Qt6_Foundation_ Sprint 13, Qt6_Foundation_ Sprint 14, Qt6_Foundation_Sprint 15
Qt applications want to use crypto functionality to
- manage keys and certificates
- Key generation support
- Certificate Signing Request generation support
- optional: Certificate signing
- optional: Certificate Revocation List generation support
- encrypt/decrypt data
- streaming support
A separate set of classes that provide access this functionality and abstracts the underlying libraries (like OpenSSL, mbedTLS, WolfSSL, NSS, BoringSSL, gcrypt, Botan) and OS sevices (like SecureTransport, SecureChannel) could then be used by QtNetwork as well to implement SSL/TLS support.
An architecture that defines an interface that allows the implementation of different might be possible, and gives users or 3rd parties the opportunity to develop their own backends.
Possible alternative to extending QSsl (aka. X509) is to use an external dependecy library (https://userbase.kde.org/QCA), which already has a Qt API.
The certificate management API is already worked on by QtOpcUa team because it requires CSR generation. (https://codereview.qt-project.org/c/qt/qtopcua/+/263819)
- relates to
QTBUG-75638 Qt Network changes in Qt 6
QTBUG-73793 Missing security API in Qt
|For Gerrit Dashboard: QTBUG-76499|
|308982,23||WIP: add csr||dev||qt/qtbase||Status: DEFERRED||-2||0|