Adjust SSL patches to match behavior of Qt5 in regards to SSL/TLS versions.

PR: 216781 Approved by: swills (mentor) Differential Revision: https://reviews.freebsd.org/D9727
svn path=/head/; revision=434634
2017-02-22 19:38:31 +00:00 · 2017-02-22 19:38:31 +00:00 · 6b5cc6c4c6 · 2021-03-31 03:12:20 +00:00
commit 6b5cc6c4c6
parent 6e76cfd97b
2 changed files with 29 additions and 16 deletions
--- a/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp
+++ b/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp
@ -1,21 +1,31 @@
+* Make availability of SSLv3 in Qt4 same as in Qt5, i.e. not part of SecureProtocols
+*
 --- src/network/ssl/qsslsocket_openssl.cpp.orig	2015-05-07 14:14:44 UTC
 +++ src/network/ssl/qsslsocket_openssl.cpp
-@@ -267,15 +267,14 @@ init_context:
+@@ -267,9 +267,13 @@ init_context:
 #endif
         break;
     case QSsl::SslV3:
-        ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
+#ifndef OPENSSL_NO_SSL3_METHOD
+         ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
+#else
 +        ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error
+#endif
         break;
 -    case QSsl::SecureProtocols: // SslV2 will be disabled below
-    case QSsl::TlsV1SslV3: // SslV2 will be disabled below
+    case QSsl::SecureProtocols: // SslV2/3 will be disabled below
+     case QSsl::TlsV1SslV3: // SslV2 will be disabled below
     case QSsl::AnyProtocol:
-    default:
-         ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method());
-         break;
-     case QSsl::TlsV1:
-+    case QSsl::SecureProtocols:
-+    default:
-         ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method());
-         break;
-     }
+     default:
+@@ -297,8 +301,10 @@ init_context:
+ 
+     // Enable bug workarounds.
+     long options;
+-    if (configuration.protocol == QSsl::TlsV1SslV3 || configuration.protocol == QSsl::SecureProtocols)
+    if (configuration.protocol == QSsl::TlsV1SslV3)
+         options = SSL_OP_ALL|SSL_OP_NO_SSLv2;
+    else if (configuration.protocol == QSsl::SecureProtocols)
+        options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
+     else
+         options = SSL_OP_ALL;
+ 
--- a/net/qt4-network/files/patch-src_network_ssl_qsslsocketopensslsymbols.cpp
+++ b/net/qt4-network/files/patch-src_network_ssl_qsslsocketopensslsymbols.cpp
@ -1,3 +1,6 @@
+* Prepend the path of the SSL libraries used for building so the same libraries are
+* found and loaded at runtime. Normal search finds base SSL libraries before ports.
+*
 --- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig	2015-05-07 14:14:44 UTC
 +++ src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -511,9 +511,9 @@ static QPair<QLibrary*, QLibrary*> loadO
@ -5,10 +8,10 @@
 #elif defined(SHLIB_VERSION_NUMBER)
     // first attempt: the canonical name is libssl.so.<SHLIB_VERSION_NUMBER>
 -    libssl->setFileNameAndVersion(QLatin1String("ssl"), QLatin1String(SHLIB_VERSION_NUMBER));
-+    libssl->setFileNameAndVersion(QLatin1String("/usr/local/lib/libssl"), QLatin1String(SHLIB_VERSION_NUMBER));
+    libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), QLatin1String(SHLIB_VERSION_NUMBER));
     libssl->setLoadHints(QLibrary::ImprovedSearchHeuristics);
 -    libcrypto->setFileNameAndVersion(QLatin1String("crypto"), QLatin1String(SHLIB_VERSION_NUMBER));
-+    libcrypto->setFileNameAndVersion(QLatin1String("/usr/local/lib/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER));
+    libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER));
     libcrypto->setLoadHints(libcrypto->loadHints() | QLibrary::ImprovedSearchHeuristics);
     if (libcrypto->load() && libssl->load()) {
         // libssl.so.<SHLIB_VERSION_NUMBER> and libcrypto.so.<SHLIB_VERSION_NUMBER> found
@ -18,8 +21,8 @@
     // second attempt: find the development files libssl.so and libcrypto.so
 -    libssl->setFileNameAndVersion(QLatin1String("ssl"), -1);
 -    libcrypto->setFileNameAndVersion(QLatin1String("crypto"), -1);
-+    libssl->setFileNameAndVersion(QLatin1String("/usr/local/lib/libssl"), -1);
-+    libcrypto->setFileNameAndVersion(QLatin1String("/usr/local/lib/libcrypto"), -1);
+    libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), -1);
+    libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), -1);
     if (libcrypto->load() && libssl->load()) {
         // libssl.so.0 and libcrypto.so.0 found
         return pair;