Add the ability to do unsafe SSL renegotiation as a fallback.

This commit adds the ability to perform legacy SSL renegotiation as a fallback via QSsl::SslOptions. This is something that used to work, but has been disabled by default in newer versions of openssl. The need for this has been reported by users (eg. in QTBUG-14983). Change-Id: I5b80f3ffd07e0c5faddc469f6a8f857bac5740f7 Reviewed-by: Corentin Chary <corentin.chary@gmail.com> Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
author: Richard Moore <rich@kde.org> 2011-11-14 21:56:40 +0000
committer: Qt by Nokia <qt-info@nokia.com> 2011-11-15 11:53:44 +0100
commit: 75b2a4960b753766ea2eec4dbd34c67733ca8089 (patch)
tree: aca83ece26b82b33a2d735c4cb70f273550cf0a1 /src/network/ssl/qsslsocket_openssl.cpp
parent: e1ca68077a99c5f8dc4a1c8a337b738a5bf6d5dc (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 4a2ebf89b1..817860e4c7 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -287,6 +287,14 @@ init_context:
     else
         options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
 
+#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+    // This option is disabled by default, so we need to be able to clear it
+    if (configuration.sslOptions & QSsl::SslOptionDisableLegacyRenegotiation)
+        options &= ~SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+    else
+        options |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+#endif
+
 #ifdef SSL_OP_NO_TICKET
     if (configuration.sslOptions & QSsl::SslOptionDisableSessionTickets)
         options |= SSL_OP_NO_TICKET;
author	Richard Moore <rich@kde.org>	2011-11-14 21:56:40 +0000
committer	Qt by Nokia <qt-info@nokia.com>	2011-11-15 11:53:44 +0100
commit	75b2a4960b753766ea2eec4dbd34c67733ca8089 (patch)
tree	aca83ece26b82b33a2d735c4cb70f273550cf0a1 /src/network/ssl/qsslsocket_openssl.cpp
parent	e1ca68077a99c5f8dc4a1c8a337b738a5bf6d5dc (diff)