTestResult = SslTestResult::Undefined;
7777 rep.comment = QString("broken client");
7979 return rep;
8080 }
8181
82 if (client.rawDataRecv().size() > 0) {
82 if (client->rawDataRecv().size() > 0) {
8383 rep.report = QString("");
8484 rep.suggestedTestResult = SslTestResult::Undefined;
8585 rep.comment = QString("");
9494 return rep;
9595 }
9696
97 const SslCheckReport SslCheckNonSslData::doCheck(const ClientInfo &client) const
98 {
99 SslCheckReport rep;
100
101 if (client.hasHelloMessage()) {
97 const SslCheckReport SslCheckNonSslData::doCheck(const ClientInfo *client) const
98 {
99 SslCheckReport rep;
100
101 if (client->hasHelloMessage()) {
102102 rep.report = QString("");
103103 rep.suggestedTestResult = SslTestResult::Undefined;
104104 rep.comment = QString("");
106106 return rep;
107107 }
108108
109 if ((client.rawDataRecv().size() > 0)
110 && !client.hasHelloMessage()
111 && ((client.sslErrorsStr().filter(QString("SSL23_GET_CLIENT_HELLO:http request")).size() > 0)
112 || (client.sslErrorsStr().filter(QString("SSL23_GET_CLIENT_HELLO:unknown protocol")).size() > 0))) {
109 if ((client->rawDataRecv().size() > 0)
110 && !client->hasHelloMessage()
111 && ((client->sslErrorsStr().filter(QString("SSL23_GET_CLIENT_HELLO:http request")).size() > 0)
112 || (client->sslErrorsStr().filter(QString("SSL23_GET_CLIENT_HELLO:unknown protocol")).size() > 0))) {
113113 rep.report = QString("%1 bytes of unexpected protocol were received before the connection was closed")
114 .arg(client.rawDataRecv().size());
115 rep.suggestedTestResult = SslTestResult::Undefined;
116 rep.comment = QString("broken client");
117 rep.isPassed = false;
118 return rep;
119 }
120
121 if ((client.rawDataRecv().size() > 0)
122 && !client.hasHelloMessage()
123 && client.socketErrors().contains(QAbstractSocket::RemoteHostClosedError)
124 && !client.socketErrors().contains(QAbstractSocket::SocketTimeoutError)) {
114 .arg(client->rawDataRecv().size());
115 rep.suggestedTestResult = SslTestResult::Undefined;
116 rep.comment = QString("broken client");
117 rep.isPassed = false;
118 return rep;
119 }
120
121 if ((client->rawDataRecv().size() > 0)
122 && !client->hasHelloMessage()
123 && client->socketErrors().contains(QAbstractSocket::RemoteHostClosedError)
124 && !client->socketErrors().contains(QAbstractSocket::SocketTimeoutError)) {
125125 rep.report = QString("%1 non-SSL bytes were received before client closed the connection")
126 .arg(client.rawDataRecv().size());
127 rep.suggestedTestResult = SslTestResult::Undefined;
128 rep.comment = QString("broken client");
129 rep.isPassed = false;
130 return rep;
131 }
132
133 if ((client.rawDataRecv().size() > 0)
134 && !client.hasHelloMessage()
135 && !client.socketErrors().contains(QAbstractSocket::RemoteHostClosedError)
136 && client.socketErrors().contains(QAbstractSocket::SocketTimeoutError)) {
126 .arg(client->rawDataRecv().size());
127 rep.suggestedTestResult = SslTestResult::Undefined;
128 rep.comment = QString("broken client");
129 rep.isPassed = false;
130 return rep;
131 }
132
133 if ((client->rawDataRecv().size() > 0)
134 && !client->hasHelloMessage()
135 && !client->socketErrors().contains(QAbstractSocket::RemoteHostClosedError)
136 && client->socketErrors().contains(QAbstractSocket::SocketTimeoutError)) {
137137 rep.report = QString("%1 non-SSL bytes were received before timeout expired")
138 .arg(client.rawDataRecv().size());
138 .arg(client->rawDataRecv().size());
139139 rep.suggestedTestResult = SslTestResult::Undefined;
140140 rep.comment = QString("broken client");
141141 rep.isPassed = false;
143143 }
144144
145145 rep.report = QString("%1 bytes were received, however, unexpected set of other errors observed")
146 .arg(client.rawDataRecv().size());
146 .arg(client->rawDataRecv().size());
147147 rep.suggestedTestResult = SslTestResult::Undefined;
148148 rep.comment = QString("broken client");
149149 rep.isPassed = false;
150150 return rep;
151151 }
152152
153 const SslCheckReport SslCheckInvalidSsl::doCheck(const ClientInfo &client) const
154 {
155 SslCheckReport rep;
156
157 if (client.hasHelloMessage()
158 && !client.sslConnectionEstablished()
153 const SslCheckReport SslCheckInvalidSsl::doCheck(const ClientInfo *client) const
154 {
155 SslCheckReport rep;
156
157 if (client->hasHelloMessage()
158 && !client->sslConnectionEstablished()
159159 // specifically checking that there are no SSL-related errors
160 && (((client.sslErrorsStr().size() == 1) && client.sslErrorsStr().contains("Network operation timed out"))
161 || (client.sslErrorsStr().size() == 0))) {
160 && (((client->sslErrorsStr().size() == 1) && client->sslErrorsStr().contains("Network operation timed out"))
161 || (client->sslErrorsStr().size() == 0))) {
162162 // client sent HELLO, but as SSL errors list is empty and encrypted connection
163163 // was not established, something went wrong in the middle of handshake
164164 // thus, consider client as non-SSL
176176 return rep;
177177 }
178178
179 const SslCheckReport SslCheckForGenericSslErrors::doCheck(const ClientInfo &client) const
180 {
181 SslCheckReport rep;
182
183 if (client.socketErrors().contains(QAbstractSocket::SslInternalError)
184 || client.socketErrors().contains(QAbstractSocket::SslInvalidUserDataError)) {
179 const SslCheckReport SslCheckForGenericSslErrors::doCheck(const ClientInfo *client) const
180 {
181 SslCheckReport rep;
182
183 if (client->socketErrors().contains(QAbstractSocket::SslInternalError)
184 || client->socketErrors().contains(QAbstractSocket::SslInvalidUserDataError)) {
185185 // somehow Firefox triggers SslInternalError when refusing the proposed certificate
186186 // checking it here
187 if (client.socketErrors().contains(QAbstractSocket::SslInternalError)) {
188 int idx = client.socketErrors().indexOf(QAbstractSocket::SslInternalError);
189 if ((client.sslErrorsStr().at(idx).contains("alert bad certificate"))
190 || (client.sslErrorsStr().at(idx).contains("alert unknown ca"))) {
187 if (client->socketErrors().contains(QAbstractSocket::SslInternalError)) {
188 int idx = client->socketErrors().indexOf(QAbstractSocket::SslInternalError);
189 if ((client->sslErrorsStr().at(idx).contains("alert bad certificate"))
190 || (client->sslErrorsStr().at(idx).contains("alert unknown ca"))) {
191191 rep.report = QString("");
192192 rep.suggestedTestResult = SslTestResult::Undefined;
193193 rep.comment = QString("");
202202 return rep;
203203 }
204204
205 if (!client.sslConnectionEstablished()
206 && (client.socketErrors().contains(QAbstractSocket::SslHandshakeFailedError)
207 && ((client.sslErrorsStr().filter(QString("SSL23_GET_CLIENT_HELLO:unknown protocol")).size() > 0)
208 || (client.sslErrorsStr().filter(QString("ssl3_get_client_hello:wrong version number")).size() > 0)))) {
205 if (!client->sslConnectionEstablished()
206 && (client->socketErrors().contains(QAbstractSocket::SslHandshakeFailedError)
207 && ((client->sslErrorsStr().filter(QString("SSL23_GET_CLIENT_HELLO:unknown protocol")).size() > 0)
208 || (client->sslErrorsStr().filter(QString("ssl3_get_client_hello:wrong version number")).size() > 0)))) {
209209 rep.report = QString("secure connection was not established, %1 bytes of unsupported TLS/SSL protocol were received before the connection was closed")
210 .arg(client.rawDataRecv().size());
210 .arg(client->rawDataRecv().size());
211211 rep.suggestedTestResult = SslTestResult::Undefined;
212212 rep.comment = QString("client proposed unsupported TLS/SSL protocol");
213213 rep.isPassed = false;
221221 return rep;
222222 }
223223
224 const SslCheckReport SslCheckConnectionEstablished::doCheck(const ClientInfo &client) const
225 {
226 SslCheckReport rep;
227
228 if (client.sslConnectionEstablished()
229 && (client.interceptedData().size() > 0)) {
224 const SslCheckReport SslCheckConnectionEstablished::doCheck(const ClientInfo *client) const
225 {
226 SslCheckReport rep;
227
228 if (client->sslConnectionEstablished()
229 && (client->interceptedData().size() > 0)) {
230230 rep.report = QString("test failed, client accepted fake certificate, data was intercepted");
231231 rep.suggestedTestResult = SslTestResult::DataIntercepted;
232232 rep.comment = QString("mitm possible");
234234 return rep;
235235 }
236236
237 if (client.sslConnectionEstablished()
238 && (client.interceptedData().size() == 0)
239 && ((client.dtlsMode() && !client.dtlsErrors().contains(XDtlsError::RemoteClosedConnectionError))
240 || (!client.dtlsMode() && !client.socketErrors().contains(QAbstractSocket::RemoteHostClosedError)))) {
237 if (client->sslConnectionEstablished()
238 && (client->interceptedData().size() == 0)
239 && ((client->dtlsMode() && !client->dtlsErrors().contains(XDtlsError::RemoteClosedConnectionError))
240 || (!client->dtlsMode() && !client->socketErrors().contains(QAbstractSocket::RemoteHostClosedError)))) {
241241 rep.report = QString("test failed, client accepted fake certificate, but no data transmitted");
242242 rep.suggestedTestResult = SslTestResult::CertAccepted;
243243 rep.comment = QString("mitm possible");
246246 }
247247
248248 // this is a controversion situation
249 if (client.sslConnectionEstablished()
250 && (client.interceptedData().size() == 0)
251 && ((client.dtlsMode() && client.dtlsErrors().contains(XDtlsError::RemoteClosedConnectionError))
252 || (!client.dtlsMode() && client.socketErrors().contains(QAbstractSocket::RemoteHostClosedError)))) {
249 if (client->sslConnectionEstablished()
250 && (client->interceptedData().size() == 0)
251 && ((client->dtlsMode() && client->dtlsErrors().contains(XDtlsError::RemoteClosedConnectionError))
252 || (!client->dtlsMode() && client->socketErrors().contains(QAbstractSocket::RemoteHostClosedError)))) {
253253 rep.report = QString("test result not clear, client established TLS session but disconnected without data transmission and explicit error message");
254254 rep.suggestedTestResult = SslTestResult::Undefined;
255255 rep.comment = QString("consider PASSED for clients which send data on the first connection. other clients test with complete MitM setup (see --forward)");
257257 return rep;
258258 }
259259
260 if (client.sslConnectionEstablished()) {
260 if (client->sslConnectionEstablished()) {
261261 rep.report = QString("unhandled case! please report it to developers!");
262262 rep.suggestedTestResult = SslTestResult::UnhandledCase;
263263 rep.comment = QString("report this to developers");
272272 return rep;
273273 }
274274
275 const SslCheckReport SslCheckCertificateRefused::doCheck(const ClientInfo &client) const
275 const SslCheckReport SslCheckCertificateRefused::doCheck(const ClientInfo *client) const
276276 {
277277 SslCheckReport rep;
278278
279279 rep.suggestedTestResult = SslTestResult::Success;
280280 rep.isPassed = true;
281281
282 if (!client.sslConnectionEstablished()
283 && (client.dtlsMode() || (!client.dtlsMode() && client.socketErrors().contains(QAbstractSocket::SslHandshakeFailedError)))
284 && ((client.sslErrorsStr().filter(QString("certificate unknown")).size() > 0)
285 || (client.sslErrorsStr().filter(QString("unknown ca")).size() > 0)
286 || (client.sslErrorsStr().filter(QString("bad certificate")).size() > 0))) {
282 if (!client->sslConnectionEstablished()
283 && (client->dtlsMode() || (!client->dtlsMode() && client->socketErrors().contains(QAbstractSocket::SslHandshakeFailedError)))
284 && ((client->sslErrorsStr().filter(QString("certificate unknown")).size() > 0)
285 || (client->sslErrorsStr().filter(QString("unknown ca")).size() > 0)
286 || (client->sslErrorsStr().filter(QString("bad certificate")).size() > 0))) {
287287 rep.report = QString("client accepted our protocol but explicitly refused our certificate");
288288 rep.suggestedTestResult = SslTestResult::ProtoAcceptedWithErr;
289289 rep.comment = QString("");
294294 return rep;
295295 }
296296
297 const SslCheckReport SslCheckHttpsClient::doCheck(const ClientInfo &client) const
298 {
299 SslCheckReport rep;
300
301 if (client.hasHelloMessage()
302 && (client.tlsHelloInfo.hnd_hello.alpn.contains(QByteArray("h2"))
303 || client.tlsHelloInfo.hnd_hello.alpn.contains(QByteArray("http/1.1")))) {
297 const SslCheckReport SslCheckNoSharedCipher::doCheck(const ClientInfo *client) const
298 {
299 SslCheckReport rep;
300
301 rep.suggestedTestResult = SslTestResult::Success;
302 rep.isPassed = true;
303
304 if (!client->sslConnectionEstablished()
305 && (client->sslErrorsStr().filter(QString("no shared cipher")).size() > 0)) {
306 rep.report = QString("client accepted our protocol but explicitly refused our ciphers");
307 rep.suggestedTestResult = SslTestResult::Undefined;
308 rep.comment = QString("");
309 rep.isPassed = false;
310 return rep;
311 }
312
313 return rep;
314 }
315
316 const SslCheckReport SslCheckHttpsClient::doCheck(const ClientInfo *client) const
317 {
318 SslCheckReport rep;
319
320 if (client->hasHelloMessage()
321 && (client->tlsHelloInfo.hnd_hello.alpn.contains(QByteArray("h2"))
322 || client->tlsHelloInfo.hnd_hello.alpn.contains(QByteArray("http/1.1")))) {
304323 rep.report = QString("client identifies itself as HTTPS client");
305324 rep.suggestedTestResult = SslTestResult::Success;
306325 rep.comment = QString("");
308327 return rep;
309328 }
310329
311 if (client.hasHelloMessage()
312 && client.tlsHelloInfo.hnd_hello.alpn.isEmpty()) {
313 rep.report = QString("client does not explitictly defines expected protocol");
330 if (client->hasHelloMessage()
331 && client->tlsHelloInfo.hnd_hello.alpn.isEmpty()) {
332 rep.report = QString("client does not explitictly define application layer protocol");
314333 rep.suggestedTestResult = SslTestResult::Undefined;
315334 rep.comment = QString("");
316335 rep.isPassed = false;
+20
-9
src/libqsslcaudit/sslcheck.h less more
1111 SslCheckForGenericSslErrors,
1212 SslCheckConnectionEstablished,
1313 SslCheckCertificateRefused,
14 SslCheckNoSharedCipher,
1415 SslCheckHttpsClient,
1516 };
1617
4041 virtual ~SslCheck();
4142
4243 const SslCheckInfo getInfo() { return info; }
43 virtual const SslCheckReport doCheck(const ClientInfo &client) const = 0;
44 virtual const SslCheckReport doCheck(const ClientInfo *client) const = 0;
4445
4546 protected:
4647 SslCheckInfo info;
5354 info.id = SslCheckId::SslCheckSocketErrors;
5455 info.descr = QString("check if there are any errors reported by network socket");
5556 }
56 const SslCheckReport doCheck(const ClientInfo &client) const;
57 const SslCheckReport doCheck(const ClientInfo *client) const;
5758 };
5859
5960 class SslCheckNoData : public SslCheck
6364 info.id = SslCheckId::SslCheckNoData;
6465 info.descr = QString("check if no data was transmitted");
6566 }
66 const SslCheckReport doCheck(const ClientInfo &client) const;
67 const SslCheckReport doCheck(const ClientInfo *client) const;
6768 };
6869
6970 class SslCheckNonSslData : public SslCheck
7374 info.id = SslCheckId::SslCheckNonSslData;
7475 info.descr = QString("check if data transmitted does not have valid HELLO message");
7576 }
76 const SslCheckReport doCheck(const ClientInfo &client) const;
77 const SslCheckReport doCheck(const ClientInfo *client) const;
7778 };
7879
7980 class SslCheckInvalidSsl : public SslCheck
8384 info.id = SslCheckId::SslCheckInvalidSsl;
8485 info.descr = QString("check if the client is non-SSL or is broken in another way");
8586 }
86 const SslCheckReport doCheck(const ClientInfo &client) const;
87 const SslCheckReport doCheck(const ClientInfo *client) const;
8788 };
8889
8990 class SslCheckForGenericSslErrors : public SslCheck
9394 info.id = SslCheckId::SslCheckForGenericSslErrors;
9495 info.descr = QString("check if there are generic SSL errors during handshake");
9596 }
96 const SslCheckReport doCheck(const ClientInfo &client) const;
97 const SslCheckReport doCheck(const ClientInfo *client) const;
9798 };
9899
99100 class SslCheckConnectionEstablished : public SslCheck
103104 info.id = SslCheckId::SslCheckConnectionEstablished;
104105 info.descr = QString("check if SSL connection was established");
105106 }
106 const SslCheckReport doCheck(const ClientInfo &client) const;
107 const SslCheckReport doCheck(const ClientInfo *client) const;
107108 };
108109
109110 class SslCheckCertificateRefused : public SslCheck
113114 info.id = SslCheckId::SslCheckCertificateRefused;
114115 info.descr = QString("check if client explicitly refused server certificate");
115116 }
116 const SslCheckReport doCheck(const ClientInfo &client) const;
117 const SslCheckReport doCheck(const ClientInfo *client) const;
118 };
119
120 class SslCheckNoSharedCipher : public SslCheck
121 {
122 public:
123 SslCheckNoSharedCipher() {
124 info.id = SslCheckId::SslCheckNoSharedCipher;
125 info.descr = QString("check if client did not accept any of server ciphers");
126 }
127 const SslCheckReport doCheck(const ClientInfo *client) const;
117128 };
118129
119130 class SslCheckHttpsClient : public SslCheck
123134 info.id = SslCheckId::SslCheckHttpsClient;
124135 info.descr = QString("check if client identifies itself as HTTPS one");
125136 }
126 const SslCheckReport doCheck(const ClientInfo &client) const;
137 const SslCheckReport doCheck(const ClientInfo *client) const;
127138 };
128139
129140 #endif // SSLCHECK_H
+45
-22
src/libqsslcaudit/sslserver.cpp less more
55 #include "dtlsserver.h"
66
77
8 SslServer::SslServer(const SslUserSettings &settings,
8 SslServer::SslServer(const SslUserSettings *settings,
99 QList<XSslCertificate> localCert,
1010 XSslKey privateKey,
1111 XSsl::SslProtocol sslProtocol,
1212 QList<XSslCipher> sslCiphers,
1313 QObject *parent) : QObject(parent)
1414 {
15 m_listenAddress = settings.getListenAddress();
16 m_listenPort = settings.getListenPort();
17 m_dtlsMode = settings.getUseDtls();
15 m_listenAddress = settings->getListenAddress();
16 m_listenPort = settings->getListenPort();
17 m_dtlsMode = settings->getUseDtls();
1818
1919 tcpsServer = nullptr;
2020 dtlsServer = nullptr;
2828 connect(tcpsServer, &TcpsServer::rawDataCollected, this, &SslServer::rawDataCollected);
2929 connect(tcpsServer, &TcpsServer::sslHandshakeFinished, this, &SslServer::sslHandshakeFinished);
3030 connect(tcpsServer, &TcpsServer::peerVerifyError, this, &SslServer::peerVerifyError);
31
32 connect(tcpsServer, &TcpsServer::newConnection, this, &SslServer::handleIncomingConnection);
33
3134 connect(tcpsServer, &TcpsServer::newPeer, this, &SslServer::newPeer);
35
36 connect(tcpsServer, &TcpsServer::sessionFinished, this, &SslServer::handleSessionFinished);
3237 } else {
3338 dtlsServer = new DtlsServer(settings, localCert, privateKey, sslProtocol, sslCiphers, this);
3439
3641 connect(dtlsServer, &DtlsServer::dtlsHandshakeError, this, &SslServer::dtlsHandshakeError, Qt::DirectConnection);
3742 connect(dtlsServer, &DtlsServer::dataIntercepted, this, &SslServer::dataIntercepted, Qt::DirectConnection);
3843 connect(dtlsServer, &DtlsServer::sslHandshakeFinished, this, &SslServer::sslHandshakeFinished, Qt::DirectConnection);
44 connect(dtlsServer, &DtlsServer::rawDataCollected, this, &SslServer::rawDataCollected, Qt::DirectConnection);
45
46 connect(dtlsServer, &DtlsServer::newConnection, this, &SslServer::handleIncomingConnection);
47
3948 connect(dtlsServer, &DtlsServer::newPeer, this, &SslServer::newPeer, Qt::DirectConnection);
40 connect(dtlsServer, &DtlsServer::rawDataCollected, this, &SslServer::rawDataCollected, Qt::DirectConnection);
49
50 connect(dtlsServer, &DtlsServer::sessionFinished, this, &SslServer::handleSessionFinished);
4151 }
4252 }
4353
4454 SslServer::~SslServer()
4555 {
46 if (tcpsServer) {
47 tcpsServer->close();
48 delete tcpsServer;
49 }
50 if (dtlsServer) {
51 dtlsServer->close();
52 delete dtlsServer;
53 }
56 if (tcpsServer)
57 tcpsServer->deleteLater();
58 if (dtlsServer)
59 dtlsServer->deleteLater();
5460 }
5561
5662 bool SslServer::listen()
6975
7076 VERBOSE(QString("listening on %1:%2").arg(m_listenAddress.toString()).arg(m_listenPort));
7177 return true;
72 }
73
74 bool SslServer::waitForClient()
75 {
76 if (!m_dtlsMode) {
77 return tcpsServer->waitForNewConnection(-1);
78 } else {
79 return dtlsServer->waitForNewClient();
80 }
8178 }
8279
8380 void SslServer::handleIncomingConnection()
114111 }
115112 return QString("");
116113 }
114
115 void SslServer::handleSessionFinished()
116 {
117 if (!m_dtlsMode) {
118 tcpsServer->close();
119 } else {
120 dtlsServer->close();
121 }
122
123 emit sessionFinished();
124 }
125
126 void SslServer::handleSigInt()
127 {
128 // we handle SIGINT only to break forwarding process gracefully
129 // in case we are not in forwarding state, just exit
130 if (!m_dtlsMode) {
131 if (!tcpsServer->isForwarding())
132 exit(0);
133 tcpsServer->handleSigInt();
134 } else {
135 if (!dtlsServer->isForwarding())
136 exit(0);
137 dtlsServer->handleSigInt();
138 }
139 }
+8
-3
src/libqsslcaudit/sslserver.h less more
3838 StartTlsUnknownProtocol = -1
3939 };
4040
41 SslServer(const SslUserSettings &settings,
41 SslServer(const SslUserSettings *settings,
4242 QList<XSslCertificate> localCert,
4343 XSslKey privateKey,
4444 XSsl::SslProtocol sslProtocol,
4747 ~SslServer();
4848
4949 bool listen();
50 bool waitForClient();
51 void handleIncomingConnection();
5250
5351 static QString dtlsErrorToString(XDtlsError error);
52
53 void handleSigInt();
5454
5555 signals:
5656 void sslSocketErrors(const QList<XSslError> &sslErrors,
6464
6565 void dtlsHandshakeError(const XDtlsError, const QString &);
6666
67 void sessionFinished();
68
6769 private:
70 void handleIncomingConnection();
71 void handleSessionFinished();
72
6873 QHostAddress m_listenAddress;
6974 quint16 m_listenPort;
7075 bool m_dtlsMode;
+12
-9
src/libqsslcaudit/ssltest.cpp less more
33 #include "ssltests.h"
44 #include "ciphers.h"
55 #include "sslcheck.h"
6 #include "sslusersettings.h"
67
78 #ifdef UNSAFE
89 #include <openssl-unsafe/ssl.h>
6162 return true;
6263 }
6364
64 void SslCertificatesTest::calcResults(const ClientInfo client)
65 void SslCertificatesTest::calcResults(const ClientInfo *client)
6566 {
6667 SslCheckReport rep;
6768 QVector<SslCheck *> checks;
7475 checks << new SslCheckInvalidSsl();
7576
7677 checks << new SslCheckForGenericSslErrors();
78
79 checks << new SslCheckNoSharedCipher();
7780
7881 for (int i = 0; i < checks.size(); i++) {
7982 rep = checks.at(i)->doCheck(client);
116119 m_resultComment = QString("");
117120 }
118121
119 void SslProtocolsCiphersTest::calcResults(const ClientInfo client)
122 void SslProtocolsCiphersTest::calcResults(const ClientInfo *client)
120123 {
121124 SslCheckReport rep;
122125 QVector<SslCheck *> checks;
161164 m_resultComment = QString("");
162165 }
163166
164 bool SslProtocolsCiphersTest::prepare(const SslUserSettings &settings)
167 bool SslProtocolsCiphersTest::prepare(const SslUserSettings *settings)
165168 {
166169 // in case of DTLS omit protocols test for normal TLS
167170 switch (m_id) {
171174 case SslTestId::SslTestCiphersDtls12Exp:
172175 case SslTestId::SslTestCiphersDtls12Low:
173176 case SslTestId::SslTestCiphersDtls12Med:
174 if (!settings.getUseDtls())
177 if (!settings->getUseDtls())
175178 return false;
176179 break;
177180 default:
178 if (settings.getUseDtls())
181 if (settings->getUseDtls())
179182 return false;
180183 }
181184
182185 XSslKey key;
183 QList<XSslCertificate> chain = settings.getUserCert();
186 QList<XSslCertificate> chain = settings->getUserCert();
184187 if (chain.size() != 0) {
185 key = settings.getUserKey();
188 key = settings->getUserKey();
186189 }
187190
188191 if ((chain.size() == 0) || key.isNull()) {
189192 QString cn;
190193
191 if (settings.getUserCN().length() > 0) {
192 cn = settings.getUserCN();
194 if (settings->getUserCN().length() > 0) {
195 cn = settings->getUserCN();
193196 } else {
194197 cn = "www.example.com";
195198 }
+7
-7
src/libqsslcaudit/ssltest.h less more
1414 #include <QSslConfiguration>
1515 #endif
1616
17 #include "sslusersettings.h"
1817 #include "ssltestresult.h"
19 #include "clientinfo.h"
2018
19 class SslUserSettings;
20 class ClientInfo;
2121
2222 enum class SslTestGroup {
2323 Certificates,
6969 void clear();
7070
7171 // implemented by a particular tests
72 virtual bool prepare(const SslUserSettings &settings) = 0;
73 virtual void calcResults(const ClientInfo client) = 0;
72 virtual bool prepare(const SslUserSettings *settings) = 0;
73 virtual void calcResults(const ClientInfo *client) = 0;
7474
7575 // test description
7676 SslTestId id() const { return m_id; }
132132 m_group = SslTestGroup::Certificates;
133133 }
134134
135 virtual void calcResults(const ClientInfo client);
135 virtual void calcResults(const ClientInfo *client);
136136
137137 };
138138
139139 class SslProtocolsCiphersTest : public SslTest
140140 {
141141 public:
142 virtual bool prepare(const SslUserSettings &settings);
143 virtual void calcResults(const ClientInfo client);
142 virtual bool prepare(const SslUserSettings *settings);
143 virtual void calcResults(const ClientInfo *client);
144144 virtual bool setProtoAndCiphers() = 0;
145145 protected:
146146 bool setProtoAndSupportedCiphers(XSsl::SslProtocol proto);
+144
-129
src/libqsslcaudit/ssltests.cpp less more
11 #include "ssltests.h"
22 #include "sslcertgen.h"
33 #include "debug.h"
4 #include "sslusersettings.h"
45 #include "openssl-helper.h"
56 #include "cve-2020-0601_poc.h"
67
5960 }
6061 }
6162
62 bool SslTestCertCustom1::prepare(const SslUserSettings &settings)
63 bool SslTestCertCustom1::prepare(const SslUserSettings *settings)
6364 {
6465 // if user did not provide a certificate, do not emit error, just skip test initialization
65 if (settings.getUserCertPath().isEmpty()) {
66 return false;
67 }
68
69 QList<XSslCertificate> chain = settings.getUserCert();
66 if (settings->getUserCertPath().isEmpty()) {
67 return false;
68 }
69
70 QList<XSslCertificate> chain = settings->getUserCert();
7071 if (chain.size() == 0) {
7172 RED("can not parse user-supplied certificate");
7273 return false;
7475
7576 m_localCertsChain = chain;
7677
77 XSslKey key = settings.getUserKey();
78 XSslKey key = settings->getUserKey();
7879 if (key.isNull()) {
7980 RED("can not parse user-supplied key");
8081 return false;
8283
8384 m_privateKey = key;
8485
85 m_sslCiphers = XSslConfiguration::supportedCiphers();
86 // DTLS mode requires specific protocol to be set
87 if (settings.getUseDtls()) {
88 m_sslProtocol = XSsl::DtlsV1_0OrLater;
89 } else {
90 m_sslProtocol = XSsl::AnyProtocol;
91 }
92
93 return true;
94 }
95
96
97 bool SslTestCertSS1::prepare(const SslUserSettings &settings)
86 m_sslCiphers = settings->getSupportedCiphers().count() ?
