Re: [Interest] SSL & Let's Encrypt certificate expiration
On 6/10/21 06:13, Thiago Macieira wrote: On Tuesday, 5 October 2021 11:45:23 PDT Christophe Thomas wrote: For the cert chain we are currently using the default LE setting so we currently provide the X1 Cross signed with expired X3. Netherless, the issue is that strangely we need to force caCertificate load in order to have the connexion accepted. In the client's system, is the ISRG Root X1 certificate present? Can you check with plain openssl s_client command to see if the problem is OpenSSL? We have had some difficulty here with Windows 10's "lazy loading" of the root certificates. Unless users have been to a site that uses the ISRG X1 root certificate using Chrome or Edge, they do not have this certificate and it is not available to Qt. As soon as they visit a site that uses the new root in Chrome or Edge, Windows loads the certificate and it works in Qt. Hamish ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] SSL & Let's Encrypt certificate expiration
On Tuesday, 5 October 2021 12:28:17 PDT Christophe Thomas wrote: > one trick is that we had to provide the openssl lib with our soft in order > to work on some of our users setup. So we might relly in our app on a > different openssl version than the one installed, making the test with > openssl binary useless I guess. This OpenSSL library you're providing, where is it loading certificates on- demand from? Or is it? You may have misconfigured the path to search certificates from when you built it. Please check if this issue affects only the users using the library you shipped or if it affects the users using the system provided library. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel DPG Cloud Engineering ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] SSL & Let's Encrypt certificate expiration
I can't reproduce the issue, only maitai (and some users) does, we'll check the status of his ca cert. one trick is that we had to provide the openssl lib with our soft in order to work on some of our users setup. So we might relly in our app on a different openssl version than the one installed, making the test with openssl binary useless I guess. Regards, Christophe Le mar. 5 oct. 2021 à 21:16, Thiago Macieira a écrit : > On Tuesday, 5 October 2021 11:45:23 PDT Christophe Thomas wrote: > > For the cert chain we are currently using the default LE setting so we > > currently provide the X1 Cross signed with expired X3. > > > > Netherless, the issue is that strangely we need to force caCertificate > load > > in order to have the connexion accepted. > > In the client's system, is the ISRG Root X1 certificate present? Can you > check > with plain openssl s_client command to see if the problem is OpenSSL? > > -- > Thiago Macieira - thiago.macieira (AT) intel.com > Software Architect - Intel DPG Cloud Engineering > > > > ___ > Interest mailing list > Interest@qt-project.org > https://lists.qt-project.org/listinfo/interest > ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] SSL & Let's Encrypt certificate expiration
On Tuesday, 5 October 2021 11:45:23 PDT Christophe Thomas wrote: > For the cert chain we are currently using the default LE setting so we > currently provide the X1 Cross signed with expired X3. > > Netherless, the issue is that strangely we need to force caCertificate load > in order to have the connexion accepted. In the client's system, is the ISRG Root X1 certificate present? Can you check with plain openssl s_client command to see if the problem is OpenSSL? -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel DPG Cloud Engineering ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
[Interest] New Browser with Pics
Formal greetings everyone!! :) My name is Gregory Cohen. I am looking for developers to work on this new project with me. I have recently joined certain mailing lists, and I am looking to get the word out. There is no readme file yet, but I explain everything here, so don't get mad :) Feel free to ask me any questions about anything anytime. My email is gregorycoh...