summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--configure.cmake58
-rw-r--r--src/plugins/tls/openssl/qsslcontext_openssl.cpp7
-rw-r--r--src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp29
-rw-r--r--src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h14
-rw-r--r--src/plugins/tls/openssl/qtls_openssl.cpp3
5 files changed, 108 insertions, 3 deletions
diff --git a/configure.cmake b/configure.cmake
index 2213ce233c..72e331c01b 100644
--- a/configure.cmake
+++ b/configure.cmake
@@ -19,7 +19,55 @@ if(TARGET ZLIB::ZLIB)
endif()
qt_find_package(WrapOpenSSLHeaders PROVIDED_TARGETS WrapOpenSSLHeaders::WrapOpenSSLHeaders MODULE_NAME core)
+# openssl_headers
+# OPENSSL_VERSION_MAJOR is not defined for OpenSSL 1.1.1
+qt_config_compile_test(opensslv11_headers
+ LABEL "opensslv11_headers"
+ LIBRARIES
+ WrapOpenSSLHeaders::WrapOpenSSLHeaders
+ CODE
+"#include <openssl/ssl.h>
+#include <openssl/opensslv.h>
+#if !defined(OPENSSL_VERSION_NUMBER) || defined(OPENSSL_VERSION_MAJOR) || OPENSSL_VERSION_NUMBER-0 < 0x10101000L
+# error OpenSSL >= 1.1.1 is required
+#endif
+#if !defined(OPENSSL_NO_EC) && !defined(SSL_CTRL_SET_CURVES)
+# error OpenSSL was reported as >= 1.1.1 but is missing required features, possibly it is libressl which is unsupported
+#endif
+
+int main(void)
+{
+ /* BEGIN TEST: */
+ /* END TEST: */
+ return 0;
+}
+")
+
qt_find_package(WrapOpenSSL PROVIDED_TARGETS WrapOpenSSL::WrapOpenSSL MODULE_NAME core QMAKE_LIB openssl)
+# openssl
+# OPENSSL_VERSION_MAJOR is not defined for OpenSSL 1.1.1
+qt_config_compile_test(opensslv11
+ LABEL "opensslv11"
+ LIBRARIES
+ WrapOpenSSL::WrapOpenSSL
+ CODE
+"#include <openssl/ssl.h>
+#include <openssl/opensslv.h>
+#if !defined(OPENSSL_VERSION_NUMBER) || defined(OPENSSL_VERSION_MAJOR) || OPENSSL_VERSION_NUMBER-0 < 0x10101000L
+# error OpenSSL >= 1.1.1 is required
+#endif
+#if !defined(OPENSSL_NO_EC) && !defined(SSL_CTRL_SET_CURVES)
+# error OpenSSL was reported as >= 1.1.1 but is missing required features, possibly it is libressl which is unsupported
+#endif
+
+int main(void)
+{
+ /* BEGIN TEST: */
+SSL_free(SSL_new(0));
+ /* END TEST: */
+ return 0;
+}
+")
# opensslv30
# openssl_headers
@@ -952,17 +1000,22 @@ qt_feature_definition("openssl" "QT_NO_OPENSSL" NEGATE)
qt_feature_config("openssl" QMAKE_PUBLIC_QT_CONFIG)
qt_feature("openssl-runtime"
AUTODETECT NOT WASM
- CONDITION TEST_opensslv30_headers
+ CONDITION TEST_opensslv11_headers OR TEST_opensslv30_headers
ENABLE INPUT_openssl STREQUAL 'yes' OR INPUT_openssl STREQUAL 'runtime'
DISABLE INPUT_openssl STREQUAL 'no' OR INPUT_openssl STREQUAL 'linked' OR INPUT_ssl STREQUAL 'no'
)
qt_feature("openssl-linked" PUBLIC
LABEL " Qt directly linked to OpenSSL"
AUTODETECT OFF
- CONDITION TEST_opensslv30
+ CONDITION TEST_opensslv11 OR TEST_opensslv30
ENABLE INPUT_openssl STREQUAL 'linked'
)
qt_feature_definition("openssl-linked" "QT_LINKED_OPENSSL")
+qt_feature("opensslv11" PUBLIC
+ LABEL "OpenSSL 1.1"
+ CONDITION TEST_opensslv11 OR TEST_opensslv11_headers
+ DISABLE INPUT_openssl STREQUAL 'no' OR INPUT_ssl STREQUAL 'no'
+)
qt_feature("opensslv30" PUBLIC
LABEL "OpenSSL 3.0"
CONDITION TEST_opensslv30 OR TEST_opensslv30_headers
@@ -1148,6 +1201,7 @@ qt_configure_add_summary_entry(ARGS "Using vcpkg" TYPE "message" MESSAGE "${_vcp
qt_configure_add_summary_entry(ARGS "libudev")
qt_configure_add_summary_entry(ARGS "openssl")
qt_configure_add_summary_entry(ARGS "openssl-linked")
+qt_configure_add_summary_entry(ARGS "opensslv11")
qt_configure_add_summary_entry(ARGS "opensslv30")
qt_configure_add_summary_entry(ARGS "system-zlib")
qt_configure_add_summary_entry(ARGS "zstd")
diff --git a/src/plugins/tls/openssl/qsslcontext_openssl.cpp b/src/plugins/tls/openssl/qsslcontext_openssl.cpp
