Qt 4.8: /src/network/ssl/qsslsocket.cpp Source File

Go to the documentation of this file.
 /****************************************************************************
 **
 ** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
 ** Contact: http://www.qt-project.org/legal
 **
 ** This file is part of the QtNetwork module of the Qt Toolkit.
 **
 ** $QT_BEGIN_LICENSE:LGPL$
 ** Commercial License Usage
 ** Licensees holding valid commercial Qt licenses may use this file in
 ** accordance with the commercial license agreement provided with the
 ** Software or, alternatively, in accordance with the terms contained in
 ** a written agreement between you and Digia.  For licensing terms and
 ** conditions see http://qt.digia.com/licensing.  For further information
 ** use the contact form at http://qt.digia.com/contact-us.
 **
 ** GNU Lesser General Public License Usage
 ** Alternatively, this file may be used under the terms of the GNU Lesser
 ** General Public License version 2.1 as published by the Free Software
 ** Foundation and appearing in the file LICENSE.LGPL included in the
 ** packaging of this file.  Please review the following information to
 ** ensure the GNU Lesser General Public License version 2.1 requirements
 ** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
 **
 ** In addition, as a special exception, Digia gives you certain additional
 ** rights.  These rights are described in the Digia Qt LGPL Exception
 ** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
 **
 ** GNU General Public License Usage
 ** Alternatively, this file may be used under the terms of the GNU
 ** General Public License version 3.0 as published by the Free Software
 ** Foundation and appearing in the file LICENSE.GPL included in the
 ** packaging of this file.  Please review the following information to
 ** ensure the GNU General Public License version 3.0 requirements will be
 ** met: http://www.gnu.org/copyleft/gpl.html.
 **
 **
 ** $QT_END_LICENSE$
 **
 ****************************************************************************/
 
 
 //#define QSSLSOCKET_DEBUG
 
 #include "qsslcipher.h"
 #include "qsslsocket.h"
 #include "qsslsocket_openssl_p.h"
 #include "qsslconfiguration_p.h"
 
 #include <QtCore/qdebug.h>
 #include <QtCore/qdir.h>
 #include <QtCore/qmutex.h>
 #include <QtCore/qelapsedtimer.h>
 #include <QtNetwork/qhostaddress.h>
 #include <QtNetwork/qhostinfo.h>
 
 QT_BEGIN_NAMESPACE
 
 /*
    Returns the difference between msecs and elapsed. If msecs is -1,
    however, -1 is returned.
 */
 static int qt_timeout_value(int msecs, int elapsed)
 {
     if (msecs == -1)
         return -1;
 
     int timeout = msecs - elapsed;
     return timeout < 0 ? 0 : timeout;
 }
 
 class QSslSocketGlobalData
 {
 public:
     QSslSocketGlobalData() : config(new QSslConfigurationPrivate) {}
 
     QMutex mutex;
     QList<QSslCipher> supportedCiphers;
     QExplicitlySharedDataPointer<QSslConfigurationPrivate> config;
 };
 Q_GLOBAL_STATIC(QSslSocketGlobalData, globalData)
 
 
 QSslSocket::QSslSocket(QObject *parent)
     : QTcpSocket(*new QSslSocketBackendPrivate, parent)
 {
     Q_D(QSslSocket);
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::QSslSocket(" << parent << "), this =" << (void *)this;
 #endif
     d->q_ptr = this;
     d->init();
 }
 
 QSslSocket::~QSslSocket()
 {
     Q_D(QSslSocket);
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::~QSslSocket(), this =" << (void *)this;
 #endif
     delete d->plainSocket;
     d->plainSocket = 0;
 }
 
 void QSslSocket::connectToHostEncrypted(const QString &hostName, quint16 port, OpenMode mode)
 {
     Q_D(QSslSocket);
     if (d->state == ConnectedState || d->state == ConnectingState) {
         qWarning("QSslSocket::connectToHostEncrypted() called when already connecting/connected");
         return;
     }
 
     d->init();
     d->autoStartHandshake = true;
     d->initialized = true;
 
     // Note: When connecting to localhost, some platforms (e.g., HP-UX and some BSDs)
     // establish the connection immediately (i.e., first attempt).
     connectToHost(hostName, port, mode);
 }
 
 void QSslSocket::connectToHostEncrypted(const QString &hostName, quint16 port,
                                         const QString &sslPeerName, OpenMode mode)
 {
     Q_D(QSslSocket);
     if (d->state == ConnectedState || d->state == ConnectingState) {
         qWarning("QSslSocket::connectToHostEncrypted() called when already connecting/connected");
         return;
     }
 
     d->init();
     d->autoStartHandshake = true;
     d->initialized = true;
     d->verificationPeerName = sslPeerName;
 
     // Note: When connecting to localhost, some platforms (e.g., HP-UX and some BSDs)
     // establish the connection immediately (i.e., first attempt).
     connectToHost(hostName, port, mode);
 }
 
 bool QSslSocket::setSocketDescriptor(int socketDescriptor, SocketState state, OpenMode openMode)
 {
     Q_D(QSslSocket);
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::setSocketDescriptor(" << socketDescriptor << ','
              << state << ',' << openMode << ')';
 #endif
     if (!d->plainSocket)
         d->createPlainSocket(openMode);
     bool retVal = d->plainSocket->setSocketDescriptor(socketDescriptor, state, openMode);
     d->cachedSocketDescriptor = d->plainSocket->socketDescriptor();
     setSocketError(d->plainSocket->error());
     setSocketState(state);
     setOpenMode(openMode);
     setLocalPort(d->plainSocket->localPort());
     setLocalAddress(d->plainSocket->localAddress());
     setPeerPort(d->plainSocket->peerPort());
     setPeerAddress(d->plainSocket->peerAddress());
     setPeerName(d->plainSocket->peerName());
     return retVal;
 }
 
 void QSslSocket::setSocketOption(QAbstractSocket::SocketOption option, const QVariant &value)
 {
     Q_D(QSslSocket);
     if (d->plainSocket)
         d->plainSocket->setSocketOption(option, value);
 }
 
 QVariant QSslSocket::socketOption(QAbstractSocket::SocketOption option)
 {
     Q_D(QSslSocket);
     if (d->plainSocket)
         return d->plainSocket->socketOption(option);
     else
         return QVariant();
 }
 
 QSslSocket::SslMode QSslSocket::mode() const
 {
     Q_D(const QSslSocket);
     return d->mode;
 }
 
 bool QSslSocket::isEncrypted() const
 {
     Q_D(const QSslSocket);
     return d->connectionEncrypted;
 }
 
 QSsl::SslProtocol QSslSocket::protocol() const
 {
     Q_D(const QSslSocket);
     return d->configuration.protocol;
 }
 
 void QSslSocket::setProtocol(QSsl::SslProtocol protocol)
 {
     Q_D(QSslSocket);
     d->configuration.protocol = protocol;
 }
 
 QSslSocket::PeerVerifyMode QSslSocket::peerVerifyMode() const
 {
     Q_D(const QSslSocket);
     return d->configuration.peerVerifyMode;
 }
 
 void QSslSocket::setPeerVerifyMode(QSslSocket::PeerVerifyMode mode)
 {
     Q_D(QSslSocket);
     d->configuration.peerVerifyMode = mode;
 }
 
 int QSslSocket::peerVerifyDepth() const
 {
     Q_D(const QSslSocket);
     return d->configuration.peerVerifyDepth;
 }
 
 void QSslSocket::setPeerVerifyDepth(int depth)
 {
     Q_D(QSslSocket);
     if (depth < 0) {
         qWarning("QSslSocket::setPeerVerifyDepth: cannot set negative depth of %d", depth);
         return;
     }
     d->configuration.peerVerifyDepth = depth;
 }
 
 QString QSslSocket::peerVerifyName() const
 {
     Q_D(const QSslSocket);
     return d->verificationPeerName;
 }
 
 void QSslSocket::setPeerVerifyName(const QString &hostName)
 {
     Q_D(QSslSocket);
     d->verificationPeerName = hostName;
 }
 
 qint64 QSslSocket::bytesAvailable() const
 {
     Q_D(const QSslSocket);
     if (d->mode == UnencryptedMode)
         return QIODevice::bytesAvailable() + (d->plainSocket ? d->plainSocket->bytesAvailable() : 0);
     return QIODevice::bytesAvailable() + d->readBuffer.size();
 }
 
 qint64 QSslSocket::bytesToWrite() const
 {
     Q_D(const QSslSocket);
     if (d->mode == UnencryptedMode)
         return d->plainSocket ? d->plainSocket->bytesToWrite() : 0;
     return d->writeBuffer.size();
 }
 
 qint64 QSslSocket::encryptedBytesAvailable() const
 {
     Q_D(const QSslSocket);
     if (d->mode == UnencryptedMode)
         return 0;
     return d->plainSocket->bytesAvailable();
 }
 
 qint64 QSslSocket::encryptedBytesToWrite() const
 {
     Q_D(const QSslSocket);
     if (d->mode == UnencryptedMode)
         return 0;
     return d->plainSocket->bytesToWrite();
 }
 
 bool QSslSocket::canReadLine() const
 {
     Q_D(const QSslSocket);
     if (d->mode == UnencryptedMode)
         return QIODevice::canReadLine() || (d->plainSocket && d->plainSocket->canReadLine());
     return QIODevice::canReadLine() || (!d->readBuffer.isEmpty() && d->readBuffer.canReadLine());
 }
 
 void QSslSocket::close()
 {
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::close()";
 #endif
     Q_D(QSslSocket);
     if (d->plainSocket)
         d->plainSocket->close();
     QTcpSocket::close();
 
     // must be cleared, reading/writing not possible on closed socket:
     d->readBuffer.clear();
     d->writeBuffer.clear();
     // for QTcpSocket this is already done because it uses the readBuffer/writeBuffer
     // if the QIODevice it is based on
     // ### FIXME QSslSocket should probably do similar instead of having
     // its own readBuffer/writeBuffer
 }
 
 bool QSslSocket::atEnd() const
 {
     Q_D(const QSslSocket);
     if (d->mode == UnencryptedMode)
         return QIODevice::atEnd() && (!d->plainSocket || d->plainSocket->atEnd());
     return QIODevice::atEnd() && d->readBuffer.isEmpty();
 }
 
