[Development] Update on iOS / SSL implementation
Richard Moore
rich at kde.org
Fri May 30 00:20:50 CEST 2014
What Jeremy has done here is fantastic. My estimate when I was previously
asked how hard it was to write a new backend to the SSL support was
approximately a man month given a developer who already knew the subject
area. I'm extremely please that someone has been willing to make this
investment in time, effort and given the nature of SSL/TLS sheer
frustration. Thank you.
Not having a Mac, I can't test this, but I'll have a long look over the
code and see what I can do to help get this integrated.
Rich.
On 29 May 2014 18:26, Jeremy Lainé <jeremy.laine at m4x.org> wrote:
> A while back I posted some proof of concept code to show what an
> implementation of QSslSocket might look like using Secure Transport. I
> have continued along these lines, and wanted to keep you updated.
>
>
> 1. GENERAL
>
> Apple's Secure Transport API is available both on OS X and iOS. As I do
> not have a iDevice, I have been developing on OS X exclusively, but
> making sure the methods I use are available on iOS (iOS only has a
> subset of OS X's capabilities).
>
> Secure Transport API:
>
> - provides close to nothing for manipulating certificates / keys => I
> had to write a minimal (DER-only) ASN.1 parser
>
> - only accepts certificates + keys .. in PKCS#12 form => I had some
> write some ASN.1 serialisation code, and a lot of PKCS#12 code (I
> absolutely hate that standard by now)
>
>
> 2. WHAT WORKS
>
> I am now getting to the point where a lot unit tests are passing.
>
> - QSslSocket works in client and in server mode
>
> - QSslCertificate works, with no external dependencies
>
> - QSslKey : ditto
>
>
> What still needs work:
>
> - the build system needs to be updated to allow building the SSL
> classes, even when OpenSSL is not found
>
> - QSslCertificate::isSelfSigned needs implementing
>
> - QSslKey : serializing to a password-protected PEM does not work yet
>
> - there is some duplicated code between the OpenSSL and Secure
> Transport backends
>
> - QSslConfiguration : no work done yet
>
>
> 3. HOW TO GET IT
>
> As previously stated, my current work has been on OS X only, not actual
> iOS devices.
>
> 1/ Checkout the qssl-ios branch from
> https://qt.gitorious.org/qt/sharkys-qtbase on a OS X machine
>
> 2/ Apply the attached patch to fix / disable some QSslSocket unit tests
>
> 3/ Build it
>
> 4/ Run some unit tests
>
> 5/ Help fix the errors :)
>
>
> Cheers,
> Jeremy
>
>
> PS: no unfortunately I cannot make it to the contributor summit
>
> _______________________________________________
> Development mailing list
> Development at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20140529/d6c43390/attachment.html>
More information about the Development
mailing list