diff options
7 files changed, 50 insertions, 1 deletions
diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp index 6eed354b9e..5fb7172583 100644 --- a/src/network/ssl/qsslcontext_openssl.cpp +++ b/src/network/ssl/qsslcontext_openssl.cpp @@ -54,6 +54,13 @@ QT_BEGIN_NAMESPACE +Q_GLOBAL_STATIC(bool, forceSecurityLevel) + +Q_NETWORK_EXPORT void qt_ForceTlsSecurityLevel() +{ + *forceSecurityLevel() = true; +} + // defined in qsslsocket_openssl.cpp: extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); extern "C" int q_X509CallbackDirect(int ok, X509_STORE_CTX *ctx); @@ -334,6 +341,10 @@ init_context: return; } + // A nasty hacked OpenSSL using a level that will make our auto-tests fail: + if (q_SSL_CTX_get_security_level(sslContext->ctx) > 1 && *forceSecurityLevel()) + q_SSL_CTX_set_security_level(sslContext->ctx, 1); + const long anyVersion = #if QT_CONFIG(dtls) isDtls ? DTLS_ANY_VERSION : TLS_ANY_VERSION; diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index 81637cf0cc..9396516670 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -164,6 +164,8 @@ using info_callback = void (*) (const SSL *ssl, int type, int val); DEFINEFUNC2(void, SSL_set_info_callback, SSL *ssl, ssl, info_callback cb, cb, return, return) DEFINEFUNC(const char *, SSL_alert_type_string, int value, value, return nullptr, return) DEFINEFUNC(const char *, SSL_alert_desc_string_long, int value, value, return nullptr, return) +DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return) +DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return) #ifdef TLS1_3_VERSION DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return) DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG) @@ -865,6 +867,8 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(SSL_set_info_callback) RESOLVEFUNC(SSL_alert_type_string) RESOLVEFUNC(SSL_alert_desc_string_long) + RESOLVEFUNC(SSL_CTX_get_security_level) + RESOLVEFUNC(SSL_CTX_set_security_level) #ifdef TLS1_3_VERSION RESOLVEFUNC(SSL_CTX_set_ciphersuites) RESOLVEFUNC(SSL_set_psk_use_session_callback) diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h index 744e5e34f9..9f54efddaa 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols_p.h +++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h @@ -753,6 +753,9 @@ void q_SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int const char *q_SSL_alert_type_string(int value); const char *q_SSL_alert_desc_string_long(int value); +int q_SSL_CTX_get_security_level(const SSL_CTX *ctx); +void q_SSL_CTX_set_security_level(SSL_CTX *ctx, int level); + QT_END_NAMESPACE #endif diff --git a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp index fa574b8d92..0766cd26fc 100644 --- a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp +++ b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp @@ -98,6 +98,12 @@ Q_DECLARE_METATYPE(QNetworkProxyQuery) typedef QSharedPointer<QNetworkReply> QNetworkReplyPtr; +#ifndef QT_NO_OPENSSL +QT_BEGIN_NAMESPACE +void qt_ForceTlsSecurityLevel(); +QT_END_NAMESPACE +#endif + class MyCookieJar; class tst_QNetworkReply: public QObject { @@ -1564,6 +1570,10 @@ void tst_QNetworkReply::initTestCase() QString::fromLatin1("Couldn't find echo dir starting from %1.").arg(QDir::currentPath()))); cleanupTestData(); +#ifndef QT_NO_OPENSSL + QT_PREPEND_NAMESPACE(qt_ForceTlsSecurityLevel)(); +#endif // QT_NO_OPENSSL + } void tst_QNetworkReply::cleanupTestCase() diff --git a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp index 0607a4b656..fd51c091a8 100644 --- a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp +++ b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp @@ -188,6 +188,9 @@ void tst_QDtls::initTestCase() defaultServerConfig.setDtlsCookieVerificationEnabled(false); hostName = QStringLiteral("bob.org"); + + void qt_ForceTlsSecurityLevel(); + qt_ForceTlsSecurityLevel(); } void tst_QDtls::init() diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 470ef1cd25..1718b787f5 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -101,6 +101,11 @@ static const quint16 PSK_SERVER_PORT = 4433; static const QByteArray PSK_CLIENT_PRESHAREDKEY = QByteArrayLiteral("\x1a\x2b\x3c\x4d\x5e\x6f"); static const QByteArray PSK_SERVER_IDENTITY_HINT = QByteArrayLiteral("QtTestServerHint"); static const QByteArray PSK_CLIENT_IDENTITY = QByteArrayLiteral("Client_identity"); + +QT_BEGIN_NAMESPACE +void qt_ForceTlsSecurityLevel(); +QT_END_NAMESPACE + #endif // !QT_NO_OPENSSL class tst_QSslSocket : public QObject @@ -440,6 +445,10 @@ void tst_QSslSocket::init() #endif // QT_NO_NETWORKPROXY } +#ifndef QT_NO_OPENSSL + QT_PREPEND_NAMESPACE(qt_ForceTlsSecurityLevel)(); +#endif // QT_NO_OPENSSL + qt_qhostinfo_clear_cache(); } diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp index 5215204a5c..000f2f4da9 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp @@ -43,6 +43,11 @@ #ifndef QT_NO_OPENSSL typedef QSharedPointer<QSslSocket> QSslSocketPtr; + +QT_BEGIN_NAMESPACE +void qt_ForceTlsSecurityLevel(); +QT_END_NAMESPACE + #endif class tst_QSslSocket_onDemandCertificates_member : public QObject @@ -54,6 +59,10 @@ class tst_QSslSocket_onDemandCertificates_member : public QObject public: #ifndef QT_NO_OPENSSL + tst_QSslSocket_onDemandCertificates_member() + { + QT_PREPEND_NAMESPACE(qt_ForceTlsSecurityLevel)(); + } QSslSocketPtr newSocket(); #endif @@ -69,7 +78,7 @@ private slots: void onDemandRootCertLoadingMemberMethods(); private: - QSslSocket *socket; + QSslSocket *socket = nullptr; #endif // QT_NO_OPENSSL }; |