@gmail.com Some pictures https://imgur.com/4vRpN9m.png https://imgur.com/qKNkHxR.png https://imgur.com/vBy9XnW.png https://imgur.com/0zv6oSc.png https://imgur.com/WRVB9X1.png With Compiz https://imgur.com/sTzNUm9.png https://imgur.com/T9BeS0o.png Program is downloadable at ethicify.online/improve_the_world/tools/FOR_SHOW (FOR_SHOW folder includes scripts and binaries (non-malicious), everything can be recompiled) Emerald-browser (a radical new web browser, working prototype exists, BSD licensed (I could change this to GPL)) Goals Not bothersome (person shouldn't be bothered by anything) Full control To be fully written in C += 2 * Uses the same engine as Chrome, with QWebEngine Ubuntu and fedora have packages emerald-browser [number of terminals, default 1] C += 2 compiler is called "g+". It's a wrapper for g++ Usage g+ foo.cpp -O3 -Wall -Wextra -o foo Example C += 2 program --- main puts("Hello world") -- (No need for #includes) g+ is written in Ruby. It could be ported to Crystal TODO 1. Make g+ work better It doesn't support classes, structs or namespaces currently You can always #include C++ or C files though C += 2 is, and always will be a PREPROCESSOR FOR MODERN C++. IT CAN DO ANYTHING C++ CAN DO AND MORE. Some things I want to implement These should be a single unary option buton, like what GNOME 40 or Chrome has. In that, there should be many options. Maybe even things like Update System There should be a close button for panes. The source code should be tidied up, but please don't clutter it with too much OOP. Currently, everything gets googled. There could be a cache of some kind. Everything you would want to do on your computer, should be doable in this program. Currently, it makes a full-screen widget. If there could be a Compiz cube for tabs, that would be really interesting. There was a program that converted Chrome tabs to a filesystem extension. Maybe something like this could be added. Port to Mac. Port to Windows??? No Terminal then Port to FreeBSD Would need to work for certain in X and Wayland open should be improved To open tabs, do open [query1] [query2?]... (number of Google results per query to show in panes) Example open 'ruby talk' 'ruby docs' 3 That would open 3 google results for ruby talk, and 3 google results for ruby docs Googler is used to search google. Googler is automatically installed. Googler is written in python * This browser should be as fast or faster than Chrome. * Downloads don't currently work * Fullscreen doesn't currently work * Opening pages in new tabs doesn't currently work * You currently can't close tabs, only open them * The simplest way to close the browser currently is killall emerald-browser * Add signal and slot to close program when window closes. This doesn't currently happen. Back and forward buttons should be added, somewhere. Currently, you can right click, and do navigation A way to type in addresses manually should be added. Currently, you can do echo 'open [full url]' > /tmp/emerald-browser-fifo Doing echo open /home/' > /tmp/emerald-browser-fifo should work * Multiple instances needs to work * Want installation to be super simple. Download a binary * Let's get a fully functional browser, THEN care about packaging If there could be a flip 3d for tabs, that would be cool There's an interesting cover flow widget for Qt. Maybe that could be useful. Are you interested in collaborating? If you can help in any way, please send me a message :) Sincerely, Gregory David Evan Cohen gregorycoh...@gmail.com ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] SSL & Let's Encrypt certificate expiration
Hello, For the cert chain we are currently using the default LE setting so we currently provide the X1 Cross signed with expired X3. Netherless, the issue is that strangely we need to force caCertificate load in order to have the connexion accepted. Regards, Christophe Le mar. 5 oct. 2021 à 19:58, ekke a écrit : > Please check if the certificate at server is correct created and uses ISRG > Root X1 instead of DST Root CA X3 > > ekke > > Am 05.10.21 um 19:29 schrieb maitai: > > Hi all, > > Since the Let's Encrypt root certificate expired, we have a few users > unable to initiate a SSL connexion (most of them on recent Windows 10 > version, app built with qt 5.15.6, but also some linux cases). We are using > OpenSSL 1.1.1. > > After some searches, we found out that the ca-certificates list is empty > in that cases. In some Linux occurrences, the list becomes "loaded" after > around 10 minutes, and all was fine until the user restarts the > application. In some other cases waiting does nothing to fix the issue. > > I must say that most users are OK, it impacted only a few of them, and I > was not able to find a common pattern like Windows version or so. > > What we did finally to fix it is to force the loading of CA-Certificates, > that way, during the initialization of the application: > > QSslConfiguration def = QSslConfiguration::defaultConfiguration(); > def.setCaCertificates(QSslConfiguration::systemCaCertificates()); > QSslConfiguration::setDefaultConfiguration(def); > > And then all is fine. > > > I am still scratching my head about this though. Isn't it supposed to be > useless to do that? Any insight on what is going on there will be > appreciated. > > Thanks > Philippe Lelong. > > ___ > Interest mailing > listInterest@qt-project.orghttps://lists.qt-project.org/listinfo/interest > > > ___ > Interest mailing list > Interest@qt-project.org > https://lists.qt-project.org/listinfo/interest > ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] SSL & Let's Encrypt certificate expiration
