You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
461 lines
18 KiB
461 lines
18 KiB
This file is part of MXE. See LICENSE.md for licensing information.
|
|
|
|
Contains ad hoc patches for cross building.
|
|
|
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Tony Theodore <tonyt@logyst.com>
|
|
Date: Sun, 25 Feb 2018 23:22:54 +1100
|
|
Subject: [PATCH 19/20] compile with openssl-1.1.0
|
|
|
|
Taken from:
|
|
https://aur.archlinux.org/cgit/aur.git/tree/qt4-openssl-1.1.patch?h=lib32-qt4&id=ae544c977343bbf0dfdd1f2901bf0e5fe27d5233
|
|
|
|
* Most changes are related to openssl structures are now opaque.
|
|
* The network/ssl threading setup has been disabled because the
|
|
old openssl threading model has been removed and is apparently
|
|
no longer needed.
|
|
* A number of new functions had to be imported (see changes to
|
|
src/network/ssl/qsslsocket_openssl_symbols.cpp)
|
|
Author: Gert Wollny <gw.fossdev@gmail.com>
|
|
Last-Update: 2016-06-28
|
|
Bug-Debian: https://bugs.debian.org/828522
|
|
|
|
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
|
|
index 0f2314e2..96f6de43 100644
|
|
--- a/src/network/ssl/qsslcertificate.cpp
|
|
+++ b/src/network/ssl/qsslcertificate.cpp
|
|
@@ -259,10 +259,10 @@ void QSslCertificate::clear()
|
|
QByteArray QSslCertificate::version() const
|
|
{
|
|
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
|
|
- if (d->versionString.isEmpty() && d->x509)
|
|
+ if (d->versionString.isEmpty() && d->x509) {
|
|
d->versionString =
|
|
- QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
|
|
-
|
|
+ QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1);
|
|
+ }
|
|
return d->versionString;
|
|
}
|
|
|
|
@@ -276,7 +276,7 @@ QByteArray QSslCertificate::serialNumber() const
|
|
{
|
|
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
|
|
if (d->serialNumberString.isEmpty() && d->x509) {
|
|
- ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
|
|
+ ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509);
|
|
// if we cannot convert to a long, just output the hexadecimal number
|
|
if (serialNumber->length > 4) {
|
|
QByteArray hexString;
|
|
@@ -489,24 +489,33 @@ QSslKey QSslCertificate::publicKey() const
|
|
QSslKey key;
|
|
|
|
key.d->type = QSsl::PublicKey;
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
X509_PUBKEY *xkey = d->x509->cert_info->key;
|
|
+#else
|
|
+ X509_PUBKEY *xkey = q_X509_get_X509_PUBKEY(d->x509);
|
|
+#endif
|
|
EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);
|
|
Q_ASSERT(pkey);
|
|
|
|
- if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {
|
|
+ int key_id;
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+ key_id = q_EVP_PKEY_type(pkey->type);
|
|
+#else
|
|
+ key_id = q_EVP_PKEY_base_id(pkey);
|
|
+#endif
|
|
+ if (key_id == EVP_PKEY_RSA) {
|
|
key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);
|
|
key.d->algorithm = QSsl::Rsa;
|
|
key.d->isNull = false;
|
|
- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
|
|
+ } else if (key_id == EVP_PKEY_DSA) {
|
|
key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);
|
|
key.d->algorithm = QSsl::Dsa;
|
|
key.d->isNull = false;
|
|
- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {
|
|
+ } else if (key_id == EVP_PKEY_DH) {
|
|
// DH unsupported
|
|
} else {
|
|
// error?
