Differential D9726 Diff 25563 head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp
Changeset View
Changeset View
Standalone View
Standalone View
head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp
Obtained from: https://github.com/libressl-portable/openbsd/issues/33 | * Instead of using the SSL_CTRL_SET_CURVES macros which only exists in OpenSSL, | ||||
* call the SSL_CTX_set1_curves functions as suggested by BoringSSL porting docs | |||||
From 81494e67eccba04fc3fe554d76a9ca6fe7f2250e Mon Sep 17 00:00:00 2001 | * and which is the function in OpenSSL that is called through the replaced macro. | ||||
From: hasufell <hasufell@gentoo.org> | * LibreSSL has a SSL_CTX_set1_groups functions and provides a compat macro. | ||||
Date: Sat, 10 Oct 2015 01:15:01 +0200 | * Unfortunately, since Qt resolves the symbols at runtime, we cannot call through | ||||
Subject: [PATCH] Fix compilation with libressl | * that macro and must instead explicitly call SSL_CTX_set1_groups if the library | ||||
* doesn't export a function called SSL_CTX_set1_curves, as in the case of LibreSSL. | |||||
By additionally checking for defined(SSL_CTRL_SET_CURVES), which | * | ||||
is defined in openssl, but not in libressl. | --- src/network/ssl/qsslcontext_openssl.cpp.orig 2016-12-01 08:17:04 UTC | ||||
--- src/network/ssl/qsslcontext_openssl.cpp.orig 2015-10-13 04:35:28 UTC | |||||
+++ src/network/ssl/qsslcontext_openssl.cpp | +++ src/network/ssl/qsslcontext_openssl.cpp | ||||
@@ -338,7 +338,7 @@ init_context: | @@ -350,14 +350,24 @@ init_context: | ||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) | |||||
const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); | |||||
if (!qcurves.isEmpty()) { | |||||
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) | |||||
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) | |||||
// Set the curves to be used | // Set the curves to be used | ||||
if (q_SSLeay() >= 0x10002000L) { | if (q_SSLeay() >= 0x10002000L) { | ||||
// SSL_CTX_ctrl wants a non-const pointer as last argument, | - // SSL_CTX_ctrl wants a non-const pointer as last argument, | ||||
@@ -352,7 +352,7 @@ init_context: | - // but let's avoid a copy into a temporary array | ||||
return sslContext; | - if (!q_SSL_CTX_ctrl(sslContext->ctx, | ||||
- SSL_CTRL_SET_CURVES, | |||||
- qcurves.size(), | |||||
- const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) { | |||||
- sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); | |||||
- sslContext->errorCode = QSslError::UnspecifiedError; | |||||
+ switch (q_SSL_CTX_set1_curves(sslContext->ctx, | |||||
+ const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())), | |||||
+ qcurves.size())) { | |||||
+ case 1: | |||||
+ default: | |||||
+ break; | |||||
+ case 0: | |||||
+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); | |||||
+ sslContext->errorCode = QSslError::UnspecifiedError; | |||||
+ break; | |||||
+ case -1: | |||||
+ if (q_SSL_CTX_set1_groups(sslContext->ctx, | |||||
+ reinterpret_cast<const int *>(qcurves.data()), | |||||
+ qcurves.size()) < 1) { | |||||
+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); | |||||
+ sslContext->errorCode = QSslError::UnspecifiedError; | |||||
+ } | |||||
+ break; | |||||
} | } | ||||
} else | } else | ||||
-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) | #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) | ||||
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) | |||||
{ | |||||
// specific curves requested, but not possible to set -> error | |||||
sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); |