 // Note! docs copied from QAbstractSocket::flush()
 bool QSslSocket::flush()
 {
     Q_D(QSslSocket);
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::flush()";
 #endif
     if (d->mode != UnencryptedMode)
         // encrypt any unencrypted bytes in our buffer
         d->transmit();
 
     return d->plainSocket ? d->plainSocket->flush() : false;
 }
 
 void QSslSocket::setReadBufferSize(qint64 size)
 {
     Q_D(QSslSocket);
     d->readBufferMaxSize = size;
 
     if (d->plainSocket)
         d->plainSocket->setReadBufferSize(size);
 }
 
 void QSslSocket::abort()
 {
     Q_D(QSslSocket);
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::abort()";
 #endif
     if (d->plainSocket)
         d->plainSocket->abort();
     close();
 }
 
 QSslConfiguration QSslSocket::sslConfiguration() const
 {
     Q_D(const QSslSocket);
 
     // create a deep copy of our configuration
     QSslConfigurationPrivate *copy = new QSslConfigurationPrivate(d->configuration);
     copy->ref = 0;              // the QSslConfiguration constructor refs up
     copy->sessionCipher = d->sessionCipher();
 
     return QSslConfiguration(copy);
 }
 
 void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration)
 {
     Q_D(QSslSocket);
     d->configuration.localCertificate = configuration.localCertificate();
     d->configuration.privateKey = configuration.privateKey();
     d->configuration.ciphers = configuration.ciphers();
     d->configuration.caCertificates = configuration.caCertificates();
     d->configuration.peerVerifyDepth = configuration.peerVerifyDepth();
     d->configuration.peerVerifyMode = configuration.peerVerifyMode();
     d->configuration.protocol = configuration.protocol();
     d->configuration.sslOptions = configuration.d->sslOptions;
 
     // if the CA certificates were set explicitly (either via
     // QSslConfiguration::setCaCertificates() or QSslSocket::setCaCertificates(),
     // we cannot load the certificates on demand
     if (!configuration.d->allowRootCertOnDemandLoading)
         d->allowRootCertOnDemandLoading = false;
 }
 
 void QSslSocket::setLocalCertificate(const QSslCertificate &certificate)
 {
     Q_D(QSslSocket);
     d->configuration.localCertificate = certificate;
 }
 
 void QSslSocket::setLocalCertificate(const QString &path,
                                      QSsl::EncodingFormat format)
 {
     Q_D(QSslSocket);
     QFile file(path);
     if (file.open(QIODevice::ReadOnly | QIODevice::Text))
         d->configuration.localCertificate = QSslCertificate(file.readAll(), format);
 }
 
 QSslCertificate QSslSocket::localCertificate() const
 {
     Q_D(const QSslSocket);
     return d->configuration.localCertificate;
 }
 
 QSslCertificate QSslSocket::peerCertificate() const
 {
     Q_D(const QSslSocket);
     return d->configuration.peerCertificate;
 }
 
 QList<QSslCertificate> QSslSocket::peerCertificateChain() const
 {
     Q_D(const QSslSocket);
     return d->configuration.peerCertificateChain;
 }
 
 QSslCipher QSslSocket::sessionCipher() const
 {
     Q_D(const QSslSocket);
     return d->sessionCipher();
 }
 
 void QSslSocket::setPrivateKey(const QSslKey &key)
 {
     Q_D(QSslSocket);
     d->configuration.privateKey = key;
 }
 
 void QSslSocket::setPrivateKey(const QString &fileName, QSsl::KeyAlgorithm algorithm,
                                QSsl::EncodingFormat format, const QByteArray &passPhrase)
 {
     Q_D(QSslSocket);
     QFile file(fileName);
     if (file.open(QIODevice::ReadOnly)) {
         d->configuration.privateKey = QSslKey(file.readAll(), algorithm,
                                               format, QSsl::PrivateKey, passPhrase);
     }
 }
 
 QSslKey QSslSocket::privateKey() const
 {
     Q_D(const QSslSocket);
     return d->configuration.privateKey;
 }
 
 QList<QSslCipher> QSslSocket::ciphers() const
 {
     Q_D(const QSslSocket);
     return d->configuration.ciphers;
 }
 
 void QSslSocket::setCiphers(const QList<QSslCipher> &ciphers)
 {
     Q_D(QSslSocket);
     d->configuration.ciphers = ciphers;
 }
 
 void QSslSocket::setCiphers(const QString &ciphers)
 {
     Q_D(QSslSocket);
     d->configuration.ciphers.clear();
     foreach (const QString &cipherName, ciphers.split(QLatin1String(":"),QString::SkipEmptyParts)) {
         for (int i = 0; i < 3; ++i) {
             // ### Crude
             QSslCipher cipher(cipherName, QSsl::SslProtocol(i));
             if (!cipher.isNull())
                 d->configuration.ciphers << cipher;
         }
     }
 }
 
 void QSslSocket::setDefaultCiphers(const QList<QSslCipher> &ciphers)
 {
     QSslSocketPrivate::setDefaultCiphers(ciphers);
 }
 
 QList<QSslCipher> QSslSocket::defaultCiphers()
 {
     return QSslSocketPrivate::defaultCiphers();
 }
 
