summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksey Lysenko <lysenkoalexmail@gmail.com>2016-12-16 15:57:26 +0200
committerAleksey Lysenko <lysenkoalexmail@gmail.com>2016-12-16 19:41:20 +0000
commit503a1353dcf23f8a5fcb8a2c79d55f707e75cf33 (patch)
treef91f24456a29b3b6e845933eae07733c18586a84
parenta5c85e3250a10a8e23ce15f9a6811136f6bb23fd (diff)
downloadqtwebsockets-503a1353dcf23f8a5fcb8a2c79d55f707e75cf33.tar.gz
Fixed wrong scheme for secure websocket
Websocket server always constructed QWebSocketHandshakeRequest like for non-secure socket without checking SecureMode. This led to the fact that secure socket had "ws" scheme. Task-number: QTBUG-55927 Change-Id: I881766f55182136072fd23f3fefe93ea60f3d27d Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
-rw-r--r--src/websockets/qwebsocketserver_p.cpp2
-rw-r--r--tests/auto/websockets/qwebsocketserver/qwebsocketserver.pro2
-rw-r--r--tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp56
-rw-r--r--tests/auto/websockets/shared/localhost.cert18
-rw-r--r--tests/auto/websockets/shared/localhost.key27
-rw-r--r--tests/auto/websockets/shared/qwebsocketshared.qrc6
6 files changed, 110 insertions, 1 deletions
diff --git a/src/websockets/qwebsocketserver_p.cpp b/src/websockets/qwebsocketserver_p.cpp
index 3bf6d68..d675056 100644
--- a/src/websockets/qwebsocketserver_p.cpp
+++ b/src/websockets/qwebsocketserver_p.cpp
@@ -435,7 +435,7 @@ void QWebSocketServerPrivate::handshakeReceived()
this, &QWebSocketServerPrivate::handshakeReceived);
Q_Q(QWebSocketServer);
bool success = false;
- bool isSecure = false;
+ bool isSecure = (m_secureMode == SecureMode);
if (m_pendingConnections.length() >= maxPendingConnections()) {
pTcpSocket->close();
diff --git a/tests/auto/websockets/qwebsocketserver/qwebsocketserver.pro b/tests/auto/websockets/qwebsocketserver/qwebsocketserver.pro
index adba325..e166f50 100644
--- a/tests/auto/websockets/qwebsocketserver/qwebsocketserver.pro
+++ b/tests/auto/websockets/qwebsocketserver/qwebsocketserver.pro
@@ -10,3 +10,5 @@ TEMPLATE = app
SOURCES += tst_qwebsocketserver.cpp
+RESOURCES += $$PWD/../shared/qwebsocketshared.qrc
+
diff --git a/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp b/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp
index 699939f..7f2bfa4 100644
--- a/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp
+++ b/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp
@@ -32,6 +32,9 @@
#include <QtNetwork/qsslpresharedkeyauthenticator.h>
#include <QtNetwork/qsslcipher.h>
#endif
+#ifndef QT_NO_SSL
+#include <QtNetwork/qsslkey.h>
+#endif
#include <QtWebSockets/QWebSocketServer>
#include <QtWebSockets/QWebSocket>
#include <QtWebSockets/QWebSocketCorsAuthenticator>
@@ -106,6 +109,7 @@ private Q_SLOTS:
void tst_preSharedKey();
void tst_maxPendingConnections();
void tst_serverDestroyedWhileSocketConnected();
+ void tst_scheme(); // qtbug-55927
};
tst_QWebSocketServer::tst_QWebSocketServer()
