Re: [Development] TLS extensions and supplemental data
I've pushed a review to Gerrit providing support for TLS supplemental data and TLS extensions via a new pair of classes and APIs added to QSslSocket (six new setters/accessors and four new signals). Review available here: https://codereview.qt-project.org/#q,54364,n,z Wiki topic updated to describe the API and new classes: http://qt-project.org/wiki/Improving_TLS_handshake_support My next task is to find a way to make these new APIs accessible to apps using QWebView. As QWebView leverages pooled connections and QNetworkAccessManager (QNAM), and doesn't directly expose the QSslSocket, some plumbing is needed to give applications a path to set the TLS extensions and supplemental data. I could add these APIs directly to QNAM, but the additional signals and methods would seem to bloat the QNAM API significantly for something not frequently used. QNAM currently exposes some SSL capabilities (encrypted signal, SSLErrors), and the supplemental data signal and ability to trigger an SSL error during handshake are not TLS auth specific, but the other signals and setters/accessors are tls auth specific. The only TLS extension currently supported is SNI, and it doesn't need to be changed at the moment to take advantage of this mechanism, although it could be (particulary to notify the client that the requested server name was available). Any suggestions for how to plumb this capability? Add the APIs and signals to QSslConfiguration? A new class? QNAM? Thanks, Scott On Mar 13, 2013, at 3:33 AM, Peter Hartmann wrote: > Looks good! > > Some comments / questions: > > - Do you have examples of supplemental data? It seems to me like TLS > extensions are more important here, as they are used everywhere already. > > - re. API: > > What comes to my mind are the following options: > a) generic class QTlsExtension similar to QSslCertificateExtension with > name() and QVariant value() and getter "QList > QSslConfiguration::tlsExtensions()" (+ respective setter). Depends on whether > it is worth to introduce a new class. > > b) enum in QSslConfiguration (e.g. > "QSslConfiguration::TlsExtensionServerName") and getter "QVariant > QSslConfiguration::tlsExtension(QSslConfiguration::TlsExtension)" (+ > respective setter). Might be better because of less API than a) > > c) individual getters / setters like "QVariant tlsExtensionServerName()"; > that looks like cluttering the API. > > > > - re. "On which object should extensions be set/retrieved?": > > Maybe QSslConfiguration would be the place to set/get extensions, instead of > QSslSocket? At least this is where we store things like the session cipher, > certificate chain etc. IMO the API is a bit cluttered between those two > classes, so I think we should have all of that in QSslConfiguration. > > > > - re. "How are the extensions to be set and exposed?": > > If "There is a requirement to be able to retrieve the far side extension > prior to setting extensions", then this sounds like we need a new signal for > QSslSocket (and probably later the same one in QNetworkReply). Rich was > working on an "encrypted" signal which would be fired after the handshake and > before application data was sent, but I guess this would be too late for some > extensions then. > > > - re. "One-shot setter supporting a set of extensions, or ability to call > addExtension multiple times prior to the extended hello being sent?" > > I think we could combine it, by having an addExtension taking one single > extension and maybe an overload which takes a QList or so. > > > Regards, > > Peter > > > On 03/08/2013 08:09 PM, Scott Deboy wrote: >> I wanted to give folks a heads-up that I'm starting work on defining an API >> which will give Qt the ability to retrieve and set TLS extension data sent >> in OpenSSL's extended hello. >> >> I will also be adding support for the ability to send and retrieve >> supplemental data messages. >> >> A Wiki topic has been created to work through the process of defining the >> API - please feel free to update/add questions or contribute to the >> discussion: >> >> http://qt-project.org/wiki/Improving_TLS_handshake_support >> >> Thanks much, >> >> Scott >> ___ >> Development mailing list >> Development@qt-project.org >> http://lists.qt-project.org/mailman/listinfo/development >> > > > - > This transmission (including any attachments) may contain confidential > information, privileged material (including material protected by the > solicitor-client or other applicable privileges), or constitute non-public > information. Any use of this information by anyone other than the intended > recipient is prohibited. If you have received this transmission in error, > please immediately reply to the sender and delete this information from your > system. Use, dissemination, distribution, or reprod
Re: [Development] Please warn of force pushes...
