Viadeo Twitter Google Bookmarks ! Facebook Digg del.icio.us MySpace Yahoo MyWeb Blinklist Netvouz Reddit Simpy StumbleUpon Bookmarks Windows Live Favorites 
Logo Documentation Qt ·  Page d'accueil  ·  Tous les espaces de nom  ·  Toutes les classes  ·  Classes principales  ·  Annotées  ·  Classes groupées  ·  Modules  ·  Fonctions  · 

QSslConfiguration Class Reference
[QtNetwork module]

The QSslConfiguration class holds the configuration and state of an SSL connection More...

 #include <QSslConfiguration>

Note: All the functions in this class are reentrant.

This class was introduced in Qt 4.4.

Public Functions

Static Public Members


Detailed Description

The QSslConfiguration class holds the configuration and state of an SSL connection

QSslConfiguration is used by Qt networking classes to relay information about an open SSL connection and to allow the application to control certain features of that connection.

The settings that QSslConfiguration currently supports are:

  • The SSL/TLS protocol to be used
  • The certificate to be presented to the peer during connection and its associated private key
  • The ciphers allowed to be used for encrypting the connection
  • The list of Certificate Authorities certificates that are used to validate the peer's certificate

These settings are applied only during the connection handshake. Setting them after the connection has been established has no effect.

The state that QSslConfiguration supports are:

  • The certificate the peer presented during handshake, along with the chain leading to a CA certificate
  • The cipher used to encrypt this session

The state can only be obtained once the SSL connection starts, but not necessarily before it's done. Some settings may change during the course of the SSL connection without need to restart it (for instance, the cipher can be changed over time).

State in QSslConfiguration objects cannot be changed.

QSslConfiguration can be used with QSslSocket and the Network Access API.

Note that changing settings in QSslConfiguration is not enough to change the settings in the related SSL connection. You must call setSslConfiguration on a modified QSslConfiguration object to achieve that. The following example illustrates how to change the protocol to TLSv1 in a QSslSocket object:

 QSslConfiguration config = sslSocket.sslConfiguration();
 config.setProtocol(QSsl::TlsV1);
 sslSocket.setSslConfiguration(config);

QSslSocket, QNetworkAccessManager, QSslSocket::sslConfiguration(), QSslSocket::setSslConfiguration()

See also QSsl::SslProtocol, QSslCertificate, QSslCipher, and QSslKey.


Member Function Documentation

QSslConfiguration::QSslConfiguration ()

Constructs an empty SSL configuration. This configuration contains no valid settings and the state will be empty. isNull() will return true after this constructor is called.

Once any setter methods are called, isNull() will return false.

QSslConfiguration::QSslConfiguration ( const QSslConfiguration & other )

Copies the configuration and state of other. If other is null, this object will be null too.

QSslConfiguration::~QSslConfiguration ()

Releases any resources held by QSslConfiguration.

QList<QSslCertificate> QSslConfiguration::caCertificates () const

Returns this connection's CA certificate database. The CA certificate database is used by the socket during the handshake phase to validate the peer's certificate. It can be moodified prior to the handshake with addCaCertificate(), addCaCertificates(), and setCaCertificates().

See also setCaCertificates().

QList<QSslCipher> QSslConfiguration::ciphers () const

Returns this connection's current cryptographic cipher suite. This list is used during the handshake phase for choosing a session cipher. The returned list of ciphers is ordered by descending preference. (i.e., the first cipher in the list is the most preferred cipher). The session cipher will be the first one in the list that is also supported by the peer.

By default, the handshake phase can choose any of the ciphers supported by this system's SSL libraries, which may vary from system to system. The list of ciphers supported by this system's SSL libraries is returned by QSslSocket::supportedCiphers(). You can restrict the list of ciphers used for choosing the session cipher for this socket by calling setCiphers() with a subset of the supported ciphers. You can revert to using the entire set by calling setCiphers() with the list returned by QSslSocket::supportedCiphers().

See also setCiphers() and QSslSocket::supportedCiphers().

QSslConfiguration QSslConfiguration::defaultConfiguration ()   [static]

Returns the default SSL configuration to be used in new SSL connections.

The default SSL configuration consists of:

  • no local certificate and no private key
  • protocol SSLv3
  • the system's default CA certificate list
  • the cipher list equal to the list of the SSL libraries' supported SSL ciphers

See also QSslSocket::supportedCiphers() and setDefaultConfiguration().

bool QSslConfiguration::isNull () const

Returns true if this is a null QSslConfiguration object.

A QSslConfiguration object is null if it has been default-constructed and no setter methods have been called.

See also setProtocol(), setLocalCertificate(), setPrivateKey(), setCiphers(), and setCaCertificates().

QSslCertificate QSslConfiguration::localCertificate () const

Returns the certificate to be presented to the peer during the SSL handshake process.

