Extend the feature 'dtls' to handle missing DTLS support in OpenSSL

OpenSSL has 'no-dtls' configure option (or can be too ancient to properly support it), we shall respect such builds. This patch extends configure.json with a 'dtls' test and adds protection against linkage/compile-time issues in the QtNetwork's code. Change-Id: I0c0dd94f5c226115cee4285b82c83aa546555aea Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2018-06-25 16:30:36 +0200
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2018-07-13 04:50:38 +0000
commit: d74ced697e96cf89ad382ccc5f730f55df955c36 (patch)
tree: d21dd386b9b6a0d3cd8596332ce240a0a301930e /src
parent: 58065cedf753032477487799845b4414a6476a39 (diff)
13 files changed, 118 insertions, 30 deletions
diff --git a/src/network/configure.json b/src/network/configure.json
index 5245ba06b6..0215ad73c5 100644
--- a/src/network/configure.json
+++ b/src/network/configure.json
@@ -14,6 +14,7 @@
             "openssl": { "type": "optionalString", "values": [ "no", "yes", "linked", "runtime" ] },
             "openssl-linked": { "type": "void", "name": "openssl", "value": "linked" },
             "openssl-runtime": { "type": "void", "name": "openssl", "value": "runtime" },
+            "dtls": "boolean",
             "sctp": "boolean",
             "securetransport": "boolean",
             "ssl": "boolean",
@@ -149,6 +150,19 @@
             "type": "compile",
             "test": "unix/openssl11",
             "use": "openssl"
+        },
+        "dtls": {
+            "label": "DTLS support in OpenSSL",
+            "type": "compile",
+            "test": {
+                "include": "openssl/ssl.h",
+                "tail": [
+                    "#if defined(OPENSSL_NO_DTLS) || !defined(DTLS1_2_VERSION)",
+                    "#  error OpenSSL without DTLS support",
+                    "#endif"
+                ]
+            },
+            "use": "openssl"
         }
     },
 
@@ -220,7 +234,7 @@
             "label": "DTLS",
             "purpose": "Provides a DTLS implementation",
             "section": "Networking",
-            "condition": "features.openssl",
+            "condition": "features.openssl && tests.dtls",
             "output": [ "publicFeature" ]
         },
         "opensslv11": {
@@ -353,6 +367,7 @@ For example:
                 "openssl",
                 "openssl-linked",
                 "opensslv11",
+                "dtls",
                 "sctp",
                 "system-proxies"
             ]
diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h
index 0f091b181a..8ab24d89e1 100644
--- a/src/network/ssl/qssl.h
+++ b/src/network/ssl/qssl.h
@@ -91,10 +91,12 @@ namespace QSsl {
         TlsV1_1OrLater,
         TlsV1_2OrLater,
 
+#if QT_CONFIG(dtls)
         DtlsV1_0,
         DtlsV1_0OrLater,
         DtlsV1_2,
         DtlsV1_2OrLater,
+#endif
 
         UnknownProtocol = -1
     };
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index 71c4f7090c..12fbb9a8e4 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -227,7 +227,8 @@ bool QSslConfiguration::operator==(const QSslConfiguration &other) const
         d->sslSessionTicketLifeTimeHint == other.d->sslSessionTicketLifeTimeHint &&
         d->nextAllowedProtocols == other.d->nextAllowedProtocols &&
         d->nextNegotiatedProtocol == other.d->nextNegotiatedProtocol &&
-        d->nextProtocolNegotiationStatus == other.d->nextProtocolNegotiationStatus;
+        d->nextProtocolNegotiationStatus == other.d->nextProtocolNegotiationStatus &&
+        d->dtlsCookieEnabled == other.d->dtlsCookieEnabled;
 }
 
 /*!
@@ -998,27 +999,6 @@ QSslConfiguration::NextProtocolNegotiationStatus QSslConfiguration::nextProtocol
 }
 
 /*!
-  This function returns true if DTLS cookie verification was enabled on a
-  server-side socket.
-
-  \sa setDtlsCookieVerificationEnabled()
- */
-bool QSslConfiguration::dtlsCookieVerificationEnabled() const
-{
-    return d->dtlsCookieEnabled;
-}
-
-/*!
-  This function enables DTLS cookie verification when \a enable is true.
-
-  \sa dtlsCookieVerificationEnabled()
- */
-void QSslConfiguration::setDtlsCookieVerificationEnabled(bool enable)
-{
-    d->dtlsCookieEnabled = enable;
-}
-
-/*!
     Returns the default SSL configuration to be used in new SSL
     connections.
 