 QList<QSslCipher> QSslSocket::supportedCiphers()
 {
     return QSslSocketPrivate::supportedCiphers();
 }
 
 bool QSslSocket::addCaCertificates(const QString &path, QSsl::EncodingFormat format,
                                    QRegExp::PatternSyntax syntax)
 {
     Q_D(QSslSocket);
     QList<QSslCertificate> certs = QSslCertificate::fromPath(path, format, syntax);
     if (certs.isEmpty())
         return false;
 
     d->configuration.caCertificates += certs;
     return true;
 }
 
 void QSslSocket::addCaCertificate(const QSslCertificate &certificate)
 {
     Q_D(QSslSocket);
     d->configuration.caCertificates += certificate;
 }
 
 void QSslSocket::addCaCertificates(const QList<QSslCertificate> &certificates)
 {
     Q_D(QSslSocket);
     d->configuration.caCertificates += certificates;
 }
 
 void QSslSocket::setCaCertificates(const QList<QSslCertificate> &certificates)
 {
     Q_D(QSslSocket);
     d->configuration.caCertificates = certificates;
     d->allowRootCertOnDemandLoading = false;
 }
 
 QList<QSslCertificate> QSslSocket::caCertificates() const
 {
     Q_D(const QSslSocket);
     return d->configuration.caCertificates;
 }
 
 bool QSslSocket::addDefaultCaCertificates(const QString &path, QSsl::EncodingFormat encoding,
                                           QRegExp::PatternSyntax syntax)
 {
     return QSslSocketPrivate::addDefaultCaCertificates(path, encoding, syntax);
 }
 
 void QSslSocket::addDefaultCaCertificate(const QSslCertificate &certificate)
 {
     QSslSocketPrivate::addDefaultCaCertificate(certificate);
 }
 
 void QSslSocket::addDefaultCaCertificates(const QList<QSslCertificate> &certificates)
 {
     QSslSocketPrivate::addDefaultCaCertificates(certificates);
 }
 
 void QSslSocket::setDefaultCaCertificates(const QList<QSslCertificate> &certificates)
 {
     QSslSocketPrivate::setDefaultCaCertificates(certificates);
 }
 
 QList<QSslCertificate> QSslSocket::defaultCaCertificates()
 {
     return QSslSocketPrivate::defaultCaCertificates();
 }
 
 QList<QSslCertificate> QSslSocket::systemCaCertificates()
 {
     // we are calling ensureInitialized() in the method below
     return QSslSocketPrivate::systemCaCertificates();
 }
 
 bool QSslSocket::waitForConnected(int msecs)
 {
     Q_D(QSslSocket);
     if (!d->plainSocket)
         return false;
     bool retVal = d->plainSocket->waitForConnected(msecs);
     if (!retVal) {
         setSocketState(d->plainSocket->state());
         setSocketError(d->plainSocket->error());
         setErrorString(d->plainSocket->errorString());
     }
     return retVal;
 }
 
 bool QSslSocket::waitForEncrypted(int msecs)
 {
     Q_D(QSslSocket);
     if (!d->plainSocket || d->connectionEncrypted)
         return false;
     if (d->mode == UnencryptedMode && !d->autoStartHandshake)
         return false;
 
     QElapsedTimer stopWatch;
     stopWatch.start();
 
     if (d->plainSocket->state() != QAbstractSocket::ConnectedState) {
         // Wait until we've entered connected state.
         if (!d->plainSocket->waitForConnected(msecs))
             return false;
     }
 
     while (!d->connectionEncrypted) {
         // Start the handshake, if this hasn't been started yet.
         if (d->mode == UnencryptedMode)
             startClientEncryption();
         // Loop, waiting until the connection has been encrypted or an error
         // occurs.
         if (!d->plainSocket->waitForReadyRead(qt_timeout_value(msecs, stopWatch.elapsed())))
             return false;
     }
     return d->connectionEncrypted;
 }
 
 bool QSslSocket::waitForReadyRead(int msecs)
 {
     Q_D(QSslSocket);
     if (!d->plainSocket)
         return false;
     if (d->mode == UnencryptedMode && !d->autoStartHandshake)
         return d->plainSocket->waitForReadyRead(msecs);
 
     // This function must return true if and only if readyRead() *was* emitted.
     // So we initialize "readyReadEmitted" to false and check if it was set to true.
     // waitForReadyRead() could be called recursively, so we can't use the same variable
     // (the inner waitForReadyRead() may fail, but the outer one still succeeded)
     bool readyReadEmitted = false;
     bool *previousReadyReadEmittedPointer = d->readyReadEmittedPointer;
     d->readyReadEmittedPointer = &readyReadEmitted;
 
     QElapsedTimer stopWatch;
     stopWatch.start();
 
     if (!d->connectionEncrypted) {
         // Wait until we've entered encrypted mode, or until a failure occurs.
         if (!waitForEncrypted(msecs)) {
             d->readyReadEmittedPointer = previousReadyReadEmittedPointer;
             return false;
         }
     }
 
     if (!d->writeBuffer.isEmpty()) {
         // empty our cleartext write buffer first
         d->transmit();
     }
 
     // test readyReadEmitted first because either operation above
     // (waitForEncrypted or transmit) may have set it
     while (!readyReadEmitted &&
            d->plainSocket->waitForReadyRead(qt_timeout_value(msecs, stopWatch.elapsed()))) {
     }
 
     d->readyReadEmittedPointer = previousReadyReadEmittedPointer;
     return readyReadEmitted;
 }
 
 bool QSslSocket::waitForBytesWritten(int msecs)
 {
     Q_D(QSslSocket);
     if (!d->plainSocket)
         return false;
     if (d->mode == UnencryptedMode)
         return d->plainSocket->waitForBytesWritten(msecs);
 