@@ -507,6 +511,58 @@ void tst_QWebSocketServer::tst_serverDestroyedWhileSocketConnected()
QCOMPARE(socketDisconnectedSpy.count(), 1);
}
+void tst_QWebSocketServer::tst_scheme()
+{
+ QWebSocketServer plainServer(QString(), QWebSocketServer::NonSecureMode);
+ QSignalSpy plainServerConnectionSpy(&plainServer, SIGNAL(newConnection()));
+
+ QVERIFY(plainServer.listen());
+
+ QWebSocket plainSocket;
+ plainSocket.open(plainServer.serverUrl().toString());
+
+ if (plainServerConnectionSpy.count() == 0)
+ QVERIFY(plainServerConnectionSpy.wait());
+ QScopedPointer<QWebSocket> plainServerSocket(plainServer.nextPendingConnection());
+ QVERIFY(!plainServerSocket.isNull());
+ QCOMPARE(plainServerSocket->requestUrl().scheme(), QStringLiteral("ws"));
+ plainServer.close();
+
+#ifndef QT_NO_SSL
+ QWebSocketServer secureServer(QString(), QWebSocketServer::SecureMode);
+ QSslConfiguration sslConfiguration;
+ QFile certFile(QStringLiteral(":/localhost.cert"));
+ QFile keyFile(QStringLiteral(":/localhost.key"));
+ QVERIFY(certFile.open(QIODevice::ReadOnly));
+ QVERIFY(keyFile.open(QIODevice::ReadOnly));
+ QSslCertificate certificate(&certFile, QSsl::Pem);
+ QSslKey sslKey(&keyFile, QSsl::Rsa, QSsl::Pem);
+ certFile.close();
+ keyFile.close();
+ sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);
+ sslConfiguration.setLocalCertificate(certificate);
+ sslConfiguration.setPrivateKey(sslKey);
+ sslConfiguration.setProtocol(QSsl::TlsV1SslV3);
+ secureServer.setSslConfiguration(sslConfiguration);
+ QSignalSpy secureServerConnectionSpy(&secureServer, SIGNAL(newConnection()));
+
+ QVERIFY(secureServer.listen());
+
+ QWebSocket secureSocket;
+ typedef void (QWebSocket::* ignoreSslErrorsSlot)();
+ connect(&secureSocket, &QWebSocket::sslErrors,
+ &secureSocket, static_cast<ignoreSslErrorsSlot>(&QWebSocket::ignoreSslErrors));
+ secureSocket.open(secureServer.serverUrl().toString());
+
+ if (secureServerConnectionSpy.count() == 0)
+ QVERIFY(secureServerConnectionSpy.wait());
+ QScopedPointer<QWebSocket> secureServerSocket(secureServer.nextPendingConnection());
+ QVERIFY(!secureServerSocket.isNull());
+ QCOMPARE(secureServerSocket->requestUrl().scheme(), QStringLiteral("wss"));
+ secureServer.close();
+#endif
+}
+
QTEST_MAIN(tst_QWebSocketServer)
#include "tst_qwebsocketserver.moc"
diff --git a/tests/auto/websockets/shared/localhost.cert b/tests/auto/websockets/shared/localhost.cert
new file mode 100644
index 0000000..7aa33a1
--- /dev/null
+++ b/tests/auto/websockets/shared/localhost.cert
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+zCCAeOgAwIBAgIJAP26rumH9qOkMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV
+BAMMCWxvY2FsaG9zdDAeFw0xMzExMDYxNjU4NTRaFw0yMzExMDQxNjU4NTRaMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALgagHqEqWr4WH+MFBQE+BWZri5UUn/QPORN2pUB1lWMzeDCM5YMc/D1dhUG
+7zg5I9QO5Ut1YcoVO25OAseddgVaIFXPNyEG2nUTz53xx3pyqp3WtQkYCRAQzI8K
+IFIzBSD+nJNl+8gBld7Fe+4d8bFCwfXspQBJ2RY8SQ6tjRFVKHN7haLsD+WV3AFg