@@ -1051,6 +1031,29 @@ void QSslConfiguration::setDefaultConfiguration(const QSslConfiguration &configu
     QSslConfigurationPrivate::setDefaultConfiguration(configuration);
 }
 
+#if QT_CONFIG(dtls)
+
+/*!
+  This function returns true if DTLS cookie verification was enabled on a
+  server-side socket.
+
+  \sa setDtlsCookieVerificationEnabled()
+ */
+bool QSslConfiguration::dtlsCookieVerificationEnabled() const
+{
+    return d->dtlsCookieEnabled;
+}
+
+/*!
+  This function enables DTLS cookie verification when \a enable is true.
+
+  \sa dtlsCookieVerificationEnabled()
+ */
+void QSslConfiguration::setDtlsCookieVerificationEnabled(bool enable)
+{
+    d->dtlsCookieEnabled = enable;
+}
+
 /*!
     Returns the default DTLS configuration to be used in new DTLS
     connections.
@@ -1085,6 +1088,7 @@ void QSslConfiguration::setDefaultDtlsConfiguration(const QSslConfiguration &con
     QSslConfigurationPrivate::setDefaultDtlsConfiguration(configuration);
 }
 
+#endif // dtls
 
 /*! \internal
 */
diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h
index 5435720b01..7f6028db27 100644
--- a/src/network/ssl/qsslconfiguration.h
+++ b/src/network/ssl/qsslconfiguration.h
@@ -159,14 +159,16 @@ public:
     void setBackendConfigurationOption(const QByteArray &name, const QVariant &value);
     void setBackendConfiguration(const QMap<QByteArray, QVariant> &backendConfiguration = QMap<QByteArray, QVariant>());
 
-    bool dtlsCookieVerificationEnabled() const;
-    void setDtlsCookieVerificationEnabled(bool enable);
-
     static QSslConfiguration defaultConfiguration();
     static void setDefaultConfiguration(const QSslConfiguration &configuration);
 
+#if QT_CONFIG(dtls)
+    bool dtlsCookieVerificationEnabled() const;
+    void setDtlsCookieVerificationEnabled(bool enable);
+
     static QSslConfiguration defaultDtlsConfiguration();
     static void setDefaultDtlsConfiguration(const QSslConfiguration &configuration);
+#endif // dtls
 
     enum NextProtocolNegotiationStatus {
         NextProtocolNegotiationNone,
diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h
index f44485d51a..6c23165c6a 100644
--- a/src/network/ssl/qsslconfiguration_p.h
+++ b/src/network/ssl/qsslconfiguration_p.h
@@ -137,7 +137,11 @@ public:
     QByteArray nextNegotiatedProtocol;
     QSslConfiguration::NextProtocolNegotiationStatus nextProtocolNegotiationStatus;
 
+#if QT_CONFIG(dtls)
     bool dtlsCookieEnabled = true;
+#else
+    const bool dtlsCookieEnabled = false;
+#endif // dtls
 
     // in qsslsocket.cpp:
     static QSslConfiguration defaultConfiguration();
diff --git a/src/network/ssl/qsslcontext_openssl11.cpp b/src/network/ssl/qsslcontext_openssl11.cpp
index bf0c1aedbf..b3bee64dde 100644
--- a/src/network/ssl/qsslcontext_openssl11.cpp
+++ b/src/network/ssl/qsslcontext_openssl11.cpp
@@ -59,6 +59,7 @@ QT_BEGIN_NAMESPACE
 extern int q_X509Callback(int ok, X509_STORE_CTX *ctx);
 extern QString getErrorsFromOpenSsl();
 
