From feb056b448678a0017cb7683f4e7e92d5287d2a6 Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Wed, 6 Oct 2021 14:01:25 +0200 Subject: QTlsBackend (OpenSSL) : detect incompatible versions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenSSL v3 among other nice things brought some nasty crashes (essentially, finally breaking what was already not so nice in 1.x: see, e.g. ASN1_ITEM_free and ASN1_ITEM_ptr that we have to use to free resources allocated by openssl). Let's, at least, not use v3 from Qt built with 1.1.1 and vice versa. Change-Id: If14a2a0ce2189a1b7967b7ab7248d11d0f2fc423 Reviewed-by: MÃ¥rten Nordheim (cherry picked from commit 3abcff49eb962cb087498626d77929a870c82929) Reviewed-by: Edward Welbourne --- src/network/ssl/qsslsocket_openssl_symbols.cpp | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index 5b15da64b5..75aef060e0 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -904,13 +904,25 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(OpenSSL_version_num) RESOLVEFUNC(OpenSSL_version) - if (!_q_OpenSSL_version) { + if (!_q_OpenSSL_version || !_q_OpenSSL_version_num) { // Apparently, we were built with OpenSSL 1.1 enabled but are now using // a wrong library. qCWarning(lcSsl, "Incompatible version of OpenSSL"); return false; } +#if OPENSSL_VERSION_NUMBER >= 0x30000000 + if (q_OpenSSL_version_num() < 0x30000000) { + qCWarning(lcSsl, "Incompatible version of OpenSSL (built with OpenSSL >= 3.x, runtime version is < 3.x)"); + return false; + } +#else + if (q_OpenSSL_version_num() >= 0x30000000) { + qCWarning(lcSsl, "Incompatible version of OpenSSL (built with OpenSSL 1.x, runtime version is >= 3.x)"); + return false; + } +#endif // OPENSSL_VERSION_NUMBER + RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint) RESOLVEFUNC(DH_bits) RESOLVEFUNC(DSA_bits) -- cgit v1.2.3