Please check if the certificate at server is correct created and uses ISRG Root X1 instead of DST Root CA X3 ekke Am 05.10.21 um 19:29 schrieb maitai: Hi all, Since the Let's Encrypt root certificate expired, we have a few users unable to initiate a SSL connexion (most of them on recent Windows 10 version, app built with qt 5.15.6, but also some linux cases). We are using OpenSSL 1.1.1. After some searches, we found out that the ca-certificates list is empty in that cases. In some Linux occurrences, the list becomes "loaded" after around 10 minutes, and all was fine until the user restarts the application. In some other cases waiting does nothing to fix the issue. I must say that most users are OK, it impacted only a few of them, and I was not able to find a common pattern like Windows version or so. What we did finally to fix it is to force the loading of CA-Certificates, that way, during the initialization of the application: QSslConfiguration def = QSslConfiguration::defaultConfiguration(); def.setCaCertificates(QSslConfiguration::systemCaCertificates()); QSslConfiguration::setDefaultConfiguration(def); And then all is fine. I am still scratching my head about this though. Isn't it supposed to be useless to do that? Any insight on what is going on there will be appreciated. Thanks Philippe Lelong. ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] SSL & Let's Encrypt certificate expiration
On Tuesday, 5 October 2021 10:29:09 PDT maitai wrote: > Hi all, > > Since the Let's Encrypt root certificate expired, we have a few users > unable to initiate a SSL connexion (most of them on recent Windows 10 > version, app built with qt 5.15.6, but also some linux cases). We are > using OpenSSL 1.1.1. Being slightly pedantic for future reference: no Let's Encrypt CA certificate expired. What expired was one of the root certificates that signed Let's Encrypt. It's not the only certificate, so Let's Encrypt continues to be valid. > After some searches, we found out that the ca-certificates list is empty > in that cases. In some Linux occurrences, the list becomes "loaded" > after around 10 minutes, and all was fine until the user restarts the > application. In some other cases waiting does nothing to fix the issue. We don't pre-load the CA certificate list and haven't done that for years. We rely on OpenSSL loading exactly the certificates it needs on its own. > I am still scratching my head about this though. Isn't it supposed to be > useless to do that? Any insight on what is going on there will be > appreciated. Needs investigation. I don't understand what's wrong either. In my case, I noticed that one application on my Android phone was complaining of an expired certificate for my server. After debugging a lot, I found that my IMAP server (Cyrus) was including the expired certificate in the list of certificates it sent the client, but the SMTP and HTTPS servers weren't. So I worked to hack the OpenSSL certificate database so it wouldn't send it. It didn't work. As far as I can tell, in this case, the client application found the expired signing certificate in its own database and decided to complain, despite having another path to a valid root certificate. But this points to the possible problem: it might depend on whether the server is including this expired certificate in the connection negotiation or not. You can test with "openssl s_client -connect host:port -showcerts" and decode each one of the ones printed with "openssl x509 -text -noout" to see if the expired one is present or not. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel DPG Cloud Engineering ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
[Interest] SSL & Let's Encrypt certificate expiration
Hi all, Since the Let's Encrypt root certificate expired, we have a few users unable to initiate a SSL connexion (most of them on recent Windows 10 version, app built with qt 5.15.6, but also some linux cases). We are using OpenSSL 1.1.1. After some searches, we found out that the ca-certificates list is empty in that cases. In some Linux occurrences, the list becomes "loaded" after around 10 minutes, and all was fine until the user restarts the application. In some other cases waiting does nothing to fix the issue. I must say that most users are OK, it impacted only a few of them, and I was not able to find a common pattern like Windows version or so. What we did finally to fix it is to force the loading of CA-Certificates, that way, during the initialization of the application: QSslConfiguration def = QSslConfiguration::defaultConfiguration(); def.setCaCertificates(QSslConfiguration::systemCaCertificates()); QSslConfiguration::setDefaultConfiguration(def); And then all is fine. I am still scratching my head about this though. Isn't it supposed to be useless to do that? Any insight on what is going on there will be appreciated. Thanks Philippe Lelong.___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] Running qemu as debug service provider in Qt Creator