See also setLocalCertificate().

QSslCertificate QSslConfiguration::peerCertificate () const

Returns the peer's digital certificate (i.e., the immediate certificate of the host you are connected to), or a null certificate, if the peer has not assigned a certificate.

The peer certificate is checked automatically during the handshake phase, so this function is normally used to fetch the certificate for display or for connection diagnostic purposes. It contains information about the peer, including its host name, the certificate issuer, and the peer's public key.

Because the peer certificate is set during the handshake phase, it is safe to access the peer certificate from a slot connected to the QSslSocket::sslErrors() signal, QNetworkReply::sslErrors() signal, or the QSslSocket::encrypted() signal.

If a null certificate is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn't have a certificate, or it can mean there is no connection.

If you want to check the peer's complete chain of certificates, use peerCertificateChain() to get them all at once.

See also peerCertificateChain(), QSslSocket::sslErrors(), QSslSocket::ignoreSslErrors(), QNetworkReply::sslErrors(), and QNetworkReply::ignoreSslErrors().

QList<QSslCertificate> QSslConfiguration::peerCertificateChain () const

Returns the peer's chain of digital certificates, starting with the peer's immediate certificate and ending with the CA's certificate.

Peer certificates are checked automatically during the handshake phase. This function is normally used to fetch certificates for display, or for performing connection diagnostics. Certificates contain information about the peer and the certificate issuers, including host name, issuer names, and issuer public keys.

Because the peer certificate is set during the handshake phase, it is safe to access the peer certificate from a slot connected to the QSslSocket::sslErrors() signal, QNetworkReply::sslErrors() signal, or the QSslSocket::encrypted() signal.

If an empty list is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn't have a certificate, or it can mean there is no connection.

If you want to get only the peer's immediate certificate, use peerCertificate().

See also peerCertificate(), QSslSocket::sslErrors(), QSslSocket::ignoreSslErrors(), QNetworkReply::sslErrors(), and QNetworkReply::ignoreSslErrors().

int QSslConfiguration::peerVerifyDepth () const

Returns the maximum number of certificates in the peer's certificate chain to be checked during the SSL handshake phase, or 0 (the default) if no maximum depth has been set, indicating that the whole certificate chain should be checked.

The certificates are checked in issuing order, starting with the peer's own certificate, then its issuer's certificate, and so on.

See also setPeerVerifyDepth() and peerVerifyMode().

QSslSocket::PeerVerifyMode QSslConfiguration::peerVerifyMode () const

Returns the verify mode. This mode decides whether QSslSocket should request a certificate from the peer (i.e., the client requests a certificate from the server, or a server requesting a certificate from the client), and whether it should require that this certificate is valid.

The default mode is AutoVerifyPeer, which tells QSslSocket to use VerifyPeer for clients, QueryPeer for clients.

See also setPeerVerifyMode().

QSslKey QSslConfiguration::privateKey () const

Returns the SSL key assigned to this connection or a null key if none has been assigned yet.

See also setPrivateKey() and localCertificate().

QSsl::SslProtocol QSslConfiguration::protocol () const

Returns the protocol setting for this SSL configuration.

See also setProtocol().

QSslCipher QSslConfiguration::sessionCipher () const

Returns the socket's cryptographic cipher, or a null cipher if the connection isn't encrypted. The socket's cipher for the session is set during the handshake phase. The cipher is used to encrypt and decrypt data transmitted through the socket.

The SSL infrastructure also provides functions for setting the ordered list of ciphers from which the handshake phase will eventually select the session cipher. This ordered list must be in place before the handshake phase begins.

See also ciphers(), setCiphers(), and QSslSocket::supportedCiphers().

void QSslConfiguration::setCaCertificates ( const QList<QSslCertificate> & certificates )

Sets this socket's CA certificate database to be certificates. The certificate database must be set prior to the SSL handshake. The CA certificate database is used by the socket during the handshake phase to validate the peer's certificate.

See also caCertificates().

void QSslConfiguration::setCiphers ( const QList<QSslCipher> & ciphers )

Sets the cryptographic cipher suite for this socket to ciphers, which must contain a subset of the ciphers in the list returned by supportedCiphers().

Restricting the cipher suite must be done before the handshake phase, where the session cipher is chosen.

See also ciphers() and QSslSocket::supportedCiphers().

void QSslConfiguration::setDefaultConfiguration ( const QSslConfiguration & configuration )   [static]

Sets the default SSL configuration to be used in new SSL connections to be configuration. Existing connections are not affected by this call.

See also QSslSocket::supportedCiphers() and defaultConfiguration().

void QSslConfiguration::setLocalCertificate ( const QSslCertificate & certificate )

Sets the certificate to be presented to the peer during SSL handshake to be certificate.

Setting the certificate once the connection has been established has no effect.

