subject:"Re\: \[Interest\] Qt 5.9 and OpenSSL 1.1\?"

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-09-30 Thread Roland Hughes

On 9/17/19 5:00 AM, Thiago Macieira wrote:

It's believed the Stuxnet attack
against Iran's nuclear energy labs was started by dropping USB flash drives in
the parking lot.

While there are hacker groups who operate that way, I'm not buying the
story. Mainly I don't buy it because the "security videos" or whatever
they were called put out as part of the propaganda for the facility
showed everyone wearing the white bunny suits. Getting a flash drive
through the airgap inspection barrier would require someone to palm it
rather skillfully (assuming those really are the one piece bunny suits
without pockets.)

https://www.wsj.com/video/opinion-iran-uranium-enrichment-is-a-step-towards-nuclear-weapons/9D7ACDE8-7AAA-4DA9-A8A2-E3C5177DCD7F.html

A much more plausible story was put out by a retired U-2 pilot in "A
Dangerous Element."

https://www.barnesandnoble.com/w/a-dangerous-element-gregory-s-lamb/1117800520

It was an "activity tracker" watch. Been a while since I read the book,
but I believe the story relied on bluetooth security (non-existent in
early bluetooth products) ala "Person of Interest" phone cloning.

https://en.wikipedia.org/wiki/Activity_tracker

https://www.imdb.com/title/tt1839578/?ref_=nv_sr_1?ref_=nv_sr_1

The book is a good read and activity trackers fit the time frame too.
The long sleeved bunny suit would have easily covered up a watch if
security was even considering a watch a threat back then. The story,
according to the book, about how it "got out" was that he kept the watch
on all of the time even when using his home computer.

I know Wikipedia is pushing the flash drive story but the story in that
book is much more believable.

Adding insult to injury is a medical device manufacturer I've dealt with
has for _years_ had computers which not only shut down if a flash drive
is plugged in, they will not reboot. You have to take them into
security, undergo and interrogation and most likely be escorted from the
property. The last time I talked with them I was told they wanted me to
replace someone who had just discovered that particular mystery of life.
That place makes infusion pumps for cancer patients. They don't refine
radioactive material or do anything clandestine. They all looked like
ordinary Dell laptops to me.

Personally I just find it incredible that a facility engaged in
enrichment would allow USB ports to be both exposed and unsecured.

--
Roland Hughes, President
Logikal Solutions
(630)-205-1593

http://www.theminimumyouneedtoknow.com
http://www.infiniteexposure.net
http://www.johnsmith-book.com
http://www.logikalblog.com
http://www.interestingauthors.com/blog

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-09-16 Thread Thiago Macieira

On Monday, 16 September 2019 11:48:20 PDT Giuseppe D'Angelo via Interest 
wrote:
> And this again just mentions that earlier SSL versions had security
> vulnerabilities. It does not sustain the claim that there is NO version
> which is secure.
> 
> (As Thiago has already reminded, we're way past the point where we do
> get to prove mathematically the correctness and the security of our
> code; instead we rely on expert research, responsible disclosure and
> quick fix of any issue that may have been found.)

The security claim here is relative.

There is no currently known attack against SSL/TLS. That does not imply it's 
mathematically proven to be safe. In all likelihood, there will be issues 
found. If by that you mean that it's not secure, then yes: it's not secure 
because there'll likely be a new vulnerability discovered.

However, until that happens, it's as secure as we can make anything.

I should also point out that so far, none of the successful attacks against 
SSL/TLS are attacking the encryption. The attacks usually come via a side-
channel or some other weak component of the structure. Examples are the 
Heartbleed, the earlier attack against compression, the renegotiation attack. 
More frequently, hacks are attacking social engineering, like weak passwords, 
unsecured or improperly-secured systems. It's believed the Stuxnet attack 
against Iran's nuclear energy labs was started by dropping USB flash drives in 
the parking lot.

And yet, this is the best we've got. What's the alternative? No encryption and 
no authentication?

Even the only encryption method mathematically proven to be resistant to 
direct attacks (one-time pads) is vulnerable to side-channel attacks. The OTP 
leaks and all your data is readable. If the random generator you used to 
create it in the first place can be predicted, you've also got a problem (for 
example, by inspecting the initial TCP sequence values that your system 
sends).

I'll agree with Roland that "use SSL, you're safe" is not a factually correct 
statement. A simple debug-mode "ignoreSslErrors()" left in your code kicks the 
door wide open to attackers. SSL is a component of your security architecture, 
but not the only one.

But I'll also agree with Peppe that SSL/TLS is as secure as we can make it. 
Claiming otherwise, claiming that there are attacks that slice through up-to-
date and well-maintained installations like a hot knife through butter, 
without offering proof, is beyond disingenuous. It's positively irresponsible.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-09-16 Thread Giuseppe D'Angelo via Interest

On 16/09/2019 18:51, Roland Hughes wrote:

On 9/16/19 10:41 AM, Giuseppe D'Angelo wrote:

On 16/09/2019 14:44, Roland Hughes wrote:

On 9/16/19 5:00 AM,interest-requ...@qt-project.org wrote:

Il 14/09/19 14:53, Roland Hughes ha scritto:

Please keep in mind there is no version of SSL which is secure.

Do you have any reference/source for this (quite extraordinary) claim?

You know, for you it wouldn't matter. It would be a link and you are
incapable of actually clicking then reading anything which doesn't
support your opinion.

So, personal insults right off the bat?

Not insults, factual history. You've even flamed about links in messages
in this very thread.

