[Development] Support for custom Diffie-Hellman parameters in QSslSocket

Mikkel Krautz mikkel at krautz.dk
Tue May 26 12:11:46 CEST 2015 

Hi Rich,

Sorry for the clash of work -- I had this sketch done on Saturday, and
thought I would have more time during the weekend to hack on it.
However that turned out not to be the case, so I threw this out here.
I'll strive to be more communicative in the future. :-)

WRT tests and docs: I'm aware that they're lacking, this was mainly a
sketch of the API.

I will upload it as-is to Gerrit and get back to you, so I can get
people's comments early.

Thanks,
Mikkel

On Tue, May 26, 2015 at 11:34 AM, Richard Moore <rich at kde.org> wrote:
> Hi Mikkel,
>
> Please could you upload your change to gerrit so I can review it properly? I
> was actually implementing this yesterday, but since you've got it done I'll
> abandon my change. If you add me as the reviewer then I'll add the other
> relevant people. The change seems mainly okay, but there are a few minor
> things need fixing (some incorrect \since statements, missing autotest
> etc.).
>
> Cheers
>
> Rich.
>
> On 25 May 2015 at 23:16, Mikkel Krautz <mikkel at krautz.dk> wrote:
>>
>> Hi,
>>
>> I've been working on adding the ability to set custom DH parameters
>> for QSslSocket and I want to start discussing an API for the feature,
>> rather than jumping directly to a code review.
>>
>> I have a preliminary patch that adds a sketch of the API I'm envisioning:
>> https://gist.github.com/mkrautz/699f3c7fb22f48b7059c
>> (It's untested, but it builds...)
>>
>> Basically, what I'm envisioning is
>>
>>  - An opaque (for the user) QSslDiffieHellmanParameters class.
>>  - It loads DH parameters either as PEM or DER via a constructor that
>> takes a QByteArray or a QIODevice (like QSslKey).
>>  - After loading, isNull() can be used to check if the DH parameters
>> were loaded, and were valid (OpenSSL backend uses DH_check -- not sure
>> what should be done on SecureTransport, if anything?).
>>  - Internally, the QSslDiffieHellmanParameters object stores a
>> DER-encoded version of the parameters. (This makes it easily loadable
>> in both OpenSSL and SecureTransport)
>>  - A public QSslConfiguration::setDiffieHellmanParameters() to set the
>> DH parameters.
>>  - A public (but not in the public headers)
>> QSslConfiguration::diffieHellmanParameters() for internal use by the
>> backends.
>>  - QSslDiffieHellmanParametersPrivate will befriend QSslContext (for
>> OpenSSL) and an equivalent for SecureTransport to allow the
>> implementations to access the DER encoded data of the
>> QSslDiffieHellmanParameters.
>>
>> I did a cursory web search for the ability to set DH parameters for
>> WinRT listeners, but I don't think that's possible -- so I haven't
>> considered that, for now...
>>
>> Let me know what you think.
>>
>> Thanks,
>> Mikkel
>> _______________________________________________
>> Development mailing list
>> Development at qt-project.org
>> http://lists.qt-project.org/mailman/listinfo/development
>
>

More information about the Development mailing list