[Development] Update on iOS / SSL implementation
Jeremy Lainé
jeremy.laine at m4x.org
Tue Aug 5 14:29:27 CEST 2014
I have unfortunately had to put my work on iOS / SSL support on hold for
now as:
- the effort to polish my changes for production use is too big to
complete on my free time
- I am self employed, so I need to focus on actual paid work during
working hours
Nevertheless, I have followed Richard Moore's suggestion to put the work
in progress up on gerrit, so here it is:
https://codereview.qt-project.org/91505
If anyone wants to pick up where I left off, you are very welcome!
Alternatively I am open to suggestions if anyone would care to sponsor
further work on iOS / SSL support.
Cheers,
Jeremy
On 05/30/2014 12:20 AM, Richard Moore wrote:
> What Jeremy has done here is fantastic. My estimate when I was
> previously asked how hard it was to write a new backend to the SSL
> support was approximately a man month given a developer who already
> knew the subject area. I'm extremely please that someone has been
> willing to make this investment in time, effort and given the nature
> of SSL/TLS sheer frustration. Thank you.
>
> Not having a Mac, I can't test this, but I'll have a long look over
> the code and see what I can do to help get this integrated.
>
> Rich.
>
>
>
>
>
> On 29 May 2014 18:26, Jeremy Lainé <jeremy.laine at m4x.org
> <mailto:jeremy.laine at m4x.org>> wrote:
>
> A while back I posted some proof of concept code to show what an
> implementation of QSslSocket might look like using Secure
> Transport. I
> have continued along these lines, and wanted to keep you updated.
>
>
> 1. GENERAL
>
> Apple's Secure Transport API is available both on OS X and iOS. As
> I do
> not have a iDevice, I have been developing on OS X exclusively, but
> making sure the methods I use are available on iOS (iOS only has a
> subset of OS X's capabilities).
>
> Secure Transport API:
>
> - provides close to nothing for manipulating certificates / keys => I
> had to write a minimal (DER-only) ASN.1 parser
>
> - only accepts certificates + keys .. in PKCS#12 form => I had some
> write some ASN.1 serialisation code, and a lot of PKCS#12 code (I
> absolutely hate that standard by now)
>
>
> 2. WHAT WORKS
>
> I am now getting to the point where a lot unit tests are passing.
>
> - QSslSocket works in client and in server mode
>
> - QSslCertificate works, with no external dependencies
>
> - QSslKey : ditto
>
>
> What still needs work:
>
> - the build system needs to be updated to allow building the SSL
> classes, even when OpenSSL is not found
>
> - QSslCertificate::isSelfSigned needs implementing
>
> - QSslKey : serializing to a password-protected PEM does not work yet
>
> - there is some duplicated code between the OpenSSL and Secure
> Transport backends
>
> - QSslConfiguration : no work done yet
>
>
> 3. HOW TO GET IT
>
> As previously stated, my current work has been on OS X only, not
> actual
> iOS devices.
>
> 1/ Checkout the qssl-ios branch from
> https://qt.gitorious.org/qt/sharkys-qtbase on a OS X machine
>
> 2/ Apply the attached patch to fix / disable some QSslSocket unit
> tests
>
> 3/ Build it
>
> 4/ Run some unit tests
>
> 5/ Help fix the errors :)
>
>
> Cheers,
> Jeremy
>
>
> PS: no unfortunately I cannot make it to the contributor summit
>
> _______________________________________________
> Development mailing list
> Development at qt-project.org <mailto:Development at qt-project.org>
> http://lists.qt-project.org/mailman/listinfo/development
>
>
>
>
> _______________________________________________
> Development mailing list
> Development at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20140805/cc7e4a15/attachment.html>
More information about the Development
mailing list