     QElapsedTimer stopWatch;
     stopWatch.start();
 
     if (!d->connectionEncrypted) {
         // Wait until we've entered encrypted mode, or until a failure occurs.
         if (!waitForEncrypted(msecs))
             return false;
     }
     if (!d->writeBuffer.isEmpty()) {
         // empty our cleartext write buffer first
         d->transmit();
     }
 
     return d->plainSocket->waitForBytesWritten(qt_timeout_value(msecs, stopWatch.elapsed()));
 }
 
 bool QSslSocket::waitForDisconnected(int msecs)
 {
     Q_D(QSslSocket);
 
     // require calling connectToHost() before waitForDisconnected()
     if (state() == UnconnectedState) {
         qWarning("QSslSocket::waitForDisconnected() is not allowed in UnconnectedState");
         return false;
     }
 
     if (!d->plainSocket)
         return false;
     if (d->mode == UnencryptedMode)
         return d->plainSocket->waitForDisconnected(msecs);
 
     QElapsedTimer stopWatch;
     stopWatch.start();
 
     if (!d->connectionEncrypted) {
         // Wait until we've entered encrypted mode, or until a failure occurs.
         if (!waitForEncrypted(msecs))
             return false;
     }
     bool retVal = d->plainSocket->waitForDisconnected(qt_timeout_value(msecs, stopWatch.elapsed()));
     if (!retVal) {
         setSocketState(d->plainSocket->state());
         setSocketError(d->plainSocket->error());
         setErrorString(d->plainSocket->errorString());
     }
     return retVal;
 }
 
 QList<QSslError> QSslSocket::sslErrors() const
 {
     Q_D(const QSslSocket);
     return d->sslErrors;
 }
 
 bool QSslSocket::supportsSsl()
 {
     return QSslSocketPrivate::supportsSsl();
 }
 
 void QSslSocket::startClientEncryption()
 {
     Q_D(QSslSocket);
     if (d->mode != UnencryptedMode) {
         qWarning("QSslSocket::startClientEncryption: cannot start handshake on non-plain connection");
         return;
     }
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::startClientEncryption()";
 #endif
     d->mode = SslClientMode;
     emit modeChanged(d->mode);
     d->startClientEncryption();
 }
 
 void QSslSocket::startServerEncryption()
 {
     Q_D(QSslSocket);
     if (d->mode != UnencryptedMode) {
         qWarning("QSslSocket::startServerEncryption: cannot start handshake on non-plain connection");
         return;
     }
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::startServerEncryption()";
 #endif
     d->mode = SslServerMode;
     emit modeChanged(d->mode);
     d->startServerEncryption();
 }
 
 void QSslSocket::ignoreSslErrors()
 {
     Q_D(QSslSocket);
     d->ignoreAllSslErrors = true;
 }
 
 void QSslSocket::ignoreSslErrors(const QList<QSslError> &errors)
 {
     Q_D(QSslSocket);
     d->ignoreErrorsList = errors;
 }
 
 void QSslSocket::connectToHostImplementation(const QString &hostName, quint16 port,
                                              OpenMode openMode)
 {
     Q_D(QSslSocket);
     if (!d->initialized)
         d->init();
     d->initialized = false;
 
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::connectToHostImplementation("
              << hostName << ',' << port << ',' << openMode << ')';
 #endif
     if (!d->plainSocket) {
 #ifdef QSSLSOCKET_DEBUG
         qDebug() << "\tcreating internal plain socket";
 #endif
         d->createPlainSocket(openMode);
     }
 #ifndef QT_NO_NETWORKPROXY
     d->plainSocket->setProxy(proxy());
     //copy user agent down to the plain socket (if it has been set)
     d->plainSocket->setProperty("_q_user-agent", property("_q_user-agent"));
 #endif
     QIODevice::open(openMode);
     d->plainSocket->connectToHost(hostName, port, openMode);
     d->cachedSocketDescriptor = d->plainSocket->socketDescriptor();
 }
 
 void QSslSocket::disconnectFromHostImplementation()
 {
     Q_D(QSslSocket);
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::disconnectFromHostImplementation()";
 #endif
     if (!d->plainSocket)
         return;
     if (d->state == UnconnectedState)
         return;
     if (d->mode == UnencryptedMode && !d->autoStartHandshake) {
         d->plainSocket->disconnectFromHost();
         return;
     }
     if (d->state <= ConnectingState) {
         d->pendingClose = true;
         return;
     }
 
     // Perhaps emit closing()
     if (d->state != ClosingState) {
         d->state = ClosingState;
         emit stateChanged(d->state);
     }
 
     if (!d->writeBuffer.isEmpty())
         return;
 
     if (d->mode == UnencryptedMode) {
         d->plainSocket->disconnectFromHost();
     } else {
         d->disconnectFromHost();
     }
 }
 
 qint64 QSslSocket::readData(char *data, qint64 maxlen)
 {
     Q_D(QSslSocket);
     qint64 readBytes = 0;
 
     if (d->mode == UnencryptedMode && !d->autoStartHandshake) {
         readBytes = d->plainSocket->read(data, maxlen);
     } else {
         do {
             const char *readPtr = d->readBuffer.readPointer();
             int bytesToRead = qMin<int>(maxlen - readBytes, d->readBuffer.nextDataBlockSize());
             ::memcpy(data + readBytes, readPtr, bytesToRead);
             readBytes += bytesToRead;
             d->readBuffer.free(bytesToRead);
         } while (!d->readBuffer.isEmpty() && readBytes < maxlen);
     }
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::readData(" << (void *)data << ',' << maxlen << ") ==" << readBytes;
 #endif
 
