Hello community,
here is the log from the commit of package libqt4 for openSUSE:Factory checked
in at 2017-12-16 20:44:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libqt4 (Old)
and /work/SRC/openSUSE:Factory/.libqt4.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libqt4"
Sat Dec 16 20:44:45 2017 rev:224 rq:554902 version:4.8.7
Changes:
--------
libqt4-sql-plugins.changes: same change
--- /work/SRC/openSUSE:Factory/libqt4/libqt4.changes 2017-10-23
16:21:46.641193196 +0200
+++ /work/SRC/openSUSE:Factory/.libqt4.new/libqt4.changes 2017-12-16
20:44:49.930280056 +0100
@@ -1,0 +2,18 @@
+Wed Dec 6 16:56:06 UTC 2017 - fab...@ritter-vogt.de
+
+- Add proper patch headers to:
+ * no-ssl3.patch
+ * qt4-openssl-1.1.0pre-3.patch
+- Remove patch, not needed:
+ * qt-everywhere-opensource-src-4.8.7-gcc7.patch
+
+-------------------------------------------------------------------
+Tue Dec 5 01:45:40 CET 2017 - r...@suse.de
+
+- add patches from mageia to fix build with openssl-1.1
+- add no-ssl3.patch
+- add qt4-openssl-1.1.0pre-3.patch
+- add qt-everywhere-opensource-src-4.8.7-openssl.patch
+- add qt-everywhere-opensource-src-4.8.7-gcc7.patch
+
+-------------------------------------------------------------------
New:
----
no-ssl3.patch
qt-everywhere-opensource-src-4.8.7-openssl.patch
qt4-openssl-1.1.0pre-3.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
libqt4-sql-plugins.spec: same change
++++++ libqt4.spec ++++++
--- /var/tmp/diff_new_pack.zbTnrd/_old 2017-12-16 20:44:57.009938291 +0100
+++ /var/tmp/diff_new_pack.zbTnrd/_new 2017-12-16 20:44:57.013938098 +0100
@@ -35,7 +35,7 @@
BuildRequires: libjpeg-devel
BuildRequires: libmng-devel
%if 0%{?suse_version} >= 1330
-BuildRequires: libopenssl-1_0_0-devel
+BuildRequires: libopenssl-1_1_0-devel
# libnsl has been split out of glibc for CODE15
BuildRequires: libnsl-devel
%else
@@ -154,6 +154,12 @@
Patch170: fix-build-icu59.patch
# PATCH-FIX-UPSTREAM fix bolder fonts in qt4 apps [boo#956357] [QTBUG#27301]
Patch171: fix-medium-font.diff
+# PATCH-FIX-OPENSUSE no-ssl3.patch
+Patch200: no-ssl3.patch
+# PATCH-FIX-OPENSUSE qt4-openssl-1.1.0pre-3.patch
+Patch201: qt4-openssl-1.1.0pre-3.patch
+# PATCH-FIX-OPENSUSE qt-everywhere-opensource-src-4.8.7-openssl.patch
+Patch202: qt-everywhere-opensource-src-4.8.7-openssl.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define common_options --opensource -fast -no-separate-debug-info -shared
-xkb -openssl-linked -xrender -xcursor -dbus-linked -xfixes -xrandr -xinerama
-sm -no-nas-sound -no-rpath -system-libjpeg -system-libpng -accessibility -cups
-stl -nis -system-zlib -prefix /usr -L %{_libdir} -libdir %{_libdir} -docdir
%_docdir/%{base_name} -examplesdir %{_libdir}/qt4/examples -demosdir
%{_libdir}/qt4/demos -plugindir %plugindir -translationdir
%{_datadir}/qt4/translations -iconv -sysconfdir /etc/settings -datadir
%{_datadir}/qt4/ -no-pch -reduce-relocations -exceptions -system-libtiff -glib
-optimized-qmake -no-webkit -no-xmlpatterns -system-sqlite -qt3support
-no-sql-mysql -importdir %plugindir/imports -xsync -xinput -gtkstyle
@@ -193,7 +199,7 @@
Requires: glib2-devel
Requires: libmng-devel
%if 0%{?suse_version} >= 1330
-Requires: libopenssl-1_0_0-devel
+Requires: libopenssl-1_1_0-devel
%else
Requires: openssl-devel
%endif
@@ -473,6 +479,11 @@
%patch169 -p1
%patch170 -p1
%patch171 -p1
+%if 0%{?suse_version} >= 1330
+%patch200 -p1
+%patch201 -p1
+%patch202 -p1
+%endif
# be sure not to use them
rm -rf src/3rdparty/{libjpeg,freetype,libpng,zlib,libtiff,fonts}
@@ -485,8 +496,13 @@
%ifarch ppc64
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -mminimal-toc"
%endif
-export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -DOPENSSL_LOAD_CONF -std=gnu++98"
-export CFLAGS="$CFLAGS $RPM_OPT_FLAGS -DOPENSSL_LOAD_CONF"
+%if 0%{?suse_version} >= 1330
+NO_SSL2="-DOPENSSL_NO_SSL2"
+%else
+NO_SSL2=""
+%endif
