Changeset View
Changeset View
Standalone View
Standalone View
net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp
* Make availability of SSLv3 in Qt4 same as in Qt5, i.e. not part of SecureProtocols | * Make availability of SSLv3 in Qt4 same as in Qt5, i.e. not part of SecureProtocols | ||||
* | * | ||||
--- src/network/ssl/qsslsocket_openssl.cpp.orig 2015-05-07 14:14:44 UTC | --- src/network/ssl/qsslsocket_openssl.cpp.orig 2015-05-07 14:14:44 UTC | ||||
+++ src/network/ssl/qsslsocket_openssl.cpp | +++ src/network/ssl/qsslsocket_openssl.cpp | ||||
@@ -267,9 +267,13 @@ init_context: | @@ -222,9 +222,12 @@ QSslCipher QSslSocketBackendPrivate::QSs | ||||
ciph.d->encryptionMethod = descriptionList.at(4).mid(4); | |||||
ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export")); | |||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L | |||||
ciph.d->bits = cipher->strength_bits; | |||||
ciph.d->supportedBits = cipher->alg_bits; | |||||
- | |||||
+#else | |||||
+ ciph.d->bits = q_SSL_CIPHER_get_bits(cipher, &ciph.d->supportedBits); | |||||
+#endif | |||||
} | |||||
return ciph; | |||||
} | |||||
@@ -260,16 +263,20 @@ bool QSslSocketBackendPrivate::initSslCo | |||||
init_context: | |||||
switch (configuration.protocol) { | |||||
case QSsl::SslV2: | |||||
-#ifndef OPENSSL_NO_SSL2 | |||||
+#if OPENSSL_VERSION_NUMBER <= 0x1010000L && !defined(OPENSSL_NO_SSL2) | |||||
ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); | |||||
#else | |||||
ctx = 0; // SSL 2 not supported by the system, but chosen deliberately -> error | |||||
#endif | #endif | ||||
break; | break; | ||||
case QSsl::SslV3: | case QSsl::SslV3: | ||||
+#ifndef OPENSSL_NO_SSL3_METHOD | +#ifndef OPENSSL_NO_SSL3_METHOD | ||||
ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); | ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); | ||||
+#else | +#else | ||||
+ ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error | + ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error | ||||
+#endif | +#endif | ||||
break; | break; | ||||
- case QSsl::SecureProtocols: // SslV2 will be disabled below | - case QSsl::SecureProtocols: // SslV2 will be disabled below | ||||
+ case QSsl::SecureProtocols: // SslV2/3 will be disabled below | + case QSsl::SecureProtocols: // SslV2/3 will be disabled below | ||||
case QSsl::TlsV1SslV3: // SslV2 will be disabled below | case QSsl::TlsV1SslV3: // SslV2 will be disabled below | ||||
case QSsl::AnyProtocol: | case QSsl::AnyProtocol: | ||||
default: | default: | ||||
@@ -297,8 +301,10 @@ init_context: | @@ -297,8 +304,10 @@ init_context: | ||||
// Enable bug workarounds. | // Enable bug workarounds. | ||||
long options; | long options; | ||||
- if (configuration.protocol == QSsl::TlsV1SslV3 || configuration.protocol == QSsl::SecureProtocols) | - if (configuration.protocol == QSsl::TlsV1SslV3 || configuration.protocol == QSsl::SecureProtocols) | ||||
+ if (configuration.protocol == QSsl::TlsV1SslV3) | + if (configuration.protocol == QSsl::TlsV1SslV3) | ||||
options = SSL_OP_ALL|SSL_OP_NO_SSLv2; | options = SSL_OP_ALL|SSL_OP_NO_SSLv2; | ||||
+ else if (configuration.protocol == QSsl::SecureProtocols) | + else if (configuration.protocol == QSsl::SecureProtocols) | ||||
+ options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3; | + options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3; | ||||
else | else | ||||
options = SSL_OP_ALL; | options = SSL_OP_ALL; | ||||
@@ -363,7 +372,7 @@ init_context: | |||||
// | |||||
// See also: QSslContext::fromConfiguration() | |||||
if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) { | |||||
- q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle()); | |||||
+ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509 *)caCertificate.handle()); | |||||
} | |||||
} | |||||
@@ -659,13 +668,11 @@ void QSslSocketPrivate::resetDefaultCiph | |||||
STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl); | |||||
for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) { | |||||
if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) { | |||||
- if (cipher->valid) { | |||||
- QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher); | |||||
- if (!ciph.isNull()) { | |||||
- if (!ciph.name().toLower().startsWith(QLatin1String("adh"))) | |||||
- ciphers << ciph; | |||||
- } | |||||
- } | |||||
+ QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher); | |||||
+ if (!ciph.isNull()) { | |||||
+ if (!ciph.name().toLower().startsWith(QLatin1String("adh"))) | |||||
+ ciphers << ciph; | |||||
+ } | |||||
} | |||||
} | |||||