On Tuesday, 5 October 2021 09:53:55 PDT Richard Weickelt wrote: > Does the "attach to running server" even work for cross builds? It should. I haven't tested cross-architecture anything in nearly a decade, but I have tested cross-OS and it worked sometime in the last year or so. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel DPG Cloud Engineering ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] Qt 5.15 LTS vs Qt 6.2 LTS
Tuukka said: > Qt is well suited for this type of an approach, and we also have a certified solution to the safety critical functionality: https://www.qt.io/product/functional-safety-and-qt ... Yeah, I've always found that link in particular to be at best, shady. You start with this loud and proud headline. Qt Meets Certification Standards It's not until one spins down and reads carefully that they learn it is only this tiny little ancient subset called "Qt Safe Renderer." One client definitely got screwed by this because when he read the headline and the IEC 62304 thing he assumed Qt was being as honest as the SOM and other processor vendors about their OS bundles being IEC 62304 certified. That was a massive financial loss he won't soon forget, especially when he tried to suggest using it to a customer he had done business with for years and they ripped millions of dollars in business away from him at the mention of using Qt. As for other customers who actually read all the way down and look at the package, most say something like this customer. As for safe renderer, it's distinct from the regular qt code base and is actually certified to various standards. It is severely pared down - the demos are largely the safety critical symbols on your car dash, like turn signals or warning lights. It's not designed to run a full application. > would be better to discuss with our functional safety experts You know, I wasn't going to respond to this. Even deleted the digest that had it which is why this doesn't have standard Thunderbird quoting. But I find the above so professionally offensive I had to respond. In my world I work with a lot of certified licensed safety professionals. Every company that employs them puts them in charge of the bug/issue databases. This bug was classified P3: Somewhat important https://bugreports.qt.io/browse/QTBUG-12055 According to the link it was opened July 8, 2010. It was marked Resolved on July 27, 2021. There is no bug database where safety professionals are involved where any issue that causes a crash, stack dump, unhandled exception, access violation, or any other form of race condition or abend are always flagged P1: Critical. There is even a formal escalation process where by the time a Critical bug hits 30 days open the entire company is working on /that one bug/ from every possible angle until it is closed. Just how many other patient killers are in the bug database ranked P3 and below? https://www.bcsp.org/csp https://www.isc2.org/Certifications/CSSLP# https://en.wikipedia.org/wiki/Certified_Software_Development_Professional -- Roland Hughes, President Logikal Solutions (630)-205-1593 http://www.theminimumyouneedtoknow.com http://www.infiniteexposure.net http://www.johnsmith-book.com http://www.logikalblog.com http://www.interestingauthors.com/blog ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] Running qemu as debug service provider in Qt Creator
Hi, > You can start it manually with qemu and tell it to stop before the first line > of the application. Then tell Qt Creator to connect to the GDB server that > qemu created. > > Debug > Start Debugging > Attach to Running Server > Thanks, but it doesn't work. The "Attach to Running Server" dialog in Qt Creator is a bit confusing. Kit: My gcc-arm-none-abi kit (based upon the arm-none-eabi-gcc-8 toolchain shipped by the Qt maintenance tool). Server port: 1234 Local executable: The application ELF file Break at main is enabled I get "Unable to create debugging engine". My kit uses arm-none-eabi-gdb-py as the debugger. The device is a bare metal device and the debug server provider is set to None. If I choose the arm-none-eabi-gdb executable instead, I get "Failure during startup. Aborting. No debug server provider found for". Does the "attach to running server" even work for cross builds? ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] Compile Qt 6.2.1 from source
