2023-05-05 15:43:57 +08:00
|
|
|
From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
|
|
|
|
Date: Fri, 5 May 2023 07:44:32 +0000
|
|
|
|
Subject: update function argument of SSL_CTX_set_options
|
|
|
|
|
2023-05-05 14:54:31 +08:00
|
|
|
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e995bfc0ea783c15
|
|
|
|
Backported for 5.15 by the patch author, Michael Saxl.
|
|
|
|
Last-Update: 2022-08-07
|
|
|
|
|
2023-05-05 15:43:57 +08:00
|
|
|
openssl3 uses uint64_t for the options argument in SSL_CTX_set_options,
|
|
|
|
older ones used long.
|
|
|
|
sizeof(long) is not the same on any platform as sizeof(uint64_t)
|
|
|
|
---
|
|
|
|
src/network/ssl/qsslcontext_openssl.cpp | 2 +-
|
|
|
|
src/network/ssl/qsslsocket_openssl.cpp | 4 ++--
|
|
|
|
src/network/ssl/qsslsocket_openssl_p.h | 8 +++++++-
|
|
|
|
src/network/ssl/qsslsocket_openssl_symbols.cpp | 2 +-
|
|
|
|
src/network/ssl/qsslsocket_openssl_symbols_p.h | 2 +-
|
|
|
|
5 files changed, 12 insertions(+), 6 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp
|
|
|
|
index d0a428c..c992da9 100644
|
2023-05-05 14:54:31 +08:00
|
|
|
--- a/src/network/ssl/qsslcontext_openssl.cpp
|
|
|
|
+++ b/src/network/ssl/qsslcontext_openssl.cpp
|
|
|
|
@@ -455,7 +455,7 @@ init_context:
|
|
|
|
}
|
|
|
|
|
|
|
|
// Enable bug workarounds.
|
|
|
|
- long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions);
|
|
|
|
+ qssloptions options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions);
|
|
|
|
q_SSL_CTX_set_options(sslContext->ctx, options);
|
|
|
|
|
|
|
|
// Tell OpenSSL to release memory early
|
2023-05-05 15:43:57 +08:00
|
|
|
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
|
|
|
|
index 37fad2a..8f6858c 100644
|
2023-05-05 14:54:31 +08:00
|
|
|
--- a/src/network/ssl/qsslsocket_openssl.cpp
|
|
|
|
+++ b/src/network/ssl/qsslsocket_openssl.cpp
|
2023-05-05 15:43:57 +08:00
|
|
|
@@ -550,9 +550,9 @@ static void q_loadCiphersForConnection(SSL *connection, QList<QSslCipher> &ciphe
|
2023-05-05 14:54:31 +08:00
|
|
|
// Defined in qsslsocket.cpp
|
|
|
|
void q_setDefaultDtlsCiphers(const QList<QSslCipher> &ciphers);
|
|
|
|
|
|
|
|
-long QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions)
|
|
|
|
+qssloptions QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions)
|
|
|
|
{
|
|
|
|
- long options;
|
|
|
|
+ qssloptions options;
|
|
|
|
if (protocol == QSsl::TlsV1SslV3)
|
|
|
|
options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
|
|
|
|
else if (protocol == QSsl::SecureProtocols)
|
2023-05-05 15:43:57 +08:00
|
|
|
diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h
|
|
|
|
index 4103de2..5547589 100644
|
2023-05-05 14:54:31 +08:00
|
|
|
--- a/src/network/ssl/qsslsocket_openssl_p.h
|
|
|
|
+++ b/src/network/ssl/qsslsocket_openssl_p.h
|
|
|
|
@@ -107,6 +107,12 @@
|
|
|
|
|
|
|
|
QT_BEGIN_NAMESPACE
|
|
|
|
|
|
|
|
+#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
|
|
|
|
+typedef uint64_t qssloptions;
|
|
|
|
+#else
|
|
|
|
+typedef unsigned long qssloptions;
|
|
|
|
+#endif
|
|
|
|
+
|
|
|
|
struct QSslErrorEntry {
|
|
|
|
int code;
|
|
|
|
int depth;
|
|
|
|
@@ -171,7 +177,7 @@ public:
|
|
|
|
QVector<QSslError> ocspErrors;
|
|
|
|
QByteArray ocspResponseDer;
|
|
|
|
|
|
|
|
- Q_AUTOTEST_EXPORT static long setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions);
|
|
|
|
+ Q_AUTOTEST_EXPORT static qssloptions setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions);
|
|
|
|
static QSslCipher QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher);
|
|
|
|
static QList<QSslCertificate> STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509);
|
|
|
|
static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, const QString &hostName);
|
2023-05-05 15:43:57 +08:00
|
|
|
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
|
|
|
|
index 68a766c..459ccd0 100644
|
2023-05-05 14:54:31 +08:00
|
|
|
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
|
|
|
|
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
|
2023-05-05 15:43:57 +08:00
|
|
|
@@ -157,7 +157,7 @@ DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMM
|
2023-05-05 14:54:31 +08:00
|
|
|
DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
|
|
|
|
DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
|
|
|
|
DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
|
|
|
|
-DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
|
|
|
|
+DEFINEFUNC2(qssloptions, SSL_CTX_set_options, SSL_CTX *ctx, ctx, qssloptions op, op, return 0, return)
|
|
|
|
DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return)
|
|
|
|
DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return)
|
|
|
|
#ifdef TLS1_3_VERSION
|
2023-05-05 15:43:57 +08:00
|
|
|
diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
|
|
|
|
index 7196177..27aeffa 100644
|
2023-05-05 14:54:31 +08:00
|
|
|
--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
|
|
|
|
+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
|
2023-05-05 15:43:57 +08:00
|
|
|
@@ -245,7 +245,7 @@ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data);
|
2023-05-05 14:54:31 +08:00
|
|
|
Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK *a);
|
|
|
|
Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b);
|
|
|
|
int q_SSL_session_reused(SSL *a);
|
|
|
|
-unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
|
|
|
|
+qssloptions q_SSL_CTX_set_options(SSL_CTX *ctx, qssloptions op);
|
|
|
|
int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
|
|
|
|
size_t q_SSL_get_client_random(SSL *a, unsigned char *out, size_t outlen);
|
|
|
|
size_t q_SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen);
|