A certificate is the means of identification used in the SSL process. The local certificate is used by the remote end to verify the local user's identity against its list of Certification Authorities. In most cases, such as in HTTP web browsing, only servers identify to the clients, so the client does not send a certificate.

See also localCertificate().

void QSslConfiguration::setPeerVerifyDepth ( int depth )

Sets the maximum number of certificates in the peer's certificate chain to be checked during the SSL handshake phase, to depth. Setting a depth of 0 means that no maximum depth is set, indicating that the whole certificate chain should be checked.

The certificates are checked in issuing order, starting with the peer's own certificate, then its issuer's certificate, and so on.

See also peerVerifyDepth() and setPeerVerifyMode().

void QSslConfiguration::setPeerVerifyMode ( QSslSocket::PeerVerifyMode mode )

Sets the verify mode to mode. This mode decides whether QSslSocket should request a certificate from the peer (i.e., the client requests a certificate from the server, or a server requesting a certificate from the client), and whether it should require that this certificate is valid.

The default mode is AutoVerifyPeer, which tells QSslSocket to use VerifyPeer for clients, QueryPeer for clients.

See also peerVerifyMode().

void QSslConfiguration::setPrivateKey ( const QSslKey & key )

Sets the connection's private key to key. The private key and the local certificate are used by clients and servers that must prove their identity to SSL peers.

Both the key and the local certificate are required if you are creating an SSL server socket. If you are creating an SSL client socket, the key and local certificate are required if your client must identify itself to an SSL server.

See also privateKey() and setLocalCertificate().

void QSslConfiguration::setProtocol ( QSsl::SslProtocol protocol )

Sets the protocol setting for this configuration to be protocol.

Setting the protocol once the connection has already been established has no effect.

See also protocol().

bool QSslConfiguration::operator!= ( const QSslConfiguration & other ) const

Returns true if this QSslConfiguration differs from other. Two QSslConfiguration objects are considered different if any state or setting is different.

See also operator==().

QSslConfiguration & QSslConfiguration::operator= ( const QSslConfiguration & other )

Copies the configuration and state of other. If other is null, this object will be null too.

bool QSslConfiguration::operator== ( const QSslConfiguration & other ) const

Returns true if this QSslConfiguration object is equal to other.

Two QSslConfiguration objects are considered equal if they have the exact same settings and state.

See also operator!=().

Publicité

Best Of

Actualités les plus lues

Semaine
Mois
Année
  1. « Quelque chose ne va vraiment pas avec les développeurs "modernes" », un développeur à "l'ancienne" critique la multiplication des bibliothèques 59
  2. Apercevoir la troisième dimension ou l'utilisation multithreadée d'OpenGL dans Qt, un article des Qt Quarterly traduit par Guillaume Belz 0
  3. Les développeurs ignorent-ils trop les failles découvertes dans leur code ? Prenez-vous en compte les remarques des autres ? 17
  4. BlackBerry 10 : premières images du prochain OS de RIM qui devrait intégrer des widgets et des tuiles inspirées de Windows Phone 0
  5. Quelles nouveautés de C++11 Visual C++ doit-il rapidement intégrer ? Donnez-nous votre avis 10
  6. Adieu qmake, bienvenue qbs : Qt Building Suite, un outil déclaratif et extensible pour la compilation de projets Qt 17
  7. La rubrique Qt a besoin de vous ! 1
Page suivante

Le Qt Labs au hasard

Logo

Construire l'avenir : (ré-)introduction aux composants de Qt Quick

Les Qt Labs sont les laboratoires des développeurs de Qt, où ils peuvent partager des impressions sur le framework, son utilisation, ce que pourrait être son futur. Lire l'article.

Communauté

Ressources

Liens utiles

Contact

  • Vous souhaitez rejoindre la rédaction ou proposer un tutoriel, une traduction, une question... ? Postez dans le forum Contribuez ou contactez-nous par MP ou par email (voir en bas de page).

Qt dans le magazine

Cette page est une traduction d'une page de la documentation de Qt, écrite par Nokia Corporation and/or its subsidiary(-ies). Les éventuels problèmes résultant d'une mauvaise traduction ne sont pas imputables à Nokia. Qt 4.4
Copyright © 2012 Developpez LLC. Tous droits réservés Developpez LLC. Aucune reproduction, même partielle, ne peut être faite de ce site et de l'ensemble de son contenu : textes, documents et images sans l'autorisation expresse de Developpez LLC. Sinon, vous encourez selon la loi jusqu'à 3 ans de prison et jusqu'à 300 000 E de dommages et intérêts. Cette page est déposée à la SACD.
Vous avez déniché une erreur ? Un bug ? Une redirection cassée ? Ou tout autre problème, quel qu'il soit ? Ou bien vous désirez participer à ce projet de traduction ? N'hésitez pas à nous contacter ou par MP !
 
 
 
 
Partenaires

Hébergement Web