There are numerous packages on the market which
cut through SSL like a hot knife through butter.

Any link to ANY of those?

This is the leg work __you__ should be doing before writing your first
line of code and before making any claim that SSL is secure.

It doesn't work like this. YOU made the claim that SSL is not secure.
Specifically, that it's as secure as

hanging a CLOSED sign on the unlocked door to a
jewelry store having $20 million in inventory sitting in the cases
without an alarm system.

So YOU now have to provide the references to support that claim.

https://techxplore.com/news/2019-03-cybersecurity-dark-web-exposes-vulnerability.html

Actual report the article is based on

https://www.venafi.com/sites/default/files/2019-02/Dark-Web-WP.pdf

This is exclusively about PKIs. It doesn't show any breach whatsoever of
SSL.

Here's some historical ones from Cisco. A bit dated but shows just how
thriving successful attacks have been through SSL.

https://blogs.cisco.com/security/breach-crime-and-blackhat

This actually puts SSL in a positive light, showing only THREE attacks
against it. At least RFC 7457 shows more.

https://www.semrush.com/blog/https-a-modern-false-sense-of-security

And this again just mentions that earlier SSL versions had security
vulnerabilities. It does not sustain the claim that there is NO version
which is secure.

(As Thiago has already reminded, we're way past the point where we do
get to prove mathematically the correctness and the security of our
code; instead we rely on expert research, responsible disclosure and
quick fix of any issue that may have been found.)

"60 Minutes" did a
piece on the best known and most financially successful one but some
sources say there are around a dozen packages playing at the same level.
Here's the link which was provided before and I'm sure you didn't bother
to follow prior to responding.

https://www.cbsnews.com/news/interview-with-ceo-of-nso-group-spyware-maker-fighting-terror-khashoggi-murder-and-saudi-arabia-60-minutes-2019-08-18/

The link does not talk about breaking SSL. The link is about spyware for
smartphones. SSL is actually never mentioned, not to mention of course
breaking it.

One of the primary ways it does it is by breaching SSL which is the
easiest entry point. The second entry point is via that little
bot/virus/malware/whatever-called-this-week they attach to the phishing
email.

Where exactly in the video is "breaching SSL" stated? This is pure
speculation, and very likely to be false too (you don't need to breach
SSL to plant malware. You don't even need SSL in the first place!).

Please also keep in mind the big systems are moving towards a TCP/IP
software appliance within the OS. No application will be able to create
or open a port. No application will be able to choose/define the
transport layer security. They will open a logical-resource-handle
provided by the OS and the systems manager will configure if that
resource is I, O, or I/O as well as what the transport level protocols
are. Eventually (within 5 years of adoption) this will be forced out
into the IoT and lesser devices world as well.

So long for the "backward compatibility is paramount" promise then.

That would only be for the hokey code which came from the *nix world.

And Windows.

which took it from the *nix world if memory serves.

For the code which didn't come from a world that did it wrong it is 100%
backwardly compatible because that is exactly how we did network
communications. In other words all of the software developed_on_ those
platforms and_for_ those platforms will be fine. What will be going
away are the *nix TCP/IP library functions of C/C++ because they are a
massive security nightmare. There was a time when marketing bowed to the
pressure from companies which only wanted "free" software on their
million plus dollar platform, but that has lead to security catastrophe
after security catastrophe. Now they are in the process of locking them
back down and just letting people whine an snivel about *nix package not
being available on the platform.

So we're talking about non-Unix, non-Windows, non-Apple platforms. I.e.
roughly about 0% of the current market share of Qt. What are Qt users
(the people who read this very mailing list)

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-09-16 Thread Roland Hughes

On 9/16/19 10:41 AM, Giuseppe D'Angelo wrote:

On 16/09/2019 14:44, Roland Hughes wrote:

On 9/16/19 5:00 AM,interest-requ...@qt-project.org wrote:

Il 14/09/19 14:53, Roland Hughes ha scritto:

Please keep in mind there is no version of SSL which is secure.

Do you have any reference/source for this (quite extraordinary) claim?

You know, for you it wouldn't matter. It would be a link and you are
incapable of actually clicking then reading anything which doesn't
support your opinion.

So, personal insults right off the bat?
Not insults, factual history. You've even flamed about links in messages
in this very thread.

There are numerous packages on the market which
cut through SSL like a hot knife through butter.

Any link to ANY of those?

This is the leg work __you__ should be doing before writing your first
line of code and before making any claim that SSL is secure.

https://techxplore.com/news/2019-03-cybersecurity-dark-web-exposes-vulnerability.html

Actual report the article is based on

https://www.venafi.com/sites/default/files/2019-02/Dark-Web-WP.pdf

Here's some historical ones from Cisco. A bit dated but shows just how
thriving successful attacks have been through SSL.

https://blogs.cisco.com/security/breach-crime-and-blackhat

https://www.semrush.com/blog/https-a-modern-false-sense-of-security

https://www.cbsnews.com/news/interview-with-ceo-of-nso-group-spyware-maker-fighting-terror-khashoggi-murder-and-saudi-arabia-60-minutes-2019-08-18/

The link does not talk about breaking SSL. The link is about spyware for
smartphones. SSL is actually never mentioned, not to mention of course
breaking it.

I'll reinstate: where is the evidence supporting the claim that "there
is no version of SSL which is secure"?

This is a super-strong claim on a mailing list read by Qt users, who are
using SSL in their products, who are relying on Qt to do the right thing
when it comes to security technologies (and Qt offers SSL-related
facilities).

So long for the "backward compatibility is paramount" promise then.