     // possibly trigger another transmit() to decrypt more data from the socket
     if (d->readBuffer.isEmpty() && d->plainSocket->bytesAvailable())
         QMetaObject::invokeMethod(this, "_q_flushReadBuffer", Qt::QueuedConnection);
 
     return readBytes;
 }
 
 qint64 QSslSocket::writeData(const char *data, qint64 len)
 {
     Q_D(QSslSocket);
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::writeData(" << (void *)data << ',' << len << ')';
 #endif
     if (d->mode == UnencryptedMode && !d->autoStartHandshake)
         return d->plainSocket->write(data, len);
 
     char *writePtr = d->writeBuffer.reserve(len);
     ::memcpy(writePtr, data, len);
 
     // make sure we flush to the plain socket's buffer
     QMetaObject::invokeMethod(this, "_q_flushWriteBuffer", Qt::QueuedConnection);
 
     return len;
 }
 
 QSslSocketPrivate::QSslSocketPrivate()
     : initialized(false)
     , mode(QSslSocket::UnencryptedMode)
     , autoStartHandshake(false)
     , connectionEncrypted(false)
     , shutdown(false)
     , ignoreAllSslErrors(false)
     , readyReadEmittedPointer(0)
     , allowRootCertOnDemandLoading(true)
     , plainSocket(0)
 {
     QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
 }
 
 QSslSocketPrivate::~QSslSocketPrivate()
 {
 }
 
 void QSslSocketPrivate::init()
 {
     mode = QSslSocket::UnencryptedMode;
     autoStartHandshake = false;
     connectionEncrypted = false;
     ignoreAllSslErrors = false;
     shutdown = false;
 
     // we don't want to clear the ignoreErrorsList, so
     // that it is possible setting it before connecting
 //    ignoreErrorsList.clear();
 
     readBuffer.clear();
     writeBuffer.clear();
     configuration.peerCertificate.clear();
     configuration.peerCertificateChain.clear();
 }
 
 QList<QSslCipher> QSslSocketPrivate::defaultCiphers()
 {
     QMutexLocker locker(&globalData()->mutex);
     return globalData()->config->ciphers;
 }
 
 QList<QSslCipher> QSslSocketPrivate::supportedCiphers()
 {
     QSslSocketPrivate::ensureInitialized();
     QMutexLocker locker(&globalData()->mutex);
     return globalData()->supportedCiphers;
 }
 
 void QSslSocketPrivate::setDefaultCiphers(const QList<QSslCipher> &ciphers)
 {
     QMutexLocker locker(&globalData()->mutex);
     globalData()->config.detach();
     globalData()->config->ciphers = ciphers;
 }
 
 void QSslSocketPrivate::setDefaultSupportedCiphers(const QList<QSslCipher> &ciphers)
 {
     QMutexLocker locker(&globalData()->mutex);
     globalData()->config.detach();
     globalData()->supportedCiphers = ciphers;
 }
 
 QList<QSslCertificate> QSslSocketPrivate::defaultCaCertificates()
 {
     // ### Qt5: rename everything containing "caCertificates" to "rootCertificates" or similar
     QSslSocketPrivate::ensureInitialized();
     QMutexLocker locker(&globalData()->mutex);
     return globalData()->config->caCertificates;
 }
 
 void QSslSocketPrivate::setDefaultCaCertificates(const QList<QSslCertificate> &certs)
 {
     QSslSocketPrivate::ensureInitialized();
     QMutexLocker locker(&globalData()->mutex);
     globalData()->config.detach();
     globalData()->config->caCertificates = certs;
     // when the certificates are set explicitly, we do not want to
     // load the system certificates on demand
     s_loadRootCertsOnDemand = false;
 }
 
 bool QSslSocketPrivate::addDefaultCaCertificates(const QString &path, QSsl::EncodingFormat format,
                                                  QRegExp::PatternSyntax syntax)
 {
     QSslSocketPrivate::ensureInitialized();
     QList<QSslCertificate> certs = QSslCertificate::fromPath(path, format, syntax);
     if (certs.isEmpty())
         return false;
 
     QMutexLocker locker(&globalData()->mutex);
     globalData()->config.detach();
     globalData()->config->caCertificates += certs;
     return true;
 }
 
 void QSslSocketPrivate::addDefaultCaCertificate(const QSslCertificate &cert)
 {
     QSslSocketPrivate::ensureInitialized();
     QMutexLocker locker(&globalData()->mutex);
     globalData()->config.detach();
     globalData()->config->caCertificates += cert;
 }
 
 void QSslSocketPrivate::addDefaultCaCertificates(const QList<QSslCertificate> &certs)
 {
     QSslSocketPrivate::ensureInitialized();
     QMutexLocker locker(&globalData()->mutex);
     globalData()->config.detach();
     globalData()->config->caCertificates += certs;
 }
 