+#if QT_CONFIG(dtls)
 // defined in qdtls_openssl.cpp:
 namespace dtlscallbacks
 {
@@ -68,6 +69,7 @@ extern "C" int q_generate_cookie_callback(SSL *ssl, unsigned char *dst,
 extern "C" int q_verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
                                         unsigned cookieLength);
 }
+#endif // dtls
 
 static inline QString msgErrorSettingEllipticCurves(const QString &why)
 {
@@ -95,6 +97,7 @@ init_context:
         unsupportedProtocol = true;
     } else {
         switch (sslContext->sslConfiguration.protocol()) {
+#if QT_CONFIG(dtls)
         case QSsl::DtlsV1_0:
         case QSsl::DtlsV1_0OrLater:
         case QSsl::DtlsV1_2:
@@ -102,6 +105,7 @@ init_context:
             isDtls = true;
             sslContext->ctx = q_SSL_CTX_new(client ? q_DTLS_client_method() : q_DTLS_server_method());
             break;
+#endif // dtls
         default:
             // The ssl options will actually control the supported methods
             sslContext->ctx = q_SSL_CTX_new(client ? q_TLS_client_method() : q_TLS_server_method());
@@ -124,7 +128,12 @@ init_context:
         return;
     }
 
-    const long anyVersion = isDtls ? DTLS_ANY_VERSION : TLS_ANY_VERSION;
+    const long anyVersion =
+#if QT_CONFIG(dtls)
+                            isDtls ? DTLS_ANY_VERSION : TLS_ANY_VERSION;
+#else
+                            TLS_ANY_VERSION;
+#endif // dtls
     long minVersion = anyVersion;
     long maxVersion = anyVersion;
 
@@ -165,6 +174,7 @@ init_context:
         minVersion = TLS1_2_VERSION;
         maxVersion = TLS_MAX_VERSION;
         break;
+#if QT_CONFIG(dtls)
     case QSsl::DtlsV1_0:
         minVersion = DTLS1_VERSION;
         maxVersion = DTLS1_VERSION;
@@ -181,6 +191,7 @@ init_context:
         minVersion = DTLS1_2_VERSION;
         maxVersion = DTLS_MAX_VERSION;
         break;
+#endif // dtls
     case QSsl::SslV2:
         // This protocol is not supported by OpenSSL 1.1 and we handle
         // it as an error (see the code above).
@@ -326,13 +337,18 @@ init_context:
         q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, nullptr);
     } else {
         q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER,
-                             isDtls ? dtlscallbacks::q_X509DtlsCallback : q_X509Callback);
+#if QT_CONFIG(dtls)
+                             isDtls ? dtlscallbacks::q_X509DtlsCallback :
+#endif // dtls
+                             q_X509Callback);
     }
 
+#if QT_CONFIG(dtls)
     if (mode == QSslSocket::SslServerMode && isDtls && configuration.dtlsCookieVerificationEnabled()) {
         q_SSL_CTX_set_cookie_generate_cb(sslContext->ctx, dtlscallbacks::q_generate_cookie_callback);
         q_SSL_CTX_set_cookie_verify_cb(sslContext->ctx, dtlscallbacks::q_verify_cookie_callback);
     }
+#endif // dtls
 
     // Set verification depth.
     if (sslContext->sslConfiguration.peerVerifyDepth() != 0)
diff --git a/src/network/ssl/qsslcontext_opensslpre11.cpp b/src/network/ssl/qsslcontext_opensslpre11.cpp
index a54b0ac5f0..c8be2ecb31 100644
--- a/src/network/ssl/qsslcontext_opensslpre11.cpp
+++ b/src/network/ssl/qsslcontext_opensslpre11.cpp
@@ -56,6 +56,7 @@ QT_BEGIN_NAMESPACE
 extern int q_X509Callback(int ok, X509_STORE_CTX *ctx);
 extern QString getErrorsFromOpenSsl();
 
+#if QT_CONFIG(dtls)
 // defined in qdtls_openssl.cpp:
 namespace dtlscallbacks
 {
@@ -65,6 +66,7 @@ extern "C" int q_generate_cookie_callback(SSL *ssl, unsigned char *dst,
 extern "C" int q_verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
                                         unsigned cookieLength);
 }
+#endif // dtls
 
 static inline QString msgErrorSettingEllipticCurves(const QString &why)
 {
@@ -86,6 +88,7 @@ void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mo
     bool isDtls = false;
 init_context:
     switch (sslContext->sslConfiguration.protocol()) {
+#if QT_CONFIG(dtls)
     case QSsl::DtlsV1_0:
         isDtls = true;
         sslContext->ctx = q_SSL_CTX_new(client ? q_DTLSv1_client_method() : q_DTLSv1_server_method());
@@ -101,6 +104,7 @@ init_context:
         isDtls = true;
         sslContext->ctx = q_SSL_CTX_new(client ? q_DTLS_client_method() : q_DTLS_server_method());
         break;
+#endif // dtls
     case QSsl::SslV2:
 #ifndef OPENSSL_NO_SSL2
         sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method());
@@ -313,13 +317,18 @@ init_context:
         q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, 0);
     } else {
         q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER,
-                             isDtls ? dtlscallbacks::q_X509DtlsCallback : q_X509Callback);
+#if QT_CONFIG(dtls)
+                             isDtls ? dtlscallbacks::q_X509DtlsCallback :
+#endif // dtls
+                             q_X509Callback);
     }
 