On segunda-feira, 22 de abril de 2013 17.44.41, Oswald Buddenhagen wrote: > On Mon, Apr 22, 2013 at 08:11:22AM -0700, Thiago Macieira wrote: > > On segunda-feira, 22 de abril de 2013 16.59.27, Oswald Buddenhagen wrote: > > > > And where is it documented for winrt? > > > > > > why should it be? > > > > Because people need to know what to expect if they are going to > > participate. > while not entirely invalid, i don't think this is of particular concern. > somebody who joins the work on a project is supposed to be talking to > the respective people. Not necessarily. They may have simply found out about the branch due to our public posts and blogs, so they're just looking around. Hypothetically, there are also people maybe working for companies who cannot yet disclose their interest on WinRT. These people need to be warned that the branch rebases. > > > > Therefore, we define one only: no rebase. > > > > > > you are effectively asking for a second gerrit instance then. > > > maybe rethink that. > > > > Ok, then add "rebasing" to the branch name somewhere. Preferably: > > wip/rebasing/xxx > > sounds over-engineered to me. > and unnecessarily restrictive, as the policy may change ad-hoc as things > progress. Change the branch name when the policy changes. > i don't think we should put any more energy into discussing this matter. > the only action point is documenting on the wiki that wip/ branches > (winrt should have had that prefix, obviously) may be subject to history > rewriting. The "wip" prefix does help to identify that the branch is not ready and could be unstable. If most wip branches rebase, then we can declare that the entire wip/ prefix is subject to rebasing. If there's just one, I'd rather have it clearly marked. In any case, why does this branch rebase? Can't they live with merges? -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center signature.asc Description: This is a digitally signed message part. ___ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
Re: [Development] Please warn of force pushes...
On Mon, Apr 22, 2013 at 08:11:22AM -0700, Thiago Macieira wrote: > On segunda-feira, 22 de abril de 2013 16.59.27, Oswald Buddenhagen wrote: > > On Mon, Apr 22, 2013 at 07:48:07AM -0700, Thiago Macieira wrote: > > > On segunda-feira, 22 de abril de 2013 16.25.30, Oswald Buddenhagen wrote: > > > > as far as i'm concerned, the push policy for all non-mainline branches > > > > (in particular those without a CI) is entirely up to the discretion of > > > > their owners. > > > > > > And where is it documented for winrt? > > > > why should it be? > > Because people need to know what to expect if they are going to participate. > while not entirely invalid, i don't think this is of particular concern. somebody who joins the work on a project is supposed to be talking to the respective people. > > > Therefore, we define one only: no rebase. > > > > you are effectively asking for a second gerrit instance then. > > maybe rethink that. > > Ok, then add "rebasing" to the branch name somewhere. Preferably: > > wip/rebasing/xxx > sounds over-engineered to me. and unnecessarily restrictive, as the policy may change ad-hoc as things progress. i don't think we should put any more energy into discussing this matter. the only action point is documenting on the wiki that wip/ branches (winrt should have had that prefix, obviously) may be subject to history rewriting. ___ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
Re: [Development] Please warn of force pushes...
On segunda-feira, 22 de abril de 2013 16.59.27, Oswald Buddenhagen wrote: > On Mon, Apr 22, 2013 at 07:48:07AM -0700, Thiago Macieira wrote: > > On segunda-feira, 22 de abril de 2013 16.25.30, Oswald Buddenhagen wrote: > > > as far as i'm concerned, the push policy for all non-mainline branches > > > (in particular those without a CI) is entirely up to the discretion of > > > their owners. > > > > And where is it documented for winrt? > > why should it be? Because people need to know what to expect if they are going to participate. > > Anyway, I'm asking for a policy change: do not rebase any branch in the > > main repositories. And the reason is that a lot of people have those > > branches by simple virtue of cloning the main qtbase. It's not possible > > to be sure everyone knows the policies of each branch. > > so? See above. > > Therefore, we define one only: no rebase. > > you are effectively asking for a second gerrit instance then. > maybe rethink that. Ok, then add "rebasing" to the branch name somewhere. Preferably: wip/rebasing/xxx -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center signature.asc Description: This is a digitally signed message part. ___ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
Re: [Development] Please warn of force pushes...
On Mon, Apr 22, 2013 at 07:48:07AM -0700, Thiago Macieira wrote: > On segunda-feira, 22 de abril de 2013 16.25.30, Oswald Buddenhagen wrote: > > as far as i'm concerned, the push policy for all non-mainline branches > > (in particular those without a CI) is entirely up to the discretion of > > their owners. > > And where is it documented for winrt? > why should it be? > Anyway, I'm asking for a policy change: do not rebase any branch in the main > repositories. And the reason is that a lot of people have those branches by > simple virtue of cloning the main qtbase. It's not possible to be sure > everyone knows the policies of each branch. > so? > Therefore, we define one only: no rebase. > you are effectively asking for a second gerrit instance then. maybe rethink that. ___ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
Re: [Development] Please warn of force pushes...
On segunda-feira, 22 de abril de 2013 16.25.30, Oswald Buddenhagen wrote: > as far as i'm concerned, the push policy for all non-mainline branches > (in particular those without a CI) is entirely up to the discretion of > their owners. And where is it documented for winrt? Anyway, I'm asking for a policy change: do not rebase any branch in the main repositories. And the reason is that a lot of people have those branches by simple virtue of cloning the main qtbase. It's not possible to be sure everyone knows the policies of each branch. Therefore, we define one only: no rebase. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center signature.asc Description: This is a digitally signed message part. ___ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
Re: [Development] Please warn of force pushes...