87 settings->getSupportedCiphers() : XSslConfiguration::supportedCiphers();
88
89 // DTLS mode requires specific protocol to be set
90 if (settings->getUseDtls()) {
91 m_sslProtocol = XSsl::DtlsV1_0OrLater;
92 } else {
93 m_sslProtocol = XSsl::AnyProtocol;
94 }
95
96 return true;
97 }
98
99
100 bool SslTestCertSS1::prepare(const SslUserSettings *settings)
98101 {
99102 QPair<XSslCertificate, XSslKey> cert;
100103
101 if (settings.getUserCN().length() != 0) {
102 QString cn = settings.getUserCN();
104 if (settings->getUserCN().length() != 0) {
105 QString cn = settings->getUserCN();
103106
104107 cert = SslCertGen::genSignedCert(cn);
105 } else if (settings.getServerAddr().length() != 0) {
106 XSslCertificate basecert = settings.getPeerCertificates().first();
108 } else if (settings->getServerAddr().length() != 0) {
109 XSslCertificate basecert = settings->getPeerCertificates().first();
107110
108111 cert = SslCertGen::genSignedCertFromTemplate(basecert);
109112 } else {
116119 m_localCertsChain = chain;
117120 m_privateKey = cert.second;
118121
119 m_sslCiphers = XSslConfiguration::supportedCiphers();
120 // DTLS mode requires specific protocol to be set
121 if (settings.getUseDtls()) {
122 m_sslProtocol = XSsl::DtlsV1_0OrLater;
123 } else {
124 m_sslProtocol = XSsl::AnyProtocol;
125 }
126
127 return true;
128 }
129
130
131 bool SslTestCertSS2::prepare(const SslUserSettings &settings)
122 m_sslCiphers = settings->getSupportedCiphers().count() ?
123 settings->getSupportedCiphers() : XSslConfiguration::supportedCiphers();
124
125 // DTLS mode requires specific protocol to be set
126 if (settings->getUseDtls()) {
127 m_sslProtocol = XSsl::DtlsV1_0OrLater;
128 } else {
129 m_sslProtocol = XSsl::AnyProtocol;
130 }
131
132 return true;
133 }
134
135
136 bool SslTestCertSS2::prepare(const SslUserSettings *settings)
132137 {
133138 QPair<XSslCertificate, XSslKey> cert = SslCertGen::genSignedCert("www.example.com");
134139
138143 m_localCertsChain = chain;
139144 m_privateKey = cert.second;
140145
141 m_sslCiphers = XSslConfiguration::supportedCiphers();
142 // DTLS mode requires specific protocol to be set
143 if (settings.getUseDtls()) {
144 m_sslProtocol = XSsl::DtlsV1_0OrLater;
145 } else {
146 m_sslProtocol = XSsl::AnyProtocol;
147 }
148
149 return true;
150 }
151
152
153 bool SslTestCertCustom2::prepare(const SslUserSettings &settings)
146 m_sslCiphers = settings->getSupportedCiphers().count() ?
147 settings->getSupportedCiphers() : XSslConfiguration::supportedCiphers();
148
149 // DTLS mode requires specific protocol to be set
150 if (settings->getUseDtls()) {
151 m_sslProtocol = XSsl::DtlsV1_0OrLater;
152 } else {
153 m_sslProtocol = XSsl::AnyProtocol;
154 }
155
156 return true;
157 }
158
159
160 bool SslTestCertCustom2::prepare(const SslUserSettings *settings)
154161 {
155162 QPair<QList<XSslCertificate>, XSslKey> generatedCert;
156163
157 QList<XSslCertificate> chain = settings.getUserCert();
164 QList<XSslCertificate> chain = settings->getUserCert();
158165 if (chain.size() == 0)
159166 return false;
160167
161 XSslKey key = settings.getUserKey();
168 XSslKey key = settings->getUserKey();
162169 if (key.isNull())
163170 return false;
164171
165 if (settings.getUserCN().length() != 0) {
166 QString cn = settings.getUserCN();
172 if (settings->getUserCN().length() != 0) {
173 QString cn = settings->getUserCN();
167174
168175 generatedCert = SslCertGen::genSignedByCACert(cn, chain.at(0), key);
169 } else if (settings.getServerAddr().length() != 0) {
170 XSslCertificate basecert = settings.getPeerCertificates().first();
176 } else if (settings->getServerAddr().length() != 0) {
177 XSslCertificate basecert = settings->getPeerCertificates().first();
171178
172179 generatedCert = SslCertGen::genSignedByCACertFromTemplate(basecert, chain.at(0), key);
173180 } else {
179186 m_localCertsChain = generatedCert.first;
180187 m_privateKey = generatedCert.second;
181188
182 m_sslCiphers = XSslConfiguration::supportedCiphers();
183 // DTLS mode requires specific protocol to be set
184 if (settings.getUseDtls()) {
185 m_sslProtocol = XSsl::DtlsV1_0OrLater;
186 } else {
187 m_sslProtocol = XSsl::AnyProtocol;
188 }
189
190 return true;
191 }
192
193
194 bool SslTestCertCustom3::prepare(const SslUserSettings &settings)
195 {
196 QList<XSslCertificate> chain = settings.getUserCert();
189 m_sslCiphers = settings->getSupportedCiphers().count() ?
190 settings->getSupportedCiphers() : XSslConfiguration::supportedCiphers();
191
192 // DTLS mode requires specific protocol to be set
193 if (settings->getUseDtls()) {
194 m_sslProtocol = XSsl::DtlsV1_0OrLater;
195 } else {
196 m_sslProtocol = XSsl::AnyProtocol;
197 }
198
199 return true;
200 }
201
202
203 bool SslTestCertCustom3::prepare(const SslUserSettings *settings)
204 {
205 QList<XSslCertificate> chain = settings->getUserCert();
197206 if (chain.size() == 0)
198207 return false;
199208
200 XSslKey key = settings.getUserKey();
209 XSslKey key = settings->getUserKey();
201210 if (key.isNull())
202211 return false;
203212
208217 m_localCertsChain = generatedCert.first;
209218 m_privateKey = generatedCert.second;
210219
211 m_sslCiphers = XSslConfiguration::supportedCiphers();
212 // DTLS mode requires specific protocol to be set
213 if (settings.getUseDtls()) {
214 m_sslProtocol = XSsl::DtlsV1_0OrLater;
215 } else {
216 m_sslProtocol = XSsl::AnyProtocol;
217 }
218
219 return true;
220 }
221
222
223 bool SslTestCertCA1::prepare(const SslUserSettings &settings)
220 m_sslCiphers = settings->getSupportedCiphers().count() ?
221 settings->getSupportedCiphers() : XSslConfiguration::supportedCiphers();
222
223 // DTLS mode requires specific protocol to be set
224 if (settings->getUseDtls()) {
225 m_sslProtocol = XSsl::DtlsV1_0OrLater;
226 } else {
227 m_sslProtocol = XSsl::AnyProtocol;
228 }
229
230 return true;
231 }
232
233
234 bool SslTestCertCA1::prepare(const SslUserSettings *settings)
224235 {
225236 QString cn;
226237
227 if (settings.getUserCN().length() != 0) {
228 cn = settings.getUserCN();
229 } else if (settings.getServerAddr().length() != 0) {
230 cn = settings.getPeerCertificates().first().subjectInfo(XSslCertificate::CommonName).first();
231 } else {
232 return false;
233 }
234
235 QList<XSslCertificate> chain = settings.getUserCaCert();
238 if (settings->getUserCN().length() != 0) {
239 cn = settings->getUserCN();
240 } else if (settings->getServerAddr().length() != 0) {
241 cn = settings->getPeerCertificates().first().subjectInfo(XSslCertificate::CommonName).first();
242 } else {
243 return false;
244 }
245
246 QList<XSslCertificate> chain = settings->getUserCaCert();
236247 if (chain.size() == 0)
237248 return false;
238249
239 XSslKey key = settings.getUserCaKey();
250 XSslKey key = settings->getUserCaKey();
240251 if (key.isNull())
241252 return false;
242253
248259 m_localCertsChain = generatedCert.first;
249260 m_privateKey = generatedCert.second;
250261
251 m_sslCiphers = XSslConfiguration::supportedCiphers();
252 // DTLS mode requires specific protocol to be set
253 if (settings.getUseDtls()) {
254 m_sslProtocol = XSsl::DtlsV1_0OrLater;
255 } else {
256 m_sslProtocol = XSsl::AnyProtocol;
257 }
258
259 return true;
260 }
261
262
263 bool SslTestCertCA2::prepare(const SslUserSettings &settings)
264 {
265 QList<XSslCertificate> chain = settings.getUserCaCert();
262 m_sslCiphers = settings->getSupportedCiphers().count() ?
263 settings->getSupportedCiphers() : XSslConfiguration::supportedCiphers();
264
265 // DTLS mode requires specific protocol to be set
266 if (settings->getUseDtls()) {
267 m_sslProtocol = XSsl::DtlsV1_0OrLater;
268 } else {
269 m_sslProtocol = XSsl::AnyProtocol;
270 }
271
272 return true;
273 }
274
275
276 bool SslTestCertCA2::prepare(const SslUserSettings *settings)
277 {
278 QList<XSslCertificate> chain = settings->getUserCaCert();
266279 if (chain.size() == 0)
267280 return false;
268281
269 XSslKey key = settings.getUserCaKey();
282 XSslKey key = settings->getUserCaKey();
270283 if (key.isNull())
271284 return false;
272285
277290 m_localCertsChain = generatedCert.first;
278291 m_privateKey = generatedCert.second;
279292
280 m_sslCiphers = XSslConfiguration::supportedCiphers();
281 // DTLS mode requires specific protocol to be set
282 if (settings.getUseDtls()) {
293 m_sslCiphers = settings->getSupportedCiphers().count() ?
294 settings->getSupportedCiphers() : XSslConfiguration::supportedCiphers();
295
296 // DTLS mode requires specific protocol to be set
297 if (settings->getUseDtls()) {
283298 m_sslProtocol = XSsl::DtlsV1_0OrLater;
284299 } else {
285300 m_sslProtocol = XSsl::AnyProtocol;
412427 return setProtoAndMediumCiphers(XSsl::DtlsV1_2);
413428 }
414429
415 bool SslTestCertCve20200601::prepare(const SslUserSettings &settings)
430 bool SslTestCertCve20200601::prepare(const SslUserSettings *settings)
416431 {
417432 XSslCertificate caCert;
418433 QByteArray caSN;
421436 bool ret = false;
422437
423438 // if user provided CA cert, use it as a base one
424 QList<XSslCertificate> chain = settings.getUserCaCert();
439 QList<XSslCertificate> chain = settings->getUserCaCert();
425440 if (chain.size() == 0) {
426441 // ok, no CA cert, may be remote server is provided?
427 if (settings.getServerAddr().length() != 0) {
442 if (settings->getServerAddr().length() != 0) {
428443 // assume that CA will be last in the list
429 caCert = settings.getPeerCertificates().last();
444 caCert = settings->getPeerCertificates().last();
430445 // get common name of the host
431 targetCN = settings.getPeerCertificates().first().subjectInfo(XSslCertificate::CommonName).first();
446 targetCN = settings->getPeerCertificates().first().subjectInfo(XSslCertificate::CommonName).first();
432447 }
433448 } else {
434449 caCert = chain.at(0);
472487 caPubKey.resize(caPubKeyLen);
473488
474489 // decide what target common name to use
475 if (settings.getUserCN().size() > 0) {
476 targetCN = settings.getUserCN();
490 if (settings->getUserCN().size() > 0) {
491 targetCN = settings->getUserCN();
477492 }
478493 if (targetCN.size() == 0) {
479494 targetCN = "www.example.com";
552567
553568 m_sslCiphers = XSslConfiguration::supportedCiphers();
554569 // DTLS mode requires specific protocol to be set
555 if (settings.getUseDtls()) {
556 m_sslProtocol = XSsl::DtlsV1_0OrLater;
557 } else {
558 m_sslProtocol = XSsl::AnyProtocol;
559 }
560
561 return true;
562 }
570 if (settings->getUseDtls()) {
571 m_sslProtocol = XSsl::DtlsV1_0OrLater;
572 } else {
573 m_sslProtocol = XSsl::AnyProtocol;
574 }
575
576 return true;
577 }
+8
-8
src/libqsslcaudit/ssltests.h less more
4242 m_name = "custom certificate trust";
4343 m_description = "certificate trust test with user-supplied certificate";
4444 }
45 bool prepare(const SslUserSettings &settings);
45 bool prepare(const SslUserSettings *settings);
4646
4747 };
4848
5454 m_name = "self-signed certificate for target domain trust";
5555 m_description = "certificate trust test with self-signed certificate for user-supplied common name";
5656 }
57 bool prepare(const SslUserSettings &settings);
57 bool prepare(const SslUserSettings *settings);
5858
5959 };
6060
6666 m_name = "self-signed certificate for invalid domain trust";
6767 m_description = "certificate trust test with self-signed certificate for www.example.com";
6868 }
69 bool prepare(const SslUserSettings &settings);
69 bool prepare(const SslUserSettings *settings);
7070
7171 };
7272
7878 m_name = "custom certificate for target domain trust";
7979 m_description = "certificate trust test with user-supplied common name signed by user-supplied certificate";
8080 }
81 bool prepare(const SslUserSettings &settings);
81 bool prepare(const SslUserSettings *settings);
8282
8383 };
8484
9090 m_name = "custom certificate for invalid domain trust";
9191 m_description = "certificate trust test with www.example.com common name signed by user-supplied certificate";
9292 }
93 bool prepare(const SslUserSettings &settings);
93 bool prepare(const SslUserSettings *settings);
9494
9595 };
9696
102102 m_name = "certificate for target domain signed by custom CA trust";
103103 m_description = "certificate trust test with user-supplied common name signed by user-supplied CA certificate";
104104 }
105 bool prepare(const SslUserSettings &settings);
105 bool prepare(const SslUserSettings *settings);
106106
107107 };
108108
114114 m_name = "certificate for invalid domain signed by custom CA trust";
115115 m_description = "certificate trust test with www.example.com common name signed by user-supplied CA certificate";
116116 }
117 bool prepare(const SslUserSettings &settings);
117 bool prepare(const SslUserSettings *settings);
118118
119119 };
120120
378378 m_name = "CVE-2020-0601 ECC cert trust";
379379 m_description = "test for trusting certificate signed by private key with custom curve";
380380 }
381 bool prepare(const SslUserSettings &settings);
381 bool prepare(const SslUserSettings *settings);
382382
383383 };
384384
+18
-0
src/libqsslcaudit/sslusersettings.cpp less more
3535 pidFile = "";
3636 useDtls = false;
3737 doubleFirstTest = false;
38 supportedCiphers = QList<XSslCipher>();
3839 }
3940
4041 void SslUserSettings::setListenAddress(const QHostAddress &addr)
383384 {
384385 return doubleFirstTest;
385386 }
387
388 void SslUserSettings::setSupportedCiphers(const QString &ciphers)
389 {
390 QStringList opensslCiphers = ciphers.split(":");
391
392 for (int i = 0; i < opensslCiphers.size(); i++) {
393 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
394
395 if (!cipher.isNull())
396 supportedCiphers << cipher;
397 }
398 }
399
400 QList<SslUnsafeCipher> SslUserSettings::getSupportedCiphers() const
401 {
402 return supportedCiphers;
403 }
+4
-0
src/libqsslcaudit/sslusersettings.h less more
7171 void setDoubleFirstTest(bool flag);
7272 bool getDoubleFirstTest() const;
7373
74 void setSupportedCiphers(const QString &ciphers);
75 QList<XSslCipher> getSupportedCiphers() const;
76
7477 private:
7578 QHostAddress listenAddress;
7679 quint16 listenPort;
8992 QString pidFile;
9093 bool useDtls;
9194 bool doubleFirstTest;
95 QList<XSslCipher> supportedCiphers;
9296 };
9397
9498 #endif // SSLUSERSETTINGS_H
+68
-23
src/libqsslcaudit/tcpsserver.cpp less more
22 #include "sslusersettings.h"
33 #include "starttls.h"
44
5 TcpsServer::TcpsServer(const SslUserSettings &settings,
5 TcpsServer::TcpsServer(const SslUserSettings *settings,
66 QList<XSslCertificate> localCert,
77 XSslKey privateKey,
88 XSsl::SslProtocol sslProtocol,
1414 m_sslProtocol(sslProtocol),
1515 m_sslCiphers(sslCiphers)
1616 {
17 m_startTlsProtocol = settings.getStartTlsProtocol();
18 m_forwardHost = settings.getForwardHostAddr();
19 m_forwardPort = settings.getForwardHostPort();
20 m_waitDataTimeout = settings.getWaitDataTimeout();
17 m_startTlsProtocol = settings->getStartTlsProtocol();
18 m_forwardHost = settings->getForwardHostAddr();
19 m_forwardPort = settings->getForwardHostPort();
20 m_waitDataTimeout = settings->getWaitDataTimeout();
21
22 m_isForwarding = false;
2123 }
2224
2325 void TcpsServer::handleStartTls(XSslSocket *const socket)
8991
9092 emit newPeer(sslSocket->peerAddress());
9193
94 // handling socket errors makes sence only in non-interception mode
95 connect(sslSocket, &XSslSocket::encrypted, this, &TcpsServer::handleSslHandshakeFinished);
96 connect(sslSocket, &XSslSocket::peerVerifyError, this, &TcpsServer::peerVerifyError);
97 connect(sslSocket, static_cast<void(XSslSocket::*)(const QList<XSslError> &)>(&XSslSocket::sslErrors),
98 this, &TcpsServer::sslErrors);
99
92100 if (!m_forwardHost.isNull()) {
93101 // this will loop until connection is interrupted
94102 proxyConnection(sslSocket);
95103 } else {
96 // handling socket errors makes sence only in non-interception mode
97
98 connect(sslSocket, &XSslSocket::encrypted, this, &TcpsServer::handleSslHandshakeFinished);
99 connect(sslSocket, &XSslSocket::peerVerifyError, this, &TcpsServer::peerVerifyError);
100 connect(sslSocket, static_cast<void(XSslSocket::*)(const QList<XSslError> &)>(&XSslSocket::sslErrors),
101 this, &TcpsServer::sslErrors);
102
103104 // no 'forward' option -- just read the first packet of unencrypted data and close the connection
104105 if (sslSocket->waitForReadyRead(m_waitDataTimeout)) {
105106 QByteArray message = sslSocket->readAll();
110111 } else {
111112 VERBOSE("no unencrypted data received (" + sslSocket->errorString() + ")");
112113 }
114 }
113115
114116 #ifdef UNSAFE_QSSL
115 emit rawDataCollected(sslSocket->getRawReadData(), sslSocket->getRawWrittenData());
117 emit rawDataCollected(sslSocket->getRawReadData(), sslSocket->getRawWrittenData());
116118 #endif
117119
118 sslSocket->disconnectFromHost();
119 if (sslSocket->state() != QAbstractSocket::UnconnectedState)
120 sslSocket->waitForDisconnected();
121 VERBOSE("disconnected");
122 }
120 sslSocket->disconnectFromHost();
121 if (sslSocket->state() != QAbstractSocket::UnconnectedState)
122 sslSocket->waitForDisconnected();
123 sslSocket->deleteLater();
124
125 VERBOSE("disconnected");
126
127 emit sessionFinished();
123128 }
124129
125130 void TcpsServer::proxyConnection(XSslSocket *sslSocket)
129134 // - synchronously read data from ssl socket
130135 // - synchronously send this data to proxy
131136 QTcpSocket proxy;
137 QByteArray data;
138
139 // before connecting to the proxy, collect data from the socket
140 // it will make tests decision logic happy
141 // we also need waitFor() here. it gives some windows for signal/slots subsystem to
142 // process all events from SSL socket
143 if (sslSocket->waitForReadyRead(100)) {
144 data = sslSocket->readAll();
145 emit dataIntercepted(data);
146 }
132147
133148 proxy.connectToHost(m_forwardHost, m_forwardPort);
134149
138153 WHITE("forwarding incoming data to the provided proxy");
139154 WHITE("to get test results, relauch this app without 'forward' option");
140155
141 while (1) {
156 // disconnect socket errors slot, otherwise it will flood us with 'timeout' errors
157 disconnect(sslSocket, static_cast<void(XSslSocket::*)(QAbstractSocket::SocketError)>(&XSslSocket::error),
158 this, &TcpsServer::handleSocketError);
159
160 // start with sending previously read data
161 proxy.write(data);
162
163 // we wait until one of the communicating parties disconnect the socket
164 // or SIGINT is sent
165 m_stopForwarding = false;
166 m_isForwarding = true;
167
168 while (!m_stopForwarding) {
142169 if (sslSocket->state() == QAbstractSocket::UnconnectedState)
143170 break;
144171 if (proxy.state() == QAbstractSocket::UnconnectedState)
145172 break;
146173
147174 if (sslSocket->waitForReadyRead(100)) {
148 QByteArray data = sslSocket->readAll();
175 data = sslSocket->readAll();
149176
150177 emit dataIntercepted(data);
151178
153180 }
154181
155182 if (proxy.waitForReadyRead(100)) {
156 sslSocket->write(proxy.readAll());
183 data = proxy.readAll();