That would only be for the hokey code which came from the *nix world.

And Windows.

which took it from the *nix world if memory serves.

So we're talking about non-Unix, non-Windows, non-Apple platforms. I.e.
roughly about 0% of the current market share of Qt. What are Qt users
(the people who read this very mailing list) going to do with this
useless information?

These are the business engines the embedded systems many of us create in
the industrial and medical worlds which our devices will have to play
nice with or some other device will be purchased which isn't written
with Qt.

Don't be so quick to say non-Unix because that is not correct. Tru64 had
it and that got rolled into HP-UX as well as into Non-Stop. It was also
added into AIX at some point. It even existed on the original Windows NT
before the tiny DOS brains at Microsoft stripped NT back to nothing but DOS.

The selling point in the world of the Big Dogs is now bullet proof
security. An $80 x86 CPU running a "free" OS on a rack/blade somewhere
is going to cost you north of $60 million, possibly $425 million

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-09-15 Thread Giuseppe D'Angelo via Interest


Il 14/09/19 14:53, Roland Hughes ha scritto:
Please keep in mind there is no version of SSL which is secure. 


Do you have any reference/source for this (quite extraordinary) claim?



Please also keep in mind the big systems are moving towards a TCP/IP
software appliance within the OS. No application will be able to create
or open a port. No application will be able to choose/define the
transport layer security. They will open a logical-resource-handle
provided by the OS and the systems manager will configure if that
resource is I, O, or I/O as well as what the transport level protocols
are. Eventually (within 5 years of adoption) this will be forced out
into the IoT and lesser devices world as well.


So long for the "backward compatibility is paramount" promise then.

--
Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts



smime.p7s
Description: Firma crittografica S/MIME
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-09-14 Thread Roland Hughes



On 9/14/19 5:00 AM, Thiago Macieira wrote:

On Friday, 13 September 2019 00:12:44 PDT René J. V. Bertin wrote:

Ideally qt should be compatible for both. I understand this is not
doable ?

It's not doable.

Technically it seems that it should be possible when loading the SSL
libraries at runtime, no?

No. Loading the library is easy. Calling functions in it, with structures
whose sizes (and names) differ between versions is not.


At least deliver binaries for both, please.

That's one option we're studying, but that means you'll have to ask your
user when they download.

What about LibreSSL, do they have the same inter-version compatibility
issues as OpenSSL has, and could you distribute a binary version in your
binary packages? If so, it could be worth the initial investment to start
supporting it?

https://xkcd.com/927/


Thanks for the link Thiago. I really like the wind farm one on that page.

In the complete anarchy of OpenSource where 12 year old boys hacking in 
the fly (AGILE) all vying to be the "maintainer" of some package in some 
distro, no 2 versions of anything are _ever_ compatible. It's usually 
off by far more than tweaks. Generally the 12 year old boys (no matter 
how old the calendar says they are) declare "this code is sh*t, I'm 
going to rewrite it from scratch!" So much for maintaining!


In the good and virtuous proprietary world, where products are created 
and maintained by a single vendor looking to stay in business for 
hundreds of years, backward compatibility is paramount. At most you will 
have a few tweaks. VMS shell scripts (and many other things) ported from 
VAX (32-bit) to Alpha (64-bit) to Itanium (completely worthless 64-bit) 
and now to x86 with at most a couple of tweaks. The same is true for JCL 
and COBOL programs created in the 1970s on the IBM System-36. They 
ported to MVS and Z/OS with at most tiny tweaks. Some even claim they 
cleanly moved to OS/400.


Please keep in mind there is no version of SSL which is secure. All you 
are doing by using it is hanging a CLOSED sign on the unlocked door to a 
jewelry store having $20 million in inventory sitting in the cases 
without an alarm system.


Please also keep in mind the big systems are moving towards a TCP/IP 
software appliance within the OS. No application will be able to create 
or open a port. No application will be able to choose/define the 
transport layer security. They will open a logical-resource-handle 
provided by the OS and the systems manager will configure if that 
resource is I, O, or I/O as well as what the transport level protocols 
are. Eventually (within 5 years of adoption) this will be forced out 
into the IoT and lesser devices world as well.


--
Roland Hughes, President
Logikal Solutions
(630)-205-1593

http://www.theminimumyouneedtoknow.com
http://www.infiniteexposure.net
http://www.johnsmith-book.com
http://www.logikalblog.com
http://www.interestingauthors.com/blog

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-09-13 Thread René J . V . Bertin

On Friday September 13 2019 18:26:53 Konstantin Tokarev wrote:

>FWIW, you can find patches for LibreSSL support at 
>https://bugs.gentoo.org/562050

Interesting, thanks.

R.
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-09-13 Thread Konstantin Tokarev



13.09.2019, 10:14, "René J. V. Bertin" :
> I finally got around to upgrading OpenSSL and getting to work Qt 5.9 with it. 
> It
> required an additional change that I hadn't found in the 5.10 branch: 
> accepting
> the newer version during the configure phase :)
>
> https://github.com/RJVB/macstrop/blob/master/aqua/qt5-kde-devel/files/qt597/patch-openssl11-support-qt597.diff
>
> Test-driving it I did notice that the securesocketclient example would crash 
> on
> me, due to which seems to be an oversight (still present in newer code):
>
> https://github.com/RJVB/macstrop/blob/master/aqua/qt5-kde-devel/files/qt598/patch-httpsockeng-fix.diff
>
> Thiago Macieira wrote:
>
>>  On Friday, 22 March 2019 13:02:57 PDT maitai wrote:
>
>>>  Ideally qt should be compatible for both. I understand this is not
>>>  doable ?
>>
>>  It's not doable.
>
> Technically it seems that it should be possible when loading the SSL libraries
> at runtime, no?
>
>>>  At least deliver binaries for both, please.
>>
>>  That's one option we're studying, but that means you'll have to ask your 
>> user
>>  when they download.
>
> What about LibreSSL, do they have the same inter-version compatibility issues 
> as
> OpenSSL has, and could you distribute a binary version in your binary 
> packages?
> If so, it could be worth the initial investment to start supporting it?

