diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-06-25 16:30:36 +0200 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-07-13 04:50:38 +0000 |
commit | d74ced697e96cf89ad382ccc5f730f55df955c36 (patch) | |
tree | d21dd386b9b6a0d3cd8596332ce240a0a301930e /src/network/ssl/qsslcontext_openssl11.cpp | |
parent | 58065cedf753032477487799845b4414a6476a39 (diff) |
Extend the feature 'dtls' to handle missing DTLS support in OpenSSL
OpenSSL has 'no-dtls' configure option (or can be too ancient to properly
support it), we shall respect such builds. This patch extends configure.json
with a 'dtls' test and adds protection against linkage/compile-time
issues in the QtNetwork's code.
Change-Id: I0c0dd94f5c226115cee4285b82c83aa546555aea
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src/network/ssl/qsslcontext_openssl11.cpp')
-rw-r--r-- | src/network/ssl/qsslcontext_openssl11.cpp | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/network/ssl/qsslcontext_openssl11.cpp b/src/network/ssl/qsslcontext_openssl11.cpp index bf0c1aedbf..b3bee64dde 100644 --- a/src/network/ssl/qsslcontext_openssl11.cpp +++ b/src/network/ssl/qsslcontext_openssl11.cpp @@ -59,6 +59,7 @@ QT_BEGIN_NAMESPACE extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); extern QString getErrorsFromOpenSsl(); +#if QT_CONFIG(dtls) // defined in qdtls_openssl.cpp: namespace dtlscallbacks { @@ -68,6 +69,7 @@ extern "C" int q_generate_cookie_callback(SSL *ssl, unsigned char *dst, extern "C" int q_verify_cookie_callback(SSL *ssl, const unsigned char *cookie, unsigned cookieLength); } +#endif // dtls static inline QString msgErrorSettingEllipticCurves(const QString &why) { @@ -95,6 +97,7 @@ init_context: unsupportedProtocol = true; } else { switch (sslContext->sslConfiguration.protocol()) { +#if QT_CONFIG(dtls) case QSsl::DtlsV1_0: case QSsl::DtlsV1_0OrLater: case QSsl::DtlsV1_2: @@ -102,6 +105,7 @@ init_context: isDtls = true; sslContext->ctx = q_SSL_CTX_new(client ? q_DTLS_client_method() : q_DTLS_server_method()); break; +#endif // dtls default: // The ssl options will actually control the supported methods sslContext->ctx = q_SSL_CTX_new(client ? q_TLS_client_method() : q_TLS_server_method()); @@ -124,7 +128,12 @@ init_context: return; } - const long anyVersion = isDtls ? DTLS_ANY_VERSION : TLS_ANY_VERSION; + const long anyVersion = +#if QT_CONFIG(dtls) + isDtls ? DTLS_ANY_VERSION : TLS_ANY_VERSION; +#else + TLS_ANY_VERSION; +#endif // dtls long minVersion = anyVersion; long maxVersion = anyVersion; @@ -165,6 +174,7 @@ init_context: minVersion = TLS1_2_VERSION; maxVersion = TLS_MAX_VERSION; break; +#if QT_CONFIG(dtls) case QSsl::DtlsV1_0: minVersion = DTLS1_VERSION; maxVersion = DTLS1_VERSION; @@ -181,6 +191,7 @@ init_context: minVersion = DTLS1_2_VERSION; maxVersion = DTLS_MAX_VERSION; break; +#endif // dtls case QSsl::SslV2: // This protocol is not supported by OpenSSL 1.1 and we handle // it as an error (see the code above). @@ -326,13 +337,18 @@ init_context: q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, nullptr); } else { q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, - isDtls ? dtlscallbacks::q_X509DtlsCallback : q_X509Callback); +#if QT_CONFIG(dtls) + isDtls ? dtlscallbacks::q_X509DtlsCallback : +#endif // dtls + q_X509Callback); } +#if QT_CONFIG(dtls) if (mode == QSslSocket::SslServerMode && isDtls && configuration.dtlsCookieVerificationEnabled()) { q_SSL_CTX_set_cookie_generate_cb(sslContext->ctx, dtlscallbacks::q_generate_cookie_callback); q_SSL_CTX_set_cookie_verify_cb(sslContext->ctx, dtlscallbacks::q_verify_cookie_callback); } +#endif // dtls // Set verification depth. if (sslContext->sslConfiguration.peerVerifyDepth() != 0) |