184
185 emit dataIntercepted(data);
186
187 sslSocket->write(data);
157188 }
158189 }
159 }
160 }
190
191 // return socket errors handling
192 connect(sslSocket, static_cast<void(XSslSocket::*)(QAbstractSocket::SocketError)>(&XSslSocket::error),
193 this, &TcpsServer::handleSocketError);
194 }
195 }
196
197 bool TcpsServer::isForwarding()
198 {
199 return m_isForwarding;
200 }
201
202 void TcpsServer::handleSigInt()
203 {
204 m_stopForwarding = true;
205 }
+7
-1
src/libqsslcaudit/tcpsserver.h less more
1111 Q_OBJECT
1212
1313 public:
14 TcpsServer(const SslUserSettings &settings,
14 TcpsServer(const SslUserSettings *settings,
1515 QList<XSslCertificate> localCert,
1616 XSslKey privateKey,
1717 XSsl::SslProtocol sslProtocol,
3232 void peerVerifyError(const XSslError &error);
3333 void sslErrors(const QList<XSslError> &errors);
3434 void newPeer(const QHostAddress &peerAddress);
35 void sessionFinished();
3536
3637 private:
3738 void handleStartTls(XSslSocket *const socket);
3839 void handleSocketError(QAbstractSocket::SocketError socketError);
3940 void handleSslHandshakeFinished();
4041 void proxyConnection(XSslSocket *sslSocket);
42 void handleSigInt();
43 bool isForwarding();
4144
4245 QList<XSslCertificate> m_sslCertsChain;
4346 XSslKey m_sslPrivateKey;
4952 quint16 m_forwardPort;
5053 quint32 m_waitDataTimeout;
5154
55 bool m_stopForwarding;
56 bool m_isForwarding;
57
5258 friend class SslServer;
5359 };
5460
+189
-0
src/libqsslcaudit/testserver.cpp less more
0 #include "testserver.h"
1 #include "debug.h"
2 #include "ssltest.h"
3 #include "sslserver.h"
4 #include "clientinfo.h"
5 #include "sslusersettings.h"
6
7 // for msleep()
8 #include <QThread>
9
10 TestServer::TestServer(SslTest *sslTest, const SslUserSettings *settings,
11 QObject *parent) :
12 QObject(parent),
13 sslSettings(settings),
14 sslTest(sslTest)
15 {
16 clientInfo = new ClientInfo();
17 clientInfo->setDtlsMode(settings->getUseDtls());
18
19 sslServer = new SslServer(settings,
20 sslTest->localCert(),
21 sslTest->privateKey(),
22 sslTest->sslProtocol(),
23 sslTest->sslCiphers(),
24 this);
25
26 // can be emitted by both TCP and UDP servers
27 connect(sslServer, &SslServer::sslSocketErrors, this, &TestServer::handleSslSocketErrors);
28
29 // can be emitted by TCP server only
30 connect(sslServer, &SslServer::sslErrors, [=](const QList<XSslError> &errors) {
31 VERBOSE("SSL errors detected:");
32 XSslError error;
33 foreach (error, errors) {
34 VERBOSE("\t" + error.errorString());
35 clientInfo->addSslErrorString(error.errorString());
36 }
37 clientInfo->addSslErrors(errors);
38 });
39
40 // can be emitted by UDP server only
41 connect(sslServer, &SslServer::dtlsHandshakeError, [=](const XDtlsError error, const QString &errorStr) {
42 VERBOSE("DTLS error detected:");
43 VERBOSE(QString("\t%1(%2)").arg(errorStr).arg(SslServer::dtlsErrorToString(error)));
44 clientInfo->addSslErrorString(errorStr);
45 clientInfo->addDtlsError(error);
46 });
47
48 // can be emitted by both TCP and UDP servers
49 connect(sslServer, &SslServer::dataIntercepted, [=](const QByteArray &data) {
50 clientInfo->addInterceptedData(data);
51 });
52
53 // can be emitted by both TCP and UDP servers
54 connect(sslServer, &SslServer::rawDataCollected, [=](const QByteArray &rdData, const QByteArray &wrData) {
55 clientInfo->addRawDataRecv(rdData);
56 clientInfo->addRawDataSent(wrData);
57 });
58
59 // can be emitted by both TCP and UDP servers
60 connect(sslServer, &SslServer::sslHandshakeFinished, [=](const QList<XSslCertificate> &clientCerts) {
61 VERBOSE("SSL connection established");
62 if (clientCerts.size() > 0) {
63 VERBOSE(QString("\tclient supplied chain of %1 certificates").arg(clientCerts.size()));
64 for (int i = 0; i < clientCerts.size(); i++) {
65 VERBOSE(clientCerts.at(i).toPem());
66 }
67 }
68
69 clientInfo->setSslConnectionStatus(true);
70 });
71
72 // can be emitted by TCP server only
73 // for UDP see QDtls::peerVerificationErrors(), however, it does not make sense anyway
74 connect(sslServer, &SslServer::peerVerifyError, [=](const XSslError &error) {
75 VERBOSE("peer verify error:");
76 VERBOSE("\t" + error.errorString());
77 });
78
79 // can be emitted by both TCP and UDP servers
80 connect(sslServer, &SslServer::newPeer, [=](const QHostAddress &peerAddress) {
81 clientInfo->setSourceHost(peerAddress.toString());
82 });
83
84 // client disconnected or similar
85 connect(sslServer, &SslServer::sessionFinished, this, &TestServer::handleSessionFinished);
86
87 // we handle SIGINT only to break forwarding process gracefully
88 // in case we are not in forwarding state, just exit
89 connect(this, &TestServer::sigIntHandled, sslServer, &SslServer::handleSigInt);
90 }
91
92 TestServer::~TestServer()
93 {
94 delete clientInfo;
95 sslServer->deleteLater();
96 }
97
98 void TestServer::runTest()
99 {
100 WHITE(QString("running test #%1: %2").arg(static_cast<int>(sslTest->id()) + 1)
101 .arg(sslTest->description()));
102
103 // when doing many tests in a row creating a new listener too soon after the previous
104 // has finished may cause weird errors in some clients. in most cases this will be an
105 // iOS mobile app
106 // this can be easily avoided by the following weird delay. this does not impact on
107 // our tests but solves the weird issue with clients. technically, can be set as
108 // another user option, but it will be too much as for me
109 QThread::msleep(500);
110
111 sslTest->clear();
112 clientInfo->clear();
113
114 if (!sslServer->listen()) {
115 RED("failure during listener initialization, test will not continue");
116 sslTest->calcResults(clientInfo);
117 emit sslTestFinished();
118 return;
119 }
120
121 // check if *server* was not able to setup SSL connection
122 // to check this we need to see if we already received some SSL errors
123 // if this is the case -- then those errors are about SSL initialization
124 if ((clientInfo->sslErrorsStr().size() > 0)
125 || (clientInfo->socketErrors().size() > 0)) {
126 RED("failure during SSL initialization, test will not continue");
127
128 for (int i = 0; i < clientInfo->sslErrorsStr().size(); i++) {
129 VERBOSE("\t" + clientInfo->sslErrorsStr().at(i));
130 }
131
132 sslTest->calcResults(clientInfo);
133 emit sslTestFinished();
134 return;
135 }
136
137 emit sslTestReady();
138 }
139
140 void TestServer::handleSessionFinished()
141 {
142 sslTest->calcResults(clientInfo);
143
144 WHITE("report:");
145
146 if (sslTest->result() != SslTestResult::Success) {
147 RED(sslTest->report());
148 } else {
149 GREEN(sslTest->report());
150 }
151
152 WHITE("result: " + sslTestResultToStatus(sslTest->result()));
153
154 WHITE("test finished");
155
156 emit sslTestFinished();
157 }
158
159 void TestServer::handleSslSocketErrors(const QList<XSslError> &sslErrors,
160 const QString &errorStr, QAbstractSocket::SocketError socketError)
161 {
162 VERBOSE(QString("socket error: %1 (#%2)").arg(errorStr).arg(socketError));
163
164 clientInfo->addSslErrors(sslErrors);
165 clientInfo->addSslErrorString(errorStr);
166 clientInfo->addSocketErrors(QList<QAbstractSocket::SocketError>() << socketError);
167
168 switch (socketError) {
169 case QAbstractSocket::SslInvalidUserDataError:
170 VERBOSE("\tInvalid data (certificate, key, cypher, etc.) was provided and its use resulted in an error in the SSL library.");
171 break;
172 case QAbstractSocket::SslInternalError:
173 VERBOSE("\tThe SSL library being used reported an internal error. This is probably the result of a bad installation or misconfiguration of the library.");
174 break;
175 case QAbstractSocket::SslHandshakeFailedError:
176 if (errorStr.contains(QString("ssl3_get_client_hello:no shared cipher"))) {
177 VERBOSE("\tThe SSL/TLS handshake failed (client did not provide expected ciphers), so the connection was closed.");
178 } else if (errorStr.contains(QString("ssl3_read_bytes:tlsv1 alert protocol version"))) {
179 VERBOSE("\tThe SSL/TLS handshake failed (client refused the proposed protocol), so the connection was closed.");
180 } else {
181 VERBOSE("\tThe SSL/TLS handshake failed, so the connection was closed.");
182 }
183 break;
184 default:
185 // just ignore all other errors
186 break;
187 }
188 }
+56
-0
src/libqsslcaudit/testserver.h less more
0 #ifndef TESTSERVER_H
1 #define TESTSERVER_H
2
3 #include <QObject>
4 #include <QAbstractSocket>
5
6 #ifdef UNSAFE_QSSL
7 #include "sslunsafeerror.h"
8 #else
9 #include <QSslError>
10 #endif
11
12
13 class SslUserSettings;
14 class SslTest;
15 class SslServer;
16 class ClientInfo;
17
18 class TestServer : public QObject
19 {
20 Q_OBJECT
21
22 public:
23 TestServer(SslTest *sslTest, const SslUserSettings *settings,
24 QObject *parent = nullptr);
25 ~TestServer();
26
27 const SslTest *getSslTest() {
28 return sslTest;
29 }
30
31 const ClientInfo *getClientInfo() {
32 return clientInfo;
33 }
34
35 public slots:
36 void runTest();
37
38 signals:
39 void sslTestReady();
40 void sslTestFinished();
41 void sigIntHandled();
42
43 private:
44 void handleSslSocketErrors(const QList<XSslError> &sslErrors,
45 const QString &errorStr, QAbstractSocket::SocketError socketError);
46 void handleSessionFinished();
47
48 const SslUserSettings *sslSettings;
49 SslTest *sslTest;
50 SslServer *sslServer;
51 ClientInfo *clientInfo;
52
53 };
54
55 #endif // TESTSERVER_H
+1
-2
src/libqsslcaudit/tlshello.cpp less more
22 #include <QtEndian>
33 #include <QDebug>
44
5 // this we need only for TlsClientHello type
6 #include "ssltest.h"
5 #include "clientinfo.h"
76
87 // taken from packet-{d,t}ls.c, wireshark source code
98
+53
-17
src/main.cpp less more
22 #include "sslusersettings.h"
33 #include "ssltests.h"
44 #include "sslcaudit.h"
5 #include "ciphers.h"
6 #include "sigwatch.h"
57
68 #include <QCoreApplication>
79 #include <QCommandLineParser>
810 #include <QThread>
911 #include <QHostAddress>
1012 #include <QFile>
11
13 #include <QTimer>
1214
1315 static QList<int> selectedTests;
1416
17
18 void showCiphersGroup(const QString &groupName, const QString &ciphersStr)
19 {
20 QStringList opensslCiphers = ciphersStr.split(":");
21 QString supportedCiphersStr;
22
23 VERBOSE(" " + groupName + ":");
24
25 for (int i = 0; i < opensslCiphers.size(); i++) {
26 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
27
28 if (!cipher.isNull())
29 supportedCiphersStr += opensslCiphers.at(i) + ":";
30 }
31
32 supportedCiphersStr.chop(1);
33
34 VERBOSE(" " + supportedCiphersStr);
35 }
36
37 void showCiphers()
38 {
39 VERBOSE("supported ciphers:");
40 showCiphersGroup("EXPORT", ciphers_export_str);
41 showCiphersGroup("LOW", ciphers_low_str);
42 showCiphersGroup("MEDIUM", ciphers_medium_str);
43 showCiphersGroup("HIGH", ciphers_high_str);
44 }
1545
1646 void parseOptions(const QCoreApplication &a, SslUserSettings *settings)
1747 {
98128 settings->setUseDtls(true);
99129 }
100130 if (parser.isSet(showciphersOption)) {
101 SslCAudit::showCiphers();
131 showCiphers();
102132 exit(0);
103133 }
104134 if (parser.isSet(listenAddressOption)) {
263293 }
264294
265295
266 QList<SslTest *> prepareSslTests(const SslUserSettings &settings)
296 QList<SslTest *> prepareSslTests(const SslUserSettings *settings)
267297 {
268298 QList<SslTest *> ret;
269299 bool doubled = false;
277307 ret << test;
278308
279309 // dublicate the first test if requested
280 if (!doubled && settings.getDoubleFirstTest()) {
310 if (!doubled && settings->getDoubleFirstTest()) {
281311 doubled = true;
282312 test = sslTestsFactory.create(static_cast<SslTestId>(selectedTests.at(i)));
283313 test->prepare(settings);
307337 QFile::remove(pidFile);
308338 }
309339
310
311340 int main(int argc, char *argv[])
312341 {
313342 QCoreApplication a(argc, argv);
319348 // has to be called even before parsing options
320349 fillSslTestsFactory();
321350
322 SslUserSettings settings;
323
324 parseOptions(a, &settings);
351 SslUserSettings *settings = new SslUserSettings();
352
353 parseOptions(a, settings);
325354
326355 QList<SslTest *> sslTests = prepareSslTests(settings);
327356
357 SslCAudit *caudit = new SslCAudit(settings);
358
359 caudit->setSslTests(sslTests);
360
328361 QThread thread;
329 SslCAudit *caudit = new SslCAudit(settings);
330
331 caudit->setSslTests(sslTests);
362
363 QObject::connect(&thread, &QThread::finished, caudit, &QObject::deleteLater);
364
332365 caudit->moveToThread(&thread);
333 QObject::connect(&thread, &QThread::finished, caudit, &QObject::deleteLater);
334 QObject::connect(&thread, &QThread::started, caudit, &SslCAudit::run);
366 thread.start();
367
368 UnixSignalWatcher sigwatch;
369 sigwatch.watchForSignal(SIGINT);
370 QObject::connect(&sigwatch, &UnixSignalWatcher::unixSignal, caudit, &SslCAudit::handleSigInt);
335371
336372 QObject::connect(caudit, &SslCAudit::sslTestsFinished, [=](){
337373 caudit->printSummary();
339375
340376 VERBOSE(QString("%1 version: %2").arg(QCoreApplication::applicationName()).arg(QCoreApplication::applicationVersion()));
341377
342 if (settings.getOutputXml().length() > 0)
343 caudit->writeXmlSummary(settings.getOutputXml());
378 if (settings->getOutputXml().length() > 0)
379 caudit->writeXmlSummary(settings->getOutputXml());
344380
345381 qApp->exit();
346382 });
347383
348 QString pidFile = settings.getPidFile();
384 QString pidFile = settings->getPidFile();
349385 if (pidFile.length() > 0)
350386 createPidFile(pidFile);
351387
352 thread.start();
388 QTimer::singleShot(0, caudit, &SslCAudit::run);
353389
354390 int exitCode = a.exec();
355391
+176
-0
src/sigwatch.cpp less more
0 /*
1 * Unix signal watcher for Qt.
2 *
3 * Copyright (C) 2014 Simon Knopp
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to deal
7 * in the Software without restriction, including without limitation the rights
8 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 * SOFTWARE.
22 */
23
24 #include <sys/socket.h>
25 #include <unistd.h>
26 #include <errno.h>
27 #include <QMap>
28 #include <QSocketNotifier>
29 #include <QDebug>
30 #include "sigwatch.h"
31
32
33 /*!
34 * \brief The UnixSignalWatcherPrivate class implements the back-end signal
35 * handling for the UnixSignalWatcher.
36 *
37 * \see http://qt-project.org/doc/qt-5.0/qtdoc/unix-signals.html
38 */
39 class UnixSignalWatcherPrivate : public QObject
40 {
41 UnixSignalWatcher * const q_ptr;
42 Q_DECLARE_PUBLIC(UnixSignalWatcher)
43
44 public:
45 UnixSignalWatcherPrivate(UnixSignalWatcher *q);
46 ~UnixSignalWatcherPrivate();
47
48 void watchForSignal(int signal);
49 static void signalHandler(int signal);
50
51 void _q_onNotify(int sockfd);
52
53 private:
54 static int sockpair[2];
55 QSocketNotifier *notifier;
56 QList<int> watchedSignals;
57 };
58
59
60 int UnixSignalWatcherPrivate::sockpair[2];
61
62 UnixSignalWatcherPrivate::UnixSignalWatcherPrivate(UnixSignalWatcher *q) :
63 q_ptr(q)
64 {
65 // Create socket pair
66 if (::socketpair(AF_UNIX, SOCK_STREAM, 0, sockpair)) {
67 qDebug() << "UnixSignalWatcher: socketpair: " << ::strerror(errno);
68 return;
69 }
70
71 // Create a notifier for the read end of the pair
72 notifier = new QSocketNotifier(sockpair[1], QSocketNotifier::Read);
73 QObject::connect(notifier, SIGNAL(activated(int)), q, SLOT(_q_onNotify(int)));
74 notifier->setEnabled(true);
75 }
76
77 UnixSignalWatcherPrivate::~UnixSignalWatcherPrivate()
78 {
79 delete notifier;
80 }
81
82 /*!
83 * Registers a handler for the given Unix \a signal. The handler will write to
84 * a socket pair, the other end of which is connected to a QSocketNotifier.
85 * This provides a way to break out of the asynchronous context from which the
86 * signal handler is called and back into the Qt event loop.
87 */
88 void UnixSignalWatcherPrivate::watchForSignal(int signal)
89 {
90 if (watchedSignals.contains(signal)) {
91 qDebug() << "Already watching for signal" << signal;
92 return;
93 }
94
95 // Register a sigaction which will write to the socket pair
96 struct sigaction sigact;
97 sigact.sa_handler = UnixSignalWatcherPrivate::signalHandler;
98 sigact.sa_flags = 0;
99 ::sigemptyset(&sigact.sa_mask);
100 sigact.sa_flags |= SA_RESTART;
101 if (::sigaction(signal, &sigact, NULL)) {
102 qDebug() << "UnixSignalWatcher: sigaction: " << ::strerror(errno);
103 return;
104 }
105
106 watchedSignals.append(signal);
107 }
108
109 /*!
110 * Called when a Unix \a signal is received. Write to the socket to wake up the
111 * QSocketNotifier.
112 */
113 void UnixSignalWatcherPrivate::signalHandler(int signal)
114 {
115 ssize_t nBytes = ::write(sockpair[0], &signal, sizeof(signal));
116 Q_UNUSED(nBytes);
117 }
118
119 /*!
120 * Called when the signal handler has written to the socket pair. Emits the Unix
121 * signal as a Qt signal.
122 */
123 void UnixSignalWatcherPrivate::_q_onNotify(int sockfd)
124 {
125 Q_Q(UnixSignalWatcher);
126
127 int signal;
128 ssize_t nBytes = ::read(sockfd, &signal, sizeof(signal));
129 Q_UNUSED(nBytes);
130 qDebug() << "Caught signal:" << ::strsignal(signal);
131 emit q->unixSignal(signal);
132 }
133
134
135 /*!
136 * Create a new UnixSignalWatcher as a child of the given \a parent.
137 */
138 UnixSignalWatcher::UnixSignalWatcher(QObject *parent) :
139 QObject(parent),
140 d_ptr(new UnixSignalWatcherPrivate(this))
141 {
142 }
143
144 /*!
145 * Destroy this UnixSignalWatcher.
146 */
147 UnixSignalWatcher::~UnixSignalWatcher()
148 {
149 delete d_ptr;
150 }
151
152 /*!
153 * Register a signal handler for the given \a signal.
154 *
155 * After calling this method you can \c connect() to the unixSignal() Qt signal
156 * to be notified when the Unix signal is received.
157 */
158 void UnixSignalWatcher::watchForSignal(int signal)
159 {
160 Q_D(UnixSignalWatcher);
161 d->watchForSignal(signal);
162 }
163
164 /*!
165 * \fn void UnixSignalWatcher::unixSignal(int signal)
166 * Emitted when the given Unix \a signal is received.
167 *
168 * watchForSignal() must be called for each Unix signal that you want to receive
169 * via the unixSignal() Qt signal. If a watcher is watching multiple signals,
170 * unixSignal() will be emitted whenever *any* of the watched Unix signals are
171 * received, and the \a signal argument can be inspected to find out which one
172 * was actually received.
173 */
174
175 #include "moc_sigwatch.cpp"
+59
-0
src/sigwatch.h less more
0 /*
1 * Unix signal watcher for Qt.
2 *
3 * Copyright (C) 2014 Simon Knopp
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to deal
7 * in the Software without restriction, including without limitation the rights
8 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 * SOFTWARE.
22 */
23
24 #ifndef SIGWATCH_H
25 #define SIGWATCH_H
26
27 #include <QObject>
28 #include <signal.h>
29
30 class UnixSignalWatcherPrivate;
31
32
33 /*!
34 * \brief The UnixSignalWatcher class converts Unix signals to Qt signals.
35 *
36 * To watch for a given signal, e.g. \c SIGINT, call \c watchForSignal(SIGINT)
37 * and \c connect() your handler to unixSignal().