+#if QT_CONFIG(dtls)
     if (mode == QSslSocket::SslServerMode && isDtls && configuration.dtlsCookieVerificationEnabled()) {
         q_SSL_CTX_set_cookie_generate_cb(sslContext->ctx, dtlscallbacks::q_generate_cookie_callback);
         q_SSL_CTX_set_cookie_verify_cb(sslContext->ctx, CookieVerifyCallback(dtlscallbacks::q_verify_cookie_callback));
     }
+#endif // dtls
 
     // Set verification depth.
     if (sslContext->sslConfiguration.peerVerifyDepth() != 0)
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index 11b7e08a36..2cfe347867 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -340,7 +340,9 @@ public:
         : config(new QSslConfigurationPrivate),
           dtlsConfig(new QSslConfigurationPrivate)
     {
+#if QT_CONFIG(dtls)
         dtlsConfig->protocol = QSsl::DtlsV1_2OrLater;
+#endif // dtls
     }
 
     QMutex mutex;
@@ -2316,6 +2318,9 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
     ptr->sslOptions = global->sslOptions;
     ptr->ellipticCurves = global->ellipticCurves;
     ptr->backendConfig = global->backendConfig;
+#if QT_CONFIG(dtls)
+    ptr->dtlsCookieEnabled = global->dtlsCookieEnabled;
+#endif
 }
 
 /*!
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index e8dd6c8c5b..038d32ae13 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -487,9 +487,9 @@ void QSslSocketPrivate::resetDefaultCiphers()
     setDefaultSupportedCiphers(ciphers);
     setDefaultCiphers(defaultCiphers);
 
+#if QT_CONFIG(dtls)
     ciphers.clear();
     defaultCiphers.clear();
-
     myCtx = q_SSL_CTX_new(q_DTLS_client_method());
     if (myCtx) {
         mySsl = q_SSL_new(myCtx);
@@ -500,6 +500,7 @@ void QSslSocketPrivate::resetDefaultCiphers()
         }
         q_SSL_CTX_free(myCtx);
     }
+#endif // dtls
 }
 
 void QSslSocketPrivate::resetDefaultEllipticCurves()
diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
index b478b2a595..844c3437be 100644
--- a/src/network/ssl/qsslsocket_openssl11_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
@@ -130,6 +130,7 @@ const char *q_OpenSSL_version(int type);
 unsigned long q_SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session);
 unsigned long q_SSL_set_options(SSL *s, unsigned long op);
 
+#if QT_CONFIG(dtls)
 // Functions and types required for DTLS support:
 extern "C"
 {
@@ -149,6 +150,7 @@ BIO_ADDR *q_BIO_ADDR_new();
 void q_BIO_ADDR_free(BIO_ADDR *ap);
 