FWIW, you can find patches for LibreSSL support at 
https://bugs.gentoo.org/562050

-- 
Regards,
Konstantin

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-09-13 Thread Thiago Macieira

On Friday, 13 September 2019 00:12:44 PDT René J. V. Bertin wrote:
> >> Ideally qt should be compatible for both. I understand this is not
> >> doable ?
> > 
> > It's not doable.
> 
> Technically it seems that it should be possible when loading the SSL
> libraries at runtime, no?

No. Loading the library is easy. Calling functions in it, with structures 
whose sizes (and names) differ between versions is not.

> >> At least deliver binaries for both, please.
> > 
> > That's one option we're studying, but that means you'll have to ask your
> > user when they download.
> 
> What about LibreSSL, do they have the same inter-version compatibility
> issues as OpenSSL has, and could you distribute a binary version in your
> binary packages? If so, it could be worth the initial investment to start
> supporting it?

https://xkcd.com/927/

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products



___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-09-13 Thread René J . V . Bertin

I finally got around to upgrading OpenSSL and getting to work Qt 5.9 with it. 
It 
required an additional change that I hadn't found in the 5.10 branch: accepting 
the newer version during the configure phase :)

https://github.com/RJVB/macstrop/blob/master/aqua/qt5-kde-devel/files/qt597/patch-openssl11-support-qt597.diff

Test-driving it I did notice that the securesocketclient example would crash on 
me, due to which seems to be an oversight (still present in newer code):

https://github.com/RJVB/macstrop/blob/master/aqua/qt5-kde-devel/files/qt598/patch-httpsockeng-fix.diff

Thiago Macieira wrote:

> On Friday, 22 March 2019 13:02:57 PDT maitai wrote:

>> Ideally qt should be compatible for both. I understand this is not
>> doable ?
> 
> It's not doable.

Technically it seems that it should be possible when loading the SSL libraries 
at runtime, no?

>> At least deliver binaries for both, please.
> 
> That's one option we're studying, but that means you'll have to ask your user
> when they download.

What about LibreSSL, do they have the same inter-version compatibility issues 
as 
OpenSSL has, and could you distribute a binary version in your binary packages?
If so, it could be worth the initial investment to start supporting it?

R.

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-23 Thread Thiago Macieira

On Saturday, 23 March 2019 02:16:41 PDT René J. V. Bertin wrote:
> About that: is there a way to get the detection to use pkg-config to
> determine the location of the openssl headers?

Yes, if someone submits that. 1.1 has it, so we may be able to make this 
change for 5.13.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products



___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-23 Thread René J . V . Bertin

Thiago Macieira wrote:

> Qt 5.10 and up do have a detection to see if you have 1.0 or 1.1. OpenSUSE has
> no need for that, since they know which version their distro has.

About that: is there a way to get the detection to use pkg-config to determine 
the location of the openssl headers?

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-22 Thread maitai


Interesting exchange but can someone summarize?

I distribute an app compiled with qt 5.11.1, and I cannot go immediately 
to 5.12


I deliver the libs for ssl 1.0 a bit the way creator is doing it.

It works in 99% of the cases, but some rare linux distributions just 
crash.


The solution would be to compile qt myself with ssl support 1.0 or 1.1, 
something I refuse to do since I am already doing that too much 
(raspberry, 32 bits distribs, etc). Not mentioning that most users will 
be really confused with the question "are you using ssl 1.0.x or 1.1.x 
?"


Ideally qt should be compatible for both. I understand this is not 
doable ?


At least deliver binaries for both, please.

Philippe (commercial license, if that matters).

Le 22-03-2019 19:41, Thiago Macieira a écrit :

On Friday, 22 March 2019 10:46:28 PDT René J. V. Bertin wrote:
Could make it risky to use their patch, if they don't take particular 
care

for the OpenSSL 1.0 paths.


Right. But why are you interested in supporting both? If your systems 
have

OpenSSL 1.1, use that.

If you haven't upgraded OpenSSL yet, use stock 5.9.

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-22 Thread Thiago Macieira

On Friday, 22 March 2019 10:46:28 PDT René J. V. Bertin wrote:
> Could make it risky to use their patch, if they don't take particular care
> for the OpenSSL 1.0 paths.

Right. But why are you interested in supporting both? If your systems have 
OpenSSL 1.1, use that.

If you haven't upgraded OpenSSL yet, use stock 5.9.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products



___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-22 Thread René J . V . Bertin

Thiago Macieira wrote:

> Qt 5.10 and up do have a detection to see if you have 1.0 or 1.1. OpenSUSE has
> no need for that, since they know which version their distro has.

I was thinking it might be something like that.

Could make it risky to use their patch, if they don't take particular care for 
the OpenSSL 1.0 paths.