On Tuesday, 5 October 2021 03:30:11 PDT joao morgado via Interest wrote: > The officially supported CMake generator for building Qt is Ninja. You > are using: 'Unix Makefiles' instead. Thus, you might encounter issues. > Use at your own risk. Huh, ok. I thought Makefiles were supported, that's why I suggested Ninja ("should install"). Good to know. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel DPG Cloud Engineering ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] Running qemu as debug service provider in Qt Creator
On Tuesday, 5 October 2021 06:11:50 PDT Richard Weickelt wrote: > Hi, > > I want to run a bare metal application in a QEMU environment and debug it > with gdb using Qt Creator. But I can only see a limited predefined selection > of debug providers, like openocd, j-link, ... > > Is there no way to run a custom command instead? I expected the "generic" > provider to cover that usecase, but that seems to be something else. You can start it manually with qemu and tell it to stop before the first line of the application. Then tell Qt Creator to connect to the GDB server that qemu created. Debug > Start Debugging > Attach to Running Server -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel DPG Cloud Engineering ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
[Interest] Running qemu as debug service provider in Qt Creator
Hi, I want to run a bare metal application in a QEMU environment and debug it with gdb using Qt Creator. But I can only see a limited predefined selection of debug providers, like openocd, j-link, ... Is there no way to run a custom command instead? I expected the "generic" provider to cover that usecase, but that seems to be something else. Thanks ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] Compile Qt 6.2.1 from source
Thiago I found the problem, followed your advice I installed ninja-build and works fine.In fact, I checked a old configure output, showed a warning: + exec /home/joao/qt6.2/qt5/qtbase/configure -top-level -developer-build -- -D QT_BUILD_TESTS_BY_DEFAULT=OFF '/usr/local/bin/cmake' '-D' 'QT_BUILD_TESTS_BY_DEFAULT=OFF' '-DINPUT_developer_build=yes' '-G' 'Unix Makefiles' '/home/joao/qt6.2/qt5' CMake Warning at qtbase/cmake/QtAutoDetect.cmake:76 (message): The officially supported CMake generator for building Qt is Ninja. You are using: 'Unix Makefiles' instead. Thus, you might encounter issues. Use at your own risk. Solved !!!CheersJoão Em terça-feira, 5 de outubro de 2021 00:39:42 GMT+1, Thiago Macieira escreveu: On Monday, 4 October 2021 14:43:08 PDT joao morgado via Interest wrote: > Hi Thiago > "git describe" shows > > v6.2.0-3-g1d8225dd > and "git branch" shows > 6.2.0 The first one is fine. That indicates 3 commits past the v6.2.0 tag. The second one is weird. The 6.2.0 branch shouldn't have moved after the tag, but it's not a problem. > I did a fresh install from start: git clone ..., git checkout 6.2.0, git > submodule update, perl init-repository, again a git sub module update, > configure ... , cmake --build I got the same type of error: Please insert "-j1 -v" to the cmake --build line (after --build) and paste the output. PS: you should install ninja. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel DPG Cloud Engineering ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] Transparent rectangle with radius in one side
Try QtQuick.Shapes; you can get any shape you want. However those don’t do vertex antialiasing, so you might need to turn on MSAA to get rid of the jaggies. So it would be best to try to put all the shapes as children of one item (or children of a root shape) so that you only need to set layer.samples in one place, which will be more efficient. Canvas just uses QPainter to do cpu rendering (pixel by pixel). So there will be a texture the size of the canvas, and again it would be best to do as little of that as possible: put them all into one canvas. ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
Re: [Interest] Transparent rectangle with radius in one side
Le mar. 5 oct. 2021 à 04:28, Murat ŞEKER via Interest a écrit : > We have a Quick scene where we draw a lot of semi-transparent rectangles and > those rectangles are rounded in one side. As a representative : > ... > As it can be seen from the snippet above we use clipping to achieve rounding > in one side however that comes with a significant cost in batching as > the number of those rectangles are quite high. Have you considered BorderImage ? You could use an image with rounded borders only on one side, and it would look the same, with a single item. Not convenient if the radius is not fixed, though. -- Julien Cugnière ___ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest