Qt 4.8
Public Functions | Static Public Functions | Private Functions | Properties | Friends | List of all members
QSslConfiguration Class Reference

The QSslConfiguration class holds the configuration and state of an SSL connection. More...

#include <qsslconfiguration.h>

Public Functions

QList< QSslCertificatecaCertificates () const
 Returns this connection's CA certificate database. More...
 
QList< QSslCipherciphers () const
 Returns this connection's current cryptographic cipher suite. More...
 
bool isNull () const
 Returns true if this is a null QSslConfiguration object. More...
 
QSslCertificate localCertificate () const
 Returns the certificate to be presented to the peer during the SSL handshake process. More...
 
bool operator!= (const QSslConfiguration &other) const
 Returns true if this QSslConfiguration differs from other. More...
 
QSslConfigurationoperator= (const QSslConfiguration &other)
 Copies the configuration and state of other. More...
 
bool operator== (const QSslConfiguration &other) const
 Returns true if this QSslConfiguration object is equal to other. More...
 
QSslCertificate peerCertificate () const
 Returns the peer's digital certificate (i.e., the immediate certificate of the host you are connected to), or a null certificate, if the peer has not assigned a certificate. More...
 
QList< QSslCertificatepeerCertificateChain () const
 Returns the peer's chain of digital certificates, starting with the peer's immediate certificate and ending with the CA's certificate. More...
 
int peerVerifyDepth () const
 Returns the maximum number of certificates in the peer's certificate chain to be checked during the SSL handshake phase, or 0 (the default) if no maximum depth has been set, indicating that the whole certificate chain should be checked. More...
 
QSslSocket::PeerVerifyMode peerVerifyMode () const
 Returns the verify mode. More...
 
QSslKey privateKey () const
 Returns the QSslKey {SSL key} assigned to this connection or a null key if none has been assigned yet. More...
 
QSsl::SslProtocol protocol () const
 Returns the protocol setting for this SSL configuration. More...
 
 QSslConfiguration ()
 Constructs an empty SSL configuration. More...
 
 QSslConfiguration (const QSslConfiguration &other)
 Copies the configuration and state of other. More...
 
QSslCipher sessionCipher () const
 Returns the socket's cryptographic QSslCipher {cipher}, or a null cipher if the connection isn't encrypted. More...
 
void setCaCertificates (const QList< QSslCertificate > &certificates)
 Sets this socket's CA certificate database to be certificates. More...
 
void setCiphers (const QList< QSslCipher > &ciphers)
 Sets the cryptographic cipher suite for this socket to ciphers, which must contain a subset of the ciphers in the list returned by supportedCiphers(). More...
 
void setLocalCertificate (const QSslCertificate &certificate)
 Sets the certificate to be presented to the peer during SSL handshake to be certificate. More...
 
void setPeerVerifyDepth (int depth)
 Sets the maximum number of certificates in the peer's certificate chain to be checked during the SSL handshake phase, to depth. More...
 
void setPeerVerifyMode (QSslSocket::PeerVerifyMode mode)
 Sets the verify mode to mode. More...
 
void setPrivateKey (const QSslKey &key)
 Sets the connection's private QSslKey {key} to key. More...
 
void setProtocol (QSsl::SslProtocol protocol)
 Sets the protocol setting for this configuration to be protocol. More...
 
void setSslOption (QSsl::SslOption option, bool on)
 Enables or disables an SSL compatibility option. More...
 
bool testSslOption (QSsl::SslOption option) const
 Returns true if the specified SSL compatibility option is enabled. More...
 
 ~QSslConfiguration ()
 Releases any resources held by QSslConfiguration. More...
 

Static Public Functions

static QSslConfiguration defaultConfiguration ()
 Returns the default SSL configuration to be used in new SSL connections. More...
 
static void setDefaultConfiguration (const QSslConfiguration &configuration)
 Sets the default SSL configuration to be used in new SSL connections to be configuration. More...
 

Private Functions

 QSslConfiguration (QSslConfigurationPrivate *dd)
 

Properties

QSharedDataPointer< QSslConfigurationPrivated
 

Friends

class QSslConfigurationPrivate
 
class QSslSocket
 

Detailed Description

The QSslConfiguration class holds the configuration and state of an SSL connection.