R

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-22 Thread Thiago Macieira

On Friday, 22 March 2019 03:15:45 PDT René J. V. Bertin wrote:
> Curious patch I see in Leap:
> https://build.opensuse.org/package/view_file/openSUSE:Leap:15.1:Update/libqt
> 5-qtbase/0001-Revert-Fail-faster-on-OpenSSL-1.1.patch?expand=1
> 
> Isn't there a specific config.tests/unix/openssl11/openssl.cpp test which is
> supposed to succeed while config.tests/openssl/openssl.cpp should fail
> against openssl 1.1 ? Or am I somehow missing the mentioned revert in the
> 5.10 branch?

Qt 5.10 and up do have a detection to see if you have 1.0 or 1.1. OpenSUSE has 
no need for that, since they know which version their distro has.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products



___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-22 Thread Jani Heikkinen

> -Original Message-
> From: Tuukka Turunen 
> Sent: perjantai 22. maaliskuuta 2019 11.54
> To: Jani Heikkinen ; Thiago Macieira
> ; interest@qt-project.org
> Subject: Re: [Interest] Qt 5.9 and OpenSSL 1.1?
> 
> 
> Hi,
> 
> Let's create (if not yet created) and link the QTBUG JIRA tasks for Qt 5.9 and
> Qt 5.12 to the mailing list. Continue discussion there. Easier than mailing 
> list
> for this type of a task.
> 

It is already existing: https://bugreports.qt.io/browse/QTQAINFRA-2327

We just need to make the decision to where we will do the update

br,
jani
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-22 Thread René J . V . Bertin

Thiago Macieira wrote:

> openSUSE has it:
> https://build.opensuse.org/package/show/openSUSE:Leap:15.1:Update/libqt5-qtbase
> 
> But I recommend finding the other ones to see if any of them missed any
> backported fix.

Thanks, will try to see if Arch has one too (their equivalent for Qt4 didn't 
apply cleanly though).

Curious patch I see in Leap:
https://build.opensuse.org/package/view_file/openSUSE:Leap:15.1:Update/libqt5-qtbase/0001-Revert-Fail-faster-on-OpenSSL-1.1.patch?expand=1

Isn't there a specific config.tests/unix/openssl11/openssl.cpp test which is 
supposed to succeed while config.tests/openssl/openssl.cpp should fail against 
openssl 1.1 ? Or am I somehow missing the mentioned revert in the 5.10 branch?

R

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-22 Thread Tuukka Turunen

Hi,

Let's create (if not yet created) and link the QTBUG JIRA tasks for Qt 5.9 and 
Qt 5.12 to the mailing list. Continue discussion there. Easier than mailing 
list for this type of a task.

In principle switch to new version should be well justified. We just need to 
check the practicalities.

We already have OpenSSL in use by the installer, but it is not currently a 
shipped 3rd party module of Qt. As long as it is not enabled by default for Qt 
apps, we could add it like we typically do for 3rd party items. 

Yours,

Tuukka

On 22/03/2019, 10.20, "Interest on behalf of Jani Heikkinen" 
 wrote:

> -Original Message-
> From: Interest  On Behalf Of Thiago
> Macieira
> Sent: perjantai 22. maaliskuuta 2019 4.12
> To: interest@qt-project.org
    > Subject: Re: [Interest] Qt 5.9 and OpenSSL 1.1?
> 
> On Wednesday, 20 March 2019 23:45:38 PDT Roland Winklmeier wrote:
> > Wouldn’t it be good then if official binaries from newer releases
> > build against OpenSSL 1.1?
> 
> Yes and no. For future compatibility, we should do that and should have 
done
> that for 5.12 already. But doing so means the binaries so produced won't 
run
> on older, still supported Linux distributions.
> 
> > According to
> > https://wiki.qt.io/Qt_5.12_Tools_and_Versions all official binaries
> > are still built against 1.0.2. If that is end of live this year, is
> > there a plan to change this?
> 
> Not yet. Thanks for bringing it up, we'll have to make a decision. I'll 
bring this
> up with the release team to figure out if there's a limitation in the 
build
> servers (if it's the same environment that builds 5.9, for example).
> Then we'll make a recommendation.

We will check this. I know there is already work ongoing to switch that in 
dev (https://codereview.qt-project.org/#/c/244362/)

br,
Jani
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-21 Thread Thiago Macieira

On Wednesday, 20 March 2019 23:45:38 PDT Roland Winklmeier wrote:
> Wouldn’t it be good then if official binaries from newer releases build
> against OpenSSL 1.1?

Yes and no. For future compatibility, we should do that and should have done 
that for 5.12 already. But doing so means the binaries so produced won't run 
on older, still supported Linux distributions.

> According to
> https://wiki.qt.io/Qt_5.12_Tools_and_Versions all official binaries are
> still built against 1.0.2. If that is end of live this year, is there a
> plan to change this?

Not yet. Thanks for bringing it up, we'll have to make a decision. I'll bring 
this up with the release team to figure out if there's a limitation in the 
build servers (if it's the same environment that builds 5.9, for example). 
Then we'll make a recommendation.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-21 Thread Thiago Macieira

On Thursday, 21 March 2019 09:08:22 PDT René J. V. Bertin wrote:
> Thiago Macieira wrote:
> >> 5.9's support ends in May 2019 (probably a bit later because we are able
> >> to
> >> make the 5.9.9 release).
> 
> Where then are 5.9.8 and 5.9.9?
> http://download.qt.io/official_releases/qt/5.9/ still goes to 5.9.7 only.

You need to board your DeLorean to find them.

