From 611423099667d2dc18e6fb63967cbbfd8a65829c Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Tue, 30 Oct 2018 10:43:51 +0100 Subject: Fix supportsSsl() to make it more consistent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Attempts to use QSslSocket and its OpenSSL 1.1 back-end with OpenSSL 1.1.1 in a very peculiar way (for some reason the reporter calls OPENSSL_no_config()) combined with a bug in OpenSSL 1.1.1 resulted in a QSslSocket dead-locking in initialization. This was happening because supportsSsl() first reported false (OpenSSL internally fails to initialize after OPENSSL_no_config()), but we have s_libraryLoaded set to true too early, thus the first supportsSsl() returns false, the second - true. Move setting of s_libraryLoaded later so that we don't claim to support OpenSSL when an earlier ensureLibraryLoaded() attempt failed. Task-number: QTBUG-70956 Task-number: QTBUG-71446 Change-Id: I8ad8763d357c84fc38c62e2ce914366367c2b445 Reviewed-by: Edward Welbourne Reviewed-by: MÃ¥rten Nordheim --- src/network/ssl/qsslsocket_openssl.cpp | 5 +++++ src/network/ssl/qsslsocket_openssl11.cpp | 4 ++-- src/network/ssl/qsslsocket_opensslpre11.cpp | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) (limited to 'src/network') diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 64501a75e8..37bb3e4933 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -474,7 +474,12 @@ void QSslSocketPrivate::resetDefaultCiphers() #else SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method()); #endif + // Note, we assert, not just silently return/bail out early: + // this should never happen and problems with OpenSSL's initialization + // must be caught before this (see supportsSsl()). + Q_ASSERT(myCtx); SSL *mySsl = q_SSL_new(myCtx); + Q_ASSERT(mySsl); QList ciphers; QList defaultCiphers; diff --git a/src/network/ssl/qsslsocket_openssl11.cpp b/src/network/ssl/qsslsocket_openssl11.cpp index cbbf403672..2a2667bd48 100644 --- a/src/network/ssl/qsslsocket_openssl11.cpp +++ b/src/network/ssl/qsslsocket_openssl11.cpp @@ -88,8 +88,6 @@ bool QSslSocketPrivate::ensureLibraryLoaded() const QMutexLocker locker(qt_opensslInitMutex); if (!s_libraryLoaded) { - s_libraryLoaded = true; - // Initialize OpenSSL. if (q_OPENSSL_init_ssl(0, nullptr) != 1) return false; @@ -105,6 +103,8 @@ bool QSslSocketPrivate::ensureLibraryLoaded() qWarning("Random number generator not seeded, disabling SSL support"); return false; } + + s_libraryLoaded = true; } return true; } diff --git a/src/network/ssl/qsslsocket_opensslpre11.cpp b/src/network/ssl/qsslsocket_opensslpre11.cpp index 062e03f4e6..bc4fd9dc85 100644 --- a/src/network/ssl/qsslsocket_opensslpre11.cpp +++ b/src/network/ssl/qsslsocket_opensslpre11.cpp @@ -215,8 +215,6 @@ bool QSslSocketPrivate::ensureLibraryLoaded() QMutexLocker locker(openssl_locks()->initLock()); if (!s_libraryLoaded) { - s_libraryLoaded = true; - // Initialize OpenSSL. q_CRYPTO_set_id_callback(id_function); q_CRYPTO_set_locking_callback(locking_function); @@ -235,6 +233,8 @@ bool QSslSocketPrivate::ensureLibraryLoaded() qWarning("Random number generator not seeded, disabling SSL support"); return false; } + + s_libraryLoaded = true; } return true; } -- cgit v1.2.3