 QSslConfiguration QSslConfigurationPrivate::defaultConfiguration()
 {
     QSslSocketPrivate::ensureInitialized();
     QMutexLocker locker(&globalData()->mutex);
     return QSslConfiguration(globalData()->config.data());
 }
 
 void QSslConfigurationPrivate::setDefaultConfiguration(const QSslConfiguration &configuration)
 {
     QSslSocketPrivate::ensureInitialized();
     QMutexLocker locker(&globalData()->mutex);
     if (globalData()->config == configuration.d)
         return;                 // nothing to do
 
     globalData()->config = const_cast<QSslConfigurationPrivate*>(configuration.d.constData());
 }
 
 void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPrivate *ptr)
 {
     QSslSocketPrivate::ensureInitialized();
     QMutexLocker locker(&globalData()->mutex);
     const QSslConfigurationPrivate *global = globalData()->config.constData();
 
     if (!global) {
         ptr = 0;
         return;
     }
 
     ptr->ref = 1;
     ptr->peerCertificate = global->peerCertificate;
     ptr->peerCertificateChain = global->peerCertificateChain;
     ptr->localCertificate = global->localCertificate;
     ptr->privateKey = global->privateKey;
     ptr->sessionCipher = global->sessionCipher;
     ptr->ciphers = global->ciphers;
     ptr->caCertificates = global->caCertificates;
     ptr->protocol = global->protocol;
     ptr->peerVerifyMode = global->peerVerifyMode;
     ptr->peerVerifyDepth = global->peerVerifyDepth;
     ptr->sslOptions = global->sslOptions;
 }
 
 void QSslSocketPrivate::createPlainSocket(QIODevice::OpenMode openMode)
 {
     Q_Q(QSslSocket);
     q->setOpenMode(openMode); // <- from QIODevice
     q->setSocketState(QAbstractSocket::UnconnectedState);
     q->setSocketError(QAbstractSocket::UnknownSocketError);
     q->setLocalPort(0);
     q->setLocalAddress(QHostAddress());
     q->setPeerPort(0);
     q->setPeerAddress(QHostAddress());
     q->setPeerName(QString());
 
     plainSocket = new QTcpSocket(q);
 #ifndef QT_NO_BEARERMANAGEMENT
     //copy network session down to the plain socket (if it has been set)
     plainSocket->setProperty("_q_networksession", q->property("_q_networksession"));
 #endif
     q->connect(plainSocket, SIGNAL(connected()),
                q, SLOT(_q_connectedSlot()),
                Qt::DirectConnection);
     q->connect(plainSocket, SIGNAL(hostFound()),
                q, SLOT(_q_hostFoundSlot()),
                Qt::DirectConnection);
     q->connect(plainSocket, SIGNAL(disconnected()),
                q, SLOT(_q_disconnectedSlot()),
                Qt::DirectConnection);
     q->connect(plainSocket, SIGNAL(stateChanged(QAbstractSocket::SocketState)),
                q, SLOT(_q_stateChangedSlot(QAbstractSocket::SocketState)),
                Qt::DirectConnection);
     q->connect(plainSocket, SIGNAL(error(QAbstractSocket::SocketError)),
                q, SLOT(_q_errorSlot(QAbstractSocket::SocketError)),
                Qt::DirectConnection);
     q->connect(plainSocket, SIGNAL(readyRead()),
                q, SLOT(_q_readyReadSlot()),
                Qt::DirectConnection);
     q->connect(plainSocket, SIGNAL(bytesWritten(qint64)),
                q, SLOT(_q_bytesWrittenSlot(qint64)),
                Qt::DirectConnection);
 #ifndef QT_NO_NETWORKPROXY
     q->connect(plainSocket, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)),
                q, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)));
 #endif
 
     readBuffer.clear();
     writeBuffer.clear();
     connectionEncrypted = false;
     configuration.peerCertificate.clear();
     configuration.peerCertificateChain.clear();
     mode = QSslSocket::UnencryptedMode;
     q->setReadBufferSize(readBufferMaxSize);
 }
 
 void QSslSocketPrivate::pauseSocketNotifiers(QSslSocket *socket)
 {
     if (!socket->d_func()->plainSocket)
         return;
     QAbstractSocketPrivate::pauseSocketNotifiers(socket->d_func()->plainSocket);
 }
 
 void QSslSocketPrivate::resumeSocketNotifiers(QSslSocket *socket)
 {
     if (!socket->d_func()->plainSocket)
         return;
     QAbstractSocketPrivate::resumeSocketNotifiers(socket->d_func()->plainSocket);
 }
 
 void QSslSocketPrivate::_q_connectedSlot()
 {
     Q_Q(QSslSocket);
     q->setLocalPort(plainSocket->localPort());
     q->setLocalAddress(plainSocket->localAddress());
     q->setPeerPort(plainSocket->peerPort());
     q->setPeerAddress(plainSocket->peerAddress());
     q->setPeerName(plainSocket->peerName());
     cachedSocketDescriptor = plainSocket->socketDescriptor();
 