|
|
}
|
|
-
|
|
q_EVP_PKEY_free(pkey);
|
|
return key;
|
|
}
|
|
@@ -687,7 +696,7 @@ static QMap<QString, QString> _q_mapFromX509Name(X509_NAME *name)
|
|
unsigned char *data = 0;
|
|
int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
|
|
info[QString::fromUtf8(obj)] = QString::fromUtf8((char*)data, size);
|
|
- q_CRYPTO_free(data);
|
|
+ q_OPENSSL_free(data);
|
|
}
|
|
return info;
|
|
}
|
|
diff --git a/src/network/ssl/qsslkey.cpp b/src/network/ssl/qsslkey.cpp
|
|
index 437a177b..73753206 100644
|
|
--- a/src/network/ssl/qsslkey.cpp
|
|
+++ b/src/network/ssl/qsslkey.cpp
|
|
@@ -321,8 +321,19 @@ int QSslKey::length() const
|
|
{
|
|
if (d->isNull)
|
|
return -1;
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
return (d->algorithm == QSsl::Rsa)
|
|
? q_BN_num_bits(d->rsa->n) : q_BN_num_bits(d->dsa->p);
|
|
+#else
|
|
+ if (d->algorithm == QSsl::Rsa) {
|
|
+ return q_RSA_bits(d->rsa);
|
|
+ }else{
|
|
+ const BIGNUM *p = NULL;
|
|
+ q_DSA_get0_pqg(d->dsa, &p, NULL, NULL);
|
|
+ return q_BN_num_bits(p);
|
|
+ }
|
|
+#endif
|
|
+
|
|
}
|
|
|
|
/*!
|
|
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
|
|
index ce984945..c1ec979d 100644
|
|
--- a/src/network/ssl/qsslsocket_openssl.cpp
|
|
+++ b/src/network/ssl/qsslsocket_openssl.cpp
|
|
@@ -93,6 +93,7 @@ bool QSslSocketPrivate::s_libraryLoaded = false;
|
|
bool QSslSocketPrivate::s_loadedCiphersAndCerts = false;
|
|
bool QSslSocketPrivate::s_loadRootCertsOnDemand = false;
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
/* \internal
|
|
|
|
From OpenSSL's thread(3) manual page:
|
|
@@ -174,6 +175,8 @@ static unsigned long id_function()
|
|
}
|
|
} // extern "C"
|
|
|
|
+#endif //OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+
|
|
QSslSocketBackendPrivate::QSslSocketBackendPrivate()
|
|
: ssl(0),
|
|
ctx(0),
|
|
@@ -222,9 +225,12 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *ciph
|
|
ciph.d->encryptionMethod = descriptionList.at(4).mid(4);
|
|
ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export"));
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
ciph.d->bits = cipher->strength_bits;
|
|
ciph.d->supportedBits = cipher->alg_bits;
|
|
-
|
|
+#else
|
|
+ ciph.d->bits = q_SSL_CIPHER_get_bits(cipher, &ciph.d->supportedBits);
|
|
+#endif
|
|
}
|
|
return ciph;
|
|
}
|
|
@@ -363,7 +369,7 @@ init_context:
|
|
//
|
|
// See also: QSslContext::fromConfiguration()
|
|
if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) {
|
|
- q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle());
|
|
+ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509 *)caCertificate.handle());
|
|
}
|
|
}
|
|
|
|
@@ -500,8 +506,10 @@ void QSslSocketBackendPrivate::destroySslContext()
|
|
*/
|
|
void QSslSocketPrivate::deinitialize()
|
|
{
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
q_CRYPTO_set_id_callback(0);
|
|
q_CRYPTO_set_locking_callback(0);
|
|
+#endif
|
|
}
|
|
|
|
/*!
|
|
@@ -522,13 +530,17 @@ bool QSslSocketPrivate::ensureLibraryLoaded()
|
|
return false;
|
|
|
|
// Check if the library itself needs to be initialized.
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
QMutexLocker locker(openssl_locks()->initLock());
|
|
+#endif
|
|
if (!s_libraryLoaded) {
|
|
s_libraryLoaded = true;
|
|
|
|
// Initialize OpenSSL.