Since
4.4
Note
This class or function is reentrant.
Attention
Module: QtNetwork

QSslConfiguration is used by Qt networking classes to relay information about an open SSL connection and to allow the application to control certain features of that connection.

The settings that QSslConfiguration currently supports are:

These settings are applied only during the connection handshake. Setting them after the connection has been established has no effect.

The state that QSslConfiguration supports are:

The state can only be obtained once the SSL connection starts, but not necessarily before it's done. Some settings may change during the course of the SSL connection without need to restart it (for instance, the cipher can be changed over time).

State in QSslConfiguration objects cannot be changed.

QSslConfiguration can be used with QSslSocket and the Network Access API.

Note that changing settings in QSslConfiguration is not enough to change the settings in the related SSL connection. You must call setSslConfiguration on a modified QSslConfiguration object to achieve that. The following example illustrates how to change the protocol to TLSv1 in a QSslSocket object:

QSslConfiguration config = sslSocket.sslConfiguration();
sslSocket.setSslConfiguration(config);
See also
QSsl::SslProtocol, QSslCertificate, QSslCipher, QSslKey QSslSocket, QNetworkAccessManager, QSslSocket::sslConfiguration(), QSslSocket::setSslConfiguration()

Definition at line 78 of file qsslconfiguration.h.

Constructors and Destructors

◆ QSslConfiguration() [1/3]

QSslConfiguration::QSslConfiguration ( )

Constructs an empty SSL configuration.

This configuration contains no valid settings and the state will be empty. isNull() will return true after this constructor is called.

Once any setter methods are called, isNull() will return false.

Definition at line 119 of file qsslconfiguration.cpp.

121 {
122 }
QSharedDataPointer< QSslConfigurationPrivate > d

◆ QSslConfiguration() [2/3]

QSslConfiguration::QSslConfiguration ( const QSslConfiguration other)

Copies the configuration and state of other.

If other is null, this object will be null too.

Definition at line 128 of file qsslconfiguration.cpp.

129  : d(other.d)
130 {
131 }
QSharedDataPointer< QSslConfigurationPrivate > d

◆ ~QSslConfiguration()

QSslConfiguration::~QSslConfiguration ( )

Releases any resources held by QSslConfiguration.

Definition at line 136 of file qsslconfiguration.cpp.

137 {
138  // QSharedDataPointer deletes d for us if necessary
139 }

◆ QSslConfiguration() [3/3]

QSslConfiguration::QSslConfiguration ( QSslConfigurationPrivate dd)
inlineprivate

Definition at line 115 of file qsslconfiguration_p.h.

116  : d(dd)
117 {
118 }
QSharedDataPointer< QSslConfigurationPrivate > d

Functions

◆ caCertificates()

QList< QSslCertificate > QSslConfiguration::caCertificates ( ) const

Returns this connection's CA certificate database.

The CA certificate database is used by the socket during the handshake phase to validate the peer's certificate. It can be modified prior to the handshake with setCaCertificates(), or with QSslSocket's QSslSocket::addCaCertificate() and QSslSocket::addCaCertificates().

See also
setCaCertificates()

Definition at line 503 of file qsslconfiguration.cpp.

Referenced by QSslSocket::setSslConfiguration().

504 {
505  return d->caCertificates;
506 }
QSharedDataPointer< QSslConfigurationPrivate > d
QList< QSslCertificate > caCertificates

◆ ciphers()

QList< QSslCipher > QSslConfiguration::ciphers ( ) const

Returns this connection's current cryptographic cipher suite.

This list is used during the handshake phase for choosing a session cipher. The returned list of ciphers is ordered by descending preference. (i.e., the first cipher in the list is the most preferred cipher). The session cipher will be the first one in the list that is also supported by the peer.

By default, the handshake phase can choose any of the ciphers supported by this system's SSL libraries, which may vary from system to system. The list of ciphers supported by this system's SSL libraries is returned by QSslSocket::supportedCiphers(). You can restrict the list of ciphers used for choosing the session cipher for this socket by calling setCiphers() with a subset of the supported ciphers. You can revert to using the entire set by calling setCiphers() with the list returned by QSslSocket::supportedCiphers().

See also
setCiphers(), QSslSocket::supportedCiphers()

Definition at line 473 of file qsslconfiguration.cpp.