+export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -DOPENSSL_LOAD_CONF $NO_SSL2
-std=gnu++98"
+export CFLAGS="$CFLAGS $RPM_OPT_FLAGS -DOPENSSL_LOAD_CONF $NO_SSL2"
export MAKEFLAGS="%{?_smp_mflags}"
touch translations/qt_de.qm
%ifarch sparc64
++++++ no-ssl3.patch ++++++
From: Jon DeVree <n...@vault24.org>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806505
Reviewed-by: Lisandro Damián Nicanor Pérez Meyer <lisan...@debian.org>
Last-Update: 2015-11-30
Description: Do not use SSLv3 methods in Qt4
>From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806505
This patch makes the use of SSLv3 methods optional at compile time.
On Debian this means they will not be used and will return a null ctx
if the SSLv3 method is deliberately selected.
---
diff -Nru qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl.cpp
qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl.cpp
--- qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl.cpp
2015-05-07 10:14:44.000000000 -0400
+++ qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl.cpp 2015-11-27
20:49:36.768826857 -0500
@@ -267,7 +267,11 @@
#endif
break;
case QSsl::SslV3:
+#ifndef OPENSSL_NO_SSL3_METHOD
ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() :
q_SSLv3_server_method());
+#else
+ ctx = 0; // SSL 3 not supported by the system, but chosen deliberately
-> error
+#endif
break;
case QSsl::SecureProtocols: // SslV2 will be disabled below
case QSsl::TlsV1SslV3: // SslV2 will be disabled below
diff -Nru
qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl_symbols.cpp
qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl_symbols.cpp
--- qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl_symbols.cpp
2015-05-07 10:14:44.000000000 -0400
+++ qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl_symbols.cpp
2015-11-27 20:49:48.061023402 -0500
@@ -228,13 +228,17 @@
#ifndef OPENSSL_NO_SSL2
DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return
0, return)
#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return
0, return)
+#endif
DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG,
return 0, return)
DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return
0, return)
#ifndef OPENSSL_NO_SSL2
DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return
0, return)
#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return
0, return)
+#endif
DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG,
return 0, return)
DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return
0, return)
#else
@@ -822,13 +826,17 @@
#ifndef OPENSSL_NO_SSL2
RESOLVEFUNC(SSLv2_client_method)
#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
RESOLVEFUNC(SSLv3_client_method)
+#endif
RESOLVEFUNC(SSLv23_client_method)
RESOLVEFUNC(TLSv1_client_method)
#ifndef OPENSSL_NO_SSL2
RESOLVEFUNC(SSLv2_server_method)
#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
RESOLVEFUNC(SSLv3_server_method)
+#endif
RESOLVEFUNC(SSLv23_server_method)
RESOLVEFUNC(TLSv1_server_method)
RESOLVEFUNC(X509_NAME_entry_count)
++++++ qt-everywhere-opensource-src-4.8.7-openssl.patch ++++++
--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslcertificate.cpp.gcc7
2017-10-10 01:48:46.293207220 +0200
+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslcertificate.cpp
2017-10-10 02:39:33.577822717 +0200
@@ -696,7 +696,7 @@ static QMap<QString, QString> _q_mapFrom
unsigned char *data = 0;
int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
info[QString::fromUtf8(obj)] = QString::fromUtf8((char*)data, size);
- q_CRYPTO_free(data);
+ q_CRYPTO_free(data, OPENSSL_FILE, OPENSSL_LINE);
}
return info;
}
---
qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp
2017-10-10 02:40:09.200573999 +0200
+++
qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp
2017-10-10 03:28:42.002259271 +0200
@@ -111,16 +111,16 @@
DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b,
return 0, return);
DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return