On Mon, Apr 22, 2013 at 07:16:22AM -0700, Thiago Macieira wrote: > On segunda-feira, 22 de abril de 2013 10.15.43, Oswald Buddenhagen wrote: > > why exactly would you care? everyone working on the respective branch is > > somehow involved into the rebase process. everyone else doesn't need to > > care/can reset --hard if they actually have a checkout. > > Because "everyone working" is somehow missing people who don't know that. > so? > If a branch is in the main repositories, everyone who cloned qtbase has it. > That means you have an undeterminate number of people who might be looking at > it. Do not rebase it. > > No, really. Please don't rebase a branch in the main repositories. > you didn't provide any reasons. as far as i'm concerned, the push policy for all non-mainline branches (in particular those without a CI) is entirely up to the discretion of their owners. ___ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
Re: [Development] Please warn of force pushes...
On segunda-feira, 22 de abril de 2013 10.15.43, Oswald Buddenhagen wrote: > why exactly would you care? everyone working on the respective branch is > somehow involved into the rebase process. everyone else doesn't need to > care/can reset --hard if they actually have a checkout. Because "everyone working" is somehow missing people who don't know that. If a branch is in the main repositories, everyone who cloned qtbase has it. That means you have an undeterminate number of people who might be looking at it. Do not rebase it. No, really. Please don't rebase a branch in the main repositories. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center signature.asc Description: This is a digitally signed message part. ___ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
Re: [Development] Please warn of force pushes...
On segunda-feira, 22 de abril de 2013 07.44.31, Qi Liang wrote: > Looks like the sync script(s) is running on your server(from codereview to > gitorious)? No, this is no the codereview-gitorious sync. This is just updating the repositories so the statistics script can run. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center signature.asc Description: This is a digitally signed message part. ___ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
Re: [Development] Please warn of force pushes...
On Sun, Apr 21, 2013 at 06:14:08PM -0700, Thiago Macieira wrote: > My server just let me know: > > >From git://gitorious.org/qt/qtbase >60fbb00..c5a3cfa dev-> dev >1f3a67e..f78842a stable -> stable > ! [rejected]winrt -> winrt (non-fast-forward) > > PLEASE let the mailing list know every time a history rewrite is about to > happen and when it has happened in one of the main repositories. > why exactly would you care? everyone working on the respective branch is somehow involved into the rebase process. everyone else doesn't need to care/can reset --hard if they actually have a checkout. ___ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
Re: [Development] Please warn of force pushes...
+1 This would make quick code browsing much easier; Gitorious' interface is rather cumbersome. -- Jake Petroules Chief Technology Officer Petroules Corporation · www.petroules.com Email: jake.petrou...@petroules.com On Apr 22, 2013, at 3:44 AM, Qi Liang wrote: > At 22/04/2013 03:14, from Thiago Macieira: >> My server just let me know: >> >>> From git://gitorious.org/qt/qtbase >> 60fbb00..c5a3cfa dev-> dev >> 1f3a67e..f78842a stable -> stable >> ! [rejected]winrt -> winrt (non-fast-forward) >> >> PLEASE let the mailing list know every time a history rewrite is about to >> happen and when it has happened in one of the main repositories. >> > > Hi, Thiago, > > Looks like the sync script(s) is running on your server(from codereview to > gitorious)? Is it possible also sync the code to github for mirror? github is > much more popular than gitorious. Thanks. > > Regards, > Liang > ___ > Development mailing list > Development@qt-project.org > http://lists.qt-project.org/mailman/listinfo/development ___ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
Re: [Development] Please warn of force pushes...
At 22/04/2013 03:14, from Thiago Macieira: > My server just let me know: > >>From git://gitorious.org/qt/qtbase > 60fbb00..c5a3cfa dev -> dev > 1f3a67e..f78842a stable -> stable > ! [rejected] winrt -> winrt (non-fast-forward) > > PLEASE let the mailing list know every time a history rewrite is about to > happen and when it has happened in one of the main repositories. > Hi, Thiago, Looks like the sync script(s) is running on your server(from codereview to gitorious)? Is it possible also sync the code to github for mirror? github is much more popular than gitorious. Thanks. Regards, Liang ___ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
Re: [Development] Please warn of force pushes...
Hi, Am 22/04/2013 03:14, schrieb Thiago Macieira: > My server just let me know: > >>From git://gitorious.org/qt/qtbase > 60fbb00..c5a3cfa dev-> dev > 1f3a67e..f78842a stable -> stable > ! [rejected]winrt -> winrt (non-fast-forward) > > PLEASE let the mailing list know every time a history rewrite is about to > happen and when it has happened in one of the main repositories. > > > as this branch is rebased (not merged) regularly (Ossi does the actual rebase) forced pushes happen quite often. We will send out a notice before these happen in the future, sorry for not thinking of that. Cheers, Olli > ___ > Development mailing list > Development@qt-project.org > http://lists.qt-project.org/mailman/listinfo/development > ___ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
