Lines 65-70
static DH *get_dh1024()
Link Here
|
65 |
return dh; |
65 |
return dh; |
66 |
} |
66 |
} |
67 |
|
67 |
|
|
|
68 |
static bool q_enableECSetCurves() { |
69 |
// The ability to select elliptic curves is |
70 |
// present in OpenSSL 1.0.2+ but not in LibreSSL. |
71 |
// RFC4492 Section 5.1.1 "Supported Elliptic Curves Extension" |
72 |
return q_SSLeay() >= 0x10002000L && !q_LibreSSL(); |
73 |
} |
74 |
|
68 |
QSslContext::QSslContext() |
75 |
QSslContext::QSslContext() |
69 |
: ctx(0), |
76 |
: ctx(0), |
70 |
pkey(0), |
77 |
pkey(0), |
Lines 340-348
init_context:
Link Here
|
340 |
|
347 |
|
341 |
const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); |
348 |
const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); |
342 |
if (!qcurves.isEmpty()) { |
349 |
if (!qcurves.isEmpty()) { |
343 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) |
350 |
#if defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) |
344 |
// Set the curves to be used |
351 |
// Set the curves to be used |
345 |
if (q_SSLeay() >= 0x10002000L) { |
352 |
if (q_enableECSetCurves()) { |
346 |
// SSL_CTX_ctrl wants a non-const pointer as last argument, |
353 |
// SSL_CTX_ctrl wants a non-const pointer as last argument, |
347 |
// but let's avoid a copy into a temporary array |
354 |
// but let's avoid a copy into a temporary array |
348 |
if (!q_SSL_CTX_ctrl(sslContext->ctx, |
355 |
if (!q_SSL_CTX_ctrl(sslContext->ctx, |
Lines 354-363
init_context:
Link Here
|
354 |
return sslContext; |
361 |
return sslContext; |
355 |
} |
362 |
} |
356 |
} else |
363 |
} else |
357 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) |
364 |
#endif // defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) |
358 |
{ |
365 |
{ |
359 |
// specific curves requested, but not possible to set -> error |
366 |
// specific curves requested, but not possible to set -> error |
360 |
sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); |
367 |
sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("This version of OpenSSL lacks support for selecting specific elliptic curves.")); |
361 |
sslContext->errorCode = QSslError::UnspecifiedError; |
368 |
sslContext->errorCode = QSslError::UnspecifiedError; |
362 |
return sslContext; |
369 |
return sslContext; |
363 |
} |
370 |
} |