Referenced by setCiphers(), and QSslSocket::setSslConfiguration().

474 {
475  return d->ciphers;
476 }
QSharedDataPointer< QSslConfigurationPrivate > d
QList< QSslCipher > ciphers

◆ defaultConfiguration()

QSslConfiguration QSslConfiguration::defaultConfiguration ( )
static

Returns the default SSL configuration to be used in new SSL connections.

The default SSL configuration consists of:

  • no local certificate and no private key
  • protocol SecureProtocols (meaning either TLS 1.0 or SSL 3 will be used)
  • the system's default CA certificate list
  • the cipher list equal to the list of the SSL libraries' supported SSL ciphers
See also
QSslSocket::supportedCiphers(), setDefaultConfiguration()

Definition at line 566 of file qsslconfiguration.cpp.

Referenced by QNetworkRequest::sslConfiguration(), and QHttpThreadDelegate::startRequest().

567 {
569 }
static QSslConfiguration defaultConfiguration()

◆ isNull()

bool QSslConfiguration::isNull ( ) const

Returns true if this is a null QSslConfiguration object.

A QSslConfiguration object is null if it has been default-constructed and no setter methods have been called.

See also
setProtocol(), setLocalCertificate(), setPrivateKey(), setCiphers(), setCaCertificates()

Definition at line 200 of file qsslconfiguration.cpp.

Referenced by QNetworkAccessHttpBackend::replySslConfigurationChanged(), QNetworkReply::setSslConfiguration(), and QNetworkReplyImpl::setSslConfigurationImplementation().

201 {
202  return (d->protocol == QSsl::SecureProtocols &&
204  d->peerVerifyDepth == 0 &&
205  d->allowRootCertOnDemandLoading == true &&
206  d->caCertificates.count() == 0 &&
207  d->ciphers.count() == 0 &&
209  d->privateKey.isNull() &&
210  d->peerCertificate.isNull() &&
211  d->peerCertificateChain.count() == 0 &&
215 }
QSharedDataPointer< QSslConfigurationPrivate > d
QList< QSslCipher > ciphers
int count(const T &t) const
Returns the number of occurrences of value in the list.
Definition: qlist.h:891
bool isNull() const
Returns true if this is a null certificate (i.e., a certificate with no contents); otherwise returns ...
QList< QSslCertificate > caCertificates
QSslSocket::PeerVerifyMode peerVerifyMode
QSslCertificate localCertificate
bool isNull() const
Returns true if this is a null key; otherwise false.
Definition: qsslkey.cpp:310
QList< QSslCertificate > peerCertificateChain

◆ localCertificate()

QSslCertificate QSslConfiguration::localCertificate ( ) const

Returns the certificate to be presented to the peer during the SSL handshake process.

See also
setLocalCertificate()

Definition at line 316 of file qsslconfiguration.cpp.

Referenced by QSslSocket::setSslConfiguration().

317 {
318  return d->localCertificate;
319 }
QSharedDataPointer< QSslConfigurationPrivate > d
QSslCertificate localCertificate

◆ operator!=()

QSslConfiguration::operator!= ( const QSslConfiguration other) const
inline

Returns true if this QSslConfiguration differs from other.

Two QSslConfiguration objects are considered different if any state or setting is different.

See also
operator==()

Definition at line 87 of file qsslconfiguration.h.

88  { return !(*this == other); }

◆ operator=()

QSslConfiguration & QSslConfiguration::operator= ( const QSslConfiguration other)

Copies the configuration and state of other.

If other is null, this object will be null too.

Definition at line 145 of file qsslconfiguration.cpp.

146 {
147  d = other.d;
148  return *this;
149 }
QSharedDataPointer< QSslConfigurationPrivate > d

◆ operator==()

bool QSslConfiguration::operator== ( const QSslConfiguration other) const

Returns true if this QSslConfiguration object is equal to other.

Two QSslConfiguration objects are considered equal if they have the exact same settings and state.

See also
operator!=()

Definition at line 160 of file qsslconfiguration.cpp.