38 */
39
40 class UnixSignalWatcher : public QObject
41 {
42 Q_OBJECT
43 public:
44 explicit UnixSignalWatcher(QObject *parent = 0);
45 ~UnixSignalWatcher();
46
47 void watchForSignal(int signal);
48
49 signals:
50 void unixSignal(int signal);
51
52 private:
53 UnixSignalWatcherPrivate * const d_ptr;
54 Q_DECLARE_PRIVATE(UnixSignalWatcher)
55 Q_PRIVATE_SLOT(d_func(), void _q_onNotify(int))
56 };
57
58 #endif // SIGWATCH_H
+2
-0
src/unsafessl/sslunsaferingbuffer_p.h less more
5454 #include <QtCore/qbytearray.h>
5555 #include <QtCore/qvector.h>
5656
57 #include <climits>
58
5759 QT_BEGIN_NAMESPACE
5860
5961 #ifndef QRINGBUFFER_CHUNKSIZE
+4
-4
tests/CMakeLists.txt less more
6868 add_test(tests_SslTestCiphersDtls12Exp tests_SslTestCiphersDtls12Exp)
6969 endif()
7070
71 add_executable(tests_RecurrentRequests tests_RecurrentRequests.cpp test.h)
72 set_target_properties(tests_RecurrentRequests PROPERTIES AUTOMOC TRUE)
73 target_link_libraries(tests_RecurrentRequests qsslcaudit_lib)
74 add_test(NAME tests_RecurrentRequests COMMAND tests_RecurrentRequests 100)
71 add_executable(tests_MultipleTests tests_MultipleTests.cpp test.h)
72 set_target_properties(tests_MultipleTests PROPERTIES AUTOMOC TRUE)
73 target_link_libraries(tests_MultipleTests qsslcaudit_lib)
74 add_test(NAME tests_MultipleTests COMMAND tests_MultipleTests 100)
7575
7676 add_executable(tests_DifferentClientTypes tests_DifferentClientTypes.cpp test.h)
7777 set_target_properties(tests_DifferentClientTypes PROPERTIES AUTOMOC TRUE)
+59
-96
tests/test.h less more
22
33 #include "debug.h"
44 #include "sslcaudit.h"
5 #include "ssltest.h"
56 #include "ssltestresult.h"
7 #include "sslusersettings.h"
68
79 #include <QThread>
8
10 #include <QTimer>
911
1012 class Test : public QObject
1113 {
2527 ~Test() {
2628 sslCAuditThread.quit();
2729 sslCAuditThread.wait();
28 delete caudit;
30 caudit->deleteLater();
2931 }
3032
3133 int getId() { return id; }
4648 return sslTests.at(currentTestNum);
4749 }
4850
49 ClientInfo currentClient() {
51 const ClientInfo *currentClient() {
5052 return caudit->getClientInfo(currentTestNum);
5153 }
5254
5355 // required for "recurrentRequests" test
54 ClientInfo getClient(int testNum) {
56 const ClientInfo *getClient(int testNum) {
5557 return caudit->getClientInfo(testNum);
5658 }
5759
6769 virtual void startTests() {
6870 prepareTests();
6971 launchSslCAudit();
70 if (!waitForSslTestsFinished()) {
71 setResult(-1);
72 printTestFailed("tests are not finished in time");
73 }
7472 }
7573
7674 // called by Test class in prepareTests() method
9189 setTestsSettings();
9290
9391 for (int i = 0; i < sslTests.size(); i++) {
94 if (!sslTests.at(i)->prepare(testSettings)) {
92 if (!sslTests.at(i)->prepare(&testSettings)) {
9593 RED("failed to prepare test " + sslTests.at(i)->name());
9694 return;
9795 }
9896 }
9997
100 caudit = new SslCAudit(testSettings);
101
98 caudit = new SslCAudit(&testSettings);
99
100 caudit->moveToThread(&sslCAuditThread);
101 sslCAuditThread.start();
102
103 connect(caudit, &SslCAudit::sslTestReady, this, &Test::launchClientTest);
104 connect(caudit, &SslCAudit::sslTestFinished, this, &Test::handleTestFinished);
102105 connect(caudit, &SslCAudit::sslTestsFinished, this, &Test::handleAllTestsFinished);
103106
104 connect(caudit, &SslCAudit::sslTestReady, this, &Test::handleTestReady);
105
106 connect(caudit, &SslCAudit::sslTestFinished, this, &Test::handleTestFinished);
107
108 connect(&sslCAuditThread, &QThread::started, caudit, &SslCAudit::run);
109
110107 caudit->setSslTests(sslTests);
111 caudit->moveToThread(&sslCAuditThread);
112108 }
113109
114110 // asynchronously launches SslCAudit thread. this ends up with the first test becoming ready
115111 // this is supposed to be called by autotest
116112 void launchSslCAudit() {
117 // flush all the statuses
118 testIsReady = false;
119 testIsFinished = false;
120 testsAreFinished = false;
121
122 sslCAuditThread.quit();
123 sslCAuditThread.wait();
124
125 sslCAuditThread.start();
126 }
127
128 // synchronously waits for the current test to become ready
129 bool waitforSslTestReady() {
130 int count = 0;
131 int to = 5000;
132 while (!testIsReady && ++count < to/10)
133 QThread::msleep(10);
134
135 return testIsReady;
136 }
137
138 // synchronously waits for all the tests to finish
139 bool waitForSslTestsFinished() {
140 int count = 0;
141 // we have to wait more than the test will be executed
142 int to = static_cast<int>(2 * testSettings.getWaitDataTimeout()) * sslTests.size();
143 while (!testsAreFinished && ++count < to/10)
144 QThread::msleep(10);
145
146 return testsAreFinished;
147 }
148
149 // synchronously waits for the current test to finish
150 bool waitForSslTestFinished() {
151 int count = 0;
152 // we have to wait more than the test will be executed
153 int to = static_cast<int>(2 * testSettings.getWaitDataTimeout());
154 while (!testIsFinished && ++count < to/10)
155 QThread::msleep(10);
156
157 return testIsFinished;
113 QTimer::singleShot(0, caudit, &SslCAudit::run);
158114 }
159115
160116 // print helpers
179135 testResults[currentTestNum] = result;
180136 }
181137
138 signals:
139 void autotestFinished();
140
182141 private slots:
183 void handleAllTestsFinished() {
184 testsAreFinished = true;
185 }
186
187 void handleTestReady() {
188 testIsReady = true;
189 testIsFinished = false;
190
191 // executeNextSslTest() must set current test result to '0' if this stage succeeded
142 void launchClientTest() {
192143 setResult(-1);
193144 executeNextSslTest();
194145 }
195146
147 void handleAllTestsFinished() {
148 sslCAuditThread.quit();
149 sslCAuditThread.wait();
150 }
151
196152 void handleTestFinished() {
197 testIsFinished = true;
198
199 // if test failed during execution, do not even run results
200 // verification because it could produce false-positives
201 if (getResult() != 0) {
202 printTestFailed("test failed on execution");
153 verifySslTestResult();
154
155 if (currentTestNum == sslTests.size()-1) {
156 emit autotestFinished();
203157 } else {
204 verifySslTestResult();
205 }
206
207 currentTestNum++;
208 if (currentTestNum >= sslTests.size()) {
209 currentTestNum = sslTests.size()-1;
158 currentTestNum++;
210159 }
211160 }
212161
214163 int id;
215164 QString testBaseName;
216165 QVector<int> testResults;
217 bool testIsReady;
218 bool testIsFinished;
219 bool testsAreFinished;
166
220167 QThread sslCAuditThread;
221168 SslCAudit *caudit;
169
222170 int currentTestNum;
223171 QList<SslTest *> sslTests;
224172
232180 TestsLauncher(QList<Test *> sslTests, QObject *parent = nullptr) :
233181 QObject(parent),
234182 sslTests(sslTests)
235 {}
183 {
184 retCode = 0;
185
186 // re-parenting tests as they will belong to the main()'s thread
187 for (int i = 0; i < sslTests.size(); i++) {
188 sslTests.at(i)->setParent(this);
189 }
190 }
236191
237192 ~TestsLauncher() {}
238193
239 void launchTests()
240 {
241 retCode = 0;
242
243 while (sslTests.size() > 0) {
194 void launchNextTest()
195 {
196 if (sslTests.size() > 0) {
244197 Test *test = sslTests.takeFirst();
245198 launchSingleTest(test);
246 if (test->getResult() != 0) {
247 retCode = -1;
248 }
249 test->deleteLater();
250 }
251
252 emit autotestsFinished();
199 } else {
200 emit autotestsFinished();
201 }
253202 }
254203
255204 void launchSingleTest(Test *autotest)
256205 {
257206 WHITE(QString("launching autotest #%1").arg(autotest->getId()));
207
208 connect(autotest, &Test::autotestFinished, this, &TestsLauncher::handleAutotestFinished);
209
258210 autotest->startTests();
259211 }
260212
267219 void autotestsFinished();
268220
269221 private:
222 void handleAutotestFinished()
223 {
224 Test *autotest = qobject_cast<Test *>(sender());
225 if (autotest->getResult() != 0) {
226 retCode = -1;
227 }
228 autotest->deleteLater();
229
230 launchNextTest();
231 }
232
270233 QList<Test *> sslTests;
271234 int retCode;
272235
+280
-374
tests/tests_DifferentClientTypes.cpp less more
6161
6262 void executeNextSslTest()
6363 {
64 if (!socket)
64 if (!socket) {
6565 socket = new QTcpSocket;
6666
67 connect(socket, &QTcpSocket::connected, [=]() {
68 QThread::msleep(10);
69 socket->disconnectFromHost();
70 if (socket->state() != QAbstractSocket::UnconnectedState)
71 socket->waitForDisconnected();
72 });
73 }
74
6775 socket->connectToHost("localhost", 8443);
68
69 if (!socket->waitForConnected()) {
70 setResult(-1);
71 printTestFailed("can not connect to qsslcaudit");
72 } else {
73 QThread::msleep(10);
74 socket->disconnectFromHost();
75 if (socket->state() != QAbstractSocket::UnconnectedState)
76 socket->waitForDisconnected();
77 setResult(0);
78 }
7976 }
8077
8178 void verifySslTestResult()
115112
116113 void executeNextSslTest()
117114 {
118 if (!socket)
115 if (!socket) {
119116 socket = new QTcpSocket;
120117
118 connect(socket, &QTcpSocket::connected, [=]() {
119 QThread::msleep(5500);
120 socket->disconnectFromHost();
121 });
122 }
123
121124 socket->connectToHost("localhost", 8443);
122
123 if (!socket->waitForConnected()) {
124 setResult(-1);
125 printTestFailed("can not connect to qsslcaudit");
126 } else {
127 QThread::msleep(5500);
128 socket->disconnectFromHost();
129 setResult(0);
130 }
131125 }
132126
133127 void verifySslTestResult()
154148 public:
155149 Test03(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
156150 socket = nullptr;
151 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
157152 }
158153
159154 ~Test03() {
167162
168163 void executeNextSslTest()
169164 {
170 if (!socket)
165 if (!socket) {
171166 socket = new QTcpSocket;
172167
173 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
168 connect(socket, &QTcpSocket::connected, [=]() {
169 socket->write(data);
170 socket->flush();
171 QThread::msleep(10);
172 socket->disconnectFromHost();
173 if (socket->state() != QAbstractSocket::UnconnectedState)
174 socket->waitForDisconnected();
175 });
176 }
174177
175178 socket->connectToHost("localhost", 8443);
176
177 if (!socket->waitForConnected()) {
178 setResult(-1);
179 printTestFailed("can not connect to qsslcaudit");
180 } else {
181 socket->write(data);
182 socket->flush();
183 QThread::msleep(10);
184 socket->disconnectFromHost();
185 if (socket->state() != QAbstractSocket::UnconnectedState)
186 socket->waitForDisconnected();
187 setResult(0);
188 }
189179 }
190180
191181 void verifySslTestResult()
213203 public:
214204 Test04(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
215205 socket = nullptr;
206 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
216207 }
217208
218209 ~Test04() {
226217
227218 void executeNextSslTest()
228219 {
229 if (!socket)
220 if (!socket) {
230221 socket = new QTcpSocket;
231222
232 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
223 connect(socket, &QTcpSocket::connected, [=]() {
224 socket->write(data);
225 socket->flush();
226 QThread::msleep(5500);
227 socket->disconnectFromHost();
228 });
229 }
233230
234231 socket->connectToHost("localhost", 8443);
235
236 if (!socket->waitForConnected()) {
237 setResult(-1);
238 printTestFailed("can not connect to qsslcaudit");
239 } else {
240 socket->write(data);
241 socket->flush();
242 QThread::msleep(5500);
243 socket->disconnectFromHost();
244 setResult(0);
245 }
246232 }
247233
248234 void verifySslTestResult()
270256 public:
271257 Test05(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
272258 socket = nullptr;
259 data = QByteArray("ABCDEF");
273260 }
274261
275262 ~Test05() {
283270
284271 void executeNextSslTest()
285272 {
286 if (!socket)
273 if (!socket) {
287274 socket = new QTcpSocket;
288275
289 data = QByteArray("ABCDEF");
276 connect(socket, &QTcpSocket::connected, [=]() {
277 socket->write(data);
278 socket->flush();
279 QThread::msleep(10);
280 socket->disconnectFromHost();
281 if (socket->state() != QAbstractSocket::UnconnectedState)
282 socket->waitForDisconnected();
283 });
284 }
290285
291286 socket->connectToHost("localhost", 8443);
292
293 if (!socket->waitForConnected()) {
294 setResult(-1);
295 printTestFailed("can not connect to qsslcaudit");
296 } else {
297 socket->write(data);
298 socket->flush();
299 QThread::msleep(10);
300 socket->disconnectFromHost();
301 if (socket->state() != QAbstractSocket::UnconnectedState)
302 socket->waitForDisconnected();
303 setResult(0);
304 }
305287 }
306288
307289 void verifySslTestResult()
329311 public:
330312 Test06(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
331313 socket = nullptr;
314 data = QByteArray("ABCDEF");
332315 }
333316
334317 ~Test06() {
342325
343326 void executeNextSslTest()
344327 {
345 if (!socket)
328 if (!socket) {
346329 socket = new QTcpSocket;
347330
348 data = QByteArray("ABCDEF");
331 connect(socket, &QTcpSocket::connected, [=]() {
332 socket->write(data);
333 socket->flush();
334 QThread::msleep(5500);
335 socket->disconnectFromHost();
336 });
337 }
349338
350339 socket->connectToHost("localhost", 8443);
351
352 if (!socket->waitForConnected()) {
353 setResult(-1);
354 printTestFailed("can not connect to qsslcaudit");
355 } else {
356 socket->write(data);
357 socket->flush();
358 QThread::msleep(5500);
359 socket->disconnectFromHost();
360 setResult(0);
361 }
362340 }
363341
364342 void verifySslTestResult()
386364 public:
387365 Test07(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
388366 socket = nullptr;
367 data = QByteArray("ABCDEFGHIJKLMNOP\n");
389368 }
390369
391370 ~Test07() {
399378
400379 void executeNextSslTest()
401380 {
402 if (!socket)
381 if (!socket) {
403382 socket = new QTcpSocket;
404383
405 data = QByteArray("ABCDEFGHIJKLMNOP\n");
384 connect(socket, &QTcpSocket::connected, [=]() {
385 socket->write(data);
386 socket->flush();
387 QThread::msleep(10);
388 socket->disconnectFromHost();
389 if (socket->state() != QAbstractSocket::UnconnectedState)
390 socket->waitForDisconnected();
391 });
392 }
406393
407394 socket->connectToHost("localhost", 8443);
408
409 if (!socket->waitForConnected()) {
410 setResult(-1);
411 printTestFailed("can not connect to qsslcaudit");
412 } else {
413 socket->write(data);
414 socket->flush();
415 QThread::msleep(10);
416 socket->disconnectFromHost();
417 if (socket->state() != QAbstractSocket::UnconnectedState)
418 socket->waitForDisconnected();
419 setResult(0);
420 }
421395 }
422396
423397 void verifySslTestResult()
445419 public:
446420 Test08(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
447421 socket = nullptr;
422 data = QByteArray("ABCDEFGHIJKLMNOP\n");
448423 }
449424
450425 ~Test08() {
458433
459434 void executeNextSslTest()
460435 {
461 if (!socket)
436 if (!socket) {
462437 socket = new QTcpSocket;
463438
464 data = QByteArray("ABCDEFGHIJKLMNOP\n");
439 connect(socket, &QTcpSocket::connected, [=]() {
440 socket->write(data);
441 socket->flush();
442 QThread::msleep(5500);
443 socket->disconnectFromHost();
444 });
445 }
465446
466447 socket->connectToHost("localhost", 8443);
467
468 if (!socket->waitForConnected()) {
469 setResult(-1);
470 printTestFailed("can not connect to qsslcaudit");
471 } else {
472 socket->write(data);
473 socket->flush();
474 QThread::msleep(5500);
475 socket->disconnectFromHost();
476 setResult(0);
477 }
478448 }
479449
480450 void verifySslTestResult()
516486
517487 void executeNextSslTest()
518488 {
519 if (!socket)
489 if (!socket) {
520490 socket = new XSslSocket;
521491
522 socket->setProtocol(XSsl::SslV3);
523 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
492 socket->setProtocol(XSsl::SslV3);
493 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
494
495 connect(socket, &XSslSocket::encrypted, [=]() {
496 setResult(-1);
497 printTestFailed("encrypted session was established, but should not");
498 });
499 }
524500
525501 socket->connectToHostEncrypted("localhost", 8443);
526
527 if (!socket->waitForEncrypted()) {
528 setResult(0);
529 } else {
530 setResult(-1);
531 printTestFailed("encrypted session was established, but should not");
532 }
533 socket->disconnectFromHost();
534502 }
535503
536504 void verifySslTestResult()
571539
572540 void executeNextSslTest()
573541 {
574 if (!socket)
542 if (!socket) {
575543 socket = new XSslSocket;
576544
577 socket->setProtocol(XSsl::SslV3);
578 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
545 socket->setProtocol(XSsl::SslV3);
546 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
547
548 connect(socket, &XSslSocket::encrypted, [=]() {
549 QThread::msleep(5500);
550 socket->disconnectFromHost();
551 });
552 }
579553
580554 socket->connectToHostEncrypted("localhost", 8443);
581
582 if (!socket->waitForEncrypted()) {
583 setResult(-1);
584 printTestFailed("can not establish encrypted connection");
585 } else {
586 setResult(0);
587 QThread::msleep(5500);
588 socket->disconnectFromHost();
589 }
590555 }
591556
592557 void verifySslTestResult()
626591
627592 void executeNextSslTest()
628593 {
629 if (!socket)
594 if (!socket) {
630595 socket = new XSslSocket;
631596
632 socket->setProtocol(XSsl::SslV3);
633 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
597 socket->setProtocol(XSsl::SslV3);
598 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
599
600 connect(socket, &XSslSocket::encrypted, [=]() {
601 QThread::msleep(10);
602 socket->close();
603 });
604 }
634605
635606 socket->connectToHostEncrypted("localhost", 8443);
636
637 if (!socket->waitForEncrypted()) {
638 setResult(-1);
639 printTestFailed("can not establish encrypted connection");
640 } else {
641 QThread::msleep(10);
642 socket->close();
643 setResult(0);
644 }
645607 }
646608
647609 void verifySslTestResult()
668630 public:
669631 Test12(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
670632 socket = nullptr;
633 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
671634 }
672635
673636 ~Test12() {
681644
682645 void executeNextSslTest()
683646 {
684 if (!socket)
647 if (!socket) {
685648 socket = new XSslSocket;
686649
687 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
688
689 socket->setProtocol(XSsl::SslV3);
690 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
650 socket->setProtocol(XSsl::SslV3);
651 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
652
653 connect(socket, &XSslSocket::encrypted, [=]() {
654 socket->write(data);
655 socket->flush();
656 QThread::msleep(5500);
657 socket->disconnectFromHost();
658 });
659 }
691660
692661 socket->connectToHostEncrypted("localhost", 8443);
693
694 if (!socket->waitForEncrypted()) {
695 setResult(-1);
696 printTestFailed("can not establish encrypted connection");
697 } else {
698 socket->write(data);
699 socket->flush();
700 setResult(0);
701 QThread::msleep(5500);
702 socket->disconnectFromHost();
703 }
704662 }
705663
706664 void verifySslTestResult()
728686 public:
729687 Test13(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
730688 socket = nullptr;
689 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
731690 }
732691
733692 ~Test13() {
741700
742701 void executeNextSslTest()
743702 {
744 if (!socket)
703 if (!socket) {
745704 socket = new XSslSocket;
746705
747 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
748
749 socket->setProtocol(XSsl::SslV3);
750 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
706 socket->setProtocol(XSsl::SslV3);
707 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
708
709 connect(socket, &XSslSocket::encrypted, [=]() {
710 socket->write(data);
711 socket->flush();
712 QThread::msleep(10);
713 socket->disconnectFromHost();
714 if (socket->state() != QAbstractSocket::UnconnectedState)
715 socket->waitForDisconnected();
716 });
717 }
751718
752719 socket->connectToHostEncrypted("localhost", 8443);
753
754 if (!socket->waitForEncrypted()) {
755 setResult(-1);
756 printTestFailed("can not establish encrypted connection");
757 } else {
758 socket->write(data);
759 socket->flush();
760 QThread::msleep(10);
761 socket->disconnectFromHost();
762 if (socket->state() != QAbstractSocket::UnconnectedState)
763 socket->waitForDisconnected();
764 setResult(0);
765 }
766720 }
767721
768722 void verifySslTestResult()
804758
805759 void executeNextSslTest()
806760 {
807 if (!socket)
761 if (!socket) {
808762 socket = new XSslSocket;
809763
810 socket->setProtocol(XSsl::TlsV1_1);
811 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
764 socket->setProtocol(XSsl::TlsV1_1);
765 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
766
767 connect(socket, &XSslSocket::encrypted, [=]() {
768 printTestFailed("encrypted session was established, but should not");
769 });
770 }
812771
813772 socket->connectToHostEncrypted("localhost", 8443);
814
815 if (!socket->waitForEncrypted()) {
816 setResult(0);
817 } else {
818 setResult(-1);
819 printTestFailed("encrypted session was established, but should not");
820 }
821 socket->disconnectFromHost();
822773 }
823774
824775 void verifySslTestResult()
859810
860811 void executeNextSslTest()
861812 {
862 if (!socket)
813 if (!socket) {
863814 socket = new XSslSocket;
864815
865 socket->setProtocol(XSsl::TlsV1_1);
866 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
816 socket->setProtocol(XSsl::TlsV1_1);
817 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
818
819 connect(socket, &XSslSocket::encrypted, [=]() {
820 QThread::msleep(5500);
821 socket->disconnectFromHost();
822 });
823 }
867824
868825 socket->connectToHostEncrypted("localhost", 8443);
869
870 if (!socket->waitForEncrypted()) {
871 setResult(-1);
872 printTestFailed("can not establish encrypted connection");
873 } else {
874 QThread::msleep(5500);
875 socket->disconnectFromHost();
876 setResult(0);
877 }
878826 }
879827
880828 void verifySslTestResult()
914862
915863 void executeNextSslTest()
916864 {
917 if (!socket)
865 if (!socket) {
918866 socket = new XSslSocket;
919867
920 socket->setProtocol(XSsl::TlsV1_1);
921 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
868 socket->setProtocol(XSsl::TlsV1_1);
869 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
870
871 connect(socket, &XSslSocket::encrypted, [=]() {
872 QThread::msleep(10);
873 socket->close();
874 });
875 }
922876
923877 socket->connectToHostEncrypted("localhost", 8443);
924
925 if (!socket->waitForEncrypted()) {
926 setResult(-1);
927 printTestFailed("can not establish encrypted connection");
928 } else {
929 QThread::msleep(10);
930 socket->close();
931 setResult(0);
932 }
933878 }
934879
935880 void verifySslTestResult()
956901 public:
957902 Test17(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
958903 socket = nullptr;
904 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
959905 }
960906
961907 ~Test17() {
969915
970916 void executeNextSslTest()
971917 {
972 if (!socket)
918 if (!socket) {
973919 socket = new XSslSocket;
974920
975 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
976
977 socket->setProtocol(XSsl::TlsV1_1);
