Hello Chris and Thiago, yes, indeed centOS 7 has open-ssl 1.0.7 installed so I need to upgrade obviously.
>>OpenSSL 3 isn't supported in 5.15. Thanks for this hint, too ! I also figured by playing with the various DTS available that the most recent version with gcc 11 does not work with Qt5.15 so I used DTS 10 instead. Best Alex -- http://www.carot.de Email : alexan...@carot.de Tel.: +49 (0)177 5719797 > Gesendet: Montag, 20. Juni 2022 um 00:06 Uhr > Von: "Thiago Macieira" <thiago.macie...@intel.com> > An: email@example.com > Betreff: Re: [Interest] Qt5.15 from source on centOS 7 > > On Sunday, 19 June 2022 14:29:33 PDT Chris Benesch wrote: > > Build OpenSSL 3 and add its install directory lib/pkgconfig to > > PKG_CONFIG_PATH and choose -openssl-linked as one of the config > > parameters. If you can get through configure, it should build. > > OpenSSL 3 isn't supported in 5.15. > > Use the very latest release from 1.1, but no older and no newer. > > Then there's the question of whether you want to ship OpenSSL libraries with > your product. If you do, then you must also keep an eye to OpenSSL security > advisories and make proper and timely updates to your release. Be prepared to > make new builds and release to customers once per month. If you can't sustain > this rate, then don't ship OpenSSL. > > You don't have to do it: the default build doesn't link to OpenSSL, but > instead tries to find it at runtime and dlopens() it. That places the burden > of > providing OpenSSL and keeping it up to date on your user, not you. If they > choose to be vulnerable by choice or by ignorance, it's not your fault. > > If you choose this route, make sure your application works properly when > OpenSSL 1.1 is missing. By "properly", I mean "doesn't crash left and right". > Please make sure that it is not silently falling back to unencrypted > connections where encrypted were required. If your application requires > encrypted connections to work at all, then display a dialog with a link to > documentation on how to install OpenSSL. > > PS: OpenSSL is the most visible and most important library when it comes to > patching security vulnerabilities, but is not the only one. You should do the > same for ALL libraries you ship with your application, and that includes ALL > the libraries that are bundled inside Qt's source. For example, the just- > released Qt 5.15.5-LTS includes a vulnerable version of zlib, so you should > patch it. > > Better yet, don't use bundled libraries. > > -- > Thiago Macieira - thiago.macieira (AT) intel.com > Cloud Software Architect - Intel DCAI Cloud Engineering > > > > _______________________________________________ > Interest mailing list > Interest@qt-project.org > https://lists.qt-project.org/listinfo/interest > _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest