QSsl: workaround a 'very secure' OpenSSL version (CentOS 8.x et al)

CentOS it seems not only backported some OpenSSL 3 functions,
but also raised the default security level to 2, making some of
our keys (and MDs?) 'too weak' and failing auto-tests here and
there as a result. For our auto-test we lower the level to 1,
as it is expected to be.

Fixes: QTBUG-86336
Pick-to: 5.15
Change-Id: I7062a1b292e8b60eb9c2b2e82bd002f09f9da603
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>

1 files changed, 4 insertions, 0 deletions

diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
index 81637cf0cc..9396516670 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -164,6 +164,8 @@ using info_callback = void (*) (const SSL *ssl, int type, int val);
 DEFINEFUNC2(void, SSL_set_info_callback, SSL *ssl, ssl, info_callback cb, cb, return, return)
 DEFINEFUNC(const char *, SSL_alert_type_string, int value, value, return nullptr, return)
 DEFINEFUNC(const char *, SSL_alert_desc_string_long, int value, value, return nullptr, return)
+DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return)
+DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return)
 #ifdef TLS1_3_VERSION
 DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
 DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
@@ -865,6 +867,8 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(SSL_set_info_callback)
     RESOLVEFUNC(SSL_alert_type_string)
     RESOLVEFUNC(SSL_alert_desc_string_long)
+    RESOLVEFUNC(SSL_CTX_get_security_level)
+    RESOLVEFUNC(SSL_CTX_set_security_level)
 #ifdef TLS1_3_VERSION
     RESOLVEFUNC(SSL_CTX_set_ciphersuites)
     RESOLVEFUNC(SSL_set_psk_use_session_callback)