[Development] Support for custom Diffie-Hellman parameters in QSslSocket
Mikkel Krautz
mikkel at krautz.dk
Tue May 26 00:16:50 CEST 2015
Hi,
I've been working on adding the ability to set custom DH parameters
for QSslSocket and I want to start discussing an API for the feature,
rather than jumping directly to a code review.
I have a preliminary patch that adds a sketch of the API I'm envisioning:
https://gist.github.com/mkrautz/699f3c7fb22f48b7059c
(It's untested, but it builds...)
Basically, what I'm envisioning is
- An opaque (for the user) QSslDiffieHellmanParameters class.
- It loads DH parameters either as PEM or DER via a constructor that
takes a QByteArray or a QIODevice (like QSslKey).
- After loading, isNull() can be used to check if the DH parameters
were loaded, and were valid (OpenSSL backend uses DH_check -- not sure
what should be done on SecureTransport, if anything?).
- Internally, the QSslDiffieHellmanParameters object stores a
DER-encoded version of the parameters. (This makes it easily loadable
in both OpenSSL and SecureTransport)
- A public QSslConfiguration::setDiffieHellmanParameters() to set the
DH parameters.
- A public (but not in the public headers)
QSslConfiguration::diffieHellmanParameters() for internal use by the
backends.
- QSslDiffieHellmanParametersPrivate will befriend QSslContext (for
OpenSSL) and an equivalent for SecureTransport to allow the
implementations to access the DER encoded data of the
QSslDiffieHellmanParameters.
I did a cursory web search for the ability to set DH parameters for
WinRT listeners, but I don't think that's possible -- so I haven't
considered that, for now...
Let me know what you think.
Thanks,
Mikkel
More information about the Development
mailing list