Changeset View
Changeset View
Standalone View
Standalone View
net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp
* Instead of using the SSL_CTRL_SET_CURVES macros which only exists in OpenSSL, | * Instead of using the SSL_CTRL_SET_CURVES macros which only exists in OpenSSL, | ||||
* call the SSL_CTX_set1_curves functions as suggested by BoringSSL porting docs | * call the SSL_CTX_set1_groups function, which exists in LibreSSL as well as in | ||||
* and which is the function in OpenSSL that is called through the replaced macro. | * OpenSSL and is what would be called through the macro | ||||
* LibreSSL has a SSL_CTX_set1_groups functions and provides a compat macro. | |||||
* Unfortunately, since Qt resolves the symbols at runtime, we cannot call through | |||||
* that macro and must instead explicitly call SSL_CTX_set1_groups if the library | |||||
* doesn't export a function called SSL_CTX_set1_curves, as in the case of LibreSSL. | |||||
* | * | ||||
--- src/network/ssl/qsslcontext_openssl.cpp.orig 2016-12-01 08:17:04 UTC | --- src/network/ssl/qsslcontext_openssl.cpp.orig 2016-12-01 08:17:04 UTC | ||||
+++ src/network/ssl/qsslcontext_openssl.cpp | +++ src/network/ssl/qsslcontext_openssl.cpp | ||||
@@ -350,14 +350,24 @@ init_context: | @@ -350,12 +350,9 @@ init_context: | ||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) | #if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) | ||||
// Set the curves to be used | // Set the curves to be used | ||||
if (q_SSLeay() >= 0x10002000L) { | if (q_SSLeay() >= 0x10002000L) { | ||||
- // SSL_CTX_ctrl wants a non-const pointer as last argument, | - // SSL_CTX_ctrl wants a non-const pointer as last argument, | ||||
- // but let's avoid a copy into a temporary array | - // but let's avoid a copy into a temporary array | ||||
- if (!q_SSL_CTX_ctrl(sslContext->ctx, | - if (!q_SSL_CTX_ctrl(sslContext->ctx, | ||||
- SSL_CTRL_SET_CURVES, | - SSL_CTRL_SET_CURVES, | ||||
- qcurves.size(), | - qcurves.size(), | ||||
- const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) { | - const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) { | ||||
- sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); | + if (!q_SSL_CTX_set1_groups(sslContext->ctx, | ||||
- sslContext->errorCode = QSslError::UnspecifiedError; | |||||
+ switch (q_SSL_CTX_set1_curves(sslContext->ctx, | |||||
+ const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())), | + const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())), | ||||
+ qcurves.size())) { | + qcurves.size())) { | ||||
+ case 1: | sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); | ||||
+ default: | sslContext->errorCode = QSslError::UnspecifiedError; | ||||
+ break; | |||||
+ case 0: | |||||
+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); | |||||
+ sslContext->errorCode = QSslError::UnspecifiedError; | |||||
+ break; | |||||
+ case -1: | |||||
+ if (q_SSL_CTX_set1_groups(sslContext->ctx, | |||||
+ reinterpret_cast<const int *>(qcurves.data()), | |||||
+ qcurves.size()) < 1) { | |||||
+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); | |||||
+ sslContext->errorCode = QSslError::UnspecifiedError; | |||||
+ } | |||||
+ break; | |||||
} | } | ||||
} else | |||||
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) |