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
q_CRYPTO_set_id_callback(id_function);
|
|
q_CRYPTO_set_locking_callback(locking_function);
|
|
+#endif
|
|
if (q_SSL_library_init() != 1)
|
|
return false;
|
|
q_SSL_load_error_strings();
|
|
@@ -567,7 +579,9 @@ bool QSslSocketPrivate::ensureLibraryLoaded()
|
|
|
|
void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
|
|
{
|
|
- QMutexLocker locker(openssl_locks()->initLock());
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+ QMutexLocker locker(openssl_locks()->initLock());
|
|
+#endif
|
|
if (s_loadedCiphersAndCerts)
|
|
return;
|
|
s_loadedCiphersAndCerts = true;
|
|
@@ -659,13 +673,18 @@ void QSslSocketPrivate::resetDefaultCiphers()
|
|
STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl);
|
|
for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) {
|
|
if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
|
|
- if (cipher->valid) {
|
|
+
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+ if (cipher->valid) {
|
|
+#endif
|
|
QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
|
|
if (!ciph.isNull()) {
|
|
if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
|
|
ciphers << ciph;
|
|
}
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
}
|
|
+#endif
|
|
}
|
|
}
|
|
|
|
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
|
|
index 3ee71060..0e9f7b29 100644
|
|
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
|
|
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
|
|
@@ -111,16 +111,16 @@ DEFINEFUNC(int, ASN1_STRING_length, ASN1_STRING *a, a, return 0, return)
|
|
DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return);
|
|
DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return)
|
|
DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return)
|
|
-DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return)
|
|
+DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return 0, return)
|
|
DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return 0, return)
|
|
DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return)
|
|
-DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
|
|
+DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
|
|
DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return)
|
|
DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return)
|
|
DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return)
|
|
DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG)
|
|
DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG)
|
|
-DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG)
|
|
+DEFINEFUNC(void, OPENSSL_free, void *a, a, return, DUMMYARG)
|
|
DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG)
|
|
#if OPENSSL_VERSION_NUMBER < 0x00908000L
|
|
DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, unsigned char **b, b, long c, c, return 0, return)
|
|
@@ -286,6 +286,22 @@ DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMM
|
|
DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG)
|
|
DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return)
|
|
DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return)
|
|
+DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *ctx, ctx, return 0, return)
|
|
+
|
|
+DEFINEFUNC(ASN1_INTEGER *, X509_get_serialNumber, X509 *x, x, return 0, return)
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+DEFINEFUNC(int, EVP_PKEY_id, const EVP_PKEY *pkey, pkey, return 0, return)
|
|
+DEFINEFUNC(int, EVP_PKEY_base_id, const EVP_PKEY *pkey, pkey, return 0, return)
|
|
+DEFINEFUNC2(int, SSL_CIPHER_get_bits, const SSL_CIPHER *cipher, cipher, int *alg_bits, alg_bits, return 0, return)
|
|
+DEFINEFUNC2(long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, long options, options, return 0, return)
|
|
+DEFINEFUNC(long, X509_get_version, X509 *x, x, return 0, return)
|
|
+DEFINEFUNC(X509_PUBKEY *, X509_get_X509_PUBKEY, X509 *x, x, return 0, return)
|