5.9.8 branch is being created this week and the release should come out in two 
weeks. 5.9.9 was suggested to be the last release this Tuesday, but that'sc 
clearly wrong.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products



___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-21 Thread Thiago Macieira

On Thursday, 21 March 2019 13:47:40 PDT René J.V. Bertin wrote:
> On Thursday March 21 2019 20:49:21 Allan Sandfeld Jensen wrote:
> > Just find the patch from one of the distros that did already did the
> > backporting. There are at least two, but probably more.
> 
> Hah, thanks - that would have been a great answer to my initial question! ;)
> 
> You don't happen to remember the names of those 2, would you?

openSUSE has it:
https://build.opensuse.org/package/show/openSUSE:Leap:15.1:Update/libqt5-qtbase

But I recommend finding the other ones to see if any of them missed any 
backported fix.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products



___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-21 Thread René J . V . Bertin

On Thursday March 21 2019 20:49:21 Allan Sandfeld Jensen wrote:

> Just find the patch from one of the distros that did already did the 
> backporting. There are at least two, but probably more.

Hah, thanks - that would have been a great answer to my initial question! ;)

You don't happen to remember the names of those 2, would you?

R.
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-21 Thread Allan Sandfeld Jensen

On Donnerstag, 21. März 2019 10:16:35 CET René J. V. Bertin wrote:
> >> Actually, it doesn't: 5.9 support ends in May 2020, OpenSSL 1.0 in Dec
> >> 2019.> 
> > You're off by one year. 5.9.0 was released May 29, 2017.
> > 
> > (probably a bit later because we are able to
> > make the 5.9.9 release).
> 
> That means some of the dates in the wikipedia article are wrong... but not
> the EOL date :)
> And interesting that I apparently missed 2 releases, my version monitor
> mustn't be as reliable as I thought.
> 
> > > but I'm guessing Qt may not want to depend only on an OpenSSL variant
> > > that's EOL.
> > 
> > Except that it's not EOL. OpenSSL 1.0.2 is still officially supported
> > until
> > 2019-12-31.
> 
> "May want" as in the future, not "doesn't want" now.
> 
> > If you search the commit log, you'll see a number of OpenSSL 1.1 bugfixes.
> > 
> > PS: you should backport those fixes too.
> 
> Indeed! Are they all labelled OpenSSL, or should I rather look at the log
> for the network/ssl folder hope I catch everything?
> Are all fixes in 5.10 and thus in the 5.10 branch?
> 
Just find the patch from one of the distros that did already did the 
backporting. There are at least two, but probably more.

'Allan


___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-21 Thread René J . V . Bertin

Thiago Macieira wrote:

>> 5.9's support ends in May 2019 (probably a bit later because we are able to
>> make the 5.9.9 release).

Where then are 5.9.8 and 5.9.9? http://download.qt.io/official_releases/qt/5.9/ 
still goes to 5.9.7 only.

R.

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-21 Thread René J . V . Bertin

>> Actually, it doesn't: 5.9 support ends in May 2020, OpenSSL 1.0 in Dec 2019.
> 
> You're off by one year. 5.9.0 was released May 29, 2017.
> 
> (probably a bit later because we are able to
> make the 5.9.9 release).

That means some of the dates in the wikipedia article are wrong... but not the 
EOL date :)
And interesting that I apparently missed 2 releases, my version monitor mustn't 
be as reliable as I thought.

> > but I'm guessing Qt may not want to depend only on an OpenSSL variant
> > that's EOL.

> Except that it's not EOL. OpenSSL 1.0.2 is still officially supported until
> 2019-12-31.

"May want" as in the future, not "doesn't want" now.

> If you search the commit log, you'll see a number of OpenSSL 1.1 bugfixes.

> PS: you should backport those fixes too.

Indeed! Are they all labelled OpenSSL, or should I rather look at the log for 
the network/ssl folder hope I catch everything?
Are all fixes in 5.10 and thus in the 5.10 branch?

R.

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-21 Thread Roland Winklmeier

Thiago Macieira  schrieb am Mi. 20. März 2019 um
19:36:

> On Wednesday, 20 March 2019 11:14:52 PDT René J. V. Bertin wrote:
> > See my other email: for now this is for MacPorts, but I'm guessing Qt may
> > not want to depend only on an OpenSSL variant that's EOL.
>
> Except that it's not EOL. OpenSSL 1.0.2 is still officially supported
> until
> 2019-12-31. See https://www.openssl.org/policies/releasestrat.html

Wouldn’t it be good then if official binaries from newer releases build
against OpenSSL 1.1? According to
https://wiki.qt.io/Qt_5.12_Tools_and_Versions all official binaries are
still built against 1.0.2. If that is end of live this year, is there a
plan to change this?

> 
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-21 Thread Thiago Macieira

On Wednesday, 20 March 2019 11:41:37 PDT Thiago Macieira wrote:
> On Wednesday, 20 March 2019 11:31:39 PDT Giuseppe D'Angelo via Interest 
wrote:
> > > Qt 5.9's lifetime ends before OpenSSL 1.0's.
> > 
> > Actually, it doesn't: 5.9 support ends in May 2020, OpenSSL 1.0 in Dec
> > 2019.
> You're off by one year. 5.9.0 was released May 29, 2017.
> 
> 5.9's support ends in May 2019 (probably a bit later because we are able to
> make the 5.9.9 release).