+siWkCxeXxVLNI69cuLwV7bEsv6U1N1yNROvRpu4yJcaNnu36kJFbORPhNfy6qJGX
+i0A30dYdMoLhtCN3Qf/XwGyS84Rs2XXduNlBdUgbpluY2r2x3Gz32hIwsHHcPzX6
+O9nwVPQ8k29lfC8yPmAWA9vPiBUCAwEAAaNQME4wHQYDVR0OBBYEFJZESCN01tY3
+MgXxmqiUBNPxsgiKMB8GA1UdIwQYMBaAFJZESCN01tY3MgXxmqiUBNPxsgiKMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHylCJYED9PqLB9FE4A0CRfy
+BdxIqOK+UExxxkU1DeN7kM4U2+E0G85nqBLOL34BDj8LDKJH9WC7L9jMV8T3Upbg
++RrTGiIcyjsL18L2KWeOia1R6VVAQcZrqoWv+QXyVvIi8IpTOE074C6+Vzx6XYMe
+CpW4jcdfmn39oVeMXxz9+8wD7CWeCT+SMj8tt+OB1XjQwdEG03vb6ArtnuJT77VI
+3I090OtKksBE5hy1H9N2E3wxhFTxC+DI5sc7Bj87v3blL4Z3DvRUEHwQHcDccQ0D
+ERUEcSyn1YGSlDVbVf3CzH4WXxddUBmaSHf4JTuAMy0C0A6IWuMP+rVVvVMIXNM=
+-----END CERTIFICATE-----
diff --git a/tests/auto/websockets/shared/localhost.key b/tests/auto/websockets/shared/localhost.key
new file mode 100644
index 0000000..dcc262c
--- /dev/null
+++ b/tests/auto/websockets/shared/localhost.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAuBqAeoSpavhYf4wUFAT4FZmuLlRSf9A85E3alQHWVYzN4MIz
+lgxz8PV2FQbvODkj1A7lS3VhyhU7bk4Cx512BVogVc83IQbadRPPnfHHenKqnda1
+CRgJEBDMjwogUjMFIP6ck2X7yAGV3sV77h3xsULB9eylAEnZFjxJDq2NEVUoc3uF
+ouwP5ZXcAWCyJaQLF5fFUs0jr1y4vBXtsSy/pTU3XI1E69Gm7jIlxo2e7fqQkVs5
+E+E1/LqokZeLQDfR1h0yguG0I3dB/9fAbJLzhGzZdd242UF1SBumW5javbHcbPfa
+EjCwcdw/Nfo72fBU9DyTb2V8LzI+YBYD28+IFQIDAQABAoIBADADmWZamuSvCEWb
+ftEJyrm3btneW/XBlV/lfhBGfmOpaTgo7dNARCyfl8A8Ir+DB3kSuXJIlsxhZTKL
+XeY5hsI2kyBN/o66ftbx57/FgsTIiv7HNEe+4P4zo2Xaujs12yyTuromatfqse97
+iaq8XIBibLt6kD3XBKrr5hHR6WyPW9F7sM91e/1OGTXBt9URvnnHqcimJ8Wvto5p
+SMFlud8JXMmARhWaIfqQIcNYmNEHea0LfOZVerTOPE7IZd5coM91mr71lzoxs9Ik
+bRMbqgyAMXEJV3ynEH2LjjJZo1bVb8Va45QqqOQ4FtL46n1Z+EVUXyhCHGepwyOv
+uAru0wECgYEA3CnM252417At+N9Zq4KtBJ8tIEXKqvK1Bl5aZSqaJClywjCttR2l
+lRAlIRAmqHCQuxLDDfLfiJh6xgZsjr4MhksuyKc7DKssfWW+XCd+5GaaMoMvJXhs
+caJdhNSHzpnLPi++tJBYHwHa354D5PJ3eItzLkmuVyhmc3plNbkBGLECgYEA1hIX
+mA9KadVG9VkaDci+xo1p0ACb5ccHAvmA8+fzb0H09yKw5bCSpNGeHj4Qv5ZFqsUm
+96NWYEB38ezupWqWMFd9zr1kD2s3r6Kpq1TS6xuDPapyiXaKpcH1ys7IWZkinCkN
+oxhPHcQbFu9/CN2zIVFKvF5P98Rh0+wO7fgL/qUCgYAyleAd7cVUuYQ2lIrz31iF
+oVUq/x4r3Qw+5Fr8t6cm++cEO08OODudXlJJoH5hYUu/z/XFNLKrne1Hpp42xe/2
+wzuCmvn0VTgpr8DnR6PeMrznMkEY6Oxxx46ZQIPbsnaCWVIGBsxYg4KYsqPObO+K
+YPAcCI3oNL4ldk/e4h0gYQKBgHm+4FxClfeKrEhs3DxqptUVJ9B8CC2t+3bdn1EX
+4YKs6DyFJkX7HetOq7ZXZf8P3583cOn1ovIquAyGy1KYQ8JKf+pMG9QJDip9QDGI
+lEvR4dn4ThuPp1qN7NPitl7+kIhvcKoI8TXkieOJYZ4ROAcCzJZErQYkUd7MqdD8
++RVhAoGAcWC9HRDhxjs4shaBlYi8Lfp3dV4f/4UgYosdFAZ26atwHz+sCLHwwg1j
+6t5Zxy9oEB89S5v5hkgO8//JmopvISSokdvocASMdKE+OmS3JfBmhQK9qVBW/vv/
+ut2bhPjEzIJyNFKX3xnGI8PREcR2eY+WLhIZ5KiR61tGpktJ4bg=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/auto/websockets/shared/qwebsocketshared.qrc b/tests/auto/websockets/shared/qwebsocketshared.qrc
new file mode 100644
index 0000000..513a87f
--- /dev/null
+++ b/tests/auto/websockets/shared/qwebsocketshared.qrc
@@ -0,0 +1,6 @@
+<RCC>
+ <qresource prefix="/">
+ <file>localhost.cert</file>
+ <file>localhost.key</file>
+ </qresource>
+</RCC>