diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-10-30 10:43:51 +0100 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-11-02 05:00:14 +0000 |
commit | 611423099667d2dc18e6fb63967cbbfd8a65829c (patch) | |
tree | 3e736b682dfadc09377b6c613a6d070f26cced3c /src/network | |
parent | e3a552a130fc09725c8adda3548d297fc96e058a (diff) |
Fix supportsSsl() to make it more consistent
Attempts to use QSslSocket and its OpenSSL 1.1 back-end with OpenSSL 1.1.1
in a very peculiar way (for some reason the reporter calls OPENSSL_no_config())
combined with a bug in OpenSSL 1.1.1 resulted in a QSslSocket dead-locking
in initialization. This was happening because supportsSsl() first reported
false (OpenSSL internally fails to initialize after OPENSSL_no_config()),
but we have s_libraryLoaded set to true too early, thus the first supportsSsl()
returns false, the second - true.
Move setting of s_libraryLoaded later so that we don't claim to support
OpenSSL when an earlier ensureLibraryLoaded() attempt failed.
Task-number: QTBUG-70956
Task-number: QTBUG-71446
Change-Id: I8ad8763d357c84fc38c62e2ce914366367c2b445
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 5 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl11.cpp | 4 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_opensslpre11.cpp | 4 |
3 files changed, 9 insertions, 4 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 64501a75e8..37bb3e4933 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -474,7 +474,12 @@ void QSslSocketPrivate::resetDefaultCiphers() #else SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method()); #endif + // Note, we assert, not just silently return/bail out early: + // this should never happen and problems with OpenSSL's initialization + // must be caught before this (see supportsSsl()). + Q_ASSERT(myCtx); SSL *mySsl = q_SSL_new(myCtx); + Q_ASSERT(mySsl); QList<QSslCipher> ciphers; QList<QSslCipher> defaultCiphers; diff --git a/src/network/ssl/qsslsocket_openssl11.cpp b/src/network/ssl/qsslsocket_openssl11.cpp index cbbf403672..2a2667bd48 100644 --- a/src/network/ssl/qsslsocket_openssl11.cpp +++ b/src/network/ssl/qsslsocket_openssl11.cpp @@ -88,8 +88,6 @@ bool QSslSocketPrivate::ensureLibraryLoaded() const QMutexLocker locker(qt_opensslInitMutex); if (!s_libraryLoaded) { - s_libraryLoaded = true; - // Initialize OpenSSL. if (q_OPENSSL_init_ssl(0, nullptr) != 1) return false; @@ -105,6 +103,8 @@ bool QSslSocketPrivate::ensureLibraryLoaded() qWarning("Random number generator not seeded, disabling SSL support"); return false; } + + s_libraryLoaded = true; } return true; } diff --git a/src/network/ssl/qsslsocket_opensslpre11.cpp b/src/network/ssl/qsslsocket_opensslpre11.cpp index 062e03f4e6..bc4fd9dc85 100644 --- a/src/network/ssl/qsslsocket_opensslpre11.cpp +++ b/src/network/ssl/qsslsocket_opensslpre11.cpp @@ -215,8 +215,6 @@ bool QSslSocketPrivate::ensureLibraryLoaded() QMutexLocker locker(openssl_locks()->initLock()); if (!s_libraryLoaded) { - s_libraryLoaded = true; - // Initialize OpenSSL. q_CRYPTO_set_id_callback(id_function); q_CRYPTO_set_locking_callback(locking_function); @@ -235,6 +233,8 @@ bool QSslSocketPrivate::ensureLibraryLoaded() qWarning("Random number generator not seeded, disabling SSL support"); return false; } + + s_libraryLoaded = true; } return true; } |