Update: i was wrong, it's supposed to be 3 years. We've brought the topic up 
in the release team to decide how to proceed.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products



___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread Thiago Macieira

On Wednesday, 20 March 2019 14:59:39 PDT René J.V. Bertin wrote:
> >Because it is a major rewrite of QtNetwork code interfacing with OpenSSL.
> >Such change cannot go to LTS branch [1]
> 
> Now maybe (though I'd argue this is a bug fix; OSSL 1.0 will go EOL 5 months
> before Qt 5.9). But that was not the question.
> 
> 5.9.0 was released on May 31st 2017
> (https://en.wikipedia.org/wiki/Qt_version_history#Qt_5), two full months
> after the fix in question. 

You're looking at the wrong date.
$ git show --pretty=fuller cfbe03a6e035ab3cce5f04962cddd06bd414dcea | head -7
commit cfbe03a6e035ab3cce5f04962cddd06bd414dcea
Author: Richard J. Moore 
AuthorDate: Thu Mar 23 12:43:22 2017 +0100
Commit: André Klitzing 
CommitDate: Tue Jul 4 18:03:59 2017 +

QSslSocket: OpenSSL 1.1 backend

The commit was *begun* two months before the Qt 5.9.0 release, or one month 
after the alpha1 release. It took more than three months from the first upload 
for the change to be accepted. 5.9.1 had been released by that time.

> Qt 5.10 was released half a year later, so the
> fix could easily have gone into 5.9.0 or 5.9.1 .

It was decided not to. As the length of time shows, the development of this 
change was not trivial. Applying it to the released branch was not only a 
violation of the feature freeze, but also potentially irresponsible, since it 
was new code that had bugs. If you search the commit log, you'll see a number 
of OpenSSL 1.1 bugfixes.

PS: you should backport those fixes too.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread René J . V . Bertin

>Because it is a major rewrite of QtNetwork code interfacing with OpenSSL. Such 
>change
>cannot go to LTS branch [1]

Now maybe (though I'd argue this is a bug fix; OSSL 1.0 will go EOL 5 months 
before Qt 5.9). But that was not the question.

5.9.0 was released on May 31st 2017 
(https://en.wikipedia.org/wiki/Qt_version_history#Qt_5), two full months after 
the fix in question. Qt 5.10 was released half a year later, so the fix could 
easily have gone into 5.9.0 or 5.9.1 .

R.
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread Giuseppe D'Angelo via Interest


Il 20/03/19 19:41, Thiago Macieira ha scritto:

Actually, it doesn't: 5.9 support ends in May 2020, OpenSSL 1.0 in Dec 2019.

You're off by one year. 5.9.0 was released May 29, 2017.

5.9's support ends in May 2019 (probably a bit later because we are able to
make the 5.9.9 release).


Isn't the LTS supported for 3 years? We've now reached EOL for 5.6, 
released in March 2016. Is 5.9 supported only for 2 years?


Cheers,
--
Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts



smime.p7s
Description: Firma crittografica S/MIME
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread Thiago Macieira

On Wednesday, 20 March 2019 11:31:39 PDT Giuseppe D'Angelo via Interest wrote:
> > Qt 5.9's lifetime ends before OpenSSL 1.0's.
> 
> Actually, it doesn't: 5.9 support ends in May 2020, OpenSSL 1.0 in Dec 2019.

You're off by one year. 5.9.0 was released May 29, 2017.

5.9's support ends in May 2019 (probably a bit later because we are able to 
make the 5.9.9 release). 

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products



___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread Giuseppe D'Angelo via Interest


Il 20/03/19 19:29, Thiago Macieira ha scritto:

Qt 5.9's lifetime ends before OpenSSL 1.0's.


Actually, it doesn't: 5.9 support ends in May 2020, OpenSSL 1.0 in Dec 2019.

The reality is that if your software depends on multiple libraries, your 
deadline is the whichever EOL for those libraries comes first. So, 
again, UPGRADE NOW.


My 2 c,
--
Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts



smime.p7s
Description: Firma crittografica S/MIME
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread Thiago Macieira

On Wednesday, 20 March 2019 11:14:52 PDT René J. V. Bertin wrote:
> See my other email: for now this is for MacPorts, but I'm guessing Qt may
> not want to depend only on an OpenSSL variant that's EOL.

Except that it's not EOL. OpenSSL 1.0.2 is still officially supported until 
2019-12-31. See https://www.openssl.org/policies/releasestrat.html

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products



___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread Konstantin Tokarev



20.03.2019, 21:17, "René J. V. Bertin" :
>>  Which distribution already stopped shipping OpenSSL 1.0?
>
> See my other email: for now this is for MacPorts, but I'm guessing Qt may not
> want to depend only on an OpenSSL variant that's EOL.
>
> Moving to 5.10 may be relatively trivial on Linux but not on Mac, if you want 
> to
> keep supporting OS versions that don't run 5.10 .
>
> Judging from the commit, OSSL 1.1 support was added to the dev branch almost
> exactly TWO years ago. I can't remember when 5.9 came out but it must not have
> been older than the "current" version back then. Why on earth was this change
> never cherry-picked to the 5.9 branch?!

Because it is a major rewrite of QtNetwork code interfacing with OpenSSL. Such 
change
cannot go to LTS branch [1]

[1] http://quips-qt-io.herokuapp.com/quip-0005.html

> It's not like it introduces all kinds of
> hot new features, and if I understand correctly this kind of change to the 
> OSSL
> backend should be completely transparent for dependent software?
>
> R.
>
> ___
> Interest mailing list
> Interest@qt-project.org
> https://lists.qt-project.org/listinfo/interest

-- 
Regards,
Konstantin

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread Thiago Macieira

On Wednesday, 20 March 2019 03:15:38 PDT René J.V. Bertin wrote:
> Hi,
> 
> I just learned that Qt 5.9 apparently doesn't build against OpenSSL 1.1 .
> Does anyone already have a fix for this?