 // API we need for a custom dgram BIO:
+
 BIO_METHOD *q_BIO_meth_new(int type, const char *name);
 void q_BIO_meth_free(BIO_METHOD *biom);
 int q_BIO_meth_set_write(BIO_METHOD *biom, DgramWriteCallback);
@@ -157,6 +159,9 @@ int q_BIO_meth_set_puts(BIO_METHOD *biom, DgramPutsCallback);
 int q_BIO_meth_set_ctrl(BIO_METHOD *biom, DgramCtrlCallback);
 int q_BIO_meth_set_create(BIO_METHOD *biom, DgramCreateCallback);
 int q_BIO_meth_set_destroy(BIO_METHOD *biom, DgramDestroyCallback);
+
+#endif // dtls
+
 void q_BIO_set_data(BIO *a, void *ptr);
 void *q_BIO_get_data(BIO *a);
 void q_BIO_set_init(BIO *a, int init);
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
index 2f376894b5..7961118f00 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -179,6 +179,8 @@ DEFINEFUNC(const char *, OpenSSL_version, int a, a, return 0, return)
 DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return)
 DEFINEFUNC4(void, DH_get0_pqg, const DH *dh, dh, const BIGNUM **p, p, const BIGNUM **q, q, const BIGNUM **g, g, return, DUMMYARG)
 DEFINEFUNC(int, DH_bits, DH *dh, dh, return 0, return)
+
+#if QT_CONFIG(dtls)
 DEFINEFUNC2(int, DTLSv1_listen, SSL *s, s, BIO_ADDR *c, c, return -1, return)
 DEFINEFUNC(BIO_ADDR *, BIO_ADDR_new, DUMMYARG, DUMMYARG, return nullptr, return)
 DEFINEFUNC(void, BIO_ADDR_free, BIO_ADDR *ap, ap, return, DUMMYARG)
@@ -190,6 +192,8 @@ DEFINEFUNC2(int, BIO_meth_set_puts, BIO_METHOD *biom, biom, DgramPutsCallback pu
 DEFINEFUNC2(int, BIO_meth_set_ctrl, BIO_METHOD *biom, biom, DgramCtrlCallback ctrl, ctrl, return 0, return)
 DEFINEFUNC2(int, BIO_meth_set_create, BIO_METHOD *biom, biom, DgramCreateCallback crt, crt, return 0, return)
 DEFINEFUNC2(int, BIO_meth_set_destroy, BIO_METHOD *biom, biom, DgramDestroyCallback dtr, dtr, return 0, return)
+#endif // dtls
+
 DEFINEFUNC2(void, BIO_set_data, BIO *a, a, void *ptr, ptr, return, DUMMYARG)
 DEFINEFUNC(void *, BIO_get_data, BIO *a, a, return nullptr, return)
 DEFINEFUNC2(void, BIO_set_init, BIO *a, a, int init, init, return, DUMMYARG)
@@ -304,10 +308,12 @@ DEFINEFUNC3(EC_KEY *, d2i_ECPrivateKey, EC_KEY **a, a, unsigned char **b, b, lon
 #endif
 #endif
 
+#if QT_CONFIG(dtls)
 DEFINEFUNC(const SSL_METHOD *, DTLSv1_server_method, void, DUMMYARG, return nullptr, return)
 DEFINEFUNC(const SSL_METHOD *, DTLSv1_client_method, void, DUMMYARG, return nullptr, return)
 DEFINEFUNC(const SSL_METHOD *, DTLSv1_2_server_method, void, DUMMYARG, return nullptr, return)
 DEFINEFUNC(const SSL_METHOD *, DTLSv1_2_client_method, void, DUMMYARG, return nullptr, return)
+#endif // dtls
 
 DEFINEFUNC(char *, CONF_get1_default_config_file, DUMMYARG, DUMMYARG, return 0, return)
 DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMMYARG)
@@ -555,10 +561,12 @@ DEFINEFUNC3(void, SSL_get0_alpn_selected, const SSL *s, s, const unsigned char *
 #endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ...
 
 // DTLS:
+#if QT_CONFIG(dtls)
 DEFINEFUNC2(void, SSL_CTX_set_cookie_generate_cb, SSL_CTX *ctx, ctx, CookieGenerateCallback cb, cb, return, DUMMYARG)
 DEFINEFUNC2(void, SSL_CTX_set_cookie_verify_cb, SSL_CTX *ctx, ctx, CookieVerifyCallback cb, cb, return, DUMMYARG)
 DEFINEFUNC(const SSL_METHOD *, DTLS_server_method, DUMMYARG, DUMMYARG, return nullptr, return)
 DEFINEFUNC(const SSL_METHOD *, DTLS_client_method, DUMMYARG, DUMMYARG, return nullptr, return)
+#endif // dtls
 DEFINEFUNC2(void, BIO_set_flags, BIO *b, b, int flags, flags, return, DUMMYARG)
 DEFINEFUNC2(void, BIO_clear_flags, BIO *b, b, int flags, flags, return, DUMMYARG)
 DEFINEFUNC2(void *, BIO_get_ex_data, BIO *b, b, int idx, idx, return nullptr, return)
@@ -963,6 +971,8 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
     RESOLVEFUNC(DH_bits)
     RESOLVEFUNC(DSA_bits)
+
+#if QT_CONFIG(dtls)
     RESOLVEFUNC(DTLSv1_listen)
     RESOLVEFUNC(BIO_ADDR_new)
     RESOLVEFUNC(BIO_ADDR_free)
@@ -974,6 +984,8 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(BIO_meth_set_ctrl)
     RESOLVEFUNC(BIO_meth_set_create)
     RESOLVEFUNC(BIO_meth_set_destroy)
+#endif // dtls
+
     RESOLVEFUNC(BIO_set_data)
     RESOLVEFUNC(BIO_get_data)
     RESOLVEFUNC(BIO_set_init)
@@ -1044,10 +1056,12 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(d2i_RSAPrivateKey)
 #endif
 
