Add the ability to do unsafe SSL renegotiation as a fallback.

This commit adds the ability to perform legacy SSL renegotiation as
a fallback via QSsl::SslOptions. This is something that used to work,
but has been disabled by default in newer versions of openssl. The
need for this has been reported by users (eg. in QTBUG-14983).

Change-Id: I5b80f3ffd07e0c5faddc469f6a8f857bac5740f7
Reviewed-by: Corentin Chary <corentin.chary@gmail.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>

1 files changed, 3 insertions, 0 deletions

diff --git a/tests/manual/qssloptions/main.cpp b/tests/manual/qssloptions/main.cpp
index 7ee3f9ce0c..21b5dab1d4 100644
--- a/tests/manual/qssloptions/main.cpp
+++ b/tests/manual/qssloptions/main.cpp
@@ -56,6 +56,7 @@ int main(int argc, char **argv)
         out << "disable_session_tickets" << endl;
         out << "disable_compression" << endl;
         out << "disable_sni" << endl;
+        out << "enable_unsafe_reneg" << endl;
         return 1;
     }
 
@@ -75,6 +76,8 @@ int main(int argc, char **argv)
             config.setSslOption(QSsl::SslOptionDisableCompression, true);
         else if (option == QStringLiteral("disable_sni"))
             config.setSslOption(QSsl::SslOptionDisableServerNameIndication, true);
+        else if (option == QStringLiteral("enable_unsafe_reneg"))
+            config.setSslOption(QSsl::SslOptionDisableLegacyRenegotiation, false);
     }
 
     QSslConfiguration::setDefaultConfiguration(config);