diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2020-09-09 08:37:54 +0200 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2020-09-12 05:36:08 +0200 |
commit | 605d2163f1dcd7e1ad701ade913cb476b91865b1 (patch) | |
tree | 9db599aad23ae70761246dc104f340cb897a82b6 /tests | |
parent | 5bb4baae0379d5903f547f0399be9620f5ab06a0 (diff) |
QSsl: workaround a 'very secure' OpenSSL version (CentOS 8.x et al)
CentOS it seems not only backported some OpenSSL 3 functions,
but also raised the default security level to 2, making some of
our keys (and MDs?) 'too weak' and failing auto-tests here and
there as a result. For our auto-test we lower the level to 1,
as it is expected to be.
Fixes: QTBUG-86336
Pick-to: 5.15
Change-Id: I7062a1b292e8b60eb9c2b2e82bd002f09f9da603
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'tests')
4 files changed, 32 insertions, 1 deletions
diff --git a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp index fa574b8d92..0766cd26fc 100644 --- a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp +++ b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp @@ -98,6 +98,12 @@ Q_DECLARE_METATYPE(QNetworkProxyQuery) typedef QSharedPointer<QNetworkReply> QNetworkReplyPtr; +#ifndef QT_NO_OPENSSL +QT_BEGIN_NAMESPACE +void qt_ForceTlsSecurityLevel(); +QT_END_NAMESPACE +#endif + class MyCookieJar; class tst_QNetworkReply: public QObject { @@ -1564,6 +1570,10 @@ void tst_QNetworkReply::initTestCase() QString::fromLatin1("Couldn't find echo dir starting from %1.").arg(QDir::currentPath()))); cleanupTestData(); +#ifndef QT_NO_OPENSSL + QT_PREPEND_NAMESPACE(qt_ForceTlsSecurityLevel)(); +#endif // QT_NO_OPENSSL + } void tst_QNetworkReply::cleanupTestCase() diff --git a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp index 0607a4b656..fd51c091a8 100644 --- a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp +++ b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp @@ -188,6 +188,9 @@ void tst_QDtls::initTestCase() defaultServerConfig.setDtlsCookieVerificationEnabled(false); hostName = QStringLiteral("bob.org"); + + void qt_ForceTlsSecurityLevel(); + qt_ForceTlsSecurityLevel(); } void tst_QDtls::init() diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 470ef1cd25..1718b787f5 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -101,6 +101,11 @@ static const quint16 PSK_SERVER_PORT = 4433; static const QByteArray PSK_CLIENT_PRESHAREDKEY = QByteArrayLiteral("\x1a\x2b\x3c\x4d\x5e\x6f"); static const QByteArray PSK_SERVER_IDENTITY_HINT = QByteArrayLiteral("QtTestServerHint"); static const QByteArray PSK_CLIENT_IDENTITY = QByteArrayLiteral("Client_identity"); + +QT_BEGIN_NAMESPACE +void qt_ForceTlsSecurityLevel(); +QT_END_NAMESPACE + #endif // !QT_NO_OPENSSL class tst_QSslSocket : public QObject @@ -440,6 +445,10 @@ void tst_QSslSocket::init() #endif // QT_NO_NETWORKPROXY } +#ifndef QT_NO_OPENSSL + QT_PREPEND_NAMESPACE(qt_ForceTlsSecurityLevel)(); +#endif // QT_NO_OPENSSL + qt_qhostinfo_clear_cache(); } diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp index 5215204a5c..000f2f4da9 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp @@ -43,6 +43,11 @@ #ifndef QT_NO_OPENSSL typedef QSharedPointer<QSslSocket> QSslSocketPtr; + +QT_BEGIN_NAMESPACE +void qt_ForceTlsSecurityLevel(); +QT_END_NAMESPACE + #endif class tst_QSslSocket_onDemandCertificates_member : public QObject @@ -54,6 +59,10 @@ class tst_QSslSocket_onDemandCertificates_member : public QObject public: #ifndef QT_NO_OPENSSL + tst_QSslSocket_onDemandCertificates_member() + { + QT_PREPEND_NAMESPACE(qt_ForceTlsSecurityLevel)(); + } QSslSocketPtr newSocket(); #endif @@ -69,7 +78,7 @@ private slots: void onDemandRootCertLoadingMemberMethods(); private: - QSslSocket *socket; + QSslSocket *socket = nullptr; #endif // QT_NO_OPENSSL }; |