QSsl: workaround a 'very secure' OpenSSL version (CentOS 8.x et al)

CentOS it seems not only backported some OpenSSL 3 functions, but also raised the default security level to 2, making some of our keys (and MDs?) 'too weak' and failing auto-tests here and there as a result. For our auto-test we lower the level to 1, as it is expected to be. Fixes: QTBUG-86336 Pick-to: 5.15 Change-Id: I7062a1b292e8b60eb9c2b2e82bd002f09f9da603 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2020-09-09 08:37:54 +0200
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2020-09-12 05:36:08 +0200
commit: 605d2163f1dcd7e1ad701ade913cb476b91865b1 (patch)
tree: 9db599aad23ae70761246dc104f340cb897a82b6 /tests/auto/network
parent: 5bb4baae0379d5903f547f0399be9620f5ab06a0 (diff)
4 files changed, 32 insertions, 1 deletions
diff --git a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
index fa574b8d92..0766cd26fc 100644
--- a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
+++ b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
@@ -98,6 +98,12 @@ Q_DECLARE_METATYPE(QNetworkProxyQuery)
 
 typedef QSharedPointer<QNetworkReply> QNetworkReplyPtr;
 
+#ifndef QT_NO_OPENSSL
+QT_BEGIN_NAMESPACE
+void qt_ForceTlsSecurityLevel();
+QT_END_NAMESPACE
+#endif
+
 class MyCookieJar;
 class tst_QNetworkReply: public QObject
 {
@@ -1564,6 +1570,10 @@ void tst_QNetworkReply::initTestCase()
         QString::fromLatin1("Couldn't find echo dir starting from %1.").arg(QDir::currentPath())));
 
     cleanupTestData();
+#ifndef QT_NO_OPENSSL
+    QT_PREPEND_NAMESPACE(qt_ForceTlsSecurityLevel)();
+#endif // QT_NO_OPENSSL
+
 }
 
 void tst_QNetworkReply::cleanupTestCase()
diff --git a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp
index 0607a4b656..fd51c091a8 100644
--- a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp
+++ b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp
@@ -188,6 +188,9 @@ void tst_QDtls::initTestCase()
     defaultServerConfig.setDtlsCookieVerificationEnabled(false);
 
     hostName = QStringLiteral("bob.org");
+
+    void qt_ForceTlsSecurityLevel();
+    qt_ForceTlsSecurityLevel();
 }
 
 void tst_QDtls::init()
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index 470ef1cd25..1718b787f5 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -101,6 +101,11 @@ static const quint16 PSK_SERVER_PORT = 4433;
 static const QByteArray PSK_CLIENT_PRESHAREDKEY = QByteArrayLiteral("\x1a\x2b\x3c\x4d\x5e\x6f");
 static const QByteArray PSK_SERVER_IDENTITY_HINT = QByteArrayLiteral("QtTestServerHint");
 static const QByteArray PSK_CLIENT_IDENTITY = QByteArrayLiteral("Client_identity");
+
+QT_BEGIN_NAMESPACE
+void qt_ForceTlsSecurityLevel();
+QT_END_NAMESPACE
+
 #endif  // !QT_NO_OPENSSL
 
 class tst_QSslSocket : public QObject
@@ -440,6 +445,10 @@ void tst_QSslSocket::init()
 #endif // QT_NO_NETWORKPROXY
     }
 
+#ifndef QT_NO_OPENSSL
+    QT_PREPEND_NAMESPACE(qt_ForceTlsSecurityLevel)();
+#endif // QT_NO_OPENSSL
+
     qt_qhostinfo_clear_cache();
 }
 
diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp
index 5215204a5c..000f2f4da9 100644
--- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp
+++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp
@@ -43,6 +43,11 @@
 
 #ifndef QT_NO_OPENSSL
 typedef QSharedPointer<QSslSocket> QSslSocketPtr;
+
+QT_BEGIN_NAMESPACE
+void qt_ForceTlsSecurityLevel();
+QT_END_NAMESPACE
+
 #endif
 
 class tst_QSslSocket_onDemandCertificates_member : public QObject
@@ -54,6 +59,10 @@ class tst_QSslSocket_onDemandCertificates_member : public QObject
 public:
 
 #ifndef QT_NO_OPENSSL
+    tst_QSslSocket_onDemandCertificates_member()
+    {
+        QT_PREPEND_NAMESPACE(qt_ForceTlsSecurityLevel)();
+    }
     QSslSocketPtr newSocket();
 #endif
 
@@ -69,7 +78,7 @@ private slots:
     void onDemandRootCertLoadingMemberMethods();
 
 private:
-    QSslSocket *socket;
+    QSslSocket *socket = nullptr;
 #endif // QT_NO_OPENSSL
 };
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2020-09-09 08:37:54 +0200
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2020-09-12 05:36:08 +0200
commit	605d2163f1dcd7e1ad701ade913cb476b91865b1 (patch)
tree	9db599aad23ae70761246dc104f340cb897a82b6 /tests/auto/network
parent	5bb4baae0379d5903f547f0399be9620f5ab06a0 (diff)