QTlsBackend (OpenSSL) : detect incompatible versions

OpenSSL v3 among other nice things brought some nasty crashes
(essentially, finally breaking what was already not so nice
in 1.x: see, e.g. ASN1_ITEM_free and ASN1_ITEM_ptr that we
have to use to free resources allocated by openssl). Let's,
at least, not use v3 from Qt built with 1.1.1 and vice
versa.

Pick-to: 6.2 5.15
Change-Id: If14a2a0ce2189a1b7967b7ab7248d11d0f2fc423
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>

1 files changed, 13 insertions, 1 deletions

diff --git a/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp b/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
index a30348b20e..037ab92f62 100644
--- a/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
+++ b/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
@@ -930,13 +930,25 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(OpenSSL_version_num)
     RESOLVEFUNC(OpenSSL_version)
 
-    if (!_q_OpenSSL_version) {
+    if (!_q_OpenSSL_version || !_q_OpenSSL_version_num) {
         // Apparently, we were built with OpenSSL 1.1 enabled but are now using
         // a wrong library.
         qCWarning(lcTlsBackend, "Incompatible version of OpenSSL");
         return false;
     }
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+    if (q_OpenSSL_version_num() < 0x30000000) {
+        qCWarning(lcTlsBackend, "Incompatible version of OpenSSL (built with OpenSSL >= 3.x, runtime version is < 3.x)");
+        return false;
+    }
+#else
+    if (q_OpenSSL_version_num() >= 0x30000000) {
+        qCWarning(lcTlsBackend, "Incompatible version of OpenSSL (built with OpenSSL 1.x, runtime version is >= 3.x)");
+        return false;
+    }
+#endif // OPENSSL_VERSION_NUMBER
+
     RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
 
 #if QT_CONFIG(dtls)