|
+DEFINEFUNC(int, RSA_bits, const RSA *rsa, rsa, return 0, return)
|
|
+DEFINEFUNC(int, DSA_security_bits, const DSA *dsa, dsa, return 0, return)
|
|
+DEFINEFUNC(ASN1_TIME *, X509_get_notAfter, X509 *x, x, return 0, return)
|
|
+DEFINEFUNC(ASN1_TIME *, X509_get_notBefore, X509 *x, x, return 0, return)
|
|
+DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, const BIGNUM **p, p, const BIGNUM **q, q, const BIGNUM **g, g, return, return)
|
|
+#endif
|
|
|
|
#ifdef Q_OS_SYMBIAN
|
|
#define RESOLVEFUNC(func, ordinal, lib) \
|
|
@@ -797,6 +813,7 @@ bool q_resolveOpenSslSymbols()
|
|
RESOLVEFUNC(SSL_CTX_use_PrivateKey)
|
|
RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
|
|
RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
|
|
+ RESOLVEFUNC(SSL_CTX_get_cert_store)
|
|
RESOLVEFUNC(SSL_accept)
|
|
RESOLVEFUNC(SSL_clear)
|
|
RESOLVEFUNC(SSL_connect)
|
|
@@ -819,6 +836,23 @@ bool q_resolveOpenSslSymbols()
|
|
RESOLVEFUNC(SSL_set_connect_state)
|
|
RESOLVEFUNC(SSL_shutdown)
|
|
RESOLVEFUNC(SSL_write)
|
|
+
|
|
+ RESOLVEFUNC(X509_get_serialNumber)
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+ RESOLVEFUNC(SSL_CTX_ctrl)
|
|
+ RESOLVEFUNC(EVP_PKEY_id)
|
|
+ RESOLVEFUNC(EVP_PKEY_base_id)
|
|
+ RESOLVEFUNC(SSL_CIPHER_get_bits)
|
|
+ RESOLVEFUNC(SSL_CTX_set_options)
|
|
+ RESOLVEFUNC(X509_get_version)
|
|
+ RESOLVEFUNC(X509_get_X509_PUBKEY)
|
|
+ RESOLVEFUNC(RSA_bits)
|
|
+ RESOLVEFUNC(DSA_security_bits)
|
|
+ RESOLVEFUNC(DSA_get0_pqg)
|
|
+ RESOLVEFUNC(X509_get_notAfter)
|
|
+ RESOLVEFUNC(X509_get_notBefore)
|
|
+#endif
|
|
+
|
|
#ifndef OPENSSL_NO_SSL2
|
|
RESOLVEFUNC(SSLv2_client_method)
|
|
#endif
|
|
diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
|
|
index 2bfe0632..828df379 100644
|
|
--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
|
|
+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
|
|
@@ -59,6 +59,9 @@
|
|
QT_BEGIN_NAMESPACE
|
|
|
|
#define DUMMYARG
|
|
+#ifndef OPENSSL_NO_SSL2
|
|
+#define OPENSSL_NO_SSL2 1
|
|
+#endif
|
|
|
|
#if !defined QT_LINKED_OPENSSL
|
|
// **************** Shared declarations ******************
|
|
@@ -207,16 +210,16 @@ int q_ASN1_STRING_length(ASN1_STRING *a);
|
|
int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b);
|
|
long q_BIO_ctrl(BIO *a, int b, long c, void *d);
|
|
int q_BIO_free(BIO *a);
|
|
-BIO *q_BIO_new(BIO_METHOD *a);
|
|
+BIO *q_BIO_new(const BIO_METHOD *a);
|
|
BIO *q_BIO_new_mem_buf(void *a, int b);
|
|
int q_BIO_read(BIO *a, void *b, int c);
|
|
-BIO_METHOD *q_BIO_s_mem();
|
|
+const BIO_METHOD *q_BIO_s_mem();
|
|
int q_BIO_write(BIO *a, const void *b, int c);
|
|
int q_BN_num_bits(const BIGNUM *a);
|
|
int q_CRYPTO_num_locks();
|
|
void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int));
|
|
void q_CRYPTO_set_id_callback(unsigned long (*a)());
|
|
-void q_CRYPTO_free(void *a);
|
|
+void q_OPENSSL_free(void *a);
|
|
void q_DSA_free(DSA *a);
|
|
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
|
// 0.9.8 broke SC and BC by changing this function's signature.
|
|
@@ -326,7 +329,6 @@ void q_SSL_set_accept_state(SSL *a);
|
|
void q_SSL_set_connect_state(SSL *a);
|
|
int q_SSL_shutdown(SSL *a);
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
|
-const SSL_METHOD *q_SSLv2_client_method();
|
|
const SSL_METHOD *q_SSLv3_client_method();
|
|
const SSL_METHOD *q_SSLv23_client_method();
|
|
const SSL_METHOD *q_TLSv1_client_method();
|
|
@@ -335,7 +337,6 @@ const SSL_METHOD *q_SSLv3_server_method();
|
|
const SSL_METHOD *q_SSLv23_server_method();
|
|
const SSL_METHOD *q_TLSv1_server_method();
|
|
#else
|
|
-SSL_METHOD *q_SSLv2_client_method();
|
|
SSL_METHOD *q_SSLv3_client_method();
|
|
SSL_METHOD *q_SSLv23_client_method();
|
|
SSL_METHOD *q_TLSv1_client_method();
|
|
@@ -399,7 +400,25 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
|
|
PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\
|
|
bp,(char *)x,enc,kstr,klen,cb,u)
|
|
#endif
|
|
