OpenSSL: force the "1.0.0" soname when loading OpenSSL 1.0

Some Linux distributions patch OpenSSL's soname, making builds
on such distributions not deployable elsewhere. The problem is that
the code loading OpenSSL symbols would attempt to use the soname
of the build machine, and therefore not finding the OpenSSL
libraries on the deploy system.

The binary builds of Qt for Linux are affected by this problem,
as they build under RHEL7.4 which changes to soname of OpenSSL to
a non-standard string. This makes the binary builds not pick up
OpenSSL 1.0 from the machine where the build gets installed on.

Given that in the pre-1.1 versions only the 1.0 series is supported,
bump the minimum requirement of Qt to that. The 1.0.x releases
(up to 1.0.2, at the time of this writing) have kept binary
compatibility, and advertise a soname of "1.0.0", which is used
by most distributions.

So, if loading of OpenSSL with the build-time soname fails,
try to load them with the "1.0.0" hardcoded soname.

[ChangeLog][QtNetwork][SSL] OpenSSL >= 1.0 is now required to build
Qt with OpenSSL support.

Task-number: QTBUG-68156
Change-Id: Ieff1561a3c1d278b511f09fef06580f034f188c6
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 2708c6c11d685ab25c12d558961d924c9a4533d2)

2 files changed, 23 insertions, 3 deletions

diff --git a/src/network/doc/src/ssl.qdoc b/src/network/doc/src/ssl.qdoc
index e4948c393c..58589f8479 100644
--- a/src/network/doc/src/ssl.qdoc
+++ b/src/network/doc/src/ssl.qdoc
@@ -36,9 +36,8 @@
     the Secure Sockets Layer (SSL) protocol, using the \l{OpenSSL Toolkit}
     to perform encryption and protocol handling.
 
-    From Qt version 5.2 onwards, the officially supported version for OpenSSL
-    is 1.0.0 or later. Versions >= 0.9.7 and < 1.0.0 might work, but are not
-    guaranteed to work.
+    From Qt version 5.6 onwards, the officially supported version for OpenSSL
+    is 1.0.0 or later.
 
     \annotatedlist ssl
 
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
index c344a94427..6e920d5c81 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -669,6 +669,17 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl()
     // reason, we will search a few common paths (see findAllLibSsl() above) in hopes
     // we find one that works.
     //
+    // If that fails, for OpenSSL 1.0 we also try a fallback -- just look up
+    // libssl.so with a hardcoded soname. The reason is QTBUG-68156: the binary
+    // builds of Qt happen (at the time of this writing) on RHEL machines,
+    // which change SHLIB_VERSION_NUMBER to a non-portable string. When running
+    // those binaries on the target systems, this code won't pick up
+    // libssl.so.MODIFIED_SHLIB_VERSION_NUMBER because it doesn't exist there.
+    // Given that the only 1.0 supported release (at the time of this writing)
+    // is 1.0.2, with soname "1.0.0", give that a try too. Note that we mandate
+    // OpenSSL >= 1.0.0 with a configure-time check, and OpenSSL has kept binary
+    // compatibility between 1.0.0 and 1.0.2.
+    //
     // It is important, however, to try the canonical name and the unversioned name
     // without going through the loop. By not specifying a path, we let the system
     // dlopen(3) function determine it for us. This will include any DT_RUNPATH or
@@ -689,6 +700,16 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl()
         libssl->unload();
         libcrypto->unload();
     }
+
+    // first-and-half attempt: for OpenSSL 1.0 try to load an hardcoded soname.
+    libssl->setFileNameAndVersion(QLatin1String("ssl"), QLatin1String("1.0.0"));
+    libcrypto->setFileNameAndVersion(QLatin1String("crypto"), QLatin1String("1.0.0"));
+    if (libcrypto->load() && libssl->load()) {
+        return pair;
+    } else {
+        libssl->unload();
+        libcrypto->unload();
+    }
 #endif
 
 #ifndef Q_OS_DARWIN