QSslSocket

Alon Bar-Lev alon.barlev at gmail.com
Thu Jun 7 07:01:17 BST 2007


Hello all,

After the discussion of smartcards support in KDE, I've opened a few
feature requests in Trolltech.

---

165594 - QSslKey Suggestion to Add interface to allow override
http://trolltech.com/developer/task-tracker/index_html?method=entry&id=165594

Current state of QSslKey don't even allow setting OpenSSL RSA/DSA
keys, it has no extension and no abstraction.

Smartcard support can be added if a default constructor and
setHandle() are added, or better a key interface is added, or best if
they provide proper abstraction so that no OpenSSL interface be used
(remove the undocumented handle stuff).

165235 - Suggestion: QSslSocket - Differ client certificate/key set
http://trolltech.com/developer/task-tracker/index_html?method=entry&id=165235

This is important for browsers. Currently you must know in advanced if
the peer require client certificate. This is not the case in many
scenarios. I don't know how you planned to use this class with
konqueror without this one.

165234 - Suggestion: QSslSocket - Add verifyPeer signal
http://trolltech.com/developer/task-tracker/index_html?method=entry&id=165234

This is missing feature, TLS/SSL should verify peer before the socket
is opened for business. This is important in term of security.

Reopen
157892 - Allow OpenSSL to be located in non-default include and lib
paths on Windows
http://trolltech.com/developer/task-tracker/index_html?method=entry&id=157892

They are loading OpenSSL shared library dynamically!!! I don't want to
guess why.
As long as they are doing so, the need at least not use hardcoded
library names, so different versions and locations may be specified.
I asked to reopen the Windows bug in order to provide getenv () with
QT_SSL_XXXX variables to specify which library to load. Of course the
hardcoded may remain as defaults.

---

It is so fun to work with their task tracker... You may discuss the
problem freely and watch for changes... And have a complete
description of a what required. Well... at least I wish this was the
case.

So if anyone can push these forward...

Best Regards,
Alon Bar-Lev.




More information about the kde-core-devel mailing list