Page MenuHomeFreeBSD
Differential D9726 Diff 25563 head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp

Changeset View

Standalone View

View Options

head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp

Obtained from: https://github.com/libressl-portable/openbsd/issues/33 * Instead of using the SSL_CTRL_SET_CURVES macros which only exists in OpenSSL,
* call the SSL_CTX_set1_curves functions as suggested by BoringSSL porting docs
From 81494e67eccba04fc3fe554d76a9ca6fe7f2250e Mon Sep 17 00:00:00 2001 * and which is the function in OpenSSL that is called through the replaced macro.
From: hasufell <hasufell@gentoo.org> * LibreSSL has a SSL_CTX_set1_groups functions and provides a compat macro.
Date: Sat, 10 Oct 2015 01:15:01 +0200 * Unfortunately, since Qt resolves the symbols at runtime, we cannot call through
Subject: [PATCH] Fix compilation with libressl * that macro and must instead explicitly call SSL_CTX_set1_groups if the library
* doesn't export a function called SSL_CTX_set1_curves, as in the case of LibreSSL.
By additionally checking for defined(SSL_CTRL_SET_CURVES), which *
is defined in openssl, but not in libressl. --- src/network/ssl/qsslcontext_openssl.cpp.orig 2016-12-01 08:17:04 UTC
--- src/network/ssl/qsslcontext_openssl.cpp.orig 2015-10-13 04:35:28 UTC
+++ src/network/ssl/qsslcontext_openssl.cpp +++ src/network/ssl/qsslcontext_openssl.cpp
@@ -338,7 +338,7 @@ init_context: @@ -350,14 +350,24 @@ init_context:
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC)
const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves();
if (!qcurves.isEmpty()) {
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC)
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC)
// Set the curves to be used // Set the curves to be used
if (q_SSLeay() >= 0x10002000L) { if (q_SSLeay() >= 0x10002000L) {
// SSL_CTX_ctrl wants a non-const pointer as last argument, - // SSL_CTX_ctrl wants a non-const pointer as last argument,
@@ -352,7 +352,7 @@ init_context: - // but let's avoid a copy into a temporary array
return sslContext; - if (!q_SSL_CTX_ctrl(sslContext->ctx,
- SSL_CTRL_SET_CURVES,
- qcurves.size(),
- const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) {
- sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl());
- sslContext->errorCode = QSslError::UnspecifiedError;
+ switch (q_SSL_CTX_set1_curves(sslContext->ctx,
+ const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())),
+ qcurves.size())) {
+ case 1:
+ default:
+ break;
+ case 0:
+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl());
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ break;
+ case -1:
+ if (q_SSL_CTX_set1_groups(sslContext->ctx,
+ reinterpret_cast<const int *>(qcurves.data()),
+ qcurves.size()) < 1) {
+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl());
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+ break;
} }
} else } else
-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC)
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC)
{
// specific curves requested, but not possible to set -> error
sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2"));