978 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
921 socket->setProtocol(XSsl::TlsV1_1);
922 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
923
924 connect(socket, &XSslSocket::encrypted, [=]() {
925 socket->write(data);
926 socket->flush();
927 QThread::msleep(5500);
928 socket->disconnectFromHost();
929 });
930 }
979931
980932 socket->connectToHostEncrypted("localhost", 8443);
981
982 if (!socket->waitForEncrypted()) {
983 setResult(-1);
984 printTestFailed("can not establish encrypted connection");
985 } else {
986 socket->write(data);
987 socket->flush();
988 QThread::msleep(5500);
989 socket->disconnectFromHost();
990 setResult(0);
991 }
992933 }
993934
994935 void verifySslTestResult()
1016957 public:
1017958 Test18(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
1018959 socket = nullptr;
960 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
1019961 }
1020962
1021963 ~Test18() {
1029971
1030972 void executeNextSslTest()
1031973 {
1032 if (!socket)
974 if (!socket) {
1033975 socket = new XSslSocket;
1034976
1035 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
1036
1037 socket->setProtocol(XSsl::TlsV1_1);
1038 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
977 socket->setProtocol(XSsl::TlsV1_1);
978 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
979
980 connect(socket, &XSslSocket::encrypted, [=]() {
981 socket->write(data);
982 socket->flush();
983 QThread::msleep(10);
984 socket->disconnectFromHost();
985 if (socket->state() != QAbstractSocket::UnconnectedState)
986 socket->waitForDisconnected();
987 });
988 }
1039989
1040990 socket->connectToHostEncrypted("localhost", 8443);
1041
1042 if (!socket->waitForEncrypted()) {
1043 setResult(-1);
1044 printTestFailed("can not establish encrypted connection");
1045 } else {
1046 socket->write(data);
1047 socket->flush();
1048 QThread::msleep(10);
1049 socket->disconnectFromHost();
1050 if (socket->state() != QAbstractSocket::UnconnectedState)
1051 socket->waitForDisconnected();
1052 setResult(0);
1053 }
1054991 }
1055992
1056993 void verifySslTestResult()
10921029
10931030 void executeNextSslTest()
10941031 {
1095 if (!socket)
1032 if (!socket) {
10961033 socket = new XSslSocket;
10971034
1035 socket->setProtocol(XSsl::TlsV1_1);
1036 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
1037
1038 connect(socket, &XSslSocket::encrypted, [=]() {
1039 printTestFailed("session was encrypted but should not");
1040 });
1041 }
1042
10981043 data = QByteArray("AUTH TLS\r\n");
1099
1100 socket->setProtocol(XSsl::TlsV1_1);
1101 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
11021044
11031045 socket->connectToHost("localhost", 8443);
11041046 socket->waitForReadyRead();
11061048 QByteArray buf;
11071049 buf = socket->readAll();
11081050 if (buf != QByteArray("220 ready.\r\n")) {
1109 setResult(-1);
11101051 printTestFailed("invalid STARTTLS sequence");
11111052 return;
11121053 }
11161057 socket->waitForReadyRead();
11171058 buf = socket->readAll();
11181059 if (buf != QByteArray("234 AUTH TLS successful.\r\n")) {
1119 setResult(-1);
11201060 printTestFailed("invalid STARTTLS sequence");
11211061 return;
11221062 }
11231063
11241064 socket->startClientEncryption();
1125
1126 if (!socket->waitForEncrypted()) {
1127 setResult(0);
1128 } else {
1129 setResult(-1);
1130 printTestFailed("session was encrypted but should not");
1131 }
1132 socket->disconnectFromHost();
11331065 }
11341066
11351067 void verifySslTestResult()
11721104
11731105 void executeNextSslTest()
11741106 {
1175 if (!socket)
1107 if (!socket) {
11761108 socket = new XSslSocket;
11771109
1110 socket->setProtocol(XSsl::TlsV1_1);
1111 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
1112
1113 connect(socket, &XSslSocket::encrypted, [=]() {
1114 QThread::msleep(5500);
1115 socket->disconnectFromHost();
1116 });
1117 }
1118
11781119 data = QByteArray("AUTH TLS\r\n");
1179
1180 socket->setProtocol(XSsl::TlsV1_1);
1181 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
11821120
11831121 socket->connectToHost("localhost", 8443);
11841122 socket->waitForReadyRead();
12021140 }
12031141
12041142 socket->startClientEncryption();
1205
1206 if (!socket->waitForEncrypted()) {
1207 setResult(-1);
1208 printTestFailed("encrypted session not established");
1209 } else {
1210 setResult(0);
1211 QThread::msleep(5500);
1212 socket->disconnectFromHost();
1213 }
12141143 }
12151144
12161145 void verifySslTestResult()
12521181
12531182 void executeNextSslTest()
12541183 {
1255 if (!socket)
1184 if (!socket) {
12561185 socket = new XSslSocket;
12571186
1187 socket->setProtocol(XSsl::TlsV1_1);
1188 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
1189
1190 connect(socket, &XSslSocket::encrypted, [=]() {
1191 QThread::msleep(10);
1192 socket->close();
1193 });
1194 }
1195
12581196 data = QByteArray("AUTH TLS\r\n");
1259
1260 socket->setProtocol(XSsl::TlsV1_1);
1261 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
12621197
12631198 socket->connectToHost("localhost", 8443);
12641199 socket->waitForReadyRead();
12821217 }
12831218
12841219 socket->startClientEncryption();
1285
1286 if (!socket->waitForEncrypted()) {
1287 setResult(-1);
1288 printTestFailed("encrypted session not established");
1289 } else {
1290 QThread::msleep(10);
1291 socket->close();
1292 setResult(0);
1293 }
12941220 }
12951221
12961222 void verifySslTestResult()
13331259
13341260 void executeNextSslTest()
13351261 {
1336 if (!socket)
1262 QByteArray userData = QByteArray("CWD /root\r\n");
1263
1264 if (!socket) {
13371265 socket = new XSslSocket;
13381266
1267 socket->setProtocol(XSsl::TlsV1_1);
1268 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
1269
1270 connect(socket, &XSslSocket::encrypted, [=]() {
1271 socket->write(userData);
1272 socket->flush();
1273 QThread::msleep(5500);
1274 socket->disconnectFromHost();
1275 });
1276 }
1277
13391278 data = QByteArray("AUTH TLS\r\n");
1340 QByteArray userData = QByteArray("CWD /root\r\n");
1341
1342 socket->setProtocol(XSsl::TlsV1_1);
1343 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
13441279
13451280 socket->connectToHost("localhost", 8443);
13461281 socket->waitForReadyRead();
13641299 }
13651300
13661301 socket->startClientEncryption();
1367
1368 if (!socket->waitForEncrypted()) {
1369 setResult(-1);
1370 printTestFailed("encrypted session not established");
1371 } else {
1372 socket->write(userData);
1373 socket->flush();
1374 QThread::msleep(5500);
1375 socket->disconnectFromHost();
1376 setResult(0);
1377 }
13781302 }
13791303
13801304 void verifySslTestResult()
14161340
14171341 void executeNextSslTest()
14181342 {
1419 if (!socket)
1343 QByteArray userData = QByteArray("CWD /root\r\n");
1344
1345 if (!socket) {
14201346 socket = new XSslSocket;
14211347
1348 socket->setProtocol(XSsl::TlsV1_1);
1349 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
1350
1351 connect(socket, &XSslSocket::encrypted, [=]() {
1352 socket->write(userData);
1353 socket->flush();
1354 QThread::msleep(10);
1355 socket->disconnectFromHost();
1356 if (socket->state() != QAbstractSocket::UnconnectedState)
1357 socket->waitForDisconnected();
1358 });
1359 }
1360
14221361 data = QByteArray("AUTH TLS\r\n");
1423 QByteArray userData = QByteArray("CWD /root\r\n");
1424
1425 socket->setProtocol(XSsl::TlsV1_1);
1426 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
14271362
14281363 socket->connectToHost("localhost", 8443);
14291364 socket->waitForReadyRead();
14471382 }
14481383
14491384 socket->startClientEncryption();
1450
1451 if (!socket->waitForEncrypted()) {
1452 setResult(-1);
1453 printTestFailed("encrypted session not established");
1454 } else {
1455 socket->write(userData);
1456 socket->flush();
1457 QThread::msleep(10);
1458 socket->disconnectFromHost();
1459 if (socket->state() != QAbstractSocket::UnconnectedState)
1460 socket->waitForDisconnected();
1461 setResult(0);
1462 }
14631385 }
14641386
14651387 void verifySslTestResult()
15001422
15011423 void executeNextSslTest()
15021424 {
1503 if (!socket)
1425 if (!socket) {
15041426 socket = new QTcpSocket;
1427
1428 connect(socket, &QTcpSocket::connected, [=]() {
1429 socket->write(data);
1430 socket->flush();
1431 QThread::msleep(5500);
1432 socket->disconnectFromHost();
1433 });
1434 }
15051435
15061436 data = QByteArray(QByteArray::fromRawData("\x16\x03\x00\x00\x95\x01\x00\x00\x91\x03\x00\xf5\xe7\xaf\xcc\x96" \
15071437 "\x2b\x74\x42\x2f\x75\x12\x4f\xb3\x6c\x69\xae\x8c\x54\xfa\xc3\x19" \
15151445 "\x00\x05\x00\x04\x00\x8a\x00\xff\x01\x00", 154));
15161446
15171447 socket->connectToHost("localhost", 8443);
1518 if (!socket->waitForConnected()) {
1519 setResult(-1);
1520 printTestFailed("can't connect to qsslcaudit");
1521 } else {
1522 socket->write(data);
1523 socket->flush();
1524 setResult(0);
1525 QThread::msleep(5500);
1526 socket->disconnectFromHost();
1527 }
15281448 }
15291449
15301450 void verifySslTestResult()
15651485
15661486 void executeNextSslTest()
15671487 {
1568 if (!socket)
1488 if (!socket) {
15691489 socket = new QTcpSocket;
1490
1491 connect(socket, &QTcpSocket::connected, [=]() {
1492 socket->write(data);
1493 socket->flush();
1494 QThread::msleep(500);
1495 socket->disconnectFromHost();
1496 });
1497 }
15701498
15711499 data = QByteArray(QByteArray::fromRawData("\x16\x03\x00\x00\x95\x01\x00\x00\x91\x03\x00\xf5\xe7\xaf\xcc\x96" \
15721500 "\x2b\x74\x42\x2f\x75\x12\x4f\xb3\x6c\x69\xae\x8c\x54\xfa\xc3\x19" \
15801508 "\x00\x05\x00\x04\x00\x8a\x00\xff\x01\x00", 154));
15811509
15821510 socket->connectToHost("localhost", 8443);
1583 if (!socket->waitForConnected()) {
1584 setResult(-1);
1585 printTestFailed("can't connect to qsslcaudit");
1586 } else {
1587 socket->write(data);
1588 socket->flush();
1589 QThread::msleep(500);
1590 socket->disconnectFromHost();
1591 setResult(0);
1592 }
15931511 }
15941512
15951513 void verifySslTestResult()
16381556
16391557 void executeNextSslTest()
16401558 {
1641 if (!socket)
1559 if (!socket) {
16421560 socket = new QTcpSocket;
1561
1562 connect(socket, &QTcpSocket::connected, [=]() {
1563 socket->write(data);
1564 socket->flush();
1565 QThread::msleep(5500);
1566 socket->disconnectFromHost();
1567 });
1568 }
16431569
16441570 data = QByteArray(QByteArray::fromRawData("\x16\x03\x00\x00\x95\x01\x00\x00\x91\x03\x00\xf5\xe7\xaf\xcc\x96" \
16451571 "\x2b\x74\x42\x2f\x75\x12\x4f\xb3\x6c\x69\xae\x8c\x54\xfa\xc3\x19" \
16531579 "\x00\x05\x00\x04\x00\x8a\x00\xff\x01\x00", 100));
16541580
16551581 socket->connectToHost("localhost", 8443);
1656 if (!socket->waitForConnected()) {
1657 setResult(-1);
1658 printTestFailed("can't connect to qsslcaudit");
1659 } else {
1660 socket->write(data);
1661 socket->flush();
1662 setResult(0);
1663 QThread::msleep(5500);
1664 socket->disconnectFromHost();
1665 }
16661582 }
16671583
16681584 void verifySslTestResult()
17031619
17041620 void executeNextSslTest()
17051621 {
1706 if (!socket)
1622 if (!socket) {
17071623 socket = new QTcpSocket;
1624
1625 connect(socket, &QTcpSocket::connected, [=]() {
1626 socket->write(data);
1627 socket->flush();
1628 QThread::msleep(500);
1629 socket->disconnectFromHost();
1630 });
1631 }
17081632
17091633 data = QByteArray(QByteArray::fromRawData("\x16\x03\x00\x00\x95\x01\x00\x00\x91\x03\x00\xf5\xe7\xaf\xcc\x96" \
17101634 "\x2b\x74\x42\x2f\x75\x12\x4f\xb3\x6c\x69\xae\x8c\x54\xfa\xc3\x19" \
17181642 "\x00\x05\x00\x04\x00\x8a\x00\xff\x01\x00", 100));
17191643
17201644 socket->connectToHost("localhost", 8443);
1721 if (!socket->waitForConnected()) {
1722 setResult(-1);
1723 printTestFailed("can't connect to qsslcaudit");
1724 } else {
1725 socket->write(data);
1726 socket->flush();
1727 QThread::msleep(500);
1728 socket->disconnectFromHost();
1729 setResult(0);
1730 }
17311645 }
17321646
17331647 void verifySslTestResult()
17881702 int main(int argc, char *argv[])
17891703 {
17901704 QCoreApplication a(argc, argv);
1791 QThread thread;
17921705 TestsLauncher *testsLauncher;
17931706
17941707 testsLauncher = new TestsLauncher(createAutotests());
1795 testsLauncher->moveToThread(&thread);
1796 QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater);
1797 QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests);
1708
17981709 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
17991710 qApp->exit(testsLauncher->testsResult());
18001711 });
18011712
1802 thread.start();
1803
1804 int ret = a.exec();
1805
1806 thread.quit();
1807 thread.wait();
1808
1809 return ret;
1713 testsLauncher->launchNextTest();
1714
1715 return a.exec();
18101716 }
18111717
18121718 #include "tests_DifferentClientTypes.moc"
+73
-107
tests/tests_MultipleClients.cpp less more
00 #include "test.h"
11 #include "ssltests.h"
22 #include "ciphers.h"
3 #include "clientinfo.h"
34
45 #include <QCoreApplication>
56
4344
4445 void executeNextSslTest()
4546 {
46 if (!socket)
47 if (!socket) {
4748 socket = new QTcpSocket;
4849
50 connect(socket, &QTcpSocket::connected, [=]() {
51 QThread::msleep(10);
52 socket->disconnectFromHost();
53 if (socket->state() != QAbstractSocket::UnconnectedState)
54 socket->waitForDisconnected();
55 });
56 }
57
4958 socket->connectToHost("localhost", 8443);
50
51 if (!socket->waitForConnected()) {
52 setResult(-1);
53 printTestFailed("can not establish connection");
54 } else {
55 QThread::msleep(10);
56 socket->disconnectFromHost();
57 if (socket->state() != QAbstractSocket::UnconnectedState)
58 socket->waitForDisconnected();
59 setResult(0);
60 }
6159 }
6260
6361 void verifySslTestResult()
9391 public:
9492 Test02(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
9593 socket = nullptr;
94 data = QByteArray("ABCDEF");
9695 }
9796
9897 ~Test02() {
106105
107106 void executeNextSslTest()
108107 {
109 if (!socket)
108 if (!socket) {
110109 socket = new QTcpSocket;
111110
112 data = QByteArray("ABCDEF");
111 connect(socket, &QTcpSocket::connected, [=]() {
112 socket->write(data);
113 socket->flush();
114 QThread::msleep(10);
115 socket->disconnectFromHost();
116 if (socket->state() != QAbstractSocket::UnconnectedState)
117 socket->waitForDisconnected();
118 });
119 }
113120
114121 socket->connectToHost("localhost", 8443);
115
116 if (!socket->waitForConnected()) {
117 setResult(-1);
118 printTestFailed("can not establish connection");
119 } else {
120 socket->write(data);
121 socket->flush();
122 QThread::msleep(10);
123 socket->disconnectFromHost();
124 if (socket->state() != QAbstractSocket::UnconnectedState)
125 socket->waitForDisconnected();
126 setResult(0);
127 }
128122 }
129123
130124 void verifySslTestResult()
174168
175169 void executeNextSslTest()
176170 {
177 if (!socket)
171 data = QString("ABCDEF%1").arg(currentSslTestNum()).toLocal8Bit();
172
173 if (!socket) {
178174 socket = new QTcpSocket;
179175
180 data = QString("ABCDEF%1").arg(currentSslTestNum()).toLocal8Bit();
176 connect(socket, &QTcpSocket::connected, [=]() {
177 socket->write(data);
178 socket->flush();
179 QThread::msleep(10);
180 socket->disconnectFromHost();
181 if (socket->state() != QAbstractSocket::UnconnectedState)
182 socket->waitForDisconnected();
183 });
184 }
181185
182186 socket->connectToHost("localhost", 8443);
183
184 if (!socket->waitForConnected()) {
185 setResult(-1);
186 printTestFailed("can not establish connection");
187 } else {
188 socket->write(data);
189 socket->flush();
190 QThread::msleep(10);
191 socket->disconnectFromHost();
192 if (socket->state() != QAbstractSocket::UnconnectedState)
193 socket->waitForDisconnected();
194 setResult(0);
195 }
196187 }
197188
198189 void verifySslTestResult()
242233
243234 void executeNextSslTest()
244235 {
245 if (!socket)
236 if (!socket) {
246237 socket = new XSslSocket;
247238
248 socket->setProtocol(XSsl::TlsV1_1);
249 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
239 socket->setProtocol(XSsl::TlsV1_1);
240 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
241
242 connect(socket, &XSslSocket::encrypted, [=]() {
243 printTestFailed("encrypted session was established, but should not");
244 });
245 }
250246
251247 socket->connectToHostEncrypted("localhost", 8443);
252
253 if (!socket->waitForEncrypted()) {
254 setResult(0);
255 } else {
256 setResult(-1);
257 printTestFailed("encrypted session was established, but should not");
258 }
259 socket->disconnectFromHost();
260248 }
261249
262250 void verifySslTestResult()
305293
306294 void executeNextSslTest()
307295 {
308 if (!socket)
296 if (!socket) {
309297 socket = new XSslSocket;
298
299 connect(socket, &XSslSocket::encrypted, [=]() {
300 printTestFailed("encrypted session was established, but should not");
301 });
302 }
310303
311304 if (currentSslTestNum() == 0) {
312305 socket->setProtocol(XSsl::TlsV1_1);
316309 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
317310
318311 socket->connectToHostEncrypted("localhost", 8443);
319
320 if (!socket->waitForEncrypted()) {
321 setResult(0);
322 } else {
323 setResult(-1);
324 printTestFailed("encrypted session was established, but should not");
325 }
326 socket->disconnectFromHost();
327312 }
328313
329314 void verifySslTestResult()
372357
373358 void executeNextSslTest()
374359 {
375 if (!socket)
360 if (!socket) {
376361 socket = new XSslSocket;
362
363 connect(socket, &XSslSocket::encrypted, [=]() {
364 printTestFailed("encrypted session was established, but should not");
365 });
366 }
377367
378368 socket->setProtocol(XSsl::TlsV1_2);
379369 if (currentSslTestNum() == 1) {
397387 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
398388
399389 socket->connectToHostEncrypted("localhost", 8443);
400
401 if (!socket->waitForEncrypted()) {
402 setResult(0);
403 } else {
404 setResult(-1);
405 printTestFailed("encrypted session was established, but should not");
406 }
407 socket->disconnectFromHost();
408390 }
409391
410392 void verifySslTestResult()
453435
454436 void executeNextSslTest()
455437 {
456 if (!socket)
438 if (!socket) {
457439 socket = new XSslSocket;
440
441 connect(socket, &XSslSocket::encrypted, [=]() {
442 socket->write(data);
443 socket->flush();
444 });
445 }
458446
459447 data = QString("ABCDEF%1").arg(currentSslTestNum()).toLocal8Bit();
460448
462450 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
463451
464452 socket->connectToHostEncrypted("localhost", 8443);
465
466 if (!socket->waitForEncrypted()) {
467 setResult(-1);
468 printTestFailed("can not establish encrypted connection");
469 } else {
470 setResult(0);
471 socket->write(data);
472 socket->flush();
473 }
474 socket->disconnectFromHost();
475453 }
476454
477455 void verifySslTestResult()
479457 setResult(-1);
480458
481459 if ((currentSslTest()->result() == SslTestResult::DataIntercepted)
482 && (currentClient().interceptedData() == data)) {
460 && (currentClient()->interceptedData() == data)) {
483461 if (currentSslTestNum() == 1) {
484462 if (!isSameClient(false)) {
485463 setResult(-1);
522500
523501 void executeNextSslTest()
524502 {
525 if (!socket)
503 if (!socket) {
526504 socket = new XSslSocket;
505
506 connect(socket, &XSslSocket::encrypted, [=]() {
507 socket->write(data);
508 socket->flush();
509 });
510 }
527511
528512 data = QByteArray("ABCDEF");
529513
535519 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
536520
537521 socket->connectToHostEncrypted("localhost", 8443);
538
539 if (!socket->waitForEncrypted()) {
540 setResult(-1);
541 printTestFailed("can not establish encrypted connection");
542 } else {
543 setResult(0);
544 socket->write(data);
545 socket->flush();
546 }
547 socket->disconnectFromHost();
548522 }
549523
550524 void verifySslTestResult()
552526 setResult(-1);
553527
554528 if ((currentSslTest()->result() == SslTestResult::DataIntercepted)
555 && (currentClient().interceptedData() == data)) {
529 && (currentClient()->interceptedData() == data)) {
556530 if (currentSslTestNum() == 1) {
557531 if (isSameClient(false)) {
558532 setResult(-1);
592566 int main(int argc, char *argv[])
593567 {
594568 QCoreApplication a(argc, argv);
595 QThread thread;
596569 TestsLauncher *testsLauncher;
597570
598571 testsLauncher = new TestsLauncher(createAutotests());
599 testsLauncher->moveToThread(&thread);
600 QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater);
601 QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests);
572
602573 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
603574 qApp->exit(testsLauncher->testsResult());
604575 });
605576
606 thread.start();
607
608 int ret = a.exec();
609
610 thread.quit();
611 thread.wait();
612
613 return ret;
577 testsLauncher->launchNextTest();
578
579 return a.exec();
614580 }
615581
616582
+201
-0
tests/tests_MultipleTests.cpp less more
0 #include "test.h"
1 #include "ssltests.h"
2 #include "ciphers.h"
3 #include "clientinfo.h"
4
5 #include <QCoreApplication>
6
7 #ifdef UNSAFE_QSSL
8 #include "sslunsafesocket.h"
9 #else
10 #include <QSslSocket>
11 #endif
12
13 // This verifies how sslcaudit handles requests sent repeatedly
14
15
16 // do not verify peer certificate, use TLSv1.1 and stronger protocols
17 // check for proper test result code each time
18 class Test01 : public Test
19 {
20 Q_OBJECT
21 public:
22 Test01(int id, QString testBaseName, QList<SslTest *> sslTests) :
23 Test(id, testBaseName, sslTests) {
24 socket = nullptr;
25 times = sslTests.size();
26 currentAttempt = 1;
27 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
28 }
29
30 ~Test01() {
31 delete socket;
32 }
33
34 void setTestsSettings()
35 {
36 testSettings.setUserCN("www.example.com");
37 }
38
39 void executeNextSslTest()
40 {
41 if (!socket) {
42 socket = new XSslSocket;
43
44 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
45 socket->setProtocol(XSsl::TlsV1_1OrLater);
46
47 connect(socket, &XSslSocket::encrypted, [=]() {
48 socket->write(data);
49 socket->flush();
50 });
51
52 connect(socket, QOverload<const QList<XSslError> &>::of(&XSslSocket::sslErrors), [=](const QList<XSslError> &errors) {
53 socket->ignoreSslErrors();
54 });
55 }
56
57 socket->connectToHostEncrypted("localhost", 8443);
58 }
59
60 void verifySslTestResult()
61 {
62 // we can't use currentSslTest as it becomes broken due to manual relaunch of SslCAudit
63 if ((allSslTests().first()->result() == SslTestResult::DataIntercepted)
64 && (getClient(0)->interceptedData() == data)) {
65 ;
66 } else {
67 socket->close();
68 setResult(-1);
69 printTestFailed(QString("unexpected test result (%1), attempt %2")
70 .arg(sslTestResultToString(allSslTests().first()->result()))
71 .arg(currentAttempt));
72 }
73
74 socket->close();
75 if (socket->state() != QAbstractSocket::UnconnectedState)
76 socket->waitForDisconnected();
77
78 if (currentAttempt++ >= times) {
79 setResult(0);
80 printTestSucceeded();
81 }
82 }
83
84 private:
85 XSslSocket *socket;
86 QByteArray data;
87 int times;