161 {
162  if (d == other.d)
163  return true;
164  return d->peerCertificate == other.d->peerCertificate &&
166  d->localCertificate == other.d->localCertificate &&
167  d->privateKey == other.d->privateKey &&
168  d->sessionCipher == other.d->sessionCipher &&
169  d->ciphers == other.d->ciphers &&
170  d->caCertificates == other.d->caCertificates &&
171  d->protocol == other.d->protocol &&
172  d->peerVerifyMode == other.d->peerVerifyMode &&
173  d->peerVerifyDepth == other.d->peerVerifyDepth &&
175  d->sslOptions == other.d->sslOptions;
176 }
QSharedDataPointer< QSslConfigurationPrivate > d
QList< QSslCipher > ciphers
QList< QSslCertificate > caCertificates
QSslSocket::PeerVerifyMode peerVerifyMode
QSslCertificate localCertificate
QList< QSslCertificate > peerCertificateChain

◆ peerCertificate()

QSslCertificate QSslConfiguration::peerCertificate ( ) const

Returns the peer's digital certificate (i.e., the immediate certificate of the host you are connected to), or a null certificate, if the peer has not assigned a certificate.

The peer certificate is checked automatically during the handshake phase, so this function is normally used to fetch the certificate for display or for connection diagnostic purposes. It contains information about the peer, including its host name, the certificate issuer, and the peer's public key.

Because the peer certificate is set during the handshake phase, it is safe to access the peer certificate from a slot connected to the QSslSocket::sslErrors() signal, QNetworkReply::sslErrors() signal, or the QSslSocket::encrypted() signal.

If a null certificate is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn't have a certificate, or it can mean there is no connection.

If you want to check the peer's complete chain of certificates, use peerCertificateChain() to get them all at once.

See also
peerCertificateChain(), QSslSocket::sslErrors(), QSslSocket::ignoreSslErrors(), QNetworkReply::sslErrors(), QNetworkReply::ignoreSslErrors()

Definition at line 370 of file qsslconfiguration.cpp.

371 {
372  return d->peerCertificate;
373 }
QSharedDataPointer< QSslConfigurationPrivate > d

◆ peerCertificateChain()

QList< QSslCertificate > QSslConfiguration::peerCertificateChain ( ) const

Returns the peer's chain of digital certificates, starting with the peer's immediate certificate and ending with the CA's certificate.

Peer certificates are checked automatically during the handshake phase. This function is normally used to fetch certificates for display, or for performing connection diagnostics. Certificates contain information about the peer and the certificate issuers, including host name, issuer names, and issuer public keys.

Because the peer certificate is set during the handshake phase, it is safe to access the peer certificate from a slot connected to the QSslSocket::sslErrors() signal, QNetworkReply::sslErrors() signal, or the QSslSocket::encrypted() signal.

If an empty list is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn't have a certificate, or it can mean there is no connection.

If you want to get only the peer's immediate certificate, use peerCertificate().

See also
peerCertificate(), QSslSocket::sslErrors(), QSslSocket::ignoreSslErrors(), QNetworkReply::sslErrors(), QNetworkReply::ignoreSslErrors()

Definition at line 402 of file qsslconfiguration.cpp.

403 {
404  return d->peerCertificateChain;
405 }
QSharedDataPointer< QSslConfigurationPrivate > d
QList< QSslCertificate > peerCertificateChain

◆ peerVerifyDepth()

int QSslConfiguration::peerVerifyDepth ( ) const

Returns the maximum number of certificates in the peer's certificate chain to be checked during the SSL handshake phase, or 0 (the default) if no maximum depth has been set, indicating that the whole certificate chain should be checked.

The certificates are checked in issuing order, starting with the peer's own certificate, then its issuer's certificate, and so on.

See also
setPeerVerifyDepth(), peerVerifyMode()

Definition at line 285 of file qsslconfiguration.cpp.

Referenced by QSslSocket::setSslConfiguration().

286 {
287  return d->peerVerifyDepth;
288 }
QSharedDataPointer< QSslConfigurationPrivate > d

◆ peerVerifyMode()

QSslSocket::PeerVerifyMode QSslConfiguration::peerVerifyMode ( ) const

Returns the verify mode.

This mode decides whether QSslSocket should request a certificate from the peer (i.e., the client requests a certificate from the server, or a server requesting a certificate from the client), and whether it should require that this certificate is valid.

