[Development] Update on iOS / SSL implementation

Jeremy Lainé jeremy.laine at m4x.org
Thu May 29 19:26:51 CEST 2014 

A while back I posted some proof of concept code to show what an
implementation of QSslSocket might look like using Secure Transport.  I
have continued along these lines, and wanted to keep you updated.


1. GENERAL

Apple's Secure Transport API is available both on OS X and iOS. As I do
not have a iDevice, I have been developing on OS X exclusively, but
making sure the methods I use are available on iOS (iOS only has a
subset of OS X's capabilities).

Secure Transport API:

- provides close to nothing for manipulating certificates / keys => I
had to write a minimal (DER-only) ASN.1 parser

- only accepts certificates + keys .. in PKCS#12 form => I had some
write some ASN.1 serialisation code, and a lot of PKCS#12 code (I
absolutely hate that standard by now)


2. WHAT WORKS

I am now getting to the point where a lot unit tests are passing.

- QSslSocket works in client and in server mode

- QSslCertificate works, with no external dependencies

- QSslKey : ditto


What still needs work:

 - the build system needs to be updated to allow building the SSL
classes, even when OpenSSL is not found

 - QSslCertificate::isSelfSigned needs implementing

 - QSslKey : serializing to a password-protected PEM does not work yet

 - there is some duplicated code between the OpenSSL and Secure
Transport backends

 - QSslConfiguration : no work done yet


3. HOW TO GET IT

As previously stated, my current work has been on OS X only, not actual
iOS devices.

1/ Checkout the qssl-ios branch from
https://qt.gitorious.org/qt/sharkys-qtbase on a OS X machine

2/ Apply the attached patch to fix / disable some QSslSocket unit tests

3/ Build it

4/ Run some unit tests

5/ Help fix the errors :)


Cheers,
Jeremy


PS: no unfortunately I cannot make it to the contributor summit
-------------- next part --------------
A non-text attachment was scrubbed...
Name: unit_tests.patch
Type: text/x-patch
Size: 4662 bytes
Desc: not available
URL: <http://lists.qt-project.org/pipermail/development/attachments/20140529/99dd9713/attachment.bin>

More information about the Development mailing list