88 int currentAttempt;
89
90 };
91
92 // do verify peer certificate, use TLSv1.1 and stronger protocols
93 // check for proper test result code each time
94 class Test02 : public Test
95 {
96 Q_OBJECT
97 public:
98 Test02(int id, QString testBaseName, QList<SslTest *> sslTests) :
99 Test(id, testBaseName, sslTests) {
100 socket = nullptr;
101 currentAttempt = 1;
102 times = sslTests.size();
103 }
104
105 ~Test02() {
106 delete socket;
107 }
108
109 void setTestsSettings()
110 {
111 testSettings.setUserCN("www.example.com");
112 }
113
114 void executeNextSslTest()
115 {
116 if (!socket)
117 socket = new XSslSocket;
118
119 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
120 socket->setProtocol(XSsl::TlsV1_1OrLater);
121
122 connect(socket, &XSslSocket::encrypted, [=]() {
123 setResult(-1);
124 printTestFailed(QString("encrypted connection established but should not, attempt %1").arg(currentAttempt));
125 });
126
127 socket->connectToHostEncrypted("localhost", 8443);
128 }
129
130 void verifySslTestResult()
131 {
132 // we can't use currentSslTest as it becomes broken due to manual relaunch of SslCAudit
133 if ((allSslTests().first()->result() == SslTestResult::Undefined)
134 && (QString::compare(socket->errorString(),
135 "The host name did not match any of the valid hosts for this certificate") == 0)) {
136 ;
137 } else {
138 socket->close();
139 setResult(-1);
140 printTestFailed(QString("unexpected test result (%1), attempt %2")
141 .arg(sslTestResultToString(allSslTests().first()->result()))
142 .arg(currentAttempt));
143 }
144
145 socket->close();
146 if (socket->state() != QAbstractSocket::UnconnectedState)
147 socket->waitForDisconnected();
148
149 if (currentAttempt++ >= times) {
150 setResult(0);
151 printTestSucceeded();
152 }
153 }
154
155 private:
156 XSslSocket *socket;
157 int times;
158 int currentAttempt;
159
160 };
161
162
163 QList<Test *> createAutotests(int times)
164 {
165 QList<SslTest *> sslTests;
166 for (int i = 0; i < times; i++) {
167 sslTests << new SslTestCertSS1;
168 }
169 return QList<Test *>()
170 << new Test01(1, "MultipleTests", sslTests)
171 << new Test02(2, "MultipleTests", sslTests)
172 ;
173 }
174
175 int main(int argc, char *argv[])
176 {
177 QCoreApplication a(argc, argv);
178 TestsLauncher *testsLauncher;
179
180 int times = 20;
181 bool ok;
182
183 if (argc == 2) {
184 times = QString(argv[1]).toInt(&ok);
185 if (!ok)
186 times = 20;
187 }
188
189 testsLauncher = new TestsLauncher(createAutotests(times));
190
191 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
192 qApp->exit(testsLauncher->testsResult());
193 });
194
195 testsLauncher->launchNextTest();
196
197 return a.exec();
198 }
199
200 #include "tests_MultipleTests.moc"
+0
-253
tests/tests_RecurrentRequests.cpp less more
0 #include "test.h"
1 #include "ssltests.h"
2 #include "ciphers.h"
3
4 #include <QCoreApplication>
5
6 #ifdef UNSAFE_QSSL
7 #include "sslunsafesocket.h"
8 #else
9 #include <QSslSocket>
10 #endif
11
12 // This verifies how sslcaudit handles requests sent repeatedly
13
14
15 // do not verify peer certificate, use TLSv1.1 and stronger protocols
16 // check for proper test result code each time
17 class Test01 : public Test
18 {
19 Q_OBJECT
20 public:
21 Test01(int times, int id, QString testBaseName, QList<SslTest *> sslTests) :
22 Test(id, testBaseName, sslTests), times(times) {
23 socket = nullptr;
24 currentAttempt = 1;
25 isRunning = true;
26 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
27 }
28
29 ~Test01() {
30 delete socket;
31 }
32
33 void setTestsSettings()
34 {
35 testSettings.setUserCN("www.example.com");
36 }
37
38 void startTests() {
39 prepareTests();
40 launchSslCAudit();
41
42 int count = 0;
43 // we have to wait more than the test will be executed
44 int to = 2 * times * 100;
45 while (isRunning && ++count < to/100)
46 QThread::msleep(100);
47
48 if (isRunning) {
49 setResult(-1);
50 printTestFailed(QString("tests are not finished in time, attempt %1").arg(currentAttempt));
51 }
52 }
53
54 void executeNextSslTest()
55 {
56 if (!socket)
57 socket = new XSslSocket;
58
59 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
60 socket->setProtocol(XSsl::TlsV1_1OrLater);
61
62 setResult(0);
63
64 socket->connectToHostEncrypted("localhost", 8443);
65
66 if (!socket->waitForEncrypted()) {
67 setResult(-1);
68 printTestFailed(QString("can not establish encrypted connection, attempt %1").arg(currentAttempt));
69 isRunning = false;
70 } else {
71 socket->write(data);
72 socket->flush();
73 setResult(0);
74 }
75 }
76
77 void verifySslTestResult()
78 {
79 // we can't use currentSslTest as it becomes broken due to manual relaunch of SslCAudit
80 if ((allSslTests().first()->result() == SslTestResult::DataIntercepted)
81 && (getClient(0).interceptedData() == data)) {
82 ;
83 } else {
84 socket->close();
85 setResult(-1);
86 printTestFailed(QString("unexpected test result (%1), attempt %2")
87 .arg(sslTestResultToString(allSslTests().first()->result()))
88 .arg(currentAttempt));
89 isRunning = false;
90 }
91
92 socket->close();
93 if (socket->state() != QAbstractSocket::UnconnectedState)
94 socket->waitForDisconnected();
95
96 if (currentAttempt++ >= times) {
97 setResult(0);
98 printTestSucceeded();
99 isRunning = false;
100 } else {
101 launchSslCAudit();
102 }
103 }
104
105 private:
106 XSslSocket *socket;
107 QByteArray data;
108 int times;
109 int currentAttempt;
110 bool isRunning;
111
112 };
113
114 // do verify peer certificate, use TLSv1.1 and stronger protocols
115 // check for proper test result code each time
116 class Test02 : public Test
117 {
118 Q_OBJECT
119 public:
120 Test02(int times, int id, QString testBaseName, QList<SslTest *> sslTests) :
121 Test(id, testBaseName, sslTests), times(times) {
122 socket = nullptr;
123 currentAttempt = 1;
124 isRunning = true;
125 }
126
127 ~Test02() {
128 delete socket;
129 }
130
131 void setTestsSettings()
132 {
133 testSettings.setUserCN("www.example.com");
134 }
135
136 void startTests() {
137 prepareTests();
138 launchSslCAudit();
139
140 int count = 0;
141 // we have to wait more than the test will be executed
142 int to = 2 * times * 100;
143 while (isRunning && ++count < to/100)
144 QThread::msleep(100);
145
146 if (isRunning) {
147 setResult(-1);
148 printTestFailed(QString("tests are not finished in time, attempt %1").arg(currentAttempt));
149 }
150 }
151
152 void executeNextSslTest()
153 {
154 if (!socket)
155 socket = new XSslSocket;
156
157 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
158 socket->setProtocol(XSsl::TlsV1_1OrLater);
159
160 setResult(0);
161
162 socket->connectToHostEncrypted("localhost", 8443);
163
164 if (!socket->waitForEncrypted()) {
165 setResult(0);
166 } else {
167 setResult(-1);
168 printTestFailed(QString("encrypted connection established but shouldnot, attempt %1").arg(currentAttempt));
169 isRunning = false;
170 }
171 }
172
173 void verifySslTestResult()
174 {
175 // we can't use currentSslTest as it becomes broken due to manual relaunch of SslCAudit
176 if ((allSslTests().first()->result() == SslTestResult::Undefined)
177 && (QString::compare(socket->errorString(),
178 "The host name did not match any of the valid hosts for this certificate") == 0)) {
179 ;
180 } else {
181 socket->close();
182 setResult(-1);
183 printTestFailed(QString("unexpected test result (%1), attempt %2")
184 .arg(sslTestResultToString(allSslTests().first()->result()))
185 .arg(currentAttempt));
186 isRunning = false;
187 }
188
189 socket->close();
190 if (socket->state() != QAbstractSocket::UnconnectedState)
191 socket->waitForDisconnected();
192
193 if (currentAttempt++ >= times) {
194 setResult(0);
195 printTestSucceeded();
196 isRunning = false;
197 } else {
198 launchSslCAudit();
199 }
200 }
201
202 private:
203 XSslSocket *socket;
204 int times;
205 int currentAttempt;
206 bool isRunning;
207
208 };
209
210
211 QList<Test *> createAutotests(int times)
212 {
213 return QList<Test *>()
214 << new Test01(times, 1, "RecurrentRequests", QList<SslTest *>() << new SslTestCertSS1)
215 << new Test02(times, 2, "RecurrentRequests", QList<SslTest *>() << new SslTestCertSS1)
216 ;
217 }
218
219 int main(int argc, char *argv[])
220 {
221 QCoreApplication a(argc, argv);
222 QThread thread;
223 TestsLauncher *testsLauncher;
224
225 int times = 20;
226 bool ok;
227
228 if (argc == 2) {
229 times = QString(argv[1]).toInt(&ok);
230 if (!ok)
231 times = 20;
232 }
233
234 testsLauncher = new TestsLauncher(createAutotests(times));
235 testsLauncher->moveToThread(&thread);
236 QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater);
237 QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests);
238 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
239 qApp->exit(testsLauncher->testsResult());
240 });
241
242 thread.start();
243
244 int ret = a.exec();
245
246 thread.quit();
247 thread.wait();
248
249 return ret;
250 }
251
252 #include "tests_RecurrentRequests.moc"
+182
-92
tests/tests_SslTestCertSS1.cpp less more
00 #include "test.h"
11 #include "ssltests.h"
2 #include "clientinfo.h"
23
34 #include <QCoreApplication>
45
1920 public:
2021 Test01(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
2122 socket = nullptr;
23 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
2224 }
2325
2426 ~Test01() {
3234
3335 void executeNextSslTest()
3436 {
35 if (!socket)
36 socket = new XSslSocket;
37
38 data = QByteArray("GET / HTTP/1.0\r\n\r\n");
39
40 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
41
42 socket->connectToHostEncrypted("localhost", 8443);
43
44 if (!socket->waitForEncrypted()) {
45 setResult(-1);
46 printTestFailed("can not establish encrypted connection");
47 } else {
48 socket->write(data);
49 socket->flush();
50 setResult(0);
51 }
52 socket->disconnectFromHost();
37 if (!socket) {
38 socket = new XSslSocket;
39
40 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
41
42 connect(socket, &XSslSocket::encrypted, [=]() {
43 socket->write(data);
44 socket->flush();
45 });
46 }
47
48 socket->connectToHostEncrypted("localhost", 8443);
5349 }
5450
5551 void verifySslTestResult()
5652 {
5753 if ((currentSslTest()->result() == SslTestResult::DataIntercepted)
58 && (currentClient().interceptedData() == data)) {
54 && (currentClient()->interceptedData() == data)) {
5955 setResult(0);
6056 printTestSucceeded();
6157 } else {
9288
9389 void executeNextSslTest()
9490 {
95 if (!socket)
96 socket = new XSslSocket;
97
98 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
99
100 socket->connectToHostEncrypted("localhost", 8443);
101
102 if (!socket->waitForEncrypted()) {
103 setResult(-1);
104 printTestFailed("can not establish encrypted connection");
105 } else {
106 QThread::msleep(5500);
107 setResult(0);
108 }
109 socket->disconnectFromHost();
91 if (!socket) {
92 socket = new XSslSocket;
93
94 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
95
96 connect(socket, &XSslSocket::encrypted, [=]() {
97 QThread::msleep(5500);
98 });
99 }
100
101 socket->connectToHostEncrypted("localhost", 8443);
110102 }
111103
112104 void verifySslTestResult()
126118
127119 };
128120
129 // do verify peer certificate
121 // do verify peer certificate, do not specify application protocol, result should be undefined
130122 // check for proper test result code
131123 class Test03 : public Test
132124 {
147139
148140 void executeNextSslTest()
149141 {
150 if (!socket)
151 socket = new XSslSocket;
152
153 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
154
155 socket->connectToHostEncrypted("localhost", 8443);
156
157 if (!socket->waitForEncrypted()) {
158 setResult(0);
159 } else {
160 setResult(-1);
161 printTestFailed("encrypted session was established, but should not");
162 }
163 socket->disconnectFromHost();
142 if (!socket) {
143 socket = new XSslSocket;
144
145 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
146
147 connect(socket, &XSslSocket::encrypted, [=]() {
148 printTestFailed("encrypted session was established, but should not");
149 });
150 }
151
152 socket->connectToHostEncrypted("localhost", 8443);
164153 }
165154
166155 void verifySslTestResult()
167156 {
168157 if (currentSslTest()->result() == SslTestResult::Undefined) {
158 setResult(0);
159 printTestSucceeded();
160 } else {
161 setResult(-1);
162 printTestFailed(QString("unexpected test result (%1)")
163 .arg(sslTestResultToString(currentSslTest()->result())));
164 }
165 }
166
167 private:
168 XSslSocket *socket;
169
170 };
171
172 // do verify peer certificate, do specify application protocol (HTTP), result should be failed
173 // check for proper test result code
174 class Test04 : public Test
175 {
176 Q_OBJECT
177 public:
178 Test04(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
179 socket = nullptr;
180 }
181
182 ~Test04() {
183 delete socket;
184 }
185
186 void setTestsSettings()
187 {
188 testSettings.setUserCN("www.example.com");
189 }
190
191 void executeNextSslTest()
192 {
193 if (!socket) {
194 socket = new XSslSocket;
195
196 SslUnsafeConfiguration c;
197 c.setPeerVerifyMode(XSslSocket::VerifyPeer);
198 c.setAllowedNextProtocols(QList<QByteArray>() << SslUnsafeConfiguration::ALPNProtocolHTTP2);
199 socket->setSslConfiguration(c);
200
201 connect(socket, &XSslSocket::encrypted, [=]() {
202 printTestFailed("encrypted session was established, but should not");
203 });
204 }
205
206 socket->connectToHostEncrypted("localhost", 8443);
207 }
208
209 void verifySslTestResult()
210 {
211 if (currentSslTest()->result() == SslTestResult::Success) {
169212 setResult(0);
170213 printTestSucceeded();
171214 } else {
183226 // connect to localhost, but set server name to the same as for ssl server
184227 // do verify peer certificate
185228 // check for proper test result code
186 class Test04 : public Test
187 {
188 Q_OBJECT
189 public:
190 Test04(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
191 socket = nullptr;
192 }
193
194 ~Test04() {
195 delete socket;
196 }
197
198 void setTestsSettings()
199 {
200 testSettings.setUserCN("www.example.com");
201 }
202
203 void executeNextSslTest()
204 {
205 if (!socket)
206 socket = new XSslSocket;
207
208 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
229 class Test05 : public Test
230 {
231 Q_OBJECT
232 public:
233 Test05(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
234 socket = nullptr;
235 }
236
237 ~Test05() {
238 delete socket;
239 }
240
241 void setTestsSettings()
242 {
243 testSettings.setUserCN("www.example.com");
244 }
245
246 void executeNextSslTest()
247 {
248 if (!socket) {
249 socket = new XSslSocket;
250
251 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
252
253 connect(socket, &XSslSocket::encrypted, [=]() {
254 printTestFailed("encrypted session was established, but should not");
255 });
256 }
257
209258
210259 socket->connectToHostEncrypted("localhost", 8443, "www.example.com");
211
212 if (!socket->waitForEncrypted()) {
213 setResult(0);
214 } else {
215 setResult(-1);
216 printTestFailed("encrypted session was established, but should not");
217 }
218 socket->disconnectFromHost();
260 }
261
262 void verifySslTestResult()
263 {
264 if (currentSslTest()->result() == SslTestResult::Undefined) {
265 setResult(0);
266 printTestSucceeded();
267 } else {
268 setResult(-1);
269 printTestFailed(QString("unexpected test result (%1)")
270 .arg(sslTestResultToString(currentSslTest()->result())));
271 }
272 }
273
274 private:
275 XSslSocket *socket;
276
277 };
278
279 // do verify peer certificate but do not support server's ciphers
280 // check for proper test result code
281 class Test06 : public Test
282 {
283 Q_OBJECT
284 public:
285 Test06(int id, QString testBaseName, QList<SslTest *> sslTests) : Test(id, testBaseName, sslTests) {
286 socket = nullptr;
287 }
288
289 ~Test06() {
290 delete socket;
291 }
292
293 void setTestsSettings()
294 {
295 testSettings.setUserCN("www.example.com");
296 testSettings.setSupportedCiphers("DHE-DSS-AES256-SHA");
297 }
298
299 void executeNextSslTest()
300 {
301 if (!socket) {
302 socket = new XSslSocket;
303
304 SslUnsafeConfiguration c;
305 c.setPeerVerifyMode(XSslSocket::VerifyPeer);
306 c.setCiphers(QList<XSslCipher>() << XSslCipher("AES128-GCM-SHA256"));
307 socket->setSslConfiguration(c);
308
309 connect(socket, &XSslSocket::encrypted, [=]() {
310 printTestFailed("encrypted session was established, but should not");
311 });
312 }
313
314 socket->connectToHostEncrypted("localhost", 8443);
219315 }
220316
221317 void verifySslTestResult()
243339 << new Test02(2, "SslTestCertSS1", QList<SslTest *>() << new SslTestCertSS1)
244340 << new Test03(3, "SslTestCertSS1", QList<SslTest *>() << new SslTestCertSS1)
245341 << new Test04(4, "SslTestCertSS1", QList<SslTest *>() << new SslTestCertSS1)
342 << new Test05(5, "SslTestCertSS1", QList<SslTest *>() << new SslTestCertSS1)
343 << new Test06(5, "SslTestCertSS1", QList<SslTest *>() << new SslTestCertSS1)
246344 ;
247345 }
248346
249347 int main(int argc, char *argv[])
250348 {
251349 QCoreApplication a(argc, argv);
252 QThread thread;
253350 TestsLauncher *testsLauncher;
254351
255352 testsLauncher = new TestsLauncher(createAutotests());
256 testsLauncher->moveToThread(&thread);
257 QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater);
258 QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests);
353
259354 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
260355 qApp->exit(testsLauncher->testsResult());
261356 });
262357
263 thread.start();
264
265 int ret = a.exec();
266
267 thread.quit();
268 thread.wait();
269
270 return ret;
358 testsLauncher->launchNextTest();
359
360 return a.exec();
271361 }
272362
273363 #include "tests_SslTestCertSS1.moc"
+11
-30
tests/tests_SslTestCertSS1dtls.cpp less more
00 #include "test.h"
11 #include "ssltests.h"
22 #include "ciphers.h"
3 #include "clientinfo.h"
34
45 #include <QCoreApplication>
56 #include <QUdpSocket>
5455
5556 bool ret = dtls.doHandshake(socket);
5657 if (!ret) {
57 setResult(-1);
5858 printTestFailed("handshake failed too early");
5959 dtls.shutdown(socket);
6060 return;
7171 if ((dtls.handshakeState() == XDtls::HandshakeComplete)
7272 && (dtls.dtlsError() == XDtlsError::NoError)) {
7373 dtls.writeDatagramEncrypted(socket, data);
74 setResult(0);
75 } else {
76 setResult(-1);
74 } else {
7775 printTestFailed("encrypted session was not established, but should");
7876 }
7977
8381 void verifySslTestResult()
8482 {
8583 if ((currentSslTest()->result() == SslTestResult::DataIntercepted)
86 && (currentClient().interceptedData() == data)) {
84 && (currentClient()->interceptedData() == data)) {
8785 setResult(0);
8886 printTestSucceeded();
8987 } else {
136134
137135 bool ret = dtls.doHandshake(socket);
138136 if (!ret) {
139 setResult(-1);
140137 printTestFailed("handshake failed too early");
141138 dtls.shutdown(socket);
142139 return;
153150 if ((dtls.handshakeState() == XDtls::HandshakeComplete)
154151 && (dtls.dtlsError() == XDtlsError::NoError)) {
155152 QThread::msleep(5500);
156 setResult(0);
157 } else {
158 setResult(-1);
153 } else {
159154 printTestFailed("encrypted session was not established, but should");
160155 }
161156
164159
165160 void verifySslTestResult()
166161 {
167 if (currentSslTest()->result() == SslTestResult::CertAccepted) {
162 if (currentSslTest()->result() == SslTestResult::Undefined) {
168163 setResult(0);
169164 printTestSucceeded();
170165 } else {
217212
218213 bool ret = dtls.doHandshake(socket);
219214 if (!ret) {
220 setResult(-1);
221215 printTestFailed("handshake failed too early");
222216 dtls.shutdown(socket);
223217 return;
238232 }
239233
240234 if (verifyError) {
241 setResult(0);
242 } else {
243 setResult(-1);
235 } else {
244236 printTestFailed("encrypted session was established, but should not");
245237 }
246238 dtls.shutdown(socket);
302294
303295 bool ret = dtls.doHandshake(socket);
304296 if (!ret) {
305 setResult(-1);
306297 printTestFailed("handshake failed too early");
307298 dtls.shutdown(socket);
308299 return;
323314 }
324315
325316 if (verifyError) {
326 setResult(0);
327 } else {
328 setResult(-1);
317 } else {
329318 printTestFailed("encrypted session was established, but should not");
330319 }
331320 dtls.shutdown(socket);
362351 int main(int argc, char *argv[])
363352 {
364353 QCoreApplication a(argc, argv);
365 QThread thread;
366354 TestsLauncher *testsLauncher;
367355
368356 testsLauncher = new TestsLauncher(createAutotests());
369 testsLauncher->moveToThread(&thread);
370 QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater);
371 QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests);
357
372358 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
373359 qApp->exit(testsLauncher->testsResult());
374360 });
375361
376 thread.start();
377
378 int ret = a.exec();
379
380 thread.quit();
381 thread.wait();
382
383 return ret;
362 testsLauncher->launchNextTest();
363
364 return a.exec();
384365 }
385366
386367 #include "tests_SslTestCertSS1dtls.moc"
+13
-35
tests/tests_SslTestCiphersDtls10Exp.cpp less more
5252
5353 bool ret = dtls.doHandshake(socket);
5454 if (!ret) {
55 setResult(-1);
5655 printTestFailed("handshake failed too early");
5756 dtls.shutdown(socket);
5857 return;
6867
6968 if ((dtls.handshakeState() == XDtls::HandshakeNotStarted)
7069 && (dtls.dtlsErrorString().contains("handshake failure"))) {
71 setResult(0);
72 } else {
73 setResult(-1);
70 ;
71 } else {
7472 printTestFailed("encrypted session was established, but should not");
7573 }
7674
133131 mediumCiphers << cipher;
134132 }
135133 if (mediumCiphers.size() == 0) {
136 setResult(-1);
137134 printTestFailed();
138135 QThread::currentThread()->quit();
139136 return;
148145
149146 bool ret = dtls.doHandshake(socket);
150147 if (!ret) {
151 setResult(-1);
152148 printTestFailed("handshake failed too early");
153149 dtls.shutdown(socket);
154150 return;
164160
165161 if ((dtls.handshakeState() == XDtls::HandshakeNotStarted)
166162 && (dtls.dtlsErrorString().contains("handshake failure"))) {
167 setResult(0);
168 } else {
169 setResult(-1);
163 ;
164 } else {
170165 printTestFailed("encrypted session was established, but should not");
171166 }
172167
230225 highCiphers << cipher;
231226 }
232227 if (highCiphers.size() == 0) {
233 setResult(-1);
234228 printTestFailed();
235229 QThread::currentThread()->quit();
236230 return;
245239
246240 bool ret = dtls.doHandshake(socket);
247241 if (!ret) {
248 setResult(-1);
249242 printTestFailed("handshake failed too early");
250243 dtls.shutdown(socket);
251244 return;
261254
262255 if ((dtls.handshakeState() == XDtls::HandshakeNotStarted)
263256 && (dtls.dtlsErrorString().contains("handshake failure"))) {
264 setResult(0);
265 } else {
266 setResult(-1);
257 ;
258 } else {
267259 printTestFailed("encrypted session was established, but should not");
