[Development] Update on iOS / SSL implementation

Jeremy Lainé jeremy.laine at m4x.org
Tue Aug 5 14:29:27 CEST 2014


I have unfortunately had to put my work on iOS / SSL support on hold for
now as:

- the effort to polish my changes for production use is too big to
complete on my free time

- I am self employed, so I need to focus on actual paid work during
working hours

Nevertheless, I have followed Richard Moore's suggestion to put the work
in progress up on gerrit, so here it is:

https://codereview.qt-project.org/91505

If anyone wants to pick up where I left off, you are very welcome!
Alternatively I am open to suggestions if anyone would care to sponsor
further work on iOS / SSL support.

Cheers,
Jeremy

On 05/30/2014 12:20 AM, Richard Moore wrote:
> What Jeremy has done here is fantastic. My estimate when I was
> previously asked how hard it was to write a new backend to the SSL
> support was approximately a man month given a developer who already
> knew the subject area. I'm extremely please that someone has been
> willing to make this investment in time, effort and given the nature
> of SSL/TLS sheer frustration. Thank you.
>
> Not having a Mac, I can't test this, but I'll have a long look over
> the code and see what I can do to help get this integrated.
>
> Rich.
>
>
>
>
>
> On 29 May 2014 18:26, Jeremy Lainé <jeremy.laine at m4x.org
> <mailto:jeremy.laine at m4x.org>> wrote:
>
>     A while back I posted some proof of concept code to show what an
>     implementation of QSslSocket might look like using Secure
>     Transport.  I
>     have continued along these lines, and wanted to keep you updated.
>
>
>     1. GENERAL
>
>     Apple's Secure Transport API is available both on OS X and iOS. As
>     I do
>     not have a iDevice, I have been developing on OS X exclusively, but
>     making sure the methods I use are available on iOS (iOS only has a
>     subset of OS X's capabilities).
>
>     Secure Transport API:
>
>     - provides close to nothing for manipulating certificates / keys => I
>     had to write a minimal (DER-only) ASN.1 parser
>
>     - only accepts certificates + keys .. in PKCS#12 form => I had some
>     write some ASN.1 serialisation code, and a lot of PKCS#12 code (I
>     absolutely hate that standard by now)
>
>
>     2. WHAT WORKS
>
>     I am now getting to the point where a lot unit tests are passing.
>
>     - QSslSocket works in client and in server mode
>
>     - QSslCertificate works, with no external dependencies
>
>     - QSslKey : ditto
>
>
>     What still needs work:
>
>      - the build system needs to be updated to allow building the SSL
>     classes, even when OpenSSL is not found
>
>      - QSslCertificate::isSelfSigned needs implementing
>
>      - QSslKey : serializing to a password-protected PEM does not work yet
>
>      - there is some duplicated code between the OpenSSL and Secure
>     Transport backends
>
>      - QSslConfiguration : no work done yet
>
>
>     3. HOW TO GET IT
>
>     As previously stated, my current work has been on OS X only, not
>     actual
>     iOS devices.
>
>     1/ Checkout the qssl-ios branch from
>     https://qt.gitorious.org/qt/sharkys-qtbase on a OS X machine
>
>     2/ Apply the attached patch to fix / disable some QSslSocket unit
>     tests
>
>     3/ Build it
>
>     4/ Run some unit tests
>
>     5/ Help fix the errors :)
>
>
>     Cheers,
>     Jeremy
>
>
>     PS: no unfortunately I cannot make it to the contributor summit
>
>     _______________________________________________
>     Development mailing list
>     Development at qt-project.org <mailto:Development at qt-project.org>
>     http://lists.qt-project.org/mailman/listinfo/development
>
>
>
>
> _______________________________________________
> Development mailing list
> Development at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20140805/cc7e4a15/attachment.html>


More information about the Development mailing list