index a06d2ff65b..75c192bd01 100644
--- a/src/plugins/tls/openssl/qsslcontext_openssl.cpp
+++ b/src/plugins/tls/openssl/qsslcontext_openssl.cpp
@@ -555,10 +555,17 @@ QT_WARNING_POP
// tell OpenSSL the directories where to look up the root certs on demand
const QList<QByteArray> unixDirs = QSslSocketPrivate::unixRootCertDirectories();
int success = 1;
+#if OPENSSL_VERSION_MAJOR < 3
+ for (const QByteArray &unixDir : unixDirs) {
+ if ((success = q_SSL_CTX_load_verify_locations(sslContext->ctx, nullptr, unixDir.constData())) != 1)
+ break;
+ }
+#else
for (const QByteArray &unixDir : unixDirs) {
if ((success = q_SSL_CTX_load_verify_dir(sslContext->ctx, unixDir.constData())) != 1)
break;
}
+#endif // OPENSSL_VERSION_MAJOR
if (success != 1) {
const auto qtErrors = QTlsBackendOpenSSL::getErrorsFromOpenSsl();
qCWarning(lcTlsBackend) << "An error encountered while to set root certificates location:"
diff --git a/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp b/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
index 13d3b0cee9..4aa9ca6fb1 100644
--- a/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
+++ b/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
@@ -302,9 +302,14 @@ DEFINEFUNC(int, SSL_version, const SSL *a, a, return 0, return)
DEFINEFUNC2(int, SSL_get_error, SSL *a, a, int b, b, return -1, return)
DEFINEFUNC(STACK_OF(X509) *, SSL_get_peer_cert_chain, SSL *a, a, return nullptr, return)
+#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
DEFINEFUNC(X509 *, SSL_get1_peer_certificate, SSL *a, a, return nullptr, return)
DEFINEFUNC(int, EVP_PKEY_get_bits, const EVP_PKEY *pkey, pkey, return -1, return)
DEFINEFUNC(int, EVP_PKEY_get_base_id, const EVP_PKEY *pkey, pkey, return -1, return)
+#else
+DEFINEFUNC(X509 *, SSL_get_peer_certificate, SSL *a, a, return nullptr, return)
+DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return)
+#endif // OPENSSL_VERSION_MAJOR >= 3
DEFINEFUNC(long, SSL_get_verify_result, const SSL *a, a, return -1, return)
DEFINEFUNC(SSL *, SSL_new, SSL_CTX *a, a, return nullptr, return)
@@ -375,7 +380,11 @@ DEFINEFUNC(X509_STORE_CTX *, X509_STORE_CTX_new, DUMMYARG, DUMMYARG, return null
DEFINEFUNC2(void *, X509_STORE_CTX_get_ex_data, X509_STORE_CTX *ctx, ctx, int idx, idx, return nullptr, return)
DEFINEFUNC(int, SSL_get_ex_data_X509_STORE_CTX_idx, DUMMYARG, DUMMYARG, return -1, return)
+#if OPENSSL_VERSION_MAJOR < 3
+DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return)
+#else
DEFINEFUNC2(int, SSL_CTX_load_verify_dir, SSL_CTX *ctx, ctx, const char *CApath, CApath, return 0, return)
+#endif // OPENSSL_VERSION_MAJOR
DEFINEFUNC2(int, i2d_SSL_SESSION, SSL_SESSION *in, in, unsigned char **pp, pp, return 0, return)
DEFINEFUNC3(SSL_SESSION *, d2i_SSL_SESSION, SSL_SESSION **a, a, const unsigned char **pp, pp, long length, length, return nullptr, return)
@@ -637,7 +646,9 @@ static QStringList findAllLibCrypto()
}
# endif
-#if OPENSSL_VERSION_MAJOR == 3 // Starting with 3.0 this define is available
+#if (OPENSSL_VERSION_NUMBER >> 28) < 3
+#define QT_OPENSSL_VERSION "1_1"
+#elif OPENSSL_VERSION_MAJOR == 3 // Starting with 3.0 this define is available
#define QT_OPENSSL_VERSION "3"
#endif // > 3 intentionally left undefined
@@ -908,10 +919,17 @@ bool q_resolveOpenSslSymbols()
return false;
}
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
if (q_OpenSSL_version_num() < 0x30000000) {
qCWarning(lcTlsBackend, "Incompatible version of OpenSSL (built with OpenSSL >= 3.x, runtime version is < 3.x)");
return false;
}
+#else
+ if (q_OpenSSL_version_num() >= 0x30000000) {
+ qCWarning(lcTlsBackend, "Incompatible version of OpenSSL (built with OpenSSL 1.x, runtime version is >= 3.x)");
+ return false;
+ }
+#endif // OPENSSL_VERSION_NUMBER
RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
@@ -1054,9 +1072,14 @@ bool q_resolveOpenSslSymbols()
RESOLVEFUNC(SSL_get_error)
RESOLVEFUNC(SSL_get_peer_cert_chain)
+#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
RESOLVEFUNC(SSL_get1_peer_certificate)
RESOLVEFUNC(EVP_PKEY_get_bits)
RESOLVEFUNC(EVP_PKEY_get_base_id)
+#else
+ RESOLVEFUNC(SSL_get_peer_certificate)
+ RESOLVEFUNC(EVP_PKEY_base_id)
+#endif // OPENSSL_VERSION_MAJOR >= 3
#ifndef OPENSSL_NO_DEPRECATED_3_0
RESOLVEFUNC(DH_new)
@@ -1188,7 +1211,11 @@ bool q_resolveOpenSslSymbols()
RESOLVEFUNC(X509_verify_cert)
RESOLVEFUNC(d2i_X509)
RESOLVEFUNC(i2d_X509)
+#if OPENSSL_VERSION_MAJOR < 3
+ RESOLVEFUNC(SSL_CTX_load_verify_locations)
+#else
RESOLVEFUNC(SSL_CTX_load_verify_dir)
+#endif // OPENSSL_VERSION_MAJOR
RESOLVEFUNC(i2d_SSL_SESSION)
RESOLVEFUNC(d2i_SSL_SESSION)
diff --git a/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h b/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h
index 7d7ce57371..a93c110b3f 100644
--- a/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h
+++ b/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h
@@ -185,7 +185,11 @@ QT_BEGIN_NAMESPACE
// **************** Static declarations ******************
#endif // !defined QT_LINKED_OPENSSL
+#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
typedef uint64_t qssloptions;
+#else
+typedef unsigned long qssloptions;
+#endif
// TODO: the following lines previously were a part of 1.1 - specific header.
// To reduce the amount of the change, I'm directly copying and pasting the
// content of the header here. Later, can be better sorted/split into groups,
@@ -546,7 +550,11 @@ void q_GENERAL_NAME_free(GENERAL_NAME *a);
q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
#define q_OpenSSL_add_all_algorithms() q_OPENSSL_add_all_algorithms_conf()
+#if OPENSSL_VERSION_MAJOR < 3
+int q_SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath);
+#else
int q_SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath);
+#endif // OPENSSL_VERSION_MAJOR
int q_i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
SSL_SESSION *q_d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length);
@@ -668,11 +676,17 @@ const char *q_SSL_alert_desc_string_long(int value);
int q_SSL_CTX_get_security_level(const SSL_CTX *ctx);
void q_SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
+// Here we have the ones that make difference between OpenSSL pre/post v3:
+#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
X509 *q_SSL_get1_peer_certificate(SSL *a);
#define q_SSL_get_peer_certificate q_SSL_get1_peer_certificate
int q_EVP_PKEY_get_bits(const EVP_PKEY *pkey);
int q_EVP_PKEY_get_base_id(const EVP_PKEY *pkey);
#define q_EVP_PKEY_base_id q_EVP_PKEY_get_base_id
+#else
+X509 *q_SSL_get_peer_certificate(SSL *a);
+int q_EVP_PKEY_base_id(EVP_PKEY *a);
+#endif // OPENSSL_VERSION_MAJOR >= 3
#ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/src/plugins/tls/openssl/qtls_openssl.cpp b/src/plugins/tls/openssl/qtls_openssl.cpp
index ed5211150d..57d09a649b 100644
--- a/src/plugins/tls/openssl/qtls_openssl.cpp
+++ b/src/plugins/tls/openssl/qtls_openssl.cpp
@@ -1438,11 +1438,14 @@ bool TlsCryptographOpenSSL::initSslContext()
else if (mode == QSslSocket::SslServerMode)
q_SSL_set_psk_server_callback(ssl, &q_ssl_psk_server_callback);
+#if OPENSSL_VERSION_NUMBER >= 0x10101006L
// Set the client callback for TLSv1.3 PSK
if (mode == QSslSocket::SslClientMode
&& QSslSocket::sslLibraryBuildVersionNumber() >= 0x10101006L) {
q_SSL_set_psk_use_session_callback(ssl, &q_ssl_psk_use_session_callback);
}
+#endif // openssl version >= 0x10101006L
+
#endif // OPENSSL_NO_PSK
#if QT_CONFIG(ocsp)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-22 13:20:24 +0000