268260 }
269261
327319 exportCiphers << cipher;
328320 }
329321 if (exportCiphers.size() == 0) {
330 setResult(-1);
331322 printTestFailed();
332323 QThread::currentThread()->quit();
333324 return;
342333
343334 bool ret = dtls.doHandshake(socket);
344335 if (!ret) {
345 setResult(-1);
346336 printTestFailed("handshake failed too early");
347337 dtls.shutdown(socket);
348338 return;
363353 }
364354
365355 if (verifyError) {
366 setResult(0);
367 } else {
368 setResult(-1);
356 ;
357 } else {
369358 printTestFailed("encrypted session was established, but should not");
370359 }
371360 dtls.shutdown(socket);
428417 exportCiphers << cipher;
429418 }
430419 if (exportCiphers.size() == 0) {
431 setResult(-1);
432420 printTestFailed();
433421 QThread::currentThread()->quit();
434422 return;
443431
444432 bool ret = dtls.doHandshake(socket);
445433 if (!ret) {
446 setResult(-1);
447434 printTestFailed("handshake failed too early");
448435 dtls.shutdown(socket);
449436 return;
464451 }
465452
466453 if (verifyError) {
467 setResult(-1);
468454 printTestFailed("encrypted session was not established, but should");
469455 } else {
470 setResult(0);
456 ;
471457 }
472458 dtls.shutdown(socket);
473459 }
503489 int main(int argc, char *argv[])
504490 {
505491 QCoreApplication a(argc, argv);
506 QThread thread;
507492 TestsLauncher *testsLauncher;
508493
509494 testsLauncher = new TestsLauncher(createAutotests());
510 testsLauncher->moveToThread(&thread);
511 QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater);
512 QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests);
495
513496 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
514497 qApp->exit(testsLauncher->testsResult());
515498 });
516499
517 thread.start();
518
519 int ret = a.exec();
520
521 thread.quit();
522 thread.wait();
523
524 return ret;
500 testsLauncher->launchNextTest();
501
502 return a.exec();
525503 }
526504
527505 #include "tests_SslTestCiphersDtls10Exp.moc"
+13
-35
tests/tests_SslTestCiphersDtls12Exp.cpp less more
5252
5353 bool ret = dtls.doHandshake(socket);
5454 if (!ret) {
55 setResult(-1);
5655 printTestFailed("handshake failed too early");
5756 dtls.shutdown(socket);
5857 return;
6867
6968 if ((dtls.handshakeState() == XDtls::HandshakeNotStarted)
7069 && (dtls.dtlsErrorString().contains("alert protocol version"))) {
71 setResult(0);
72 } else {
73 setResult(-1);
70 ;
71 } else {
7472 printTestFailed("encrypted session was established, but should not");
7573 }
7674
133131 mediumCiphers << cipher;
134132 }
135133 if (mediumCiphers.size() == 0) {
136 setResult(-1);
137134 printTestFailed();
138135 QThread::currentThread()->quit();
139136 return;
148145
149146 bool ret = dtls.doHandshake(socket);
150147 if (!ret) {
151 setResult(-1);
152148 printTestFailed("handshake failed too early");
153149 dtls.shutdown(socket);
154150 return;
164160
165161 if ((dtls.handshakeState() == XDtls::HandshakeNotStarted)
166162 && (dtls.dtlsErrorString().contains("handshake failure"))) {
167 setResult(0);
168 } else {
169 setResult(-1);
163 ;
164 } else {
170165 printTestFailed("encrypted session was established, but should not");
171166 }
172167
230225 highCiphers << cipher;
231226 }
232227 if (highCiphers.size() == 0) {
233 setResult(-1);
234228 printTestFailed();
235229 QThread::currentThread()->quit();
236230 return;
245239
246240 bool ret = dtls.doHandshake(socket);
247241 if (!ret) {
248 setResult(-1);
249242 printTestFailed("handshake failed too early");
250243 dtls.shutdown(socket);
251244 return;
261254
262255 if ((dtls.handshakeState() == XDtls::HandshakeNotStarted)
263256 && (dtls.dtlsErrorString().contains("handshake failure"))) {
264 setResult(0);
265 } else {
266 setResult(-1);
257 ;
258 } else {
267259 printTestFailed("encrypted session was established, but should not");
268260 }
269261
327319 exportCiphers << cipher;
328320 }
329321 if (exportCiphers.size() == 0) {
330 setResult(-1);
331322 printTestFailed();
332323 QThread::currentThread()->quit();
333324 return;
342333
343334 bool ret = dtls.doHandshake(socket);
344335 if (!ret) {
345 setResult(-1);
346336 printTestFailed("handshake failed too early");
347337 dtls.shutdown(socket);
348338 return;
363353 }
364354
365355 if (verifyError) {
366 setResult(0);
367 } else {
368 setResult(-1);
356 ;
357 } else {
369358 printTestFailed("encrypted session was established, but should not");
370359 }
371360 dtls.shutdown(socket);
428417 exportCiphers << cipher;
429418 }
430419 if (exportCiphers.size() == 0) {
431 setResult(-1);
432420 printTestFailed();
433421 QThread::currentThread()->quit();
434422 return;
443431
444432 bool ret = dtls.doHandshake(socket);
445433 if (!ret) {
446 setResult(-1);
447434 printTestFailed("handshake failed too early");
448435 dtls.shutdown(socket);
449436 return;
464451 }
465452
466453 if (verifyError) {
467 setResult(-1);
468454 printTestFailed("encrypted session was not established, but should");
469455 } else {
470 setResult(0);
456 ;
471457 }
472458 dtls.shutdown(socket);
473459 }
503489 int main(int argc, char *argv[])
504490 {
505491 QCoreApplication a(argc, argv);
506 QThread thread;
507492 TestsLauncher *testsLauncher;
508493
509494 testsLauncher = new TestsLauncher(createAutotests());
510 testsLauncher->moveToThread(&thread);
511 QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater);
512 QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests);
495
513496 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
514497 qApp->exit(testsLauncher->testsResult());
515498 });
516499
517 thread.start();
518
519 int ret = a.exec();
520
521 thread.quit();
522 thread.wait();
523
524 return ret;
500 testsLauncher->launchNextTest();
501
502 return a.exec();
525503 }
526504
527505 #include "tests_SslTestCiphersDtls12Exp.moc"
+83
-104
tests/tests_SslTestCiphersSsl3Med.cpp less more
3535
3636 void executeNextSslTest()
3737 {
38 if (!socket)
38 if (!socket) {
3939 socket = new XSslSocket;
4040
41 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
42 socket->setProtocol(XSsl::TlsV1_1OrLater);
41 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
42 socket->setProtocol(XSsl::TlsV1_1OrLater);
43
44 connect(socket, &XSslSocket::encrypted, [=]() {
45 printTestFailed("encrypted session was established, but should not");
46 });
47 }
4348
4449 socket->connectToHostEncrypted("localhost", 8443);
45
46 if (!socket->waitForEncrypted()) {
47 setResult(0);
48 } else {
49 setResult(-1);
50 printTestFailed("encrypted session was established, but should not");
51 }
52 socket->disconnectFromHost();
5350 }
5451
5552 void verifySslTestResult()
9087
9188 void executeNextSslTest()
9289 {
93 if (!socket)
90 if (!socket) {
9491 socket = new XSslSocket;
9592
96 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
97 socket->setProtocol(XSsl::SslV3);
98 QList<XSslCipher> mediumCiphers;
99 QStringList opensslCiphers = ciphers_medium_str.split(":");
100
101 for (int i = 0; i < opensslCiphers.size(); i++) {
102 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
103
104 if (!cipher.isNull())
105 mediumCiphers << cipher;
106 }
107 if (mediumCiphers.size() == 0) {
108 setResult(-1);
109 printTestFailed();
110 QThread::currentThread()->quit();
111 return;
112 }
113 socket->setCiphers(mediumCiphers);
93 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
94 socket->setProtocol(XSsl::SslV3);
95 QList<XSslCipher> mediumCiphers;
96 QStringList opensslCiphers = ciphers_medium_str.split(":");
97
98 for (int i = 0; i < opensslCiphers.size(); i++) {
99 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
100
101 if (!cipher.isNull())
102 mediumCiphers << cipher;
103 }
104 if (mediumCiphers.size() == 0) {
105 setResult(-1);
106 printTestFailed();
107 QThread::currentThread()->quit();
108 return;
109 }
110 socket->setCiphers(mediumCiphers);
111
112 connect(socket, &XSslSocket::encrypted, [=]() {
113 printTestFailed("encrypted session was established, but should not");
114 });
115 }
114116
115117 socket->connectToHostEncrypted("localhost", 8443);
116
117 if (!socket->waitForEncrypted()) {
118 setResult(0);
119 } else {
120 setResult(-1);
121 printTestFailed("encrypted session was established, but should not");
122 }
123 socket->disconnectFromHost();
124118 }
125119
126120 void verifySslTestResult()
161155
162156 void executeNextSslTest()
163157 {
164 if (!socket)
158 if (!socket) {
165159 socket = new XSslSocket;
166160
167 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
168 socket->setProtocol(XSsl::SslV3);
169 QList<XSslCipher> highCiphers;
170 QStringList opensslCiphers = ciphers_high_str.split(":");
171
172 for (int i = 0; i < opensslCiphers.size(); i++) {
173 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
174
175 if (!cipher.isNull())
176 highCiphers << cipher;
177 }
178 if (highCiphers.size() == 0) {
179 setResult(-1);
180 printTestFailed();
181 QThread::currentThread()->quit();
182 return;
183 }
184 socket->setCiphers(highCiphers);
161 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
162 socket->setProtocol(XSsl::SslV3);
163 QList<XSslCipher> highCiphers;
164 QStringList opensslCiphers = ciphers_high_str.split(":");
165
166 for (int i = 0; i < opensslCiphers.size(); i++) {
167 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
168
169 if (!cipher.isNull())
170 highCiphers << cipher;
171 }
172 if (highCiphers.size() == 0) {
173 setResult(-1);
174 printTestFailed();
175 QThread::currentThread()->quit();
176 return;
177 }
178 socket->setCiphers(highCiphers);
179
180 connect(socket, &XSslSocket::encrypted, [=]() {
181 printTestFailed("encrypted session was established, but should not");
182 });
183 }
185184
186185 socket->connectToHostEncrypted("localhost", 8443);
187
188 if (!socket->waitForEncrypted()) {
189 setResult(0);
190 } else {
191 setResult(-1);
192 printTestFailed("encrypted session was established, but should not");
193 }
194 socket->disconnectFromHost();
195186 }
196187
197188 void verifySslTestResult()
232223
233224 void executeNextSslTest()
234225 {
235 if (!socket)
226 if (!socket) {
236227 socket = new XSslSocket;
237228
238 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
239 socket->setProtocol(XSsl::SslV3);
240 QList<XSslCipher> mediumCiphers;
241 QStringList opensslCiphers = ciphers_medium_str.split(":");
242
243 for (int i = 0; i < opensslCiphers.size(); i++) {
244 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
245
246 if (!cipher.isNull())
247 mediumCiphers << cipher;
248 }
249 if (mediumCiphers.size() == 0) {
250 setResult(-1);
251 printTestFailed();
252 QThread::currentThread()->quit();
253 return;
254 }
255 socket->setCiphers(mediumCiphers);
229 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
230 socket->setProtocol(XSsl::SslV3);
231 QList<XSslCipher> mediumCiphers;
232 QStringList opensslCiphers = ciphers_medium_str.split(":");
233
234 for (int i = 0; i < opensslCiphers.size(); i++) {
235 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
236
237 if (!cipher.isNull())
238 mediumCiphers << cipher;
239 }
240 if (mediumCiphers.size() == 0) {
241 setResult(-1);
242 printTestFailed();
243 QThread::currentThread()->quit();
244 return;
245 }
246 socket->setCiphers(mediumCiphers);
247
248 connect(socket, &XSslSocket::encrypted, [=]() {
249 });
250 }
256251
257252 socket->connectToHostEncrypted("localhost", 8443);
258
259 if (!socket->waitForEncrypted()) {
260 setResult(-1);
261 printTestFailed("can not establish encrypted connection");
262 } else {
263 setResult(0);
264 }
265 socket->disconnectFromHost();
266253 }
267254
268255 void verifySslTestResult()
297284 int main(int argc, char *argv[])
298285 {
299286 QCoreApplication a(argc, argv);
300 QThread thread;
301287 TestsLauncher *testsLauncher;
302288
303289 testsLauncher = new TestsLauncher(createAutotests());
304 testsLauncher->moveToThread(&thread);
305 QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater);
306 QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests);
290
307291 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
308292 qApp->exit(testsLauncher->testsResult());
309293 });
310294
311 thread.start();
312
313 int ret = a.exec();
314
315 thread.quit();
316 thread.wait();
317
318 return ret;
295 testsLauncher->launchNextTest();
296
297 return a.exec();
319298 }
320299
321300 #include "tests_SslTestCiphersSsl3Med.moc"
+130
-154
tests/tests_SslTestCiphersTls10Med.cpp less more
3434
3535 void executeNextSslTest()
3636 {
37 if (!socket)
38 socket = new XSslSocket;
39
40 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
41 socket->setProtocol(XSsl::TlsV1_1OrLater);
42
43 socket->connectToHostEncrypted("localhost", 8443);
44
45 if (!socket->waitForEncrypted()) {
46 setResult(0);
47 } else {
48 setResult(-1);
49 printTestFailed("encrypted session was established, but should not");
50 }
51 socket->disconnectFromHost();
37 if (!socket) {
38 socket = new XSslSocket;
39
40 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
41 socket->setProtocol(XSsl::TlsV1_1OrLater);
42
43 connect(socket, &XSslSocket::encrypted, [=]() {
44 printTestFailed("encrypted session was established, but should not");
45 });
46 }
47
48 socket->connectToHostEncrypted("localhost", 8443);
5249 }
5350
5451 void verifySslTestResult()
8986
9087 void executeNextSslTest()
9188 {
92 if (!socket)
93 socket = new XSslSocket;
94
95 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
96 socket->setProtocol(XSsl::TlsV1_0);
97 QList<XSslCipher> mediumCiphers;
98 QStringList opensslCiphers = ciphers_medium_str.split(":");
99
100 for (int i = 0; i < opensslCiphers.size(); i++) {
101 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
102
103 if (!cipher.isNull())
104 mediumCiphers << cipher;
105 }
106 if (mediumCiphers.size() == 0) {
107 setResult(-1);
108 printTestFailed();
109 QThread::currentThread()->quit();
110 return;
111 }
112 socket->setCiphers(mediumCiphers);
113
114 socket->connectToHostEncrypted("localhost", 8443);
115
116 if (!socket->waitForEncrypted()) {
117 setResult(0);
118 } else {
119 setResult(-1);
120 printTestFailed("encrypted session was established, but should not");
121 }
122 socket->disconnectFromHost();
89 if (!socket) {
90 socket = new XSslSocket;
91
92 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
93 socket->setProtocol(XSsl::TlsV1_0);
94 QList<XSslCipher> mediumCiphers;
95 QStringList opensslCiphers = ciphers_medium_str.split(":");
96
97 for (int i = 0; i < opensslCiphers.size(); i++) {
98 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
99
100 if (!cipher.isNull())
101 mediumCiphers << cipher;
102 }
103 if (mediumCiphers.size() == 0) {
104 setResult(-1);
105 printTestFailed();
106 QThread::currentThread()->quit();
107 return;
108 }
109 socket->setCiphers(mediumCiphers);
110
111 connect(socket, &XSslSocket::encrypted, [=]() {
112 printTestFailed("encrypted session was established, but should not");
113 });
114 }
115
116 socket->connectToHostEncrypted("localhost", 8443);
123117 }
124118
125119 void verifySslTestResult()
160154
161155 void executeNextSslTest()
162156 {
163 if (!socket)
164 socket = new XSslSocket;
165
166 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
167 socket->setProtocol(XSsl::TlsV1_0);
168 QList<XSslCipher> highCiphers;
169 QStringList opensslCiphers = ciphers_high_str.split(":");
170
171 for (int i = 0; i < opensslCiphers.size(); i++) {
172 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
173
174 if (!cipher.isNull())
175 highCiphers << cipher;
176 }
177 if (highCiphers.size() == 0) {
178 setResult(-1);
179 printTestFailed();
180 QThread::currentThread()->quit();
181 return;
182 }
183 socket->setCiphers(highCiphers);
184
185 socket->connectToHostEncrypted("localhost", 8443);
186
187 if (!socket->waitForEncrypted()) {
188 setResult(0);
189 } else {
190 setResult(-1);
191 printTestFailed("encrypted session was established, but should not");
192 }
193 socket->disconnectFromHost();
157 if (!socket) {
158 socket = new XSslSocket;
159
160 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
161 socket->setProtocol(XSsl::TlsV1_0);
162 QList<XSslCipher> highCiphers;
163 QStringList opensslCiphers = ciphers_high_str.split(":");
164
165 for (int i = 0; i < opensslCiphers.size(); i++) {
166 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
167
168 if (!cipher.isNull())
169 highCiphers << cipher;
170 }
171 if (highCiphers.size() == 0) {
172 setResult(-1);
173 printTestFailed();
174 QThread::currentThread()->quit();
175 return;
176 }
177 socket->setCiphers(highCiphers);
178
179 connect(socket, &XSslSocket::encrypted, [=]() {
180 printTestFailed("encrypted session was established, but should not");
181 });
182 }
183
184 socket->connectToHostEncrypted("localhost", 8443);
194185 }
195186
196187 void verifySslTestResult()
231222
232223 void executeNextSslTest()
233224 {
234 if (!socket)
235 socket = new XSslSocket;
236
237 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
238 socket->setProtocol(XSsl::TlsV1_0);
239 QList<XSslCipher> mediumCiphers;
240 QStringList opensslCiphers = ciphers_medium_str.split(":");
241
242 for (int i = 0; i < opensslCiphers.size(); i++) {
243 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
244
245 if (!cipher.isNull())
246 mediumCiphers << cipher;
247 }
248 if (mediumCiphers.size() == 0) {
249 setResult(-1);
250 printTestFailed();
251 QThread::currentThread()->quit();
252 return;
253 }
254 socket->setCiphers(mediumCiphers);
255
256 socket->connectToHostEncrypted("localhost", 8443);
257
258 if (!socket->waitForEncrypted()) {
259 setResult(-1);
260 printTestFailed("can not establish encrypted connection");
261 } else {
262 setResult(0);
263 }
264 socket->disconnectFromHost();
225 if (!socket) {
226 socket = new XSslSocket;
227
228 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
229 socket->setProtocol(XSsl::TlsV1_0);
230 QList<XSslCipher> mediumCiphers;
231 QStringList opensslCiphers = ciphers_medium_str.split(":");
232
233 for (int i = 0; i < opensslCiphers.size(); i++) {
234 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
235
236 if (!cipher.isNull())
237 mediumCiphers << cipher;
238 }
239 if (mediumCiphers.size() == 0) {
240 setResult(-1);
241 printTestFailed();
242 QThread::currentThread()->quit();
243 return;
244 }
245 socket->setCiphers(mediumCiphers);
246
247 connect(socket, &XSslSocket::encrypted, [=]() {
248 });
249 }
250
251 socket->connectToHostEncrypted("localhost", 8443);
265252 }
266253
267254 void verifySslTestResult()
303290
304291 void executeNextSslTest()
305292 {
306 if (!socket)
307 socket = new XSslSocket;
308
309 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
310 socket->setProtocol(XSsl::TlsV1_2);
311 QList<XSslCipher> mediumCiphers;
312 QStringList opensslCiphers = ciphers_medium_str.split(":");
313 opensslCiphers.append(ciphers_low_str.split(":"));
314 opensslCiphers.append(ciphers_export_str.split(":"));
315 opensslCiphers.append(ciphers_high_str.split(":"));
316
317 for (int i = 0; i < opensslCiphers.size(); i++) {
318 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
319
320 if (!cipher.isNull())
321 mediumCiphers << cipher;
322 }
323 if (mediumCiphers.size() == 0) {
324 setResult(-1);
325 printTestFailed();
326 QThread::currentThread()->quit();
327 return;
328 }
329 socket->setCiphers(mediumCiphers);
330
331 socket->connectToHostEncrypted("localhost", 8443);
332
333 if (!socket->waitForEncrypted()) {
334 setResult(0);
335 } else {
336 setResult(-1);
337 printTestFailed("encrypted session was established, but should not");
338 }
339 socket->disconnectFromHost();
293 if (!socket) {
294 socket = new XSslSocket;
295
296 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
297 socket->setProtocol(XSsl::TlsV1_2);
298 QList<XSslCipher> mediumCiphers;
299 QStringList opensslCiphers = ciphers_medium_str.split(":");
300 opensslCiphers.append(ciphers_low_str.split(":"));
301 opensslCiphers.append(ciphers_export_str.split(":"));
302 opensslCiphers.append(ciphers_high_str.split(":"));
303
304 for (int i = 0; i < opensslCiphers.size(); i++) {
305 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
306
307 if (!cipher.isNull())
308 mediumCiphers << cipher;
309 }
310 if (mediumCiphers.size() == 0) {
311 setResult(-1);
312 printTestFailed();
313 QThread::currentThread()->quit();
314 return;
315 }
316 socket->setCiphers(mediumCiphers);
317
318 connect(socket, &XSslSocket::encrypted, [=]() {
319 printTestFailed("encrypted session was established, but should not");
320 });
321 }
322
323 socket->connectToHostEncrypted("localhost", 8443);
340324 }
341325
342326 void verifySslTestResult()
371355 int main(int argc, char *argv[])
372356 {
373357 QCoreApplication a(argc, argv);
374 QThread thread;
375358 TestsLauncher *testsLauncher;
376359
377360 testsLauncher = new TestsLauncher(createAutotests());
378 testsLauncher->moveToThread(&thread);
379 QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater);
380 QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests);
361
381362 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
382363 qApp->exit(testsLauncher->testsResult());
383364 });
384365
385 thread.start();
386
387 int ret = a.exec();
388
389 thread.quit();
390 thread.wait();
391
392 return ret;
366 testsLauncher->launchNextTest();
367
368 return a.exec();
393369 }
394370
395371 #include "tests_SslTestCiphersTls10Med.moc"
+83
-104
tests/tests_SslTestCiphersTls11Med.cpp less more
3434
3535 void executeNextSslTest()
3636 {
37 if (!socket)
37 if (!socket) {
3838 socket = new XSslSocket;
3939
40 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
41 socket->setProtocol(XSsl::TlsV1_2);
40 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
41 socket->setProtocol(XSsl::TlsV1_2);
42
43 connect(socket, &XSslSocket::encrypted, [=]() {
44 printTestFailed("encrypted session was established, but should not");
45 });
46 }
4247
4348 socket->connectToHostEncrypted("localhost", 8443);
44
45 if (!socket->waitForEncrypted()) {
46 setResult(0);
47 } else {
48 setResult(-1);
49 printTestFailed("encrypted session was established, but should not");
50 }
51 socket->disconnectFromHost();
5249 }
5350
5451 void verifySslTestResult()
8986
9087 void executeNextSslTest()
9188 {
92 if (!socket)
89 if (!socket) {
9390 socket = new XSslSocket;
9491
95 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
96 socket->setProtocol(XSsl::TlsV1_1);
97 QList<XSslCipher> mediumCiphers;
98 QStringList opensslCiphers = ciphers_medium_str.split(":");
99
100 for (int i = 0; i < opensslCiphers.size(); i++) {
101 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
102
103 if (!cipher.isNull())
104 mediumCiphers << cipher;
105 }
106 if (mediumCiphers.size() == 0) {
107 setResult(-1);
108 printTestFailed();
109 QThread::currentThread()->quit();
110 return;
111 }
112 socket->setCiphers(mediumCiphers);