-1, return)
DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return)
-DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return)
+DEFINEFUNC(BIO *, BIO_new, BIO_METHOD const *a, a, return 0, return)
DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return 0, return)
DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return)
-DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
+DEFINEFUNC(BIO_METHOD const *, BIO_s_mem, void, DUMMYARG, return 0, return)
DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1,
return)
DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return)
DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return)
DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char
*, int), a, return, DUMMYARG)
DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return,
DUMMYARG)
-DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG)
+DEFINEFUNC3(void, CRYPTO_free, void *a, a, const char *file, file, int line,
line, return, DUMMYARG)
DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG)
#if OPENSSL_VERSION_NUMBER < 0x00908000L
DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, unsigned char **b, b, long c, c,
return 0, return)
@@ -300,7 +300,7 @@
DEFINEFUNC(int, DSA_security_bits, const DSA *dsa, dsa, return 0, return)
DEFINEFUNC(ASN1_TIME *, X509_get_notAfter, X509 *x, x, return 0, return)
DEFINEFUNC(ASN1_TIME *, X509_get_notBefore, X509 *x, x, return 0, return)
-DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, BIGNUM **p, p, BIGNUM **q, q,
BIGNUM **g, g, return, return)
+DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, BIGNUM const **p, p, BIGNUM
const **q, q, BIGNUM const **g, g, return, return)
#endif
#ifdef Q_OS_SYMBIAN
---
qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols_p.h
2017-10-10 02:37:43.856588477 +0200
+++
qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols_p.h
2017-10-10 03:29:20.388003594 +0200
@@ -207,16 +207,16 @@
int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b);
long q_BIO_ctrl(BIO *a, int b, long c, void *d);
int q_BIO_free(BIO *a);
-BIO *q_BIO_new(BIO_METHOD *a);
+BIO *q_BIO_new(BIO_METHOD const *a);
BIO *q_BIO_new_mem_buf(void *a, int b);
int q_BIO_read(BIO *a, void *b, int c);
-BIO_METHOD *q_BIO_s_mem();
+BIO_METHOD const *q_BIO_s_mem();
int q_BIO_write(BIO *a, const void *b, int c);
int q_BN_num_bits(const BIGNUM *a);
int q_CRYPTO_num_locks();
void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int));
void q_CRYPTO_set_id_callback(unsigned long (*a)());
-void q_CRYPTO_free(void *a);
+void q_CRYPTO_free(void *a, const char *file, int line);
void q_DSA_free(DSA *a);
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
// 0.9.8 broke SC and BC by changing this function's signature.
@@ -415,7 +415,7 @@
X509_PUBKEY * q_X509_get_X509_PUBKEY(X509 *x);
int q_RSA_bits(const RSA *rsa);
int q_DSA_security_bits(const DSA *dsa);
-void q_DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g);
+void q_DSA_get0_pqg(const DSA *d, BIGNUM const **p, BIGNUM const **q, BIGNUM
const **g);
#endif
#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslkey.cpp.gcc7
2017-10-10 02:59:26.063849950 +0200
+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslkey.cpp
2017-10-10 03:30:35.751501362 +0200
@@ -328,7 +328,7 @@ int QSslKey::length() const
if (d->algorithm == QSsl::Rsa) {
return q_RSA_bits(d->rsa);
}else{
- BIGNUM *p = NULL;
+ BIGNUM const *p = NULL;
q_DSA_get0_pqg(d->dsa, &p, NULL, NULL);
return q_BN_num_bits(p);
}
++++++ qt4-openssl-1.1.0pre-3.patch ++++++
From: Gert Wollny <gw.foss...@gmail.com>
Last-Update: 2016-06-28
Bug-Debian: http://bugs.debian.org/828522
Subject: Compile with openssl-1.1.0
* Most changes are related to openssl structures are now opaque.
* The network/ssl threading setup has been disabled because the
old openssl threading model has been removed and is apparently
no longer needed.