Forklift the support from 5.10. A couple of Linux distributions did that for a 
while (notably, OpenSUSE).

> If not I'll try to adapt Debian's OSSL 1.1 support patch for Qt4; that might
> even be upstreamable supposing there will be further Qt 5.9 releases ?

5.9.8 is coming and 5.9.9 is likely. But there will be no OpenSSL 1.1 support 
patch accepted to those.

Qt 5.9's lifetime ends before OpenSSL 1.0's.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread René J . V . Bertin

Konstantin Tokarev wrote:

> It would be better to upgrade Qt in MacPorts

MacPorts provides the latest and also a whole range of older Qt versions (down 
to Qt 5.5 I think). It has to, because Qt doesn't support a sufficient range of 
OS versions for our purposes.

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread René J . V . Bertin

> Which distribution already stopped shipping OpenSSL 1.0?

See my other email: for now this is for MacPorts, but I'm guessing Qt may not 
want to depend only on an OpenSSL variant that's EOL.

Moving to 5.10 may be relatively trivial on Linux but not on Mac, if you want 
to 
keep supporting OS versions that don't run 5.10 .

Judging from the commit, OSSL 1.1 support was added to the dev branch almost 
exactly TWO years ago. I can't remember when 5.9 came out but it must not have 
been older than the "current" version back then. Why on earth was this change 
never cherry-picked to the 5.9 branch?! It's not like it introduces all kinds 
of 
hot new features, and if I understand correctly this kind of change to the OSSL 
backend should be completely transparent for dependent software?

R.

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread Konstantin Tokarev



20.03.2019, 21:03, "René J.V. Bertin" :
>> You should either use Qt >= 5.10 or build against OpenSSL 1.0.2
>
> Wrong answer :P
>
> If Qt 5.9 is still in LTS it should get commit 
> cfbe03a6e035ab3cce5f04962cddd06bd414dcea cherry picked from the dev branch 
> before 1.0 reaches EOL later this year.
>
> Is that commit sufficient? Getting it to apply to the 5.9 branch was a bit of 
> monks' work but perfectly doable;
> see https://trac.macports.org/ticket/58218
>
> The MacPorts project is in the process of migrating the default OpenSSL 
> version to 1.1 . I haven't yet upgraded but am preparing; my patched Qt 5.9.7 
> seems to work fine with OSSL 1.0.2r .

It would be better to upgrade Qt in MacPorts

>
> David: IIRC Qt doesn't work with LibreSSL.
>
> R.

-- 
Regards,
Konstantin

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread René J . V . Bertin

>You should either use Qt >= 5.10 or build against OpenSSL 1.0.2

Wrong answer :P

If Qt 5.9 is still in LTS it should get commit 
cfbe03a6e035ab3cce5f04962cddd06bd414dcea cherry picked from the dev branch 
before 1.0 reaches EOL later this year.

Is that commit sufficient? Getting it to apply to the 5.9 branch was a bit of 
monks' work but perfectly doable;
see https://trac.macports.org/ticket/58218

The MacPorts project is in the process of migrating the default OpenSSL version 
to 1.1 . I haven't yet upgraded but am preparing; my patched Qt 5.9.7 seems to 
work fine with OSSL 1.0.2r .

David: IIRC Qt doesn't work with LibreSSL.

R.
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread Giuseppe D'Angelo via Interest


Hi,

Il 20/03/19 18:23, David M. Cotter ha scritto:

I understand LibreSSL has some advantages, is that worth checking out?


Qt does not work with LibreSSL.

Cheers,
--
Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts



smime.p7s
Description: Firma crittografica S/MIME
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread Giuseppe D'Angelo via Interest


Il 20/03/19 11:15, René J.V. Bertin ha scritto:

I just learned that Qt 5.9 apparently doesn't build against OpenSSL 1.1 . Does 
anyone already have a fix for this?


Which distribution already stopped shipping OpenSSL 1.0?

Cheers,

--
Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts



smime.p7s
Description: Firma crittografica S/MIME
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread Konstantin Tokarev



20.03.2019, 13:18, "René J.V. Bertin" :
> Hi,
>
> I just learned that Qt 5.9 apparently doesn't build against OpenSSL 1.1 . 
> Does anyone already have a fix for this?

You should either use Qt >= 5.10 or build against OpenSSL 1.0.2

>
> If not I'll try to adapt Debian's OSSL 1.1 support patch for Qt4; that might 
> even be upstreamable supposing there will be further Qt 5.9 releases ?
>
> Thanks,
> R.
> ___
> Interest mailing list
> Interest@qt-project.org
> https://lists.qt-project.org/listinfo/interest

-- 
Regards,
Konstantin

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

Re: [Interest] Qt 5.9 and OpenSSL 1.1?

2019-03-20 Thread David M. Cotter

I understand LibreSSL has some advantages, is that worth checking out?

> On Mar 20, 2019, at 3:15 AM, René J.V. Bertin  wrote:
> 
> Hi,
> 
> I just learned that Qt 5.9 apparently doesn't build against OpenSSL 1.1 . 
> Does anyone already have a fix for this?
> 
> If not I'll try to adapt Debian's OSSL 1.1 support patch for Qt4; that might 
> even be upstreamable supposing there will be further Qt 5.9 releases ?
> 
> Thanks,
> R.
> ___
> Interest mailing list
> Interest@qt-project.org
> https://lists.qt-project.org/listinfo/interest

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest

44 matches

Mail list logo