92 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
93 socket->setProtocol(XSsl::TlsV1_1);
94 QList<XSslCipher> mediumCiphers;
95 QStringList opensslCiphers = ciphers_medium_str.split(":");
96
97 for (int i = 0; i < opensslCiphers.size(); i++) {
98 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
99
100 if (!cipher.isNull())
101 mediumCiphers << cipher;
102 }
103 if (mediumCiphers.size() == 0) {
104 setResult(-1);
105 printTestFailed();
106 QThread::currentThread()->quit();
107 return;
108 }
109 socket->setCiphers(mediumCiphers);
110
111 connect(socket, &XSslSocket::encrypted, [=]() {
112 printTestFailed("encrypted session was established, but should not");
113 });
114 }
113115
114116 socket->connectToHostEncrypted("localhost", 8443);
115
116 if (!socket->waitForEncrypted()) {
117 setResult(0);
118 } else {
119 setResult(-1);
120 printTestFailed("encrypted session was established, but should not");
121 }
122 socket->disconnectFromHost();
123117 }
124118
125119 void verifySslTestResult()
160154
161155 void executeNextSslTest()
162156 {
163 if (!socket)
157 if (!socket) {
164158 socket = new XSslSocket;
165159
166 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
167 socket->setProtocol(XSsl::TlsV1_1);
168 QList<XSslCipher> highCiphers;
169 QStringList opensslCiphers = ciphers_high_str.split(":");
170
171 for (int i = 0; i < opensslCiphers.size(); i++) {
172 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
173
174 if (!cipher.isNull())
175 highCiphers << cipher;
176 }
177 if (highCiphers.size() == 0) {
178 setResult(-1);
179 printTestFailed();
180 QThread::currentThread()->quit();
181 return;
182 }
183 socket->setCiphers(highCiphers);
160 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
161 socket->setProtocol(XSsl::TlsV1_1);
162 QList<XSslCipher> highCiphers;
163 QStringList opensslCiphers = ciphers_high_str.split(":");
164
165 for (int i = 0; i < opensslCiphers.size(); i++) {
166 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
167
168 if (!cipher.isNull())
169 highCiphers << cipher;
170 }
171 if (highCiphers.size() == 0) {
172 setResult(-1);
173 printTestFailed();
174 QThread::currentThread()->quit();
175 return;
176 }
177 socket->setCiphers(highCiphers);
178
179 connect(socket, &XSslSocket::encrypted, [=]() {
180 printTestFailed("encrypted session was established, but should not");
181 });
182 }
184183
185184 socket->connectToHostEncrypted("localhost", 8443);
186
187 if (!socket->waitForEncrypted()) {
188 setResult(0);
189 } else {
190 setResult(-1);
191 printTestFailed("encrypted session was established, but should not");
192 }
193 socket->disconnectFromHost();
194185 }
195186
196187 void verifySslTestResult()
231222
232223 void executeNextSslTest()
233224 {
234 if (!socket)
225 if (!socket) {
235226 socket = new XSslSocket;
236227
237 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
238 socket->setProtocol(XSsl::TlsV1_1);
239 QList<XSslCipher> mediumCiphers;
240 QStringList opensslCiphers = ciphers_medium_str.split(":");
241
242 for (int i = 0; i < opensslCiphers.size(); i++) {
243 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
244
245 if (!cipher.isNull())
246 mediumCiphers << cipher;
247 }
248 if (mediumCiphers.size() == 0) {
249 setResult(-1);
250 printTestFailed();
251 QThread::currentThread()->quit();
252 return;
253 }
254 socket->setCiphers(mediumCiphers);
228 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
229 socket->setProtocol(XSsl::TlsV1_1);
230 QList<XSslCipher> mediumCiphers;
231 QStringList opensslCiphers = ciphers_medium_str.split(":");
232
233 for (int i = 0; i < opensslCiphers.size(); i++) {
234 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
235
236 if (!cipher.isNull())
237 mediumCiphers << cipher;
238 }
239 if (mediumCiphers.size() == 0) {
240 setResult(-1);
241 printTestFailed();
242 QThread::currentThread()->quit();
243 return;
244 }
245 socket->setCiphers(mediumCiphers);
246
247 connect(socket, &XSslSocket::encrypted, [=]() {
248 });
249 }
255250
256251 socket->connectToHostEncrypted("localhost", 8443);
257
258 if (!socket->waitForEncrypted()) {
259 setResult(-1);
260 printTestFailed("can not establish encrypted connection");
261 } else {
262 setResult(0);
263 }
264 socket->disconnectFromHost();
265252 }
266253
267254 void verifySslTestResult()
296283 int main(int argc, char *argv[])
297284 {
298285 QCoreApplication a(argc, argv);
299 QThread thread;
300286 TestsLauncher *testsLauncher;
301287
302288 testsLauncher = new TestsLauncher(createAutotests());
303 testsLauncher->moveToThread(&thread);
304 QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater);
305 QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests);
289
306290 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
307291 qApp->exit(testsLauncher->testsResult());
308292 });
309293
310 thread.start();
311
312 int ret = a.exec();
313
314 thread.quit();
315 thread.wait();
316
317 return ret;
294 testsLauncher->launchNextTest();
295
296 return a.exec();
318297 }
319298
320299 #include "tests_SslTestCiphersTls11Med.moc"
+84
-104
tests/tests_SslTestCiphersTls12Med.cpp less more
3434
3535 void executeNextSslTest()
3636 {
37 if (!socket)
37 if (!socket) {
3838 socket = new XSslSocket;
3939
40 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
41 socket->setProtocol(XSsl::TlsV1_1);
40 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
41 socket->setProtocol(XSsl::TlsV1_1);
42
43 connect(socket, &XSslSocket::encrypted, [=]() {
44 printTestFailed("encrypted session was established, but should not");
45 });
46 }
4247
4348 socket->connectToHostEncrypted("localhost", 8443);
44
45 if (!socket->waitForEncrypted()) {
46 setResult(0);
47 } else {
48 setResult(-1);
49 printTestFailed("encrypted session was established, but should not");
50 }
51 socket->disconnectFromHost();
5249 }
5350
5451 void verifySslTestResult()
8986
9087 void executeNextSslTest()
9188 {
92 if (!socket)
89 if (!socket) {
9390 socket = new XSslSocket;
9491
95 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
96 socket->setProtocol(XSsl::TlsV1_2);
97 QList<XSslCipher> mediumCiphers;
98 QStringList opensslCiphers = ciphers_medium_str.split(":");
99
100 for (int i = 0; i < opensslCiphers.size(); i++) {
101 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
102
103 if (!cipher.isNull())
104 mediumCiphers << cipher;
105 }
106 if (mediumCiphers.size() == 0) {
107 setResult(-1);
108 printTestFailed();
109 QThread::currentThread()->quit();
110 return;
111 }
112 socket->setCiphers(mediumCiphers);
92 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
93 socket->setProtocol(XSsl::TlsV1_2);
94 QList<XSslCipher> mediumCiphers;
95 QStringList opensslCiphers = ciphers_medium_str.split(":");
96
97 for (int i = 0; i < opensslCiphers.size(); i++) {
98 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
99
100 if (!cipher.isNull())
101 mediumCiphers << cipher;
102 }
103 if (mediumCiphers.size() == 0) {
104 setResult(-1);
105 printTestFailed();
106 QThread::currentThread()->quit();
107 return;
108 }
109 socket->setCiphers(mediumCiphers);
110
111 connect(socket, &XSslSocket::encrypted, [=]() {
112 printTestFailed("encrypted session was established, but should not");
113 });
114 }
113115
114116 socket->connectToHostEncrypted("localhost", 8443);
115
116 if (!socket->waitForEncrypted()) {
117 setResult(0);
118 } else {
119 setResult(-1);
120 printTestFailed("encrypted session was established, but should not");
121 }
122 socket->disconnectFromHost();
123117 }
124118
125119 void verifySslTestResult()
160154
161155 void executeNextSslTest()
162156 {
163 if (!socket)
157 if (!socket) {
164158 socket = new XSslSocket;
165159
166 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
167 socket->setProtocol(XSsl::TlsV1_2);
168 QList<XSslCipher> highCiphers;
169 QStringList opensslCiphers = ciphers_high_str.split(":");
170
171 for (int i = 0; i < opensslCiphers.size(); i++) {
172 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
173
174 if (!cipher.isNull())
175 highCiphers << cipher;
176 }
177 if (highCiphers.size() == 0) {
178 setResult(-1);
179 printTestFailed();
180 QThread::currentThread()->quit();
181 return;
182 }
183 socket->setCiphers(highCiphers);
160 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
161 socket->setProtocol(XSsl::TlsV1_2);
162 QList<XSslCipher> highCiphers;
163 QStringList opensslCiphers = ciphers_high_str.split(":");
164
165 for (int i = 0; i < opensslCiphers.size(); i++) {
166 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
167
168 if (!cipher.isNull())
169 highCiphers << cipher;
170 }
171 if (highCiphers.size() == 0) {
172 setResult(-1);
173 printTestFailed();
174 QThread::currentThread()->quit();
175 return;
176 }
177 socket->setCiphers(highCiphers);
178
179 connect(socket, &XSslSocket::encrypted, [=]() {
180 connect(socket, &XSslSocket::encrypted, [=]() {
181 });
182 });
183 }
184184
185185 socket->connectToHostEncrypted("localhost", 8443);
186
187 if (!socket->waitForEncrypted()) {
188 setResult(0);
189 } else {
190 setResult(-1);
191 printTestFailed("encrypted session was established, but should not");
192 }
193 socket->disconnectFromHost();
194186 }
195187
196188 void verifySslTestResult()
231223
232224 void executeNextSslTest()
233225 {
234 if (!socket)
226 if (!socket) {
235227 socket = new XSslSocket;
236228
237 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
238 socket->setProtocol(XSsl::TlsV1_2);
239 QList<XSslCipher> mediumCiphers;
240 QStringList opensslCiphers = ciphers_medium_str.split(":");
241
242 for (int i = 0; i < opensslCiphers.size(); i++) {
243 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
244
245 if (!cipher.isNull())
246 mediumCiphers << cipher;
247 }
248 if (mediumCiphers.size() == 0) {
249 setResult(-1);
250 printTestFailed();
251 QThread::currentThread()->quit();
252 return;
253 }
254 socket->setCiphers(mediumCiphers);
229 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
230 socket->setProtocol(XSsl::TlsV1_2);
231 QList<XSslCipher> mediumCiphers;
232 QStringList opensslCiphers = ciphers_medium_str.split(":");
233
234 for (int i = 0; i < opensslCiphers.size(); i++) {
235 XSslCipher cipher = XSslCipher(opensslCiphers.at(i));
236
237 if (!cipher.isNull())
238 mediumCiphers << cipher;
239 }
240 if (mediumCiphers.size() == 0) {
241 setResult(-1);
242 printTestFailed();
243 QThread::currentThread()->quit();
244 return;
245 }
246 socket->setCiphers(mediumCiphers);
247
248 connect(socket, &XSslSocket::encrypted, [=]() {
249 });
250 }
255251
256252 socket->connectToHostEncrypted("localhost", 8443);
257
258 if (!socket->waitForEncrypted()) {
259 setResult(-1);
260 printTestFailed("can not establish encrypted connection");
261 } else {
262 setResult(0);
263 }
264 socket->disconnectFromHost();
265253 }
266254
267255 void verifySslTestResult()
296284 int main(int argc, char *argv[])
297285 {
298286 QCoreApplication a(argc, argv);
299 QThread thread;
300287 TestsLauncher *testsLauncher;
301288
302289 testsLauncher = new TestsLauncher(createAutotests());
303 testsLauncher->moveToThread(&thread);
304 QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater);
305 QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests);
290
306291 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
307292 qApp->exit(testsLauncher->testsResult());
308293 });
309294
310 thread.start();
311
312 int ret = a.exec();
313
314 thread.quit();
315 thread.wait();
316
317 return ret;
295 testsLauncher->launchNextTest();
296
297 return a.exec();
318298 }
319299
320300 #include "tests_SslTestCiphersTls12Med.moc"
+52
-73
tests/tests_SslTestProtoSsl2.cpp less more
3434
3535 void executeNextSslTest()
3636 {
37 if (!socket)
38 socket = new XSslSocket;
39
40 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
41 socket->setProtocol(XSsl::TlsV1_1OrLater);
42
43 socket->connectToHostEncrypted("localhost", 8443);
44
45 if (!socket->waitForEncrypted()) {
46 setResult(0);
47 } else {
48 setResult(-1);
49 printTestFailed("encrypted session was established, but should not");
50 }
51 socket->disconnectFromHost();
37 if (!socket) {
38 socket = new XSslSocket;
39
40 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
41 socket->setProtocol(XSsl::TlsV1_1OrLater);
42
43 connect(socket, &XSslSocket::encrypted, [=]() {
44 printTestFailed("encrypted session was established, but should not");
45 });
46 }
47
48 socket->connectToHostEncrypted("localhost", 8443);
5249 }
5350
5451 void verifySslTestResult()
8885
8986 void executeNextSslTest()
9087 {
91 if (!socket)
92 socket = new XSslSocket;
93
94 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
95 socket->setProtocol(XSsl::SslV2);
96
97 socket->connectToHostEncrypted("localhost", 8443);
98
99 if (!socket->waitForEncrypted()) {
100 setResult(0);
101 } else {
102 setResult(-1);
103 printTestFailed("encrypted session was established, but should not");
104 }
105 socket->disconnectFromHost();
88 if (!socket) {
89 socket = new XSslSocket;
90
91 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
92 socket->setProtocol(XSsl::SslV2);
93
94 connect(socket, &XSslSocket::encrypted, [=]() {
95 printTestFailed("encrypted session was established, but should not");
96 });
97 }
98
99 socket->connectToHostEncrypted("localhost", 8443);
106100 }
107101
108102 void verifySslTestResult()
143137
144138 void executeNextSslTest()
145139 {
146 if (!socket)
147 socket = new XSslSocket;
148
149 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
150 socket->setProtocol(XSsl::TlsV1_1OrLater);
151
152 socket->connectToHostEncrypted("localhost", 8443);
153
154 if (!socket->waitForEncrypted()) {
155 setResult(0);
156 } else {
157 setResult(-1);
158 printTestFailed("encrypted session was established, but should not");
159 }
160 socket->disconnectFromHost();
140 if (!socket) {
141 socket = new XSslSocket;
142
143 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
144 socket->setProtocol(XSsl::TlsV1_1OrLater);
145
146 connect(socket, &XSslSocket::encrypted, [=]() {
147 printTestFailed("encrypted session was established, but should not");
148 });
149 }
150
151 socket->connectToHostEncrypted("localhost", 8443);
161152 }
162153
163154 void verifySslTestResult()
198189
199190 void executeNextSslTest()
200191 {
201 if (!socket)
202 socket = new XSslSocket;
203
204 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
205 // AnyProtocol does not include SSLv2
206 socket->setProtocol(XSsl::SslV2);
207
208 socket->connectToHostEncrypted("localhost", 8443);
209
210 if (!socket->waitForEncrypted()) {
211 setResult(-1);
212 printTestFailed("can not establish encrypted connection");
213 } else {
214 setResult(0);
215 }
216 socket->disconnectFromHost();
192 if (!socket) {
193 socket = new XSslSocket;
194
195 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
196 // AnyProtocol does not include SSLv2
197 socket->setProtocol(XSsl::SslV2);
198
199 connect(socket, &XSslSocket::encrypted, [=]() {
200 });
201 }
202
203 socket->connectToHostEncrypted("localhost", 8443);
217204 }
218205
219206 void verifySslTestResult()
247234 int main(int argc, char *argv[])
248235 {
249236 QCoreApplication a(argc, argv);
250 QThread thread;
251237 TestsLauncher *testsLauncher;
252238
253239 testsLauncher = new TestsLauncher(createAutotests());
254 testsLauncher->moveToThread(&thread);
255 QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater);
256 QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests);
240
257241 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
258242 qApp->exit(testsLauncher->testsResult());
259243 });
260244
261 thread.start();
262
263 int ret = a.exec();
264
265 thread.quit();
266 thread.wait();
267
268 return ret;
245 testsLauncher->launchNextTest();
246
247 return a.exec();
269248 }
270249
271250 #include "tests_SslTestProtoSsl2.moc"
+51
-72
tests/tests_SslTestProtoSsl3.cpp less more
3434
3535 void executeNextSslTest()
3636 {
37 if (!socket)
38 socket = new XSslSocket;
39
40 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
41 socket->setProtocol(XSsl::TlsV1_1OrLater);
42
43 socket->connectToHostEncrypted("localhost", 8443);
44
45 if (!socket->waitForEncrypted()) {
46 setResult(0);
47 } else {
48 setResult(-1);
49 printTestFailed("encrypted session was established, but should not");
50 }
51 socket->disconnectFromHost();
37 if (!socket) {
38 socket = new XSslSocket;
39
40 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
41 socket->setProtocol(XSsl::TlsV1_1OrLater);
42
43 connect(socket, &XSslSocket::encrypted, [=]() {
44 printTestFailed("encrypted session was established, but should not");
45 });
46 }
47
48 socket->connectToHostEncrypted("localhost", 8443);
5249 }
5350
5451 void verifySslTestResult()
8885
8986 void executeNextSslTest()
9087 {
91 if (!socket)
92 socket = new XSslSocket;
93
94 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
95 socket->setProtocol(XSsl::SslV3);
96
97 socket->connectToHostEncrypted("localhost", 8443);
98
99 if (!socket->waitForEncrypted()) {
100 setResult(0);
101 } else {
102 setResult(-1);
103 printTestFailed("encrypted session was established, but should not");
104 }
105 socket->disconnectFromHost();
88 if (!socket) {
89 socket = new XSslSocket;
90
91 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
92 socket->setProtocol(XSsl::SslV3);
93
94 connect(socket, &XSslSocket::encrypted, [=]() {
95 printTestFailed("encrypted session was established, but should not");
96 });
97 }
98
99 socket->connectToHostEncrypted("localhost", 8443);
106100 }
107101
108102 void verifySslTestResult()
143137
144138 void executeNextSslTest()
145139 {
146 if (!socket)
147 socket = new XSslSocket;
148
149 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
150 socket->setProtocol(XSsl::TlsV1_1OrLater);
151
152 socket->connectToHostEncrypted("localhost", 8443);
153
154 if (!socket->waitForEncrypted()) {
155 setResult(0);
156 } else {
157 setResult(-1);
158 printTestFailed("encrypted session was established, but should not");
159 }
160 socket->disconnectFromHost();
140 if (!socket) {
141 socket = new XSslSocket;
142
143 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
144 socket->setProtocol(XSsl::TlsV1_1OrLater);
145
146 connect(socket, &XSslSocket::encrypted, [=]() {
147 printTestFailed("encrypted session was established, but should not");
148 });
149 }
150
151 socket->connectToHostEncrypted("localhost", 8443);
161152 }
162153
163154 void verifySslTestResult()
198189
199190 void executeNextSslTest()
200191 {
201 if (!socket)
202 socket = new XSslSocket;
203
204 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
205 socket->setProtocol(XSsl::SslV3);
206
207 socket->connectToHostEncrypted("localhost", 8443);
208
209 if (!socket->waitForEncrypted()) {
210 setResult(-1);
211 printTestFailed("can not establish encrypted connection");
212 } else {
213 setResult(0);
214 }
215 socket->disconnectFromHost();
192 if (!socket) {
193 socket = new XSslSocket;
194
195 socket->setPeerVerifyMode(XSslSocket::VerifyNone);
196 socket->setProtocol(XSsl::SslV3);
197
198 connect(socket, &XSslSocket::encrypted, [=]() {
199 });
200 }
201
202 socket->connectToHostEncrypted("localhost", 8443);
216203 }
217204
218205 void verifySslTestResult()
247234 int main(int argc, char *argv[])
248235 {
249236 QCoreApplication a(argc, argv);
250 QThread thread;
251237 TestsLauncher *testsLauncher;
252238
253239 testsLauncher = new TestsLauncher(createAutotests());
254 testsLauncher->moveToThread(&thread);
255 QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater);
256 QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests);
240
257241 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
258242 qApp->exit(testsLauncher->testsResult());
259243 });
260244
261 thread.start();
262
263 int ret = a.exec();
264
265 thread.quit();
266 thread.wait();
267
268 return ret;
245 testsLauncher->launchNextTest();
246
247 return a.exec();
269248 }
270249
271250 #include "tests_SslTestProtoSsl3.moc"
+19
-33
tests/tests_SslTestProtoTls10.cpp less more
3434
3535 void executeNextSslTest()
3636 {
37 if (!socket)
37 if (!socket) {
3838 socket = new XSslSocket;
3939
40 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
41 socket->setProtocol(XSsl::TlsV1_1OrLater);
40 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
41 socket->setProtocol(XSsl::TlsV1_1OrLater);
42
43 connect(socket, &XSslSocket::encrypted, [=]() {
44 printTestFailed("encrypted session was established, but should not");
45 });
46 }
4247
4348 socket->connectToHostEncrypted("localhost", 8443);
44
45 if (!socket->waitForEncrypted()) {
46 setResult(0);
47 } else {
48 setResult(-1);
49 printTestFailed("encrypted session was established, but should not");
50 }
51 socket->disconnectFromHost();
5249 }
5350
5451 void verifySslTestResult()
8986
9087 void executeNextSslTest()
9188 {
92 if (!socket)
89 if (!socket) {
9390 socket = new XSslSocket;
9491
95 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
96 socket->setProtocol(XSsl::TlsV1_0);
92 socket->setPeerVerifyMode(XSslSocket::VerifyPeer);
93 socket->setProtocol(XSsl::TlsV1_0);
94
95 connect(socket, &XSslSocket::encrypted, [=]() {
96 printTestFailed("encrypted session was established, but should not");
97 });
98 }
9799
98100 socket->connectToHostEncrypted("localhost", 8443);
99
100 if (!socket->waitForEncrypted()) {
101 setResult(0);
102 } else {
103 setResult(-1);
104 printTestFailed("encrypted session was established, but should not");
105 }
106 socket->disconnectFromHost();
107101 }
108102
109103 void verifySslTestResult()
135129 int main(int argc, char *argv[])
136130 {
137131 QCoreApplication a(argc, argv);
138 QThread thread;
139132 TestsLauncher *testsLauncher;
140133
141134 testsLauncher = new TestsLauncher(createAutotests());
142 testsLauncher->moveToThread(&thread);
143 QObject::connect(&thread, &QThread::finished, testsLauncher, &QObject::deleteLater);
144 QObject::connect(&thread, &QThread::started, testsLauncher, &TestsLauncher::launchTests);
135
145136 QObject::connect(testsLauncher, &TestsLauncher::autotestsFinished, [=](){
146137 qApp->exit(testsLauncher->testsResult());
147138 });
148139
149 thread.start();
140 testsLauncher->launchNextTest();
150141
151 int ret = a.exec();
152
153 thread.quit();
154 thread.wait();
155
156 return ret;
142 return a.exec();
157143 }
158144
159145 #include "tests_SslTestProtoTls10.moc"
+1
-1
thirdparty/qt-certificate-addon/src/certificate/certificatebuilder.cpp less more
369369 //
370370 // Sign the cert
371371 //
372 d->errnumber = gnutls_x509_crt_privkey_sign(d->crt, cacrt, abstractKey, GNUTLS_DIG_SHA1, 0);
372 d->errnumber = gnutls_x509_crt_privkey_sign(d->crt, cacrt, abstractKey, GNUTLS_DIG_SHA256, 0);
373373
374374 gnutls_x509_crt_deinit(cacrt);
375375 gnutls_x509_privkey_deinit(key);