* A number of new functions had to be imported (see changes to
src/network/ssl/qsslsocket_openssl_symbols.cpp)
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -259,10 +259,10 @@
QByteArray QSslCertificate::version() const
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
- if (d->versionString.isEmpty() && d->x509)
+ if (d->versionString.isEmpty() && d->x509) {
d->versionString =
-
QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) +
1);
-
+ QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1);
+ }
return d->versionString;
}
@@ -276,7 +276,7 @@
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
if (d->serialNumberString.isEmpty() && d->x509) {
- ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
+ ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509);
// if we cannot convert to a long, just output the hexadecimal number
if (serialNumber->length > 4) {
QByteArray hexString;
@@ -489,24 +489,33 @@
QSslKey key;
key.d->type = QSsl::PublicKey;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
X509_PUBKEY *xkey = d->x509->cert_info->key;
+#else
+ X509_PUBKEY *xkey = q_X509_get_X509_PUBKEY(d->x509);
+#endif
EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);
Q_ASSERT(pkey);
- if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {
+ int key_id;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ key_id = q_EVP_PKEY_type(pkey->type);
+#else
+ key_id = q_EVP_PKEY_base_id(pkey);
+#endif
+ if (key_id == EVP_PKEY_RSA) {
key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);
key.d->algorithm = QSsl::Rsa;
key.d->isNull = false;
- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
+ } else if (key_id == EVP_PKEY_DSA) {
key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);
key.d->algorithm = QSsl::Dsa;
key.d->isNull = false;
- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {
+ } else if (key_id == EVP_PKEY_DH) {
// DH unsupported
} else {
// error?
}
-
q_EVP_PKEY_free(pkey);
return key;
}
--- a/src/network/ssl/qsslkey.cpp
+++ b/src/network/ssl/qsslkey.cpp
@@ -321,8 +321,19 @@
{
if (d->isNull)
return -1;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
return (d->algorithm == QSsl::Rsa)
? q_BN_num_bits(d->rsa->n) : q_BN_num_bits(d->dsa->p);
+#else
+ if (d->algorithm == QSsl::Rsa) {
+ return q_RSA_bits(d->rsa);
+ }else{
+ BIGNUM *p = NULL;
+ q_DSA_get0_pqg(d->dsa, &p, NULL, NULL);
+ return q_BN_num_bits(p);
+ }
+#endif
+
}
/*!
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -93,6 +93,7 @@
bool QSslSocketPrivate::s_loadedCiphersAndCerts = false;
bool QSslSocketPrivate::s_loadRootCertsOnDemand = false;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* \internal
From OpenSSL's thread(3) manual page:
@@ -174,6 +175,8 @@
}
} // extern "C"
+#endif //OPENSSL_VERSION_NUMBER >= 0x10100000L
+
QSslSocketBackendPrivate::QSslSocketBackendPrivate()
: ssl(0),
ctx(0),
@@ -222,9 +225,12 @@
ciph.d->encryptionMethod = descriptionList.at(4).mid(4);
ciph.d->exportable = (descriptionList.size() > 6 &&
descriptionList.at(6) == QLatin1String("export"));
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
ciph.d->bits = cipher->strength_bits;
ciph.d->supportedBits = cipher->alg_bits;
-
+#else
+ ciph.d->bits = q_SSL_CIPHER_get_bits(cipher, &ciph.d->supportedBits);
+#endif
}
return ciph;
}
@@ -367,7 +373,7 @@
//
// See also: QSslContext::fromConfiguration()
if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) {
- q_X509_STORE_add_cert(ctx->cert_store, (X509
*)caCertificate.handle());
+ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509
*)caCertificate.handle());
}
}
@@ -504,8 +510,10 @@
*/
void QSslSocketPrivate::deinitialize()
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
q_CRYPTO_set_id_callback(0);
q_CRYPTO_set_locking_callback(0);
+#endif
}
/*!
@@ -526,13 +534,17 @@
return false;
// Check if the library itself needs to be initialized.
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
QMutexLocker locker(openssl_locks()->initLock());
+#endif
if (!s_libraryLoaded) {
s_libraryLoaded = true;
// Initialize OpenSSL.