The default mode is AutoVerifyPeer, which tells QSslSocket to use VerifyPeer for clients, QueryPeer for servers.

See also
setPeerVerifyMode()

Definition at line 252 of file qsslconfiguration.cpp.

Referenced by QSslSocket::setSslConfiguration().

253 {
254  return d->peerVerifyMode;
255 }
QSharedDataPointer< QSslConfigurationPrivate > d
QSslSocket::PeerVerifyMode peerVerifyMode

◆ privateKey()

QSslKey QSslConfiguration::privateKey ( ) const

Returns the QSslKey {SSL key} assigned to this connection or a null key if none has been assigned yet.

See also
setPrivateKey(), localCertificate()

Definition at line 431 of file qsslconfiguration.cpp.

Referenced by QSslSocket::setSslConfiguration().

432 {
433  return d->privateKey;
434 }
QSharedDataPointer< QSslConfigurationPrivate > d

◆ protocol()

QSsl::SslProtocol QSslConfiguration::protocol ( ) const

Returns the protocol setting for this SSL configuration.

See also
setProtocol()

Definition at line 222 of file qsslconfiguration.cpp.

Referenced by setProtocol(), and QSslSocket::setSslConfiguration().

223 {
224  return d->protocol;
225 }
QSharedDataPointer< QSslConfigurationPrivate > d

◆ sessionCipher()

QSslCipher QSslConfiguration::sessionCipher ( ) const

Returns the socket's cryptographic QSslCipher {cipher}, or a null cipher if the connection isn't encrypted.

The socket's cipher for the session is set during the handshake phase. The cipher is used to encrypt and decrypt data transmitted through the socket.

The SSL infrastructure also provides functions for setting the ordered list of ciphers from which the handshake phase will eventually select the session cipher. This ordered list must be in place before the handshake phase begins.

See also
ciphers(), setCiphers(), QSslSocket::supportedCiphers()

Definition at line 420 of file qsslconfiguration.cpp.

421 {
422  return d->sessionCipher;
423 }
QSharedDataPointer< QSslConfigurationPrivate > d

◆ setCaCertificates()

void QSslConfiguration::setCaCertificates ( const QList< QSslCertificate > &  certificates)

Sets this socket's CA certificate database to be certificates.

The certificate database must be set prior to the SSL handshake. The CA certificate database is used by the socket during the handshake phase to validate the peer's certificate.

See also
caCertificates()

Definition at line 516 of file qsslconfiguration.cpp.

517 {
518  d->caCertificates = certificates;
520 }
QSharedDataPointer< QSslConfigurationPrivate > d
QList< QSslCertificate > caCertificates

◆ setCiphers()

void QSslConfiguration::setCiphers ( const QList< QSslCipher > &  ciphers)

Sets the cryptographic cipher suite for this socket to ciphers, which must contain a subset of the ciphers in the list returned by supportedCiphers().

Restricting the cipher suite must be done before the handshake phase, where the session cipher is chosen.

See also
ciphers(), QSslSocket::supportedCiphers()

Definition at line 488 of file qsslconfiguration.cpp.

489 {
490  d->ciphers = ciphers;
491 }
QSharedDataPointer< QSslConfigurationPrivate > d
QList< QSslCipher > ciphers() const
Returns this connection&#39;s current cryptographic cipher suite.
QList< QSslCipher > ciphers

◆ setDefaultConfiguration()

void QSslConfiguration::setDefaultConfiguration ( const QSslConfiguration configuration)
static

Sets the default SSL configuration to be used in new SSL connections to be configuration.

Existing connections are not affected by this call.

See also
QSslSocket::supportedCiphers(), defaultConfiguration()

Definition at line 578 of file qsslconfiguration.cpp.

579 {
581 }
static void setDefaultConfiguration(const QSslConfiguration &configuration)

◆ setLocalCertificate()

void QSslConfiguration::setLocalCertificate ( const QSslCertificate certificate)

Sets the certificate to be presented to the peer during SSL handshake to be certificate.

Setting the certificate once the connection has been established has no effect.

A certificate is the means of identification used in the SSL process. The local certificate is used by the remote end to verify the local user's identity against its list of Certification Authorities. In most cases, such as in HTTP web browsing, only servers identify to the clients, so the client does not send a certificate.

