diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2020-09-09 08:37:54 +0200 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2020-09-14 10:24:59 +0200 |
commit | 9bd8b6974dc4d41b205de2ed7e424624d91c569a (patch) | |
tree | 29c3ed9414eec97999674dc62c24a4f3c618ce10 /tests/auto/network/ssl | |
parent | a28fa432f022abad9605f258ecde1d86a2ef2071 (diff) |
QSsl: workaround a 'very secure' OpenSSL version (CentOS 8.x et al)
CentOS it seems not only backported some OpenSSL 3 functions,
but also raised the default security level to 2, making some of
our keys (and MDs?) 'too weak' and failing auto-tests here and
there as a result. For our auto-test we lower the level to 1,
as it is expected to be.
Fixes: QTBUG-86336
Change-Id: I7062a1b292e8b60eb9c2b2e82bd002f09f9da603
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 605d2163f1dcd7e1ad701ade913cb476b91865b1)
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'tests/auto/network/ssl')
3 files changed, 22 insertions, 1 deletions
diff --git a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp index 5d79b0f26b..1fc46ca36a 100644 --- a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp +++ b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp @@ -189,6 +189,9 @@ void tst_QDtls::initTestCase() defaultServerConfig.setDtlsCookieVerificationEnabled(false); hostName = QStringLiteral("bob.org"); + + void qt_ForceTlsSecurityLevel(); + qt_ForceTlsSecurityLevel(); } void tst_QDtls::init() diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index e5a6073b1d..9854ff9c87 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -101,6 +101,11 @@ static const quint16 PSK_SERVER_PORT = 4433; static const QByteArray PSK_CLIENT_PRESHAREDKEY = QByteArrayLiteral("\x1a\x2b\x3c\x4d\x5e\x6f"); static const QByteArray PSK_SERVER_IDENTITY_HINT = QByteArrayLiteral("QtTestServerHint"); static const QByteArray PSK_CLIENT_IDENTITY = QByteArrayLiteral("Client_identity"); + +QT_BEGIN_NAMESPACE +void qt_ForceTlsSecurityLevel(); +QT_END_NAMESPACE + #endif // !QT_NO_OPENSSL class tst_QSslSocket : public QObject @@ -436,6 +441,10 @@ void tst_QSslSocket::init() #endif // QT_NO_NETWORKPROXY } +#ifndef QT_NO_OPENSSL + QT_PREPEND_NAMESPACE(qt_ForceTlsSecurityLevel)(); +#endif // QT_NO_OPENSSL + qt_qhostinfo_clear_cache(); } diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp index 5215204a5c..000f2f4da9 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp @@ -43,6 +43,11 @@ #ifndef QT_NO_OPENSSL typedef QSharedPointer<QSslSocket> QSslSocketPtr; + +QT_BEGIN_NAMESPACE +void qt_ForceTlsSecurityLevel(); +QT_END_NAMESPACE + #endif class tst_QSslSocket_onDemandCertificates_member : public QObject @@ -54,6 +59,10 @@ class tst_QSslSocket_onDemandCertificates_member : public QObject public: #ifndef QT_NO_OPENSSL + tst_QSslSocket_onDemandCertificates_member() + { + QT_PREPEND_NAMESPACE(qt_ForceTlsSecurityLevel)(); + } QSslSocketPtr newSocket(); #endif @@ -69,7 +78,7 @@ private slots: void onDemandRootCertLoadingMemberMethods(); private: - QSslSocket *socket; + QSslSocket *socket = nullptr; #endif // QT_NO_OPENSSL }; |