+#if QT_CONFIG(dtls)
     RESOLVEFUNC(DTLSv1_server_method)
     RESOLVEFUNC(DTLSv1_client_method)
     RESOLVEFUNC(DTLSv1_2_server_method)
     RESOLVEFUNC(DTLSv1_2_client_method)
+#endif // dtls
 
     RESOLVEFUNC(CONF_get1_default_config_file)
     RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf)
@@ -1290,10 +1304,12 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(SSL_CTX_set_alpn_select_cb)
     RESOLVEFUNC(SSL_get0_alpn_selected)
 #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ...
+#if QT_CONFIG(dtls)
     RESOLVEFUNC(SSL_CTX_set_cookie_generate_cb)
     RESOLVEFUNC(SSL_CTX_set_cookie_verify_cb)
     RESOLVEFUNC(DTLS_server_method)
     RESOLVEFUNC(DTLS_client_method)
+#endif // dtls
     RESOLVEFUNC(DH_new)
     RESOLVEFUNC(DH_free)
     RESOLVEFUNC(d2i_DHparams)
diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
index 551ad9f7b7..bfdfbf0efc 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
@@ -533,6 +533,8 @@ void q_SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
 #endif
 #endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ...
 
+#if QT_CONFIG(dtls)
+
 extern "C"
 {
 typedef int (*CookieGenerateCallback)(SSL *, unsigned char *, unsigned *);
@@ -543,12 +545,16 @@ void q_SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, CookieVerifyCallback cb);
 const SSL_METHOD *q_DTLS_server_method();
 const SSL_METHOD *q_DTLS_client_method();
 
+#endif // dtls
+
 void *q_X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
 int q_SSL_get_ex_data_X509_STORE_CTX_idx();
 
+#if QT_CONFIG(dtls)
 #define q_DTLS_set_link_mtu(ssl, mtu) q_SSL_ctrl((ssl), DTLS_CTRL_SET_LINK_MTU, (mtu), nullptr)
 #define q_DTLSv1_get_timeout(ssl, arg) q_SSL_ctrl(ssl, DTLS_CTRL_GET_TIMEOUT, 0, arg)
 #define q_DTLSv1_handle_timeout(ssl) q_SSL_ctrl(ssl, DTLS_CTRL_HANDLE_TIMEOUT, 0, nullptr)
+#endif // dtls
 
 void q_BIO_set_flags(BIO *b, int flags);
 void q_BIO_clear_flags(BIO *b, int flags);
diff --git a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
index f499af228d..b7bac5d2a2 100644
--- a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
+++ b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
@@ -227,16 +227,19 @@ void q_OPENSSL_add_all_algorithms_conf();
 long q_SSLeay();
 const char *q_SSLeay_version(int type);
 
+#if QT_CONFIG(dtls)
 // DTLS:
 extern "C"
 {
 typedef int (*CookieVerifyCallback)(SSL *, unsigned char *, unsigned);
 }
+
 #define q_DTLSv1_listen(ssl, peer) q_SSL_ctrl(ssl, DTLS_CTRL_LISTEN, 0, (void *)peer)
 
 const SSL_METHOD *q_DTLSv1_server_method();
 const SSL_METHOD *q_DTLSv1_client_method();
 const SSL_METHOD *q_DTLSv1_2_server_method();
 const SSL_METHOD *q_DTLSv1_2_client_method();
+#endif // dtls
 
 #endif // QSSLSOCKET_OPENSSL_PRE11_SYMBOLS_P_H
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2018-06-25 16:30:36 +0200
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2018-07-13 04:50:38 +0000
commit	d74ced697e96cf89ad382ccc5f730f55df955c36 (patch)
tree	d21dd386b9b6a0d3cd8596332ce240a0a301930e /src
parent	58065cedf753032477487799845b4414a6476a39 (diff)