[Development] Support for custom Diffie-Hellman parameters in QSslSocket

Mikkel Krautz mikkel at krautz.dk
Tue May 26 12:56:22 CEST 2015


For anyone following this, the change is now at:

https://codereview.qt-project.org/#/c/113070

On Tue, May 26, 2015 at 12:11 PM, Mikkel Krautz <mikkel at krautz.dk> wrote:
> Hi Rich,
>
> Sorry for the clash of work -- I had this sketch done on Saturday, and
> thought I would have more time during the weekend to hack on it.
> However that turned out not to be the case, so I threw this out here.
> I'll strive to be more communicative in the future. :-)
>
> WRT tests and docs: I'm aware that they're lacking, this was mainly a
> sketch of the API.
>
> I will upload it as-is to Gerrit and get back to you, so I can get
> people's comments early.
>
> Thanks,
> Mikkel
>
> On Tue, May 26, 2015 at 11:34 AM, Richard Moore <rich at kde.org> wrote:
>> Hi Mikkel,
>>
>> Please could you upload your change to gerrit so I can review it properly? I
>> was actually implementing this yesterday, but since you've got it done I'll
>> abandon my change. If you add me as the reviewer then I'll add the other
>> relevant people. The change seems mainly okay, but there are a few minor
>> things need fixing (some incorrect \since statements, missing autotest
>> etc.).
>>
>> Cheers
>>
>> Rich.
>>
>> On 25 May 2015 at 23:16, Mikkel Krautz <mikkel at krautz.dk> wrote:
>>>
>>> Hi,
>>>
>>> I've been working on adding the ability to set custom DH parameters
>>> for QSslSocket and I want to start discussing an API for the feature,
>>> rather than jumping directly to a code review.
>>>
>>> I have a preliminary patch that adds a sketch of the API I'm envisioning:
>>> https://gist.github.com/mkrautz/699f3c7fb22f48b7059c
>>> (It's untested, but it builds...)
>>>
>>> Basically, what I'm envisioning is
>>>
>>>  - An opaque (for the user) QSslDiffieHellmanParameters class.
>>>  - It loads DH parameters either as PEM or DER via a constructor that
>>> takes a QByteArray or a QIODevice (like QSslKey).
>>>  - After loading, isNull() can be used to check if the DH parameters
>>> were loaded, and were valid (OpenSSL backend uses DH_check -- not sure
>>> what should be done on SecureTransport, if anything?).
>>>  - Internally, the QSslDiffieHellmanParameters object stores a
>>> DER-encoded version of the parameters. (This makes it easily loadable
>>> in both OpenSSL and SecureTransport)
>>>  - A public QSslConfiguration::setDiffieHellmanParameters() to set the
>>> DH parameters.
>>>  - A public (but not in the public headers)
>>> QSslConfiguration::diffieHellmanParameters() for internal use by the
>>> backends.
>>>  - QSslDiffieHellmanParametersPrivate will befriend QSslContext (for
>>> OpenSSL) and an equivalent for SecureTransport to allow the
>>> implementations to access the DER encoded data of the
>>> QSslDiffieHellmanParameters.
>>>
>>> I did a cursory web search for the ability to set DH parameters for
>>> WinRT listeners, but I don't think that's possible -- so I haven't
>>> considered that, for now...
>>>
>>> Let me know what you think.
>>>
>>> Thanks,
>>> Mikkel
>>> _______________________________________________
>>> Development mailing list
>>> Development at qt-project.org
>>> http://lists.qt-project.org/mailman/listinfo/development
>>
>>



More information about the Development mailing list