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
q_CRYPTO_set_id_callback(id_function);
q_CRYPTO_set_locking_callback(locking_function);
+#endif
if (q_SSL_library_init() != 1)
return false;
q_SSL_load_error_strings();
@@ -571,7 +583,9 @@
void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
{
- QMutexLocker locker(openssl_locks()->initLock());
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ QMutexLocker locker(openssl_locks()->initLock());
+#endif
if (s_loadedCiphersAndCerts)
return;
s_loadedCiphersAndCerts = true;
@@ -678,7 +678,9 @@
STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl);
for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) {
if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (cipher->valid) {
+#endif
QSslCipher ciph =
QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
if (!ciph.isNull()) {
// Unconditionally exclude ADH and AECDH ciphers since
they offer no MITM protection
@@ -692,7 +694,9 @@
defaultCiphers << ciph;
}
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
}
+#endif
}
}
--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
@@ -399,7 +399,25 @@
PEM_ASN1_write_bio((int (*)(void*, unsigned
char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\
bp,(char *)x,enc,kstr,klen,cb,u)
#endif
+
+X509_STORE * q_SSL_CTX_get_cert_store(const SSL_CTX *ctx);
+ASN1_INTEGER * q_X509_get_serialNumber(X509 *x);
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define q_SSL_CTX_set_options(ctx,op)
q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+#define q_X509_get_version(x) X509_get_version(x)
+#else
+int q_EVP_PKEY_id(const EVP_PKEY *pkey);
+int q_EVP_PKEY_base_id(const EVP_PKEY *pkey);
+int q_SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
+long q_SSL_CTX_set_options(SSL_CTX *ctx, long options);
+long q_X509_get_version(X509 *x);
+X509_PUBKEY * q_X509_get_X509_PUBKEY(X509 *x);
+int q_RSA_bits(const RSA *rsa);
+int q_DSA_security_bits(const DSA *dsa);
+void q_DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g);
+#endif
+
#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *,
int))q_sk_value)(st, i)
#define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st))
@@ -410,8 +428,15 @@
#define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i))
#define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \
q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define q_X509_get_notAfter(x) X509_get_notAfter(x)
#define q_X509_get_notBefore(x) X509_get_notBefore(x)
+#else
+ASN1_TIME *q_X509_get_notAfter(X509 *x);
+ASN1_TIME *q_X509_get_notBefore(X509 *x);
+#endif
+
#define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
(char *)(rsa))
#define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -290,6 +290,22 @@
DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return,
DUMMYARG)
DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char
*CAfile, CAfile, const char *CApath, CApath, return 0, return)
DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return)
+DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *ctx, ctx,
return 0, return)
+
+DEFINEFUNC(ASN1_INTEGER *, X509_get_serialNumber, X509 *x, x, return 0, return)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+DEFINEFUNC(int, EVP_PKEY_id, const EVP_PKEY *pkey, pkey, return 0, return)
+DEFINEFUNC(int, EVP_PKEY_base_id, const EVP_PKEY *pkey, pkey, return 0, return)
+DEFINEFUNC2(int, SSL_CIPHER_get_bits, const SSL_CIPHER *cipher, cipher, int
*alg_bits, alg_bits, return 0, return)
+DEFINEFUNC2(long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, long options,
options, return 0, return)
+DEFINEFUNC(long, X509_get_version, X509 *x, x, return 0, return)
+DEFINEFUNC(X509_PUBKEY *, X509_get_X509_PUBKEY, X509 *x, x, return 0, return)
+DEFINEFUNC(int, RSA_bits, const RSA *rsa, rsa, return 0, return)
+DEFINEFUNC(int, DSA_security_bits, const DSA *dsa, dsa, return 0, return)
+DEFINEFUNC(ASN1_TIME *, X509_get_notAfter, X509 *x, x, return 0, return)
+DEFINEFUNC(ASN1_TIME *, X509_get_notBefore, X509 *x, x, return 0, return)
+DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, BIGNUM **p, p, BIGNUM **q, q,
BIGNUM **g, g, return, return)
+#endif
#ifdef Q_OS_SYMBIAN
#define RESOLVEFUNC(func, ordinal, lib) \
@@ -801,6 +817,7 @@
RESOLVEFUNC(SSL_CTX_use_PrivateKey)
RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
+ RESOLVEFUNC(SSL_CTX_get_cert_store)
RESOLVEFUNC(SSL_accept)
RESOLVEFUNC(SSL_clear)
RESOLVEFUNC(SSL_connect)
@@ -823,6 +840,23 @@
RESOLVEFUNC(SSL_set_connect_state)
RESOLVEFUNC(SSL_shutdown)
RESOLVEFUNC(SSL_write)
+
+ RESOLVEFUNC(X509_get_serialNumber)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ RESOLVEFUNC(SSL_CTX_ctrl)
+ RESOLVEFUNC(EVP_PKEY_id)
+ RESOLVEFUNC(EVP_PKEY_base_id)
+ RESOLVEFUNC(SSL_CIPHER_get_bits)
+ RESOLVEFUNC(SSL_CTX_set_options)
+ RESOLVEFUNC(X509_get_version)
+ RESOLVEFUNC(X509_get_X509_PUBKEY)
+ RESOLVEFUNC(RSA_bits)
+ RESOLVEFUNC(DSA_security_bits)
+ RESOLVEFUNC(DSA_get0_pqg)
+ RESOLVEFUNC(X509_get_notAfter)
+ RESOLVEFUNC(X509_get_notBefore)
+#endif
+
#ifndef OPENSSL_NO_SSL2
RESOLVEFUNC(SSLv2_client_method)
#endif