+
|
|
+X509_STORE * q_SSL_CTX_get_cert_store(const SSL_CTX *ctx);
|
|
+ASN1_INTEGER * q_X509_get_serialNumber(X509 *x);
|
|
+
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
#define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
|
|
+#define q_X509_get_version(x) X509_get_version(x)
|
|
+#else
|
|
+int q_EVP_PKEY_id(const EVP_PKEY *pkey);
|
|
+int q_EVP_PKEY_base_id(const EVP_PKEY *pkey);
|
|
+int q_SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
|
|
+long q_SSL_CTX_set_options(SSL_CTX *ctx, long options);
|
|
+long q_X509_get_version(X509 *x);
|
|
+X509_PUBKEY * q_X509_get_X509_PUBKEY(X509 *x);
|
|
+int q_RSA_bits(const RSA *rsa);
|
|
+int q_DSA_security_bits(const DSA *dsa);
|
|
+void q_DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
|
|
+#endif
|
|
+
|
|
#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
|
|
#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
|
|
#define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st))
|
|
@@ -410,8 +429,15 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
|
|
#define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i))
|
|
#define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \
|
|
q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
|
|
+
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
#define q_X509_get_notAfter(x) X509_get_notAfter(x)
|
|
#define q_X509_get_notBefore(x) X509_get_notBefore(x)
|
|
+#else
|
|
+ASN1_TIME *q_X509_get_notAfter(X509 *x);
|
|
+ASN1_TIME *q_X509_get_notBefore(X509 *x);
|
|
+#endif
|
|
+
|
|
#define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
|
|
(char *)(rsa))
|
|
#define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
|
|
|
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Tony Theodore <tonyt@logyst.com>
|
|
Date: Sun, 25 Feb 2018 23:25:25 +1100
|
|
Subject: [PATCH 20/20] disable sslv3
|
|
|
|
taken from:
|
|
https://aur.archlinux.org/cgit/aur.git/tree/disable-sslv3.patch?h=lib32-qt4&id=ae544c977343bbf0dfdd1f2901bf0e5fe27d5233
|
|
|
|
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
|
|
index c1ec979d..1c03058d 100644
|
|
--- a/src/network/ssl/qsslsocket_openssl.cpp
|
|
+++ b/src/network/ssl/qsslsocket_openssl.cpp
|
|
@@ -273,7 +273,11 @@ init_context:
|
|
#endif
|
|
break;
|
|
case QSsl::SslV3:
|
|
+#ifndef OPENSSL_NO_SSL3
|
|
ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
|
|
+#else
|
|
+ ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error
|
|
+#endif
|
|
break;
|
|
case QSsl::SecureProtocols: // SslV2 will be disabled below
|
|
case QSsl::TlsV1SslV3: // SslV2 will be disabled below
|
|
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
|
|
index 0e9f7b29..0b515318 100644
|
|
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
|
|
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
|
|
@@ -228,13 +228,17 @@ DEFINEFUNC(int, SSL_shutdown, SSL *a, a, return -1, return)
|
|
#ifndef OPENSSL_NO_SSL2
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
#endif
|
|
+#ifndef OPENSSL_NO_SSL3
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
+#endif
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
#ifndef OPENSSL_NO_SSL2
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
#endif
|
|
+#ifndef OPENSSL_NO_SSL3
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
+#endif
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
#else
|
|
@@ -856,13 +860,17 @@ bool q_resolveOpenSslSymbols()
|
|
#ifndef OPENSSL_NO_SSL2
|
|
RESOLVEFUNC(SSLv2_client_method)
|
|
#endif
|
|
+#ifndef OPENSSL_NO_SSL3
|
|
RESOLVEFUNC(SSLv3_client_method)
|
|
+#endif
|
|
RESOLVEFUNC(SSLv23_client_method)
|
|
RESOLVEFUNC(TLSv1_client_method)
|
|
#ifndef OPENSSL_NO_SSL2
|
|
RESOLVEFUNC(SSLv2_server_method)
|
|
#endif
|
|
+#ifndef OPENSSL_NO_SSL3
|
|
RESOLVEFUNC(SSLv3_server_method)
|
|
+#endif
|
|
RESOLVEFUNC(SSLv23_server_method)
|
|
RESOLVEFUNC(TLSv1_server_method)
|
|
RESOLVEFUNC(X509_NAME_entry_count)
|