[Development] Support for custom Diffie-Hellman parameters in QSslSocket

Richard Moore rich at kde.org
Tue May 26 11:34:52 CEST 2015

Hi Mikkel,

Please could you upload your change to gerrit so I can review it properly?
I was actually implementing this yesterday, but since you've got it done
I'll abandon my change. If you add me as the reviewer then I'll add the
other relevant people. The change seems mainly okay, but there are a few
minor things need fixing (some incorrect \since statements, missing
autotest etc.).



On 25 May 2015 at 23:16, Mikkel Krautz <mikkel at krautz.dk> wrote:

> Hi,
> I've been working on adding the ability to set custom DH parameters
> for QSslSocket and I want to start discussing an API for the feature,
> rather than jumping directly to a code review.
> I have a preliminary patch that adds a sketch of the API I'm envisioning:
> https://gist.github.com/mkrautz/699f3c7fb22f48b7059c
> (It's untested, but it builds...)
> Basically, what I'm envisioning is
>  - An opaque (for the user) QSslDiffieHellmanParameters class.
>  - It loads DH parameters either as PEM or DER via a constructor that
> takes a QByteArray or a QIODevice (like QSslKey).
>  - After loading, isNull() can be used to check if the DH parameters
> were loaded, and were valid (OpenSSL backend uses DH_check -- not sure
> what should be done on SecureTransport, if anything?).
>  - Internally, the QSslDiffieHellmanParameters object stores a
> DER-encoded version of the parameters. (This makes it easily loadable
> in both OpenSSL and SecureTransport)
>  - A public QSslConfiguration::setDiffieHellmanParameters() to set the
> DH parameters.
>  - A public (but not in the public headers)
> QSslConfiguration::diffieHellmanParameters() for internal use by the
> backends.
>  - QSslDiffieHellmanParametersPrivate will befriend QSslContext (for
> OpenSSL) and an equivalent for SecureTransport to allow the
> implementations to access the DER encoded data of the
> QSslDiffieHellmanParameters.
> I did a cursory web search for the ability to set DH parameters for
> WinRT listeners, but I don't think that's possible -- so I haven't
> considered that, for now...
> Let me know what you think.
> Thanks,
> Mikkel
> _______________________________________________
> Development mailing list
> Development at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20150526/3e287ded/attachment.html>

More information about the Development mailing list