See also
localCertificate()

Definition at line 337 of file qsslconfiguration.cpp.

338 {
339  d->localCertificate = certificate;
340 }
QSharedDataPointer< QSslConfigurationPrivate > d
QSslCertificate localCertificate

◆ setPeerVerifyDepth()

void QSslConfiguration::setPeerVerifyDepth ( int  depth)

Sets the maximum number of certificates in the peer's certificate chain to be checked during the SSL handshake phase, to depth.

Setting a depth of 0 means that no maximum depth is set, indicating that the whole certificate chain should be checked.

The certificates are checked in issuing order, starting with the peer's own certificate, then its issuer's certificate, and so on.

See also
peerVerifyDepth(), setPeerVerifyMode()

Definition at line 301 of file qsslconfiguration.cpp.

302 {
303  if (depth < 0) {
304  qWarning("QSslConfiguration::setPeerVerifyDepth: cannot set negative depth of %d", depth);
305  return;
306  }
307  d->peerVerifyDepth = depth;
308 }
QSharedDataPointer< QSslConfigurationPrivate > d
Q_CORE_EXPORT void qWarning(const char *,...)

◆ setPeerVerifyMode()

void QSslConfiguration::setPeerVerifyMode ( QSslSocket::PeerVerifyMode  mode)

Sets the verify mode to mode.

This mode decides whether QSslSocket should request a certificate from the peer (i.e., the client requests a certificate from the server, or a server requesting a certificate from the client), and whether it should require that this certificate is valid.

The default mode is AutoVerifyPeer, which tells QSslSocket to use VerifyPeer for clients, QueryPeer for servers.

See also
peerVerifyMode()

Definition at line 268 of file qsslconfiguration.cpp.

269 {
270  d->peerVerifyMode = mode;
271 }
QSharedDataPointer< QSslConfigurationPrivate > d
QSslSocket::PeerVerifyMode peerVerifyMode

◆ setPrivateKey()

void QSslConfiguration::setPrivateKey ( const QSslKey key)

Sets the connection's private QSslKey {key} to key.

The private key and the local QSslCertificate {certificate} are used by clients and servers that must prove their identity to SSL peers.

Both the key and the local certificate are required if you are creating an SSL server socket. If you are creating an SSL client socket, the key and local certificate are required if your client must identify itself to an SSL server.

See also
privateKey(), setLocalCertificate()

Definition at line 449 of file qsslconfiguration.cpp.

450 {
451  d->privateKey = key;
452 }
QSharedDataPointer< QSslConfigurationPrivate > d
int key

◆ setProtocol()

void QSslConfiguration::setProtocol ( QSsl::SslProtocol  protocol)

Sets the protocol setting for this configuration to be protocol.

Setting the protocol once the connection has already been established has no effect.

See also
protocol()

Definition at line 236 of file qsslconfiguration.cpp.

237 {
238  d->protocol = protocol;
239 }
QSharedDataPointer< QSslConfigurationPrivate > d
QSsl::SslProtocol protocol() const
Returns the protocol setting for this SSL configuration.

◆ setSslOption()

void QSslConfiguration::setSslOption ( QSsl::SslOption  option,
bool  on 
)

Enables or disables an SSL compatibility option.

See also
testSSlOption()

Definition at line 527 of file qsslconfiguration.cpp.

528 {
529  if (on)
530  d->sslOptions |= option;
531  else
532  d->sslOptions &= ~option;
533 }
QSharedDataPointer< QSslConfigurationPrivate > d

◆ testSslOption()

bool QSslConfiguration::testSslOption ( QSsl::SslOption  option) const

Returns true if the specified SSL compatibility option is enabled.

Since
4.8
See also
testSSlOption()

Definition at line 545 of file qsslconfiguration.cpp.

546 {
547  return d->sslOptions & option;
548 }
QSharedDataPointer< QSslConfigurationPrivate > d

Friends and Related Functions

◆ QSslConfigurationPrivate

Definition at line 130 of file qsslconfiguration.h.

◆ QSslSocket

friend class QSslSocket
friend

Definition at line 129 of file qsslconfiguration.h.

Properties

◆ d

QSharedDataPointer<QSslConfigurationPrivate> QSslConfiguration::d
private

The documentation for this class was generated from the following files: