summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/network/ssl/qsslcontext_openssl.cpp11
-rw-r--r--src/network/ssl/qsslsocket_openssl_symbols.cpp5
-rw-r--r--src/network/ssl/qsslsocket_openssl_symbols_p.h3
-rw-r--r--tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp10
-rw-r--r--tests/auto/network/ssl/qdtls/tst_qdtls.cpp3
-rw-r--r--tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp9
-rw-r--r--tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp11
7 files changed, 50 insertions, 2 deletions
diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp
index abc398b209..c9f202f573 100644
--- a/src/network/ssl/qsslcontext_openssl.cpp
+++ b/src/network/ssl/qsslcontext_openssl.cpp
@@ -54,6 +54,13 @@
QT_BEGIN_NAMESPACE
+Q_GLOBAL_STATIC(bool, forceSecurityLevel)
+
+Q_NETWORK_EXPORT void qt_ForceTlsSecurityLevel()
+{
+ *forceSecurityLevel() = true;
+}
+
// defined in qsslsocket_openssl.cpp:
extern int q_X509Callback(int ok, X509_STORE_CTX *ctx);
extern QString getErrorsFromOpenSsl();
@@ -344,6 +351,10 @@ init_context:
return;
}
+ // A nasty hacked OpenSSL using a level that will make our auto-tests fail:
+ if (q_SSL_CTX_get_security_level(sslContext->ctx) > 1 && *forceSecurityLevel())
+ q_SSL_CTX_set_security_level(sslContext->ctx, 1);
+
const long anyVersion =
#if QT_CONFIG(dtls)
isDtls ? DTLS_ANY_VERSION : TLS_ANY_VERSION;
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
index 2f57998cea..ed80fc14bd 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -159,6 +159,8 @@ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
+DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return)
+DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return)
#ifdef TLS1_3_VERSION
DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
@@ -856,7 +858,8 @@ bool q_resolveOpenSslSymbols()
RESOLVEFUNC(OPENSSL_sk_value)
RESOLVEFUNC(DH_get0_pqg)
RESOLVEFUNC(SSL_CTX_set_options)
-
+ RESOLVEFUNC(SSL_CTX_get_security_level)
+ RESOLVEFUNC(SSL_CTX_set_security_level)
#ifdef TLS1_3_VERSION
RESOLVEFUNC(SSL_CTX_set_ciphersuites)
RESOLVEFUNC(SSL_set_psk_use_session_callback)
diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
index 018962bcc1..c46afcf53e 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
@@ -748,6 +748,9 @@ int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
void *q_CRYPTO_malloc(size_t num, const char *file, int line);
#define q_OPENSSL_malloc(num) q_CRYPTO_malloc(num, "", 0)
+int q_SSL_CTX_get_security_level(const SSL_CTX *ctx);
+void q_SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
+
QT_END_NAMESPACE
#endif
diff --git a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
index 058b28f04e..3d4a094c43 100644
--- a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
+++ b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
@@ -104,6 +104,12 @@ Q_DECLARE_METATYPE(QNetworkProxyQuery)
typedef QSharedPointer<QNetworkReply> QNetworkReplyPtr;
+#ifndef QT_NO_OPENSSL
+QT_BEGIN_NAMESPACE
+void qt_ForceTlsSecurityLevel();
+QT_END_NAMESPACE
+#endif
+
class MyCookieJar;
class tst_QNetworkReply: public QObject
{
@@ -1584,6 +1590,10 @@ void tst_QNetworkReply::initTestCase()
QString::fromLatin1("Couldn't find echo dir starting from %1.").arg(QDir::currentPath())));
cleanupTestData();
+#ifndef QT_NO_OPENSSL
+ QT_PREPEND_NAMESPACE(qt_ForceTlsSecurityLevel)();
+#endif // QT_NO_OPENSSL
+
}
void tst_QNetworkReply::cleanupTestCase()
diff --git a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp
index 5d79b0f26b..1fc46ca36a 100644
--- a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp
+++ b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp
@@ -189,6 +189,9 @@ void tst_QDtls::initTestCase()
defaultServerConfig.setDtlsCookieVerificationEnabled(false);
hostName = QStringLiteral("bob.org");
+
+ void qt_ForceTlsSecurityLevel();
+ qt_ForceTlsSecurityLevel();
}
void tst_QDtls::init()
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index e5a6073b1d..9854ff9c87 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -101,6 +101,11 @@ static const quint16 PSK_SERVER_PORT = 4433;
static const QByteArray PSK_CLIENT_PRESHAREDKEY = QByteArrayLiteral("\x1a\x2b\x3c\x4d\x5e\x6f");
static const QByteArray PSK_SERVER_IDENTITY_HINT = QByteArrayLiteral("QtTestServerHint");
static const QByteArray PSK_CLIENT_IDENTITY = QByteArrayLiteral("Client_identity");
+
+QT_BEGIN_NAMESPACE
+void qt_ForceTlsSecurityLevel();
+QT_END_NAMESPACE
+
#endif // !QT_NO_OPENSSL
class tst_QSslSocket : public QObject
@@ -436,6 +441,10 @@ void tst_QSslSocket::init()
#endif // QT_NO_NETWORKPROXY
}
+#ifndef QT_NO_OPENSSL
+ QT_PREPEND_NAMESPACE(qt_ForceTlsSecurityLevel)();
+#endif // QT_NO_OPENSSL
+
qt_qhostinfo_clear_cache();
}
diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp
index 5215204a5c..000f2f4da9 100644
--- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp
+++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp
@@ -43,6 +43,11 @@
#ifndef QT_NO_OPENSSL
typedef QSharedPointer<QSslSocket> QSslSocketPtr;
+
+QT_BEGIN_NAMESPACE
+void qt_ForceTlsSecurityLevel();
+QT_END_NAMESPACE
+
#endif
class tst_QSslSocket_onDemandCertificates_member : public QObject
@@ -54,6 +59,10 @@ class tst_QSslSocket_onDemandCertificates_member : public QObject
public:
#ifndef QT_NO_OPENSSL
+ tst_QSslSocket_onDemandCertificates_member()
+ {
+ QT_PREPEND_NAMESPACE(qt_ForceTlsSecurityLevel)();
+ }
QSslSocketPtr newSocket();
#endif
@@ -69,7 +78,7 @@ private slots:
void onDemandRootCertLoadingMemberMethods();
private:
- QSslSocket *socket;
+ QSslSocket *socket = nullptr;
#endif // QT_NO_OPENSSL
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 15:35:42 +0000