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::_q_connectedSlot()";
     qDebug() << "\tstate =" << q->state();
     qDebug() << "\tpeer =" << q->peerName() << q->peerAddress() << q->peerPort();
     qDebug() << "\tlocal =" << QHostInfo::fromName(q->localAddress().toString()).hostName()
              << q->localAddress() << q->localPort();
 #endif
     emit q->connected();
 
     if (autoStartHandshake) {
         q->startClientEncryption();
     } else if (pendingClose) {
         pendingClose = false;
         q->disconnectFromHost();
     }
 }
 
 void QSslSocketPrivate::_q_hostFoundSlot()
 {
     Q_Q(QSslSocket);
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::_q_hostFoundSlot()";
     qDebug() << "\tstate =" << q->state();
 #endif
     emit q->hostFound();
 }
 
 void QSslSocketPrivate::_q_disconnectedSlot()
 {
     Q_Q(QSslSocket);
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::_q_disconnectedSlot()";
     qDebug() << "\tstate =" << q->state();
 #endif
     disconnected();
     emit q->disconnected();
 }
 
 void QSslSocketPrivate::_q_stateChangedSlot(QAbstractSocket::SocketState state)
 {
     Q_Q(QSslSocket);
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::_q_stateChangedSlot(" << state << ')';
 #endif
     q->setSocketState(state);
     emit q->stateChanged(state);
 }
 
 void QSslSocketPrivate::_q_errorSlot(QAbstractSocket::SocketError error)
 {
     Q_Q(QSslSocket);
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::_q_errorSlot(" << error << ')';
     qDebug() << "\tstate =" << q->state();
     qDebug() << "\terrorString =" << q->errorString();
 #endif
     q->setSocketError(plainSocket->error());
     q->setErrorString(plainSocket->errorString());
     emit q->error(error);
 }
 
 void QSslSocketPrivate::_q_readyReadSlot()
 {
     Q_Q(QSslSocket);
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::_q_readyReadSlot() -" << plainSocket->bytesAvailable() << "bytes available";
 #endif
     if (mode == QSslSocket::UnencryptedMode) {
         if (readyReadEmittedPointer)
             *readyReadEmittedPointer = true;
         emit q->readyRead();
         return;
     }
 
     transmit();
 }
 
 void QSslSocketPrivate::_q_bytesWrittenSlot(qint64 written)
 {
     Q_Q(QSslSocket);
 #ifdef QSSLSOCKET_DEBUG
     qDebug() << "QSslSocket::_q_bytesWrittenSlot(" << written << ')';
 #endif
 
     if (mode == QSslSocket::UnencryptedMode)
         emit q->bytesWritten(written);
     else
         emit q->encryptedBytesWritten(written);
     if (state == QAbstractSocket::ClosingState && writeBuffer.isEmpty())
         q->disconnectFromHost();
 }
 
 void QSslSocketPrivate::_q_flushWriteBuffer()
 {
     Q_Q(QSslSocket);
     if (!writeBuffer.isEmpty())
         q->flush();
 }
 
 void QSslSocketPrivate::_q_flushReadBuffer()
 {
     // trigger a read from the plainSocket into SSL
     if (mode != QSslSocket::UnencryptedMode)
         transmit();
 }
 
 qint64 QSslSocketPrivate::peek(char *data, qint64 maxSize)
 {
     if (mode == QSslSocket::UnencryptedMode && !autoStartHandshake) {
         //unencrypted mode - do not use QIODevice::peek, as it reads ahead data from the plain socket
         //peek at data already in the QIODevice buffer (from a previous read)
         qint64 r = buffer.peek(data, maxSize);
         if (r == maxSize)
             return r;
         data += r;
         //peek at data in the plain socket
         if (plainSocket) {
             qint64 r2 = plainSocket->peek(data, maxSize - r);
             if (r2 < 0)
                 return (r > 0 ? r : r2);
             return r + r2;
         } else {
             return -1;
         }
     } else {
         //encrypted mode - the socket engine will read and decrypt data into the QIODevice buffer
         return QTcpSocketPrivate::peek(data, maxSize);
     }
 }
 
 QByteArray QSslSocketPrivate::peek(qint64 maxSize)
 {
     if (mode == QSslSocket::UnencryptedMode && !autoStartHandshake) {
         //unencrypted mode - do not use QIODevice::peek, as it reads ahead data from the plain socket
         //peek at data already in the QIODevice buffer (from a previous read)
         QByteArray ret;
         ret.reserve(maxSize);
         ret.resize(buffer.peek(ret.data(), maxSize));
         if (ret.length() == maxSize)
             return ret;
         //peek at data in the plain socket
         if (plainSocket)
             return ret + plainSocket->peek(maxSize - ret.length());
         else
             return QByteArray();
     } else {
         //encrypted mode - the socket engine will read and decrypt data into the QIODevice buffer
         return QTcpSocketPrivate::peek(maxSize);
     }
 }
 
 bool QSslSocketPrivate::rootCertOnDemandLoadingSupported()
 {
     return s_loadRootCertsOnDemand;
 }
 
 QList<QByteArray> QSslSocketPrivate::unixRootCertDirectories()
 {
     return QList<QByteArray>() <<  "/etc/ssl/certs/" // (K)ubuntu, OpenSUSE, Mandriva, MeeGo ...
                                << "/usr/lib/ssl/certs/" // Gentoo, Mandrake
                                << "/usr/share/ssl/" // Centos, Redhat, SuSE
                                << "/usr/local/ssl/" // Normal OpenSSL Tarball
                                << "/var/ssl/certs/" // AIX
                                << "/usr/local/ssl/certs/" // Solaris
                                << "/etc/openssl/certs/" // BlackBerry
                                << "/opt/openssl/certs/"; // HP-UX
 }
 
 QT_END_NAMESPACE
 
 // For private slots
 #define d d_ptr
 #include "moc_qsslsocket.cpp"