diff options
authorGiuseppe D'Angelo <>2018-10-01 13:43:44 +0200
committerGiuseppe D'Angelo <>2018-10-22 17:07:11 +0000
commit702c7d1321e8d22b982c3300beb8901d98ac110f (patch)
parentc9b9f663d7243988bcb5fee9180ea9cb3a321a86 (diff)
OpenSSL: force the "1.0.0" soname when loading OpenSSL 1.05.6
Some Linux distributions patch OpenSSL's soname, making builds on such distributions not deployable elsewhere. The problem is that the code loading OpenSSL symbols would attempt to use the soname of the build machine, and therefore not finding the OpenSSL libraries on the deploy system. The binary builds of Qt for Linux are affected by this problem, as they build under RHEL7.4 which changes to soname of OpenSSL to a non-standard string. This makes the binary builds not pick up OpenSSL 1.0 from the machine where the build gets installed on. Given that in the pre-1.1 versions only the 1.0 series is supported, bump the minimum requirement of Qt to that. The 1.0.x releases (up to 1.0.2, at the time of this writing) have kept binary compatibility, and advertise a soname of "1.0.0", which is used by most distributions. So, if loading of OpenSSL with the build-time soname fails, try to load them with the "1.0.0" hardcoded soname. [ChangeLog][QtNetwork][SSL] OpenSSL >= 1.0 is now required to build Qt with OpenSSL support. Task-number: QTBUG-68156 Change-Id: Ieff1561a3c1d278b511f09fef06580f034f188c6 Reviewed-by: Timur Pocheptsov <> (cherry picked from commit 2708c6c11d685ab25c12d558961d924c9a4533d2)
2 files changed, 23 insertions, 2 deletions
diff --git a/config.tests/unix/openssl/openssl.cpp b/config.tests/unix/openssl/openssl.cpp
index d0b6cca562..8be618177a 100644
--- a/config.tests/unix/openssl/openssl.cpp
+++ b/config.tests/unix/openssl/openssl.cpp
@@ -33,8 +33,8 @@
#include <openssl/opensslv.h>
-# error "OpenSSL >= 0.9.7 is required"
+# error "OpenSSL >= 1.0.0 is required"
#include <openssl/ssl.h>
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
index e7829bac90..3d4da04566 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -641,6 +641,17 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl()
// reason, we will search a few common paths (see findAllLibSsl() above) in hopes
// we find one that works.
+ // If that fails, for OpenSSL 1.0 we also try a fallback -- just look up
+ // with a hardcoded soname. The reason is QTBUG-68156: the binary
+ // builds of Qt happen (at the time of this writing) on RHEL machines,
+ // which change SHLIB_VERSION_NUMBER to a non-portable string. When running
+ // those binaries on the target systems, this code won't pick up
+ // because it doesn't exist there.
+ // Given that the only 1.0 supported release (at the time of this writing)
+ // is 1.0.2, with soname "1.0.0", give that a try too. Note that we mandate
+ // OpenSSL >= 1.0.0 with a configure-time check, and OpenSSL has kept binary
+ // compatibility between 1.0.0 and 1.0.2.
+ //
// It is important, however, to try the canonical name and the unversioned name
// without going through the loop. By not specifying a path, we let the system
// dlopen(3) function determine it for us. This will include any DT_RUNPATH or
@@ -661,6 +672,16 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl()
+ // first-and-half attempt: for OpenSSL 1.0 try to load an hardcoded soname.
+ libssl->setFileNameAndVersion(QLatin1String("ssl"), QLatin1String("1.0.0"));
+ libcrypto->setFileNameAndVersion(QLatin1String("crypto"), QLatin1String("1.0.0"));
+ if (libcrypto->load() && libssl->load()) {
+ return pair;
+ } else {
+ libssl->unload();
+ libcrypto->unload();
+ }
#ifndef Q_OS_DARWIN